A curated malware source dataset for AI/ML security research, malware behavior analysis, and defensive detection development.
This repository stores isolated malware feature implementations extracted from real-world malware families such as QuasarRAT, AsyncRAT, njRAT, SpyNote, and others.
The purpose of this dataset is to help:
- AI/ML systems learn malware behavior patterns
- Security researchers analyze malware source structures
- Detection engines improve behavioral recognition
- Researchers build malware classification datasets
Instead of storing complete malware projects, this repository focuses on individual feature source files.
Example:
When the Keylogger feature inside QuasarRAT is used, the malware collects keystroke data from the victim machine and displays it inside the operator panel.
The source file responsible for that behavior (such as QuasarRATKeylogger.cs) is the type of content stored in this repository.
Another example:
SpyNoteCallLogs.csAsyncRATPasswordRecovery.csnjRATRegistryPersistence.vbQuasarRATKeylogger.cs
ML/
├── Android/
│ ├── CallLogs/
│ │ ├── SpyNoteCallLogs.cs
│ │ └── ...
│ │
│ ├── SMSLogs/
│ ├── CameraCapture/
│ ├── Keylogger/
│ └── ...
│
└── Windows/
├── Keylogger/
│ ├── QuasarRATKeylogger.cs
│ ├── AsyncRATKeylogger.cs
│ └── ...
│
├── Persistence/
│ ├── njRATRegistryPersistence.vb
│ └── ...
│
├── PasswordRecovery/
├── PowerShell/
├── Ransomware/
└── ...
Each folder represents a malware behavior or capability mapped to related MITRE ATT&CK techniques.
This dataset is intended for:
- Malware analysis
- AI/ML training
- Threat intelligence research
- Behavioral detection research
- Security education
- Defensive cybersecurity development
This repository contains malware-related source code intended strictly for educational, research, and defensive security purposes. Any malicious or unauthorized use is prohibited.
MIT License