Diving into sandbox-captured malware data
Looking for malware in all the right places (with the right tool!)
I’m sure at some point you’ve received a report or alert from some entity — US-CERT, DHS, someone on Twitter retweeting a security researcher or an anti-virus company, maybe even your bank or credit union? — about a specific threat actor and the malware they may wield against your organization’s network. You know, like the malware in the screenshot above.
What do you do if you want to learn how that malware works so you can prepare to respond?
If I were to give you a free software tool to help you search through hundreds of network packet captures to find information about that specific piece of malware, would that help?
By the time you are done reading this article, you can have a tool and know how to use it to get network packet capture files as well!
The cycle starts here…
When some malicious actor compromises the integrity and the confidentiality of your information systems (and by extension the information within them), you need to act.
We’ll assume for the moment you did everything you knew about to prevent this from happening, but you were still compromised.