Section 3.4 Indicators of Compromise
An indicator of compromise (IoC) is an artifact with high confidence the indicates an intrusion. It is a way to tell if a machine has been a victim of malware. IoCs are publicly communicated by security professionals in an effort to help mitigate the effects of malware.
Subsection 3.4.1 Common IoC Types
A Hash: of files that are known to be malicious. This can help in identifying trojans and worms.
IP addresses:Tracking the IP addresses which malware connects to can be used to determine if a machine is infected.
URLs/Domains:Tracking the URLs or domains that malware uses can also be used to determine if a machine is infected.
Virus definition/signature:Executables and other files can be scanned for specific sequences of bytes which are unique to a particular virus. In this way even if the malware is hiding within another file, it can still be detected.
You have attempted 1 of 1 activities on this page.
