Question: Threat Intelligence Card Note : Log into the Security Onion VM and use the following Indicator of Attack to complete this portion of the homework.

Threat Intelligence Card

Note: Log into the Security Onion VM and use the following Indicator of Attack to complete this portion of the homework.

Locate the following Indicator of Attack in Sguil based off of the following:

  • Source IP/Port: 188.124.9.56:80
  • Destination Address/Port: 192.168.3.35:1035
  • Event Message: ET TROJAN JS/Nemucod.M.gen downloading EXE payload

Answer the following:

  1. What was the indicator of an attack?
  • Hint: What do the details of the reveal?
  1. Answer:
  2. What was the adversarial motivation (purpose of attack)?
  3. Answer:
  4. Describe observations and indicators that may be related to the perpetrators of the intrusion. Categorize your insights according to the appropriate stage of the cyber kill chain, as structured in the following table.

TTP

Example

Findings

Reconnaissance

How did they attacker locate the victim?

Weaponization

What was it that was downloaded?

Delivery

How was it downloaded?

Exploitation

What does the exploit do?

Installation

How is the exploit installed?

Command & Control (C2)

How does the attacker gain control of the remote machine?

Actions on Objectives

What does the software that the attacker sent do to complete it's tasks?

Answer:

  1. What are your recommended mitigation strategies?
  2. Answer:
  3. List your third-party references.
  4. Answer:

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Computer Network Questions!

Q:

1. You get an email from Mickey Mouse about a free trip for two to Walt Disney World. You just have to forward the email to 10 people. What kind of attack does this describe? A. shoulder surfing ...

Q:

A researcher is interested in whether a self-esteem intervention could affect academic achievement. She decides to test her prediction that providing six brief (5-minute) self-esteem interventions...

Q:

Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...

Q:

Informative Speech Critique Evaluating Rhetorical Choices You may just number the questions and add a paragraph or two to answer - 1. Did you find the speaker credible? Why or why not? 2. Did the...

Q:

Lauren Turk is reviewing Francesca Toy's financial statements in order to estimate its sustainable growth rate. Using the information presented in Exhibit: a. (1) Identify and calculate the three...

Q:

Xecor makes several drugs, including Anxless, approved by the FDA for the treatment of anxiety. Recent studies sponsored by Xecor indicate that Anxless may be a promising treatment for hypertension....

Q:

=+33. Gross domestic product diagnostics. In Chapter 17, Exercise 33 we found a model for GDP per Capita from three country characteristics: Cell phones/100 people, Internet Users/100 people, and...

Q:

Refer to the bond details in Problem 14-4B. Required 1. Compute the total bond interest expense over the bonds life. 2. Prepare an effective interest amortization table like the one in Exhibit 14B.2...

Q:

Franklin Inc. fabrica tuberas y aplica costos indirectos de fabricacin a la produccin a una tasa de costo indirecto presupuestado de $18 por hora de mano de obra directa. Los siguientes datos se...

Q:

37m left H ALL O 1 2 3 4 5 7 8 5. Minimum Processing Time A computing cluster has multiple processors, each with 4 cores. The number of tasks to handle is equal to the total number of cores in the...

Q:

Use the following selected data from Business Solutions's income statement for the three months ended March 31, 2022, and from its March 31, 2022, balance sheet to complete the requirements. Computer...

Q:

What is the meaning and definition of E-Business?

Q:

Ajith Co. reported $850,000 in Sales, $ 246000 in Cost of Goods Sold, and Net Income of $150,000. What were ajith Co.s Operating Expenses? A. $345000 B. $454000 C.$654000 D.$246000

Q:

1.When was the Declaration of Independence signed? 2. The United States bought Alaska from which country? 3.Who was the fourth president of the United States? 4.In what year was the Vietnam Veterans...

Q:

Why don't we use y (gama) rays to study the interior of the objects, instead of using x-rays? Because similar to x-rays, y-rays are also not deflected by the electric and magnetic fields and also...

Q:

Can external sound vibrations be manipulated to induce sensations within the body?

Q:

SSC is considering another project: the introduction of a "weight loss" smoothie. The project would require a $3.3 million investment outlay today (t = 0). The after-tax cash flows would depend on...

Q:

Chapter 9 Stock Valuation at Ragan Engines Input area: Shares owned by each sibling Ragan EPS Dividend to each sibling Ragan ROE Ragan required return Blue Ribband Motors Corp. Bon Voyage Marine,...

Q:

Suppose P(A) .55, P(B) .32, and P (AB) .20. (a) Determine all the probabilities needed to fill in the accompanying table. (b) Find the conditional probability of A given that B does not occur. B B A...

Q:

In a shipment of 12 room air conditioners, there are 3 with defective thermostats. Two air conditioners will be selected at random and inspected one after another. Find the probability that: (a) The...

Q:

For two events A and B, the following probabilities are given. P(A) .4 P (B) .25 P(AB) .7 Use the appropriate laws of probability to calculate (a) P(A) (b) P(AB) (c) P(A U B)