This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 7.1 of Analyst Practice and Reporting
The first task after a sample lands on the analyst desk: extract Indicators of Compromise — file hashes, network artifacts, registry keys, mutex names, and YARA-matchable byte patterns. The second task is pivoting: using one IOC to find related samples, infrastructure, and campaign linkages through VirusTotal, MalwareBazaar, and OpenCTI.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Video content coming soon.
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
VirusTotal
Primary pivot platform. Hash lookup, domain/IP history, relations graph, and community comments.
MalwareBazaar
Sample repository with tag-based search. Free API for hash and tag lookups.
David Bianco: The Pyramid of Pain
The original 2013 post introducing the Pyramid of Pain IOC quality framework. Still the best introduction.
Quadrant 4 · Self-Assessment
Analyst Practice and Reporting
Final unit assessment covering IOC extraction and pivoting, MITRE ATT&CK technique mapping, and writing the malware analysis report. 20 questions, 60% to pass.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.