WetStone Technologies

Unfortunately, our new website relies on browser features that are not available in older versions of Internet Explorer. As Microsoft has officially stopped supporting these browsers, we have chosen to do the same. Instead, we recommend that you upgrade Internet Explorer if you are running Windows 7, 8, or 10, or that you download a newer browser, like Mozilla Firefox or Google Chrome.

We at WetStone Technologies thank you for your interest and your patience.

WetStone Technologies,
a Division of SiviSoft

WetStone Technologies: A division of Allen Corporation
WetStone Technologies: A division of Allen Corporation

WetStone Datasets
Malware Repository

WetStone Technologies maintains a malware repository for each of the following program categories:

  • Anti-forensics
  • Botnet
  • Cryptojacking
  • Cryptomining
  • Denial of service
  • Encryption
  • Exploit Kit
  • Exploit scanner
  • Fraud tools
  • Keylogger
  • Password cracking
  • Peer-to-peer
  • Piracy
  • Ransomware
  • Remote access
  • Rootkit
  • Scareware
  • Sniffer
  • Spyware
  • Toolkit
  • Trojan
  • Web threats
  • Wireless tools

The datasets in this repository are utilized by tools in the WetStone Gargoyle Investigator family to detect and identify known malware and potentially unwanted applications. Additionally, a Steganography dataset is provided to WetStone StegoHunt and StegoCommand users to detect and identify known Steganography programs.
The Gargoyle datasets contain signatures for malware as well as for tools that cybercriminals frequently use to perform network reconnaissance, exploit vulnerabilities, track users, and compromise systems. Some of these tools may also have legitimate purposes when used lawfully and in compliance with company policy by authorized individuals, and, thus, are considered potentially unwanted applications or dual-use programs. By using Gargoyle to scan for malicious applications, a digital investigator can glean significant insight into the activities, motives and intent of a suspect.

There are two types of Malware Datasets available from WetStone - Factory and Supplementals


When WetStone has obtained a sample of an application or tool, and after WetStone’s malware research team has determined that it is a legitimate candidate for one of our malware categories, signatures will be added to the Factory Datasets. Our analysts investigate thousands of samples every day. To ensure we are providing accurate Indicators of Compromise (IOCs) and to reduce false positives, WetStone’s malware analysts leverage in-house sandbox technology and filter against extensive whitelists.


Due to the sheer number of new malware programs that are identified every day, WetStone provides an additional type of Gargoyle dataset. This Supplemental Dataset consists of IOCs for malicious programs for which we have not yet obtained a sample that can be subjected to in-house analysis. To populate the Supplemental Datasets our malware team leverages input from over three hundred malware research and threat intelligence sources on a daily basis. Our analysts verify the accuracy of these IOCs using multiple trusted threat intelligence portals and repositories, and by filtering against extensive white lists. When a sample corresponding to a supplemental dataset signature is obtained, it is subjected to in-house analysis. It is then added to the Factory Datasets and removed from the Supplementals Datasets.


In addition to scanning target systems and disk images using the WetStone-provided Factory and Supplemental datasets, Gargoyle Investigator MP can be utilized to discover any file residing on any machine. This is accomplished using custom datasets. Custom datasets are created within Gargoyle MP’s user interface and can be the contents of any folder the user chooses. This allows a user to discover files that may be unique to the user’s investigation, such as proprietary corporate documents, sensitive media files, or custom applications. One may also create a custom dataset as a comma-delimited file. An example of where this may be useful is to support scanning for newly discovered malware signatures or signatures that are available to the user under restricted distribution. The information contained in this file would follow the format: “MD5 hash”, “name assigned by user”, “category assigned by user”.


Factory and Supplemental Datasets are scheduled to be released on the 15th of each month, or the next business day when the 15th falls on a weekend or on a WetStone-observed holiday. Access to these releases is an entitlement for customers with an active support agreement or an active term license for the product to which the datasets correspond.