Overnight, the different listeners we had open were reporting data being sent by the crawler. We had mail files, several document and spreadsheets files, configuration files (host file, info stored on the registry of several machines, etc.) and a matrix map of how the computers were connected to each other or network architecture. It was a crude map, but it was invaluable to us if we decided to start moving inside the attacker’s network.
While Y kept an eye on the computers, D and I began checking the files sent. They were in Russian, or at least Cyrillic. That was to be expected, given where the team was operating. This also meant we needed someone who could translate this information for us.
or Log In