From 98459432a2009a9d7de5176dfdbda4af2263e604 Mon Sep 17 00:00:00 2001
From: aksha <aksha6193@gmail.com>
Date: Fri, 28 Sep 2018 12:13:31 +0100
Subject: [PATCH] Add: Regripper 3 object templates including SAM hive and
 NTUSer.dat.

---
 objects/regripper-NTUser/definition.json      | 95 +++++++++++++++++++
 .../definition.json                           | 59 ++++++++++++
 .../definition.json                           | 53 +++++++++++
 3 files changed, 207 insertions(+)
 create mode 100644 objects/regripper-NTUser/definition.json
 create mode 100644 objects/regripper-sam-hive-single-user/definition.json
 create mode 100644 objects/regripper-sam-hive-user-group/definition.json

diff --git a/objects/regripper-NTUser/definition.json b/objects/regripper-NTUser/definition.json
new file mode 100644
index 0000000..cb0a4a7
--- /dev/null
+++ b/objects/regripper-NTUser/definition.json
@@ -0,0 +1,95 @@
+{
+  "required": [
+    "key"
+  ],
+  "requiredOneOf": [
+    "group-name"
+  ],
+  "attributes": {
+    "key": {
+      "description": "Registry key where the information is retrieved from.",
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "key-last-write-time": {
+      "description": "Date and time when the key was last updated.",
+      "ui-priority": 0,
+      "misp-attribute": "datetime"
+    },
+    "logon-user-name": {
+      "description": "Name assigned to the user profile.",
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    },
+    "recent-folders-accessed": {
+      "description": "List of recent folders accessed by the user.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple":"true"
+    },
+    "recent-files-accessed": {
+      "description": "List of recent files accessed by the user.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple":"true"
+    },
+    "typed-urls": {
+      "description": "Urls typed by the user in internet explorer",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple":"true"
+    },
+    "applications-installed": {
+      "description": "List of applications installed.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple":"true"
+    },
+    "applications-run": {
+      "description": "List of applications set to run on the system.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": "true"
+    },
+    "external-devices": {
+      "description": "List of external devices connected to the system by the user.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": "true"
+    },
+   "user-init": {
+      "description": "Applications or processes set to run when the user logs onto the windows system.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": "true"
+    },
+    "nukeOnDelete": {
+      "description": "Determines if the Recycle bin option has been disabled.",
+      "ui-priority": 0,
+      "misp-attribute": "boolean"
+    },
+    "network-connected-to": {
+      "description": "List of networks the user connected the system to.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": "true"
+    },
+    "mount-points": {
+      "description": "Details of the mount points created on the system.",
+      "ui-priority": 0,
+      "misp-attribute": "text",
+      "multiple": "true"
+    },
+    "comments": {
+      "description": "Additional information related to the user profile",
+      "ui-priority": 0,
+      "misp-attribute": "text"
+    }
+    
+  },
+  "version": 1,
+  "description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",
+  "meta-category": "misc",
+  "uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
+  "name": "regripper-NTUser"
+}
diff --git a/objects/regripper-sam-hive-single-user/definition.json b/objects/regripper-sam-hive-single-user/definition.json
new file mode 100644
index 0000000..eb32b5b
--- /dev/null
+++ b/objects/regripper-sam-hive-single-user/definition.json
@@ -0,0 +1,59 @@
+{
+    "required": [
+      "key"
+    ],
+    "requiredOneOf": [
+      "user-name",
+      "last-login-time",
+      "login-count"
+    ],
+    "attributes": {
+      "key": {
+        "description": "Registry key where the information is retrieved from.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "key-last-write-time": {
+        "description": "Date and time when the key was last updated.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime"
+      },
+      "user-name": {
+        "description": "User name assigned to the user profile.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "full-user-name": {
+        "description": "Full name assigned to the user profile.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "last-login-time": {
+        "description": "Date and time when the user last logged onto the system.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime"
+      },
+      "pwd-reset-time": {
+        "description": "Date and time when the password was last reset.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime"
+      },
+      "pwd-fail-date": {
+        "description": "Date and time when a password last failed for this user profile.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime"
+      },
+      "login-count": {
+        "description": "Number of times the user logged-in onto the system.",
+        "ui-priority": 0,
+        "misp-attribute": "number"
+      }
+     
+    },
+    "version": 1,
+    "description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
+    "meta-category": "misc",
+    "uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
+    "name": "regripper-sam-hive-single-user"
+  }
+  
\ No newline at end of file
diff --git a/objects/regripper-sam-hive-user-group/definition.json b/objects/regripper-sam-hive-user-group/definition.json
new file mode 100644
index 0000000..1e41a1c
--- /dev/null
+++ b/objects/regripper-sam-hive-user-group/definition.json
@@ -0,0 +1,53 @@
+{
+    "required": [
+      "key"
+    ],
+    "requiredOneOf": [
+      "group-name"
+    ],
+    "attributes": {
+      "key": {
+        "description": "Registry key where the information is retrieved from.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "key-last-write-time": {
+        "description": "Date and time when the key was last updated.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime"
+      },
+      "group-name": {
+        "description": "Name assigned to the profile.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "full-name": {
+        "description": "Full name assigned to the profile.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "last-write-date-time": {
+        "description": "Date and time when the group key was updated.",
+        "ui-priority": 0,
+        "misp-attribute": "datetime"
+      },
+      "group-comment": {
+        "description": "Name assigned to the profile.",
+        "ui-priority": 0,
+        "misp-attribute": "text"
+      },
+      "group-users": {
+        "description": "Users belonging to the group",
+        "ui-priority": 0,
+        "misp-attribute": "text",
+        "multiple": "true"
+      }
+     
+    },
+    "version": 1,
+    "description": "Regripper Object template designed to present group profile details extracted from the SAM hive.",
+    "meta-category": "misc",
+    "uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c",
+    "name": "regripper-sam-hive-user-group"
+  }
+  
\ No newline at end of file