Situation: Email Roulette

You're working as an analyst at a Security Operations Center (SOC) for a Thanksgiving-themed company.

One quiet evening, you hear someone knocking at the SOC entrance. As you answer the door, an exhausted mail server technician stumbles in and quickly falls to the floor. He whispers in a shaky voice, "Mail filters are down... Spam everywhere..."

As you help him up, he looks to the sky and yells, "The gates of hell have opened!"

The technician immediately collapses again and softly whispers, "The horror... The horror..."

The mail filter outage lasted throughout the next day. Fortunately, very few incidents were reported. But one example caught your eye.

During the mail filter outage, one of the company employees decided to play "email roulette." The employee opened one of the malicious emails from his inbox and treated it as a legitimate message.

1. Download this PCAP and open these emails

2. Review the sample analysis (Links to an external site.)Links to an external site. discussing these questions:

Date and approximate time of the infection.

The infected computer's IP address.

The infected computer's MAC address.

The infected computer's host name.

Which email the employee opened.

resource: http://www.malware-traffic-analysis.net/2015/11/06/index.html

Complete a 3-5 page reflection Situation #2. Given these sample incident reports, write about what you learned, what you have questions about, what you researched as part of this review, and anything else you feel is relevant.