Malware Domain List

Malware Related => Malware Analysis => Topic started by: SysAdMini on January 01, 2010, 01:23:39 pm

Title: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on January 01, 2010, 01:23:39 pm
Quote
TDL or TDSS family is a famous trojan variant for its effectiveness and active technical
development. It contains couple compoments: a kernel-mode rootkit and user-mode
DLLs which performs the trojan operation such as downloaders, blocking Avs, etc,. Since
the rootkit acts as an “injector” and protector for the usermode bot binaries, almost all
technical evolutions of this threat family focus on rootkit technology so as to evade AV
scanners.
As in its name, TDL3 is the 3rd generation of TDL rootkit which still takes its aims at
convering stealthy existences of its malicious codes. Beside known features, this threat is
exposed with a couple of impressive tricks which help it bypassing personal firewall and
staying totally undetected by all AVs and ARKs at the moment. These aspects and
techniques will be discussed in more detail in the sections that follow.


http://www.rootkit.com/vault/thug4lif3/tdl3_analysis_paper_ed.rar

password: tdl3_analysis
Title: Re: TDL3/TDSS analysis paper
Post by: SysAdMini on June 28, 2010, 11:50:30 am
Whitepaper from F-Secure
http://www.f-secure.com/weblog/archives/The_Case_of_TDL3.pdf
Title: Re: TDL3/TDSS analysis paper
Post by: himfack on June 28, 2010, 01:06:41 pm
in addition
http://www.securelist.com/ru/analysis/208050642/TDSS ((in russian))
http://www.eset.com/resources/white-papers/TDL3-Analysis.pdf
Title: Re: TDL3/TDSS analysis paper
Post by: SysAdMini on August 05, 2010, 10:08:40 am
TDSS analysis by Kaspersky
http://www.securelist.com/en/analysis/204792131/TDSS
Title: Re: TDL3/TDSS analysis paper
Post by: SysAdMini on August 09, 2010, 06:06:18 am
TDSS: full disclosure
http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http://www.nobunkum.ru/issue003/tdss-botnet/&sl=ru&tl=en
Title: Re: TDL3/TDSS analysis paper
Post by: SysAdMini on October 12, 2010, 05:59:11 am
tool for dump tdl3 fs from ESET
www.eset.ru/.viruslab/analytics/tdlfsdumper.zip
Title: Re: TDL3/TDSS analysis paper
Post by: SysAdMini on January 25, 2011, 06:20:48 pm
TDSS. TDL-4 analysis by Kaspersky
http://www.securelist.com/en/analysis/204792157/TDSS_TDL_4
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on January 25, 2011, 06:30:40 pm
TDL4 analysis paper
http://www.aall86.altervista.org/TDLRootkit/TDL4_Analysis_Paper.pdf
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on January 25, 2011, 06:32:05 pm
Peeling Apart TDL4 and Other Seeds of Evil Part I
http://perpetualhorizon.blogspot.com/2010/12/peeling-apart-tdl4-and-other-seeds-of.html
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on January 25, 2011, 06:35:12 pm
Alureon : The First ITW 64-bit Windows Rootkit
http://www.virusbtn.com/pdf/conference_slides/2010/Johnson-VB2010.pdf
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on January 25, 2011, 06:35:57 pm
How the TLD4 rootkit gets around driver signing policy on a 64-bit machine
http://sunbeltblog.blogspot.com/2010/11/how-tld4-rootkit-gets-around-driver.html
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on March 30, 2011, 08:21:00 pm
The Evolution of TDL: Conquering x64
http://www.eset.com/us/resources/white-papers/The_Evolution_of_TDL.pdf
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on May 06, 2011, 06:54:54 pm
Backdoor.Tidserv and x64
http://www.symantec.com/connect/blogs/backdoortidserv-and-x64
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on May 11, 2011, 02:21:41 pm
The co-evolution of TDL4 to bypass the Windows OS Loader patch (KB2506014 )
http://blog.eset.com/2011/05/10/the-co-evolution-of-tdl4-to-bypass-the-windows-os-loader-patch-kb2506014
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on May 15, 2011, 05:59:17 pm
TDSS part 1: The x64 Dollar Question
http://resources.infosecinstitute.com/tdss4-part-1/

TDSS part 2: Ifs and Bots
http://resources.infosecinstitute.com/tdss4-part-2/

TDSS part 3: Bootkit on the Other Foot
http://resources.infosecinstitute.com/tdss4-part-3/
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on May 25, 2011, 02:31:57 pm
Defeating x64: The Evolution of the TDL Rootkit
http://www.slideshare.net/matrosov/defeating-x64-the-evolution-of-the-tdl-rootkit
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on June 03, 2011, 04:28:10 pm
TDSS loader now got "legs"
http://www.securelist.com/en/blog/208188095/TDSS_loader_now_got_legs
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on June 27, 2011, 08:47:57 am
TDL Tracking: Peer Pressure
http://blog.eset.com/2011/06/27/tdl-tracking-peer-pressure
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on June 27, 2011, 02:27:56 pm
TDL4 – Top Bot
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on June 30, 2011, 08:15:01 pm
TDSS and hacking the hackers
http://blog.eset.com/2011/06/06/tdss-and-hacking-the-hackers

TdlFsReader - tool for dumping TDL file system
http://eset.ru/tools/TdlFsReader.exe
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on July 02, 2011, 11:31:33 am
TDSS:TDL-4 - Bootkit - 101 Approach - Part 1
http://danuxx.blogspot.com/2011/03/tdsstdl-4-bootkit-101-approach-part-1.html
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: rkhunter on July 21, 2011, 06:55:55 pm
Description one of the first TDL3 samples from Dr.Web
http://www.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3)_en.pdf
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on September 26, 2011, 08:39:48 am
A tale of grannies, Chinese herbs, Tom Cruise, Alureon and steganography[/u
http://blogs.technet.com/b/mmpc/archive/2011/09/25/a-tale-of-grannies-chinese-herbs-tom-cruise-alureon-and-steganography.aspx
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on October 19, 2011, 06:11:51 pm
TDL4 rebooted
http://blog.eset.com/2011/10/18/tdl4-rebooted
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on November 15, 2011, 07:51:57 pm
TDSS Bootkit Spawns Clones
http://labs.bitdefender.com/?p=830
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on February 02, 2012, 07:32:21 pm
TDL4 reloaded: Purple Haze all in my brain
http://blog.eset.com/2012/02/02/tdl4-reloaded-purple-haze-all-in-my-brain
Title: Re: TDSS / TDL3 / TDL4 analysis
Post by: SysAdMini on October 18, 2012, 05:59:02 pm
Olmasco bootkit: next circle of TDL4 evolution (or not?)
http://blog.eset.com/2012/10/18/olmasco-bootkit-next-circle-of-tdl4-evolution-or-not