https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473539#M1698 <P>Hi Chukaokonkwo,&nbsp;</P><P>additionally to my colleague's link with WF trigerring malware. I would recomend you to install SANS malware analysis and reverse engineering tranining samples on a "Virtual Machine" (because this is real malware) and test it under a closed and controlled environment where you can play with CXDR agent and real malicious stuff. Ive done this before and even tested Forensic Module to see the traces from artifacts and evidences on prefetches, registry to gain persistance ....&nbsp;</P><P>I cant remember now a website where you could download even ransomware samples like wannacry, NOT-Petya... and play with it to see that our agents will block it&nbsp;<BR />Anyways if you find another interesting samples feel free to share here with the community.</P><P>And watch out, always test on a closed VM to not to damage any real asset in production</P><P>KR,</P><P>Luis</P> Wed, 16 Mar 2022 09:44:31 GMT eluis 2022-03-16T09:44:31Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473394#M1687 <P>Hi all,</P><P>Do you all know what the best simulated malware is to use in testing out rules/responsiveness/etc on Cortex XDR and where to download these fake malware from.&nbsp; Ideally it'll be benign specially constructed so they trigger same alerts as actual malware.&nbsp;</P><P>&nbsp;</P><P>A dozen high-fives for tips, suggestions, participation, etc.</P> Tue, 15 Mar 2022 21:29:58 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473394#M1687 chukaokonkwo 2022-03-15T21:29:58Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473420#M1690 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/193230">@chukaokonkwo</a>&nbsp;,</P><P>&nbsp;</P><P>Hope this will be relevant to what you are looking for.&nbsp;</P><P>&nbsp;</P><P>These are PA Malware Test File.&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/submit-files-for-wildfire-analysis/verify-wildfire-submissions/test-a-sample-malware-file" target="_blank">https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/submit-files-for-wildfire-analysis/verify-wildfire-submissions/test-a-sample-malware-file</A></P><P>&nbsp;</P><P>When I tested this before, this will just trigger WF alerts.&nbsp;<BR /><BR />If you are looking in particular like sample malware that trigger BTPs maybe opening a ticket to the support team can help you with this.</P> Tue, 15 Mar 2022 23:00:46 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473420#M1690 MarvinC 2022-03-15T23:00:46Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473539#M1698 <P>Hi Chukaokonkwo,&nbsp;</P><P>additionally to my colleague's link with WF trigerring malware. I would recomend you to install SANS malware analysis and reverse engineering tranining samples on a "Virtual Machine" (because this is real malware) and test it under a closed and controlled environment where you can play with CXDR agent and real malicious stuff. Ive done this before and even tested Forensic Module to see the traces from artifacts and evidences on prefetches, registry to gain persistance ....&nbsp;</P><P>I cant remember now a website where you could download even ransomware samples like wannacry, NOT-Petya... and play with it to see that our agents will block it&nbsp;<BR />Anyways if you find another interesting samples feel free to share here with the community.</P><P>And watch out, always test on a closed VM to not to damage any real asset in production</P><P>KR,</P><P>Luis</P> Wed, 16 Mar 2022 09:44:31 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/473539#M1698 eluis 2022-03-16T09:44:31Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/477737#M1822 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/193230">@chukaokonkwo</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190764">@eluis</a>&nbsp;</P><P>If you would like to simulate a fake attack and use free of cost tool. Please check out Infection Monkey&nbsp;</P><P><A href="https://www.guardicore.com/infectionmonkey/" target="_blank">https://www.guardicore.com/infectionmonkey/</A></P><P>This should definitely trigger Cortex XDR (Red, Yellow, Blue and Grey)</P><P>&nbsp;</P><P>If you would like to fetch some real stuff, you can use URLHaus and browse to malware links which are tagged with Office Doc Tags such as xlsx, docx etc and download, run it in a controlled environment away from production systems or any critical system.</P><P>&nbsp;</P><P>Note: I would personally recommend not to take this route as you will be exposing yourself to real Threat Actors if corrective measures are not taken by yourself.</P> Sat, 02 Apr 2022 20:21:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/477737#M1822 KanwarSingh01 2022-04-02T20:21:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/477758#M1826 <P>Thanks&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163390">@KanwarSingh01</a>&nbsp; !!! it all adds up&nbsp;</P> Sun, 03 Apr 2022 14:58:08 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/best-simulated-fake-malware-to-use-with-cortex-xdr/m-p/477758#M1826 eluis 2022-04-03T14:58:08Z