Malware is software specifically designed to perform malicious actions. Malware may disrupt, damage, or provide unauthorized access to a computer system.
Malware is used both maliciously by criminals and benignly by authorized personnel to test the security controls of an organization.
Links to this note
- bootkitty-vijayan2024
- spam
- thread injection
- sedexp
- unveilingsedexp-reichert2024
- bootkit
- leveragingldaudittobeatldpreload-ribak2020
- Main Index
- TracerPid
- equationdeathstar-great2015
- symbiote-kennedy2022
- incidentresponse-luttgens2014
- tricephalichellkeeper-pourcelot2022
- attackofthings-level3-2016
- trackingteamtnt-fiser2021
- malware development essentials-sektor7
- china-linked hackers target Linux systems-antoniuk2024
- Malvuln Project
- DefenderCheck
- PE entry redirection
- elfmaster
- virus (computer)
- skuld-taniumcti2023
- chaos-blacklotuslabs2022
- chaos-lang2023
- noabot-constantin2024
- privilege escalation - world-writable directories and files
- LOLBin
- disabling bashrc
- process masquerading
- hooks
- PAM modules - malicious
- pamgoesrogue-sharma2003
- rootkits hiding CPU usage
- fingerprint
- botnet
- autorun.inf
- yara as a tool for attribution
- anti-virus
- command and control
- Remote Access Trojan
- sansec-cronrat
- rootkit
- Persistence
- Process Injection
- Behavior-based Detection
- Hashing Detection
- malware analysis
- Payload Encryption
- Program Database
- Ransomware
- Sandbox Detection
- shellcode
- Signature Detection
- UUIDfuscation
- Malware Development Life Cycle
- Bokbot
- Emotet
- malware classes
- malware families
- Software Exploits
- spyware
- … hidden directory
- .debug_info section used for attribution
- /etc/ld.so.preload persistence
- Agent.BTZ
- AMSI
- anti-analysis
- anti-malware
- anti-sandbox
- attribution by algoritm usage
- attribution by domain reuse
- attribution by language usage
- backdoor
- banking trojans
- banner grabbing
- bashrc used for persistence
- binary analysis
- bind on a port as a mutex
- Blackcat Ransomware
- Buckshot Yankee
- Chaos malware
- code reuse as attribution
- Compiler Options - Anti-Reversing
- ComRAT
- covert channel
- credential stealer
- CronRAT
- crypter
- cryptocurrency mining malware
- curl | sh
- customized UPX packers
- ddostf
- Decoy Dog
- Discord-based C2
- DLL injection
- DNS sinkhole
- Domain Generation Algorithm
- DOUBLEFANTASY
- dropper
- enumerate processes
- file infector
- fileless malware
- fingerprinting using User-Agents
- Flame
- function name randomization
- Golang malware
- GReAT
- handle.exe
- hard-coded passwords
- hasherezade
- Hell's Gate
- hidden files and directories
- homoglyph obfuscation
- HTTP C2
- imphash
- implant
- IP Address Obfuscation
- IPfuscation
- IRC command and control
- Kaiji malware
- Kaiten malware
- keylogger
- known_hosts cracking
- LD_PRELOAD
- Linux Malware
- linux malware - skill and knowledge requirements
- loader
- log wiper
- MACfuscation
- macOS malware
- Magecart
- magic packet
- Main Index - M
- malicious domain
- malware campaign
- malware capabilities
- malware checking for installed software
- malware checking for known malware
- malware checking for security software
- malware development
- malware disguising User-Agent strings
- malware family
- malware gathering system information
- malware installing additional software
- malware propagation
- malware replacing legitimate system components
- malware setting files as immutable or append only
- malware strain
- malware triage
- malware update capability
- malware using mutexes
- Manual Analysis
- matryoshka obfuscation
- memory forensics
- million dollar dream
- Mirai
- mod_backdoor
- modular malware
- Moonlight Maze samples
- multiplatform malware
- Nirsoft false positives
- NoaBot
- old malware
- packer
- patching
- Penguin Turla
- process hiding
- Prometei
- quarantine
- RC4
- remediation
- sample
- Sansec
- SecureList
- SHA256
- signature (anti-virus)
- Skidmap Indicators of Compromise (IoCs)
- Skidmap malware
- skimmer
- Skuld malware
- SmokeLoader
- SSH key persistence
- SSH key theft
- SSH password stealer
- SSH scanning
- stack strings
- staged malware
- stop treating security tools like magic boxes
- string hashing
- string obfuscation
- strings as attribution
- Stuxnet
- systemd service persistence
- tapi32d.exe
- teensy ELF files
- territorial malware
- ThreatCheck
- TLS directory injection
- TLS takes precedence over main()
- trojan
- Tsunami malware
- typecli.exe
- typos as an indicator of hands on keyboard
- typos in malware
- upx_dec
- user account persistence
- userland exec
- Virtual Machine Detection
- VirusTotal
- VMProtect
- VX
- VX Heaven
- wacatac
- watering hole attack
- web shell
- worm
- xor string obfuscation
- XORDDOS malware
- YARA