Skip to content
MalwareWiki

Glossary

IOC (Indicator of Compromise)

A forensic artifact — a hash, domain, IP, or behavior — that signals a system may be compromised by a specific threat.

An Indicator of Compromise is a piece of evidence that a host or network has been breached. Common IOCs include file hashes (MD5/SHA-256), malicious domains and IP addresses, registry keys, mutexes, and YARA signatures.

IOCs are how defenders hunt for and block known malware. Every family page on Malware Wiki lists current IOCs in its fact sheet, with YARA rules linked from the cyber-courses/yara-rules repository.