0PricingLogin
Cyber Security Academy · Lesson

Behavioral IOCs: Registry, Network, and File Artifacts

Identify indicators of compromise from malware behavior and write threat intelligence reports.

What Are IOCs?

Indicators of Compromise (IOCs) are forensic artifacts that indicate a system has been compromised. They include file hashes, IP addresses, domain names, registry keys, mutexes, and behavioral patterns that appear in threat intelligence sharing.

File-Based IOCs

File IOCs include MD5/SHA-256 hashes of malware, dropped file paths and names, and file content signatures (YARA rules). Hash-based IOCs are brittle — recompiling changes hashes — so focus on behavioral and fuzzy hashes too.

All lessons in this course

  1. Static Analysis: Strings, Hashes, and PE Headers
  2. Dynamic Analysis in a Sandbox
  3. Behavioral IOCs: Registry, Network, and File Artifacts
  4. YARA Rules for Malware Detection
← Back to Cyber Security Academy