MA-01 — Emerging Malware Analysis News/Intel
Malware written in GoLang
GoLang based malware has been known to spike since the beginning of 2019 and poses a big threat to even experienced Malware Analysts. There are over 53 known malware families known using this language and it is very flexible. Read about it here: https://unit42.paloaltonetworks.com/the-gopher-in-the-room-analysis-of-golang-malware-in-the-wild/
Static Analysis in REMnux
Malwology wrote this article (He’s a SANS610 instructor). He covers some very good Python based tools for statically analysing PE’s, some of those that seem unconventional compared to your current arsenal of tools. He also covers a cool piece on extracting embedded Executables within the ‘Overlay’ Section of Portable Executables, using a PE carving tool in REMnux.
https://malwology.com/2016/02/09/remnux-v6-for-malware-analysis-part-2-static-file-analysis/
APT scanning tool
Tool created by Intezer packed with YARA rules following analysis of 3.5 million pieces of code, shared between the Russian APT samples.
https://apt-ecosystem.com/russia/detector
Intezer — mapping the connections inside Russias APT Ecosystem
https://www.intezer.com/blog-russian-apt-ecosystem/
Malware Analysis — State Of Malware by MalwareBytes
SANS FOR610 WebCast — State Of Malware — Recorded Sept 2019
https://www.youtube.com/watch?v=u_Mbh8r7L0E
FireEye’s new tool — StringSifter (Released 08/09/2019)
https://www.fireeye.com/blog/threat-research/2019/09/open-sourcing-stringsifter.html
https://github.com/fireeye/stringsifter/blob/master/README.md
Analysing a malicious spreadsheet dropping a dll
https://blog.nviso.be/2019/09/18/malicious-spreadsheet-dropping-a-dll/
Primer on VBA Macros — Parsing and De-obfuscation
https://newtonpaul.com/static-malware-analysis-with-ole-tools-and-cyber-chef/
