├── README.txt
└── security-analysis.mtz


/README.txt:
--------------------------------------------------------------------------------
 1 | For use with Maltego CaseFile 
 2 | (http://www.paterva.com/web6/products/casefile.php). 
 3 | 
 4 | Maltego CaseFile is a trademarked product of Paterva. I am presenting these
 5 | entities and add-ons as a community contribution. I am in no way affiliated,
 6 | directly or in-directly, with Paterva or the Maltego product line.
 7 | 
 8 | This is a basic group to entities to help analysts and investigators use
 9 | Maltego CaseFile for information security, malware analysis and incident
10 | response specific cases. More entities and categories will be added in the very
11 | near future, these were throw together rather quickly.  
12 | 
13 | A full list of all the entities included so far is listed below.
14 | 
15 | The current entities are organized into different categories, some of them new
16 | and some are additions to existing categories. The biggest addition is the
17 | 'Malware' category which adds entities for things like file hashes, paths,
18 | process and service names, etc. 
19 | 
20 | Hopefully this will be useful to some people while performing investigations
21 | and attempting to get a good graph or visualization of what happened during the
22 | course of events. I'll be expanding on this overtime and I'm definitely open to
23 | feedback and suggestions. Feel free to send in Git commits or shoot me an email
24 | if you think anything else should be added.  
25 | 
26 | Full Entity List
27 | ================
28 | 
29 | Devices
30 | =======
31 | Zombie                       Compromised bot or zombie host
32 | C2                           Command and Control host
33 | Botnet DNS Relay             DNS server relay for botnet
34 | Compromised Host             Infected or compromised device
35 | 
36 | Events
37 | ======
38 | Exploit                      Exploit or attack vector, CVE id or other
39 |                              vulnerability identifier
40 | Exploitation Chain           Multiple exploit or attack vector chain
41 | Phishing                     Phishing entity for individual event or campaign
42 |                              classification.
43 | 
44 | 
45 | Malware
46 | =======
47 | Filename                     File used for or by malware.
48 | Hash                         Malware sample checksum
49 | Registry Entry               Malicious Host
50 | Browser Cookie               Browser cookie stored or created by malware
51 | Malicious Process            Process ID, name or other identifier
52 | Service Name                 Malicious service name
53 | User Account                 User account created or used by malware
54 | Certificate                  SSL or code-signing certificate used by malware
55 | File Path                    File/directory path created or used by malware
56 | Hidden File                  File hidden by malware
57 | HTTP Request                 HTTP or HTTPS requested used for malware
58 |                              communication
59 | 
60 | 
61 | Threat Actors
62 | =============
63 | Advanced Targeted Attacker   Advanced threat group or individual
64 | Insider threat               Internal threat actor such as contractor or
65 |                              employee
66 | Organized Crime              Organized cyber crime group
67 | Opportunity Attacker         Non-targeted, opportunity attacker
68 | 


--------------------------------------------------------------------------------
/security-analysis.mtz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/deadbits/Analyst-CaseFile/7284f85b221182aeef95b2b6256019cd60143bd0/security-analysis.mtz


--------------------------------------------------------------------------------