Memory Forensics Attack Simulation Dataset

Introduction

This post presents a curated memory forensics dataset designed to support research, detection engineering, and hands-on training in the fields of malware analysis, incident response, and threat simulation. The dataset contains memory dumps collected from controlled attack scenarios on Windows 10 systems, covering various techniques such as:

• Process injection
• Credential dumping
• Remote access trojans (RATs)
• Fileless malware
• Cobalt Strike beacons

Each scenario includes a detailed description, artefacts (e.g., .mem files), and relevant attack characteristics such as evasion techniques, persistence indicators, and suspected C2 activity.

The cases range in complexity from unknown infections to targeted Cobalt Strike intrusions, offering varied examples useful for building or testing memory analysis workflows using tools like Volatility3, YARA, and Malcat.

Whether you’re a student, analyst, or researcher, this resource is intended to provide practical value for learning and advancing your memory forensics capabilities.

Attack ID	Name	Technique(s)	Malware	Persistence	Network Activity	Evasion	Download Link
attack1	Unknown_Win10_hard	Suspicious execution	Unknown	Not confirmed	Possible beaconing	Masquerading, native tool abuse	Download
attack2	process_Injection_hard	Process injection	NimPlantv2	ScheduleTask	Outbound C2 suspected	Code in legitmate process	Download
attack3	cobaltstrike_beacon_Hard	Beacon stage	Cobalt Strike	Not confirmed	C2 activity	Named pipes, obfuscation	Download
attack4	AsyncRAT_infection	Standalone RAT	AsyncRAT	Unknown	Encrypted HTTP/HTTPS beaconing	Blends with normal processes	Download
attack5	MasonRAT_intermediate	Standalone RAT	MasonRAT	Unknown	Outbound C2	No injection	Download
attack6	cobaltstrike_process_inj_Hard	Process injection	Cobalt Strike	Unknown	C2 suspected	Process injection	Download

Stay tuned for updating…