Cisco CyberOps Professional 350-201 Question # 23 Topic 3 Discussion
350-201 Exam Topic 3 Question 23 Discussion:
Question #: 23
Topic #: 3
Refer to the exhibit.
An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?
A.
The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
B.
The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
C.
The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
D.
The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
The indicator of compromise (IoC) for the malware in question is that it has routines for encryption and decryption, which are used to conceal URLs/IP addresses. Additionally, it is capturing keystrokes and webcam events, and storing this data in encrypted files locally on the company server. This behavior is indicative of malware that is designed to stealthily collect and exfiltrate sensitive information without being easily detected. The use of encryption helps to hide the data and the destination to which it may be sent, making it more challenging for security systems to identify and block the malicious activity.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit