Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1037 Views 1 Reply Latest reply: Oct 4, 2012 2:20 AM by mrwh1t3 RSS
mrwh1t3 Newcomer 15 posts since
Jul 13, 2012
Currently Being Moderated

Oct 3, 2012 8:57 PM

Indicators of Compromise (IOC)

For those of you that are aware of Open Indicators of Compromise (OpenIOC) might be able to answer this.

 

I was wondering if you have done any experiments replicating the IOC framework within custom HIPS signatures, or whether it's even possible to get the same level of detail that the OpenIOC provides.

 

I've included an example screen shot of how you configure it within OpenIOC to spot a Zeus infection. Any suggestions on writing rules like this in HIPS would be most welcome.

 

I also added one from STUXNET (top one).

 

www.openioc.org

 

Thanks

 

Message was edited by: mrwh1t3 on 10/3/12 8:57:33 PM CDT
Attachments:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points