/Resource-Threat-Intelligence

Repository resource threat intelligence for SOC

Threat Intelligence Documents For SOC

CMC SOC TEAM (CMC INFOSEC)

Pentest, hacking awesome resource

https://github.com/Hack-with-Github/Awesome-Hacking

https://github.com/vitalysim/Awesome-Hacking-Resources

https://github.com/jekil/awesome-hacking

https://github.com/enaqx/awesome-pentest

https://github.com/coreb1t/awesome-pentest-cheat-sheets

ARM Exploit

http://www.freebuf.com/articles/terminal/107276.html

Litecoin mining tutorial under Linux

https://blog.linuxeye.cn/385.html

Linux Lite LTC CPU Mining Tutorial

http://www.iitshare.com/linux-litecoin-ltc-mining-tutorial.html

Ethereum Linux system mining tutorial

http://www.8btc.com/gpu-mining

Litecoin ltc mining tutorial: cpu mining and gpu mining (detailed graphic)

http://www.mnw.cn/news/digi/699354.html

Office Malware Exploit

https://github.com/Screetsec/Microsploit

https://remnux.org/

https://spreadsecurity.github.io/2016/08/14/macro-malware-analysis.html

http://sites.utexas.edu/iso/2016/07/08/reverse-engineering-a-malicious-ms-word-document/

http://www.freebuf.com/articles/terminal/74921.html

https://www.anquanke.com/post/id/84105

https://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/

https://countuponsecurity.com/2014/10/24/malicious-documents-word-with-vba-and-powershell/

https://www.cert-ist.com/public/en/SO_detail?code=malicious_pdf

https://blog.didierstevens.com/category/pdf/

http://www.itbaby.me/blog/59f7ea965d21b31fcd4e2037

https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

https://paper.seebug.org/351/

https://r3mrum.wordpress.com/2017/06/29/analyzing-malicious-password-protected-office-documents/

https://dfir.it/blog/2015/06/17/analysts-handbook-analyzing-weaponized-documents/

https://zeltser.com/analyzing-malicious-documents/

https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator

https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/

https://securityoversimplicity.wordpress.com/2017/11/23/not-all-she-wrote-part-3-rigged-rtf-documents/

http://www.sdkhere.com/2017/12/analysis-of-file-spider-ransomware.html

https://pentestlab.blog/2017/12/15/microsoft-office-payloads-in-document-properties/

http://www.freebuf.com/vuls/159789.html

http://blog.safedog.cn/?p=1519

http://blog.safedog.cn/?p=2209

Malware Sample/Analyst

https://github.com/wtsxDev/Malware-Analysis

https://github.com/vduddu/Malware

https://github.com/0xBADBAC0N/malware

https://github.com/ByteHackr/MalwareAnalysis

https://github.com/CHYbeta/Software-Security-Learning

https://zeltser.com/malware-sample-sources/

https://github.com/CHEF-KOCH/malware-research

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=308

https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/

https://practicalmalwareanalysis.com/labs/

https://cybersecweb.wordpress.com/2016/07/12/malware-analysis-labs/ (**)

http://www.freebuf.com/articles/network/88798.html

https://www.52pojie.cn/thread-411742-1-1.html

https://www.botfrei.de/de/ransomware/galerie.html

https://cysinfo.com/category/training/advanced-malware-analysis/

https://blogs.cisco.com/security/talos/reversing-multilayer-net-malware

Analyzing Linux Malwares

https://malware-unplugged.blogspot.com/2015/11/limon-sandbox-for-analyzing-linux.html

https://github.com/Tencent/HaboMalHunter

https://www.blackhat.com/docs/eu-15/materials/eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf

https://www.youtube.com/watch?v=fSCKyF--tRs&feature=youtu.be

http://contagiodump.blogspot.com/

http://dasmalwerk.eu/

http://www.freetrojanbotnet.com/

https://malshare.com/

http://www.kernelmode.info/forum/viewforum.php?f=16

https://avcaesar.malware.lu/

http://www.malwareblacklist.com/showMDL.php

http://thezoo.morirt.com/

https://malwr.com/

http://openmalware.org/

http://www.virusign.com/

https://virusshare.com/

WMI POWERSHELL mining

http://www.freebuf.com/articles/network/163233.html

CoinMiner

Linux. mining. cpuminer method record http://www.bubuko.com/infodetail-2167951.html

Centos 6.3 64-bit cpuminer +mining_proxy Mining Litecoin (LTC) tutorial https://www.cnblogs.com/sixiweb/archive/2013/12/02/3454564.html

Compile CPUminer under Linux Centos https://rumorscity.com/2014/01/04/compile-and-install-cpuminer-on-linux-centos/

Build a Redis&Minerd Security Emergency Walkthrough Environment http://www.freebuf.com/sectool/156904.html

coinotron https://www.coinotron.com

Ransomware analysis report

File-Locker Ransomware https://www.bleepingcomputer.com/news/security/file-locker-ransomware-targets-korean-victims-and-asks-for-50k-won/

Layered spinning - GlobeImposter ransomware analysis https://bbs.ichunqiu.com/thread-30152-1-1.html

Gently take off your clothes - the macro virus's posture https://bbs.ichunqiu.com/thread-29739-1-2.html

Secret Chimera ransomware http://www.freebuf.com/articles/system/112142.html

Preliminary analysis of ransomware ZEPTO http://www.freebuf.com/articles/system/112328.html

The new malicious ransomware cuteRansomware http://www.freebuf.com/news/109242.html

Analysis of ransomware SkidLocker using AES-256 encryption algorithm http://www.freebuf.com/articles/terminal/99153.html

Reverse analysis of NanoLocker ransomware http://www.freebuf.com/articles/network/94595.html

New malicious ransomware DMA Locker analysis http://www.freebuf.com/articles/network/96738.html

Locky ransomware malicious sample analysis 2 http://www.ithtw.com/thread-8888.htm

Locky ransomware malicious sample analysis 1 http://blog.topsec.com.cn/ad_lab/locky%E5%8B%92%E7%B4%A2%E8%BD%AF%E4%BB%B6%E6%81%B6%E6%84%8F%E6%A0%B7%E6%9C%AC%E5%88%86%E6%9E%90/

IoT Security: Debugging Environment Building Tutorial (AArch64) https://bbs.pediy.com/thread-229581.htm

Malware VM

https://0x4954.wordpress.com/2017/12/03/dfir-tips-malwarevbr-vm/

Malware sites detection

https://www.hybrid-analysis.com (recmt)

https://any.run (recmt)

https://www.virustotal.com (recmt)

https://virusscan.jotti.org

http://virscan.org

https://id-ransomware.malwarehunterteam.com

https://www.vmray.com

http://www.threatexpert.com/submit.aspx

https://www.reverse.it

https://www.maldun.com/submit/submit_file

https://habo.qq.com

https://www.joesandbox.com

Malware sources

https://github.com/gbrindisi/malware

https://github.com/kaiserfarrell/malware

https://github.com/terrorisst/Malware

https://github.com/fdiskyou/malware

https://github.com/c633/malwaRE

https://github.com/DanielRTeixeira/Malware

https://github.com/nikicat/web-malware-collection

https://github.com/faber03/AndroidMalwareEvaluatingTools

https://github.com/gasgas4/Leaked_Malware_SourceCode

https://github.com/ashishb/android-malware

https://github.com/infosecguerrilla/LinuxMalwareSourceCode

https://github.com/tfairane/AndroMalware

https://github.com/infosecguerrilla/WindowsMalwareSourceCode

https://github.com/csurage/Rootkit

https://github.com/adi0x90/POC-Android-Malware

https://github.com/cheverebe/Android-malware

https://github.com/ispoleet/malware

https://github.com/bakely/malware

https://github.com/K1rky/Malware

https://github.com/Screetsec/TheFatRat

https://github.com/asudhak/Android-Malware

https://github.com/Xyl2k/Malware-Auto-Downloader

https://github.com/slydon/malware_tools

https://github.com/Mi3Security/su-a-cyder

https://github.com/pandazheng/POC-Android-Malware-files

https://github.com/tfairane/AndroMalware

https://github.com/eset/malware-research

https://github.com/m0nad/Diamorphine

https://github.com/a7vinx/liinux

Malware Book

https://github.com/RPISEC/Malware

https://github.com/rshipp/awesome-malware-analysis

https://github.com/mgoffin/malwarecookbook

https://github.com/MISP/MISP

https://github.com/wyyqyl/MalwareAnalysis

https://github.com/secmobi/amatutor

https://github.com/pandazheng/amatutor

Yara for hunting

https://github.com/AlienVault-OTX/yabin

http://autopsit.blogspot.com/2015/12/using-virustotal-hunting-with-yara.html

https://blog.nviso.be/2017/02/14/hunting-with-yara-rules-and-clamav/

https://github.com/InQuest/awesome-yara

https://bbs.pediy.com/thread-223070.htm

https://github.com/nbs-system/php-malware-finder

https://github.com/mitre/multiscanner

http://www.freebuf.com/articles/system/26373.html

https://github.com/plusvic/yara/releases/tag/v2.0.0

https://yara.readthedocs.io/en/v3.5.0/gettingstarted.html

https://analysis.yararules.com/

https://github.com/Yara-Rules/rules

https://www.bsk-consulting.de/2015/02/16/write-simple-sound-yara-rules/

https://www.bsk-consulting.de/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/

https://www.bsk-consulting.de/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/

http://blog.safedog.cn/?p=281

Docker for analyst

https://github.com/eliasgranderubio/dagda

https://digital-forensics.sans.org/blog/2014/12/10/running-malware-analysis-apps-as-docker-containers

https://holisticinfosec.blogspot.com/2015/07/toolsmith-malware-analysis-with-remnux.html

https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments.pdf

https://blog.rootshell.be/2016/02/22/incident-handling-docker-to-the-rescue/

Docker malware analysis series first Docker http://blog.sina.com.cn/s/blog_e8e60bc00102vl37.html

Docker malware analysis series II: client risk analysis http://blog.sina.com.cn/s/blog_e8e60bc00102vlq7.html

Docker malware analysis series III: APK and analyze information using Trojan Viper http://blog.sina.com.cn/s/blog_e8e60bc00102vm2p.html

Docker malware analysis series ⅳ: js anti-aliasing analysis http://blog.sina.com.cn/s/blog_e8e60bc00102vmwi.html

Docker malware analysis series V: ALICTF finals design http://blog.sina.com.cn/s/blog_e8e60bc00102vnr0.html

Docker malware analysis series VI: ALICTF finals Solution ideas http://blog.sina.com.cn/s/blog_e8e60bc00102vnr6.html

Script

https://github.com/znb/Malware

https://github.com/arbor-jjones/malware

https://github.com/samvartaka/malware

https://github.com/John-Lin/malware

https://github.com/PythonWebScrapingMalware/Malware

https://github.com/sroberts/malwarehouse

https://github.com/SpiderLabs/malware-analysis

https://github.com/hasherezade/malware_analysis

https://github.com/tomchop/malcom

https://github.com/JustF0rWork/malware

https://github.com/seifreed/malware-scripts

https://github.com/andrew-morris/stupid_malware

https://github.com/abdesslem/malwareHunter

https://github.com/dchad/malware-detection

https://github.com/bindog/ToyMalwareClassification

https://github.com/svent/jsdetox

https://github.com/Googulator/TeslaCrack

https://github.com/KoreLogicSecurity/mastiff

https://github.com/adobe-security/Malware-classifier

https://github.com/PaloAltoNetworks/WireLurkerDetector

https://github.com/necst/aamo

https://github.com/maltelligence/maltelligence

https://github.com/mwleeds/android-malware-analysis

https://github.com/trendmicro/aleph

https://github.com/idanr1986/cuckoo-droid

https://github.com/MalwareLu/tools

https://github.com/hgascon/adagio

https://github.com/rieck/malheur

https://github.com/dcmorton/MalwareTools

https://github.com/ispoleet/malware

https://github.com/Dynetics/Malfunction

https://github.com/tiago4orion/malelf

https://github.com/lbull/malware-collector

https://github.com/sysopfb/Malware_Scripts

https://github.com/deadbits/malware-analysis-scripts

https://github.com/tuomao/android_malware_detection

https://github.com/aim4r/VolDiff

https://github.com/VT-Magnum-Research/antimalware

https://github.com/devwerks/Static-Malware-Analyses

https://github.com/guelfoweb/peframe

https://github.com/nheijmans/malzoo

https://github.com/neriberto/hg

https://github.com/mboman/mart

https://github.com/CSIRTUK/Malware-Tools

https://github.com/0x71/cuckoo-linux

https://github.com/bunseokbot/androtools

https://github.com/psdeshpande/MalwareDetection

https://github.com/sibichakkaravarthy/Malware-Analysis

https://github.com/2015-10-10/MalwareClassification

https://github.com/pfohjo/nitro

https://github.com/researcherGeekLab/AMIV

https://github.com/Te-k/malware-classification

https://github.com/lanninghuanxue/DroidJ

https://github.com/CvvT/AppTroy

https://github.com/monnappa22/Limon

https://github.com/androguard/androguard

https://github.com/sh4hin/Androl4b

https://github.com/jnferguson/entropyDeviation

APT Note

https://github.com/kbandla/APTnotes

https://github.com/hfiref0x/CVE-2015-1701

https://github.com/michael-yip/APTMalwareNotes

https://github.com/abzcoding/aptdetector

https://github.com/harsh2602/APT-Detection-Via-Graph-Analytics

https://github.com/Tryan18/XCOM

https://github.com/aroradhruv03/APThreatDetectionSys

https://github.com/tobypinder/ludumdare32

https://github.com/hslatman/awesome-threat-intelligence

https://github.com/peterfelfer/AtomProbeTutorials

https://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html

Linux distro

DEFT (Digital Evidence & Forensic Toolkit): http://www.deftlinux.net/

CAINE: https://www.caine-live.net/

BLACKARCH: http://samurai.inguardians.com/

ArchStrike: https://archstrike.org/

SANTOKU Linux: https://santoku-linux.com/

SANS SIFT: https://digital-forensics.sans.org/community/downloads

Hunting

https://holdmybeersecurity.com/2018/01/16/part-2a-intro-to-threat-hunting-with-kolide-fleet-osquery-powershell-empire-and-caldera-setup-environment/

https://cyberwardog.blogspot.com