Persecure : my learning archive

 2014-11-23 Traffic analysis exercise

https://www.malware-traffic-analysis.net/2014/11/23/index.html

QUESTIONS

1) What is the IP address of the Windows VM that gets infected?

To find an address OS, I usually check the User-agent section in the headers. Use the http filter and follow the stream.

Answer : 172.16.165.132


2) What is the MAC address of the infected VM?

Statictics –> Endpoints


3) What is the IP address of the compromised web site?

Answer : 192.30.138.146


4) What is the domain name of the compromised web site?

Answer : http://hijinksensue.com/


5) What is the IP address and domain name that delivered the exploit kit and malware?

Use the data filter.


6) What is the domain name that delivered the exploit kit and malware?

Follow the stream.

Create a website or blog at WordPress.com