mirror of https://github.com/MISP/MISP
Created Use cases (markdown)
parent
9191384405
commit
e5f77bfe0f
|
@ -0,0 +1,25 @@
|
|||
New Exploit
|
||||
===========
|
||||
|
||||
* a new CVE is published
|
||||
* an analyst who was working on a sample realise it is related, he publishes the hash
|
||||
* when adding the Hash in our MISP instance, we discover other events using this vulnerability
|
||||
|
||||
Messy list of hashes
|
||||
====================
|
||||
|
||||
* a big list of hashes is published anonymously without context
|
||||
* when added in a MISP Instance, we can link it to an attack
|
||||
|
||||
OSINT
|
||||
=====
|
||||
|
||||
* the report has a lot of IOCs (hashes, ips, domains...)
|
||||
* when added into MISP, we link it to multiple former events and inform the victims
|
||||
|
||||
Attribution
|
||||
===========
|
||||
|
||||
* Multiple malwares are investigated at the same time by different entities
|
||||
* They all contain the same highly specific mutex and can be connected and help to identify the attacker
|
||||
|
Loading…
Reference in New Issue