2019-04-15 - TRAFFIC ANALYSIS EXERCISE - STINGRAYAHOY
ASSOCIATED FILES:
- Zip archive of the pcap: 2019-04-15-traffic-analysis-exercise.pcap.zip 4.4 MB (4,482,499 bytes)
- 2019-04-15-traffic-analysis-exercise.pcap (7,329,433 bytes)
- Zip archive of the alerts: 2019-04-15-traffic-analysis-exercise-alerts.zip 437 kB (437,491 bytes)
- 2019-04-15-traffic-analysis-exercise-alerts.jpg (526,496 bytes)
- 2019-04-15-traffic-analysis-exercise-alerts.txt (5,785 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
LAN segment data:
- LAN segment range: 10.0.90.0/24 (10.0.90.0 through 10.0.90.255)
- Domain: stringrayahoy.com
- Domain controller: 10.0.90.9 - StingrayAhoy-DC
- LAN segment gateway: 10.0.90.1
- LAN segment broadcast address: 10.0.90.255
YOUR TASK
Review the pcap and alerts, then write an incident report for this infected Windows host. The zip archive of malware and artifacts is a bonus, provided to help you better understand this infection, if needed. See below for a suggested template for an incident report.
Executive summary:
On 2019-04-15 at ??:?? UTC, a Windows host used by ????????? was infected with ???????Details of the infected Windows host:
IP address:
MAC address:
Host name:
Windows user account name:Indicators of Compromise:
[List of URLs, domains, IP addresses, and SHA256 hashes related to the infection should appear in this section]
ANSWERS
- Click here for the answers.
Click here to return to the main page.