Indicators of Compromise

An Indicator of Compromise (IOC) is a piece of evidence that indicates that a system or network may have been breached or compromised.

Some examples of IOCs are:

  • File names or hashes
  • IP addresses
  • Domain names / URLs
  • Registry keys
  • Event log entries

IOCs also serve as actionable threat intelligence items that can be shared with the broader community and help others improve their incident detection, response and remediation strategies.

It is a common and best practice to disarm or defang IOCs before sharing them with others to prevent users from accidentally clicking on links and therefore interacting with potenitally malicious websites and resources. Read more about defanging on this page.

defang.me has been developed to make defanging IOCs easy.

Open IOC defang tool




defang[.]me

Copyright © 2025 · All Rights Reserved