Difference between pages "Cyber Threat Intelligence" and "Malware analysis"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(OpenIOC)
 
(External Links)
 
Line 1: Line 1:
{{expand}}
+
Analyzing [[malware]], or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.
  
Note that the term cyber is arguable misused in the context of "Cyber Threat Intelligence" [http://en.wikipedia.org/wiki/Internet-related_prefixes] and should be considered more as an equivalent for "Digital Threat Intelligence" or "Internet Threat Intelligence".
+
Some common tools for malware analysis include simple programs like [[strings]]. More complex analysis can be conducted by looking at the headers of executables with programs like [[PEiD]] and [[PeExplorer]]. Finally, the most complete analysis can be done with debuggers like [[IDA Pro]] and [[OllyDbg]].  
  
== Standards ==
+
== See Also ==
* IODEF
+
* [[Malware]]
* OpenIOC
+
* [[List of Malware Analysis Tools]]
* Stix/Cybox
+
 
+
=== IODEF ===
+
 
+
=== OpenIOC ===
+
Cons:
+
* Highly [[Mandiant]] product centric standard
+
 
+
=== Stix/Cybox ===
+
  
 
== External Links ==
 
== External Links ==
* [http://blogs.technet.com/b/msrc/archive/2014/06/23/announcing-microsoft-interflow.aspx Driving a Collectively Stronger Security Community with Microsoft Interflow], by Jerry Bryant, June 23, 2014
+
* [http://nakedsecurity.sophos.com/2013/10/11/anatomy-of-an-exploit-ie-zero-day-part-1/ Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1], by Paul Ducklin on October 11, 2013
 
+
* [http://nakedsecurity.sophos.com/2013/10/25/anatomy-of-an-exploit-inside-the-cve-2013-3893-internet-explorer-zero-day-part-2/ Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2], by Paul Ducklin on October 25, 2013
=== IODEF ===
+
* [http://spresec.blogspot.com/2014/03/uroburos-rootkit-hook-analysis-and.html?m=1 Uroburos Rootkit Hook Analysis and Driver Extraction], SP Security Blog, March 20, 2014
* [http://tools.ietf.org/html/rfc5070 RFC 5070 - The Incident Object Description Exchange Format]
+
 
+
=== OpenIOC ===
+
* [http://www.openioc.org/ The OpenIOC framework]
+
 
+
=== Stix/Cybox ===
+
* [http://cybox.mitre.org/ Cyber Observable eXpression]
+
* [https://stix.mitre.org/ Structured Threat Information eXpression]
+
  
== Tools ==
+
[[Category:Malware]]
* [[Mantis]]
+

Revision as of 02:35, 25 June 2014

Analyzing malware, or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.

Some common tools for malware analysis include simple programs like strings. More complex analysis can be conducted by looking at the headers of executables with programs like PEiD and PeExplorer. Finally, the most complete analysis can be done with debuggers like IDA Pro and OllyDbg.

See Also

External Links