Indicator Of Kit

Logo for the IOK project

Open source detection rules for phishing site techniques, kits, and threat actors 🕵️

  • Simple: based on Sigma, a simple detection rules language 🚀
  • Rich metadata: rules have descriptions, tags, and links to blog posts or related rules.

Use cases:

title: Fake Chrome error page
description: |
    The Chrome error page HTML is built into the browser: you should never see it in the response from a
    This is a clear sign that the site is employing cloaking/anti-analysis techniques.

            - '<body id="t" class="neterror" style="font-family: '
            - '<div id="main-frame-error" class="interstitial-wrapper" jstcache="0">'
    condition: chromeHTMLFragments

Analyse a result

Recent matches