Malware Triage

More documents

Recommendations

Info

Dynamic Attributes Identified • Creates Mutex: QKitMan2016_1 • Creates Registry Key: HKEY_CURRENT_USER\SOFTWARE\QKitMan2016 • Requests IP from IPReq using HTTP GET Request • Post IP as Payload to LiveJournal account qkitman1010
Identify Pivots Collect your notes Choose best pivots Prepare to hunt
Page 1 and 2: Malware Triage Using Open Data to H
Page 3 and 4: OPENANALYSIS.NET
Page 5 and 6: IOC Formats We Aren’t Talking Abo
Page 7 and 8: In Practice… Is APTx attacking us
Page 9 and 10: A Better Solution: Triage + IOCs =
Page 11 and 12: The Problem With AV Artemis!1A5E05B
Page 13 and 14: Robust IOCs Effectiveness of IOC Br
Page 15 and 16: More Robust Is… Multiple Samples
Page 17 and 18: The Key is Comparative Analysis Piv
Page 20 and 21: Analysis Triage Is it malicious? Ca
Page 26 and 27: Static Attributes Hmm… Something
Page 28 and 29: Static Attributes: Imports Compilat
Page 30 and 31: Try our free PE analysis tool PFTri
Page 32 and 33: Static Attributes Identified • In
Page 34 and 35: Packer / Crypter Weakness: Runtime!
Page 36 and 37: When Your Sandbox Doesn’t Work…
Page 42: Level Up! Your Analysis With Some L
Page 48 and 49: Discovery (Hunting) Searching for r
Page 50 and 51: Tricks For Searching Online Sandbox
Page 56 and 57: Sample Acquisition Sandbox Shared S
Page 58 and 59: Sharing Services VirusShare
Page 60 and 61: Comparison Checklist Initial Sample
Page 62 and 63: The mutex changes between samples b
Page 64 and 65: Level Up! Your Comparative Analysis
Page 66 and 67: Develop IOC Choose IOC Format(s) De
Page 69 and 70: Testing Test IOCs Against Known Bad
Page 71 and 72: Known Good Test indicator against a
Page 73: Test Automation vs. Waiting for sam
Page 78 and 79: Try It Yourself http://bit.ly/2frHK
Page 80: Image Attribution • Noun Project

Malware Triage

Create successful ePaper yourself

Delete template?

Save as template?