An employee abused PowerShell commands and script interpreters, which lead to an indicator of compromise (IOC) trigger.
The IOC event shows that a known malicious file has been executed, and there is an increased likelihood of a breach.
Which indicator generated this IOC event?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The IOC event that has been triggered suggests that a known malicious file has been executed by an employee who abused PowerShell commands and script interpreters. This indicates that the employee's actions may have led to a breach in the organization's security.
Out of the given answer choices, the most likely indicator that generated this IOC event is option A, "ExecutedMalware.ioc." This is because the event suggests that a malicious file was executed, and the name "ExecutedMalware.ioc" suggests that the IOC event was triggered due to the execution of malware.
Option B, "Crossrider.ioc," suggests an IOC event related to the Crossrider adware, which is known to be a potentially unwanted program (PUP). While it is possible that an IOC event related to Crossrider could be triggered due to an employee's actions, it is less likely to indicate the execution of a known malicious file.
Option C, "ConnectToSuspiciousDomain.ioc," suggests an IOC event related to a network connection to a suspicious domain. While it is possible that an employee's actions could result in an IOC event related to a suspicious domain, it is less likely to indicate the execution of a known malicious file.
Option D, "W32.AccesschkUtility.ioc," suggests an IOC event related to the execution of the Accesschk utility, which is a legitimate Windows tool used for checking access permissions. While it is possible that an employee's actions could result in an IOC event related to Accesschk, it is less likely to indicate the execution of a known malicious file.
Therefore, the most likely answer is A, "ExecutedMalware.ioc."