How do I identify a delivery mechanism of the attack when viewing a packet capture?
The packet capture can be found at this link: https://drive.google.com/open?id=17kB...
Here are the questions: * What is the delivery mechanism of the attack? * What are the IP addresses of the malicious servers in the attack? * Were any files downloaded, if so, what were they and what were the file contents purpose? * What is the primary C2 server IP? * What type of C2 is being used in the attack? * What is the packet number of the first TCP handshake with the primary C2 server?
Hello Anonymous
Your trace file has the name "Challenge.pcapng". Given the questions it looks like you are trying to cheat on your homework - or during a competition.
A short look at the trace file however shows, that this is real fun. I am sure that a good number of professionals in the Wireshark community will enjoy the trace.