Analyzing Indicators of Compromise & Determining Malware Types

Analyzing Indicators of Compromise & Determining Malware Types

Three main areas of malware:

  • Ads / Spyware / Marketing
  • Remote Access / Keyloggers
  • Remote Attacks / DDoS

Indicator of Compromise

Artifacts observed that indicate a computer intrusion (e.g. unusual outbound network traffic, DNS anomalies, anomalies in privileged user account activity, etc.)


Malware that requires user interaction to install and replicate.
Ex: Stuxnet

Crypto-malware / Ransomware

Malware that scare/scam users into taking some type of action.
Ex: WannaCry


Self replicating program that usually self-contained and can execute and spread without user interaction.


Seemingly friendly software that contains hidden malicious software.
Ex: Sub7, Back Orifice, etc.


Malicious code that install itself at the OS or Kernel level to avoid detection. Hard to get rid of because they load before the OS loads and they can disable anti-virus and anti-malware.


Malicious application that once installed captures all keystrokes such as credentials, chats, emails, etc.


Malware that is installed on an infected machine to deliver ads.


Malware that captures user activity (i.e. keystrokes, web browsing activity, etc.) and reports back.


Malware that connects to one or more command & control (C&C) servers to control thousands of bots for massive DDoS attacks.

Logic Bomb

Piece of malicious code that triggers after a period of time based on some date or specific activity.


Software that installs for the purpose of opening ports and installing additional software. They can phone home, steal creds, install keylogger, etc.

Show Comments