The SOC team has detected suspicious activity in the network traffic, revealing that a machine has been compromised. Sensitive company information has been stolen. Your task is to use Network Capture (PCAP) files and Threat Intelligence to investigate the incident and determine how the breach occurred.
**https://cyberdefenders.org/blueteam-ctf-challenges/danabot/**
since I’m dealing with a well known trojan i start reading reports from any.run before solving anything
https://any.run/malware-trends/danabot/
https://app.any.run/tasks/7475349c-df16-4e19-ae7a-53ab676008fd/
https://any.run/report/847b4ad90b1daba2d9117a8e05776f3f902dda593fb1252289538acf476c4268/a886894d-8ae4-4d59-a990-b59536885da8
https://any.run/report/2597322a49a6252445ca4c8d713320b238113b3b8fd8a2d6fc1088a5934cee0e/9c91e420-2515-437e-a60b-ea0aff0050dc
https://any.run/report/db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1/c86d0817-7fab-4dcf-a353-577e81e65d95
