Malware Analysis

  1. Reporting and Threat Intelligence Integration
    1. Documenting Analysis Findings
      1. Creating a Technical Malware Report
        1. Executive Summary
          1. Technical Analysis
            1. Indicators of Compromise
              1. Recommendations
                1. Structure and Components
                2. Executive Summary vs. Technical Details
                  1. Audience Considerations
                    1. Risk Assessment
                      1. Business Impact
                    2. Extracting Indicators of Compromise (IOCs)
                      1. Atomic Indicators
                        1. IP Addresses
                          1. Domain Names
                            1. File Hashes
                              1. MD5
                                1. SHA-1
                                  1. SHA-256
                                  2. Email Addresses
                                  3. Computed Indicators
                                    1. Mutexes
                                      1. File Paths
                                        1. Registry Keys
                                          1. Service Names
                                          2. Behavioral Indicators
                                            1. Process Behavior
                                              1. Process Creation Patterns
                                                1. Parent-Child Relationships
                                                2. Network Activity Patterns
                                                  1. Communication Protocols
                                                    1. Traffic Patterns
                                                3. Developing Detection Signatures
                                                  1. YARA Rules for File-Based Detection
                                                    1. Rule Structure
                                                      1. Meta Section
                                                        1. Strings Section
                                                          1. Condition Section
                                                          2. Writing Effective Rules
                                                            1. String Patterns
                                                              1. Hex Patterns
                                                                1. Regular Expressions
                                                                2. Rule Testing and Validation
                                                                3. Snort/Suricata Rules for Network-Based Detection
                                                                  1. Rule Syntax
                                                                    1. Rule Headers
                                                                      1. Rule Options
                                                                      2. Testing and Deployment
                                                                        1. Rule Validation
                                                                          1. Performance Considerations
                                                                      3. Threat Intelligence
                                                                        1. Attributing Malware to Threat Actors
                                                                          1. Attribution Techniques
                                                                            1. Code Similarities
                                                                              1. Infrastructure Overlap
                                                                                1. TTPs Analysis
                                                                                2. Attribution Challenges
                                                                                3. Understanding Tactics, Techniques, and Procedures (TTPs)
                                                                                  1. Tactical Analysis
                                                                                    1. Technical Analysis
                                                                                      1. Procedural Analysis
                                                                                      2. MITRE ATT&CK Framework
                                                                                        1. Mapping Observed Behavior
                                                                                          1. Initial Access
                                                                                            1. Execution
                                                                                              1. Persistence
                                                                                                1. Privilege Escalation
                                                                                                  1. Defense Evasion
                                                                                                    1. Credential Access
                                                                                                      1. Discovery
                                                                                                        1. Lateral Movement
                                                                                                          1. Collection
                                                                                                            1. Command and Control
                                                                                                              1. Exfiltration
                                                                                                                1. Impact
                                                                                                              2. Sharing Intelligence
                                                                                                                1. STIX (Structured Threat Information eXpression)
                                                                                                                  1. STIX Objects
                                                                                                                    1. Relationships
                                                                                                                    2. TAXII (Trusted Automated eXchange of Intelligence Information)
                                                                                                                      1. TAXII Services
                                                                                                                        1. Data Exchange
                                                                                                                        2. Information Sharing Communities
                                                                                                                          1. Industry Sharing Groups
                                                                                                                            1. Government Partnerships
                                                                                                                              1. Open Source Intelligence

                                                                                                                        Previous

                                                                                                                        9. Memory Forensics in Malware Analysis

                                                                                                                        Go to top

                                                                                                                        Back to Start

                                                                                                                        1. Fundamentals of Malware Analysis