![]() ![]() Most of the summary lists corrective actions. John Doe changed his login password and was instructed to change any other passwords used on the infected computer. Security confiscated the infected host at 13:15 UTC, then help desk personnel wiped and re-imaged it. On at 12:53 UTC, a Windows computer used by John Doe was infected with unknown, Windows-based malware. The executive summary states the type of malicious activity and any corrective actions taken. This should give the reader a clear idea of what happened. The executive summary is a paragraph describing the incident. Our recommended incident report format contains the following three sections: For this month’s Unit 42 Wireshark quiz, we recommend a generic format applicable to many situations. Depending on your workplace requirements, incident report formats vary. In this scenario, quiz participants provide an incident report to document the infection. Extract the pcap file from the password-protected ZIP archive. Download the ZIP archive containing the pcap from our GitHub repository. Use infected as the password to unlock the ZIP archive. Download the ZIP archive and extract the pcap as shown below in Figures 1 and 2. To obtain the pcap for this month’s quiz, visit our GitHub repository. This presents a risk of infection if participants use a Windows computer to analyze the pcap. Malware traffic could contain malicious code targeting Microsoft Windows. We recommend using a 3.x or later version of Wireshark, since it has more features, capabilities and bug fixes over previous Wireshark versions.įurthermore, we recommend using a non-Windows environment like BSD, Linux or macOS to analyze malicious traffic. To help, Unit 42 has published a series of tutorials and videos that include customizing Wireshark. Therefore, we encourage participants in this quiz to customize Wireshark after installing it. However, Wireshark’s default settings are not optimized for web-based traffic commonly generated by malware. This quiz requires Wireshark to review pcap files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |