🟦
LSWSec-Defensive
  • LSWSec - Defensive Security Notes
  • General
    • Tool List
  • Threat Intelligence
    • Introduction
    • Threat Actors and APTs
    • Operational Threat Intelligence
    • Tactical Threat Intelligence
    • Strategic Threat Intelligence
    • Malware and Global Campaigns
  • Phishing
    • Introduction
    • Investigating a Phishing Email
    • Analysing
    • Defensive Action
    • Reactive Measures
    • Report Writing
  • Digital Forensics
    • Introduction
    • Digital Evidence and Handling
    • Memory, Pagefile and Hibernation file
    • Digital Evidence Collection
    • Windows Investigation
    • Linux Investigations
    • Volatility
    • Autopsy
    • Windows Commands
      • Network Discovery
      • DHCP
      • DNS
  • SIEM
    • Introduction
    • Logging
    • Correlation
  • Incident Response
    • Introduction
    • Preperation
    • Detection & Analysis
    • Containment, Eradication and Recovery
    • reporting
    • MITRE Att&ck
  • Event Viewer
    • event Summary
    • Event ID: 4648
    • Event ID: 4776
    • Event ID: 4673
    • Event ID: 4625
Powered by GitBook
On this page
  • Types Of Malware
  • Trickbot
  • Sodinokibi
  • mageCart
  1. Threat Intelligence

Malware and Global Campaigns

Types Of Malware

Trojan

A trojan is malware that is designed to look like legitimate applications.

Once the application is installed the trojan can do what task it is designed to do, like install a back door.

Since the user has to willingly install the application, social engineering or phishing is often used with this type of malware.

Backdoors

This is a general term for any software or application which allows external privileged access to the system. These can lead to persistent access on the victim mahine.

Worms

This type of malware can self-replicate and spread to other systems. They can be designed to perform different actions on the victim system.

Virus

A virus attaches itself to the files on a victim system. This causes abnormal behaviour. They require user interaction to run.

RootKits

This is designed to stay inconspicuous and covertly gather information.

This can infect BIOS, bootloader, memory or applications and are very difficult to detect.

Ransomware

This encrypts the computer's file system then requests payments to decrypt them.

APT Malware

These are highly sophisticated and often state sponsored. They use custom-built malware to penetrate its targets.

Trickbot

  • Trojan

  • Seal sensitive user information

  • Can do web attacks, install malware and information from victims machines.

  • Developed into a worm then a malware solution then an all in one attack framework “the anchor”

  • Distributed through spam emails

Sodinokibi

  • Ransomware

  • Though to be developed by APT Gold Garden

  • Uses a zip file that is downloaded.

  • Macros i the Zip will start the encryption process

mageCart

  • Used to steal payment information

PreviousStrategic Threat IntelligenceNextIntroduction

Last updated 1 year ago