Continuing along the idea of threat hunting, we can use network traffic to identify evil. If malware is on your network, it is going to try to talk out to its command and control server. There are plenty of ways to look at network traffic but I recommend the tool Glasswire and Wireshark for this purpose. Glasswire identifies processes making network connections and alerts on them. If the process doesn't make sense when it pops up, go to Wireshark and open up the stream to see if it makes sense.
- Download Glasswire https://www.glasswire.com/
- You already should have Wireshark downloaded. If not, download it.
- Look at the Glasswire alerts.
- Choose one of the alerts for something that isn't a webbrowser and identify the stream in Wireshark.
- Submit a screenshot of the data from Wireshark.