├── Emotet ├── README.md ├── extracting_ioc_from_doc.md ├── extracting_ioc_from_doc2.md └── img │ ├── Extracting IoC from .doc file 2 │ ├── a.png │ ├── fiddlerset1.PNG │ ├── fiddlerset2.PNG │ ├── maldoc1.PNG │ ├── result1.PNG │ ├── result2.PNG │ ├── result3.PNG │ ├── result4.PNG │ ├── security1.PNG │ ├── security2.PNG │ └── ursnif.PNG │ ├── a.png │ ├── cmdwacher.PNG │ ├── cmdwacther2.PNG │ ├── cyberchef_960.png │ └── word.PNG ├── README.md ├── Trickbot ├── README.md ├── analysis_processhollowing.md └── img │ ├── Identification of Hollowed out processes │ ├── Loki.PNG │ ├── a.png │ ├── eql1.PNG │ ├── eql2.PNG │ ├── eql3.PNG │ ├── hollows_hunter1.PNG │ ├── strings1.PNG │ ├── strings2.PNG │ ├── volatility2.PNG │ ├── volatility3.PNG │ └── volatility4.PNG │ ├── PROCESS_BASIC_INFORMATION.png │ ├── ProcessID.PNG │ ├── a.png │ ├── apicall_15_720.png │ ├── copytext_9_720.png │ ├── copytext_9_940.png │ ├── crccalc_13_720.png │ ├── crccalc_13_940.png │ ├── crccmp_14_720.png │ ├── crccmp_14_940.png │ ├── datacopy2_6_720.png │ ├── datacopy2_6_940.png │ ├── datacopy_5_720.png │ ├── datacopy_5_940.png │ ├── datacopy_5_modify_720.png │ ├── datasection_4_720.png │ ├── datasection_4_940.png │ ├── decode2_8_720.png │ ├── decode2_8_940.png │ ├── decode_7_720.png │ ├── decode_7_940.png │ ├── filecopy_1_720.png │ ├── filecopy_1_940.png │ ├── heavensgate_11_720.png │ ├── heavensgate_11_940.png │ ├── heavensgate_16_720.png │ ├── ntdll_12_720.png │ ├── ntdll_12_940.png │ ├── processhacker.PNG │ ├── shellexecute_2_720.png │ ├── shellexecute_2_940.png │ ├── svchost_10_720.png │ ├── svchost_10_940.png │ ├── virtualalloc_3_720.png │ └── virtualalloc_3_940.png ├── a.md ├── a.txt ├── detecting_ph_process.md ├── malware-analysis_ref_and_memo.md └── malware-tech_ref_and_memo.md /Emotet/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/README.md -------------------------------------------------------------------------------- /Emotet/extracting_ioc_from_doc.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/extracting_ioc_from_doc.md -------------------------------------------------------------------------------- /Emotet/extracting_ioc_from_doc2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/extracting_ioc_from_doc2.md -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/a.png: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/fiddlerset1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/fiddlerset1.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/fiddlerset2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/fiddlerset2.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/maldoc1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/maldoc1.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/result1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/result1.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/result2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/result2.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/result3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/result3.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/result4.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/result4.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/security1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/security1.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/security2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/security2.PNG -------------------------------------------------------------------------------- /Emotet/img/Extracting IoC from .doc file 2/ursnif.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/Extracting IoC from .doc file 2/ursnif.PNG -------------------------------------------------------------------------------- /Emotet/img/a.png: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Emotet/img/cmdwacher.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/cmdwacher.PNG -------------------------------------------------------------------------------- /Emotet/img/cmdwacther2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/cmdwacther2.PNG -------------------------------------------------------------------------------- /Emotet/img/cyberchef_960.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/cyberchef_960.png -------------------------------------------------------------------------------- /Emotet/img/word.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Emotet/img/word.PNG -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/README.md -------------------------------------------------------------------------------- /Trickbot/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/README.md -------------------------------------------------------------------------------- /Trickbot/analysis_processhollowing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/analysis_processhollowing.md -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/Loki.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/Loki.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/a.png: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/eql1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/eql1.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/eql2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/eql2.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/eql3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/eql3.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/hollows_hunter1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/hollows_hunter1.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/strings1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/strings1.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/strings2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/strings2.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/volatility2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/volatility2.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/volatility3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/volatility3.PNG -------------------------------------------------------------------------------- /Trickbot/img/Identification of Hollowed out processes/volatility4.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/Identification of Hollowed out processes/volatility4.PNG -------------------------------------------------------------------------------- /Trickbot/img/PROCESS_BASIC_INFORMATION.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/PROCESS_BASIC_INFORMATION.png -------------------------------------------------------------------------------- /Trickbot/img/ProcessID.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/ProcessID.PNG -------------------------------------------------------------------------------- /Trickbot/img/a.png: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Trickbot/img/apicall_15_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/apicall_15_720.png -------------------------------------------------------------------------------- /Trickbot/img/copytext_9_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/copytext_9_720.png -------------------------------------------------------------------------------- /Trickbot/img/copytext_9_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/copytext_9_940.png -------------------------------------------------------------------------------- /Trickbot/img/crccalc_13_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/crccalc_13_720.png -------------------------------------------------------------------------------- /Trickbot/img/crccalc_13_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/crccalc_13_940.png -------------------------------------------------------------------------------- /Trickbot/img/crccmp_14_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/crccmp_14_720.png -------------------------------------------------------------------------------- /Trickbot/img/crccmp_14_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/crccmp_14_940.png -------------------------------------------------------------------------------- /Trickbot/img/datacopy2_6_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datacopy2_6_720.png -------------------------------------------------------------------------------- /Trickbot/img/datacopy2_6_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datacopy2_6_940.png -------------------------------------------------------------------------------- /Trickbot/img/datacopy_5_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datacopy_5_720.png -------------------------------------------------------------------------------- /Trickbot/img/datacopy_5_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datacopy_5_940.png -------------------------------------------------------------------------------- /Trickbot/img/datacopy_5_modify_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datacopy_5_modify_720.png -------------------------------------------------------------------------------- /Trickbot/img/datasection_4_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datasection_4_720.png -------------------------------------------------------------------------------- /Trickbot/img/datasection_4_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/datasection_4_940.png -------------------------------------------------------------------------------- /Trickbot/img/decode2_8_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/decode2_8_720.png -------------------------------------------------------------------------------- /Trickbot/img/decode2_8_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/decode2_8_940.png -------------------------------------------------------------------------------- /Trickbot/img/decode_7_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/decode_7_720.png -------------------------------------------------------------------------------- /Trickbot/img/decode_7_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/decode_7_940.png -------------------------------------------------------------------------------- /Trickbot/img/filecopy_1_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/filecopy_1_720.png -------------------------------------------------------------------------------- /Trickbot/img/filecopy_1_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/filecopy_1_940.png -------------------------------------------------------------------------------- /Trickbot/img/heavensgate_11_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/heavensgate_11_720.png -------------------------------------------------------------------------------- /Trickbot/img/heavensgate_11_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/heavensgate_11_940.png -------------------------------------------------------------------------------- /Trickbot/img/heavensgate_16_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/heavensgate_16_720.png -------------------------------------------------------------------------------- /Trickbot/img/ntdll_12_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/ntdll_12_720.png -------------------------------------------------------------------------------- /Trickbot/img/ntdll_12_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/ntdll_12_940.png -------------------------------------------------------------------------------- /Trickbot/img/processhacker.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/processhacker.PNG -------------------------------------------------------------------------------- /Trickbot/img/shellexecute_2_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/shellexecute_2_720.png -------------------------------------------------------------------------------- /Trickbot/img/shellexecute_2_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/shellexecute_2_940.png -------------------------------------------------------------------------------- /Trickbot/img/svchost_10_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/svchost_10_720.png -------------------------------------------------------------------------------- /Trickbot/img/svchost_10_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/svchost_10_940.png -------------------------------------------------------------------------------- /Trickbot/img/virtualalloc_3_720.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/virtualalloc_3_720.png -------------------------------------------------------------------------------- /Trickbot/img/virtualalloc_3_940.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/Trickbot/img/virtualalloc_3_940.png -------------------------------------------------------------------------------- /a.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/a.md -------------------------------------------------------------------------------- /a.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/a.txt -------------------------------------------------------------------------------- /detecting_ph_process.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/detecting_ph_process.md -------------------------------------------------------------------------------- /malware-analysis_ref_and_memo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/malware-analysis_ref_and_memo.md -------------------------------------------------------------------------------- /malware-tech_ref_and_memo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mether049/malware/HEAD/malware-tech_ref_and_memo.md --------------------------------------------------------------------------------