Indicator of compromise
Types of indication
Typical IoCs are virus signatures and IP addresses, MD5 hashes of malware files, or URLs or domain names of botnet command and control servers. After IoCs have been identified via a process of incident response and computer forensics, they can be used for early detection of future attack attempts using intrusion detection systems and antivirus software.
There are initiatives to standardize the format of IoCs for more efficient automated processing. Known indicators are usually exchanged within the industry, where the Traffic Light Protocol is being used.
- Gragido, Will (October 3, 2012). "Understanding Indicators of Compromise (IoC) Part I". RSA. Archived from the original on September 14, 2017. Retrieved June 5, 2019.
- "The Incident Object Description Exchange Format". RFC 5070. IETF. December 2007. Retrieved June 5, 2019.
- "Introduction to STIX". Retrieved June 5, 2019.