2015-03-09 - TRAFFIC ANALYSIS EXERCISE: ANSWER QUESTIONS ABOUT THIS EXPLOIT KIT (EK) ACTIVITY
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
PCAP AND ANSWERS:
- 2015-03-09-traffic-analysis-exercise.pcap.zip 5.3 MB (5,314,238 bytes)
- 2015-03-09-traffic-analysis-exercise-answers.pdf.zip 492 kB (491,957 bytes)
SCENARIO
Use the pcap file above to answer the following:
1) What is the host name of the Windows computer that gets infected?
2) What is the IP address of the Windows computer that gets infected?
3) What is the MAC address of the Windows computer that gets infected?
4) What exploit kit infected the computer? (Angler, Fiesta, Nuclear, Neutrino, Rig?)
5) What compromised website kicked off a chain of events leading to the exploit kit?
6) What is the IP address and domain name of the exploit kit?
Check your answers in the PDF document, which contains more info on the traffic and malware.
Click here to return to the main page.