![]() ![]() But the more specific you can get, the better an IOC is. It has wheels, a motor, probably a driver. To associate this with a metaphor, IOCs are like describing a car. The word “IOC” can apply to malware, a malicious webpage, an APT, etc. These are simply attributes of a threat that you can use to hunt across an environment. One of the terms that is often off-putting to newcomers is “IOC”. Look for IP or hostname on blacklist(ipvoid)īefore I end this blog, I wanted to fill in some areas of confusion that readers may have.Fake network for network connections (RemNUX).Pivot searches on IOCs (VirusTotal/totalhash).Look at malicious process’ properties and look for mutant handles.Wireshark(run on another system in virtual network).As your self, should I go further at this point?.There should be a significant number of imports.There should be a significant number of libraries.There should be a significant amount of readable strings. ![]() ![]() Steps to malware analysis, as stated by Lenny: As you become more comfortable with malware analysis, you will find that specific steps should be prioritized based on the initial sample information. The steps listed below can be swapped around in most places, so don’t feel that this is a rigid process. Obviously, analysis can get much more involved with debuggers and decompilers, but from my personal experience, these steps will get you to actionable information quickly, perfect for the budding SOC analysts. T hroughout the video, Zeltser walks through a typical process for analyzing malware samples.
0 Comments
Leave a Reply. |