恶意流量练习题之2015-01-09-traffic-analysis-exercise

pacp包地址

http://www.malware-traffic-analysis.net/2015/01/09/2015-01-09-traffic-analysis-exercise.pcap.zip

问题与回答

BASIC QUESTIONS

1. What is the date and time of this activity?

抓包的时间是2015.1.6 00:24-00:26

2. What is the IP address and MAC address for the Windows host that hit the exploit kit?

被攻击的主机ip192.168.204.137，mac地址为00:0c:29:9d:b8:6d

3. What is the domain name and IP address of the compromised web site?

被攻击的网站是www.opushangszer.hu

ip是94.199.178.119

4. What is the domain name and IP address for the exploit kit?

利用漏洞工机包的域名是static.domainvertythephones.com，ip是167.160.46.121

5. What web browser is the Windows host using?

MSIE 8.0

EXTRA QUESTIONS

1. What is the exploit kit?

将数据包上传到vt，Angler EK

2. What type of exploits were sent by this exploit kit? (Flash, IE, Java, Silverlight, etc.)

Flash漏洞，CVE-2015-0311

Silverlight漏洞，CVE-2013-0074

3. Which HTTP request returned a redirect to the exploit kit?

akronkappas.com/d2a42e1f7d9a1021bd7d93af414c95c4.php?q=70a9b40eb73da11445c3a3609c8241d9

4. In Wireshark, which tcp.stream contains the malware payload?

tcp.stream eq 4