ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > IoC (indicator of compromise) 🟩 Tool

IoC (indicator of compromise) 🟩 Tool

The IoC (Indicators of Compromise) , Or indicators of compromiseThese are pieces of information that can be used to identify malicious or suspicious activity in a computer system or network. These indicators are mainly used to detect intrusions, malware infections, hacking attempts or any other form of cyber attack.

👉 Types of IoC

IoCs can include a variety of specific data, such as :

  1. IP addresses IP addresses known to be associated with malicious activities, such as command and control (C2) servers used by attackers.
  2. Domains and URLs Malicious domain names or web links used to distribute malicious software or steal sensitive information.
  3. File hash MD5, SHA-1 or SHA-256 fingerprints (hashes) of malicious files to identify potentially dangerous programs.
  4. File or process names Unusual file or process names or names known to be associated with malicious software.
  5. Data exfiltration strategies Abnormal behaviour such as massive data transfers to unknown or unauthorised destinations.
  6. Changes to system configurations For example, modifying Windows registries or adding new entries to start-up scripts.
  7. Temporary or log files The presence of unusual temporary files or log entries that indicate suspicious activity.
  8. Email addresses : Email addresses used in phishing or to send malicious attachments.
  9. Obfuscation techniques The use of methods to hide malicious code, such as encryption or packing.

IoCs are essential for security teams because they enable :

  • Quickly identify active threats in an environment.
  • Respond more effectively by isolating compromised systems.
  • Implement proactive measures to prevent future intrusions.
  • Improve detection capabilities through continuous learning from past attacks.

However, it is important to note that IoCs generally focus on retroactive signals, i.e. they identify traces after an intrusion has taken place. For this reason, they need to be combined with other cybersecurity approaches, such as behaviour-based detection techniques (as opposed to fixed signatures), to identify advanced and evolving threats.

Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity