IOC Search Collector (Redline)

What is the actual filename of the Keylogger?

Answer: psylog.exe

What filename is the file masquerading as?

Get the info from the file with the most hits.

Answer: THM1768.exe

Who is the owner of the file?

Answer: WIN-2DET5DP0NPT\charles

What is the file size in bytes?

Answer: 35400

Provide the full path of where the .ioc file was placed after the Redline analysis, include the .ioc filename as well

Analysis report pane:

Answer: C:\Users\charles\Desktop\Keylogger-IOCSearch\IOCs\keylogger.ioc

Resources

• IOC Editor User Guide