Hello everyone, I have shared a number of documents with you which should be used this week to work on this project. Essentially, you are to select a process in the file "University Incidents" and w
Threat Intelligence Report
Barkly Incident
Date: Current Date
Name: Your Name
Name of Process Investigated
Timestamp of Barkly Incident
Introduction: What type of malware is associated with above process
Identification: Type of file; name; size; hashes; malware names; current anti-virus detection capabilities
Characteristics of malware:
Basic process overview
Symptoms (How do you know its on your computer)
Capabilities: infecting files; self-preservation; spreading; leaking data; stealing data (type); command and control (directions from hacker)
Dependencies: Files and network resources related to functionality (supported OS versions, required initialization files, custom DLLs, executables, URLs, scripts, folders, etc.)
Connections (outbound / inbound)
Associated domains
Attacker information (what group is known to use it)
Supporting Figures:
Logs, screenshots, string excerpts, function listings, (May require access to individual machines…may not be possible, but may have success on internet).
Incident Mitigation:
Indicators for detection on other systems
Eradication process (how do we get rid of it)