2019-08-20 - TRAFFIC ANALYSIS EXERCISE
ASSOCIATED FILES:
- Zip archive of the pcap: 2019-08-20-traffic-analysis-exercise.pcap.zip 8.7 MB (8,657,544 bytes)
- 2019-08-20-traffic-analysis-exercise.pcap (13,244,754 bytes)
- Zip archive of the alerts: 2019-08-20-traffic-analysis-exercise-alerts.zip 496 kB (496,022 bytes)
- 2019-08-20-traffic-analysis-exercise-alerts.jpg (577,270 bytes)
- 2019-08-20-traffic-analysis-exercise-alerts.txt (6,913 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
LAN segment data:
- LAN segment range: 10.8.20.0/24 (10.8.20.0 through 10.8.20.255)
- Domain: badbundt.com
- Domain controller: 10.8.20.8 (BadBundt-DC)
- LAN segment gateway: 10.8.20.1
- LAN segment broadcast address: 10.8.20.255
YOUR TASK
Review the pcap and alerts to answer the following questions:
- When did the infection happen (date and time in UTC)?
- What is the IP address, MAC address, and host name of the infected Windows host?
- What is the Windows user account name for the infected Windows host?
- Based on the alerts, what type(s) of malware was the victim infected with?
ANSWERS
- Click here for the answers.
Click here to return to the main page.