Look At Closer.docx
Look At Closer
Document listing specific suspicious patterns and indicators of compromise.
This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
-
Q: What is the source of the patterns listed in this document?A: Private email from James Butterworth (Sands Corp).
-
Q: What file property pattern is listed as suspicious?A: PE Checksum = "0".
-
Q: What specific URL strings should be watched?A: Any URL that contains "HXXP" or "H00P".
-
Q: What registry key is mentioned for autostart?A: HKLM.../Current Version/Run.
-
Q: What is a suspicious indicator regarding file archives?A: Any file archive larger than 2Gb (Zip/Rar/Etc).
-
Q: What user behavior is flagged regarding RDP?A: User logging into another machine via RDP (excluding Admin Accounts).
-
Q: What service query is listed as suspicious?A: Service queries "http://ipinfo.io/".
-
Q: What indicator relates to IRC?A: Open IRC Connections (Sessions) - Not using common IRC Ports.
-
Q: What pattern indicates a 'Hidden' service?A: Service Flagged as "Hidden".
-
Q: What file extensions are mentioned in the context of stolen signing certificates?A: ".CN" or ".KR".
Ask a question
Have a doubt or need clarification?
I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.
Thank you!
I have received your message and I shall get back to you shortly.