2019-04-15 - TRAFFIC ANALYSIS EXERCISE - STINGRAYAHOY

ASSOCIATED FILES:

  • 2019-04-15-traffic-analysis-exercise.pcap   (7,329,433 bytes)
  • 2019-04-15-traffic-analysis-exercise-alerts.jpg   (526,496 bytes)
  • 2019-04-15-traffic-analysis-exercise-alerts.txt   (5,785 bytes)

NOTES:

 

SCENARIO

LAN segment data:

 

YOUR TASK

Review the pcap and alerts, then write an incident report for this infected Windows host.  The zip archive of malware and artifacts is a bonus, provided to help you better understand this infection, if needed.  See below for a suggested template for an incident report.

Executive summary:

On 2019-04-15 at ??:?? UTC, a Windows host used by ????????? was infected with ???????

Details of the infected Windows host:

IP address:
MAC address:
Host name:
Windows user account name:

Indicators of Compromise:

[List of URLs, domains, IP addresses, and SHA256 hashes related to the infection should appear in this section]

 

ANSWERS

 

Click here to return to the main page.