2015-03-24 - TRAFFIC ANALYSIS EXERCISE

ASSOCIATED FILES:

• ZIP containing pcap of the traffic:  2015-03-24-traffic-analysis-exercise.pcap.zip
• ZIP containing PDF document of the answers:  2015-03-24-traffic-analysis-exercise-answers.pdf.zip

NOTE: ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

Use the pcap file above to answer the following:

1) What is the host name of the Windows computer that gets infected?
2) What is the IP address of the Windows computer that gets infected?
3) What is the MAC address of the Windows computer that gets infected?
4) What exploit kit (EK) infected the computer? (Angler, Fiesta, Nuclear, Neutrino, Rig?)
5) What compromised website kicked off a chain of events leading to the exploit kit?
6) What is the IP address and domain name of the exploit kit?

 

Check your answers in the PDF document, which contains more info on the traffic and malware.

 

Click here to return to the main page.