Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (ip.src == 71.6.135.131) && (ip.dst == 192.168.30.233)
- 1.1 What email address are these emails spoofing?
- josh@sheabutterproducts.com
- 1.2 What is the sender’s real email address?
- josh@sheabuterpr0ducts.com
- 1.3 Which users received these emails?
- Darryl Jenks <djenks@soulglo.com>
- Jaffe Joffer <jjoffer@soulglo.com>
- 1.4 What link was included in the emails?
- http://sheabuterpr0ducts.com
- 2.1 Looking at the web traffic logs, which of your users actually clicked on the link in question?
- DJENKS CLICKED THE LINK
- 2.2 What IP address is associated with the phishing page based on your web logs?
- 192.168.30.233 from 71.6.135.131
- ip.dst == 192.168.30.233
- 1988-06-30 11:15:53 djenks 71.6.135.131 GET /soul_glo_financials.xlxs 200
- 1988-06-30 11:19:04 djenks 71.6.135.131 GET /soul_glo_business_plan.pdf 200
- 1988-06-30 11:21:22 djenks 71.6.135.131 GET /soul_glo_marketing_plan.doc 200
- 1988-06-30 11:22:59 djenks 71.6.135.131 GET /soul_glo_SUPER_SECRET_FORMULA.pdf 200
- 1988-06-30 11:23:43 djenks 71.6.135.131 GET /soul_glo_memes.dank 200
- 1988-06-30 11:23:50 djenks 71.6.135.131 GET /soul_glo_org_chart.xlxs 200
- 3.1 What password did Darryl input to the phishing page?
- 4.1 What files did they download?
- 5.1 Looking at the provided Powershell script, what link was the adversary trying to download.
- 1988-06-30 11:15:53 djenks 71.6.135.131 GET /soul_glo_financials.xlxs 200
- 1988-06-30 11:19:04 djenks 71.6.135.131 GET /soul_glo_business_plan.pdf 200
- 1988-06-30 11:21:22 djenks 71.6.135.131 GET /soul_glo_marketing_plan.doc 200
- 1988-06-30 11:22:59 djenks 71.6.135.131 GET /soul_glo_SUPER_SECRET_FORMULA.pdf 200
- 1988-06-30 11:23:43 djenks 71.6.135.131 GET /soul_glo_memes.dank 200
- 1988-06-30 11:23:50 djenks 71.6.135.131 GET /soul_glo_org_chart.xlxs 200
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
