Malware-Traffic-Analysis.net - 2015-10-13 - traffic analysis exercise

2015-09-23 - TRAFFIC ANALYSIS EXERCISE - HALLOWEEN-THEMED HOST NAMES

ASSOCIATED FILES:

ZIP arcive of the PCAPs: 2015-10-13-traffic-analysis-exercise-pcaps.zip 7.6 MB (7,638,848 bytes)

ZIP files on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.

SCENARIO

You have two pcap files of traffic. Traffic from each pcap indicates an infection for a Windows computer. The computers have Halloween-themed host names. Your task? Document what caused these two infections.

If only it were this simple...

REPORTING

For each infection, your documentation should include:

Date and time of the activity.
The infected computer's IP address.
The infected computer's MAC address.
The infected computer's host name.
Domains and IP addresses of any infection traffic.
The root cause (what is the likely cause of the infection noted in the pcap).

ANSWERS

Click here for the answers.