1 Reply Latest reply: Oct 4, 2012 2:20 AM by mrwh1t3 RSS

    Indicators of Compromise (IOC)

    mrwh1t3

      For those of you that are aware of Open Indicators of Compromise (OpenIOC) might be able to answer this.

       

      I was wondering if you have done any experiments replicating the IOC framework within custom HIPS signatures, or whether it's even possible to get the same level of detail that the OpenIOC provides.

       

      I've included an example screen shot of how you configure it within OpenIOC to spot a Zeus infection. Any suggestions on writing rules like this in HIPS would be most welcome.

       

      I also added one from STUXNET (top one).

       

      www.openioc.org

       

      Thanks

       

      Message was edited by: mrwh1t3 on 10/3/12 8:57:33 PM CDT