Packed Ransomware 15%
Other malware 10%
Start with the “Average Combined” malware package. It has a mix of malware that is most similar to what most organisations are seeing on a daily basis. We update the recipe of malware type percentages as we hear of real world changes.
We collect malware from a number of sources and specific contributors, including honeypots, automated feeds and manual creations. Most sources have chosen to stay private but we’ll gladly publicise the names of any contributors should they approve it.
The idea of creating these malware “packages” of mixed samples in a recipe of percentage ratios is to reflect real world scenarios. It allows us to easily create and provide different packages that relate to different people and different tests. For example, a test of an endpoint PC that has several layers of AV protection before it (e.g. email / web filters) might require testing against proportionately much more aggressive and evasive malware than a perimeter anti-malware product. Feel free to suggest a different recipe for a malware package here.
The zip files containing the malware executables are all encrypted with a password of “testmyav”. “7-Zip” is a great (and free) tool to open these zip files and extract the malware inside. More tools are available on the Tools page.
The password is “testmyav” (without the ” “). We chose this over the industry standard “infected” for a number of reasons.