NerisBot Lab
Last updated
Last updated
First, let's see the available indexes.
#OR
From Settings -> Indexes.
Next, let's see the sourcetypes that we have.
Q1) Can you identify the IP address from which the initial unauthorized access originated?
Answer: 195.88.191.59
Q2) What is the domain name of the attacker server?
Answer: nocomcom.com
Q3) What is the IP address of the system that was targeted in this breach?
Answer: 147.32.84.165
Q4) Identify all the unique files downloaded to the compromised host. How many of these files could potentially be malicious?
Answer: 5
Q5) What is the sha256 hash of the malicious file disguised as a txt file?
Let's search by the sha1 on Virustotal to get the sha256.
Answer: 6fbc4d506f4d4e0a64ca09fd826408d3103c1a258c370553583a07a4cb9a6530