MISP
/
misp-objects
mirror of https://github.com/MISP/misp-objects
2
0
Fork 0
Code Issues Releases Wiki Activity

Add: Regripper 3 object templates including SAM hive and NTUSer.dat.

pull/118/head
aksha 2018-09-28 12:13:31 +01:00
parent 10acf6289e
commit 98459432a2
3 changed files with 207 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
objects/regripper-NTUser/definition.json Normal file
View File

@ -0,0 +1,95 @@
{
"required": [
"key"
],
"requiredOneOf": [
"group-name"
],
"attributes": {
"key": {
"description": "Registry key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"logon-user-name": {
"description": "Name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"recent-folders-accessed": {
"description": "List of recent folders accessed by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
},
"recent-files-accessed": {
"description": "List of recent files accessed by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
},
"typed-urls": {
"description": "Urls typed by the user in internet explorer",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
},
"applications-installed": {
"description": "List of applications installed.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple":"true"
},
"applications-run": {
"description": "List of applications set to run on the system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
},
"external-devices": {
"description": "List of external devices connected to the system by the user.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
},
"user-init": {
"description": "Applications or processes set to run when the user logs onto the windows system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
},
"nukeOnDelete": {
"description": "Determines if the Recycle bin option has been disabled.",
"ui-priority": 0,
"misp-attribute": "boolean"
},
"network-connected-to": {
"description": "List of networks the user connected the system to.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
},
"mount-points": {
"description": "Details of the mount points created on the system.",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
},
"comments": {
"description": "Additional information related to the user profile",
"ui-priority": 0,
"misp-attribute": "text"
}
},
"version": 1,
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",
"meta-category": "misc",
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
"name": "regripper-NTUser"
}

59
objects/regripper-sam-hive-single-user/definition.json Normal file
View File

@ -0,0 +1,59 @@
{
"required": [
"key"
],
"requiredOneOf": [
"user-name",
"last-login-time",
"login-count"
],
"attributes": {
"key": {
"description": "Registry key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"user-name": {
"description": "User name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"full-user-name": {
"description": "Full name assigned to the user profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-login-time": {
"description": "Date and time when the user last logged onto the system.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"pwd-reset-time": {
"description": "Date and time when the password was last reset.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"pwd-fail-date": {
"description": "Date and time when a password last failed for this user profile.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"login-count": {
"description": "Number of times the user logged-in onto the system.",
"ui-priority": 0,
"misp-attribute": "number"
}
},
"version": 1,
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
"meta-category": "misc",
"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
"name": "regripper-sam-hive-single-user"
}

53
objects/regripper-sam-hive-user-group/definition.json Normal file
View File

@ -0,0 +1,53 @@
{
"required": [
"key"
],
"requiredOneOf": [
"group-name"
],
"attributes": {
"key": {
"description": "Registry key where the information is retrieved from.",
"ui-priority": 0,
"misp-attribute": "text"
},
"key-last-write-time": {
"description": "Date and time when the key was last updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"group-name": {
"description": "Name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"full-name": {
"description": "Full name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"last-write-date-time": {
"description": "Date and time when the group key was updated.",
"ui-priority": 0,
"misp-attribute": "datetime"
},
"group-comment": {
"description": "Name assigned to the profile.",
"ui-priority": 0,
"misp-attribute": "text"
},
"group-users": {
"description": "Users belonging to the group",
"ui-priority": 0,
"misp-attribute": "text",
"multiple": "true"
}
},
"version": 1,
"description": "Regripper Object template designed to present group profile details extracted from the SAM hive.",
"meta-category": "misc",
"uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c",
"name": "regripper-sam-hive-user-group"
}