From c7569daa4db32905fccef05a7ac2f80260c52fec Mon Sep 17 00:00:00 2001 From: pe3zx Date: Sat, 13 Apr 2019 23:29:47 +0700 Subject: [PATCH] Update sub-section on Malware Analysis article --- README.md | 69 ------------------------------------------------------- 1 file changed, 69 deletions(-) diff --git a/README.md b/README.md index 779dabc..ef3d6d6 100644 --- a/README.md +++ b/README.md @@ -445,13 +445,6 @@ _return-to-libc techniques_ - [Tips for Reverse-Engineering Malicious Code](https://zeltser.com/reverse-engineering-malicious-code-tips/) - [Understanding Process Hollowing](https://andreafortuna.org/understanding-process-hollowing-b94ce77c3276) - [Use of DNS Tunneling for C&C Communications](https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/) - -#### Malware Analysis: Android - -- [Android SMS Stealer](https://maxkersten.nl/binary-analysis-course/malware-analysis/android-sms-stealer/) - -#### Malware Analysis: Variant: ATM & POS - - [Attacks on point-of-sales systems](https://www.symantec.com/content/dam/symantec/docs/white-papers/attacks-on-point-of-sale-systems-en.pdf) - [Another Brick in the FrameworkPoS](https://www.trustwave.com/Resources/SpiderLabs-Blog/Another-Brick-in-the-FrameworkPoS/) - [Backoff: New Point of Sale Malware](https://www.us-cert.gov/sites/default/files/publications/BackoffPointOfSaleMalware_0.pdf) @@ -462,68 +455,6 @@ _return-to-libc techniques_ - [PoS RAM Scraper Malware - Past, Present, and Future](https://www.wired.com/wp-content/uploads/2014/09/wp-pos-ram-scraper-malware.pdf) - [RawPOS Technical Brief](http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf) -#### Malware Analysis: Variant: BadRabbit - -- [‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine](https://securingtomorrow.mcafee.com/mcafee-labs/badrabbit-ransomware-burrows-russia-ukraine/) -- [BadRabbit: a closer look at the new version of Petya/NotPetya](https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/) -- [Bad Rabbit: Not-Petya is back with improved ransomware](https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/) -- [Bad Rabbit – A New Ransomware Outbreak Targeting Ukraine and Russia.](https://blog.checkpoint.com/2017/10/24/bad-rabbit-new-ransomware-outbreak-targeting-ukraine-russia/) -- [Bad Rabbit ransomware](https://securelist.com/bad-rabbit-ransomware/82851/) -- [Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia](http://blog.trendmicro.com/trendlabs-security-intelligence/bad-rabbit-ransomware-spreads-via-network-hits-ukraine-russia/) -- [NotPetya Returns as Bad Rabbit](http://www.intezer.com/notpetya-returns-bad-rabbit/) -- [Threat Spotlight: Follow the Bad Rabbit](http://blog.talosintelligence.com/2017/10/bad-rabbit.html) - -#### Malware Analysis: Variant: Bankbot - -- [A Look Into The New Strain of BankBot](https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot) - -#### Malware Analysis: Variant: CCleaner Backdoor - -- [Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor](https://www.crowdstrike.com/blog/protecting-software-supply-chain-deep-insights-ccleaner-backdoor/) -- [In-Depth Analysis of the CCleaner Backdoor Stage 2 Dropper and Its Payload](https://www.crowdstrike.com/blog/in-depth-analysis-of-the-ccleaner-backdoor-stage-2-dropper-and-its-payload/) - -#### Malware Analysis: Variant: Emotet - -- [d00rt/emotet_research](https://github.com/d00rt/emotet_research) -- [Emotet lives another day using Fake O2 invoice notifications](https://www.trustwave.com/Resources/SpiderLabs-Blog/Emotet-lives-another-day-using-Fake-O2-invoice-notifications/) - -#### Malware Analysis: Variant: Hajime - -- [Is Hajime botnet dead?](http://blog.netlab.360.com/hajime-status-report-en/) - -#### Malware Analysis: Variant: Locky - -- [Locky Part 1: Lukitus Spam Campaigns and Their Love for Game of Thrones](https://www.trustwave.com/Resources/SpiderLabs-Blog/Locky-Part-1--Lukitus-Spam-Campaigns-and-Their-Love-for-Game-of-Thrones/) -- [Locky Part 2: As the Seasons Change so is Locky](https://www.trustwave.com/Resources/SpiderLabs-Blog/Locky-Part-2--As-the-Seasons-Change-so-is-Locky/) - -#### Malware Analysis: Variant: Kangaroo - -- [Threat Analysis: Don’t Forget About Kangaroo Ransomware](https://www.carbonblack.com/2017/10/02/threat-analysis-dont-forget-about-kangaroo-ransomware/) - -#### Malware Analysis: Variant: MAN1 - -- [Threat Spotlight - MAN1 Malware: Temple of Doom](https://www.cylance.com/en_us/blog/threat-spotlight-man1-malware-group-resurfaces.html) -- [Threat Spotlight: MAN1 Malware - The Last Crusade?](https://www.cylance.com/en_us/blog/threat-spotlight-man1-malware-the-last-crusade.html) - -#### Malware Analysis: Variant: (Created by) NSIS - -- [Quick analysis of malware created with NSIS](https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/) - -#### Malware Analysis: Variant: Poison Ivy - -- [Deep Analysis of New Poison Ivy Variant](http://blog.fortinet.com/2017/08/23/deep-analysis-of-new-poison-ivy-variant) -- [Deep Analysis of New Poison Ivy/PlugX Variant - Part II](https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii) - -#### Malware Analysis: Variant: Rig Ek - -- [if you want to get #RigEK's enc key, please use this script](https://twitter.com/nao_sec/status/944038611590115328) - -#### Malware Analysis: Variant: Trickbot - -- [Reverse engineering malware: TrickBot (part 1 - packer)](https://qmemcpy.github.io/post/reverse-engineering-malware-trickbot-part-1-packer) -- [Reverse engineering malware: TrickBot (part 2 - loader)](https://qmemcpy.github.io/post/reverse-engineering-malware-trickbot-part-2-loader) -- [Reverse engineering malware: TrickBot (part 3 - core)](https://qmemcpy.io/post/reverse-engineering-malware-trickbot-part-3-core) - ### Mobile Security - [Four Ways to Bypass iOS SSL Verification and Certificate Pinning](https://blog.netspi.com/four-ways-to-bypass-ios-ssl-verification-and-certificate-pinning/)