Warzone 2 walkthrough

What was the alert signature for A Network Trojan was Detected?

ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2

What was the alert signature for Potential Corporate Privacy Violation?

ET POLICY PE EXE or DLL Windows file download HTTP

What was the IP to trigger either alert? Enter your answer in a defanged format.

185[.]118[.]164[.]8

Provide the full URI for the malicious downloaded file. In your answer, defang the URI.

awh93dhkylps5ulnq-be[.]com/czwih/fxla[.]php?l=gap1[.]cab

What is the name of the payload within the cab file?

draw.dll

What is the user-agent associated with this network traffic?

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E)

What other domains do you see in the network traffic that are labelled as malicious by VirusTotal? Enter the domains defanged and in alphabetical order. (format: domain[.]zzz,domain[.]zzz)

a-zcorner[.]com,knockoutlights[.]com

There are IP addresses flagged as Not Suspicious Traffic. What are the IP addresses? Enter your answer in numerical order and defanged. (format: IPADDR,IPADDR)

64[.]225[.]65[.]166,142[.]93[.]211[.]176

For the first IP address flagged as Not Suspicious Traffic. According to VirusTotal, there are several domains associated with this one IP address that was flagged as malicious. What were the domains you spotted in the network traffic associated with this IP address? Enter your answer in a defanged format. Enter your answer in alphabetical order, in a defanged format. (format: domain[.]zzz,domain[.]zzz,etc)

safebanktest[.]top, tocsicambar[.]xyz, ulcertification[.]xyz

Now for the second IP marked as Not Suspicious Traffic. What was the domain you spotted in the network traffic associated with this IP address? Enter your answer in a defanged format. (format: domain[.]zzz)

2partscow[.]top