Please post Redline compatible IOCs

mandiant / sunburst_countermeasures

BSD 2-Clause "Simplified" License

560 stars 199 forks source link

Please post Redline compatible IOCs #4

Open DARTHRATER opened 3 years ago

DARTHRATER commented 3 years ago

From Redline Support: The IOCs that you downloaded from FireEye's GitHub site is OpenIOC version 1.1. Redline currently only supports the OpenIOC version 1.0 standard.

OpenIOC 3.2.0 supports OpenIOC version 1.1 format, so that is why you were able to open then in that program.

OpenIOC 1.1 standard is not backward-compatible with 1.0.

briandanimal commented 3 years ago

...wondering if there is an update on this. Importing "SUNBURST COMPROMISE INDICATORS.ioc" into Redline gets, "...is either not an IOC file, or it is malformed".

Just updated to Redline 2.0.0 (2.0.100.0), still no luck...