1.1 Analyze indicators of compromise and determine the type of malware.

Question 1

Viruses

Answer 1

A type of malware designed to replicate and spread from computer to computer.

Question 2

Crypto-Malware

Answer 2

Class of ransomware which encrypts data files. The user will be unable to access there files without the private encryption key. Only mitigation technique is to have up-to-date backups of encrypted files.

Question 3

Ransomware

Answer 3

A type of Trojan malware that tries to extort money from the victim. Uses payment methods like wire transfer, gift cards.

Question 4

Worm

Answer 4

A memory-resident virus that replicates over a network. Rapidly consumes network bandwidth as the worm replicates.

Question 5

Trojan

Answer 5

A malware code concealed within an application package that the user thinks is benign.

Question 6

RAT

Answer 6

A backdoor Trojan. Mimics the functionality of legitimate remote control programs. Once installed, the attacker can access the PC, upload files and install software.

Question 7

Backdoor

Answer 7

RAT’s. Backdoors may be created for testing or by misconfiguraion

Question 8

Rootkit

Answer 8

A class of backdoor malware that is hard to detect and remove. Rootkits change core system files and programming interfaces, so that shell processes and port scanning tools no longer reveal their presence.

Question 9

Keylogger

Answer 9

Spyware/Trojans that attempt to steal information via keystrokes.

Question 10

Adware

Answer 10

Any type of software or browser plug-in that displays commercial offers and deals

Question 11

Spyware

Answer 11

A program that monitors user activity and sends the information to someone else.

Question 12

Logic Bomb

Answer 12

Malware that is configured to run after a user event. I.e. a disgruntled sys admin who leaves a scripted trap that runs after he is terminated.