nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-02-06 00:58:48 +09:00 committed by GitHub
parent 0c09e7296f
commit 5e6752b730
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
malware-analysis_ref_and_memo.md
View File

@ -121,13 +121,14 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
- ref:
- [How to extract a RAM dump from a running VirtualBox machine](https://www.andreafortuna.org/2017/06/23/how-to-extract-a-ram-dump-from-a-running-virtualbox-machine/)
- Plugins
|name|default|how to use|description|reference|
|:-|:-|:-|:-|:-|
|malfind|| python vol.py -f zeus.vmem malfind -p 1724|||
|[hollowfind](https://github.com/monnappa22/HollowFind)|-|python vol.py -f infected.vmem --profile=Win7SP0x86 hollowfind|||
|yarascan|| python vol.py -f zeus.vmem yarascan --yara-file=/path/to/rules.yar||||
|yarascan|| python vol.py -f zeus.vmem yarascan --yara-file=/path/to/rules.yar|||
|[malconfscan](https://github.com/JPCERTCC/MalConfScan)|-|python vol.py malconfscan -f images.mem --profile=Win7SP1x64|マルウェアのコンフィグ情報の抽出cuckooと組み合わせることが可能|[wiki](https://github.com/JPCERTCC/MalConfScan/wiki)|
|[malstrscan](https://github.com/JPCERTCC/MalConfScan)|-|python vol.py malstrscan -a -f images.mem --profile=Win7SP1x64||||
|[malstrscan](https://github.com/JPCERTCC/MalConfScan)|-|python vol.py malstrscan -a -f images.mem --profile=Win7SP1x64|||
### Threat hunting
- EQL