Indicator Of Kit

Logo for the IOK project

Open source detection rules for phishing site techniques, kits, and threat actors 🕵️

  • Simple: based on Sigma, a simple detection rules language 🚀
  • Rich metadata: rules have descriptions, tags, and links to blog posts or related rules.

Use cases:

title: Fake Chrome error page
description: |
    The Chrome error page HTML is built into the browser: you should never see it in the response from a
    website.
    This is a clear sign that the site is employing cloaking/anti-analysis techniques.
references:
    - https://twitter.com/phish_report/status/1537825544343011328

detection:
    chromeHTMLFragments:
        html|contains|all:
            - '<body id="t" class="neterror" style="font-family: '
            - '<div id="main-frame-error" class="interstitial-wrapper" jstcache="0">'
    condition: chromeHTMLFragments

Analyse a urlscan.io result

Recent matches