Latest malware news and threat information exchange forum. Malware analysis, indicators, reports and educational resources.

https://malware.news/

Threat Research
Reversing Malware Command and Control: From Sockets to COM

https://www.fireeye.com/blog/threat-research/2010/08/reversing-malware-command-control-sockets.html

New Ursnif Variant Spreading by Word Document

https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document

Hunting COM Objects

https://malware.news/t/hunting-com-objects/30207

Observing COM within Malicious Code

https://blog.malwarebytes.com/threat-analysis/2014/02/observing-com-within-malicious-code/

MalConfScan

a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.

https://github.com/JPCERTCC/MalConfScan

Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories

https://github.com/malrev/ABD

A modern Java bytecode editor

https://github.com/Col-E/Recaf

speakeasy
Windows kernel and user mode emulation.

https://github.com/fireeye/speakeasy

Digging Up the Past: Windows Registry Forensics Revisited

https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html

Loki
Simple IOC and Incident Response Scanner

https://github.com/Neo23x0/Loki

Pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

https://github.com/hasherezade/pe-sieve

Which YARA Rules Rule: Basic
or Advanced?
https://www.sans.org/reading-room/whitepapers/tools/yara-rules-rule-basic-advanced-38560