Network IOCs monitoring

TCPview

TCPview, part of the official Windows sysinternals suite, monitors every socket opened on our computer.

InetSim

Inetsim is a software that simulates internet services in a lab environment, for the purpose of malware analysis. All one needs to do is setup the ip address of the machine running inetsim as the preferred DNS of our reverse-engineering machines ; every network call to an url or other outbound network actions performed by said machines will be pipelined to our simulated services, which include an HTTP server, a DNS server, an SMB fileshare, and more .

Wireshark

Wireshark is a packet sniffer and analysis tool with the ability to intercept every packet sent on the network its host machine is currently connected on