nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-03-20 14:59:22 +09:00 committed by GitHub
parent d974d0f3f3
commit de2ff988ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
malware-analysis_ref_and_memo.md
View File

@ -159,6 +159,14 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
### Threat hunting ### Threat hunting
- **EQL** - **EQL**
- cheet sheet
```
- maldoc -> command,script
process where
parent_process_name in ("winword.exe", "excel.exe", "powerpnt.exe")
and process_name in ("powershell.exe", "cscript.exe",
"wscript.exe", "cmd.exe")
```
### .NET analysis ### .NET analysis
- **[dnspy](https://github.com/0xd4d/dnSpy)<br>** - **[dnspy](https://github.com/0xd4d/dnSpy)<br>**