• Source: Indicator of compromise

Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.




Types of indication


Typical IoCs are virus signatures and IP addresses, MD5 hashes of malware files, or URLs or domain names of botnet command and control servers. After IoCs have been identified via a process of incident response and computer forensics, they can be used for early detection of future attack attempts using intrusion detection systems and antivirus software.




Automation


There are initiatives to standardize the format of IoC descriptors for more efficient automated processing. Known indicators are usually exchanged within the industry, where the Traffic Light Protocol is being used.




See also


AlienVault
Mandiant
Malware
Malware Information Sharing Platform




References

Kata Kunci Pencarian:

• CVE-2021-26855
• Bahasa Moldova
• Indicator of compromise
• Indicator
• ATT&CK
• Cyber threat hunting
• IOC (disambiguation)
• Cyber threat intelligence
• Malware analysis
• Traffic Light Protocol
• MISP Threat Sharing
• AnyDesk