nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-02-24 01:38:18 +09:00 committed by GitHub
parent 9b3bb06b03
commit 496cc6188f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
malware-analysis_ref_and_memo.md
View File

@ -256,14 +256,17 @@ Injecition/Hollowingされたプロセスの自動検出<br>
RTFファイルからOLEパッケージオブジェクトを検出し、埋め込みファイルを抽出<br> RTFファイルからOLEパッケージオブジェクトを検出し、埋め込みファイルを抽出<br>
# C2 Analysis # C2 Analysis
- [C2MATRIX](https://www.thec2matrix.com/matrix)<br>
- オープンソースのC2フレームワークとその比較表
- [SpreadSheet](https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0)
### Emotet ### Emotet
- [Emutet](https://github.com/d00rt/emotet_network_protocol)<br> - [Emutet](https://github.com/d00rt/emotet_network_protocol)<br>
Emotetのc2通信部分のエミュレータ<br> - Emotetのc2通信部分のエミュレータ<br>
### Ursnif ### Ursnif
- Ursnif(version 2)のc2通信の仕組みと復号ツールについて<br> - Ursnif(version 2)のc2通信の仕組みと復号ツールについて<br>
[Writing Malware Traffic Decrypters for ISFB/Ursnif](https://labs.sentinelone.com/writing-malware-traffic-decrypters-for-isfb-ursnif/) - [Writing Malware Traffic Decrypters for ISFB/Ursnif](https://labs.sentinelone.com/writing-malware-traffic-decrypters-for-isfb-ursnif/)
# Binary Analysis # Binary Analysis
### Unpacking ### Unpacking