IOK(Indicator Of Kit)是一个开源的钓鱼威胁行为者工具和战术的规则集。
作者:Sec-Labs | 发布时间:
网络钓鱼站点技术、工具包和威胁参与者的开源检测规则 🕵️
- 简单: 基于 Sigma ,一种简单的检测规则语言 🚀
- 丰富的元数据: 规则具有描述、标签和指向博客文章或相关规则的链接。
用例:
📝 创建指标
IOK指标是用Sigma编写的
| Field name | Type | Description |
|---|---|---|
| html | string | The contents of the page HTML (as returned by the server) |
| js | []string | Contents of JavaScript from the page (includes inline scripts as well as scripts loaded externally) |
| css | []string | Contents of CSS from the page (includes inline stylesheets as well as externally loaded stylesheets) |
| cookies | []string | Cookies from the page. Each is in the form cookieName=value |
| headers | []string | Headers sent by the server. Each is in the form Header-Name: value |
| requests | []string | URLs of requests made by the page (and assets loaded by the page) |
我们一直在寻求贡献--网络钓鱼工具包和技术远比一个团队所能分析的要多得多!
要贡献一个新的规则
- 试着确保它不存在
- 打开一个PULL请求,在指标/文件夹中添加你的新文件
- 我们会审查并合并你的请求
- 它将在phish.report/IOK上发布。
项目地址
标签:工具分享, 规则集