This page gives access to the Kharon dataset, which has been published in the proceedings of LASER16 (paper (to appear), slides).
The Kharon dataset is a collection of malware totally reversed and documented. This dataset has been constructed to help us to evaluate our research experiments. Its construction has required a huge amount of work to understand the malicous code, trigger it and then construct the documentation. This dataset is now available for research purpose, we hope it will help you to lead your own experiments.
If you plan to use the dataset, do not forget to cite us in your publications (Bibtex ref).
Kharon dataset: 7 malware under a microscope
These 7 malware corresponds to the publication Kharon dataset: Android malware under a microscope . All malware have been manually dissected and documented. This way, we are able to highlight their behavior, their triggering techniques and identify the location of the malicious code in the reversed source code. With this precise description, we give a graphical representation of the information flows induced by an execution of the malware.
- BadNews: Undesired applications installation
- DroidKungFu1: Undesired applications installation
- SimpLocker: Ransom, data encryption and phone locking
- WipeLocker: Erase data on SD card and block social applications
- Cajino: Remote controlled spyware which uses Baidu Cloud Push notification messages
- MobiDash: Aggressive adware which can wait several weeks before triggering
- SaveMe: Remote controlled spyware which can make phone calls and send SMS
Other malware of the Kharon dataset
For each family of malware, one sample has been studied.
- Kemoge: Spyware and rootkit for hacker
- AndroRAT: android remote access tools
- IconVulnerability: Crash of important processes
- Zagruski: Premium SMS sending
- PoisonCake: Bootkit malware, Premium SMS sending, phone information leakage
- ScarePackage: Ransom and phone locking
- Koler: Ransom, fake warnings from the FBI, and phone locking
- Videoplayer: Steal, ransom, data encryption and phone locking
- Mazar: Rootkit for hacker
- Minecraft: This malware steal confidential data from the telephone
- Xsser mRAT Code4HK: Android spyware
Malware that are only partially studied at this time
- FacebookOTP: Bankware