2021-09-10 - TRAFFIC ANALYSIS EXERCISE - ANGRYPOUTINE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2021-09-10-traffic-analysis-exercise.pcap.zip   4.9 MB (4,883,155 bytes)

 

 

SCENARIO

LAN segment data:

• LAN segment range:  10.9.10[.]0/24 (10.9.10[.]0 through 10.9.10[.]255)
• Domain:  angrypoutine[.]com
• Domain controller:  10.9.10[.]9 - ANGRYPOUTINE-DC
• LAN segment gateway:  10.9.10[.]1
• LAN segment broadcast address:  10.9.10[.]255

 

TASK

• Write an incident report based on the pcap and the alerts.

• The incident report should contains 3 sections:

• Executive Summary: State in simple, direct terms what happened (when, who, what).
• Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).
• Indicators of Compromise (IOCs): IP addresses, domains and URLs associated with the infection.  SHA256 hashes if any malware binaries can be extracted from the pcap.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.