Threat index
Threat Index¶
You are monitoring data streams exiting suspicious TOR nodes, believed to be part of the Empire of Volnaya’s covert APT infrastructure. As Talion “Little Byte” Reyes you’ve been assigned to identify and evaluate indicators of compromise embedded in the exfiltrated traffic.
Your job is to scan each stream for high-risk keywords associated with known attack patterns linked to Operation Blackout.
Each keyword has a weight representing its severity, based on intelligence recovered from earlier breaches. The more often a keyword appears — and the higher its weight - the greater the threat posed by that stream. The data stream contains only lowercase letters and digits.
You must calculate the threat score of each stream using the formula:
_threat score = Σ (occurrences of keyword × keyword weight)_
Here is the list of all the keywords and their associated weight:
KEYWORD -> WEIGHT
"scan" -> 1
"response" -> 2
"control" -> 3
"callback" -> 4
"implant" -> 5
"zombie" -> 6
"trigger" -> 7
"infected" -> 8
"compromise" -> 9
"inject" -> 10
"execute" -> 11
"deploy" -> 12
"malware" -> 13
"exploit" -> 14
"payload" -> 15
"backdoor" -> 16
"zeroday" -> 17
"botnet" -> 18
30 <= data stream length <= 10^6
Example Input: payloadrandompayloadhtbzerodayrandombytesmalware
Calculating the threat score:
threat score = 2 * 15 + 17 + 13 = 60
Gotcha