2015-03-24 - TRAFFIC ANALYSIS EXERCISE
ASSOCIATED FILES:
- ZIP containing pcap of the traffic: 2015-03-24-traffic-analysis-exercise.pcap.zip
- ZIP containing PDF document of the answers: 2015-03-24-traffic-analysis-exercise-answers.pdf.zip
NOTE: ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
Use the pcap file above to answer the following:
1) What is the host name of the Windows computer that gets infected?
2) What is the IP address of the Windows computer that gets infected?
3) What is the MAC address of the Windows computer that gets infected?
4) What exploit kit (EK) infected the computer? (Angler, Fiesta, Nuclear, Neutrino, Rig?)
5) What compromised website kicked off a chain of events leading to the exploit kit?
6) What is the IP address and domain name of the exploit kit?
Check your answers in the PDF document, which contains more info on the traffic and malware.
Click here to return to the main page.