Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How do I identify a delivery mechanism of the attack when viewing a packet capture?

The packet capture can be found at this link: https://drive.google.com/open?id=17kBKQRCnvikd9hDU2E3cI4Xj8kRXwLuP

Here are the questions: * What is the delivery mechanism of the attack? * What are the IP addresses of the malicious servers in the attack? * Were any files downloaded, if so, what were they and what were the file contents purpose? * What is the primary C2 server IP? * What type of C2 is being used in the attack? * What is the packet number of the first TCP handshake with the primary C2 server?

How do I identify a delivery mechanism of the attack when viewing a packet capture?

The packet capture can be found at this link: https://drive.google.com/open?id=17kBKQRCnvikd9hDU2E3cI4Xj8kRXwLuP

Here are the questions: * What is the delivery mechanism of the attack? * What are the IP addresses of the malicious servers in the attack? * Were any files downloaded, if so, what were they and what were the file contents purpose? * What is the primary C2 server IP? * What type of C2 is being used in the attack? * What is the packet number of the first TCP handshake with the primary C2 server?