HariCipher/bandook-c2-traffic-analysis — reverse-engineered prompt

Build me a clean GitHub project that reads like a cybersecurity traffic analysis report for Bandook RAT C2 traffic from the August 1 2023 PCAP source on malware traffic analysis dot net.

I want it to explain, in plain language, what was found in Wireshark and tshark, including the infected host 10.8.1.101, the local DNS server 10.8.1.1, the two C2 servers 185.10.68.52:6591 and 185.10.68.127:6591, and the domain vrunabo.su. Make the main README summarize the story clearly, then create a deeper analysis file with a step by step walkthrough, commands, observations, and places for screenshots. Also create a simple IOC text file that defenders can copy from.

Include detection ideas like blocking unusual outbound TCP on port 6591, watching for .su DNS queries, and alerting on large outbound transfers to one outside IP. Add a short MITRE ATT&CK mapping. Keep it practical and readable, not overly academic.