[Advent of IOK: Day 1] Hello Phish!

Phishing sites often use domains containing the brand name they're impersonating. Let's find a phishing site where the domain contains "stripe"
This is a companion discussion topic for the original entry at https://phish.report/IOK/learn/010-hello-phish

Stuck? Here’s a minimal working rule:

    hostname|contains: "stripe"

  condition: containsStripe

As IOK is based on the Sigma language, any Sigma tutorial will be helpful in learning e.g. SOC Level Up: Introduction to Sigma Rules

Or check out any of the rules in our open source repo: https://github.com/phish-report/IOK/tree/main/indicators