1. Malware and IOC

Question 1

malware

Answer 1

Software designed for some nefarious purpose.

Question 2

polymorphic malware

Answer 2

It changes its code after each use, making each replicant different from a detection point of view.

Question 3

virus

Answer 3

A piece of malicious code that replicates by attaching itself to another piece of executable code.

Question 4

armored malware

Answer 4

The process of making malware more difficult to reverse engineering, such as encryption.

Question 5

crypto-malware

Answer 5

Malware that encrypts files on a system and leaves them unusable, permanently or until some ransom paid.

Question 6

worm

Answer 6

Pieces of code that attempt to penetrate networks and computer systems. Once in, it will create a new copy of itself on the system. Does not rely on attachment to another piece of code or file. It can “survive” on its own.

Question 7

trojan horse

Answer 7

A software that appears to do one thing (and often does), but hides some other functionality. A standalone program that must be copied and installed by the user.

Question 8

define: rootkit

Answer 8

Malware that is designed to modify the operation of the operating system to facilitate nonstandard functionality. It can do virtually anything the OS does. It can modify the system kernel and supporting functions.

Question 9

describe: rootkit forms

Answer 9

It can load before the OS loads, acting as a virtualization layer. They can exist in firmware of video cards and expansion cards. They can exist as a loadable library module, changing ports of the OS from outside the kernel.

Question 10

list: 5 types of rootkits

Answer 10

firmware
virtual
kernel
library
application

Question 11

adware

Answer 11

Software supported by advertising.

Question 12

spyware

Answer 12

Software that spies on users, recording and reporting on their activities.

Question 13

bot

Answer 13

A piece of software that performs some task, under the control of another program.

Question 14

define: RAT

Answer 14

Remote access trojan - a toolkit that provides the capability of covert surveillance and/or the ability to gain unauthorized access.

Question 15

distinction of RAT

Answer 15

Rather than being just a program, there is an operator behind it, guiding it to do more persistent damage.

They typically involve the creation of hidden file structures on a system and are vulnerable to detection.

Question 16

logic bomb

Answer 16

A piece of code that sits dormant for a period of time, until some event invokes a malicious payload.

Question 17

list at least 5: IOC

Answer 17

Unusual outbound network traffic
Anomalies in privileged user account activity
Geographical irregularities in network traffic
Account login red flags
Increases in database read volumes
HTML response sizes
Large numbers of requests for the same file
Mismatched port-app traffic
Encrypted traffic on plain ports
Suspicious registry or system file changes
Unusual DNS requests
Unexpected patching of system
Mobile device profile changes
Bundles of data in wrong place
Web traffic with non-human behavior
Signs of DDoS activity, even if temporary