2017-01-28 - TRAFFIC ANALYSIS EXERCISE - THANKS, BRIAN.

ASSOCIATED FILES:

• ZIP archive with a PCAP of the traffic:  2017-01-28-traffic-analysis-exercise.pcap.zip   2.6 MB (2,618,154 bytes)

All ZIP files on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

The pcap contains traffic of a Windows computer getting infected with malware.  The secenario is based on the image below.

Shown above:  "Thanks, Brian" was meant sarcastically.

 

QUESTIONS

BASIC QUESTIONS:

• What was the date and time of the infection?
• What is the MAC address of the infected Windows computer?
• What is the IP address of the infected Windows computer?
• What is the host name of the infected Windows computer?
• What type of malware was the computer infected with?

 

ADVANCED QUESTIONS:

• What is the name of the malware that infected the user's computer?
• What exploit kit was used to infect the user's computer?
• What compromised website kicked off the infection chain of events?

 

MORE ADVANCED QUESTIONS:

• Before the Windows computer was infected, what did the user search for on Bing?
• Which campaign(s) used the exploit kit noted in the pcap?
• What are the indicators of compromise (IOCs) from the pcap?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.