Malware Corpus Tracker - About

Information published here can be freely used/modified/re-distributed.
In no way I deem myself responsible for this information to be complete or 100% accurate.

This site was created as weekend project to serve as a tracker for Corpus and C&C sites of various malware families and a platform to catalogize corpus of related malware.
Credits go also to Virus Total and Team Cymru - #Totalhash' for providing research platforms and SpamHaus for sharing the word.

Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on automating processing of the data from the HaaS - Honeypot as a Service project. Also when I read some interesting whitepaper, I usually import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.