The .zip archive contains a folder ‘tasks’, and a .csv file, “analysis_results.csv” which is a table with 4077 entries. The .csv table is delimeted by comma. Each subfolder of the ‘tasks’ folder represents an analysis task of a unique sample. The association between tasks and samples is shown in the analysis_results.csv table, which contains the analysis results per sample. Each row in the table represents a botnet sample and holds information such as analysis task id, file hash, URL of the server where the sample was captured from, as well as the analysis results for that sample. For each task id, the corresponding folder contains: 1) the results of the analysis (analysis_result.json); 2) the captured traffic (capture.pcap); 3) the recorded system calls (syscalls.json) and 4) the botnet sample file (ELF binary) with the original filename. Depending on the IoT botnet sample analysed, the network traffic may include port scanning, exploitation, C2 communications and DDoS traffic.