Question
Threat Intelligence Card Note : Log into the Security Onion VM and use the following Indicator of Attack to complete this portion of the homework.
Threat Intelligence Card
Note: Log into the Security Onion VM and use the following Indicator of Attack to complete this portion of the homework.
Locate the following Indicator of Attack in Sguil based off of the following:
- Source IP/Port: 188.124.9.56:80
- Destination Address/Port: 192.168.3.35:1035
- Event Message: ET TROJAN JS/Nemucod.M.gen downloading EXE payload
Answer the following:
- What was the indicator of an attack?
- Hint: What do the details of the reveal?
- Answer:
- What was the adversarial motivation (purpose of attack)?
- Answer:
- Describe observations and indicators that may be related to the perpetrators of the intrusion. Categorize your insights according to the appropriate stage of the cyber kill chain, as structured in the following table.
TTP
Example
Findings
Reconnaissance
How did they attacker locate the victim?
Weaponization
What was it that was downloaded?
Delivery
How was it downloaded?
Exploitation
What does the exploit do?
Installation
How is the exploit installed?
Command & Control (C2)
How does the attacker gain control of the remote machine?
Actions on Objectives
What does the software that the attacker sent do to complete it's tasks?
Answer:
- What are your recommended mitigation strategies?
- Answer:
- List your third-party references.
- Answer:
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started