├── DokuWiki
├── exploit-page.doku
├── implate-page.doku
├── intrusion-set-page.doku
├── malicious-actor-page.doku
├── malicious-group-page.doku
├── start.doku
└── third-party-intelligence-page.doku
├── MarkDown
├── exploit-page.md
├── implant-page.md
├── intrusion-set-page.md
├── malicious-actor-page.md
├── malicious-group-page.md
├── start.md
└── third-party-intelligence-page.md
└── README.md
/DokuWiki/exploit-page.doku:
--------------------------------------------------------------------------------
1 | ===== Timeline =====
2 | ^ Exploit Identified | 19990101 |
3 | ^ Public Exploit Published | 19990101 |
4 | ^ Exploit Updated | 19990101 |
5 |
6 | ===== Developer =====
7 | Author: Lorem ipsum
8 | Actor: [[Alpha]]
9 |
10 | ===== Vulnerable Systesm =====
11 | ^ Vulnerable Application | Lorem ipsum |
12 | ^ Vulnerable Module | Lorem ipsum |
13 | ^ Vulnerable Versions | 1.0 |
14 | ^ Vulnerable Languages | Lorem ipsum |
15 | ^ Patch | N/A |
16 |
17 | ===== Mitigation =====
18 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
19 |
20 | ===== Files =====
21 | ^ Delivery Code | FIXME Add files with upload dialog. |
22 | ^ Exploit Code | FIXME Add files with upload dialog. |
23 |
24 | ===== References =====
25 | ExploitDB-ID: 0
26 | CVE: CVE-0000-0000
27 | OSVDB-ID: 0
28 |
29 | === Exploit Sources ===
30 | * http://www.example.com
31 | * http://www.example.com
32 |
33 | ===== Notes =====
34 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
35 |
--------------------------------------------------------------------------------
/DokuWiki/implate-page.doku:
--------------------------------------------------------------------------------
1 | ^ Implant Report | Alpha Alpha: Example.file |
2 | ^ Reverse Engineer | Lorem ipsum |
3 | ^ Date | 19990101 |
4 | ^ Associated FO Set | Alpha Alpha |
5 |
6 | ===== Summary of the Analysis: =====
7 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
8 |
9 | ===== Identification =====
10 | ^ File Name | Example.file |
11 | ^ File Type | example |
12 | ^ File Size | 0 |
13 | ^ MD5 | d41d8cd98f00b204e9800998ecf8427e |
14 | ^ SHA | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
15 | ^ Ssdeep | 3:: |
16 |
17 | ====Current anti-virus detection capabilities:====
18 | ^ McAfee | none |
19 | ^ Symantec | none |
20 |
21 | ===== Characteristics =====
22 |
23 | ==== File Hooking ====
24 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
25 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
26 |
27 | ==== Persistence Mechanisms ====
28 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
29 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
30 |
31 | ==== Spreading Mechanisms ====
32 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
33 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
34 |
35 | ==== Exfiltration Mechanisms ====
36 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
37 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
38 |
39 | ==== Command and Control Mechanisms ====
40 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
41 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
42 |
43 | ===== Dependencies =====
44 |
45 | ==== Supported Operating Systems ====
46 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
47 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
48 |
49 | ==== Required Files ====
50 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
51 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
52 |
53 | ==== Second Stage Downloads ====
54 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
55 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
56 |
57 | ==== Registry Keys ====
58 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
59 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
60 |
61 | ===== Behavioral and code analysis findings =====
62 | //Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.//
63 |
64 | ===== Supporting Figures =====
65 |
66 | ==== Logs ====
67 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
68 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
69 |
70 | ==== Interesting Strings ====
71 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
72 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
73 |
74 | ==== Other Relevant Files or Data ====
75 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
76 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
77 |
78 | ===== Incident Recommendations =====
79 |
80 | ==== Identification ====
81 |
82 | === Network Indicators ===
83 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
84 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
85 | === File System Indicators ===
86 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
87 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
88 | === Memory Indicators ===
89 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
90 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
91 |
92 | ==== Mitigation ====
93 |
94 | === Containment Steps ====
95 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
96 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
97 |
98 | === Eradication Steps ====
99 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
100 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
101 |
--------------------------------------------------------------------------------
/DokuWiki/intrusion-set-page.doku:
--------------------------------------------------------------------------------
1 | ====== Summary ======
2 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
3 |
4 | ====== Compromise Vector & Persistence ======
5 |
6 | ===== Compromise Vector =====
7 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
8 |
9 | ==== Phishing/Spearfishing/Spam Email ====
10 | ^ From | Lorem ipsum , Lorem ipsum , |
11 | ^ To | Lorem ipsum , Lorem ipsum , |
12 | ^ CC | Lorem ipsum , Lorem ipsum , |
13 | ^ Date & Time | 19990101 12:00:00 |
14 | ^ Subject | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. |
15 | ^ Body | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.|
16 | ^ Attachments | FIXME Add using files dialog ['Lorem ipsum', 'Lorem ipsum'], ['Lorem ipsum', 'Lorem ipsum'], |
17 | ^ MIME | FIXME Add using file dialog |
18 |
19 | ===== Persistence =====
20 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
21 |
22 | ====== Detection =====
23 |
24 | ==== SIEM Content ====
25 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
26 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
27 |
28 | ==== IDS Content ====
29 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
30 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
31 |
32 | ==== Firewall Content ====
33 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
34 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
35 |
36 | ==== Open Tickets ====
37 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
38 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
39 |
40 | ===== Compromised Resources =====
41 |
42 | ==== Known Compromised Hosts ====
43 | ^ IP Address ^ Host Name ^ User Name ^ Title ^ Department ^ Notes ^
44 | | | | | | | |
45 |
46 | ==== Known Compromised Accounts ====
47 | ^ Username ^ User ^ Notes ^
48 | | | | |
49 |
50 | ===== Indicators =====
51 |
52 | ==== IP Indicators ====
53 | ^ IP Address ^ Location ^ URL ^ Research ^ Notes ^
54 | | | | | | |
55 |
56 | ==== URL Indicators ====
57 | ^ URL ^ Associated IP Addresses ^ Location ^ Research ^ Notes ^
58 | | | || ||
59 |
60 | ==== Known Attacker Ports ====
61 | ^ Port ^ Type ^ Service ^ Notes ^
62 | | | | | |
63 |
64 | ==== Bad SSL Certificate ====
65 | ^ Version | |
66 | ^ Serial Number | |
67 | ^ Algorithm ID | |
68 | ^ Issuer | |
69 | ^ Validity | |
70 | ^ Not Before | |
71 | ^ Not After | |
72 | ^ Subject | |
73 | ^ Subject Public Key Info | |
74 | ^ Public Key Algorithm | |
75 | ^ Subject Public Key | |
76 | ^ Issuer Unique Identifier (optional) | |
77 | ^ Subject Unique Identifier (optional) | |
78 | ^ Extensions (optional) | |
79 | ^ Certificate Signature Algorithm | |
80 | ^ Certificate Signature | |
81 |
82 | ==== Bad User Agent Strings ====
83 | ^ UserAgent String ^ Notes ^
84 | | | |
85 |
86 | ==== Known Malicious Files ====
87 | ^ Filename ^ Type ^ Size ^ MD5 ^ SSDeep ^ File ^ Report ^ Notes ^
88 | | | | | | | | | |
89 |
90 | ===== Notes =====
91 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
--------------------------------------------------------------------------------
/DokuWiki/malicious-actor-page.doku:
--------------------------------------------------------------------------------
1 | ====== Lorem ipsum ======
2 | ^ Date Audited | 19990101 |
3 | ^ Name | Lorem ipsum |
4 | ^ DOB | 19990101 |
5 | ^ Age | 00 |
6 | ^ Country of Birth | Lorem ipsum |
7 | ^ Location | Lorem ipsum |
8 |
9 | ===== Names/Aliases =====
10 | * Lorem ipsum
11 | * Lorem ipsum
12 |
13 | ===== Email Addresses =====
14 | * sample@example.com
15 | * sample@example.com
16 |
17 | ===== Web & Social Media Presence =====
18 | ^ IM Names | Lorem ipsum | 19990101 |
19 | ^ Site/group Affiliation | Lorem ipsum | 19990101 |
20 | ^ URLs | http://www.example.com | 19990101 |
21 | ^ Domain Data | http://www.example.com | 19990101 |
22 | ^ Twitter | http://www.example.com | 19990101 |
23 | ^ Facebook | http://www.example.com | 19990101 |
24 | ^ LinkedIn | http://www.example.com | 19990101 |
25 |
26 | ===== Screen Shots =====
27 | FIXME Add relevent screenshots using file upload dialog
28 |
29 | ===== Investigation History =====
30 | ^ Search Type ^ Search Term ^ Date Audited ^
31 | | Google Search | Lorem ipsum | 19990101 |
32 | | Google Search | Lorem ipsum | 19990101 |
33 |
34 | ===== Notes =====
35 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
--------------------------------------------------------------------------------
/DokuWiki/malicious-group-page.doku:
--------------------------------------------------------------------------------
1 | ===== Group: Alpha =====
2 | ^ Summary | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. |
3 | ^ Web Presence | http://www.example.com, http://www.example.com, |
4 | ^ Group Type | Unknown |
5 |
6 | ===== Membership =====
7 | * [[actor:actor:person alpha]]
8 | * [[actor:actor:person bravo]]
9 |
10 | ==== Associated Groups ====
11 | * [[actor:actor:person alpha]]
12 | * [[actor:actor:person bravo]]
13 |
14 | ===== Methodology & Tools =====
15 |
16 | ==== Pre-Exploitation Attempt ====
17 |
18 | === Methodology ===
19 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
20 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
21 |
22 | === Tool Chain ===
23 | * Lorem ipsum
24 | * Lorem ipsum
25 |
26 | ==== Exploitation Attempt ====
27 |
28 | === Methodology ===
29 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
30 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
31 |
32 | === Tool Chain ===
33 | * Lorem ipsum
34 | * Lorem ipsum
35 |
36 | ==== Post Exploitation Attempt ====
37 |
38 | === Methodology ===
39 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
40 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
41 |
42 | === Tool Chain ===
43 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
44 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
45 |
46 | ===== Periods of Operations =====
47 | * 19990101 - 19990101
48 | * 19990101 - 19990101
49 |
--------------------------------------------------------------------------------
/DokuWiki/start.doku:
--------------------------------------------------------------------------------
1 | ====== Summary ======
2 | {{http://infosuck.org/0x003f.png?600}}
3 |
4 | FIXME at least remove the hotlink.
5 |
6 | ===== Terms and Processes =====
7 | * [[Activity Classification]]
8 | * [[Wiki Conventions]]
9 |
10 | ====== News ======
11 |
12 | ===== SANS ISC =====
13 | {{rss>http://isc.sans.edu/rssfeed_full.xml 5 author date 1h }}
14 |
15 | ===== Team Cymru =====
16 | {{rss>http://www.team-cymru.org/News/secnews.rss 5 author date 1h }}
17 |
18 | ====== Intrusion Campaigns ======
19 |
20 | ===== Alpha Campaign =====
21 | * [[intrusionset:Alpha Alpha]] - **Date Identified:** -
22 | * [[intrusionset:Alpha Bravo]] - **Date Identified:** -
23 | **C2:** - **Exfil:** -
24 |
25 | ===== Bravo Campaign =====
26 | * [[intrusionset:Bravo Alpha]] - **Date Identified:** -
27 | * [[intrusionset:Bravo Bravo]] - **Date Identified:** -
28 | **C2:** - **Exfil:** -
29 |
30 | [[intrusionset:Archived Intrusion Sets]]
31 |
32 | ====== Third Party Intelligence ======
33 | * [[thirdpartyintel:TPI-Alpha]] - **Date Received:** -
34 | * [[thirdpartyintel:TPI-Bravo]] - **Date Received:** -
35 | * [[thirdpartyintel:Archived Third Party Intelligence]]
36 |
37 | ====== Known Malicious Tools ======
38 |
39 | ===== Exploits =====
40 | * [[malcode_exploits:Alpha.exploit]] - Exploitation tool Alpha.
41 | * [[malcode_exploits:Bravo.exploit]] - Exploitation tool Bravo.
42 |
43 | ===== Implants =====
44 | * Alpha
45 | * AA: [[malcode_implants:Alpha.implant]]
46 | * Bravo
47 | * BA: [[malcode_implants:Bravo.implant]]
48 |
49 | ===== Utilities =====
50 | * [[malcode_utilities:Alpha.util]] - Alpha.util summary.
51 | * [[malcode_utilities:Bravo.util]] - Bravo.util summary.
52 |
53 | ====== Known Threat Actors ======
54 |
55 | ===== Known Threat Groups =====
56 | * [[actor:Group Alpha]] - Prefix: Alpha
57 | * [[actor:Group Bravo]] - Prefix: Bravo
58 |
59 | ===== Known Threat Actors =====
60 | * [[actor:Person Alpha]] - Prefix: Alpha
61 | * [[actor:Person Bravo]] - Prefix: Alpha
62 |
63 | ====== Templates ======
64 | * [[template:Intrusion Set Page]]
65 | * [[template:Third Party Intelligence Page]]
66 | * [[template:Exploit Page]]
67 | * [[template:Implant Page]]
68 | * [[template:Malicious Group Page]]
69 | * [[template:Malicious Actor Page]]
70 |
--------------------------------------------------------------------------------
/DokuWiki/third-party-intelligence-page.doku:
--------------------------------------------------------------------------------
1 | ====== Metadata ======
2 | ^ File | example.file |
3 | ^ Date | 2012-11-20 |
4 | ^ Analyst | Lorem ipsum |
5 |
6 | ====== Data ======
7 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
8 |
9 | ====== Indicators ======
10 | * Lorem ipsum
11 | * Lorem ipsum
12 | **File:** FIXME Add files here with upload dialog.
13 |
--------------------------------------------------------------------------------
/MarkDown/exploit-page.md:
--------------------------------------------------------------------------------
1 | ## Timeline
2 | | Event | Date |
3 | | -------------------------- | -------- |
4 | | Exploit Identified | 19990101 |
5 | | Public Exploit Published | 19990101 |
6 | | Exploit Updated | 19990101 |
7 |
8 | ## Developer
9 | * Author: Lorem ipsum
10 | * Actor: [[Alpha]]
11 |
12 | ## Vulnerable Systesm
13 | | Vulnerability Data | Value |
14 | | ---------------------- | ----------- |
15 | | Vulnerable Application | Lorem ipsum |
16 | | Vulnerable Module | Lorem ipsum |
17 | | Vulnerable Versions | 1.0 |
18 | | Vulnerable Languages | Lorem ipsum |
19 | | Patch | N/A |
20 |
21 | ## Mitigation
22 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
23 |
24 | ## Files
25 | | Malicious File | Attachment |
26 | | -------------- | ----------------------------------- |
27 | | Delivery Code | FIXME Add files with upload dialog. |
28 | | Exploit Code | FIXME Add files with upload dialog. |
29 |
30 | ## References
31 | * ExploitDB-ID: 0
32 | * CVE: CVE-0000-0000
33 | * OSVDB-ID: 0
34 |
35 | #### Exploit Sources
36 | * http://www.example.com
37 | * http://www.example.com
38 |
39 | ## Notes
40 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
41 |
--------------------------------------------------------------------------------
/MarkDown/implant-page.md:
--------------------------------------------------------------------------------
1 | | Report Meta Data | Data |
2 | | ----------------- | ------------------------- |
3 | | Implant Report | Alpha Alpha: Example.file |
4 | | Reverse Engineer | Lorem ipsum |
5 | | Date | 19990101 |
6 | | Associated FO Set | Alpha Alpha |
7 |
8 | ## Summary of the Analysis:
9 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
10 |
11 | ## Identification
12 | | File Meta Data | Value |
13 | | ---------------- | ---------------------------------------- |
14 | | File Name | Example.file |
15 | | File Type | example |
16 | | File Size | 0 |
17 | | MD5 | d41d8cd98f00b204e9800998ecf8427e |
18 | | SHA | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
19 | | Ssdeep | 3:: |
20 |
21 | ###Current anti-virus detection capabilities:
22 | | Vendor | Signature |
23 | | -------- | --------- |
24 | | McAfee | none |
25 | | Symantec | none |
26 |
27 | ## Characteristics
28 |
29 | ### File Hooking
30 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
31 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
32 |
33 | ### Persistence Mechanisms
34 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
35 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
36 |
37 | ### Spreading Mechanisms
38 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
39 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
40 |
41 | ### Exfiltration Mechanisms
42 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
43 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
44 |
45 | ### Command and Control Mechanisms
46 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
47 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
48 |
49 | ## Dependencies
50 |
51 | ### Supported Operating Systems
52 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
53 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
54 |
55 | ### Required Files
56 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
57 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
58 |
59 | ### Second Stage Downloads
60 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
61 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
62 |
63 | ### Registry Keys
64 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
65 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
66 |
67 | ## Behavioral and code analysis findings
68 | _Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum._
69 |
70 | ## Supporting Figures
71 |
72 | ### Logs
73 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
74 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
75 |
76 | ### Interesting Strings
77 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
78 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
79 |
80 | ### Other Relevant Files or Data
81 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
82 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
83 |
84 | ## Incident Recommendations
85 |
86 | ### Identification
87 |
88 | #### Network Indicators
89 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
90 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
91 |
92 | #### File System Indicators
93 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
94 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
95 |
96 | #### Memory Indicators
97 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
98 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
99 |
100 | ### Mitigation
101 |
102 | #### Containment Steps
103 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
104 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
105 |
106 | #### Eradication Steps
107 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
108 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
109 |
--------------------------------------------------------------------------------
/MarkDown/intrusion-set-page.md:
--------------------------------------------------------------------------------
1 | # Summary
2 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
3 |
4 | # Compromise Vector & Persistence
5 |
6 | ## Compromise Vector
7 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
8 |
9 | ### Phishing/Spearfishing/Spam Email
10 |
11 | | Meta Data | Value |
12 | | --------- | ----- |
13 | | **From** | Lorem ipsum , Lorem ipsum , |
14 | | **To** | Lorem ipsum , Lorem ipsum , |
15 | | **CC** | Lorem ipsum , Lorem ipsum , |
16 | | **Date & Time** | 19990101 12:00:00 |
17 | | **Subject** | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. |
18 | | **Body** | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.|
19 | | **Attachments** | FIXME Add using files dialog ['Lorem ipsum', 'Lorem ipsum'], ['Lorem ipsum', 'Lorem ipsum'], |
20 | | **MIME** | FIXME Add using file dialog |
21 |
22 | ## Persistence
23 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
24 |
25 | # Detection
26 |
27 | ### SIEM Content
28 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
29 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
30 |
31 | ### IDS Content
32 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
33 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
34 |
35 | ### Firewall Content
36 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
37 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
38 |
39 | ### Open Tickets
40 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
41 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
42 |
43 | ## Compromised Resources
44 |
45 | ### Known Compromised Hosts
46 | | IP Address | Host Name | User Name | Title | Department | Notes |
47 | | ---------- | --------- | --------- | ----- | ---------- | ----- |
48 | | | | | | | |
49 |
50 | ### Known Compromised Accounts
51 | | Username | User | Notes |
52 | | -------- | ---- | ----- |
53 | | | | |
54 |
55 | ## Indicators
56 |
57 | ### IP Indicators
58 | | IP Address | Location | URL | Research | Notes |
59 | | -----------| -------- | --- | -------- | ----- |
60 | | | | | | |
61 |
62 | ### URL Indicators
63 | | URL | Associated IP Addresses | Location | Research | Notes |
64 | | --- | ----------------------- | -------- | -------- | ----- |
65 | | | | | | |
66 |
67 | ### Known Attacker Ports
68 | | Port | Type | Service | Notes |
69 | | ---- | ---- | ------- | ----- |
70 | | | | | |
71 |
72 | ### Bad SSL Certificate
73 | | Certificate Fields | Value |
74 | | ---------------------------------------- | ----- |
75 | | **Version** | |
76 | | **Serial Number** | |
77 | | **Algorithm ID** | |
78 | | **Issuer** | |
79 | | **Validity** | |
80 | | **Not Before** | |
81 | | **Not After** | |
82 | | **Subject** | |
83 | | **Subject Public Key Info** | |
84 | | **Public Key Algorithm** | |
85 | | **Subject Public Key** | |
86 | | **Issuer Unique Identifier (optional)** | |
87 | | **Subject Unique Identifier (optional)** | |
88 | | **Extensions (optional)** | |
89 | | **Certificate Signature Algorithm** | |
90 | | **Certificate Signature** | |
91 |
92 | ### Bad User Agent Strings
93 | | UserAgent String | Notes |
94 | | -----------------| ----- |
95 | | | |
96 |
97 | ### Known Malicious Files
98 | | Filename | Type | Size | MD5 | SSDeep | File | Report | Notes |
99 | | ---------| ---- | ---- | --- | ------ | ---- | ------ | ----- |
100 | | | | | | | | | |
101 |
102 | ## Notes
103 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
104 |
--------------------------------------------------------------------------------
/MarkDown/malicious-actor-page.md:
--------------------------------------------------------------------------------
1 | # Lorem ipsum
2 | | Characteristic | Value |
3 | | ------------------- | ----------- |
4 | | **Date Audited** | 19990101 |
5 | | **Name** | Lorem ipsum |
6 | | **DOB** | 19990101 |
7 | | **Age** | 00 |
8 | | **Country of Birth**| Lorem ipsum |
9 | | **Location** | Lorem ipsum |
10 |
11 | ## Names/Aliases
12 | * Lorem ipsum
13 | * Lorem ipsum
14 |
15 | ## Email Addresses
16 | * sample@example.com
17 | * sample@example.com
18 |
19 | ## Web & Social Media Presence
20 | | | Value | Date Checked |
21 | | -------------------------- | ---------------------- | ------------ |
22 | | **IM Names** | Lorem ipsum | 19990101 |
23 | | **Site/group Affiliation** | Lorem ipsum | 19990101 |
24 | | **URLs** | http://www.example.com | 19990101 |
25 | | **Domain Data** | http://www.example.com | 19990101 |
26 | | **Twitter** | http://www.example.com | 19990101 |
27 | | **Facebook** | http://www.example.com | 19990101 |
28 | | **LinkedIn** | http://www.example.com | 19990101 |
29 |
30 | ## Screen Shots
31 | FIXME Add relevent screenshots using file upload dialog
32 |
33 | ## Investigation History
34 | | Search Type | Search Term | Date Audited |
35 | | ------------- | ----------- | ------------ |
36 | | Google Search | Lorem ipsum | 19990101 |
37 | | Google Search | Lorem ipsum | 19990101 |
38 |
39 | ## Notes
40 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
--------------------------------------------------------------------------------
/MarkDown/malicious-group-page.md:
--------------------------------------------------------------------------------
1 | ## Group: Alpha
2 | | Summary | Web Presence | Group Type |
3 | | --------- | ------------ | ---------- |
4 | | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.| http://www.example.com, http://www.example.com, | Unknown |
5 |
6 | ## Membership
7 | * [[actor:actor:person alpha]]
8 | * [[actor:actor:person bravo]]
9 |
10 | ### Associated Groups
11 | * [[actor:actor:person alpha]]
12 | * [[actor:actor:person bravo]]
13 |
14 | ## Methodology & Tools
15 |
16 | ### Pre-Exploitation Attempt
17 |
18 | #### Methodology
19 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
20 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
21 |
22 | #### Tool Chain
23 | * Lorem ipsum
24 | * Lorem ipsum
25 |
26 | ### Exploitation Attempt
27 |
28 | #### Methodology
29 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
30 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
31 |
32 | #### Tool Chain
33 | * Lorem ipsum
34 | * Lorem ipsum
35 |
36 | ### Post Exploitation Attempt
37 |
38 | #### Methodology
39 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
40 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
41 |
42 | #### Tool Chain
43 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
44 | * Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
45 |
46 | ## Periods of Operations
47 | * 19990101 - 19990101
48 | * 19990101 - 19990101
49 |
--------------------------------------------------------------------------------
/MarkDown/start.md:
--------------------------------------------------------------------------------
1 | # Summary
2 | 
3 |
4 | FIXME at least remove the hotlink.
5 |
6 | ## Terms and Processes
7 | * [[Activity Classification]]
8 | * [[Wiki Conventions]]
9 |
10 | # News
11 | * [SANS ISC](https://isc.sans.edu)
12 | * [Team Cymru](http://www.team-cymru.org/News/)
13 |
14 | # Intrusion Campaigns
15 |
16 | ## Alpha Campaign
17 | * [[intrusionset:Alpha Alpha]] - **Date Identified:** -
18 | * [[intrusionset:Alpha Bravo]] - **Date Identified:** -
19 | **C2:** - **Exfil:** -
20 |
21 | ## Bravo Campaign
22 | * [[intrusionset:Bravo Alpha]] - **Date Identified:** -
23 | * [[intrusionset:Bravo Bravo]] - **Date Identified:** -
24 | **C2:** - **Exfil:** -
25 |
26 | [[intrusionset:Archived Intrusion Sets]]
27 |
28 | # Third Party Intelligence
29 | * [[thirdpartyintel:TPI-Alpha]] - **Date Received:** -
30 | * [[thirdpartyintel:TPI-Bravo]] - **Date Received:** -
31 | * [[thirdpartyintel:Archived Third Party Intelligence]]
32 |
33 | # Known Malicious Tools
34 |
35 | ## Exploits
36 | * [[malcode_exploits:Alpha.exploit]] - Exploitation tool Alpha.
37 | * [[malcode_exploits:Bravo.exploit]] - Exploitation tool Bravo.
38 |
39 | ## Implants
40 | * Alpha
41 | * AA: [[malcode_implants:Alpha.implant]]
42 | * Bravo
43 | * BA: [[malcode_implants:Bravo.implant]]
44 |
45 | ## Utilities
46 | * [[malcode_utilities:Alpha.util]] - Alpha.util summary.
47 | * [[malcode_utilities:Bravo.util]] - Bravo.util summary.
48 |
49 | # Known Threat Actors
50 |
51 | ## Known Threat Groups
52 | * [[actor:Group Alpha]] - Prefix: Alpha
53 | * [[actor:Group Bravo]] - Prefix: Bravo
54 |
55 | ## Known Threat Actors
56 | * [[actor:Person Alpha]] - Prefix: Alpha
57 | * [[actor:Person Bravo]] - Prefix: Alpha
58 |
59 | # Templates
60 | * [[template:Intrusion Set Page]]
61 | * [[template:Third Party Intelligence Page]]
62 | * [[template:Exploit Page]]
63 | * [[template:Implant Page]]
64 | * [[template:Malicious Group Page]]
65 | * [[template:Malicious Actor Page]]
66 |
--------------------------------------------------------------------------------
/MarkDown/third-party-intelligence-page.md:
--------------------------------------------------------------------------------
1 | # Metadata
2 | | File | Date | Analyst |
3 | |:------------- |:------------- |:------------- |
4 | | example.file | 2012-11-20 | Lorum ipsum |
5 |
6 | # Data
7 | Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
8 |
9 | # Indicators
10 | * Lorem ipsum
11 | * Lorem ipsum
12 |
13 | **File:** FIXME Add files here with upload dialog.
14 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## Threat Intelligence Templates
2 | This is a set of templates based on the templates created in [Sapho](https://github.com/sroberts/sapho) to help track and share cyber threat intelligence using open source collaboration software such as a wiki. These are intendend to track various events, actors, malicious code, and other elements common to sophisticated intrusions.
3 |
4 | ## License
5 | Lets say for now it's a BSD license, but that may change.
6 |
7 | ## Formats
8 | ###Supported Formast:
9 | - [DokuWiki](https://www.dokuwiki.org/dokuwiki)
10 | - [MarkDown](http://daringfireball.net/projects/markdown/)
11 |
12 | ### Planned:
13 | - [MediaWiki](http://www.mediawiki.org)
--------------------------------------------------------------------------------