Malware Indicators

An accounting department reports that all their critical files have had their file extensions renamed to ".HACKED". They can no longer view the contents of the files. A note appears in a .txt file demanding payment in Bitcoin within 72 hours to unlock the files. Performance monitoring shows extreme disk activity during the overnight hours. Which threat classification matches these indicators?

Multiple users contact the IT help desk complaining that they are experiencing incredibly slow connections to internal files and resources. In some cases, internal websites do not load at all. Other users are having problems logging into their accounts. Which type of attack is most likely taking place?

After investigating a breach, analysts find that a malicious program automatically restarts every time the operating system launches by adding a configuration setting called "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". Which persistence mechanism is the attacker using?

A network administrator discovers a malware infection on the company's network. The malware has gained NT AUTHORITY/SYSTEM-level privileges. It is also deleting log files in an apparent attempt to avoid being discovered. What type of malware is the network administrator dealing with?

A website allows users to post comments that are displayed to all visitors. An attacker submits a comment containing malicious JavaScript that steals session cookies from anyone who views the page. The script executes automatically for every visitor. Which attack is occurring?

An organization notices that when a staff member tries to access a legitimate banking website, they are redirected to a malicious IP address controlled by attackers. The local DNS file on the employee's Windows workstation shows unauthorized entries mapping legitimate domains to malicious IP addresses. What best describes this attack?

A developer's workstation shows consistently high CPU usage at 95% even when no applications are running. The system fan runs constantly, battery drains rapidly, and electricity costs have increased. Which threat is most likely consuming the system resources?

Which of the following best describes an industry-standard framework that maps adversary TTPs to real-world techniques?

An employee installs a popular video game on their company workstation. The game works normally but is also bundled with an application that creates pop-up advertisements on the employee's screen, advertising various products. The bundled application does not appear to be malicious. What is the BEST description for this situation?