The attached PCAP belongs to an Exploitation Kit infection. Analyze it using your favourite tool and answer the challenge questions.

# Question Weight Solved
1 What is the IP address of the Windows VM that gets infected? 50 694

2 What is the hostname of the Windows VM that gets infected? 50 629

3 What is the MAC address of the infected VM? 50 661

4 What is the IP address of the compromised web site? 50 625

5 What is the domain name of the compromised web site? 50 620

6 What is the IP address of the server that delivered the exploit kit and malware? 50 589

7 What is the domain name that delivered the exploit kit and malware? 50 585

8 What is the redirect URL that points to the exploit kit (EK) landing page? 100 525

9 Other than CVE-2013-2551 IE exploit, what other exploit(s) sent by the EK? 100 366

10 How many times was the payload delivered? 100 486

11 What are the SIDs of the triggered Snort alerts? 100 206

12 The compromised website has a malicious script with a URL. What is this URL? 150 396

13 Extract the exploit file(s). What is (are) the MD5 file hash(es)? 150 313

14 VirusTotal doesn't show how many times a specific rule was fired under the "Suricata alerts" section for the pcap analysis. Run the pcap file against your local Suricata (Emerging Threats Open ruleset) and provide the rule number that was fired the most. 150 213