Ссылки на обзоры малвари \ Links about malware

[V3T]

Нашел подробное описание как работал TDL3, культовый в свое время не убиваемый ботнет, который по прежнему существует, только в более совершенной форме TDL4.

Формат: PDF
Вес: 2.4 mb
Скачать

[Mosc]

Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix

[dukeBarman]

Government Grade Malware: a Look at HackingTeam’s RAT (Анализ исходников HT малвари)
http://labs.bromium.com/2015/07/10/g...kingteams-rat/

[Darwin]

KINS malware: the Virtual Machine
https://zairon.wordpress.com/2013/08...rtual-machine/

[Darwin]

Stegoloader: A Stealthy Information Stealer (малварь ворующая иду)
http://www.secureworks.com/cyber-thr...ation-stealer/

[dukeBarman]

MMD-0043-2015 - Polymorphic in ELF malware: Linux/Xor.DDOS
http://blog.malwaremustdie.org/2015/...ic-in-elf.html

[dukeBarman]

SUCEFUL: Next Generation ATM Malware
https://www.fireeye.com/blog/threat-...xt_genera.html

[dukeBarman]

Notes on Linux/Xor.DDoS
http://bartblaze.blogspot.ru/2015/09...uxxorddos.html

[Darwin]

Атака на реализацию протокола Диффи-Хеллмана в эксплойт-паке Angler
https://securelist.ru/blog/issledova...t-pake-angler/

[dukeBarman]

Пригодится для анализа:

[dukeBarman]

[ TECHNICAL TEARDOWN: MAYBANK PHISHING MALWARE – PART 1 ]
http://www.vxsecurity.sg/2016/02/06/...shing-malware/

[dukeBarman]

Antihooking techniques used by Andromeda aim to defeat Cuckoo-like sandboxes
https://www.blueliv.com/research/ant...ike-sandboxes/

[500mhz]

Херня все это юсермодовская. Надо все не так делать )

[dukeBarman]

The Rise and Fall of Radamant CRYPTOLOCKER VULNERABILITY RESEARCH
https://www.infoarmor.com/wp-content...mant-FINAL.pdf

TESLACRYPT 3.0.1 - TALES FROM THE CRYPT(O)!
http://blog.talosintel.com/2016/03/t...om-crypto.html

From Macro to SSL with Shellcode A Detailed Deconstruction
http://community.hpe.com/t5/Security...n/ba-p/6839623

Stealthy, Hypervisor-based Malware Analysis
http://www.slideshare.net/tklengyel/...lware-analysis

New version of H1N1 loader (aka Win32/Zlader) - H1N1v2
http://www.kernelmode.info/forum/vie...&t=3851#p28028

STEAM STEALERS by Kaspersky
https://kasperskycontenthub.com/secu...search_ENG.pdf

[dukeBarman]

Let's Analyze: Dridex Malware (Part 1)
http://www.malwaretech.com/2016/03/l...ex-part-1.html

[dukeBarman]

Abusing bugs in the Locky ransomware to create a vaccine
https://www.lexsi.com/securityhub/ab...ccine/?lang=en

FILELESS MALWARE – A BEHAVIOURAL ANALYSIS OF KOVTER PERSISTENCE
http://blog.airbuscybersecurity.com/...ER-PERSISTENCE

New self-protecting USB trojan able to avoid detection
http://www.welivesecurity.com/2016/0...oid-detection/

What's cooking? Dridex’s New and Undiscovered Recipes
http://blog.fortinet.com/post/what-s...overed-recipes

[dukeBarman]

Maktub Locker – Beautiful And Dangerous
https://blog.malwarebytes.org/intell...and-dangerous/

Evolution of SamSa Malware Suggests New Ransomware Tactics In Play
http://researchcenter.paloaltonetwor...ctics-in-play/

Malware Employs PowerShell to Infect Systems
https://blogs.mcafee.com/mcafee-labs...nfect-systems/

[ximera]

https://drive.google.com/file/d/0B41...lhb3RIYkE/view RA-M20160316-LockyRansomware-Pv1.1-EN.pdf

[dukeBarman]

Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices
http://www.welivesecurity.com/2016/0...r-iot-devices/

Yet Another Signed Malware - Spymel
https://www.zscaler.com/blogs/resear...malware-spymel

[dukeBarman]

Petya decoder
https://hshrzd.wordpress.com/2016/03...a-key-decoder/

Ransomware Petya - a technical review
https://blog.gdatasoftware.com/2016/...chnical-review