Indicator of Compromise (IOC) Home Cybersecurity Dictionary Indicator of Compromise (IOC) IOCs are clues to compromise or pieces of forensic data, system log entries or files, that can be considered unusual and may identify potentially malicious activity on a system or network. Virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers are some classic IOCs. Some include unusual outbound network traffic, anomalies in privileged user account activity, others log in red flags (to accounts that don't exist, or after hours), swells in database read volume, HTML response sizes (if SQL injection is used to extract data), large numbers of requests for the same file (indicating trial and error), mismatched port-application traffic (unusual ports), suspicious registry or system file changes, DNS request anomalies (large spikes), and geographical irregularities. Related TermsCTI - Cyber Threat IntelligenceTTPs - Tactics, Techniques, and Procedures Share: Seeking Clarity? View the Cybersecurity Dictionary for top terms searched by your peers. Back to the Dictionary RELATED INSIGHTS BLOG January 24, 2019 IoC and IoA: Indicators of Intelligence Intelligence seems to be full of three-letter acronyms, including Indicators of Compromise (IoC) and Indicators of Attack (IoA). The difference betwee... See Details Read more about IoC and IoA: Indicators of Intelligence BLOG July 06, 2017 Indicators of Compromise (IOCs) are Not Intelligence When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence b... See Details Read more about Indicators of Compromise (IOCs) are Not Intelligence BLOG January 19, 2017 TTPs Within Cyber Threat Intelligence TTPs are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” See Details Read more about TTPs Within Cyber Threat Intelligence How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.