Back to glossary

Indicators of Compromise

Evidence or artifacts found on a network or operating system that indicate a high probability of a security breach.

AbbreviationIoC
Categorysecurity

Overview

Indicators of Compromise (IoCs) are 'digital breadcrumbs' that suggest a system has been breached. Security professionals use IoCs to detect ongoing attacks, investigate past incidents, and share threat intelligence with the wider community.

Common Examples

  • Malicious File Hashes: Unique identifiers for known malware files.
  • IP Addresses/Domains: Connections to known command-and-control (C2) servers.
  • Unusual Network Traffic: Large data transfers to unfamiliar locations or at odd hours.
  • Registry Changes: Unauthorized modifications to system configuration files.

Importance

IoCs are reactive in nature; they help identify an attack that has already occurred or is currently in progress. They are essential for incident response and forensic investigations.

Related Terms

Indicators of AttackThreat IntelligenceDigital ForensicsAdvanced Persistent Threat