From 394d746c046a5456995bec10a6914e8ab9ec5736 Mon Sep 17 00:00:00 2001 From: mether049 Date: Mon, 2 Mar 2020 20:14:33 +0900 Subject: [PATCH] Update malware-analysis_ref_and_memo.md --- malware-analysis_ref_and_memo.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md index 5035226..8f2dbef 100644 --- a/malware-analysis_ref_and_memo.md +++ b/malware-analysis_ref_and_memo.md @@ -23,7 +23,7 @@ DFIR,マルウェア解析,OSINTに特化したUbuntuベースのディスト |IDA pro|〇|〇(Not free)|〇|||||| |Binary Ninja|〇|||||||| |Cutter|〇|r2dec,r2ghidra|native
gdb
windbg
etc.|[INTRO TO CUTTER FOR MALWARE ANALYSIS(2019-03)](https://malwology.com/2019/03/14/intro-to-cutter-for-malware-analysis/)
[megabeets.net](https://www.megabeets.net/?s=cutter)
[Cutter: Presenting r2ghidra Decompiler,r2con 2019](https://www.youtube.com/watch?v=eHtMiezr7l8&list=LLTk6-mAiILdt3V27uab14LA&index=8&t=0s)||||| -|Ghidra|〇|〇||[Reversing WannaCry Part 2 - Diving into the malware with #Ghidra,youtube](https://www.youtube.com/watch?v=Q90uZS3taG0)
[cheetsheet](https://www.oldergeeks.com/downloads/file.php?id=2767)||||| +|Ghidra|〇|〇||[Reversing WannaCry Part 2 - Diving into the malware with #Ghidra,youtube](https://www.youtube.com/watch?v=Q90uZS3taG0)
[cheetsheet](https://www.oldergeeks.com/downloads/file.php?id=2767)
[Scripting in Ghidra, Patching MacOS Image2Icon](https://duraki.github.io/posts/o/20200227-ghidra-scripting-image2icon.html)
[]()||||| |x64/x32dbg|〇|Snowman|〇|||||| |WinDbg|〇||〇|||||| |GDB|〇||〇|||||| @@ -212,6 +212,7 @@ echo $child_process |Triage|https://tria.ge/|| |Yomi Sandbox|https://yomi.yoroi.company/upload|| |UnpacMe|https://www.unpac.me/#/|online unpacker,beta,
extracting embedded AutoIT Script,
extracting URL from VB6 downloader(GuLoader)| +|MalwareConifg|https://malwareconfig.com/|特定マルウェアからconfig情報を抽出| ### Unpacker/Decryptor/Decoder/Extractor/Memory Scanner - [TAFOF-Unpacker](https://github.com/Tera0017/TAFOF-Unpacker)