IOC Sample for Monitoring IOCs

The following IOC sample searches for a malware.exe file that connects to an IP address.

<?xml version="1.0" encoding="us-ascii"?>
<ioc>
  <rule_name>CompanyPolicy_1</rule_name>
  <rule_type>KnownThreat</rule_type>
  <rule_description>malware.exe connect ip</rule_description>
  <last_modified_time>2016-02-22T14:32:02</last_modified_time>
  <rule_category></rule_category>
  <author_name>TM_Tester</author_name>
  <source>TMES</source>
  <internalnote>malware.exe connect ip</internalnote>
  <definition>
    <Indicator operator="AND" type="knownthreat">
      <Indicator operator="AND">
        <IndicatorItem condition="is">
          <Context document="FileItem" 
              search="FileItem/FileName"/>
          <Content type="string">malware.exe</Content>
        </IndicatorItem>
        <IndicatorItem condition="is">
          <Context document="FileItem" 
              search="FileItem/Fileextension "/>
          <Content type="string">exe</Content>
        </IndicatorItem>
      </Indicator>
      <Indicator operator="AND">
        <IndicatorItem condition="is">
          <Context document="DnsEntryItem" 
              search="DnsEntryItem/Host" type="mir" />
          <Content type="string">54.209.221.129</Content>
        </IndicatorItem>
      </Indicator>
    </Indicator>
  </definition>
</ioc>