nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-03-29 20:37:31 +09:00 committed by GitHub
parent 0a296e563a
commit 63cfecfd69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
malware-analysis_ref_and_memo.md
View File

@ -303,6 +303,11 @@ Injecition/Hollowingされたプロセスの自動検出<br>
- Bisonalに含まれる文字列のデコード通信の復号yaraルール - Bisonalに含まれる文字列のデコード通信の復号yaraルール
- **[aa-tools](https://github.com/JPCERTCC/aa-tools)** - **[aa-tools](https://github.com/JPCERTCC/aa-tools)**
- tscookieのcofingデコーダやvolatility pluginなど - tscookieのcofingデコーダやvolatility pluginなど
- **[RATDecoders](https://github.com/kevthehermit/RATDecoders)**
- マルウェアのconfigデコーダ(複数種)
- **[DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP)**
- マルウェアからconfigを取得するためのフレームワーク
# PDF Analysis # PDF Analysis
- **[pdfid.py](https://blog.didierstevens.com/programs/pdf-tools/)** - **[pdfid.py](https://blog.didierstevens.com/programs/pdf-tools/)**