1 minute read

Introduction

This post presents a curated memory forensics dataset designed to support research, detection engineering, and hands-on training in the fields of malware analysis, incident response, and threat simulation. The dataset contains memory dumps collected from controlled attack scenarios on Windows 10 systems, covering various techniques such as:

  • Process injection
  • Credential dumping
  • Remote access trojans (RATs)
  • Fileless malware
  • Cobalt Strike beacons

Each scenario includes a detailed description, artefacts (e.g., .mem files), and relevant attack characteristics such as evasion techniques, persistence indicators, and suspected C2 activity.

The cases range in complexity from unknown infections to targeted Cobalt Strike intrusions, offering varied examples useful for building or testing memory analysis workflows using tools like Volatility3, YARA, and Malcat.

Whether you’re a student, analyst, or researcher, this resource is intended to provide practical value for learning and advancing your memory forensics capabilities.

Attack ID Name Technique(s) Malware Persistence Network Activity Evasion Download Link
attack1 Unknown_Win10_hard Suspicious execution Unknown Not confirmed Possible beaconing Masquerading, native tool abuse Download
attack2 process_Injection_hard Process injection NimPlantv2 ScheduleTask Outbound C2 suspected Code in legitmate process Download
attack3 cobaltstrike_beacon_Hard Beacon stage Cobalt Strike Not confirmed C2 activity Named pipes, obfuscation Download
attack4 AsyncRAT_infection Standalone RAT AsyncRAT Unknown Encrypted HTTP/HTTPS beaconing Blends with normal processes Download
attack5 MasonRAT_intermediate Standalone RAT MasonRAT Unknown Outbound C2 No injection Download
attack6 cobaltstrike_process_inj_Hard Process injection Cobalt Strike Unknown C2 suspected Process injection Download

Stay tuned for updating…

Categories:

Updated: