OpenIOC

Hey folks -- weird issue with google apps -- the group has several pending messages, but they won

Hi everyone, Been spending a few days on this problem and thought this group might be able to give

Try this one https://www.iocbucket.com Cheers Tom @c_APT_ure Sent from a spam-bot trojan rootkit on

Two things popped up recently online: SANS ISC now supports OpenIOC in their RESTful API: https://isc

We have forked this and have it available on iocbucket.com as well. On Friday, June 6, 2014 8:16:18

Hey folks, sorry I have been so delinquent in moderation duties. I've just added a bunch of folks

weird -- apparently Nate's response got caught in a spam trap. just cleaning out entries and

No problem. I was looking at building a whitelist of sorts for core windows processes. For example...

Hey all, These have been a little slower coming out than we had planned, but we are up to three in

i was also part of that discussion. the team i'm in is all linux or osx which has generally

My apologies Doug on this request. I am at a dead end and hence though i may find a way out. Please

This one's a little more timely.

Just a few months late.

So, as the day gets closer -- is anyone going to BE at Black Hat? Info on Will's Arsenal

Just finished this TA to get IOC data into splunk. http://splunk-base.splunk.com/apps/85151/ta-

Fixed and sanitized the links in the first section (obviously the links in the ioc file are still

You will need to change the MD5 to 91B64502A89D6C47D1ADBDE3EBBF2532 not "

I couldn't get the attachment to work, but I'll try again next time I have something to post.

A colleague of mine created a perl script that uses the Splunk API script to search for OpenIOCs in

It's never a bad idea to look in process memory - ProcessItem ProcessPort RemoteIP can be

Thanks! <1. if the attacker compromises your agent or is able to mimic..> True that; it's a

This is a great thread. Validating IOCs can be rather tricky as the format is intentional very

well there's already https://www.hashdays.ch/ from decon chapter switzerland which is pretty cool

I think it's a valid point to raise. It's definitely been raised before outside of this group

Excellent. See you then! Brad On Tue, Jul 17, 2012 at 1:23 PM, Douglas Wilson <douglas.wilson@

Hey folks, Just a head's up that I'm going to be participating in an upcoming webinar that

Hey folks, sorry that it's been so quite over here -- the OpenIOC team has been head down on a

Hi everyone! I'd like to announce the creation of ioc.forensicartifacts.com. The site has now

For those who may be interested, Ryan Kazanciyan expands on his blog post from last week, stepping

Don't hold me to this, but currently the list I'm looking at includes: AV Oval Vulnerability