2019-12-03 - TRAFFIC ANALYSIS EXERCISE - ICEMAIDEN
ASSOCIATED FILES:
- Zip archive of the pcap: 2019-12-03-traffic-analysis-exercise.pcap.zip 9.1 MB (9,099,137 bytes)
- 2019-12-03-traffic-analysis-exercise.pcap (11,052,333 bytes)
- Zip archive of the alerts: 2019-12-03-traffic-analysis-exercise-alerts.zip 551 kB (550,521 bytes)
- 2019-12-03-traffic-analysis-exercise-alerts.jpg (600,478 bytes)
- 2019-12-03-traffic-analysis-exercise-alerts.txt (4,059 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
LAN segment data:
- LAN segment range: 10.18.20.0/24 (10.18.20.0 through 10.18.20.255)
- Domain: icemaiden.com
- Domain controller: 10.18.20.8 - Icemaiden-DC
- LAN segment gateway: 10.18.20.1
- LAN segment broadcast address: 10.18.20.255
YOUR TASK
Review the pcap and the alerts, then answer the following questions:
- What is the IP address, MAC address, and host name of the infected Windows host?
- What is the Windows user account name of the victim on this infected Windows host?
- What type of malware was the victim infected with?
- Based on traffic from the pcap, where did the malware likely come from?
- After the initial infection, what type of web page/website did the victim appear to visit?
ANSWERS
- Click here for the answers.
Click here to return to the main page.