Malware Presence Confirmation using Network Traffic Analysis
Introduction In today's interconnected digital environment, malware has evolved to use sophisticated techniques such as encrypted communication, domain obfuscation, and distributed command-and-control (C2) infrastructure to evade detection. Traditional signature-based detection methods are often insufficient to identify such threats, making network traffic analysis a critical component of modern cybersecurity. This study focuses on confirming the presence of malware within a network by analyzing packet capture (PCAP) data using Wireshark. By examining DNS queries, TCP connections, TLS handshakes, and traffic patterns, the analysis aims to identify anomalies that indicate malicious activity. Special emphasis is placed on detecting indicators such as typosquatted domains, persistent encrypted communication, abnormal data transfer patterns, and beaconing behavior. The objective of this investigation is not only to detect suspicious activity but also to reconstruct the ...