Hello
What you need is forensic specialist, according your words in the description you need to track down the source and attack origin , in order to do that you need to spend some time analyzing pcaps (data network traffic), current syscalls in the infected system etc etc .. I'll be happy to assist in this case im certified Ethical hacker and OSCP.
Thanks