Malware Introduction - O-LavenderAshburn/Knowledgebase_MalwareAnalysis GitHub Wiki

Malware

Malware (Malicious Software) is defined as any kind of program that is designed with malicious intent to exploit, harm or compromise a system, network, or device.

Main Focus

The main focus of this wiki will be Windows based malware.

Types of Malware

Diffetent types of malware can be identifed based on the malwares goal or intent. Some common malware types are as follows but not limited to.

  1. Adware : Malware that displays unwanted advertisements.
  2. Launcher : Malicious software that executes other malware.
  3. Downloader : Malware that fetches and installs additional malicious payloads from the internet.
  4. Worm : Self-replicating malware that propergates across networks without user interaction.
  5. Botnet : A network of compromised devices that are remotely controlled by bad actors.
  6. Backdoor : Hidden malware that allows unauthorized access to a system by bypassing normal authentication protocols.
  7. Ransomware : Malware used to lock systems until a ransom is paid.
  8. Spyware : Malware that gathers information about a user and sends to an adversary

For more information on malware types see this Crowd Strike article.

Malware Behaviors

Malware behaviour generally depends what kind of type it is but the following list is common behaviours exibited by most malware and what they may consist of but not limited to.

  • Initial infection : The origin of the malware i.e. the way it was delivered. Malicious download/link or downloaded via Downloader.
  • Persistence : Registry modification for startup execution and hiding itself as a service.
  • Propergation : Self replication and network or device propagation.
  • Payload execution : Execution of the paylaod to acheive the main goal of the malware.
  • Data exfiltration : Exfiltration of targeted or general data via netwoks protocols or phyical devices.
  • Evasion : Anti debugging, obfuscation and self modification (Keeping the main functinailty)

Useful websites

Malware Databases

  • VirusTotal Malware scanning platform
  • Malware databases such as MalwareBazaar host live malware samples ⚠ Never run malware on your main system!

Threat & Intelligence:

  • MITRE ATT&CK : Information about adversaries and how they use malware.
  • OWASP : Open Worldwide Application Security Project. Freely available articles, methodologies, documentation, tools
  • CVE.org - Publicly disclosed cybersecurity vulnerabilities

News And More