-
-
[分享]分享一些平时在进行恶意代码分析时常用的网站
-
发表于: 2021-1-25 18:18
-
恶意样本收集
样本来源
一些作为个人分析人员平时的样本来源,解压密码默认为infected
ANYRUN
需要注册,无法使用国内邮箱注册,可以使用Gmail、雅虎等邮箱。
2a8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2M7s2m8Q4x3X3g2S2L8Y4W2Q4x3X3g2J5N6h3&6Q4x3V1k6K6N6h3u0E0K9i4y4K6K9h3!0F1M7#2)9J5c8R3`.`.
DasMalwerk
584K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1j5i4y4E0j5h3I4%4k6i4u0C8i4K6u0W2k6i4g2Q4x3V1j5`.
Hatching Triage
需要注册
3a9K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1M7X3W2S2i4K6u0W2k6$3g2Q4x3V1j5`.
hybrid
老牌沙箱,需要注册
be8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2Z5P5h3u0J5K9h3c8Q4x3X3c8S2L8X3q4D9P5i4y4A6M7#2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
Malware Bazaar
19dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1j5i4A6S2j5i4u0Q4x3X3g2S2j5Y4g2K6k6g2)9J5k6h3y4Z5i4K6u0r3j5Y4u0G2N6%4y4W2i4K6u0r3
Bazaar是我目前最喜欢的一个平台,由个人运营,完全免费,提供了API接口以供下载样本。此外,bazaar会有统计页面,通过该页面,大概可以知道目前什么家族的样本最为活跃,通常来说都是Heodo(Emote) 或AgentTesla
API接口使用以及说明:
b98K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1j5i4A6S2j5i4u0Q4x3X3g2S2j5Y4g2K6k6g2)9J5k6h3y4Z5i4K6u0r3j5i4m8A6i4K6u0r3
样本统计:
38dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1j5i4A6S2j5i4u0Q4x3X3g2S2j5Y4g2K6k6g2)9J5k6h3y4Z5i4K6u0r3M7%4c8S2N6r3W2K6N6r3W2U0M7#2)9J5c8R3`.`.
当然,作者也鼓励大家将恶意样本共享出来并打上对应的标签,不过要确保上传的样本是恶意的,请勿将位置类别的样本上传到bazaar污染数据:
683K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1j5i4A6S2j5i4u0Q4x3X3g2S2j5Y4g2K6k6g2)9J5k6h3y4Z5i4K6u0r3N6i4m8D9L8$3q4V1i4K6u0r3
Malware DB
b9bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1K9r3g2*7L8$3!0Q4x3X3g2E0L8%4u0A6M7Y4c8Q4x3X3g2U0L8$3#2Q4x3V1j5`.
theZoo还有一个github库,但是目前来看不怎么更新了
4edK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6&6N6r3W2K6k6W2)9J5c8Y4c8Z5k6g2A6G2L8H3`.`.
Mac Malware
macos平台恶意样本下载
776K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6G2j5X3A6W2j5%4c8A6N6X3g2Q4x3X3c8K6k6h3g2Q4x3X3g2U0L8$3#2Q4x3V1k6E0j5h3I4%4j5i4u0W2i4K6u0W2K9s2c8E0L8l9`.`.
vx-underground
8dbK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6$3P5q4)9J5k6s2g2F1k6r3g2J5k6%4u0G2N6h3&6V1i4K6u0W2L8%4u0Y4i4K6u0r3M7$3q4E0M7r3I4W2M7#2)9J5k6h3S2@1L8h3H3`.
安全厂商报告阅读
一些国外常看的安全厂商报告,但是人精力有限,不可能每天将所有数据全部看完,可以考虑写个爬虫然后进行关键字监控,或者直接将每天所有文章标题爬下来根据标题进行筛选。
不过还是有一些博客地址适合人工经常看看的,个人推荐的是卡巴、微软、平底锅、东亚地区的博客可以着重看看b21K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5h3I4&6j5h3y4Q4x3X3g2U0L8#2)9J5k6h3E0J5i4K6u0r3
25aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6U0P5h3u0W2M7Y4y4W2j5%4g2J5K9i4c8&6i4K6u0W2j5i4c8@1i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6%4y4Q4x3V1k6D9j5h3u0K6i4K6u0V1M7X3g2K6k6h3q4J5j5$3S2Q4x3V1j5`.
271K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2j5i4k6S2M7%4c8Q4x3X3g2U0L8$3#2Q4x3V1j5`.
d47K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2X3L8%4u0U0k6i4m8G2K9h3&6@1i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6H3`.`.
81aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2N6r3q4D9L8%4y4A6L8Y4c8W2L8r3I4A6k6$3g2F1j5$3g2Q4x3X3g2U0L8$3#2Q4x3V1j5`.
bfcK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2L8Y4k6A6M7$3!0Q4x3X3g2W2N6g2)9J5c8R3`.`.
145K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2L8h3q4D9N6$3q4J5k6h3u0&6N6r3g2K6i4K6u0W2j5$3!0E0i4K6u0r3
a5cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2N6s2u0W2L8X3c8E0K9h3y4J5L8#2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
02eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2U0P5h3u0W2M7X3g2S2M7$3!0F1i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6H3`.`.
cd2K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6#2L8X3W2@1y4o6u0Q4x3X3g2H3j5h3I4G2j5h3I4@1L8$3&6W2N6s2N6G2M7X3E0K6i4K6u0W2j5$3!0E0i4K6u0r3
a08K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2X3L8%4u0@1K9h3&6W2N6q4)9J5k6h3y4G2L8g2)9J5c8X3u0D9L8$3M7`.
4d1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2@1j5i4u0D9L8$3N6A6j5#2)9J5k6h3y4G2L8g2)9J5c8X3g2F1i4K6u0r3j5%4W2T1k6i4u0K6k6h3y4#2M7X3W2@1P5g2)9J5k6r3u0D9L8$3N6Q4x3V1j5`.
736K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2U0L8%4k6W2N6$3q4J5k6g2)9J5k6h3y4G2L8g2)9J5c8X3u0D9L8$3M7`.
f89K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2K6k6h3&6@1K9h3&6W2L8r3!0F1k6g2)9J5k6h3y4G2L8g2)9J5c8X3u0D9L8$3N6Q4x3V1j5`.
989K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6k6h3y4#2M7X3g2D9K9i4y4@1i4K6u0W2j5$3!0E0i4K6u0r3
500K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2S2M7s2u0A6L8%4u0A6N6q4)9J5k6h3y4G2L8g2)9J5c8Y4u0W2N6X3g2J5M7$3g2Q4x3X3c8T1L8r3!0Y4
996K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1L8r3!0Y4i4K6u0W2k6W2)9J5k6s2y4W2j5%4g2J5k6g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
a06K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6G2j5X3A6W2j5%4c8A6N6X3g2Q4x3X3c8K6k6h3g2Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8r3!0Y4i4K6u0r3
9d5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2$3K9i4u0#2M7$3u0#2L8r3I4W2N6r3W2F1i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6#2)9J5c8R3`.`.
4c9K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6J5k6i4y4W2j5i4u0U0K9q4)9J5k6h3y4Z5k6h3y4C8M7r3!0A6L8Y4c8Q4x3X3g2U0L8$3#2Q4x3V1j5`.
d87K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2A6L8Y4c8W2P5X3g2J5i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6#2)9J5c8R3`.`.
241K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2*7M7$3y4S2L8r3g2J5i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6%4x3`.
143K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2H3M7X3!0G2k6Y4m8G2K9h3&6@1i4K6u0W2j5$3!0E0i4K6u0r3N6i4y4Q4x3V1k6T1L8r3!0Y4
780K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2S2L8X3!0E0j5h3I4A6i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6H3`.`.
d02K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2S2j5%4u0G2L8X3W2K6i4K6u0W2j5$3!0E0i4K6u0r3k6h3&6Q4x3X3c8#2M7#2)9J5c8X3u0D9L8$3N6Q4x3V1j5`.
542K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6&6L8%4u0G2K9g2)9J5k6h3y4G2L8i4m8S2L8Y4W2Q4x3V1k6J5k6i4y4W2j5i4u0U0K9q4)9J5c8R3`.`.
80cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2Y4k6r3q4@1j5i4y4G2k6Y4c8%4j5i4u0W2i4K6u0W2j5$3!0E0i4K6u0r3j5X3I4G2k6#2)9J5c8Y4c8W2j5$3S2T1L8r3!0Y4
勒索病毒相关网站
786K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6A6k6q4)9J5k6s2u0S2L8Y4y4G2L8i4N6S2M7X3g2Q4x3X3g2E0j5h3I4%4j5i4u0W2K9s2g2F1N6r3g2J5N6r3g2S2L8g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
e77K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2T1L8%4c8X3M7X3g2A6i4K6u0W2k6r3g2Q4x3V1k6V1k6g2)9J5c8Y4u0S2L8Y4y4G2L8i4N6S2M7X3g2Q4x3V1k6Y4j5h3I4W2M7X3W2W2i4K6u0W2K9s2c8E0L8l9`.`.
6daK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6A6k6q4)9J5k6s2u0S2L8Y4y4G2L8i4N6S2M7X3g2Q4x3X3g2E0j5h3I4%4j5i4u0W2K9s2g2F1N6r3g2J5N6r3g2S2L8g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
a69K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6F1L8%4u0S2L8Y4y4G2L8g2)9J5k6h3E0S2M7%4m8W2M7Y4y4C8P5g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
f2bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2S2N6X3q4K6N6q4)9J5k6h3y4G2L8g2)9J5c8Y4A6Z5i4K6u0V1j5$3&6Q4x3V1k6J5j5h3&6K6L8$3#2%4j5i4u0W2i4K6u0V1k6r3g2U0M7Y4W2H3N6r3W2G2L8W2)9J5k6s2c8G2L8$3I4K6
2faK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4#2M7s2m8G2M7Y4c8Q4x3X3g2S2M7$3W2S2K9h3&6X3L8#2)9J5k6s2y4W2j5#2)9J5k6h3y4G2L8g2)9J5c8V1q4F1N6r3W2Q4x3X3c8h3K9i4u0#2M7#2)9J5c8V1y4D9k6h3q4F1i4K6u0V1g2r3!0G2L8q4)9J5c8W2c8G2L8$3I4K6i4K6u0r3f1X3q4F1M7$3!0E0N6$3q4J5k6f1k6A6L8r3g2p5k6h3y4J5P5i4m8@1L8%4u0Q4x3V1j5`.
726K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2F1L8$3#2G2M7X3g2J5j5h3&6K6L8$3#2Q4x3X3g2G2M7X3N6Q4x3V1k6*7K9q4)9J5c8X3c8W2j5%4u0&6M7s2c8A6L8$3&6Q4x3X3c8@1L8$3!0D9M7#2)9J5k6h3S2@1L8h3H3`.
d39K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2W2L8i4y4A6M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8X3c8W2j5%4u0&6M7s2c8W2M7W2)9J5c8R3`.`.
门罗币查询网站
8b5K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0K9h3&6W2P5r3#2J5i4K6u0W2j5$3!0E0i4K6u0r3
7f4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6^5L8i4u0Q4x3X3g2F1j5h3&6G2M7r3!0G2L8q4)9J5k6h3!0J5k6#2)9J5c8R3`.`.
比特币查询网站
b12K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2T1L8r3!0U0K9$3y4Z5j5h3W2F1i4K6u0W2j5$3!0E0i4K6u0r3k6i4S2H3L8r3!0J5k6i4t1`.
矿池查询网站
5f0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2X3x3Y4m8G2L8$3I4Q4x3X3g2U0L8$3#2Q4x3V1j5`.
ATT&CK
d36K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2N6s2c8S2j5$3E0Q4x3X3g2E0K9i4c8J5k6g2)9J5k6h3!0J5k6#2)9J5c8R3`.`.
e56K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6A6M7X3g2V1i4K6u0W2N6r3g2S2L8g2)9J5c8X3!0X3k6X3g2F1M7$3W2$3k6g2)9J5k6s2y4W2j5%4g2J5K9i4c8&6i4K6u0r3M7X3g2V1i4K6u0V1N6r3g2S2L8g2)9J5k6r3W2F1k6Y4u0S2M7%4c8J5N6h3y4@1N6i4u0W2
f19K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0K9i4c8J5k6g2)9J5k6r3q4@1N6r3q4U0K9#2)9J5k6h3N6A6N6r3S2#2j5W2)9J5k6h3W2G2i4K6u0r3j5i4c8@1j5h3y4C8i4K6u0V1L8X3q4$3K9h3N6S2N6r3!0J5i4K6u0r3k6h3&6@1k6i4u0H3M7X3W2K6k6g2)9J5c8R3`.`.
APT 相关的一些资料来源
关于APT的维基百科,里面有很多参考链接可以学习
941K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6W2L8W2)9J5k6i4N6A6K9$3W2H3k6h3c8A6j5g2)9J5k6h3!0J5k6#2)9J5c8Y4N6A6K9$3W2Q4x3V1k6m8k6s2k6S2L8X3y4W2k6q4)9#2k6Y4m8W2M7Y4y4A6M7%4c8W2L8Y4c8Q4y4h3k6@1K9s2u0W2j5i4b7`.
Mitre ATTCK总结的APT
afdK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2N6s2c8S2j5$3E0Q4x3X3g2E0K9i4c8J5k6g2)9J5k6h3!0J5k6#2)9J5c8X3N6J5L8%4g2H3M7#2)9J5c8V1M7H3x3o6M7&6i4K6u0r3
Fireeye关于APT报告的首页
804K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2X3K9i4u0W2k6i4W2W2i4K6u0W2j5$3!0E0i4K6u0r3j5%4g2J5M7X3g2F1N6q4)9J5k6s2c8Z5M7X3g2S2N6s2y4Q4x3V1k6S2M7s2c8Q4x3X3c8Y4M7X3!0#2M7s2y4Q4x3X3g2Z5N6r3#2D9
泰国的APT卡片,也很有意思
03aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2@1K9r3q4A6j5$3g2J5N6q4)9J5k6h3!0J5i4K6u0W2N6r3S2Q4x3V1k6V1L8%4N6F1L8r3!0S2k6s2y4Q4x3V1k6X3K9h3I4W2M7#2)9J5c8W2c8Z5M7X3g2S2N6q4)9#2k6V1N6J5L8%4g2H3i4K6g2X3b7$3q4J5k6s2y4Q4y4h3k6$3x3W2)9J5k6e0m8Q4x3X3g2H3k6r3j5`.
暂时好像就想到这么多了,之后如果有补充的话会放在评论里,也欢迎各位大佬分享交流~
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
