Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. This tutorial is designed for security professionals who investigate suspicious network activity and review packet captures (pcaps). In this tutorial, we cover examples of Hancitor with Cobalt Strike, Ficker Stealer, NetSupport Manager RAT, a network ping tool and Send-Safe spambot malware. It provides tips on identifying Hancitor and its followup malware. This Wireshark tutorial reviews activity from recent Hancitor infections. Hancitor establishes initial access on a vulnerable Windows host and sends additional malware.
Also known as Chanitor, Hancitor is malware used by a threat actor designated as MAN1, Moskalvzapoe or TA511.
0 kommentar(er)
