IOCs – Gotta Catch ‘Em All?
What is an IOC? Indicators of Compromise, shortened to IOCs, are relatively varied, but generally constitute the URLs, domain names, and IP hashes (MD5, SHA256, SSDEEP) that are associated with a particular malware sample. When we analyse malware, we ‘extract’ the IOCs. In doing so, we want to establish what domains or IPs the malware …