Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Malware Reports

Find millions of free malware
reports in one place

Move away from traditional sandboxes. Access more than 2 million malware reports dissected by Group-IB’s Malware Detonation Platform and gain unparalleled insights into how malware behaves and evolves and how it threatens your organization

Access reports
Agent Tesla
BMANAGER
BMBACKUP
BMHOOK
BMLOG
BMREADER
FormBookFormgrabber
RedLine Stealer
Remcos
WannaCry
Agent Tesla
BMANAGER
BMBACKUP
BMHOOK
BMLOG
BMREADER
FormBookFormgrabber
RedLine Stealer
Remcos
WannaCry

What’s in the database

Group-IB’s Threat Intelligence team scours thousands of malware samples every day to detect emerging threats. The samples are analyzed using our advanced Malware Detonation Platform as part of Group-IB Managed XDR, which provides a complete view of the threat journey, from initial infection to the final payload

database
database
database

Our database containing over 2 million reports of public malware samples is available for free, helping you automate malware analysis and focus on higher-priority tasks. Each report includes detailed process trees, indicators of compromise, network activity dumps, and in-depth behavioral analysis.

Whether you're a SOC analyst, threat hunter, reverse engineer, or malware researcher, Group-IB’s database delivers actionable insights that will help you strengthen your defenses. Browse millions of reports and enhance your security posture.

Why use it

Reading articles is not enough

Watching malware operate in real time hones your technical skills far better than just reading about how someone else reverse-engineered it.

Emerging threats are difficult to identify

New malware strains emerge all the time, making it challenging for security teams to stay up-to-date and defend against evolving threats.

Most interfaces are not user friendly

Many platforms have unintuitive interfaces, which slows down security teams and increases the likelihood of overlooking critical insights.

Why not settle for a conventional
sandbox

Although conventional sandboxes can detect and attribute malware, they barely scratch the surface.

Group-IB’s Malware Detonation Platform does much more than merely identify good and bad files. It reveals how attacks unfold in real time and pinpoints which processes are executed, which files are created or modified, and what network connections are established. Malware Detonation Platform doesn’t just detect malware — it deceives attackers and encourages them to proceed with their attack, which reveals their full intentions and shows what could have happened if the threat wasn’t stopped.

Behavioral analysis

Malware Detonation Platform offers in-depth behavioral analysis, beyond mere file classification

Interactive reports

Each malware report includes an animated visualization of the attack process, helping you explore the malware’s behavior in detail

MITRE ATT&CK® framework

Every detected threat is mapped to the MITRE ATT&CK® framework
and aligns malware behavior with the tactics and techniques used by
the adversaries

mitre

How to search

Search by file property

Look up malware by name, hash, string, or file type

Use advanced filters

Search by behavior, verdict, and specifications

Analyze retrospectively

Compare historical and current threats using domains, IP addresses, or MITRE ATT&CK® technique IDs

How to use the malware reports

Boost your knowledge and skills
boost
Triage and enrich unknown malware
View detailed insights
Create Sigma and YARA rules
sigma
Share the reports with your team
share

Explore our most popular malware reports

Agent Tesla

Discover how this spyware logs keystrokes and steals sensitive information
RedLine

Find out how this stealer exfiltrates user data to its C&C server
Lockbit

Learn how this ransomware encrypts files and demands cryptocurrency in exchange for decryption
Remcos

See how this remote administration tool is used to steal data  and execute commands
FormBook

Read about how this backdoor executes remote commands and exfiltrates data
Go to all reports

Didn’t find the file or hash you’re
looking for?

Request Managed XDR demo