Domain controller hostname: WIN-GP4JHCK2JMV.Details of the Local Area Network (LAN) environment for the pcap follow. The infection is similar to previous IcedID activity tweeted by Unit 42 in March 2023. Traffic for this quiz occurred in an Active Directory (AD) environment during April 2023. Pcap, Wireshark, Wireshark Tutorial, IcedID, BokBotĪdditional Resources Scenario, Requirements and Quiz Material Palo Alto Networks customers are protected from IcedID and other malware through Cortex XDR and our Next-Generation Firewall with Cloud-Delivered Security Services that include WildFire, Advanced Threat Prevention and Advanced URL Filtering. If you would like to view this quiz without answers, please see our previous blog introducing the standalone quiz. Reviewing the pcap provides an opportunity to analyze IcedID infection traffic. Also known as Bokbot, IcedID is well-established Windows-based malware that can lead to ransomware. Our introductory blog Cold as Ice: Unit 42 Wireshark Quiz for IcedID provides a packet capture (pcap) from an IcedID infection in April 2023.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |