CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
26 January 2017

Malware Research Online

by

Malware Research Online

This lecture discusses researching malware online, and provides some resources for doing so.

In my opinion, the best resource available for educating oneself on security incidents and attacks is the APTnotes archive:

The ThreatMiner project has built a nice user interface to this, as well as other, cyber security reporting:

Additionally, I deep dive into Malware Analysis reports published by security research firms for two cyber threats:

2016 - OilRig

This is an alleged Iranian threat actor that launches complex targeted attacks. They’ve been tracked since 2015, according to the source

2014 - Operations Clandestine Fox and Double Tap

This is alleged to have been carried out by a Chinese threat group with ties going back at least a few years as of the publication of the report. The connecting relationships between the Spring 2014 attacks and the Fall 2014 attacks are described in the malware analysis in Operation Double Tap

Slides: lecture-w03-2.pdf (PDF)

Video: CS7038: Wk03.2 - Malware Research Online

P.S.: One Additional Recommendation

Below is a link to another report, from Symantec in 2011, which I feel has a good amount of malware analysis describing a group which used the Poison Ivy RAT heavily around that time.

home

tags: malware lecture