This repository has been archived by the owner on Jan 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
deadbits/Analyst-CaseFile
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
For use with Maltego CaseFile (http://www.paterva.com/web6/products/casefile.php). Maltego CaseFile is a trademarked product of Paterva. I am presenting these entities and add-ons as a community contribution. I am in no way affiliated, directly or in-directly, with Paterva or the Maltego product line. This is a basic group to entities to help analysts and investigators use Maltego CaseFile for information security, malware analysis and incident response specific cases. More entities and categories will be added in the very near future, these were throw together rather quickly. A full list of all the entities included so far is listed below. The current entities are organized into different categories, some of them new and some are additions to existing categories. The biggest addition is the 'Malware' category which adds entities for things like file hashes, paths, process and service names, etc. Hopefully this will be useful to some people while performing investigations and attempting to get a good graph or visualization of what happened during the course of events. I'll be expanding on this overtime and I'm definitely open to feedback and suggestions. Feel free to send in Git commits or shoot me an email if you think anything else should be added. Full Entity List ================ Devices ======= Zombie Compromised bot or zombie host C2 Command and Control host Botnet DNS Relay DNS server relay for botnet Compromised Host Infected or compromised device Events ====== Exploit Exploit or attack vector, CVE id or other vulnerability identifier Exploitation Chain Multiple exploit or attack vector chain Phishing Phishing entity for individual event or campaign classification. Malware ======= Filename File used for or by malware. Hash Malware sample checksum Registry Entry Malicious Host Browser Cookie Browser cookie stored or created by malware Malicious Process Process ID, name or other identifier Service Name Malicious service name User Account User account created or used by malware Certificate SSL or code-signing certificate used by malware File Path File/directory path created or used by malware Hidden File File hidden by malware HTTP Request HTTP or HTTPS requested used for malware communication Threat Actors ============= Advanced Targeted Attacker Advanced threat group or individual Insider threat Internal threat actor such as contractor or employee Organized Crime Organized cyber crime group Opportunity Attacker Non-targeted, opportunity attacker
About
Maltego CaseFile entities for information security investigations, malware analysis and incident response
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published