https://cyberdefenders.org/blueteam-ctf-challenges/malware-traffic-analysis-2/

Q1: What is the IP address of the Windows VM that gets infected?

172.16.165.132

network miner show the os and we only have one windows

Screenshot 2025-03-12 052140.png

Q2: What are the IP address and port number that delivered the exploit kit and malware?

37.143.15.180:51439

Screenshot 2025-03-12 052611.png

in brim filter with the victim ip

Q3: What are the two FQDN's that delivered the exploit kit? comma-separated in alphabetical order.

g.trinketking.com, h.trinketking.com

Screenshot 2025-03-12 052812.png

open pcap with network miner and look with the ip from previous question you could also filter the ip with dns or http

Q4: What is the FQDN of the compromised website?

hijinksensue.com

Screenshot 2025-03-12 053030.png

filter with the attacker ip and http