TryHackMe | Carnage WriteUp
Apply your analytical skills to analyze the malicious network traffic using Wireshark. Link - https://tryhackme.com/room/c2carnage After loading the pcap file in wireshark. Change the time display preferences. What was the date and time for the first HTTP connection to the malicious IP? (answer format: yyyy-mm-dd hh:mm:ss) check the HTTP traffic 2021–09–24 16:44:38 What is the name of the zip file that was downloaded? Check the contents of the packet documents.zip What was the domain hosting the malicious zip file? attirenepal.com Without downloading the file, what is the name of the file in the zip file? Right click the packet and follow HTTP stream chart-1530076591.xls What is the name of the webserver of the malicious IP from which the zip file was downloaded? LiteSpeed What is the version of the webserver from the previous question? PHP/7.2.34 Malicious files were downloaded to the victim host from multiple domains. What were the three domains involved with this activity? finejew