-
Notifications
You must be signed in to change notification settings - Fork 39
/
DemonstrationCaseReport.txt
executable file
·64 lines (42 loc) · 2.75 KB
/
DemonstrationCaseReport.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Demonstration Report
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque scelerisque pellentesque volutpat.
Curabitur sed orci orci. Curabitur consectetur, ligula ut elementum elementum, lorem lorem faucibus
leo, a facilisis leo neque sed diam. Mauris lacus est, iaculis in adipiscing eget, condimentum nec velit.
Vivamus placerat facilisis nunc, ac consequat eros interdum in. Vestibulum eget molestie erat. Integer
purus nisl, bibendum id suscipit non, dapibus id turpis. Maecenas elit mi, fringilla et rutrum non, mollis
eu risus. Integer quis velit urna. Proin non leo velit. Suspendisse eget urna justo, in scelerisque dolor.
Curabitur egestas suscipit urna ut sagittis.
Victim Systems
10.0.0.3 Web Server: www.victimcompany.com
10.0.0.4 Database Server
10.0.0.5 Active Directory Server
Victim System Memory MD5 Hashes
10.0.0.3 83a4a96aed96436c621b9809e258b309
10.0.0.4 bf8558ea6a71a67be587aef9904191ab
10.0.0.5 f429e42d1c9733138284b0ce427fe77f
Nulla viverra gravida adipiscing. Nullam vel sem dolor, et tincidunt orci. Nunc sollicitudin condimentum
ligula, sit amet auctor dolor mattis in. Suspendisse nec egestas dolor. Aliquam et quam ante, pretium
tincidunt eros. Aliquam et felis quis metus feugiat dignissim sed ut justo. Suspendisse ac purus ut lacus
sodales pulvinar nec at libero. Mauris eu auctor mauris. Integer ultricies cursus dui a dignissim. Sed eu
ullamcorper metus. Phasellus id tempus lectus.
Attacker IP Addresses
123.123.123.123 Iran
234.234.234.234 North Korea
231.231.231.231 United States
The attackers used the following malware.
Killer virus 8b3a213efc74e56b297439f9ffef8c40
Even worse virus 2e60f25998cbc0dfc64d6b1745780af7
The attackers also used a phishing attack. They sent email from [email protected] that directed
victims to a website, www.givemeyourmoney.com. The phishing page was located at
www.givemeyourmoney.com/giveithere.html.
Phasellus ac nibh a turpis cursus vestibulum eget quis mauris. Curabitur tempor iaculis nunc vitae
vehicula. Mauris eget libero vitae enim cursus auctor. Aliquam nec neque velit. Vestibulum ante ipsum
primis in faucibus orci luctus et ultrices posuere cubilia Curae; Sed quis massa sit amet justo adipiscing
venenatis ac vel mi. Donec laoreet aliquet viverra. Sed accumsan pharetra venenatis. Vivamus ac lacus
sed libero imperdiet accumsan. Donec blandit fringilla sem, id pretium dolor lacinia vitae. Cum sociis
natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Nam imperdiet dapibus
massa non condimentum.
After the attack, the victim put up an apology page at www.victimcompany.com/wearesorry.htm.
Customer Information:
John Q. Customer