mether049/malware

Malware (analysis results, tools, reference, analysis methods, etc.)

malware

マルウェア関連(調査・解析結果，ツール，解析手法等)

• Malware techniques(reference&memo)

  • Anti-analysis/detection
    • Injection/Hollowing
    • Heavens's Gate
    • API obfuscation
    • PowerShell Script obfuscation
    • Living Off The Land(LOL)
    • DGA
    • Fast Flux
    • Convert to c2 proxy server(Using UPnP)
    • DNS Tunneling
    • Using SSL/TLS
    • Pakcing
    • Anti-Unpacking
    • Mutex
    • Poisoning CRT Library
  • Persistence
    • Registry
    • Startup Folder
  • Gathering Information
    • Public IP address
  • Delete Data
    • Delete Volume Shadow
  • maldoc
    • Obfuscation/Encryption
    • VBA Stomping
  • Malicious JavaScript
  • Shell Backdoor
  • rootkit
    • LKM rootkit

• Malware analysis method(reference&memo)

  • Tools
    • VM/OS
    • Static Analysis and Debug tools
    • Tracer
    • Instrumentation
    • Traffic Analysis tools
    • Forensic
    • Threat hunting
    • .NET analysis
    • Utilities
    • Online Sandbox
    • Unpacker/Decryptor/Decoder/Extractor/Memory Scanner
  • PDF Analysis
  • Document file Analysis
  • JavaScript Analysis
  • Linux Command Line Analysis
  • Other various file Analysis
    • lnk file
  • C2 Analysis
    • Emotet
    • Ursnif
  • Binary Analysis
    • Unpacking
    • Microsoft Windows Library
    • Perspective
  • Windows OS
  • Windows Command
  • Training Material

• Emotet

• Trickbot

• Maldoc used by TA505

• Knowledge

  • Identification of Hollowed out processes