I’ve been playing with some educational traffic captures from malware-traffic-analysis, and i wanted to get a bit dipper than just analyze pcap itself and answer training questions. I’ve exported some file samples used during the attack and need some help to recover the kill chain.
So here is the contents of interest.
Entropy analysis shows it is not encrypted (falls into “regular English text” range), so i presume its is some JS script. And the data itself kinda seems to be some variation of “kid’s secret language”. But anyway i could not figure out who to crack such thing. Need advice on what is the general approach to such cases?