CyberDefenders: Malware Traffic Analysis 1 blueteam challenge.

Malware Traffic Analysis 1

SHA1SUM	8c99d51484ce26fe39719a25afde3e00749c75a0
Published	Aug. 18, 2020
Author	Brad Duncan
Size	2.0 MB
Tags	Wireshark Suricata PCAP Malware Traffic Analysis Exploit Kit IOCs

Instructions	Uncompress the challenge (pass: cyberdefenders.org) Load suricatarunner.exe and suricataupdater.exe in BrimSecurity from settings Uncompress suricata.zip from description and move suircata.rules to ".\var\lib\suricata\rules" inside suricatarunner directory

Your progress

0% Completed0/12 Questions

Your score

Last solve

The attached PCAP belongs to an Exploitation Kit infection. Analyze it using your favorite tool and answer the challenge questions.

Tools:

#	Question	Weight	Solved
#1	What is the IP address of the Windows VM that gets infected?	50	1222
Hint Report an issue

#2	What is the hostname of the Windows VM that gets infected?	50	1123
Hint Report an issue

#3	What is the MAC address of the infected VM?	50	1169
Hint Report an issue

#4	What is the IP address of the compromised web site?	50	1101
Hint Report an issue

#5	What is the FQDN of the compromised website?	50	1082
Hint Report an issue

#6	What is the IP address of the server that delivered the exploit kit and malware?	50	1024
Hint Report an issue

#7	What is the FQDN that delivered the exploit kit and malware?	50	1012
Hint Report an issue

#8	What is the redirect URL that points to the exploit kit (EK) landing page?	100	928
Hint Report an issue

#9	Other than CVE-2013-2551 IE exploit, another application was targeted by the EK and starts with "J". Provide the full application name.	100	748
Hint Report an issue

#10	How many times was the payload delivered?	100	880
Hint Report an issue

#12	The compromised website has a malicious script with a URL. What is this URL?	150	769
Hint Report an issue

#13	Extract the two exploit files. What are the MD5 file hashes? (comma-separated )	150	645
Hint Report an issue