Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-malware-resources
Just another collection of links, tools, reports and other stuff
https://github.com/Sokow86/awesome-malware-resources
Last synced: 6 days ago
JSON representation
-
APT
-
LockBit
- Analyzing APT19 malware using a step-by-step method
- Iran’s APT34 Returns with an Updated Arsenal
- APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
- Dissecting APT21 samples using a step-by-step approach
- A detailed analysis of ELMER Backdoor used by APT16
- LazyScripter - From Empire to Double RAT - APT28
- Revealing Lamberts/Longhorn malware capabilities using a step-by-step approach (cyberespionage group linked to Vault 7)
- Higaisa or Winnti? APT41 backdoors, old and new
- The Return of the Higaisa APT41
- A Guide to Ghidra Scripting Development for Malware Researchers
- Revealing Lamberts/Longhorn malware capabilities using a step-by-step approach (cyberespionage group linked to Vault 7)
- Higaisa or Winnti? APT41 backdoors, old and new
- Lazarus APT conceals malicious code within BMP image to drop its RAT
- LazyScripter - From Empire to Double RAT - APT28
-
-
Infostealer / Banking Malware
-
Agent Tesla
-
QakBot
- The Rise of QakBot
- [RE021
- QakBot reducing its on disk artifacts
- Deep Analysis of QBot Banking Trojan
- Reversing QakBot - Hatching
- Deep Analysis of a QBot Campaign – Part I
- Deep Analysis of a QBot Campaign – Part II
- An old enemy – Diving into QBot part 1
- Diving into Qbot part 1.5 – Cracking string encryption
- An old enemy – Diving into QBot part 2
- An old enemy – Diving into QBot part 3
- An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods
-
Ursnif
-
Emotet
-
Gootkit
- Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
- Gootkit: the cautious Trojan
- Investigating the Gootkit Loader
- Gootkit Banking Trojan | Part1: Deep Dive into Anti-Analysis Features
- Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities
- Gootkit Banking Trojan | Part 3: Retrieving the Final Payload
- “Gootloader” expands its payload delivery options
-
MassLogger
-
Formbook
- Yes, Cyber Adversaries are still using Formbook in 2021
- Yes, Cyber Adversaries are still using Formbook in 2021
- Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part I
- Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part II
- Deep Analysis: New FormBook Variant Delivered in Phishing Campaign – Part III
- In-depth Formbook malware analysis – Obfuscation and process injection
-
Hancitor
-
IcedID
- IcedID Analysis
- IcedID GZIPLOADER Analysis
- IcedID Banking Trojan Uses COVID-19 Pandemic to Lure New Victims
- Manual Unpacking IcedID Write-up
- COVID-19 and FMLA Campaigns used to install new IcedID banking malware
- A Deep Dive Into IcedID Malware: Part I - Unpacking, Hooking and Process Injection
- A Deep Dive Into IcedID Malware: Part II - Analysis of the Core IcedID Payload (Parent Process)
- A Deep Dive Into IcedID Malware: Part III - Analysis of Child Processes
- IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
- IcedID: When ice burns through bank accounts
- Let’s set ice on fire: Hunting and detecting IcedID infections
- IcedID on my neck I’m the coolest
- Unpacking Visual Basic Packers – IcedID
-
KPOT v2.0 Stealer
-
TrickBot
-
Dridex
-
Minebridge RAT
-
Backdoor.Spyder
-
LokiBot
-
-
Vendors
-
IDA Plugins
-
Labeless
- CheckPoint Introduction to Labeless - Part 5
- CheckPoint Introduction to Labeless - Part 6
- Video Tutorial about resolving API hashing from Ryuk by Jiří Vinopal
- CheckPoint Introduction to Labeless - Part 1
- CheckPoint Introduction to Labeless - Part 2
- CheckPoint Introduction to Labeless - Part 3
- CheckPoint Introduction to Labeless - Part 4
- Labeless
-
Courses
-
-
MITRE ATT&CK
-
Researcher
-
Loader / Dropper
-
GuLoader
-
ZLoader
-
SmokeLoader
-
Saint Bot
-
Cobalt Strike
- Look how many cybercriminals love Cobalt Strike
- Yet Another Cobalt Strike Stager: GUID Edition
- The art and science of detecting Cobalt Strike - Talos
- Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic
- Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic
- Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic
- Look how many cybercriminals love Cobalt Strike
- Anatomy of Cobalt Strike’s DLL Stager
-
BazarLoader
-
-
Ransomware
-
Maze
-
Egregor
-
Ryuk
-
REvil
- Relentless REvil, revealed: RaaS as variable as the criminals who use it
- Sodinokibi Ransomware Analysis
- The DFIR Report - Sodinokibi (aka REvil) Ransomware
- Sodinokibi / REvil Malware Analysis
- McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us - Episode 1
- McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars - Episode 2
- McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money - Episode 3
- McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo - Episode 4
- Kaspersky - Sodin ransomware exploits Windows vulnerability and processor architecture
- German users targeted with Gootkit banker or REvil ransomware
- McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us - Episode 1
- German users targeted with Gootkit banker or REvil ransomware
-
Makop
-
Babuk
-
RegretLocker
-
HelloKitty
-
DearCry
-
Clop
-
LockBit
-
-
Malware Analysis
-
Courses
-
Overview of Malware Techniques
- Analyzing Modern Malware Techniques - Part 1
- Analyzing Modern Malware Techniques - Part 2
- Analyzing Modern Malware Techniques - Part 3
- Analyzing Modern Malware Techniques - Part 4
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Analyzing Modern Malware Techniques - Part 1
- Analyzing Modern Malware Techniques - Part 2
- Analyzing Modern Malware Techniques - Part 3
- Analyzing Modern Malware Techniques - Part 4
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part II
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
- Common Tools & Techniques Used By Threat Actors and Malware — Part I
-
Process Injection
-
DLL Search Order Hijacking
-
Weaponizing Windows Virtualization
-
Access Token Manipulation
-
-
Anti-Analysis
-
API Hashing
-
Debugger Detection
-
-
Maldoc Analysis
-
Malware Development
-
Debugger Detection
- 0xPat - Malware development part 1
- 0xPat - Malware development part 2
- 0xPat - Malware development part 3
- 0xPat - Malware development part 4
- 0xPat - Malware development part 5
- 0xPat - Malware development part 6
- 0xPat - Malware development part 7
- 0xPat - Malware development part 8
- Implementing Direct Syscalls Using Hell’s Gate
-
Courses
-
-
List of Plugins for Disassembler/Decompiler
Programming Languages
Categories
Sub Categories
Overview of Malware Techniques
53
Labeless
32
Debugger Detection
16
LockBit
15
IcedID
13
REvil
12
QakBot
12
Courses
9
Cobalt Strike
8
Gootkit
7
Formbook
6
Agent Tesla
5
Ryuk
5
Egregor
4
Emotet
4
GuLoader
4
Dridex
4
Hancitor
3
ZLoader
3
TrickBot
3
Babuk
3
MassLogger
3
Maze
2
Saint Bot
2
Weaponizing Windows Virtualization
2
Process Injection
2
BazarLoader
2
Ursnif
2
DearCry
1
RegretLocker
1
Makop
1
SmokeLoader
1
DLL Search Order Hijacking
1
Backdoor.Spyder
1
HelloKitty
1
LokiBot
1
Access Token Manipulation
1
Minebridge RAT
1
API Hashing
1
KPOT v2.0 Stealer
1
Clop
1