Indicators of Compromise (IoC)
Forensic artifacts that indicate a system may have been breached or is actively under attack.
Full Definition
Indicators of Compromise (IoCs) are pieces of forensic data — artifacts found on networks, systems, or in logs — that indicate a potential intrusion or that malicious activity has occurred. They serve as "breadcrumbs" that security teams use to detect, investigate, and respond to incidents.\n\nCommon IoCs include known malicious IP addresses and domains, file hashes of malware samples, suspicious registry keys, unusual network traffic patterns, and specific strings in log files. More advanced Indicators of Attack (IoAs) focus on attacker behavior patterns rather than static artifacts, making them more resilient to obfuscation.\n\nThreat intelligence platforms aggregate and share IoCs across organizations and industries, enabling rapid dissemination of attack signatures. However, IoCs have a limited shelf life — sophisticated attackers regularly rotate infrastructure and recompile malware to avoid detection based on static indicators.
Related Terms
Threat Intelligence
Evidence-based knowledge about existing or emerging threats that informs security decisions.
Threat IntelligenceThreat Hunting
Proactive, human-led search for threats that have evaded automated detection within an environment.
Defensive SecurityMalware
Any software intentionally designed to cause harm, disrupt, or gain unauthorized access to systems.
Malware & InfrastructureSIEM (Security Information and Event Management)
A platform that aggregates and correlates security event logs to detect threats and support incident response.
Defensive SecurityMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.