Indicators of Compromise
Indicators of Compromise (IOC) as they are commonly known are the symptoms that confirm the presence of the malware malady. Essentially, from a network forensics' perspective, these are artifacts (or a remnant from an intrusion) that, when discovered on a system or network, indicate a compromise with a high degree of confidence. There are malware-specific IOC and specialized tools such as YARA (http://plusvic.github.io/yara/) that help in identifying the existence of malware based on searches for these IOC.
Typically, IOC include known rogue IP addresses, virus signatures, MD5 hashes of malware, known bad URLs or domain names, and so on.
To promote standardization, a number of open frameworks are available. However, no framework can claim to be the de facto standard. The two most important frameworks are as follows:
Open IOC: This stands for Open Indicators of Compromise. This framework is promoted by Mandiant and is available at http://www.openioc.org/. This is...
