恶意流量练习题之2015-01-09-traffic-analysis-exercise
pacp包地址
http://www.malware-traffic-analysis.net/2015/01/09/2015-01-09-traffic-analysis-exercise.pcap.zip
问题与回答
BASIC QUESTIONS
- What is the date and time of this activity?
抓包的时间是2015.1.6 00:24-00:26
- What is the IP address and MAC address for the Windows host that hit the exploit kit?
被攻击的主机ip192.168.204.137,mac地址为00:0c:29:9d:b8:6d
- What is the domain name and IP address of the compromised web site?
被攻击的网站是www.opushangszer.hu
ip是94.199.178.119
- What is the domain name and IP address for the exploit kit?
利用漏洞工机包的域名是static.domainvertythephones.com,ip是167.160.46.121
- What web browser is the Windows host using?
MSIE 8.0
EXTRA QUESTIONS
- What is the exploit kit?
将数据包上传到vt,Angler EK
- What type of exploits were sent by this exploit kit? (Flash, IE, Java, Silverlight, etc.)
Flash漏洞,CVE-2015-0311
Silverlight漏洞,CVE-2013-0074
- Which HTTP request returned a redirect to the exploit kit?
akronkappas.com/d2a42e1f7d9a1021bd7d93af414c95c4.php?q=70a9b40eb73da11445c3a3609c8241d9
- In Wireshark, which tcp.stream contains the malware payload?
tcp.stream eq 4