kmfkpainting.blogg.se - Wireshark capture filter port

Is there any follow-up activity from other malware?.

What is the user account name from the infected Windows host?.

What is the hostname of the infected Windows client?.

What is the MAC address of the infected Windows client?.

What is the IP address of the infected Windows client?.

What is the date and time in UTC the infection started?.

Quiz Questionsįor this IcedID infection, we ask participants to answer the following questions previously described in our standalone quiz post: Use infected as the password to unlock the ZIP archive. To obtain the pcap, visit our GitHub repository, download the April 2023 ZIP archive and extract the pcap. As always, we recommend using Wireshark in a non-Windows environment like BSD, Linux or macOS when analyzing malicious Windows-based traffic. A list of tutorials and videos is available. We also recommend readers customize their Wireshark display to better analyze web traffic. This quiz requires Wireshark, and we recommend using the latest version of Wireshark, since it has more features, capabilities and bug fixes over previous versions.

Domain controller hostname: WIN-GP4JHCK2JMV.

Details of the Local Area Network (LAN) environment for the pcap follow. The infection is similar to previous IcedID activity tweeted by Unit 42 in March 2023. Traffic for this quiz occurred in an Active Directory (AD) environment during April 2023. Pcap, Wireshark, Wireshark Tutorial, IcedID, BokBotĪdditional Resources Scenario, Requirements and Quiz Material

Palo Alto Networks customers are protected from IcedID and other malware through Cortex XDR and our Next-Generation Firewall with Cloud-Delivered Security Services that include WildFire, Advanced Threat Prevention and Advanced URL Filtering.

If you would like to view this quiz without answers, please see our previous blog introducing the standalone quiz. Reviewing the pcap provides an opportunity to analyze IcedID infection traffic. Also known as Bokbot, IcedID is well-established Windows-based malware that can lead to ransomware. Our introductory blog Cold as Ice: Unit 42 Wireshark Quiz for IcedID provides a packet capture (pcap) from an IcedID infection in April 2023.