sunburst_countermeasures icon indicating copy to clipboard operation
sunburst_countermeasures copied to clipboard
verified publisher icon mandiant

Please post Redline compatible IOCs

Open DARTHRATER opened this issue 5 years ago • 1 comments

From Redline Support: The IOCs that you downloaded from FireEye's GitHub site is OpenIOC version 1.1. Redline currently only supports the OpenIOC version 1.0 standard.

OpenIOC 3.2.0 supports OpenIOC version 1.1 format, so that is why you were able to open then in that program.

OpenIOC 1.1 standard is not backward-compatible with 1.0.

DARTHRATER avatar Dec 15 '20 14:12 DARTHRATER

...wondering if there is an update on this. Importing "SUNBURST COMPROMISE INDICATORS.ioc" into Redline gets, "...is either not an IOC file, or it is malformed".

Just updated to Redline 2.0.0 (2.0.100.0), still no luck...

briandanimal avatar Dec 22 '20 19:12 briandanimal