- DOWNLOAD DROIDJACK APK
- DOWNLOAD DROIDJACK FULL
- DOWNLOAD DROIDJACK ANDROID
- DOWNLOAD DROIDJACK CODE
- DOWNLOAD DROIDJACK WINDOWS
Zeek logs - a folder with Zeek generated logs after running Zeek on a RAT PCAP. Screenshots - a folder with screenshots of the mobile device and controller while performing the actions on the client and the server. Sometimes captured on the host computer running the controller VM, sometimes using the Emergency VPN software. Pcap - network traffic of the whole infection. The purpose of this log is to let the researchers match the actions with the packets in the pcap. Log - very detailed and specific time log of all the actions performed in the client and the server during the experiment, e.g “ 10:20:21 controller: execute command ‘Take Photo - Back Camera’”.
DOWNLOAD DROIDJACK APK
Be aware that the APK was built for our own servers, so it can not be used in a real attack. README.md - This file is the generic description of the execution, containing the name of the executed RAT, details of the RAT execution environment, details of the pcap (client’s IP and server’s IP, time of start of the infection).ĪPK - The APK file generated by the RAT’s builder. As a result, each RAT in the dataset includes an APK file, a log file, screenshots files, a pcap file, and a README.md.Įach RAT of the dataset contains the following files: When performing actions in the client and the server, we also write a log file of the performed actions and take screenshots for each action in the Controller and the phone.
DOWNLOAD DROIDJACK ANDROID
When performing actions in the controller and the server, we capture the network traffic using our own VPN server, or in the case of an Android virtual emulator, we can use the computer network interface.ĭataset Logging.
DOWNLOAD DROIDJACK WINDOWS
Second, start the RAT Controller in the Windows VM so it is ready to receive victims. First, use the Builder app in the Windows VM to create and build a new APK file. In this step, we execute the downloaded RAT in these steps. NET Framework, JRE), and finally preparing the physical phone or phone virtual emulator as a victim to infect.Įxecution.
DOWNLOAD DROIDJACK CODE
This step consists of searching for the code of the RAT on the Internet, downloading it, installing an appropriate virtual machine for execution of the RAT’s controller, including all the library requirements on the virtual machine (e.g. The methodology consists of the following 4 steps: (i) Installation, (ii) Execution, (iii) Traffic Capture, and (iv) Dataset Logging To create this dataset, we followed a methodology for each of the RATs. On May 7th 2021, we have published Android Mischief Dataset version 2 which is an extension of version 1. The Android Mischief Dataset was done in the Stratosphere Laboratory, Czech Technical University in Prague. The current version of the dataset includes 8 packet captures from 8 executed Android RATs. Its goal is to offer the community a dataset to learn and analyze the network behavior of RATs, in order to propose new detections to protect our devices. The Android Mischief Dataset is a dataset of network traffic from mobile phones infected with Android RATs. To approach the problem of the lack of Android RATs detection in the network traffic, we want to help the community by creating the Android Mischief Dataset, which contains network traffic from mobile phones infected with real and working Android RATs.
Even in cases where there are external network traffic analyzers, there are no good RAT detectors. Our phones are much harder to protect than our computers. Why? The main problem is that there are no easy ways to look at the network traffic on our mobile devices. It is not an easy task to detect RATs in the network traffic, especially when it comes to Android RATs in phones. RATs are one of the most important threats nowadays since they are used as part of most attacks, from APTs to Ransomware.
DOWNLOAD DROIDJACK FULL
Read full research about the Android Mischief Dataset creation, analysis of RATs network captures, and methods to detect RATs in the network traffic from here: (short link ) IntroductionĪ Remote Access Trojan (RAT) is a type of malware that allows the attacker (client) to gain control of the target’s device (server) to remotely control it. If you are using this dataset for your research, please reference it as “Babayeva, Kamila (2021), “Android Mischief Dataset”, Mendeley Data, V1, doi: 10.17632/xbx2j63xfd.1” Downloadĭownload version 2 of the dataset from here: (short link ) The RAT analysis research is part of the Civilsphere Project ( ), which aims to protect the civil society at risk by understanding how the attacks work and how we can stop them.