2015-05-29 - TRAFFIC ANALYSIS EXERCISE

 

NOTES

 

 

SCENARIO

You're working as an analyst at your organization's Security Operations Center (SOC).  One of the other analysts was investigating alerts on a Windows host, and the computer is infected.  That analyst retrieved a pcap of network traffic from the associated IP address.

You've been asked to review the pcap and document your findings in an incident report.  Be sure to include the date and time of the activity, IP adress, MAC address, and host name of the computer.  Try to identify the malware and include any indicators of compromise (IOC) found during your investigation.

 

 

ANSWERS