MalwareAnalysisSeries
This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules
Project maintained by shaddy43 Hosted on GitHub Pages — Theme by mattgraham
MalwareAnalysisSeries
Welcome to the MalwareAnalysisSeries repository, your go-to destination for highly refined analysis reports and articles, useful reverse engineering tools & scripts, unpacked malware stages, extracted TTPs and its development. This open-source pet project is dedicated to dissecting infamous malware families, offering deep technical insights assisting in advance analysis and reverse engineering. The process of malware development is also covered in this repository as each significant TTP is recreated in exact way as the actual malware and detection rule/query/logic is provided for each TTP.
Purpose
The primary goal of MalwareAnalysisSeries is to provide a comprehensive resource for cybersecurity enthusiasts, researchers, and professionals alike. By delving into the intricate workings of prominent malware families, my aim is to empower the community with invaluable knowledge and tools to enhance their understanding of cybersecurity threats and bolster defense mechanisms.
Whoami
|
Shayan Ahmed Khan |
Malware Analysis Repositories
Xloader4.3/Formbook Infostealer
Technical Analysis PDF Report & Extracted TTPs of Xloader4.3 AKA Formbook Infostealer. TTPs are recreated and code is provide in this repository along with detection rules of individual TTP
MedusaLocker Ransomware
Technical Analysis PDF Report & Extracted TTPs of MedusaLocker Ransomware which are recreated and code is provided along with the detection rules
Ryuk Ransomware
Technical Analysis PDF Report & Extracted TTPs of Ryuk Ransomware which are recreated and code is provided along with the detection rules
NanoCore RAT 1.2.2.0
Technical Analysis PDF Report & TTPs of NanoCore RAT 1.2.2.0. The Extracted TTPs are recreated and code is provided. Based on the artifacts and indicators during analysis and recreation, detection queries are provided for each TTP
CrackedHaven
Understand Software Cracking and its Implications. This repository contains a PDF report explaining the procedure of software cracking, its dangers and practical example of cracking Adobe Photoshop along with checking the integity of already cracked binary picked from pirated sources
Repository Structure Overview
| Directory | Description |
|---|---|
| ://Malware/ | Contains all malware-related content. Reports/Articles etc |
| ://Malware/sample/ | Repository of malware samples and their unpacked stages. |
| ://Malware/tools_and_scripts/ | Collection of tools and scripts used in malware analysis. |
| ://Malware/Extracted_TTPs/ | Directory containing the Tactics, Techniques, and Procedures (TTPs) identified in the malware and its code recreated after analysis |
| ://Malware/Extracted_TTPs/TTP(1...n)/Detection | Specific detection rules associated with each TTP extracted from the malware. |
| ://Assets/ | Stores visual aids, including images, videos, and GIFs, used in reports and documentation. |
Visualized Structure
MalwareAnalysisSeries/
├── Malware/
│ ├── sample/
│ ├── tools_and_scripts/
│ ├── Extracted_TTPs/
│ │ ├── TTP1/
│ │ │ ├── Code/
│ │ │ └── Detection/
│ │ ├── TTP2/
│ │ │ ├── Code/
│ │ │ └── Detection/
│ │ └── ...
│ └── Assets/
├── ...
├── Assets/
└── README.md
Disclaimer
It's important to emphasize that MalwareAnalysisSeries is intended strictly for educational and research purposes. I do not condone or support any form of malicious activity. The tools, scripts, and analysis reports provided here are meant to foster learning, enhance cybersecurity knowledge, and contribute to the collective defense against cyber threats. Any misuse or illegitimate use of the content within this repository is strongly discouraged and goes against the principles of ethical cybersecurity practices.
Join me in this mission to dissect, understand, and combat malware. Together, we can make cyberspace a safer environment for all.