Skip to main content
Indicator of Compromise (IOC)

Indicator of Compromise (IOC)


Indicator of Compromise (IOC)

IOCs are clues to compromise or pieces of forensic data, system log entries or files, that can be considered unusual and may identify potentially malicious activity on a system or network.

Virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers are some classic IOCs. Some include unusual outbound network traffic, anomalies in privileged user account activity, others log in red flags (to accounts that don't exist, or after hours), swells in database read volume, HTML response sizes (if SQL injection is used to extract data), large numbers of requests for the same file (indicating trial and error), mismatched port-application traffic (unusual ports), suspicious registry or system file changes, DNS request anomalies (large spikes), and geographical irregularities.

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.

Explore the Dictionary

Related Assets

January 24, 2019

IoC and IoA: Indicators of Intelligence

Intelligence seems to be full of three-letter acronyms, including Indicators of Compromise (IoC) and Indicators of Attack (IoA). The difference betwee...

See Details

July 06, 2017

Indicators of Compromise (IOCs) are Not Intelligence

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence b...

See Details

January 19, 2017

Tactics, Techniques and Procedures (TTPs) Within Cyber Threat Intelligence

TTPs is a great acronym that many are starting to hear about within cyber security teams but few know and understand how to use it properly within a c...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.