Examination of the PCAP capture lists various domain names that were also identified during static analysis, as shown in Figure 14. These domain names and IOCs have been classified by Sophos Labs as malware/callhome ; the initial and secondary JavaScript files are classified as JS/Drop-DIJ and JS/Gootkit-AW respectively.