Warning: The pcaps for this tutorial contain Windows-based malware. You will need to access a GitHub repository with ZIP archives containing the pcaps used for this tutorial. Note: These instructions assume you have customized Wireshark as described in our previous Wireshark tutorial about customizing the column display. Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. This tutorial is designed for security professionals who investigate suspicious network activity and review packet captures (pcaps). In this tutorial, we cover examples of Hancitor with Cobalt Strike, Ficker Stealer, NetSupport Manager RAT, a network ping tool and Send-Safe spambot malware. It provides tips on identifying Hancitor and its followup malware.
This Wireshark tutorial reviews activity from recent Hancitor infections. Hancitor establishes initial access on a vulnerable Windows host and sends additional malware. Also known as Chanitor, Hancitor is malware used by a threat actor designated as MAN1, Moskalvzapoe or TA511.
0 kommentar(er)
