Applications PCAPTwo.pcap [Software Updat... PCAPTwo.pcap File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help No. Apply a display filter ... Time Source 1 2024-05-24 09:58:... 82.2.64.107 2 2024-05-24 09:58: 10.0.9.171 3 2024-05-24 09:58:... 10.0.9.171 4 2024-05-24 09:58:... 10.0.9.171 5 2024-05-24 09:58:... 10.0.9.171 6 2024-05-24 09:58:... 10.0.9.171 7 2024-05-24 09:58:... 10.0.9.171 8 2024-05-24 09:58:... 10.0.9.171 9 2024-05-24 09:58:... 10.0.9.171 10 2024-05-24 09:58:... 10.0.9.171 11 2024-05-24 09:58:... 10.0.9.171 10:46 ** Ubuntu Expression... Protocol TLSv1.2 Destination 10.0.9.171 82.2.64.107 TCP 82.2.64.107 82.2.64.107 82.2.64.107 82.2.64.107 82.2.64.107 TCP TCP TCP TCP TCP 82.2.64.107 TCP 82.2.64.107 TCP 82.2.64.107 TCP 82.2.64.107 TCP Frame 1: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) Ethernet II, Src: 0a:e3: db: 16: c7:02 (0a:e3: db: 16: c7:02), Dst: 0a:e4:88:11:df:37 Internet Protocol Version 4, Src: 82.2.64.107, Dst: 10.0.9.171 0100 Version: 4 .... 0101 = Header Length: 20 bytes (5) ▸ Differentiated Services Field: 0x00 (DSCP: CSO, ECN: Not-ECT) Total Length: 74 Identification: 0x7da0 (32160) 0000 0a e4 88 11 df 37 0a e3 0010 00 4a 7d a0 40 00 70 06 0020 09 ab db 6b 01 bb b7 c9 0030 08 05 d4 lc 00 00 17 03 0040 4b ed a4 80 40 d9 9d 5d db 16 c7 02 08 00 45 00 е6 f5 52 02 40 6b 0a 00 72 70 56 e2 32 25 50 18 03 00 1d ab Oc 47 90 C8 4d 40 8d bf d4 38 fc 64 7. J}.@.p. .R.@k rpV-2%P G. k KaMa...8.d Differentiated...field), 1 byte Packets: 3829 Displayed: 3829 (100.0%) Profile: Default

PCAP Two) Review the IPs the infected system has communicated with. Perform OSINT searches to identify the malware family tied to this infrastructure (Format: MalwareName)

 

where woui find this answer 

Transcribed Image Text:

Applications PCAPTwo.pcap [Software Updat... PCAPTwo.pcap File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help No. Apply a display filter ... <Ctrl-/> Time Source 1 2024-05-24 09:58:... 82.2.64.107 2 2024-05-24 09:58: 10.0.9.171 3 2024-05-24 09:58:... 10.0.9.171 4 2024-05-24 09:58:... 10.0.9.171 5 2024-05-24 09:58:... 10.0.9.171 6 2024-05-24 09:58:... 10.0.9.171 7 2024-05-24 09:58:... 10.0.9.171 8 2024-05-24 09:58:... 10.0.9.171 9 2024-05-24 09:58:... 10.0.9.171 10 2024-05-24 09:58:... 10.0.9.171 11 2024-05-24 09:58:... 10.0.9.171 10:46 ** Ubuntu Expression... Protocol TLSv1.2 Destination 10.0.9.171 82.2.64.107 TCP 82.2.64.107 82.2.64.107 82.2.64.107 82.2.64.107 82.2.64.107 TCP TCP TCP TCP TCP 82.2.64.107 TCP 82.2.64.107 TCP 82.2.64.107 TCP 82.2.64.107 TCP Frame 1: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) Ethernet II, Src: 0a:e3: db: 16: c7:02 (0a:e3: db: 16: c7:02), Dst: 0a:e4:88:11:df:37 Internet Protocol Version 4, Src: 82.2.64.107, Dst: 10.0.9.171 0100 Version: 4 .... 0101 = Header Length: 20 bytes (5) ▸ Differentiated Services Field: 0x00 (DSCP: CSO, ECN: Not-ECT) Total Length: 74 Identification: 0x7da0 (32160) 0000 0a e4 88 11 df 37 0a e3 0010 00 4a 7d a0 40 00 70 06 0020 09 ab db 6b 01 bb b7 c9 0030 08 05 d4 lc 00 00 17 03 0040 4b ed a4 80 40 d9 9d 5d db 16 c7 02 08 00 45 00 е6 f5 52 02 40 6b 0a 00 72 70 56 e2 32 25 50 18 03 00 1d ab Oc 47 90 C8 4d 40 8d bf d4 38 fc 64 7. J}.@.p. .R.@k rpV-2%P G. k KaMa...8.d Differentiated...field), 1 byte Packets: 3829 Displayed: 3829 (100.0%) Profile: Default