GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → deadbits → Analyst Casefile

deadbits / Analyst Casefile

Maltego CaseFile entities for information security investigations, malware analysis and incident response

Labels

securitymalware-analysisincident-responsemalware-research

Projects that are alternatives of or similar to Analyst Casefile

Fame
FAME Automates Malware Evaluation
Stars: ✭ 663 (+1517.07%)
Mutual labels:  incident-response, malware-analysis, malware-research
Drakvuf Sandbox
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Stars: ✭ 384 (+836.59%)
Mutual labels:  malware-analysis, malware-research
Simplify
Android virtual machine and deobfuscator
Stars: ✭ 3,865 (+9326.83%)
Mutual labels:  malware-analysis, malware-research
Pev
The PE file analysis toolkit
Stars: ✭ 422 (+929.27%)
Mutual labels:  malware-analysis, malware-research
Yargen
yarGen is a generator for YARA rules
Stars: ✭ 795 (+1839.02%)
Mutual labels:  malware-analysis, malware-research
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+758.54%)
Mutual labels:  malware-analysis, malware-research
Fcl
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Stars: ✭ 409 (+897.56%)
Mutual labels:  incident-response, malware-analysis
Polichombr
Collaborative malware analysis framework
Stars: ✭ 307 (+648.78%)
Mutual labels:  malware-analysis, malware-research
Linux.mirai
Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
Stars: ✭ 466 (+1036.59%)
Mutual labels:  malware-analysis, malware-research
Multiscanner
Modular file scanning/analysis framework
Stars: ✭ 494 (+1104.88%)
Mutual labels:  malware-analysis, malware-research
Malware Samples
A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net
Stars: ✭ 565 (+1278.05%)
Mutual labels:  malware-analysis, malware-research
Thezoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Stars: ✭ 7,849 (+19043.9%)
Mutual labels:  malware-analysis, malware-research
Malware Jail
Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js
Stars: ✭ 349 (+751.22%)
Mutual labels:  malware-analysis, malware-research
See
Sandboxed Execution Environment
Stars: ✭ 770 (+1778.05%)
Mutual labels:  malware-analysis, malware-research
Winappdbg
WinAppDbg Debugger
Stars: ✭ 338 (+724.39%)
Mutual labels:  malware-analysis, malware-research
Dex Oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
Stars: ✭ 398 (+870.73%)
Mutual labels:  malware-analysis, malware-research
Malware Research
Code written as part of our various malware investigations
Stars: ✭ 281 (+585.37%)
Mutual labels:  malware-analysis, malware-research
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+595.12%)
Mutual labels:  malware-analysis, malware-research
Wdbgark
WinDBG Anti-RootKit Extension
Stars: ✭ 450 (+997.56%)
Mutual labels:  malware-analysis, malware-research
Apkid
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+2336.59%)
Mutual labels:  malware-analysis, malware-research
View All Similar Projects ➔

For use with Maltego CaseFile (http://www.paterva.com/web6/products/casefile.php).

Maltego CaseFile is a trademarked product of Paterva. I am presenting these entities and add-ons as a community contribution. I am in no way affiliated, directly or in-directly, with Paterva or the Maltego product line.

This is a basic group to entities to help analysts and investigators use Maltego CaseFile for information security, malware analysis and incident response specific cases. More entities and categories will be added in the very near future, these were throw together rather quickly.

A full list of all the entities included so far is listed below.

The current entities are organized into different categories, some of them new and some are additions to existing categories. The biggest addition is the 'Malware' category which adds entities for things like file hashes, paths, process and service names, etc.

Hopefully this will be useful to some people while performing investigations and attempting to get a good graph or visualization of what happened during the course of events. I'll be expanding on this overtime and I'm definitely open to feedback and suggestions. Feel free to send in Git commits or shoot me an email if you think anything else should be added.

Full Entity List

Devices

Zombie Compromised bot or zombie host C2 Command and Control host Botnet DNS Relay DNS server relay for botnet Compromised Host Infected or compromised device

Events

Exploit Exploit or attack vector, CVE id or other vulnerability identifier Exploitation Chain Multiple exploit or attack vector chain Phishing Phishing entity for individual event or campaign classification.

Malware

Filename File used for or by malware. Hash Malware sample checksum Registry Entry Malicious Host Browser Cookie Browser cookie stored or created by malware Malicious Process Process ID, name or other identifier Service Name Malicious service name User Account User account created or used by malware Certificate SSL or code-signing certificate used by malware File Path File/directory path created or used by malware Hidden File File hidden by malware HTTP Request HTTP or HTTPS requested used for malware communication

Threat Actors

Advanced Targeted Attacker Advanced threat group or individual Insider threat Internal threat actor such as contractor or employee Organized Crime Organized cyber crime group Opportunity Attacker Non-targeted, opportunity attacker

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].