https://mikehorn-git.github.io/tags/cti/ Recent content in CTI on Mike.Horn Hugo en Sun, 29 Sep 2024 00:00:00 +0200 https://mikehorn-git.github.io/writeups/cyberdefenders/red_stealer/ Sun, 29 Sep 2024 00:00:00 +0200 https://mikehorn-git.github.io/writeups/cyberdefenders/red_stealer/ <h1 id="introduction">Introduction</h1> <p>Tools recommended by the author (important for this analysis):</p> <ul> <li>Whois</li> <li>VirusTotal</li> <li>MalwareBazaar</li> <li>ThreatFox</li> </ul> <hr> <h1 id="q1-categorizing-malware-allows-for-a-quicker-and-easier-understanding-of-the-malware-aiding-in-understanding-its-distinct-behaviors-and-attack-vectors-whats-the-identified-malwares-category">Q1: Categorizing malware allows for a quicker and easier understanding of the malware, aiding in understanding its distinct behaviors and attack vectors. What&rsquo;s the identified malware&rsquo;s category?</h1> <p>Submit the file hash to <strong>VirusTotal</strong> and review the main summary page.</p> <p><img alt="MainPage" loading="lazy" src="../../writeups/cyberdefenders/red_stealer/2024-09-28T16:05:54,875091188+02:00.png"></p> <p>Identify the malware <strong>category</strong> based on detection labels and classification.</p> <hr> <h1 id="q2-clear-identification-of-the-malware-file-name-facilitates-better-communication-among-the-soc-team-whats-the-file-name-associated-with-this-malware">Q2: Clear identification of the malware file name facilitates better communication among the SOC team. What&rsquo;s the file name associated with this malware?</h1> <p>On the <strong>VirusTotal</strong> main/detection page, locate the file details.</p>