Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
A) The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible
B) The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information
C) There is a possible data leak because payloads should be encoded as UTF-8 text
D) There is a malware that is communicating via encrypted channels to the command and control server

Question

Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
A) The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible 
B) The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information 
C) There is a possible data leak because payloads should be encoded as UTF-8 text 
D) There is a malware that is communicating via encrypted channels to the command and control server

Quizplus · Accepted Answer

The Answer of  Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
A) The extension is not performing as intended because of restrictions since ports 80 and 443 should be accessible 
B) The traffic is legitimate as the google chrome extension is reaching out to check for updates and fetches this information 
C) There is a possible data leak because payloads should be encoded as UTF-8 text 
D) There is a malware that is communicating via encrypted channels to the command and control server

Refer to the Exhibit