Exam 350-201 topic 1 question 42 discussion

Crossrider is unwanted app and not realted with PS/script interpreters. In AMP4E console IoC list, ExecutedMalware.IoC describes it as malicioud file executed. Answer is A

IOC triggered by executing a known malicious file = ExecutedMalware.ioc

ChatGPT: Since the IOC event is related to a known malicious file being executed, the most fitting indicator would be ExecutedMalware.ioc.

took the test last week, this is a test question

Without more information on the IOC event, it is not possible to determine which indicator generated it. However, the fact that a known malicious file has been executed suggests that the ExecutedMalware.ioc may have been triggered. - ChatGPT

From the Cisco website; As an example, if the following malicious file is executed, it will be detected as "Cloud IOC ExecutedMalware.ioc". So Answer is A

Crossrider.ioc Crossrider is a an Adware variant that targets Mac with the intent of displaying ads. It also changes the default home page of Safari and Chrome browsers. W32.AccesschkUtility.ioc Accesscheck is a Windows utility that lets users check for access rights on resources including files, directories, registry keys, global objects and Windows services. This utility could be used by malware or threat actors with malicious intent such as collection of information necessary for privilege escalation on the compromised host. This indicator monitors for accesschk tool used with suspicious options that suppress errors and dialog boxes. ExecutedMalware.ioc A known malicious file was executed. This increases the likelihood of a successful breach and this event should be promptly investigated. Answer is A

Correct. B.

I believe B is correct since Crossrider is malware. This malware is part of the Adware family.