The attached PCAP belongs to an Exploitation Kit infection. Analyze it using your favourite tool and answer the challenge questions.

# Question Weight Solved
1 What is the IP address of the Windows VM that gets infected? 50 259

2 What is the MAC address of the infected VM? 50 252

3 What is the IP address of the compromised web site? 100 246

4 What is the domain name of the compromised web site? 50 243

5 What are the IP address and port number that delivered the exploit kit and malware? 100 224

6 What is the domain name that delivered the exploit kit and malware? 50 195

7 What is the name exploit kit (EK) that delivered the malware? 100 156

8 What is the redirect URL that points to the exploit kit (EK) landing page? 100 156

9 What is the IP address of the redirect URL that points to the exploit kit (EK) landing page? 100 164

10 Extract the malware payload (PE file) from the PCAP. What is the MD5 hash? 100 163

11 What is the CVE of the exploited vulnerability? 100 139

12 What is the mime-type of the file that took the longest time (duration) to be analyzed using Zeek? 150 80

13 What was the referrer for the visited URI that returned the file "f.txt"? 50 107

14 When was this PCAP captured? 100 153

15 When was the PE file compiled? 100 131

16 What is the name of the SSL certificate issuer that appeared only once? 50 104

17 What were the two protection methods enabled during the compilation of the present PE file? 150 65