Malware Traffic Analysis Detection and Confirmation of Koi Stealer 1. Introduction We conduct an advanced Malware Traffic Analysis to detect the presence of the Koi Stealer trojan documented in the "Big Fish in a Little Pond" exercise. By analyzing raw network data (PCAP), we simulate the role of a SOC Analyst to confirm the compromise of a Windows host within a corporate LAN. This study highlights the behavioral patterns of Koi Stealer from its initial obfuscated beacons to persistent Command and Control (C2) communications and sensitive data exfiltration. 2. Objectives Identify explicit malicious signatures and traffic patterns within the network capture. Determine the internal host affected (IP, MAC, Hostname) and the Command and Control server details. Track the method and volume of data being exfiltrated from the internal network to the attacker server. Compile a list of Indicators of Compromise (IoCs) for future defensive measures. 3. Fil...