mirror of https://github.com/MISP/misp-objects
Add: Regripper 3 object templates including SAM hive and NTUSer.dat.
parent
10acf6289e
commit
98459432a2
|
@ -0,0 +1,95 @@
|
||||||
|
{
|
||||||
|
"required": [
|
||||||
|
"key"
|
||||||
|
],
|
||||||
|
"requiredOneOf": [
|
||||||
|
"group-name"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"key": {
|
||||||
|
"description": "Registry key where the information is retrieved from.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"key-last-write-time": {
|
||||||
|
"description": "Date and time when the key was last updated.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"logon-user-name": {
|
||||||
|
"description": "Name assigned to the user profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"recent-folders-accessed": {
|
||||||
|
"description": "List of recent folders accessed by the user.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple":"true"
|
||||||
|
},
|
||||||
|
"recent-files-accessed": {
|
||||||
|
"description": "List of recent files accessed by the user.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple":"true"
|
||||||
|
},
|
||||||
|
"typed-urls": {
|
||||||
|
"description": "Urls typed by the user in internet explorer",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple":"true"
|
||||||
|
},
|
||||||
|
"applications-installed": {
|
||||||
|
"description": "List of applications installed.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple":"true"
|
||||||
|
},
|
||||||
|
"applications-run": {
|
||||||
|
"description": "List of applications set to run on the system.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": "true"
|
||||||
|
},
|
||||||
|
"external-devices": {
|
||||||
|
"description": "List of external devices connected to the system by the user.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": "true"
|
||||||
|
},
|
||||||
|
"user-init": {
|
||||||
|
"description": "Applications or processes set to run when the user logs onto the windows system.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": "true"
|
||||||
|
},
|
||||||
|
"nukeOnDelete": {
|
||||||
|
"description": "Determines if the Recycle bin option has been disabled.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "boolean"
|
||||||
|
},
|
||||||
|
"network-connected-to": {
|
||||||
|
"description": "List of networks the user connected the system to.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": "true"
|
||||||
|
},
|
||||||
|
"mount-points": {
|
||||||
|
"description": "Details of the mount points created on the system.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": "true"
|
||||||
|
},
|
||||||
|
"comments": {
|
||||||
|
"description": "Additional information related to the user profile",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
}
|
||||||
|
|
||||||
|
},
|
||||||
|
"version": 1,
|
||||||
|
"description": "Regripper Object template designed to present user specific configuration details extracted from the NTUSER.dat hive.",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"uuid": "f9dc7b7e-8ab1-4dde-95d9-67e41b461c65",
|
||||||
|
"name": "regripper-NTUser"
|
||||||
|
}
|
|
@ -0,0 +1,59 @@
|
||||||
|
{
|
||||||
|
"required": [
|
||||||
|
"key"
|
||||||
|
],
|
||||||
|
"requiredOneOf": [
|
||||||
|
"user-name",
|
||||||
|
"last-login-time",
|
||||||
|
"login-count"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"key": {
|
||||||
|
"description": "Registry key where the information is retrieved from.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"key-last-write-time": {
|
||||||
|
"description": "Date and time when the key was last updated.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"user-name": {
|
||||||
|
"description": "User name assigned to the user profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"full-user-name": {
|
||||||
|
"description": "Full name assigned to the user profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"last-login-time": {
|
||||||
|
"description": "Date and time when the user last logged onto the system.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"pwd-reset-time": {
|
||||||
|
"description": "Date and time when the password was last reset.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"pwd-fail-date": {
|
||||||
|
"description": "Date and time when a password last failed for this user profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"login-count": {
|
||||||
|
"description": "Number of times the user logged-in onto the system.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "number"
|
||||||
|
}
|
||||||
|
|
||||||
|
},
|
||||||
|
"version": 1,
|
||||||
|
"description": "Regripper Object template designed to present user profile details extracted from the SAM hive.",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"uuid": "4d3fffd2-cd07-4357-96e0-a51c988faaef",
|
||||||
|
"name": "regripper-sam-hive-single-user"
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
{
|
||||||
|
"required": [
|
||||||
|
"key"
|
||||||
|
],
|
||||||
|
"requiredOneOf": [
|
||||||
|
"group-name"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"key": {
|
||||||
|
"description": "Registry key where the information is retrieved from.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"key-last-write-time": {
|
||||||
|
"description": "Date and time when the key was last updated.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"group-name": {
|
||||||
|
"description": "Name assigned to the profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"full-name": {
|
||||||
|
"description": "Full name assigned to the profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"last-write-date-time": {
|
||||||
|
"description": "Date and time when the group key was updated.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "datetime"
|
||||||
|
},
|
||||||
|
"group-comment": {
|
||||||
|
"description": "Name assigned to the profile.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"group-users": {
|
||||||
|
"description": "Users belonging to the group",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"multiple": "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
},
|
||||||
|
"version": 1,
|
||||||
|
"description": "Regripper Object template designed to present group profile details extracted from the SAM hive.",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"uuid": "b924bae1-2dec-4d2d-a8c2-b03305222b7c",
|
||||||
|
"name": "regripper-sam-hive-user-group"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue