A small example of Network and Host based indicators
ndicators of compromise (IOCs) are pieces of information that can be used to identify malicious activity or detect security incidents on a network or host. There are two main types of IOCs: host-based indicators and network-based indicators. Here are some examples of each:
Host-Based Indicators:
- File hashes: Unique hashes of malicious files can be used to identify the same file across multiple systems.
- File names and paths: Suspicious file names and paths can be used to identify potentially malicious files on a host.
- Registry keys: Changes to the Windows registry can indicate the presence of malware on a host.
- Running processes: Suspicious or unusual processes running on a host can indicate the presence of malware or other malicious activity.
- System logs: Anomalies or suspicious entries in system logs can indicate the presence of malicious activity.
Network-Based Indicators:
- IP addresses: Suspicious or known malicious IP addresses can be used to identify network traffic associated with malware or other malicious activity.
- Domain names: Suspicious or known malicious domain names can be used to identify network traffic associated with malware or other malicious activity.
- URL paths: Suspicious or known malicious URL paths can be used to identify network traffic associated with malware or other malicious activity.
- Network signatures: Unique signatures of network traffic associated with malware or other malicious activity can be used to detect the same activity across multiple systems.
- DNS requests: Anomalies or suspicious DNS requests can indicate the presence of malware or other malicious activity on a network.