Malware-Traffic-Analysis.net - 2022-01-07 - Traffic analysis exercise - Spoonwatch

2022-01-07 - TRAFFIC ANALYSIS EXERCISE - SPOONWATCH

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

Zip archive of the pcap: 2022-01-07-traffic-analysis-exercise.pcap.zip 2.6 MB (2,641,838 bytes)

SCENARIO

LAN segment data:

LAN segment range: 192.168.1[.]0/24 (192.168.1[.]0 through 192.168.1[.]255)
Domain: spoonwatch[.]net
Domain controller: 192.168.1[.]9 - SPOONWATCH-DC
LAN segment gateway: 192.168.1[.]1
LAN segment broadcast address: 192.168.1[.]255

TASK

Write an incident report based on the pcap and the alerts.

The incident report should contains 3 sections:

Executive Summary: State in simple, direct terms what happened (when, who, what).

Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).

Indicators of Compromise (IOCs): IP addresses, domains and URLs associated with the infection. SHA256 hashes if any malware binaries can be extracted from the pcap.

ANSWERS

Click here for the answers.

Click here to return to the main page.