A user received an email attachment named “Hr405-report2609-empl094.exe” but did not run it.
Which category of the cyber kill chain should be assigned to this type of event?
A. installation
B. reconnaissance
C. weaponization
D. delivery
A user received an email attachment named “Hr405-report2609-empl094.exe” but did not run it.
Which category of the cyber kill chain should be assigned to this type of event?
A. installation
B. reconnaissance
C. weaponization
D. delivery
Installation won’t be the correct answer. The exploitation phase comes before the installation phase, and the end user runs the exploit during the exploitation phase. Hence, the best answer is D – Delivery.