rewrote readme file

Author: ThatSINEWAVE

README.md

@@ -1,134 +1,101 @@
 <div align="center">
 
-# [Malware-Samples Repository](https://cybersight-security.github.io/Malware-Samples)
+# Malware Samples
 
-Welcome to the Malware-Samples repository! 
-This repository contains various malware and ransomware samples for research and analysis purposes. 
-All RAR files are password-locked with the password "**infected**". 
-Please ensure you use caution and follow appropriate safety measures when handling these samples.
+![Cybersight Security Malware Samples](assets/logo.png)
 
-</div>
-
-### Usage
-
-1. Clone the repository to your local machine:
+The Cybersight Security Malware Samples repository is a curated collection of malicious software specimens for cybersecurity research and analysis. This repository provides security professionals with real-world samples to study malware behavior, develop detection techniques, and enhance defensive strategies.
 
-```
-git clone https://github.com/ThatSINEWAVE/Malware-Samples.git
-```
+</div>
 
-2. Use the password "**infected**" to unlock the RAR files containing the malware samples.
+## Features:
+- Comprehensive collection of real malware samples
+- Password-protected archives (password: "infected") for safe handling
+- Categorized by malware type (RATs, ransomware, trojans)
+- Detailed descriptions of each sample
+- Regular updates with new specimens
+- Research-focused organization
 
-3. Analyze the samples using appropriate tools and techniques. Remember to do this in a controlled environment to prevent any unintended consequences.
+**Important Note:** All samples are contained within password-protected archives and should only be handled in secure, isolated environments. The attack simulations and behaviors described are real malware capabilities - extreme caution is required when working with these samples.
 
-<div align="center">
+## Sample Categories
 
-## ☕ [Support my work on Ko-Fi](https://ko-fi.com/thatsinewave)
+### Remote Access Trojans (RATs)
+- 888RAT - Advanced remote control capabilities
+- DarkComet - Comprehensive surveillance features
+- Nanocore - Robust feature set for system manipulation
+- 20+ additional RAT variants
 
-</div>
+### Ransomware
+- WannaCry - Global epidemic ransomware
+- LockBit - Ransomware-as-a-service platform
+- Petya - Master boot record encryptor
+- 20+ additional ransomware variants
 
-### Warning
+### Trojans
+- AgentTesla - Advanced information stealer
+- QakBot - Persistent banking trojan
+- FakeAV - Rogue antivirus malware
+- 20+ additional trojan variants
 
-- **Caution**: Malware samples can cause harm to your computer system and compromise your security. Handle these samples with extreme care and only in isolated environments. Do not execute these samples on any system connected to the internet or any network containing sensitive information.
+## Technical Implementation
 
-- **Please note**: The maintainer and contributors of this repository, both past, present, and future, are not responsible for any loss of data, system damage, or other consequences resulting from the mishandling of the samples provided herein. Caution is advised when testing any file present in this repository.
+### Sample Handling
+- All samples password-protected ("infected")
+- Archived in RAR format for additional security
+- Detailed metadata included for each sample
+- Regular integrity checks performed
 
-# Future Improvements
+### Research Environment Recommendations
+- Use isolated virtual machines
+- Disable network connectivity
+- Employ memory-only analysis tools
+- Utilize sandbox environments
 
-We aim to continuously enhance the usability and value of this repository. Here are some planned improvements:
+## Installation and Usage
 
-1. **Dedicated README Files**: Each sample will have its dedicated README file, providing specific instructions, insights, and context about the sample. These README files will complement the general repository README and offer targeted guidance for analyzing individual samples.
+### Requirements
+- Virtualization software (VMware, VirtualBox)
+- Archive utility supporting RAR (WinRAR, 7-Zip)
+- Isolated laboratory environment
+- Malware analysis tools
 
-## List of Samples
+### Setup Instructions
+1. **Clone the repository:**
+   ```bash
+   git clone https://github.com/cybersight/malware-samples.git
+   cd malware-samples
+   ```
 
-### RATs (Remote Access Trojans)
-1. **888RAT** - A remote access trojan (RAT) known for its versatility and ability to control infected computers remotely.
-2. **Adwind** - A cross-platform RAT capable of infecting multiple operating systems, including Windows, macOS, and Linux.
-3. **ArdaMax** - A RAT with various spying capabilities, including key-logging, screen capture, and remote desktop control.
-4. **CyberGate** - A remote administration tool (RAT) used by cybercriminals to gain unauthorized access to infected systems and execute malicious actions remotely.
-5. **DarkComet** - A remote access trojan (RAT) notorious for its surveillance features, including key-logging, webcam monitoring, and file system access, often used in cyber espionage operations.
-6. **DarkCloud** - A malware variant known for its stealthy behavior and data exfiltration capabilities, often used in targeted espionage campaigns.
-7. **Gh0stRAT** - A remote access trojan (RAT) used by cybercriminals to gain unauthorized access to infected systems, allowing them to steal data, monitor activities, and execute commands remotely.
-8. **Glupteba** - A sophisticated malware strain known for its stealthy behavior and multiple functionalities, including cryptocurrency mining, information stealing, and proxy tunneling.
-9. **MetamorpherRAT** - A remote access trojan (RAT) known for its ability to evade detection by changing its characteristics, making it challenging for security software to detect and remove.
-10. **Nanocore** - A remote access trojan (RAT) known for its robust feature set, including key-logging, remote desktop control, and file system manipulation, often used in cyber espionage and data theft campaigns.
-11. **NETWire** - A remote access trojan (RAT) known for its extensive feature set, including key-logging, webcam capture, and file system manipulation, often used in cyber espionage and data theft operations.
-12. **Quasar** - A remote access trojan (RAT) known for its extensive feature set, including key-logging, remote desktop control, and file system manipulation, often used in targeted cyberattacks.
-13. **Remcos** - A remote access trojan (RAT) known for its extensive feature set, including remote desktop control, file management, and surveillance capabilities, often used in targeted cyberattacks.
-14. **RevangeRAT** - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and webcam monitoring, often used in cyber espionage operations.
-15. **SectopRAT** - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and remote desktop control, often used in cyber espionage operations.
-16. **WarzoneRAT** - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and remote desktop control, often used in cyber espionage operations.
-17. **WSHRAT** - A remote access trojan (RAT) named after its use of Windows Script Host (WSH) for execution, allowing attackers to gain unauthorized access to infected systems.
-18. **XenorRat** - A remote access trojan (RAT) designed for Windows systems, allowing attackers to remotely control infected devices, steal data, and execute malicious commands.
-19. **ZGRat** - A remote access trojan (RAT) known for its surveillance capabilities, including key-logging, screen capture, and remote desktop control, often used in cyber espionage operations.
-20. **Happy99** - Also known as Ska, is a type of malware that spreads via email attachments and infects Windows systems.
-21. **NJRAT** - NJRAT (also known as Nanocore or Nano Core RAT) is a remote access trojan designed to provide unauthorized access and control over infected systems.
+2. **Extract samples:**
+   - Use password "infected" for all archives
+   - Only extract in secure environments
 
-### Ransomware
-1. **Cerber** - A notorious ransomware known for encrypting files on infected computers and demanding payment in cryptocurrency for decryption.
-2. **Cryptowall** - A pervasive ransomware strain that encrypts files on infected machines and demands payment in cryptocurrency for decryption, causing significant data loss and financial damage.
-3. **Djvu** - A prolific ransomware strain that encrypts files on compromised computers and demands payment in cryptocurrency for decryption, often distributed through malicious email attachments and fake software downloads.
-4. **Jigsaw** - A ransomware strain named after the antagonist in the movie "Saw," known for deleting files incrementally until a ransom is paid, aiming to pressure victims into payment.
-5. **LockBit** - A ransomware-as-a-service (RaaS) platform used by cybercriminals to encrypt files on infected systems and demand ransom payments for decryption keys.
-6. **Locky** - A notorious ransomware strain that gained notoriety for its large-scale distribution through spam emails containing malicious attachments, encrypting files on infected systems.
-7. **Mamba** - A ransomware variant known for its unique encryption technique, encrypting entire hard drives instead of individual files, making it more destructive and difficult to recover from.
-8. **Petrwrap** - A variant of the Petya ransomware, known for its destructive capabilities, encrypting entire hard drives and rendering infected systems inaccessible until a ransom is paid.
-9. **Petya** - A ransomware strain that gained notoriety for its ability to encrypt entire hard drives, causing widespread damage and disruption to infected systems, often propagated through phishing emails and exploit kits.
-10. **NotPetya** - A destructive malware strain that caused widespread havoc and financial losses to organizations worldwide.
-11. **Radamant** - A ransomware variant known for its encryption capabilities and targeted attacks against businesses and organizations, often demanding large ransom payments for decryption keys.
-12. **Satana** - A ransomware variant known for its destructive capabilities, encrypting files on infected systems and modifying the master boot record (MBR) to render the system unbootable until a ransom is paid.
-13. **Sodinokibi** - A ransomware-as-a-service (RaaS) platform used by cybercriminals to encrypt files on infected systems and demand ransom payments for decryption keys.
-14. **TearDrop** - A malware variant known for its stealthy behavior and advanced evasion techniques, often used for data theft and espionage purposes.
-15. **TeslaCrypt** - A ransomware variant known for encrypting files on infected systems and demanding payment for decryption, often distributed through malicious email attachments and exploit kits.
-16. **Thanos** - A ransomware variant known for its advanced encryption techniques and capability to encrypt files on both Windows and Linux systems, causing widespread damage and disruption.
-17. **WannaCry** - A ransomware worm that spread globally in 2017, encrypting files on infected systems and demanding ransom payments for decryption, exploiting a vulnerability in Windows systems.
-18. **WannaCryPlus** - A variant or evolution of the original WannaCry ransomware, possibly featuring additional functionalities or modifications to its encryption techniques.
-19. **GoldenEye** - A sophisticated ransomware strain that poses a significant threat to computer systems and networks worldwide.
-20. **BadRabbit** - A malicious ransomware strain that gained notoriety for its widespread attacks, particularly targeting organizations in various sectors.
-21. **Annabelle** - A sophisticated and dangerous ransomware strain that has garnered attention for its destructive capabilities in the cybersecurity landscape.
-22. **MonsterV1** - A potent malware strain that poses a significant threat to the cybersecurity landscape, capable of causing extensive damage to computer systems and networks.
-23. **MonsterV2** - This variant of MonsterV1 is highly advanced malware variant that represents a significant threat to the cybersecurity landscape, leveraging sophisticated techniques to infiltrate and compromise computer systems.
-24. **Pikachu** - a notorious malware strain known for its disruptive activities and widespread infections across computer systems.
+3. **Analyze samples:**
+   - Use appropriate analysis tools
+   - Maintain strict isolation protocols
+   - Never execute on production systems
 
-### Trojans
-1. **AgentTesla** - A keylogger and information stealer used by cybercriminals to capture sensitive data such as login credentials and financial information.
-2. **Akira** - A malware strain primarily designed for stealing cryptocurrency wallets and credentials from infected devices.
-3. **Amadey** - A modular trojan often used in phishing campaigns to steal personal and financial information from victims.
-4. **BanLoad** - A banking trojan designed to steal sensitive banking information, such as login credentials and account details, from infected devices.
-5. **Berbew** - A trojan primarily targeting banking and financial institutions, aiming to steal sensitive information related to online banking transactions.
-6. **Blankgrabber** - A data-stealing malware focused on capturing sensitive information, like login credentials and financial data, from infected devices.
-7. **Coper** - A banking trojan specializing in stealing financial data, such as credit card details and online banking credentials, from compromised systems.
-8. **Dirdex** - A trojan malware known for its ability to steal sensitive information from infected systems and spread through network shares and removable drives.
-9. **ICEDid** - A banking trojan designed to steal sensitive information from infected systems, including login credentials and financial data, primarily distributed through phishing campaigns and exploit kits.
-10. **Imminent** - A malware variant known for its stealthy infiltration and destructive capabilities, often used to deploy ransomware and steal sensitive data from compromised systems.
-11. **Matiex** - A trojan malware designed to steal sensitive information, such as login credentials and financial data, from infected systems, often distributed through phishing campaigns.
-12. **Matsnu** - A sophisticated malware strain known for its polymorphic capabilities and multiple functionalities, including information stealing, credential harvesting, and system manipulation.
-13. **Pony** - A data-stealing malware focused on capturing sensitive information, such as login credentials and financial data, from infected systems, often used in credential stuffing attacks and identity theft.
-14. **Pysilon** - A trojan malware designed to steal sensitive information from infected systems, including login credentials and financial data, often distributed through malicious email attachments and drive-by downloads.
-15. **QakBot** - A banking trojan known for its persistence and stealthy behavior, capable of stealing sensitive information, such as login credentials and financial data, from infected systems.
-16. **QNodeService** - A trojan malware known for its stealthy behavior and ability to evade detection, often used for data theft and remote access to infected systems.
-17. **Rex** - A trojan malware known for its ability to steal sensitive information from infected systems, such as login credentials and financial data, often distributed through phishing campaigns and malicious downloads.
-18. **StealC** - A data-stealing malware variant focused on capturing sensitive information, such as login credentials and financial data, from infected systems, often distributed through malicious websites and phishing emails.
-19. **Yunsip** - A trojan malware designed to steal sensitive information from infected systems, such as login credentials and financial data, often distributed through phishing campaigns and malicious downloads.
-20. **Magistr** - A polymorphic computer virus that spreads through email attachments and network shares.
-21. **Bonzify** - A malicious trojan horse program designed to infiltrate computer systems stealthily and perform various harmful actions.
-22. **000** - A notorious malware known for its malicious activities across various computer systems.
-23. **Madal** - A trojan that infiltrates systems through deceptive means, such as email attachments, software downloads, or compromised websites.
-24. **FakeAV** - FakeAV, also known as Rogue Antivirus, is a type of malware that deceives users into believing their systems are infected with malicious software.
+## Warning and Safety Protocols
 
-<div align="center">
+- **Critical Warning:** These samples are live malware and will infect unprotected systems
+- Always work in isolated virtual environments
+- Never analyze samples on internet-connected systems
+- Use dedicated research machines when possible
+- Follow all organizational security policies
 
-## [Join my Discord server](https://discord.gg/2nHHHBWNDw)
+## License
 
-</div>
+This project is licensed under the GNU General Public License (GPL). This means you are free to:
 
-### Contributing
+- Use the samples for research purposes
+- Study the malware behavior
+- Develop detection and prevention mechanisms
 
-Contributions to this repository are welcome! If you have additional malware samples to share, please submit a pull request with the necessary information and password-protected archives files.
+The full license text is included in the repository.
 
-### Disclaimer
+## About Cybersight Security
 
-The samples provided in this repository are for educational and research purposes only. 
-The maintainer and contributors of this repository are not responsible for any misuse or damage caused by these samples. Use at your own risk.
+Cybersight Security is a leading provider of cybersecurity solutions, helping organizations protect their digital assets against evolving threats. Our Malware Samples Repository is part of our commitment to security research and education.
 
-**Remember: Stay safe and ethical in your research and analysis endeavors!**
+**Disclaimer:** This repository contains real malicious software. Cybersight Security is not responsible for any damage caused by improper handling of these samples. Use exclusively for legitimate research purposes in controlled environments. By accessing this repository, you assume all responsibility for safe handling of these materials.