2019-04-15 - TRAFFIC ANALYSIS EXERCISE - STINGRAYAHOY
- Zip archive of the pcap: 2019-04-15-traffic-analysis-exercise.pcap.zip 4.4 MB (4,482,499 bytes)
- 2019-04-15-traffic-analysis-exercise.pcap (7,329,433 bytes)
- Zip archive of the alerts: 2019-04-15-traffic-analysis-exercise-alerts.zip 437 kB (437,491 bytes)
- 2019-04-15-traffic-analysis-exercise-alerts.jpg (526,496 bytes)
- 2019-04-15-traffic-analysis-exercise-alerts.txt (5,785 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
LAN segment data:
- LAN segment range: 10.0.90.0/24 (10.0.90.0 through 10.0.90.255)
- Domain: stringrayahoy.com
- Domain controller: 10.0.90.9 - StingrayAhoy-DC
- LAN segment gateway: 10.0.90.1
- LAN segment broadcast address: 10.0.90.255
Review the pcap and alerts, then write an incident report for this infected Windows host. The zip archive of malware and artifacts is a bonus, provided to help you better understand this infection, if needed. See below for a suggested template for an incident report.
Executive summary:On 2019-04-15 at ??:?? UTC, a Windows host used by ????????? was infected with ???????
Details of the infected Windows host:IP address:
Windows user account name:
Indicators of Compromise:[List of URLs, domains, IP addresses, and SHA256 hashes related to the infection should appear in this section]
- Click here for the answers.
Click here to return to the main page.