Indicators of Compromise (IoCs) lists the actionable artifacts collected during analysis that can be used by analysts in order to identify current infections and defend against future ones.
Network IoCs
Network indicators are composed of IPs, domains and URLs collected during the analysis from multiple different sources. These include addresses that were contacted during dynamic execution and addresses that were extracted from an embedded malware configuration.
Notable columns:
- Source Type - specifies where each indicator was retrieved from.
- Classification - The verdict and, if relevant, the malware family known to be associated with this address.
Files IoCs
File indicators are SHA256 hashes of files collected during the analysis from various sources such as static unpacking and collected dropped files. The classification shown is the one that was assigned to each file from genetic analysis.
