Malware Research Online

by

Malware Research Online

This lecture discusses researching malware online, and provides some resources for doing so.

In my opinion, the best resource available for educating oneself on security incidents and attacks is the APTnotes archive:

• APTnotes (https://github.com/aptnotes)

The ThreatMiner project has built a nice user interface to this, as well as other, cyber security reporting:

• ThreatMiner (https://threatminer.org/)

Additionally, I deep dive into Malware Analysis reports published by security research firms for two cyber threats:

2016 - OilRig

This is an alleged Iranian threat actor that launches complex targeted attacks. They’ve been tracked since 2015, according to the source

• Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford _ ClearSky Cybersecurity

2014 - Operations Clandestine Fox and Double Tap

This is alleged to have been carried out by a Chinese threat group with ties going back at least a few years as of the publication of the report. The connecting relationships between the Spring 2014 attacks and the Fall 2014 attacks are described in the malware analysis in Operation Double Tap

• Clandestine Fox, Part Deux (June 2014)
• Operation Double Tap (Nov 2014)

Slides: lecture-w03-2.pdf (PDF)

Video: CS7038: Wk03.2 - Malware Research Online

P.S.: One Additional Recommendation

Below is a link to another report, from Symantec in 2011, which I feel has a good amount of malware analysis describing a group which used the Poison Ivy RAT heavily around that time.

• The Nitro Attacks

home