Malware-Traffic-Analysis.net - 2015-10-13 - traffic analysis exercise

2015-09-23 - TRAFFIC ANALYSIS EXERCISE - HALLOWEEN-THEMED HOST NAMES

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

Zip arcive of the two pcaps: 2015-10-13-traffic-analysis-exercise-pcaps.zip 7.6 MB (7,639,200 bytes)

SCENARIO

You have two pcap files of traffic. Traffic from each pcap indicates an infection for a Windows computer. The computers have Halloween-themed host names. Your task? Document what caused these two infections.

If only it were this simple...

REPORTING

For each infection, your documentation should include:

Date and time of the activity.
The infected computer's IP address.
The infected computer's MAC address.
The infected computer's host name.
Domains and IP addresses of any infection traffic.
The root cause (what is the likely cause of the infection noted in the pcap).

ANSWERS

Click here for the answers.