A logic bomb is malware or malicious code that is deliberately planted within a system and configured to execute when a specific condition is met, such as a particular date and time, a user action, or the presence or absence of a file. CEH materials describe logic bombs as condition-based triggers that can remain dormant for extended periods, producing minimal indicators until the trigger occurs. The most decisive clue in this scenario is the “scheduled task set to a specific date,” followed by abnormal behavior that appears only after that date passes. This is a textbook trigger mechanism used to activate malicious actions while avoiding early detection.

The “odd email from an unfamiliar source” suggests an initial delivery or social engineering vector, but the core behavior is the delayed activation. The later “faint increase in network activity only after the scheduled date passed” aligns with a logic bomb executing a payload such as beaconing, data exfiltration, or enabling remote access. The “unusual code traces on a dormant workstation” further supports the idea of implanted code that was inactive until triggered.

Fileless malware emphasizes execution in memory using legitimate tools such as PowerShell or WMI and is defined more by its living-off-the-land technique than by a date-based trigger. An APT describes a broader campaign style involving long-term, multi-stage intrusion, not a single defining trigger artifact. Ransomware is characterized by encryption and extortion behavior, which is not described. Therefore, the threat is best characterized as a logic bomb.