In this video walkthrough, we covered investigating malware / ransomware usb attacks with splunk to unleash artifacts related to the nature of the incident. This training is part of splunk SIEM Boss of the SOC v2 300 series questions.
Room Questions and Answers
There is a Games of Thrones movie file that was encrypted as well. What season and episode is it?
Kevin Lagerfield used a USB drive to move malware onto kutekitten, Mallory’s personal MacBook. She ran the malware, which obfuscates itself during execution. Provide the vendor name of the USB drive Kevin likely used. Answer Guidance: Use time correlation to identify the USB drive.
What programming language is at least part of the malware from the question above written in?
When was this malware first seen in the wild? Answer Guidance: YYYY-MM-DD
The malware infecting kutekitten uses dynamic DNS destinations to communicate with two C&C servers shortly after installation. What is the fully-qualified domain name (FQDN) of the first (alphabetically) of these destinations?
From the question above, what is the fully-qualified domain name (FQDN) of the second (alphabetically) contacted C&C server?