SlideShare uma empresa Scribd logo

Malware Analysis

Transferir como PPTX, PDF
R
Ramin Farajpour Cami

Malware Analysis Live

Tecnologia
1 de 40
R A M I N FA R A J P O U R C A M I T W I T T E R : M F 4 R R 3 L L G I T H U B : @ R A M I N F P Malware Analysis
METHODOLOGY FOR HANDLING SECURITY INCIDENTS, BREACHES, AND CYBER THREATS • 1] Threat Hunting • 2] Malware Analysis • 3] Incident Response • 4] Threat Intelligence
WHAT IS THREAT HUNTING? • The process of proactively and iterative searching through networks to detect and isolate advanced threats that evade existing security solutions. – Analysis track – Intercept – Eliminate adversaries lurking in a network – Tools : SIEM, IDS, Firewall • Video : https://www.exabeam.com/product/exabeam-threat-hunter/
THREAT HUNTER SKILLS • Data analytics and reporting skills — these include pattern recognition, technical writing, data science, problem solving and research. • Operating systems and networks knowledge — needs to know the ins and outs of the organizational systems and network. • Information security experience — including malware reverse engineering, adversary tracking and endpoint security. A threat hunter needs to have a clear understanding past and current tactics, techniques and procedures (TTPs) used by the attackers. • Programming language — at least one scripting language and one compiled language is common, though modern tools are increasingly eliminating the need for using scripting language.
THREAT HUNTING REFERENCE Name Description Attack&Ck Website for Information related to Hunting Techniques. The ThreatHunting Project Website for Information to start Threat HUNTPEDIA A very handfull book.
THREAT HUNTING TOOLS Name Version Description ELK Free A platform which help to create usecasses for threat huntng and hypothesis. Sysmon Free System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. Osquery Free Performant endpoint visibility, Supoort all OS platform.
ELK • Beats - https://github.com/elastic/beats – Docs : https://github.com/elastic/beats#documentation-and-getting-started • ElasticSearch - https://www.elastic.co/elasticsearch/ • Logstash - https://github.com/elastic/logstash • Kibana - https://www.elastic.co/kibana/
WHAT IS MALWARE ANALYSIS ? • The process of understanding the behavior and purpose of a suspicious file or URL. The output of the analysis aids in the detection and mitigation of the potential threat – Malware investigation – Malware performance – The purpose of the malware – Malicious level of malware – Traffic analysis sent – How to connect to the server – Malware code structure – IOC with YARA/Snort • Malware analysis is that it helps Incident Responders (IR) and security analysts (ALERT)
MALWARE ANALYSIS SKILLS • Networking • IOC (indicator Analysis)  YARA / Snort • Static Analysis • Dynamic Analysis • Memory Forensics • RE (Reverse Engineering) • File Format • OS Internal • Coding / Script
WHAT IS INCIDENT RESPONSE ? • Structured approach to handle various types of security incidents, cyber threats, and data breaches. • The incident response methodology aims to identify, contain, and minimize the cost of a cyberattack or a live incident. • Why Is Incident Response Important? – Data breaches cost companie’s operational downtime, reputational, and financial loss. – For most of the organizations, breaches lead to devaluation of stock value and loss of customer trust. – To eliminate such risks, companies need a well-planned cybersecurity incident response plan, • https://youtu.be/NIKIJodcxOk
GRAPHITE – GRAFANA - DIAMOND • https://graphiteapp.org/ • https://github.com/grafana/grafana • Or https://github.com/prometheus/prometheus • https://github.com/python-diamond/Diamond Installing : https://github.com/SecurityTalks/Malware-Analysis
WHAT ARE THE COMMON TYPES OF INCIDENTS?
WHAT IS THREAT INTELLIGENCE? • Cyber threat information becomes once it has been collected, evaluated in the context of its source and reliability, and analyzed • It requires that analysts identify similarities and differences in vast quantities of information and detect deceptions to produce accurate, timely, and relevant intelligence.
THREAT INTELLIGENCE RESOURCE dydns Free Online emergingthreats for botcc Free Online fedotracker Free Online greensnow Free Online h3xtracker Free Online hphosts for malware Free Online iblocklist Free Online ibmxforce Free Online intercept.sh Free Online intercept.sh Free Online malc0de Free Online malware_traffic Free Online malwared.malwaremustdie.org Free Online malwared.malwaremustdie.org Free Online Source Name Subscription Status
BAD PACKETS CYBER THREAT INTELLIGENCE - EXAMPLE
STATIC MALWARE ANALYSIS DIE Free Windows, Linux, Mac Os Name Version Paltform PE Bear Free Windows PortEx Free Windows Manalyze Free Windows PE Studio Free Windows Mastiff Free Windows Exeinfo PE Free Windows CFF Explorer Free Windows PE Tools Free Windows FileAlyzer Free Windows PE Explorer Free Windows PE Insider Free Windows PE View Free Windows Chimprec Free Windows PEID Free Windows
REVERSE ENGINEERING Name Version Paltform IDA Paid Windows Ghidra Free Windows, Linux, Mac Os Cutter Free Windows Radare Free Linux
DYNAMIC MALWARE ANALYSIS
CODE EXECUTE?
CODE EXECUTE COMMAND!
SYSTEM CHECK
PERSISTENCE!
OS NAME!
ANTI DEBUGGING!
ENCODING? DeObfuscation ALFA SHELL V3 : https://github.com/raminfp/DeObfuscation_ALFA_SHELL_V3
WIN API
CHECK UP INTERNET
YOUTUBE CHANNEL FOR MALWARE ANALYSIS YouTube Channel Name OALabs Kindred Security Colin Hardy MalwareAnalysisForHedgehogs Michael Gillespie ReverseIT LiveOverflow hasherezade John Hammond MalwareTech RSA Conferenc Monnappa K A
DOCUMENT ANALYSIS – PDF / WORD / EXCEL Name Version Paltform Ole Tool Free Python Didier's PDF Tools Free Python Origami Free Ruby REMnux Free Virtual Machine PDF Free Binary ViperMonkey Free Python
MALWARE REPORT TECHNICAL • Summery – If (Init Access) – Category (Ransome, Rootkit, Bootkit) • File Metadata Information – Filename – MD5 Hash – File Type – File Size – SHA256 – PE Information / File less • Static Analysis – Domain / IP – Obfuscation and Encryption – Anti Reverse / Anti Sandbox • Dynamic Analysis – Execution – Connection to C&C – Logs – Traffic – YARA rule Reports : https://isc.sans.edu/diary/26750 https://isc.sans.edu/diary/26744 https://us-cert.cisa.gov/ncas/alerts/aa20-302a
WEAKNESSES CERT.IR / AFTA • Very bad style report • Ant activity in social media network • Ant activity in github • There isn’t content for cyber security • Copy & Paste news
SOLUTION • Activity in twitter • Activity in Github repo Open Source ( YARA ) • “Infrastructure Bug Bounty” (IBB) • Own Researching (Cafebazaar / p30download / soft98) • Publish on tools in Malware Analysis
HOW TO WORK WITH OTHER RESEARCHER? EXAMPLE
SHOULD FOLLOWING IN TWITTER • https://twitter.com/executemalware • https://twitter.com/malware_traffic • https://twitter.com/JRoosen • https://twitter.com/HONKONE_K • https://twitter.com/3xp0rtblog • https://twitter.com/mal_share • https://twitter.com/RedDrip7 • https://twitter.com/Arkbird_SOLG • https://twitter.com/MalwarePatrol • https://twitter.com/DidierStevens • https://twitter.com/CyberIOCs • https://twitter.com/DissectMalware • https://twitter.com/MITREattack • https://twitter.com/Ledtech3 • https://twitter.com/VK_Intel
THE END •Question?

Recomendados

Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
 
Another Side of Hacking
Another Side of HackingAnother Side of Hacking
Another Side of HackingSatria Ady Pradana
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 

Recomendados

Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...AlienVault
 
Another Side of Hacking
Another Side of HackingAnother Side of Hacking
Another Side of HackingSatria Ady Pradana
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Bsides
BsidesBsides
BsidesRoberto Sponchioni
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareSai Kesavamatham
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...FFRI, Inc.
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingDeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingPriyanka Aash
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiAllanGray11
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016grecsl
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber SecuritySatria Ady Pradana
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Computer security
Computer securityComputer security
Computer securityMohamed Abdo
 

Mais conteúdo relacionado

Mais procurados

(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareSai Kesavamatham
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...FFRI, Inc.
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the CheapEndgameInc
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingDeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingPriyanka Aash
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiAllanGray11
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalSatria Ady Pradana
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016grecsl
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 

Mais procurados (20)

(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshare
 
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
 
Hunting on the Cheap
Hunting on the CheapHunting on the Cheap
Hunting on the Cheap
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
 
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingDeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
Deploying a Shadow Threat Intel Capability at CaralinaCon on March 6, 2016
 
Path of Cyber Security
Path of Cyber SecurityPath of Cyber Security
Path of Cyber Security
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 

Semelhante a Malware Analysis

Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
михаил дударев
михаил дударевмихаил дударев
михаил дударевapps4allru
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionDatabricks
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 

Semelhante a Malware Analysis (20)

Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Computer security
Computer securityComputer security
Computer security
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
Talos
TalosTalos
Talos
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionAI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat Detection
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Malware Analysis

  • 1. R A M I N FA R A J P O U R C A M I T W I T T E R : M F 4 R R 3 L L G I T H U B : @ R A M I N F P Malware Analysis
  • 2.
  • 3. METHODOLOGY FOR HANDLING SECURITY INCIDENTS, BREACHES, AND CYBER THREATS • 1] Threat Hunting • 2] Malware Analysis • 3] Incident Response • 4] Threat Intelligence
  • 4. WHAT IS THREAT HUNTING? • The process of proactively and iterative searching through networks to detect and isolate advanced threats that evade existing security solutions. – Analysis track – Intercept – Eliminate adversaries lurking in a network – Tools : SIEM, IDS, Firewall • Video : https://www.exabeam.com/product/exabeam-threat-hunter/
  • 5. THREAT HUNTER SKILLS • Data analytics and reporting skills — these include pattern recognition, technical writing, data science, problem solving and research. • Operating systems and networks knowledge — needs to know the ins and outs of the organizational systems and network. • Information security experience — including malware reverse engineering, adversary tracking and endpoint security. A threat hunter needs to have a clear understanding past and current tactics, techniques and procedures (TTPs) used by the attackers. • Programming language — at least one scripting language and one compiled language is common, though modern tools are increasingly eliminating the need for using scripting language.
  • 6. THREAT HUNTING REFERENCE Name Description Attack&Ck Website for Information related to Hunting Techniques. The ThreatHunting Project Website for Information to start Threat HUNTPEDIA A very handfull book.
  • 7. THREAT HUNTING TOOLS Name Version Description ELK Free A platform which help to create usecasses for threat huntng and hypothesis. Sysmon Free System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. Osquery Free Performant endpoint visibility, Supoort all OS platform.
  • 8. ELK • Beats - https://github.com/elastic/beats – Docs : https://github.com/elastic/beats#documentation-and-getting-started • ElasticSearch - https://www.elastic.co/elasticsearch/ • Logstash - https://github.com/elastic/logstash • Kibana - https://www.elastic.co/kibana/
  • 9. WHAT IS MALWARE ANALYSIS ? • The process of understanding the behavior and purpose of a suspicious file or URL. The output of the analysis aids in the detection and mitigation of the potential threat – Malware investigation – Malware performance – The purpose of the malware – Malicious level of malware – Traffic analysis sent – How to connect to the server – Malware code structure – IOC with YARA/Snort • Malware analysis is that it helps Incident Responders (IR) and security analysts (ALERT)
  • 10. MALWARE ANALYSIS SKILLS • Networking • IOC (indicator Analysis)  YARA / Snort • Static Analysis • Dynamic Analysis • Memory Forensics • RE (Reverse Engineering) • File Format • OS Internal • Coding / Script
  • 11. WHAT IS INCIDENT RESPONSE ? • Structured approach to handle various types of security incidents, cyber threats, and data breaches. • The incident response methodology aims to identify, contain, and minimize the cost of a cyberattack or a live incident. • Why Is Incident Response Important? – Data breaches cost companie’s operational downtime, reputational, and financial loss. – For most of the organizations, breaches lead to devaluation of stock value and loss of customer trust. – To eliminate such risks, companies need a well-planned cybersecurity incident response plan, • https://youtu.be/NIKIJodcxOk
  • 12. GRAPHITE – GRAFANA - DIAMOND • https://graphiteapp.org/ • https://github.com/grafana/grafana • Or https://github.com/prometheus/prometheus • https://github.com/python-diamond/Diamond Installing : https://github.com/SecurityTalks/Malware-Analysis
  • 13. WHAT ARE THE COMMON TYPES OF INCIDENTS?
  • 14. WHAT IS THREAT INTELLIGENCE? • Cyber threat information becomes once it has been collected, evaluated in the context of its source and reliability, and analyzed • It requires that analysts identify similarities and differences in vast quantities of information and detect deceptions to produce accurate, timely, and relevant intelligence.
  • 15. THREAT INTELLIGENCE RESOURCE dydns Free Online emergingthreats for botcc Free Online fedotracker Free Online greensnow Free Online h3xtracker Free Online hphosts for malware Free Online iblocklist Free Online ibmxforce Free Online intercept.sh Free Online intercept.sh Free Online malc0de Free Online malware_traffic Free Online malwared.malwaremustdie.org Free Online malwared.malwaremustdie.org Free Online Source Name Subscription Status
  • 16. BAD PACKETS CYBER THREAT INTELLIGENCE - EXAMPLE
  • 17. STATIC MALWARE ANALYSIS DIE Free Windows, Linux, Mac Os Name Version Paltform PE Bear Free Windows PortEx Free Windows Manalyze Free Windows PE Studio Free Windows Mastiff Free Windows Exeinfo PE Free Windows CFF Explorer Free Windows PE Tools Free Windows FileAlyzer Free Windows PE Explorer Free Windows PE Insider Free Windows PE View Free Windows Chimprec Free Windows PEID Free Windows
  • 18.
  • 19.
  • 20. REVERSE ENGINEERING Name Version Paltform IDA Paid Windows Ghidra Free Windows, Linux, Mac Os Cutter Free Windows Radare Free Linux
  • 22.
  • 23.
  • 30. ENCODING? DeObfuscation ALFA SHELL V3 : https://github.com/raminfp/DeObfuscation_ALFA_SHELL_V3
  • 33. YOUTUBE CHANNEL FOR MALWARE ANALYSIS YouTube Channel Name OALabs Kindred Security Colin Hardy MalwareAnalysisForHedgehogs Michael Gillespie ReverseIT LiveOverflow hasherezade John Hammond MalwareTech RSA Conferenc Monnappa K A
  • 34. DOCUMENT ANALYSIS – PDF / WORD / EXCEL Name Version Paltform Ole Tool Free Python Didier's PDF Tools Free Python Origami Free Ruby REMnux Free Virtual Machine PDF Free Binary ViperMonkey Free Python
  • 35. MALWARE REPORT TECHNICAL • Summery – If (Init Access) – Category (Ransome, Rootkit, Bootkit) • File Metadata Information – Filename – MD5 Hash – File Type – File Size – SHA256 – PE Information / File less • Static Analysis – Domain / IP – Obfuscation and Encryption – Anti Reverse / Anti Sandbox • Dynamic Analysis – Execution – Connection to C&C – Logs – Traffic – YARA rule Reports : https://isc.sans.edu/diary/26750 https://isc.sans.edu/diary/26744 https://us-cert.cisa.gov/ncas/alerts/aa20-302a
  • 36. WEAKNESSES CERT.IR / AFTA • Very bad style report • Ant activity in social media network • Ant activity in github • There isn’t content for cyber security • Copy & Paste news
  • 37. SOLUTION • Activity in twitter • Activity in Github repo Open Source ( YARA ) • “Infrastructure Bug Bounty” (IBB) • Own Researching (Cafebazaar / p30download / soft98) • Publish on tools in Malware Analysis
  • 38. HOW TO WORK WITH OTHER RESEARCHER? EXAMPLE
  • 39. SHOULD FOLLOWING IN TWITTER • https://twitter.com/executemalware • https://twitter.com/malware_traffic • https://twitter.com/JRoosen • https://twitter.com/HONKONE_K • https://twitter.com/3xp0rtblog • https://twitter.com/mal_share • https://twitter.com/RedDrip7 • https://twitter.com/Arkbird_SOLG • https://twitter.com/MalwarePatrol • https://twitter.com/DidierStevens • https://twitter.com/CyberIOCs • https://twitter.com/DissectMalware • https://twitter.com/MITREattack • https://twitter.com/Ledtech3 • https://twitter.com/VK_Intel