How do I identify a delivery mechanism of the attack when viewing a packet capture?

asked 2018-04-29 19:11:22 +0000

anonymous user

Anonymous

updated 2018-04-30 16:46:44 +0000

Christian_R gravatar image

The packet capture can be found at this link: https://drive.google.com/open?id=17kB...

Here are the questions: * What is the delivery mechanism of the attack? * What are the IP addresses of the malicious servers in the attack? * Were any files downloaded, if so, what were they and what were the file contents purpose? * What is the primary C2 server IP? * What type of C2 is being used in the attack? * What is the packet number of the first TCP handshake with the primary C2 server?

edit retag flag offensive close merge delete

Comments

Hello Anonymous

Your trace file has the name "Challenge.pcapng". Given the questions it looks like you are trying to cheat on your homework - or during a competition.

A short look at the trace file however shows, that this is real fun. I am sure that a good number of professionals in the Wireshark community will enjoy the trace.

Eddi gravatar imageEddi ( 2018-05-01 10:41:32 +0000 )edit