Malware-Traffic-Analysis.net - 2015-08-31 - Traffic analysis exercise - What's the EK?

2015-08-31 - TRAFFIC ANALYSIS EXERCISE - WHAT'S THE EK? - WHAT'S THE PAYLOAD?

TRAFFIC:

ZIP of the PCAP: 2015-08-31-traffic-analysis-exercise.pcap.zip 6.7 MB (6,704,031 bytes)

NOTE: All ZIP archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.

SCENARIO

Examine the pcap to determine the exploit kit (EK), the payload, and the compromised website that kicked off this infection chain.

QUESTIONS

For a full incident report, you'll want to include the following:

IP address of the Windows computer that was infected.
MAC address of the Windows computer that was infected.
Host name of the Windows computer that was infected.
Name of the exploit kit.
Identification of the payload (for example: Bedep, CryptoWall 3.0, Dyre, Rovnix, Vawtrak, etc).
Identification of the compromised website that kicked off this infection chain.
Any Indicators of compromise (IOCs) from the traffic to include IP addresses and domain names.

ANSWERS

Click here for the answers.