Persecure : my learning archive

,

 2014-11-23 Traffic analysis exercise

https://www.malware-traffic-analysis.net/2014/11/23/index.html

QUESTIONS

1) What is the IP address of the Windows VM that gets infected?

To find an address OS, I usually check the User-agent section in the headers. Use the http filter and follow the stream.

Answer : 172.16.165.132


2) What is the MAC address of the infected VM?

Statictics –> Endpoints


3) What is the IP address of the compromised web site?

Answer : 192.30.138.146


4) What is the domain name of the compromised web site?

Answer : http://hijinksensue.com/


5) What is the IP address and domain name that delivered the exploit kit and malware?

Use the data filter.


6) What is the domain name that delivered the exploit kit and malware?

Follow the stream.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: