Statistics

MalwareBazaar produces detailed statistics on shared malware samples, including associated detections - find the available statistics below.

You can also access Spamhaus's Malware Digest report, based on MalwareBazaar data:

https://www.spamhaus.org/malware-digest/#malwarebazaar

Past 14 days
Overall

Malware sample shared

The chart below shows the number of unique malware samples shared on MalwareBazaar per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate MalwareBazaar without the help of volunteers who contribute malware samples to MalwareBazaar. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Last activity	Submissions
1	abuse_ch	2025-11-18	2'700
2	adrian__luca	2025-11-12	739
3	juroots	2025-11-17	206
4	Bitsight	2025-11-18	204
5	smica83	2025-11-18	181
6	JAMESWT_WT	2025-11-17	166
7	cocaman	2025-11-17	154
8	aachum	2025-11-15	136
9	burger	2025-11-15	93
10	lowmal3	2025-11-17	82
11	SecuriteInfoCom	2025-11-18	69
12	James_inthe_box	2025-11-17	63
13	threatcat_ch	2025-11-18	56
14	M128BitOff	2025-11-17	45
15	g0njxa	2025-11-07	44

Top Malware Families

Top Tags

Most matching YARA rules

YARA rules that matched most on malware samples in MalwareBazaar.

Malware Samples	YARA rule	Author	Last match
1'283	unixredflags3	Tim Brown @timb_machine	2025-11-18
1'277	CP_Script_Inject_Detector	DiegoAnalytics	2025-11-18
1'015	linux_generic_ipv6_catcher	@_lubiedo	2025-11-18
990	NET	malware-lu	2025-11-18
940	Sus_CMD_Powershell_Usage	XiAnzheng	2025-11-18
938	golang_bin_JCorn_CSC846	Justin Cornwell	2025-11-18
898	DebuggerCheck__API	None	2025-11-18
775	Skystars_Malware_Imphash	Skystars LightDefender	2025-11-18
775	pe_imphash	None	2025-11-18
744	DetectEncryptedVariants	Zinyth	2025-11-18
641	pe_detect_tls_callbacks	None	2025-11-18
604	upx_packed_elf_v1	RandomMalware	2025-11-18
569	ELF_Mirai	NDA0E	2025-11-18
532	SUSP_XORed_Mozilla_RID2DB4	Florian Roth	2025-11-18
532	SUSP_XORed_Mozilla_Oct19	Florian Roth	2025-11-18

Most downloaded Malware Samples

Most downloaded malware samples on MalwareBazaar.

Downloads	Malware Sample	Type	Signature	Reporter
1'605	bbe12f84f261623757de14cf0bae2fe2abcfe7d62307405cf2590cabf0596a9f	dll	Grandoreiro	johnk3r
1'209	b4decfd080dafb932296a4eca4e0d8bea53ffab996e162204c2588cc39f8a4a5	exe	NodeLoader	aachum
441	e6aab1b6a150ee3cbc721ac2575c57309f307f69cd1b478d494c25cde0baaf85	exe	CastleLoader	JAMESWT_WT
245	d49a51bbc86b86267ada38ab192f88c8d7ee210cd430beef2cae3d7af00a4d5a	7z	ACRStealer	aachum
222	4666046b2855686628c636e49ec6669b2c694e65f13862168b37f88a96588520	exe	njrat	abuse_ch
216	3b9f7030cede5d4e6c29654a6c0b66cda26760c5e3c12821be05077221aa5f5a	exe		Anonymous
215	25da93a8fa4dfbc51417b8138f7c8c3cf6fb6ae1dd0233501a65c1367c2daf84	exe	LummaStealer	abuse_ch
206	911c1ea18934cb8c4415b41f9898efc86adc86489086347c373b354ae819c33b	elf	Mirai	abuse_ch
206	33869788df4e4318b8b21f4f188e706a8dbb68e2c24d1e79af610c21796f311d	elf	Mirai	abuse_ch
202	c595b7aec31fcb722a76add442dd9924e651cff0ecead49c802103fe14e8ae57	exe	Formbook	cocaman
199	0582aa7fc639c84575d38a76c0caa951edfbcd03fc11b6b9a223ef70331a59fb	exe	AsyncRAT	abuse_ch
198	f1db9998646df4dfc57937b2b5df86ed03d5b55001319741405fc2025308c520	elf	Mirai	abuse_ch
197	5b6e14f2b9f4924137e60d6c8f3125b2714b47f94d1d6089e88ce94fa3b2550f	elf	Mirai	abuse_ch
196	d4d15b10f86194f4526390a76687063937d910dc744d770fbc4a646d7d8e49ea	elf	Mirai	abuse_ch
193	587eeb1b6f5dae33ef378941294dd1ccab0cfa92c49209f944949bcd5926dfb1	exe	Vidar	Bitsight

ANY.RUN

Top detections by ANY.RUN for malware samples on MalwareBazaar.

ClamAV

Top detections by ClamAV for malware samples on MalwareBazaar.

Intezer

Top detections by Intezer for malware samples on MalwareBazaar.

Joe Sandbox

Top detections by Joe Sandbox for malware samples on MalwareBazaar.

CERT.PL MWDB

Top detections by CERT.PL MWDB for malware samples on MalwareBazaar.

ReversingLabs

Top detections by ReversingLabs Titanium Platform for malware samples on MalwareBazaar.

Threatray

Top detections by Threatray for malware samples on MalwareBazaar.

Triage

Top detections by Triage for malware samples on MalwareBazaar.

UnpacMe

Top detections by UnpacMe for malware samples on MalwareBazaar.

VMRay

Top detections by VMRay for malware samples on MalwareBazaar.

FileScan.IO

Top classifications by FileScan.IO for malware samples on MalwareBazaar.

CyberFortress

Top classifications by CyberFortress for malware samples on MalwareBazaar.

ThreatZone

Top classifications by ThreatZone for malware samples on MalwareBazaar.

Most discussed Malware Samples

Most discussed (commented) malware samples on MalwareBazaar.

Comments	Malware Sample	Type	Signature
10	97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d	xls	Dridex
6	d9b05da007d51cf86d4a6448d17183ab69a195436fe17b497185149676d0e77b	exe	TrickBot
4	7277388a0a82e85fe6eb38ed47bd5640c74f10be64ee6e9b8610c49b73328859	7z	HawkEye
3	f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3	zip	AgentTesla
3	e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23	exe	AgentTesla
3	0994e0972430f7cf02b66c290b6e62666c14da2ca9ad369e7cf5447313dc8550	exe	TrickBot
3	667f88e8dcd4a15529ed02bb20da6ae2e5b195717eb630b20b9732c8573c4e83	doc	Phobos
2	df822aa4ae822b89d8f1c6b4afe3f9bf4679b7c9872bd95d3cbfab366a57edca	hta
2	2b7bdd0b8bde43d8e9d9a32352a408c5028e2a39c694be064a6ed18d0aa830e7	exe	Stop
2	251643f0b539eb872ebeb216f1b71f0f8dc8301276ea63dbfdf10a7267ac7379	zip

Top File Types

Most seen file types associated with malware samples on MalwareBazaar.

Top imphashes

Most seen imphashes on MalwareBazaar.

Malware Sample	imphash	Top 4 Signatures
659	f34d5f2d4577ed6d9ceec516c1f5a744	AgentTesla Formbook SnakeKeylogger RedLineStealer
125	1895460fffad9475fda0c84755ecfee1	Formbook AgentTesla SnakeKeylogger a310Logger
45	91d07a5e22681e70764519ae943a5883	Formbook RemcosRAT AgentTesla SnakeKeylogger
45	b34f154ec913d2d2c435cbd644e91687	GuLoader RemcosRAT EpsilonStealer AgentTesla
45	d42595b695fc008ef2c56aabd8efd68e	Rhadamanthys Vidar LummaStealer CobaltStrike
25	dcaf48c1f10b0efa0a4472200f3850ed	BlankGrabber PythonStealer SalatStealer RedTigerStealer
23	2eabe9054cad5152567f0699947a2c5b	LummaStealer Stealc Healer Amadey
23	a56f115ee5ef2625bd949acaeec66b76	Stealc PureHVNC RedLineStealer CoinMiner
22	9cbefe68f395e67356e2a5d8d1b285c0	LummaStealer AuroraStealer Vidar LaplasClipper
20	12e12319f1029ec4f8fcbed7e82df162	DCRat RedLineStealer Formbook SnakeKeylogger

Top ssdeep hashes

Most seen ssdeep hashes on MalwareBazaar.

Malware Sample	ssdeep	Signature(s)
5	1536:itnPsVkFxV8xk6b5VKLNXduAlCjFlIr57uscvIGiojd70k7h:VqVMkWV8PPX9Cjd70k7h	Mirai
5	768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8	Mirai
5	768:raehM993TLSmRTIrL8Fvvhp9H0HrZQ8yoWXagcLVPWtuQ/C71mA2EDEy0eYjW9TF:/M99jmL8BZp9IFUoWKdYuvQ5KIqkypZ	Mirai
3	768:3SjbGSLlRrYj0a8C/dQOhPC/+I20Ja6ZZ+GwPS4yns96BktDgIPi8TwE:ivW3jdQGqt7Y+Z+zN9cGgI6bE	Mirai
3	393216:ojE4ZQiKqSFIwkzCwuMERat2VwTPoJYh7V07MuCAZ52WKV00VW+tR:aGSwkzwm2yfBIHNZ52WKVRR	GoToResolve
3	1536:AkvvADrAJ9yAPw4+x60GgxDkRucdHHmo1IEwhg9y2IymQY2AUm6hh1Z/C/C:AooDrU9zo4lXC6hh1ZKK	Mirai
2	768:dq38VPCpR3XO+WzDQp2/cs75p3OFu9YiOjhw/vWG:dC8VaHO+mpR9peFu9YiOj6nWG	AsyncRAT
2	1536:Fu27gBY9FSSpj3z5Qxw6YaWWgg1n/LWy:c9sSyzz36YaWWgg1nq	Mirai
2	3072:cowpuQyNSG2eRa1styK9flTQPHotrScVM/9OAvjik:cowpuQyNSG24a1styKdlTuItrSmM/9nd	Mirai
2	393216:sIGdBtIDiCqWtLxXBi1/62Ocwf2o0b8MANHjLiB/ekS/mdVhReXpG:q9WtLzgOTbjZvk/ekS/mcpG	GoToResolve

Top dhash icon

Most seen dhashes of icons from PE32 executables and their signatures.

Malware Sample	dhash icon	Signature(s)