MalwareAnalysisSeries

This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules

Project maintained by shaddy43 Hosted on GitHub Pages — Theme by mattgraham
MalwareAnalysisSeries
Malware Analysis Series

MalwareAnalysisSeries


Welcome to the MalwareAnalysisSeries repository, your go-to destination for highly refined analysis reports and articles, useful reverse engineering tools & scripts, unpacked malware stages, extracted TTPs and its development. This open-source pet project is dedicated to dissecting infamous malware families, offering deep technical insights assisting in advance analysis and reverse engineering. The process of malware development is also covered in this repository as each significant TTP is recreated in exact way as the actual malware and detection rule/query/logic is provided for each TTP.

Purpose

The primary goal of MalwareAnalysisSeries is to provide a comprehensive resource for cybersecurity enthusiasts, researchers, and professionals alike. By delving into the intricate workings of prominent malware families, my aim is to empower the community with invaluable knowledge and tools to enhance their understanding of cybersecurity threats and bolster defense mechanisms.

Whoami

Small Image

Shayan Ahmed Khan
Alias: shaddy43
Threat Researcher, Detection Engineer, MalDev
SC-200, AZ-500, PJMR, HCIA Security
I believe in open-source work & contributions!

Malware Analysis Repositories


Emotet Image

Emotet

A detailed technical analysis report on Emotet Malware covering 3 stages from initial vbs dropper to stage 2 emotet dll and in-memory loaded module

28 October 2024 • 12 minute read
Latest
Xloader Image

Xloader4.3/Formbook Infostealer

Technical Analysis PDF Report & Extracted TTPs of Xloader4.3 AKA Formbook Infostealer. TTPs are recreated and code is provide in this repository along with detection rules of individual TTP

23 Jan 2024 • 25 minute read

 MedusaLocker Image

MedusaLocker Ransomware

Technical Analysis PDF Report & Extracted TTPs of MedusaLocker Ransomware which are recreated and code is provided along with the detection rules

21 Aug 2023 • 9 minute read

 Ryuk Image

Ryuk Ransomware

Technical Analysis PDF Report & Extracted TTPs of Ryuk Ransomware which are recreated and code is provided along with the detection rules

26 Nov 2023 • 10 minute read

 NanoCore Image

NanoCore RAT 1.2.2.0

Technical Analysis PDF Report & TTPs of NanoCore RAT 1.2.2.0. The Extracted TTPs are recreated and code is provided. Based on the artifacts and indicators during analysis and recreation, detection queries are provided for each TTP

21 Sept 2023 • 14 minute read

 Cracked Haven Image

CrackedHaven

Understand Software Cracking and its Implications. This repository contains a PDF report explaining the procedure of software cracking, its dangers and practical example of cracking Adobe Photoshop along with checking the integity of already cracked binary picked from pirated sources

10 March 2022 • 10 minute read


Repository Structure Overview

Directory Description
://Malware/ Contains all malware-related content. Reports/Articles etc
://Malware/sample/ Repository of malware samples and their unpacked stages.
://Malware/tools_and_scripts/ Collection of tools and scripts used in malware analysis.
://Malware/Extracted_TTPs/ Directory containing the Tactics, Techniques, and Procedures (TTPs) identified in the malware and its code recreated after analysis
://Malware/Extracted_TTPs/TTP(1...n)/Detection Specific detection rules associated with each TTP extracted from the malware.
://Assets/ Stores visual aids, including images, videos, and GIFs, used in reports and documentation.

Visualized Structure

MalwareAnalysisSeries/
├── Malware/
│   ├── sample/
│   ├── tools_and_scripts/
│   ├── Extracted_TTPs/
│   │   ├── TTP1/
│   │   │   ├── Code/
│   │   │   └── Detection/
│   │   ├── TTP2/
│   │   │   ├── Code/
│   │   │   └── Detection/
│   │   └── ...
│   └── Assets/
├── ...
├── Assets/
└── README.md

Disclaimer

It's important to emphasize that MalwareAnalysisSeries is intended strictly for educational and research purposes. I do not condone or support any form of malicious activity. The tools, scripts, and analysis reports provided here are meant to foster learning, enhance cybersecurity knowledge, and contribute to the collective defense against cyber threats. Any misuse or illegitimate use of the content within this repository is strongly discouraged and goes against the principles of ethical cybersecurity practices.

Join me in this mission to dissect, understand, and combat malware. Together, we can make cyberspace a safer environment for all.