Threat Intelligence Questions
The key indicators of compromise (IOCs) used in threat intelligence include:
1. IP addresses: Suspicious or known malicious IP addresses that are associated with cyber attacks or malicious activities.
2. Domain names: Suspicious or known malicious domain names that are used for hosting malicious content or conducting phishing campaigns.
3. File hashes: Unique identifiers generated by cryptographic algorithms to verify the integrity and authenticity of files. Malicious files often have known hashes that can be used to identify them.
4. URLs: Suspicious or known malicious URLs that are used in phishing emails, malicious advertisements, or as part of a malware distribution campaign.
5. Email addresses: Suspicious or known malicious email addresses that are used for phishing, spamming, or delivering malware payloads.
6. File names: Suspicious or known malicious file names that are commonly associated with malware or malicious activities.
7. Registry keys: Suspicious or known malicious registry keys that are used by malware to persistently maintain their presence on a compromised system.
8. Behavioral patterns: Anomalous or suspicious behaviors exhibited by systems or users that may indicate a compromise, such as unusual network traffic, unauthorized access attempts, or abnormal system activities.
9. Signature patterns: Specific patterns or sequences of code that are unique to a particular malware or threat actor, which can be used to identify and detect their presence.
10. Indicators of compromise can also include information related to tactics, techniques, and procedures (TTPs) used by threat actors, such as specific malware families, exploit kits, or command and control infrastructure.