2019-12-03 - TRAFFIC ANALYSIS EXERCISE - ICEMAIDEN

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2019-12-03-traffic-analysis-exercise.pcap.zip   9.1 MB (9,099,137 bytes)

• 2019-12-03-traffic-analysis-exercise.pcap   (11,052,333 bytes)

• Zip archive of the alerts:  2019-12-03-traffic-analysis-exercise-alerts.zip   551 kB (550,913 bytes)

• 2019-12-03-traffic-analysis-exercise-alerts.jpg   (600,478 bytes)
• 2019-12-03-traffic-analysis-exercise-alerts.txt   (4,059 bytes)

 

 

SCENARIO

LAN segment data:

• LAN segment range:  10.18.20[.]0/24 (10.18.20[.]0 through 10.18.20[.]255)
• Domain:  icemaiden[.]com
• Domain controller:  10.18.20[.]8 - Icemaiden-DC
• LAN segment gateway:  10.18.20[.]1
• LAN segment broadcast address:  10.18.20[.]255

 

YOUR TASK

Review the pcap and the alerts, then answer the following questions:

• What is the IP address, MAC address, and host name of the infected Windows host?
• What is the Windows user account name of the victim on this infected Windows host?
• What type of malware was the victim infected with?
• Based on traffic from the pcap, where did the malware likely come from?
• After the initial infection, what type of web page/website did the victim appear to visit?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.