# 2014-11-16 What is the IP address of the Windows VM that gets infected? Answer: 172.16.165.165

What is the host name of the Windows VM that gets infected? Answer: K34EN6W3N-PC<00>

What is the MAC address of the infected VM? Answer: f0:19:af:02:9b:f1

What is the IP address of the compromised web site? Answer:

What is the domain name of the compromised web site? Answer:

What is the IP address and domain name that delivered the exploit kit and malware? Answer:

What is the domain name that delivered the exploit kit and malware? Answer:

What is the redirect URL that points to the exploit kit (EK) landing page? Answer:

Besides the landing page (which contains the CVE-2013-2551 IE exploit), what other exploit(s) sent by the EK? Answer:

How many times was the payload delivered? Answer:

Submit the pcap to VirusTotal and find out what snort alerts triggered. What are the EK names are shown in the Suricata alerts? Answer:

Checking my website, what have I (and others) been calling this exploit kit? Answer: What file or page from the compromised website has the malicious script with the URL for the redirect? Answer:

Extract the exploit file(s). What is(are) the md5 file hash(es)? Answer: