Throughout this chapter, we saw how we can dissect malware such as LokiBot on the packet level and gain insight into its activities on the infected system. We saw how we could decrypt ransomware, and saw strategies for working with the PyLocky and Hidden Tear ransomware samples. We learned how we can use automated techniques by using websites such as VirusTotal, Hybrid-Analysis, and https://packettotal.com/ for our investigation. We worked on a live sample of the Emotet banking Trojan and drew IOCs out of it.
In the next chapter, we will discuss command and control systems and how we can analyze the most common ones. We will be looking into some advanced and popularly used C2 tools to learn about their behavior on the wire and try developing strategies to recognize them.