R0 CREW

Ссылки на обзоры малвари \ Links about malware

Нашел подробное описание как работал TDL3, культовый в свое время не убиваемый ботнет, который по прежнему существует, только в более совершенной форме TDL4.

Формат: PDF
Вес: 2.4 mb
Скачать

Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix

Government Grade Malware: a Look at HackingTeam’s RAT (Анализ исходников HT малвари)
http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/

KINS malware: the Virtual Machine
https://zairon.wordpress.com/2013/08/13/kins-malware-virtual-machine/

Stegoloader: A Stealthy Information Stealer (малварь ворующая иду)
http://www.secureworks.com/cyber-threat-intelligence/threats/stegoloader-a-stealthy-information-stealer/

MMD-0043-2015 - Polymorphic in ELF malware: Linux/Xor.DDOS
http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html

SUCEFUL: Next Generation ATM Malware
https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html

Notes on Linux/Xor.DDoS
http://bartblaze.blogspot.ru/2015/09/notes-on-linuxxorddos.html

Атака на реализацию протокола Диффи-Хеллмана в эксплойт-паке Angler
https://securelist.ru/blog/issledovaniya/26855/ataka-na-realizaciyu-protokola-diffi-xellmana-v-eksplojt-pake-angler/

Пригодится для анализа:

[ TECHNICAL TEARDOWN: MAYBANK PHISHING MALWARE – PART 1 ]
http://www.vxsecurity.sg/2016/02/06/technical-teardown-maybank-phishing-malware/

Antihooking techniques used by Andromeda aim to defeat Cuckoo-like sandboxes
https://www.blueliv.com/research/antihooking-techniques-used-by-andromeda-aim-to-defeat-cuckoo-like-sandboxes/

Херня все это юсермодовская. Надо все не так делать )

The Rise and Fall of Radamant CRYPTOLOCKER VULNERABILITY RESEARCH
https://www.infoarmor.com/wp-content/uploads/2016/03/The-Rise-and-Fall-of-Radamant-FINAL.pdf

TESLACRYPT 3.0.1 - TALES FROM THE CRYPT(O)!
http://blog.talosintel.com/2016/03/teslacrypt-301-tales-from-crypto.html

From Macro to SSL with Shellcode A Detailed Deconstruction
http://community.hpe.com/t5/Security-Research/From-Macro-to-SSL-with-Shellcode-A-Detailed-Deconstruction/ba-p/6839623

Stealthy, Hypervisor-based Malware Analysis
http://www.slideshare.net/tklengyel/stealthy-hypervisorbased-malware-analysis

New version of H1N1 loader (aka Win32/Zlader) - H1N1v2
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3851#p28028

STEAM STEALERS by Kaspersky
https://kasperskycontenthub.com/securelist/files/2016/03/Steam_Stealers_research_ENG.pdf

Let’s Analyze: Dridex Malware (Part 1)
http://www.malwaretech.com/2016/03/lets-analyze-dridex-part-1.html

Abusing bugs in the Locky ransomware to create a vaccine
https://www.lexsi.com/securityhub/abusing-bugs-in-the-locky-ransomware-to-create-a-vaccine/?lang=en

FILELESS MALWARE – A BEHAVIOURAL ANALYSIS OF KOVTER PERSISTENCE
http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-%E2%80%93-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE

New self-protecting USB trojan able to avoid detection
http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/

What’s cooking? Dridex’s New and Undiscovered Recipes
http://blog.fortinet.com/post/what-s-cooking-dridex-s-new-and-undiscovered-recipes

Maktub Locker – Beautiful And Dangerous
https://blog.malwarebytes.org/intelligence/2016/03/maktub-locker-beautiful-and-dangerous/

Evolution of SamSa Malware Suggests New Ransomware Tactics In Play
http://researchcenter.paloaltonetworks.com/2016/03/evolution-of-samsa-malware-suggests-new-ransomware-tactics-in-play/

Malware Employs PowerShell to Infect Systems
https://blogs.mcafee.com/mcafee-labs/malware-employs-powershell-to-infect-systems/

https://drive.google.com/file/d/0B41TBTLoxe0vRzNlQ2lhb3RIYkE/view RA-M20160316-LockyRansomware-Pv1.1-EN.pdf

Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices
http://www.welivesecurity.com/2016/03/30/meet-remaiten-a-linux-bot-on-steroids-targeting-routers-and-potentially-other-iot-devices/

Yet Another Signed Malware - Spymel
https://www.zscaler.com/blogs/research/yet-another-signed-malware-spymel

Petya decoder
https://hshrzd.wordpress.com/2016/03/31/petya-key-decoder/

Ransomware Petya - a technical review
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-review