Skip to main content

Module 1. Analyzing Indicators of Compromise and Malware Types

Indicators of Compromise (IOC)#

IOC's are are artefacts observed that indicate a computer intrusion. Some examples are

  • Unusual outbound traffic
  • DNS request anomalies
  • Port-Application mismatch
  • Anomalies in privileged account use

Virus#

Malicious code that requires user interaction to install and replicate, like downloading an application or clicking on an executable.

Crypto-malware/Ransomware#

Malicious applications that scare or scam users into taking some action, typically paying the create of the malware for removal of the malware or decrypting files.

Worms#

A self replicating program that can execute and spread without user interaction

  • Network Service Worms: exploits network vulnerabilities to spread and infect others
  • Mass Mailing Worms: exlpoits mailing systems to infect others

Trojan#

A seemingly friendly piece of software that contains malicious software. Can also be know as a Remote Access Tool (RAT)

Rootkits#

malicious code that installs itself at the OS or kernel level

Keyloggers#

Malicious applications that will record all keystrokes

Adware#

malicious application that is designed to deliver ads

Spyware#

a type of application that captures user activity and reports back to the bad actor

Botnets#

malicious code that infects a large number of hosts for the purpose of launching large scale attacks on specific targets.

Logic Bomb#

Malicious code that deploys after some time or specific activity

Backdoors#

Software that installs for the purpose of opening ports to install additional software or allow remote access