nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-03-29 20:31:06 +09:00 committed by GitHub
parent ddb659a62c
commit 0a296e563a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
malware-analysis_ref_and_memo.md
View File

@ -234,6 +234,12 @@ $queryNameVersion="SELECT * FROM Win32_Process WHERE ParentProcessId=" + $procs.
$child_process=Get-WmiObject -Query $queryNameVersion $child_process=Get-WmiObject -Query $queryNameVersion
echo $child_process echo $child_process
``` ```
### Control Windows features
- **[blackbird](https://www.getblackbird.net/)**
- **[Windows Firewall Control](https://www.binisoft.org/wfc.php)**
- **[reclaimWindows10.ps1](https://gist.github.com/alirobe/7f3b34ad89a159e6daa1)**
- windowsにデフォルトインストールさている機能(onedrive,windows defender,skype,windows update,etc.)のon/offを切り替える
- マルウェアの通信を解析する際にノイズ通信が加わることを防止する
### Online Sandbox ### Online Sandbox
|name|site|remarks| |name|site|remarks|
@ -295,6 +301,8 @@ Injecition/Hollowingされたプロセスの自動検出<br>
> - etc.<br> > - etc.<br>
- **[Bisonal Analysis Utils](https://www.nttsecurity.com/docs/librariesprovider3/resources/Japan/bisonal-utils)** - **[Bisonal Analysis Utils](https://www.nttsecurity.com/docs/librariesprovider3/resources/Japan/bisonal-utils)**
- Bisonalに含まれる文字列のデコード通信の復号yaraルール - Bisonalに含まれる文字列のデコード通信の復号yaraルール
- **[aa-tools](https://github.com/JPCERTCC/aa-tools)**
- tscookieのcofingデコーダやvolatility pluginなど
# PDF Analysis # PDF Analysis
- **[pdfid.py](https://blog.didierstevens.com/programs/pdf-tools/)** - **[pdfid.py](https://blog.didierstevens.com/programs/pdf-tools/)**