Malware Traffic Analysis with Wireshark

Why does this topic matter?

• Malware traffic analysis is vital in cybersecurity for detecting and preventing malicious activities, understanding malware behavior, and aiding in incident response and forensic investigations. It plays a critical role in protecting critical infrastructure, managing cybersecurity risks, and enhancing defensive measures.
• Analyzing network traffic generated by malware, organizations can effectively mitigate cyber threats, comply with regulations, and strengthen their overall cybersecurity posture.

You just started a new job as a Malware Analyst. Explain your job responsibilities to a family member.

• I would tell my family member that I spend my time analyzing different types of malicious software, kind of like detective work. I look at how malicious software work, what they do to computer systems, and most importantly, how an organization can stop them.

What are the six steps of the Malware Analysis process? What’s a good mnemonic you can use to remember it?

• The six steps of the Malware analysis process are the following: Identification, Collection, Analysis, Reverse Engineering, Mitigation, and Reporting.
• A mnemonic I use to remember is ICAARM, I see a arm. Stands for Identification, Collection, Analysis, Reverse Engineering, Mitigation, and Reporting.

You are tasked with analyzing a new malware sample. Which type of malware analysis would you conduct first and why?

• For analyzing a new malware sample, its best practice to use a static analysis. This analysis allows me to extract information such as metadata, strings within the binary, and other potentially suspicious behavior based on file's structure

Things I want to know more about.

• I want to know more about anomaly detection when it comes to malware traffic.