1 |
Myungcheol Lee, Daesung Moon and Ikkyun Kim, "Real-time Abnormal Behavior Detection System based on Fast Data," Journal of The Korea Institute of information Security & Cryptology, 25(5), pp. 1027-1041, Oct. 2015.
DOI
|
2 |
Microsoft Docs, "Filter Manager and Minifilter Driver Architecture" https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/filter-manager-and-minifilter-driver-architecture/, Jan. 7 2020.
|
3 |
Microsoft Docs, "Process Monitor" https://docs.microsoft.com/en-us/sysinternals/downloads/procmon/, Jan. 7 2020.
|
4 |
Microsoft Docs, "CmRegisterCallbackEx" https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-cmregistercallbackex/, Jan. 7 2020.
|
5 |
Microsoft Docs, "PsSetCreateProcessNotifyRoutineEx" https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-pssetcreateprocessnotifyroutineex/, Jan. 7 2020.
|
6 |
Microsoft Docs, "PsSetCreateThreadNotifyRoutine" https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nf-ntddk-pssetcreatethreadnotifyroutine/, Jan. 7 2020.
|
7 |
Wikipedia, "Fileless malware" https://en.wikipedia.org/wiki/Fileless_malware, Jan. 7 2020.
|
8 |
Trendmicro, "Command and Control [C&C] Server" https://www.trendmicro.com/vinfo/us/security/definition/command-and-control-server, Jan. 7 2020.
|
9 |
Raymond J. Canzanese, Jr, "Detection and classification of malicious processes using system call analysis," Doctor of Philosophy, Drexel University, May 2015.
|
10 |
Microsoft Docs, "CRITICAL_OBJECT_T ERMINATION" https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0xf4-critical-object-termination, Jan. 7 2020.
|
11 |
Microsoft Docs, "PsGetCurrentProcessId" https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nfntddk-psgetcurrentprocessid/, Jan. 7 2020.
|
12 |
Microsoft Docs, "PsGetCurrentThreadId" https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntddk/nfntddk-psgetcurrentthreadid/, Jan. 7 2020.
|
13 |
Malwarebytes, "GandCrab" https://www.malwarebytes.com/gandcrab/, Jan.7 2020.
|
14 |
Microsoft Docs, "CreateRemoteThread" https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread/, Jan. 7 2020.
|
15 |
Wikipedia, "Hash table" https://en.wikipedia.org/wiki/Hash_table, Jan. 7 2020.
|
16 |
Wikipedia, "CryptoLocker" https://en.wikipedia.org/wiki/CryptoLocker, Jan.7 2020.
|
17 |
PCrisk, "SymmyWare" https://www.pcrisk.com/removal-guides/13980-symmyware-ransomware, Jan. 7 2020.
|
18 |
Red Teaming Experiments, "Reflective DLL Injection" https://ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection, Jan. 7 2020.
|