The exhibit contains STIX (Structured Threat Information Expression) formatted threat intelligence indicating:
A phishing indicator related to the domain: apponline-8473.xyz
Associated malicious IP addresses: 164.90.168.78 and 199.19.224.83
Labelled as "malicious-activity" with "xfe-threat-score-10"
Based on this:
Option B is correct: The IP addresses explicitly listed in the pattern field should be blacklisted to prevent command-and-control or malicious connections.
Option C is correct: The domain apponline-8473.xyz is also listed and flagged as involved in phishing, so DNS and firewall rules should block access to and from this domain.
Options A and E are too broad or speculative; the data specifies a specific domain, not a generic block on all emails or URLs. Option D refers to a label used for classification and not a directly actionable item.
Therefore, the correct answers are: B and C.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit