Malware-Traffic-Analysis.net - 2015-05-08 - traffic analysis exercise

2015-05-08 - TRAFFIC ANALYSIS EXERCISE

PCAP of the traffic: 2015-05-08-traffic-analysis-exercise.pcap.zip

ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.

TRAFFIC

The image below shows the traffic in Wireshark. As always, I recommend changing the default column display in Wireshark as covered in this tutorial: http://malware-traffic-analysis.net/tutorials/wireshark/index.html

Click on the above image to see it full-size.

BREAK POINT

You've documented the traffic, and now it's time to state what happened. A full analysis should include Snort events (or any other alerts) you've been able to generate from the pcap (from reading it with Snort or using tcpreplay in Security Onion). You should also be able to extract a malware sample from the pcap and submit it to Virus Total.

Click here to see the final answer page.