Best Simulated (Fake) Malware To Use With Cortex XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Best Simulated (Fake) Malware To Use With Cortex XDR

L1 Bithead

Hi all,

Do you all know what the best simulated malware is to use in testing out rules/responsiveness/etc on Cortex XDR and where to download these fake malware from.  Ideally it'll be benign specially constructed so they trigger same alerts as actual malware. 

 

A dozen high-fives for tips, suggestions, participation, etc.

1 accepted solution

Accepted Solutions

L2 Linker

Hi @chukaokonkwo ,

 

Hope this will be relevant to what you are looking for. 

 

These are PA Malware Test File. 

https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/submit-files-for-wildfire-analysis/ver...

 

When I tested this before, this will just trigger WF alerts. 

If you are looking in particular like sample malware that trigger BTPs maybe opening a ticket to the support team can help you with this.

Let's have a seat and talk for a while.

View solution in original post

4 REPLIES 4

L2 Linker

Hi @chukaokonkwo ,

 

Hope this will be relevant to what you are looking for. 

 

These are PA Malware Test File. 

https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/submit-files-for-wildfire-analysis/ver...

 

When I tested this before, this will just trigger WF alerts. 

If you are looking in particular like sample malware that trigger BTPs maybe opening a ticket to the support team can help you with this.

Let's have a seat and talk for a while.

L4 Transporter

Hi Chukaokonkwo, 

additionally to my colleague's link with WF trigerring malware. I would recomend you to install SANS malware analysis and reverse engineering tranining samples on a "Virtual Machine" (because this is real malware) and test it under a closed and controlled environment where you can play with CXDR agent and real malicious stuff. Ive done this before and even tested Forensic Module to see the traces from artifacts and evidences on prefetches, registry to gain persistance .... 

I cant remember now a website where you could download even ransomware samples like wannacry, NOT-Petya... and play with it to see that our agents will block it 
Anyways if you find another interesting samples feel free to share here with the community.

And watch out, always test on a closed VM to not to damage any real asset in production

KR,

Luis

L3 Networker

@chukaokonkwo @eluis 

If you would like to simulate a fake attack and use free of cost tool. Please check out Infection Monkey 

https://www.guardicore.com/infectionmonkey/

This should definitely trigger Cortex XDR (Red, Yellow, Blue and Grey)

 

If you would like to fetch some real stuff, you can use URLHaus and browse to malware links which are tagged with Office Doc Tags such as xlsx, docx etc and download, run it in a controlled environment away from production systems or any critical system.

 

Note: I would personally recommend not to take this route as you will be exposing yourself to real Threat Actors if corrective measures are not taken by yourself.

Kind Regards
KS

Thanks @KanwarSingh01  !!! it all adds up 

  • 1 accepted solution
  • 2711 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!