トラフィック分析演習(2021年2月版) - あなたは#pcapとアラートのリストを取得します - あなたのタスクは、インシデントレポートを書くことです。 / Traffic Analysis Exercise - you get a #pcap and a list of alerts - Your task is to write an incident report（転載）

2021-02-08 (Monday) - Traffic Analysis Exercise - you get a #pcap and a list of alerts - Your task is to write an incident report - Join the fun at: https://www.malware-traffic-analysis.net/2021/02/08/index.html - #TrafficAnalysisExercise:

TRAFFIC ANALYSIS EXERCISE - ASCOLIMITED

ASSOCIATED FILES:

• Zip archive of the pcap:  2021-02-08-traffic-analysis-exercise.pcap.zip   6.0 MB (6,017,342 bytes)

• 2021-02-08-traffic-analysis-exercise.pcap   (11,145,351 bytes)

• Zip archive of the alerts:  2021-02-08-traffic-analysis-exercise-alerts.zip   2.0 MB (2,011,409 bytes)

• 2021-02-08-traffic-analysis-exercise-alerts.jpg   (2,237,669 bytes)
• 2021-02-08-traffic-analysis-exercise-alerts.txt   (6,442 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

SCENARIO

LAN segment data:

• LAN segment range:  10.2.8.0/24 (10.2.8.0 through 10.2.8.255)
• Domain:  ascolimited.com
• Domain controller:  10.2.8.2 - AscoLimited-DC
• LAN segment gateway:  10.2.8.1
• LAN segment broadcast address:  10.2.8.255

 

TASK

• Write an incident report based on the pcap and the alerts.

• The incident report should contains 3 sections:

• Executive Summary: State in simple, direct terms what happened (when, who, what).
• Details: Details of the victim (hostname, IP address, MAC address, Windows user account name).
• Indicators of Compromise (IOCs): IP addresses, domains and URLs associated with the infection.  SHA256 hashes if any malware binaries can be extracted from the pcap.

 

ANSWERS

• Click here for the answers.

バックアップ