RubyIOC 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,51 @@
1
+ <?xml version="1.0" encoding="us-ascii"?>
2
+ <ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="9cbcf8e7-eded-4804-8bfe-51b8af0a4657" last-modified="2013-08-04T03:43:14" xmlns="http://schemas.mandiant.com/2010/ioc">
3
+ <short_description>*PortItem Entry Test IOC*</short_description>
4
+ <authored_by>IOCAware</authored_by>
5
+ <authored_date>2013-08-02T04:10:39</authored_date>
6
+ <links />
7
+ <definition>
8
+ <Indicator operator="OR" id="6d0f71b6-bff6-4870-8762-5f355df147e9">
9
+ <IndicatorItem id="f9a767af-82ee-440c-a7f5-c28665d0a1c6" condition="is">
10
+ <Context document="PortItem" search="PortItem/CreationTime" type="mir" />
11
+ <Content type="date" />
12
+ </IndicatorItem>
13
+ <IndicatorItem id="90d19f3b-c144-4772-ac2d-9467e1176d85" condition="contains">
14
+ <Context document="PortItem" search="PortItem/localIP" type="mir" />
15
+ <Content type="string">0.0.0.0</Content>
16
+ </IndicatorItem>
17
+ <IndicatorItem id="7d7257a7-357e-4093-9310-995b7850525a" condition="is">
18
+ <Context document="PortItem" search="PortItem/localPort" type="mir" />
19
+ <Content type="int">2968</Content>
20
+ </IndicatorItem>
21
+ <IndicatorItem id="6e0d0aa9-3181-4d03-901f-b777b0c96ed3" condition="contains">
22
+ <Context document="PortItem" search="PortItem/path" type="mir" />
23
+ <Content type="string" />
24
+ </IndicatorItem>
25
+ <IndicatorItem id="16aec65b-30f5-4504-8b4a-d7edd6d04725" condition="is">
26
+ <Context document="PortItem" search="PortItem/pid" type="mir" />
27
+ <Content type="int">584460</Content>
28
+ </IndicatorItem>
29
+ <IndicatorItem id="5cb46c09-10f5-4456-826a-1edb1fc78173" condition="contains">
30
+ <Context document="PortItem" search="PortItem/process" type="mir" />
31
+ <Content type="string">EEventManager.exe</Content>
32
+ </IndicatorItem>
33
+ <IndicatorItem id="d4f3b040-ea8d-460a-9c95-fc2a0966e060" condition="contains">
34
+ <Context document="PortItem" search="PortItem/protocol" type="mir" />
35
+ <Content type="string">TCP</Content>
36
+ </IndicatorItem>
37
+ <IndicatorItem id="6331786b-a690-41df-aea4-61071945b10d" condition="contains">
38
+ <Context document="PortItem" search="PortItem/remoteIP" type="mir" />
39
+ <Content type="IP">0.0.0.0</Content>
40
+ </IndicatorItem>
41
+ <IndicatorItem id="de2df8fd-ed8d-4c04-8f83-b3a907866d1d" condition="is">
42
+ <Context document="PortItem" search="PortItem/remotePort" type="mir" />
43
+ <Content type="int">0</Content>
44
+ </IndicatorItem>
45
+ <IndicatorItem id="de709789-31bd-4ff1-899e-11e16ae8cb55" condition="contains">
46
+ <Context document="PortItem" search="PortItem/state" type="mir" />
47
+ <Content type="string">LISTENING</Content>
48
+ </IndicatorItem>
49
+ </Indicator>
50
+ </definition>
51
+ </ioc>
data/test/test_scan.rb CHANGED
@@ -3,14 +3,39 @@ require "RubyIOC"
3
3
 
4
4
  class TestScan < Test::Unit::TestCase
5
5
  def test_scan
6
- # find_windows_ioc = File.expand_path(File.dirname(__FILE__)) + "/find_windows.ioc"
7
- # test_user_item = File.expand_path(File.dirname(__FILE__)) + "/test_user_item.ioc"
8
- #RubyIOC::Scanner.new(File.read(test_user_item)).scan
9
- # puts RubyIOC::Scanner.new(File.read(test_user_item)).scan
6
+ find_windows_ioc = File.expand_path(File.dirname(__FILE__)) + "/find_windows.ioc"
7
+ test_user_item = File.expand_path(File.dirname(__FILE__)) + "/test_user_item.ioc"
8
+ RubyIOC::Scanner.new(File.read(test_user_item)).scan
9
+ #puts RubyIOC::Scanner.new(File.read(test_user_item)).scan
10
10
  end
11
11
 
12
12
  def test_dns_scan
13
13
  dns_test_ioc = File.expand_path(File.dirname(__FILE__)) + "/test_dns_entry_item.ioc"
14
14
  RubyIOC::Scanner.new(File.read(dns_test_ioc)).scan
15
15
  end
16
+
17
+ def test_arp_scan
18
+ arp_test_ioc = File.expand_path(File.dirname(__FILE__)) + "/test_arp_entry_item.ioc"
19
+ RubyIOC::Scanner.new(File.read(arp_test_ioc)).scan
20
+ end
21
+
22
+ def test_event_log
23
+ event_log_test_ioc = File.expand_path(File.dirname(__FILE__)) + "/test_event_log_item.ioc"
24
+ RubyIOC::Scanner.new(File.read(event_log_test_ioc)).scan
25
+ end
26
+
27
+ def test_port_item
28
+ port_item_test_ioc = File.expand_path(File.dirname(__FILE__)) + "/test_port_item.ioc"
29
+ RubyIOC::Scanner.new(File.read(port_item_test_ioc)).scan
30
+ end
31
+
32
+ def test_volume_item
33
+ volume_item_test_ioc = File.expand_path(File.dirname(__FILE__)) + "/test_volume_item.ioc"
34
+ RubyIOC::Scanner.new(File.read(volume_item_test_ioc)).scan
35
+ end
36
+
37
+ def test_service_item
38
+ service_item_test_ioc = File.expand_path(File.dirname(__FILE__)) + "/test_service_item.ioc"
39
+ RubyIOC::Scanner.new(File.read(service_item_test_ioc)).scan
40
+ end
16
41
  end
@@ -0,0 +1,143 @@
1
+ <?xml version="1.0" encoding="us-ascii"?>
2
+ <ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="44cd6057-0313-4d10-9d4e-ea457de93964" last-modified="2013-08-09T19:04:15" xmlns="http://schemas.mandiant.com/2010/ioc">
3
+ <short_description>*Service Entry Test IOC*</short_description>
4
+ <authored_by>IOCAware</authored_by>
5
+ <authored_date>2013-08-07T18:05:53</authored_date>
6
+ <links />
7
+ <definition>
8
+ <Indicator operator="OR" id="e3aa1508-a120-46bb-a015-966d2f7f53a7">
9
+ <IndicatorItem id="046c285e-f929-49f9-9a5e-cc0ee7d3deb0" condition="contains">
10
+ <Context document="ServiceItem" search="ServiceItem/arguments" type="mir" />
11
+ <Content type="string">/Embedding</Content>
12
+ </IndicatorItem>
13
+ <IndicatorItem id="7d8e279e-bac1-4bcd-951b-52deadc42af4" condition="contains">
14
+ <Context document="ServiceItem" search="ServiceItem/description" type="mir" />
15
+ <Content type="string">Provides content indexing</Content>
16
+ </IndicatorItem>
17
+ <IndicatorItem id="5abb6bf1-4fe1-4ae5-b94c-bb7309100d29" condition="is">
18
+ <Context document="ServiceItem" search="ServiceItem/descriptiveName" type="mir" />
19
+ <Content type="string">Windows Search</Content>
20
+ </IndicatorItem>
21
+ <IndicatorItem id="3a351f3d-71a7-4b98-8741-8dfe7bcabec6" condition="contains">
22
+ <Context document="ServiceItem" search="ServiceItem/serviceDLL" type="mir" />
23
+ <Content type="string" />
24
+ </IndicatorItem>
25
+ <IndicatorItem id="ae6dd1b2-c84c-49bd-bd36-aead64262d68" condition="contains">
26
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLCertificateIssuer" type="mir" />
27
+ <Content type="string" />
28
+ </IndicatorItem>
29
+ <IndicatorItem id="57758373-6472-4f9e-b1b6-43fbb04694a9" condition="contains">
30
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLCertificateSubject" type="mir" />
31
+ <Content type="string" />
32
+ </IndicatorItem>
33
+ <IndicatorItem id="96238371-c135-4876-a87e-3385c69c48a6" condition="is">
34
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLmd5sum" type="mir" />
35
+ <Content type="md5" />
36
+ </IndicatorItem>
37
+ <IndicatorItem id="0e672a9f-165b-4b23-b29e-8913d366fa26" condition="is">
38
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLsha1sum" type="mir" />
39
+ <Content type="string" />
40
+ </IndicatorItem>
41
+ <IndicatorItem id="0cb68a9c-2cd9-4af5-83f7-acae52291970" condition="is">
42
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLsha256sum" type="mir" />
43
+ <Content type="string" />
44
+ </IndicatorItem>
45
+ <IndicatorItem id="6f8cfb60-a6e2-4cc6-8612-2143b3ac4017" condition="contains">
46
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLSignatureDescription" type="mir" />
47
+ <Content type="string" />
48
+ </IndicatorItem>
49
+ <IndicatorItem id="bc465ae2-44a2-4e15-98b2-35757575840d" condition="is">
50
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLSignatureVerified" type="mir" />
51
+ <Content type="string" />
52
+ </IndicatorItem>
53
+ <IndicatorItem id="be4e9539-1384-472a-a824-3a2af54ef59a" condition="is">
54
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLSignatureExists" type="mir" />
55
+ <Content type="string" />
56
+ </IndicatorItem>
57
+ <IndicatorItem id="1c992a6c-07ba-4115-8331-c35a132b697b" condition="is">
58
+ <Context document="ServiceItem" search="ServiceItem/mode" type="mir" />
59
+ <Content type="string">SERVICE_AUTO_START</Content>
60
+ </IndicatorItem>
61
+ <IndicatorItem id="4d0478bd-71a2-484e-83df-cacda3a3ffc6" condition="is">
62
+ <Context document="ServiceItem" search="ServiceItem/name" type="mir" />
63
+ <Content type="string">WSearch</Content>
64
+ </IndicatorItem>
65
+ <IndicatorItem id="95bc9446-cc36-4600-ae30-94d951173cd4" condition="contains">
66
+ <Context document="ServiceItem" search="ServiceItem/path" type="mir" />
67
+ <Content type="string">C:\Windows\system32\SearchIndexer.exe</Content>
68
+ </IndicatorItem>
69
+ <IndicatorItem id="19af4a09-08da-45a0-93db-1533e3c6401f" condition="contains">
70
+ <Context document="ServiceItem" search="ServiceItem/pathCertificateIssuer" type="mir" />
71
+ <Content type="string" />
72
+ </IndicatorItem>
73
+ <IndicatorItem id="4fa46f05-4f61-40cd-b934-c78964089a1d" condition="contains">
74
+ <Context document="ServiceItem" search="ServiceItem/pathCertificateSubject" type="mir" />
75
+ <Content type="string" />
76
+ </IndicatorItem>
77
+ <IndicatorItem id="fe82a84e-527c-4ed4-a28a-503ed354a10a" condition="is">
78
+ <Context document="ServiceItem" search="ServiceItem/pathmd5sum" type="mir" />
79
+ <Content type="md5" />
80
+ </IndicatorItem>
81
+ <IndicatorItem id="4e7af7d7-85e7-4fce-afe4-e9643a0fcafd" condition="is">
82
+ <Context document="ServiceItem" search="ServiceItem/pathsha1sum" type="mir" />
83
+ <Content type="string" />
84
+ </IndicatorItem>
85
+ <IndicatorItem id="392d1680-61af-428b-99b6-ca457d25eb92" condition="is">
86
+ <Context document="ServiceItem" search="ServiceItem/pathsha256sum" type="mir" />
87
+ <Content type="string" />
88
+ </IndicatorItem>
89
+ <IndicatorItem id="91496c5a-2d5d-46a7-ba29-252ed6d593f2" condition="contains">
90
+ <Context document="ServiceItem" search="ServiceItem/pathSignatureDescription" type="mir" />
91
+ <Content type="string" />
92
+ </IndicatorItem>
93
+ <IndicatorItem id="fe3d3a16-8ac5-4a80-9ecc-5a0f922e60a4" condition="is">
94
+ <Context document="ServiceItem" search="ServiceItem/pathSignatureExists" type="mir" />
95
+ <Content type="string" />
96
+ </IndicatorItem>
97
+ <IndicatorItem id="9e46d045-6336-4950-b742-8904ec37e44b" condition="is">
98
+ <Context document="ServiceItem" search="ServiceItem/pathSignatureVerified" type="mir" />
99
+ <Content type="string" />
100
+ </IndicatorItem>
101
+ <IndicatorItem id="1b5e0645-dc77-4c00-8f2a-6bafb44eab73" condition="is">
102
+ <Context document="ServiceItem" search="ServiceItem/pid" type="mir" />
103
+ <Content type="int">3656</Content>
104
+ </IndicatorItem>
105
+ <IndicatorItem id="44766230-8c7c-47c0-89f8-aca65b74983c" condition="is">
106
+ <Context document="ServiceItem" search="ServiceItem/startedAs" type="mir" />
107
+ <Content type="string">LocalSystem</Content>
108
+ </IndicatorItem>
109
+ <IndicatorItem id="09b027f9-5d61-4ea0-b7ba-bf0a63b5ac26" condition="is">
110
+ <Context document="ServiceItem" search="ServiceItem/status" type="mir" />
111
+ <Content type="string">SERVICE_RUNNING</Content>
112
+ </IndicatorItem>
113
+ <IndicatorItem id="d8ac4411-a8c9-4808-965e-1436ec9ebc28" condition="is">
114
+ <Context document="ServiceItem" search="ServiceItem/type" type="mir" />
115
+ <Content type="string">SERVICE_WIN32_OWN_PROCESS</Content>
116
+ </IndicatorItem>
117
+ <IndicatorItem id="f46a073c-2e04-4772-8dab-6cdd21bc5511" condition="is">
118
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLMd54Ksum" type="network" />
119
+ <Content type="md5" />
120
+ </IndicatorItem>
121
+ <IndicatorItem id="cba63714-3fd0-486f-b914-ddbe9a8af57d" condition="contains">
122
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLSha512Sum" type="network" />
123
+ <Content type="string" />
124
+ </IndicatorItem>
125
+ <IndicatorItem id="2bb62d3e-09b9-4676-afa5-a5ef7b81c045" condition="contains">
126
+ <Context document="ServiceItem" search="ServiceItem/serviceDLLSsdeep" type="network" />
127
+ <Content type="string" />
128
+ </IndicatorItem>
129
+ <IndicatorItem id="e5f2e937-347f-4ae7-83a3-3481c92ea90e" condition="is">
130
+ <Context document="ServiceItem" search="ServiceItem/pathMd54ksum" type="network" />
131
+ <Content type="md5" />
132
+ </IndicatorItem>
133
+ <IndicatorItem id="cdece8ce-2857-4a5a-858b-bca46513ef7d" condition="contains">
134
+ <Context document="ServiceItem" search="ServiceItem/pathSha512sum" type="network" />
135
+ <Content type="string" />
136
+ </IndicatorItem>
137
+ <IndicatorItem id="d5ff3870-c0ea-441e-98e5-d4581c5924fd" condition="contains">
138
+ <Context document="ServiceItem" search="ServiceItem/pathSsdeep" type="network" />
139
+ <Content type="string" />
140
+ </IndicatorItem>
141
+ </Indicator>
142
+ </definition>
143
+ </ioc>
@@ -1,28 +1,29 @@
1
1
  <?xml version="1.0" encoding="us-ascii"?>
2
- <ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="efce87c7-f78f-4e32-8f3f-b470d1ec693f" last-modified="2013-01-07T01:29:04" xmlns="http://schemas.mandiant.com/2010/ioc">
3
- <short_description>*New Unsaved Indicator*</short_description>
2
+ <ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="efce87c7-f78f-4e32-8f3f-b470d1ec693f" last-modified="2013-08-04T03:44:46" xmlns="http://schemas.mandiant.com/2010/ioc">
3
+ <short_description>*User Item Test IOC*</short_description>
4
+ <authored_by>IOCAware</authored_by>
4
5
  <authored_date>2013-01-07T01:25:50</authored_date>
5
6
  <links />
6
7
  <definition>
7
8
  <Indicator operator="OR" id="336a594b-3302-4ac8-9512-4f329d660515">
9
+ <IndicatorItem id="1d1ca6f3-6bf9-4c8a-812e-3e9879f5ad29" condition="contains">
10
+ <Context document="UserItem" search="UserItem/username" type="mir" />
11
+ <Content type="string">Guest</Content>
12
+ </IndicatorItem>
8
13
  <Indicator operator="AND" id="336a594b-3302-4ac8-9512-4f329d660515">
9
14
  <IndicatorItem id="1d1ca6f3-6bf9-4c8a-812e-3e9879f5ad29" condition="contains">
10
15
  <Context document="UserItem" search="UserItem/username" type="mir" />
11
16
  <Content type="string">Guest</Content>
12
17
  </IndicatorItem>
13
18
  <IndicatorItem id="1d1ca6f3-6bf9-4c8a-812e-3e9879f5ad29" condition="contains">
14
- <Context document="UserItem" search="UserItem/fullname" type="mir" />
15
- <Content type="string"></Content>
19
+ <Context document="UserItem" search="UserItem/fullname" type="mir" />
20
+ <Content type="string" />
16
21
  </IndicatorItem>
17
22
  <IndicatorItem id="ff27c0d0-08db-4223-afa1-cc6269fb2b25" condition="contains">
18
23
  <Context document="UserItem" search="UserItem/disabled" type="mir" />
19
24
  <Content type="string">true</Content>
20
25
  </IndicatorItem>
21
26
  </Indicator>
22
- <IndicatorItem id="1d1ca6f3-6bf9-4c8a-812e-3e9879f5ad29" condition="contains">
23
- <Context document="UserItem" search="UserItem/username" type="mir" />
24
- <Content type="string">Guest</Content>
25
- </IndicatorItem>
26
27
  </Indicator>
27
28
  </definition>
28
29
  </ioc>
@@ -0,0 +1,63 @@
1
+ <?xml version="1.0" encoding="us-ascii"?>
2
+ <ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="6d598961-1ab6-49db-b230-de5ed2ba42f7" last-modified="2013-08-04T16:11:08" xmlns="http://schemas.mandiant.com/2010/ioc">
3
+ <short_description>*Volume Item Test IOC*</short_description>
4
+ <authored_by>IOCAware</authored_by>
5
+ <authored_date>2013-08-04T04:01:57</authored_date>
6
+ <links />
7
+ <definition>
8
+ <Indicator operator="OR" id="3c503fa2-26d5-4b02-b612-60cf62208fd9">
9
+ <IndicatorItem id="e52f0363-e22b-46df-b724-4dde0c99d2e6" condition="is">
10
+ <Context document="VolumeItem" search="VolumeItem/ActualAvailableAllocationUnits" type="mir" />
11
+ <Content type="int">27948756992</Content>
12
+ </IndicatorItem>
13
+ <IndicatorItem id="52071826-283a-420a-a89b-87d06879740f" condition="is">
14
+ <Context document="VolumeItem" search="VolumeItem/BytesPerSector" type="mir" />
15
+ <Content type="int">4096</Content>
16
+ </IndicatorItem>
17
+ <IndicatorItem id="562b90eb-0642-4c9d-8d89-25f4060c8f79" condition="is">
18
+ <Context document="VolumeItem" search="VolumeItem/CreationTime" type="mir" />
19
+ <Content type="date" />
20
+ </IndicatorItem>
21
+ <IndicatorItem id="22613831-5260-4e5d-96c6-168e416b5e64" condition="contains">
22
+ <Context document="VolumeItem" search="VolumeItem/DevicePath" type="mir" />
23
+ <Content type="string" />
24
+ </IndicatorItem>
25
+ <IndicatorItem id="5218a43b-99ac-476d-9207-612ee7afa179" condition="is">
26
+ <Context document="VolumeItem" search="VolumeItem/DriveLetter" type="mir" />
27
+ <Content type="string">E:</Content>
28
+ </IndicatorItem>
29
+ <IndicatorItem id="2b182820-076d-48a9-85be-0aaec9c42362" condition="contains">
30
+ <Context document="VolumeItem" search="VolumeItem/FileSystemFlags" type="mir" />
31
+ <Content type="string" />
32
+ </IndicatorItem>
33
+ <IndicatorItem id="f27c2ba3-5b79-4ce6-b48c-655b89ea2f17" condition="is">
34
+ <Context document="VolumeItem" search="VolumeItem/FileSystemName" type="mir" />
35
+ <Content type="string">NTFS</Content>
36
+ </IndicatorItem>
37
+ <IndicatorItem id="eb3c817c-9374-4e85-a911-001257f29f00" condition="is">
38
+ <Context document="VolumeItem" search="VolumeItem/IsMounted" type="mir" />
39
+ <Content type="string">true</Content>
40
+ </IndicatorItem>
41
+ <IndicatorItem id="b9b7606e-9c9b-49ba-8105-6f2e1748e4d6" condition="contains">
42
+ <Context document="VolumeItem" search="VolumeItem/Name" type="mir" />
43
+ <Content type="string">Installs</Content>
44
+ </IndicatorItem>
45
+ <IndicatorItem id="635cf2ce-bf20-4198-9007-da73bd899b75" condition="contains">
46
+ <Context document="VolumeItem" search="VolumeItem/SectorsPerAllocationUnit" type="mir" />
47
+ <Content type="string" />
48
+ </IndicatorItem>
49
+ <IndicatorItem id="a7617aee-9e7a-4755-bdc2-05ba4202d6fd" condition="is">
50
+ <Context document="VolumeItem" search="VolumeItem/SerialNumber" type="mir" />
51
+ <Content type="string">2119600036</Content>
52
+ </IndicatorItem>
53
+ <IndicatorItem id="c48ffe07-4570-4899-aa62-e7097256209d" condition="is">
54
+ <Context document="VolumeItem" search="VolumeItem/TotalAllocationUnits" type="mir" />
55
+ <Content type="string">212696297472</Content>
56
+ </IndicatorItem>
57
+ <IndicatorItem id="e58e0fa5-943e-4f28-a22e-20f2c23e2ed4" condition="contains">
58
+ <Context document="VolumeItem" search="VolumeItem/Type" type="mir" />
59
+ <Content type="string">DRIVE_FIXED</Content>
60
+ </IndicatorItem>
61
+ </Indicator>
62
+ </definition>
63
+ </ioc>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: RubyIOC
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-02-12 00:00:00.000000000 Z
12
+ date: 2013-09-15 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: roxml
16
- requirement: &14073948 !ruby/object:Gem::Requirement
16
+ requirement: !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,7 +21,12 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *14073948
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
25
30
  description: RubyIOC is a ruby library used for indicators of compromise
26
31
  email:
27
32
  - mjezorek@gmail.com
@@ -35,6 +40,7 @@ files:
35
40
  - README.md
36
41
  - Rakefile
37
42
  - RubyIOC.gemspec
43
+ - iocaware.iocterms
38
44
  - lib/RubyIOC.rb
39
45
  - lib/RubyIOC/ioc.rb
40
46
  - lib/RubyIOC/iocitem.rb
@@ -71,10 +77,15 @@ files:
71
77
  - lib/RubyIOC/scanner.rb
72
78
  - lib/RubyIOC/version.rb
73
79
  - test/find_windows.ioc
80
+ - test/test_arp_entry_item.ioc
74
81
  - test/test_dns_entry_item.ioc
82
+ - test/test_event_log_item.ioc
75
83
  - test/test_iocitem_factory.rb
84
+ - test/test_port_item.ioc
76
85
  - test/test_scan.rb
86
+ - test/test_service_item.ioc
77
87
  - test/test_user_item.ioc
88
+ - test/test_volume_item.ioc
78
89
  - test/zeus.ioc
79
90
  homepage: ''
80
91
  licenses: []
@@ -96,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
96
107
  version: '0'
97
108
  requirements: []
98
109
  rubyforge_project: RubyIOC
99
- rubygems_version: 1.8.16
110
+ rubygems_version: 1.8.24
100
111
  signing_key:
101
112
  specification_version: 3
102
113
  summary: RubyIOC is a ruby library used for indicators of compromise