A: Targeted, Coordinated, Purposeful P: Month after Month, Year after Year T: Person(s) with Intent, Opportunity, and Capability
These are forensic artifacts of an intrusion that can be identified on a host or network. Type of IOCs
Atomic
Computed
Behavioral
Some key of IOCs to monitor:
Unusual outbound Network Traffic
Anomalies in Privileged user account activity
Geographical Irregularities
Other Log-in red flags
Swells in Database read volume
HTML response size
Large numbers of requests for the same file
Mismatched Port-application traffic
Suspicious registry or system file changes
DNS request anomalies
Last updated 5 years ago
