Indicators Of Compromise Flashcards
an artifact with high confidence the indicates an intrusion. It is a way to tell if a machine has been a victim of malware.
Indicators of compromise
Common Definition: Its specific address of a webpage within that domain.
IOC use: Tracking the URLs or domains that malware uses can also be used to determine if a machine is infected.
URL’s/ Domains
Common Definition: refers to permanent data conversion into message digest while encryption works in two ways, which can encode and decode the data.
IOC use: files that are known to be malicious. This can help in identifying trojans and worms.
Hash
Common Definition: Unique numerical identifier for every device or network that connects to the internet.
IOC use: Tracking the _____which malware connects to can be used to determine if a machine is infected
IP address
Common Definition: refers to a unique term or name generated by anti- virus software to identify malicious code.
IOC use: Executables and other files can be scanned for specific sequences of bytes which are unique to a particular virus. In this way even if the malware is hiding within another file, it can still be detected
Virus definition/ Signature