2017-01-28 - TRAFFIC ANALYSIS EXERCISE - THANKS, BRIAN.
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- Zip archive with a pcap of the traffic: 2017-01-28-traffic-analysis-exercise.pcap.zip 2.6 MB (2,618,154 bytes)
SCENARIO
The pcap contains traffic of a Windows computer getting infected with malware. The secenario is based on the image below.
Shown above: "Thanks, Brian" was meant sarcastically.
QUESTIONS
BASIC QUESTIONS:
- What was the date and time of the infection?
- What is the MAC address of the infected Windows computer?
- What is the IP address of the infected Windows computer?
- What is the host name of the infected Windows computer?
- What type of malware was the computer infected with?
ADVANCED QUESTIONS:
- What is the name of the malware that infected the user's computer?
- What exploit kit was used to infect the user's computer?
- What compromised website kicked off the infection chain of events?
MORE ADVANCED QUESTIONS:
- Before the Windows computer was infected, what did the user search for on Bing?
- Which campaign(s) used the exploit kit noted in the pcap?
- What are the indicators of compromise (IOCs) from the pcap?
ANSWERS
- Click here for the answers.
Click here to return to the main page.