├── .github ├── .bandit.yml ├── .flake8 ├── .isort.cfg ├── .markdownlint.yaml ├── CODEOWNERS └── workflows │ ├── bump_version.yaml │ ├── compile_test.yaml │ └── pre_commit.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── assets ├── CISA_Logo.ico └── CISA_Logo.png ├── chirp.py ├── chirp ├── __init__.py ├── __main__.py ├── common.py ├── load.py ├── plugins │ ├── README.md │ ├── __init__.py │ ├── events │ │ ├── __init__.py │ │ ├── events.py │ │ ├── evtx2json.py │ │ └── scan.py │ ├── loader.py │ ├── network │ │ ├── __init__.py │ │ ├── network.py │ │ └── scan.py │ ├── operators.py │ ├── registry │ │ ├── __init__.py │ │ ├── registry.py │ │ └── scan.py │ └── yara │ │ ├── __init__.py │ │ └── run.py └── run.py ├── indicators ├── AA21-008A │ ├── AA21-008A.pdf │ ├── certexfil_powershell.yaml │ ├── certexfil_security.yaml │ ├── cisa_raindrop.yaml │ ├── cisa_solarfire.yaml │ ├── cisa_sunshuttle.yaml │ ├── cisa_teardrop.yaml │ ├── crowdstrike_rempack.yaml │ ├── crowdstrike_sunspot.yaml │ ├── fireeye_cosmicgale.yaml │ ├── fireeye_sunburst.yaml │ └── iocs.yaml ├── AA21-062A │ ├── AA21-062A.pdf │ └── AA21062A.yaml └── README.md └── setup.py /.github/.bandit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/.bandit.yml -------------------------------------------------------------------------------- /.github/.flake8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/.flake8 -------------------------------------------------------------------------------- /.github/.isort.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/.isort.cfg -------------------------------------------------------------------------------- /.github/.markdownlint.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/.markdownlint.yaml -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @cisagov/team-HUNT @DeemOnSecurity 2 | -------------------------------------------------------------------------------- /.github/workflows/bump_version.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/workflows/bump_version.yaml -------------------------------------------------------------------------------- /.github/workflows/compile_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/workflows/compile_test.yaml -------------------------------------------------------------------------------- /.github/workflows/pre_commit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.github/workflows/pre_commit.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/README.md -------------------------------------------------------------------------------- /assets/CISA_Logo.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/assets/CISA_Logo.ico -------------------------------------------------------------------------------- /assets/CISA_Logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/assets/CISA_Logo.png -------------------------------------------------------------------------------- /chirp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp.py -------------------------------------------------------------------------------- /chirp/__init__.py: -------------------------------------------------------------------------------- 1 | """CHIRP Initializer.""" 2 | -------------------------------------------------------------------------------- /chirp/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/__main__.py -------------------------------------------------------------------------------- /chirp/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/common.py -------------------------------------------------------------------------------- /chirp/load.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/load.py -------------------------------------------------------------------------------- /chirp/plugins/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/README.md -------------------------------------------------------------------------------- /chirp/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | """Plugins initializer.""" 2 | -------------------------------------------------------------------------------- /chirp/plugins/events/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/events/__init__.py -------------------------------------------------------------------------------- /chirp/plugins/events/events.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/events/events.py -------------------------------------------------------------------------------- /chirp/plugins/events/evtx2json.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/events/evtx2json.py -------------------------------------------------------------------------------- /chirp/plugins/events/scan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/events/scan.py -------------------------------------------------------------------------------- /chirp/plugins/loader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/loader.py -------------------------------------------------------------------------------- /chirp/plugins/network/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/network/__init__.py -------------------------------------------------------------------------------- /chirp/plugins/network/network.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/network/network.py -------------------------------------------------------------------------------- /chirp/plugins/network/scan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/network/scan.py -------------------------------------------------------------------------------- /chirp/plugins/operators.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/operators.py -------------------------------------------------------------------------------- /chirp/plugins/registry/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/registry/__init__.py -------------------------------------------------------------------------------- /chirp/plugins/registry/registry.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/registry/registry.py -------------------------------------------------------------------------------- /chirp/plugins/registry/scan.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/registry/scan.py -------------------------------------------------------------------------------- /chirp/plugins/yara/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/yara/__init__.py -------------------------------------------------------------------------------- /chirp/plugins/yara/run.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/plugins/yara/run.py -------------------------------------------------------------------------------- /chirp/run.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/chirp/run.py -------------------------------------------------------------------------------- /indicators/AA21-008A/AA21-008A.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/AA21-008A.pdf -------------------------------------------------------------------------------- /indicators/AA21-008A/certexfil_powershell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/certexfil_powershell.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/certexfil_security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/certexfil_security.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/cisa_raindrop.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/cisa_raindrop.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/cisa_solarfire.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/cisa_solarfire.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/cisa_sunshuttle.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/cisa_sunshuttle.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/cisa_teardrop.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/cisa_teardrop.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/crowdstrike_rempack.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/crowdstrike_rempack.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/crowdstrike_sunspot.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/crowdstrike_sunspot.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/fireeye_cosmicgale.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/fireeye_cosmicgale.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/fireeye_sunburst.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/fireeye_sunburst.yaml -------------------------------------------------------------------------------- /indicators/AA21-008A/iocs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-008A/iocs.yaml -------------------------------------------------------------------------------- /indicators/AA21-062A/AA21-062A.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-062A/AA21-062A.pdf -------------------------------------------------------------------------------- /indicators/AA21-062A/AA21062A.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/AA21-062A/AA21062A.yaml -------------------------------------------------------------------------------- /indicators/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/indicators/README.md -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/CHIRP/HEAD/setup.py --------------------------------------------------------------------------------