Skip to main content

IOC Lookup

IOC Lookup enables on-demand enrichment of any Indicator of Compromise — providing full threat context, risk scoring, threat actor attribution, MITRE ATT&CK TTPs, and targeting data for a single indicator in seconds.

Accessing IOC Lookup

From the left navigation menu, click Hunting → IOC Lookup.

Supported Indicator Types

TypeExamples
IPv4 / IPv6203.0.113.45, 2001:db8::1
Domainmalicious-domain.net
URLhttp://example.com/payload.exe
File Hash (MD5)d41d8cd98f00b204e9800998ecf8427e
File Hash (SHA-1)da39a3ee5e6b4b0d3255bfef95601890afd80709
File Hash (SHA-256)e3b0c44298fc1c149afbf4c8996fb924...

How to Use

  1. Enter the indicator value in the search field
  2. Click Look Up
  3. Results are returned within seconds, powered by the ThreatBolt intelligence engine

Enrichment Results

Each lookup returns a full enrichment summary:

IOC Summary

  • Type — What kind of indicator it is
  • Value — The indicator value
  • Location — Geolocation (for IPs)
  • Recent reference time — When it was last seen in threat intelligence sources

Threat Intelligence Context

  • Threat actor / malware / campaign — What is associated with this indicator
  • Category — Whether it is attributed to a threat actor, malware family, campaign, or attack method
  • Risk score — CyberXTron risk score (0–100)
  • Risk level — Low, Medium, High, or Critical

Attack Context

  • MITRE ATT&CK TTPs — Techniques and sub-techniques observed with this indicator
  • Threat capabilities — What the actor or malware can do
  • Intent — Espionage, financial crime, disruption, etc.

Impact Assessment

  • Confidentiality, integrity, availability, reputational, and financial impact ratings

Targeting

  • Target countries — Geographies this threat has targeted
  • Target industries — Sectors this threat has targeted
  • Target vulnerabilities — CVEs associated with this threat

Whitelist Flag

If an indicator is returned with is_whitelisted: true, CyberXTron has determined it is benign. Do not block or remediate whitelisted indicators.

Analysis Status

Some newly submitted indicators may show analysis_status: inprogress. This means enrichment is still being processed — re-query in a few minutes for the full result.

API Access

IOC enrichment is also available via the ThreatBolt REST API:

Enrichment API Reference