IoC (Indicator of Compromise) = evidence after compromise (malware hash, C2 IP, registry key).
IoA (Indicator of Attack) = behavioral indicators during an attack (unusual process behavior, new scheduled task).
IoAs enable real-time detection during the attack. IoCs are useful for hunting and retrospective analysis. IoAs focus on behaviors (harder to change) while IoCs focus on artifacts (easy to change). Both are needed.