2018-08-12 - TRAFFIC ANALYSIS EXERCISE - SPUTNIK HOUSE

ASSOCIATED FILES:

NOTES:

 

SCENARIO

You have alerts indicating a computer on the corporate network for sputnikhouse.org at 192.168.1.95 was infected.  You have a pcap of traffic from that host during the general timeframe, and you also have a list of the alerts related to the infected.  Finally, you have 3 emails with malware attachments.  An attachment from one of those 3 emails infected this computer.  Characteristics of your network are:

 


Shown above:  Best I could do on a theme for this month's exercise.

 

YOUR TASK

Figure out which email attachment infected the computer at 192.168.1.95.

 

ANSWERS

 

Click here to return to the main page.