2015-05-29 - TRAFFIC ANALYSIS EXERCISE - NO ANSWERS, ONLY HINTS FOR THE INCIDENT REPORT
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
TRAFFIC:
- Zip archive of the traffic: 2015-05-29-traffic-analysis-exercise.pcap.zip 4.9 MB (4,939,060 bytes)
NOTES
- I'm trying something different this time: I'm not writing a summary about this traffic.
- Instead, the answers section has a series of 20 images that show how to find some of the important stuff.
- Click here to see a page to help you get the answers.
SCENARIO
You're working as an analyst at your organization's Security Operations Center (SOC). One of the other analysts was investigating alerts on a Windows host, and the computer is infected. That analyst retrieved a pcap of network traffic from the associated IP address.
You've been asked to review the pcap and document your findings in an incident report. Be sure to include the date and time of the activity, IP adress, MAC address, and host name of the computer. Try to identify the malware and include any indicators of compromise (IOC) found during your investigation.
ANSWERS