IOC Extractor

IOCs are digital artifacts that indicate a potential security breach. They include IP addresses of command-and-control servers, malicious domain names, URLs pointing to exploit kits, file hashes of malware samples, and email addresses used in phishing campaigns. IOCs are the foundation of threat intelligence sharing and detection engineering.

Defanging is a security practice that modifies IOCs to prevent accidental clicks or connections. Common defang patterns include replacing http with hxxp, dots with [.], and @ with [at]. This tool's "Auto-refang" option reverses defanging to recover the original IOC values.

After extracting IOCs, you can: search them on mlab.sh for enrichment and reputation data, import them into your SIEM for detection rules, add them to blocklists in your firewall or proxy, create YARA rules using file hashes, and share them with your team or ISACs using STIX/TAXII formats.