Closed kienmarkdo closed 6 months ago
Domain regex: r"\b(?:a-zA-Z0-9?.)+[a-zA-Z]{2,}(?<!.)\b" Thinks "and.And" is a valid domain name.
IPv4 regex: r"\b(?:\d{1,3}.){3}\d{1,3}\b" Does not think "118.99.81.204118.99.81.204" or "Transparent212.119.97.198" contain IPv4 addresses.
Analyze each collected message and add it to an IOC table in a SQLite3 database if an IOC is present.
IOCs include:
Sqlite3 table diagram
Use Regex to identify these. Hashes are fixed in length.
Use case: