Various Malware Analysis and Reports USED FOR Malware Management

Malware Analysis Reports for Malware Management

Mar 2016 - Fortinet - Dridex's New and Undiscovered Recipes

Mar 2016 - SANS ISC - Analysis of the Cyber Attack on the Ukrainian Power Grid

Feb 2016 - FireEye/Mandiant - M-Trends 2016 - Good overview of Mandiant Consulting findings in 2015

Feb 2016 - TrendLabs - FightPOS get worm routine

Feb 2016 - InfoSec Institute - PoS Malware:  All you need to know - Good list of many of the PoS malware variants with details

Jan 2016 - ZScaler - Malicious Office Files Dropping Kasidet and Dridex

Jan 2016 - Arbor Networks Blog on Uncovering the Seven Pointed Dagger - Trochilus RAT

Jan 2016 - EmsiSoft Blog on Ransom32 Java cross platform Ransomware

2015 - F-Secure repo of whitepapers on Advanced Malware (Regin, BlackEnergy, CozyDuke and many others)

Dec 2015 - HackerHurricane - Dridex Analysis shows tricky shutdown and boot up persistence and how to detect and clean it

Dec 2015 - Pro PoS, Threat Spotlight: Holiday Greetings from Pro PoS – Is your payment card data someone else’s Christmas present?

Dec 2015 - Nemesis, Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record

Nov 2015 - Destover, Toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface

Oct 2015 - iSight Partners ModPoS: MALWARE BEHAVIOR, CAPABILITIES AND COMMUNICATIONS

Sept 2015 - PaloAlto Networks - Chinese actors use '3102' malware on attacks of US Governemnt and EU media.  Similar to the '9002' malware of 2014

Sept 2015 - DrWeb finds MWZLesson POS Malware using parts of older malware

  • http://news.drweb.com/show/?i=9615&lng=en&c=5

Sept 2015 - IBM Security Shifu Banking Malware attacking Japanese banks

Aug 2015 - Arbor Networks Blog on Defending the White Elephant - PlugX

Aug 2015 - Symantec - Regin: Top-tier espionage tool enables stealthy surveillance

Aug 2015 - SecureWorks - Revealing the Cyber-Kraken - Multiple Verticals

Aug 2015 - SecureWorks - Threat Group 3390 - Multiple verticals

July 2015 - FireEye Hammertoss, Cyber Threat Group APT29

June 2015 - Duqu 2.1 Kaspersky Labs updates their research

Feb 2015 - Carbanak - Kaspersky The Great bank Robbery

Aug 2014 - Analysis of Dridex / Cridex / Feodo / Bugat

Linux:  

IptabLes/IptabLex (linux)

  • http://blog.malwaremustdie.org/2014/06/mmd-0025-2014-itw-infection-of-elf.html
  • http://storage.pardot.com/9892/121392/TA_DDos_Binary___Bot_IptabLes_v6_US.pdf

MAC:

OSXGetShell

http://www.symantec.com/security_response/writeup.jsp?docid=2013-020412-3611-99&tabid=2
WINDOWS:

BackOff - Retail PoS

https://www.us-cert.gov/ncas/alerts/TA14-212A
http://blog.trendmicro.com/trendlabs-security-intelligence/new-pos-malware-backoff-targets-us/
http://www.invincea.com/2014/09/analysis-of-backoff-pos-malware-gripping-the-retail-sector-reveals-lack-of-sophistication-in-malware/
 

CryptoLocker - Crypto

http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24786/en_US/McAfee_Labs_Threat_Advisory_Ransom_Cryptolocker.pdf

Chewbacca - Retail PoS

https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/

Dexter/Project Hook - Retail Pos

http://www.arbornetworks.com/asert/wp-content/uploads/2013/12/Dexter-and-Project-Hook-Break-the-Bank.pdf

BlackPoS/Kaptoxa - Retail PoS

http://www.securitycurrent.com/resources/files/KAPTOXA-Point-of-Sale-Compromise.pdf (iSight Partners)

http://blogs.mcafee.com/mcafee-labs/analyzing-the-target-point-of-sale-malware

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24927/en_US/McAfee_Labs_Threat_Advisory_EPOS_Data_Theft.pdf

http://securityintelligence.com/target-data-breach-kaptoxa-pos-malware/

Red October

http://securelist.com/analysis/publications/36740/red-october-diplomatic-cyber-attacksinvestigation/

http://securelist.com/analysis/36830/red-october-detailed-malware-description-1-first-stage-of-attack/

SysPrep/Cryptbase.dll Priv Escalation

http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2014-050812-0239-99

The Snake/ Uroburos

http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf
http://www.viruslist.com/sp/analysis?pubid=207271262
WinNTI (Discovered by us in June 2012 using this methodology)

http://securelist.com/analysis/internal-threats-reports/37029/winnti-more-than-just-a-game/
Mandiant APT1

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
Shady Rat

http://www.symantec.com/connect/blogs/truth-behind-shady-rat
Duqu

http://www.kaspersky.com/about/press/major_malware_outbreaks/duqu
http://www.secureworks.com/cyber-threat-intelligence/threats/duqu/
http://www.symantec.com/outbreak/?id=stuxnet
Stuxnet

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

http://www.codeproject.com/Articles/246545/Stuxnet-Malware-Analysis-Paper

http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

https://www.mandiant.com/blog/stuxnet-memory-analysis-ioc-creation/

Gameover Zeus

http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/

Zues/SpyEye

http://www.ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf

Gauss

http://securelist.com/analysis/36620/gauss-abnormal-distribution/

Mini-Flame

http://securelist.com/blog/virus-watch/31730/miniflame-aka-spe-elvis-and-his-friends-5/

SkyWiper/Flame

http://securelist.com/blog/incidents/34216/full-analysis-of-flames-command-control-servers-27/

http://www.academia.edu/2394954/Flame_Malware_Analysis

http://securelist.com/blog/incidents/33002/flame-replication-via-windows-update-mitm-proxy-server-18/

http://www.crysys.hu/skywiper/skywiper.pdf

ZeroAccess

http://nakedsecurity.sophos.com/zeroaccess2/

http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2

Shamoon

http://securelist.com/blog/incidents/57854/shamoon-the-wiper-copycats-at-work/

http://securelist.com/blog/incidents/57784/shamoon-the-wiper-further-details-part-ii/

Wiper

http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/