2019-08-20 - TRAFFIC ANALYSIS EXERCISE

ASSOCIATED FILES:

• Zip archive of the pcap:  2019-08-20-traffic-analysis-exercise.pcap.zip   8.7 MB (8,657,544 bytes)

• 2019-08-20-traffic-analysis-exercise.pcap   (13,244,754 bytes)

• Zip archive of the alerts:  2019-08-20-traffic-analysis-exercise-alerts.zip   496 kB (496,022 bytes)

• 2019-08-20-traffic-analysis-exercise-alerts.jpg   (577,270 bytes)
• 2019-08-20-traffic-analysis-exercise-alerts.txt   (6,913 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

LAN segment data:

• LAN segment range:  10.8.20.0/24 (10.8.20.0 through 10.8.20.255)
• Domain:  badbundt.com
• Domain controller:  10.8.20.8  (BadBundt-DC)
• LAN segment gateway:  10.8.20.1
• LAN segment broadcast address:  10.8.20.255

 

YOUR TASK

Review the pcap and alerts to answer the following questions:

• When did the infection happen (date and time in UTC)?
• What is the IP address, MAC address, and host name of the infected Windows host?
• What is the Windows user account name for the infected Windows host?
• Based on the alerts, what type(s) of malware was the victim infected with?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.