Mandiant® - Detect. Respond. Contain.

Need Immediate Assistance? Click here.

Software Downloads

IOC Finder

Find the Presence of IOCs
Mandiant’s IOC Finder is a free tool for collecting host system data and reporting the presence of Indicators of Compromise (IOCs). IOCs are open-standard XML documents that help incident responders capture diverse information about threats. Mandiant’s IOC Finder supports:
- Collection of full data, sufficient for general IOC matching requirements.
- Using a portable storage device allows collection from multiple hosts.
- IOC hit reporting in simple text, full HTML, and full MS Word XML formats.
- Reports can be generated for specific hosts or all hosts.
Want more information about Mandiant’s IOC Finder? Check out our User Forums.

Current Version: IOC Finder 1.0
Release Date: October 31, 2011

Supported Operating Systems: Windows XP, Windows Vista, Windows 7 (32-bit and 64-bit)

File Size: 5,148 KB

Integrity Hashes:

ZIP
  MD5: 6e98951d6604ff8f0e9141e393dce57e
  SHA-1: FF519378B262170AB62153C13E3BA6C46980893B

Extracted (x64)
  MD5: 7FDE1CA2F77A0361A15875A06A7C9E17
  SHA-1: 520B901184AF0185AC739EF9735D785D5DECE024

Extracted (x86)
  MD5: 664F3886BBF1FA6EE432A112F8DB86FE
  SHA-1: 11826AC848F45E2F9CFD2706515CDD62A2F64B3C

User Guide: MANDIANT IOC Finder

Download IOC Finder

Community Resources
M-Unition™ Blog

Seven Tips for Digital Security Overseas

People often ask for tips on staying safe in cyberspace while traveling in “real” space. It’s odd to think that our physical location affects our digital lives, but various state and non-state threat actors can have a real impact on digital security during business trips or vacations. Read the rest