Hunter (Signature and Hash tool)
There is no one silver bullet for the Advance Persistent Threat (APT). However, it is critical to know your running environment and what exist on systems. This is a critical first step to even begin to grapple with APT (Advance Persistent Threat).
System administrators and security analysts often need to assess the validity of Windows system and application files loaded on a critical end-point or server device. Questions about where files came from, whether the files have been maliciously modified, whether a troublesome version is present.
While APT malware can remain stealthy at the host level, the network activity associated with remote control is more easily identified. As such, APT’s are most effectively identified at a network level.
Pulling together file signature, hashes (md5, sha1, sha256), integrity, network details, running application binding to port and protocols, client DNS cache details, current applications and hotfixes on the client will help make that first step to addressing APT.
This information isn't always easy to get. We offer a free Hunter tool that will harvest these details into a sqlite database and if desired produce an excel report.
Our Free Hunter Tool version 1.5 (~5.3M)
This needs to be ran from a command prompt with admin rights on the local box.
Again, there is no one silver bullet for the Advance Persistent Threat (APT), but this will get you started down the path of knowing your environment. The sqlite databases across multiple clients can be harvested and ingesting into a larger centralized database entity, MySQL, Hadoop, or BigData solution to begin deeper analysis and reporting.
Contact us for more details and free consultation.
For more information on APT, visit our page here.
