Update May 6, 2013 We added ability to download corresponding samples and pcaps (when available). Same password scheme as contagio. Email Mila if needed.
Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns has been always an important skill for anyone tasked with network defense. The number of malware analysis blogs and papers is overwhelming and it is difficult to keep track of malware features if you don't have access to a well designed and constantly updated malware database. This started as "personal notes" spreadsheet with GET and POST requests for different malware families with information from open sources. We decided others might find it useful too.
This list is not meant to be the only way to identify malware families - it is an aid resource and reference. We will be adding data from our own research and online publications. (hint: please send us links to add)
The references column is a good source of links for malware analysis or resources for different families. The second tab "EZ Lookup" offers a more condensed view, which allows easier sorting. The Links tab gives resource list, and TBD tab shows entries for malware for which we don't have common/public names. The list features all types of malware: cybercrime, APT and hacktivism
VIEW OR DOWNLOAD "MALWARE TRAFFIC PATTERNS" SPREADSHEET
To download (you might miss updates if you decide to use a static copy), click on File - Download As in the spreadsheet view. To sort any columns, click on View - List. Your sorting will not affect other visitors.
If you think you can and wish to contribute, or have any comments or corrections please email Andre' or Mila