Minotaur has gotten a few new upgrades. Most notably on the web frontend is the addition of two new sections in the sample reports. Now, each sample’s traffic capture will be further analyzed for the URIs accessed and all DNS requests and responses.
One hope is that this analysis will provide for a rich dataset for further analytics based on URI patterns, and DNS anomalies.
As an example, the following backchannel requests popped up from sample 6da34a083feef6f9553e492e10537ca5:
Oh how I wish they all were so easy they put “logdata=infected” and “logdata=Executed%20payload” in the URI.