Based on the IoCs created and the netstat output, which of the following types of malware is present?

Posted by: Pdfprep Category: SY0-501 Tags: , ,

A user’s laptop is experiencing general slowness following the user’s return from an extended time out of the office. After a week, the security team looks at the laptop, but nothing appears out of order. The only noticeable issue is that svchost.exe keeps launching even after the security team kills the process. After running netstat , the team notes svchost.exe is listening on port 443.

Using an IoC creation tool, a security analyst does the following:

OR–

File MD5 contains adf321122abce28873aad3e12f262a12c

AND

PROCESS name contains svchost.exe

PROCESS arguments does not contain -k

AND

FILENAME contains svchost.exe

FILE DIRECTORY is not %system32%

Based on the IoCs created and the netstat output, which of the following types of malware is present?
A . Backdoor
B . Crypto-malware
C . Rootkit
D . Logic bomb

Answer: C

Leave a Reply

Your email address will not be published.