Indicator of compromise

Indicator of compromise (IoC) is an artifact in IT forensics which, with a high degree of probability, indicates unauthorized access to a computer.

Types of indicators

Typical IoC are

Checksums of malware files
Virus signatures
IP addresses and domain name system records, e.g. B. from participating command and control servers
Urls

Once IoCs have been identified, they can be used for the early detection of future attacks, e.g. B. in intrusion detection systems and anti-virus programs .

Individual evidence

↑ Will Gragido: Understanding Indicators of Compromise (IoC) Part I . RSA. October 3, 2012. Archived from the original on September 14, 2017. Info: The archive link has been inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved August 2, 2019. @1@ 2

[1] Will Gragido: Understanding Indicators of Compromise (IoC) Part I . RSA. October 3, 2012. Archived from the original on September 14, 2017. Info: The archive link has been inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved August 2, 2019. @1@ 2