From 412620b84238306e2b62d75a6362aa1b693002cb Mon Sep 17 00:00:00 2001 From: Amanda Rousseau Date: Mon, 20 Mar 2017 16:13:37 -0700 Subject: [PATCH] adding reference malware --- malware.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/malware.md b/malware.md index 915ff61..ab6b1af 100644 --- a/malware.md +++ b/malware.md @@ -135,13 +135,13 @@ Example: Dll Search Order Hijacking * Dll Side Loading * Masquerading * Process Hallowing + * Code Injection ### Example Malware | Name | Hash | Link | | --- | --- | --- | -| mimikatz | b4d7bfcfb8f85c4d2fb8cb33c1d6380e5b7501e492edf3787adee42e29e0bb25 | [virustotal](https://www.virustotal.com/en/file/b4d7bfcfb8f85c4d2fb8cb33c1d6380e5b7501e492edf3787adee42e29e0bb25/analysis/) | - +| darkcomet backdoor | 1be0ca062facda59239cc5621d0a3807a84ed7d39377041489b09d3870958fee | [virustotal](https://www.virustotal.com/en/file/1be0ca062facda59239cc5621d0a3807a84ed7d39377041489b09d3870958fee/analysis/) | [Goto Top^](#techniques-overview) @@ -179,6 +179,14 @@ Credential theft * Enable an adversary to access and control remote systems on a network and could + +### Example Malware + +| Name | Hash | Link | +| --- | --- | --- | +| winmail.dat^QGIS-KOMIT .zip^QGIS-KOMIT .exe | c0f38384dd6c1536a0e19100b8d82759e240d58ed6ba50b433e892e02e819ebb | [virustotal](https://www.virustotal.com/en/file/c0f38384dd6c1536a0e19100b8d82759e240d58ed6ba50b433e892e02e819ebb/analysis/) | + + [Goto Top^](#techniques-overview) --- @@ -198,6 +206,12 @@ Credential theft * Identify and gather information, such as sensitive files, from a target network prior to exfiltration +### Example Malware + +| Name | Hash | Link | +| --- | --- | --- | +| keylogger | 5d5c01d72216410767d089a3aabddf7fdbe3b88aff3b51b6d32280c3439038fa | [virustotal](https://www.virustotal.com/en/file/5d5c01d72216410767d089a3aabddf7fdbe3b88aff3b51b6d32280c3439038fa/analysis/) | + [Goto Top^](#techniques-overview) --- @@ -216,6 +230,14 @@ Credential theft * Communicate with systems under their control +### Example Malware + +| Name | Hash | Link | +| --- | --- | --- | +| backdoor | 02fc2d262cb0d5e9d3e8202ea69013c5c8cc197685c73c0689cbeb243d508e76 | [virustotal](https://www.virustotal.com/en/file/02fc2d262cb0d5e9d3e8202ea69013c5c8cc197685c73c0689cbeb243d508e76/analysis/) | + + + [Goto Top^](#techniques-overview) [x86 Assembly <- Back](https://securedorg.github.io/RE101/section1.3) | [Next -> Section 3](https://securedorg.github.io/RE101/section3)