2015-02-08 - TRAFFIC ANALYSIS EXERCISE: DARE YOU INVESTIGATE ANY FURTHER?

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

PCAP AND MORE:

• 2015-02-08-traffic-analysis-exercise.pcap.zip   1.9 MB (1,937,094 bytes)
• 2015-02-08-traffic-analysis-exercise-email-the-user-received.eml.zip   13.3 kB (13,279 bytes)
• 2015-02-08-traffic-analysis-exercise-all-the-malware.zip   353.2 kB (353,227 bytes)

 

SECOND DECISION POINT - YOU GET ALL THE INFORMATION YOU CAN BEFORE FINISHING THE REPORT

Here's the Dyreza file taken from the forensic image of Mike's infected computer:

 

See the link above for a zip file containing the associated malware.  It's a zip archive containing the zip attachment, extracted Upatre downloader, and Dyreza malware found on the infected host.

You now have the Dyreza malware, and you can finish your report with the additional info.

• Click here to check the accuracy of your finished report.

 

Click here to return to the main page.