Warning: Some of the pcaps used for this tutorial contain Windows-based malware. You will need to access a GitHub repository with ZIP archives containing the pcaps used for this tutorial. Note: These instructions assume you have customized Wireshark as described in our previous Wireshark tutorial about customizing the column display. Today’s Wireshark tutorial reviews recent Emotet activity and provides some helpful tips on identifying this malware based on traffic analysis. It has since evolved with additional functions such as a dropper, distributing other malware families like Gootkit, IcedID, Qakbot and Trickbot. Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x.Įmotet is an information-stealer first reported in 2014 as banking malware. This tutorial is designed for security professionals who investigate suspicious network activity and review packet captures (pcaps).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |