From abeb8b57d98cf0d889b02480cc7f9570e6b2e675 Mon Sep 17 00:00:00 2001 From: mether049 Date: Sun, 5 Jul 2020 23:35:07 +0900 Subject: [PATCH] Update malware-analysis_ref_and_memo.md --- malware-analysis_ref_and_memo.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md index 9dd8fdb..0c44559 100644 --- a/malware-analysis_ref_and_memo.md +++ b/malware-analysis_ref_and_memo.md @@ -304,7 +304,7 @@ echo $child_process |MalwareConifg|https://malwareconfig.com/|特定マルウェアからconfig情報を抽出| |anlyz.io|https://sandbox.anlyz.io/dashboard|| -### Unpacker/Decryptor/Decoder/Extractor/Memory Scanner +### Unpacker/Decryptor/Decoder/Extractor/Memory Scannerh/Deofuscator - **[TAFOF-Unpacker](https://github.com/Tera0017/TAFOF-Unpacker)
** 攻撃者グループTA505が利用するマルウェア(GetandGoDll, Silence, TinyMet, Azorult, KBMiner, etc.)の静的アンパッカー
- **[Trickbot artifact decrypter](https://github.com/snemes/malware-analysis/tree/master/trickbot)
** @@ -361,6 +361,8 @@ Injecition/Hollowingされたプロセスの自動検出
- CobaltStrikeのconfig Parser - **[De-crypting a TrickBot Crypter](https://zero2auto.com/2020/06/22/decrypting-trickbot-crypter/)** - Trickbotの復号に関する記事 +- **[de4dot](https://github.com/0xd4d/de4dot)** + - .NET系のDeofuscatorおよびUnpacker # PDF Analysis