Indicators of Compromise (IOCs), what are they?

Indicators of compromise (IOCs) are pieces of information that suggest a cyberthreat may have gained access to it. After a data breach or other security breach, they offer cybersecurity experts vital information.

In other terms, IOCs are pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.

Information security and IT workers use indicators of compromise to find malware infections, data breaches, and other threat behaviour. Organizations can detect attacks and take swift action to stop breaches from happening or minimise damages by halting assaults in their early phases by keeping an eye out for symptoms of compromise.

ok! to get a better understanding of Indicators of compromise, let's look into some IOCs found during a recent Qbot phishing scam.

NOTE: Phishing is the term used to describe a is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information such as credit card numbers, bank information, or passwords on websites that pretend to be legitimate.

As you can see there are many indicators found during this Qbot phishing scam.

NOTE:  Qbot is a banking malware, and is known for collecting browsing data and stealing banking credentials and other financial information from victims.

These indicators found during Qbot phishing scam are "Domain" type, there are several types of Indicators of compromise.

Let's discuss them next time.