malware マルウェア関連(調査・解析結果,ツール,解析手法等) Malware techniques(reference&memo) Anti-analysis/detection Injection/Hollowing Heavens's Gate API obfuscation PowerShell Script obfuscation Living Off The Land(LOL) DGA Fast Flux Convert to c2 proxy server(Using UPnP) DNS Tunneling Using SSL/TLS Pakcing Anti-Unpacking Mutex Poisoning CRT Library Persistence Registry Startup Folder Gathering Information Public IP address Delete Data Delete Volume Shadow maldoc Obfuscation/Encryption VBA Stomping Malicious JavaScript Shell Backdoor rootkit LKM rootkit Malware analysis method(reference&memo) Tools VM/OS Static Analysis and Debug tools Tracer Instrumentation Traffic Analysis tools Forensic Threat hunting .NET analysis Utilities Online Sandbox Unpacker/Decryptor/Decoder/Extractor/Memory Scanner PDF Analysis Document file Analysis JavaScript Analysis Linux Command Line Analysis Other various file Analysis lnk file C2 Analysis Emotet Ursnif Binary Analysis Unpacking Microsoft Windows Library Perspective Windows OS Windows Command Training Material Emotet Trickbot Maldoc used by TA505 Knowledge Identification of Hollowed out processes