Created Use cases (markdown)

2014-01-13 07:12:32 -08:00 · 2014-01-13 07:12:32 -08:00 · e5f77bfe0f
parent 9191384405
commit e5f77bfe0f
1 changed files with 25 additions and 0 deletions
--- a/Use-cases.md
+++ b/Use-cases.md
@ -0,0 +1,25 @@
+New Exploit
+===========
+
+* a new CVE is published
+* an analyst who was working on a sample realise it is related, he publishes the hash
+* when adding the Hash in our MISP instance, we discover other events using this vulnerability
+
+Messy list of hashes
+====================
+
+* a big list of hashes is published anonymously without context
+* when added in a MISP Instance, we can link it to an attack
+
+OSINT
+=====
+
+* the report has a lot of IOCs (hashes, ips, domains...)
+* when added into MISP, we link it to multiple former events and inform the victims
+
+Attribution
+===========
+
+* Multiple malwares are investigated at the same time by different entities
+* They all contain the same highly specific mutex and can be connected and help to identify the attacker
+