Advanced Persistent Threat (APT) Malware Dataset – 2020

Introduction:

Nowadays, cyberthreats are becoming more complex in their tactics, techniques, and procedures (TTP). Most attack campaigns can be attributed to their TTP while analyzing and profiling a certain threat actor. Additionally, most large-scale malware threats follow similar procedures to those found in high-risk threats called Advanced Persistent Threat (APT) attacks.

Due to the increasing complexity of malware threats, finding the source of the attack can lead to an optimum decision after a potential threat transforms into a serious attack. Therefore, cyberthreat attribution using machine learning (ML) has attracted more researchers than before to find an automated solution against critical damage caused by malicious actors.

This dataset facilitates and enables a better understanding of the relationship between the APT groups and TTPs.

Dataset Details:

This dataset consists of 1200 APT malware samples that belong to five different APT groups:

  • APT1
  • APT3
  • APT28
  • APT33
  • APT37

All other campaign names, like Winniti are subcategories of these major campaigns.

Since Cuckoo did not originally provide our proposed method’s raw views, namely Header, Opcode, Bytecode and Systemcall. The samples were run in a customized Cuckoo Sandbox to collect multiple static and dynamic views of each sample. Cuckoo version 2.0.61 was utilized as the base Sandbox to generate dynamic malware views.

Citation:

Plain Text:

Haddadpajouh, A. Azmoodeh, A. Dehghantanha and R. M. Parizi, “MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution,” in IEEE Access, vol. 8, pp. 139188-139198, 2020, doi: 10.1109/ACCESS.2020.3012907.

BibText:

@article{haddadpajouh2020mvfcc, author={Haddadpajouh, Hamed and Azmoodeh, Amin and Dehghantanha, Ali and Parizi, Reza M.}, journal={IEEE Access}, title={MVFCC: A Multi-View Fuzzy Consensus Clustering Model for Malware Threat Attribution}, year={2020}, volume={8}, number={}, pages={139188-139198}, doi={10.1109/ACCESS.2020.3012907}}

Download dataset: https://github.com/CyberScienceLab/Our-Datasets/tree/master/APT