FireMISP - FireEye Alert json files to MISP Malware information sharing plattform (Alpha)

  •        47

And edit the config.cfg according to your needs.

https://github.com/deralexxx/FireMISP

Tags
Implementation
License
Platform

   




Related Projects

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

TheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  •    Javascript

TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.

flare-floss - FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware

  •    Python

Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources used to configure domains, files, and other artifacts of an infection. These key features will not show up as plaintext in output of the strings.exe utility that we commonly use during basic static analysis. The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries.

iocs - FireEye Publicly Shared Indicators of Compromise (IOCs)

  •    

Readme for IOCs to accompany FireEye blog and other public posts. IOCs in this repository are provided under the Apache 2.0 license.

Apache Spot - A Community Approach to Fighting Cyber Threats

  •    Java

Apache Spot is a community-driven cybersecurity project, built from the ground up, to bring advanced analytics to all IT Telemetry data on an open, scalable platform. pot expedites threat detection, investigation, and remediation via machine learning and consolidates all enterprise security data into a comprehensive IT telemetry hub based on open data models.


flare-ida - IDA Pro utilities from FLARE team

  •    Python

This repository contains a collection of IDA Pro scripts and plugins used by the FireEye Labs Advanced Reverse Engineering (FLARE) team. To install, copy the contents of the plugins directory in this repository to your %PROGRAMFILES%\IDA\plugins folder.

awesome-ml-for-cybersecurity - :octocat: Machine Learning for Cyber Security

  •    

A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security. Please read CONTRIBUTING if you wish to add tools or resources.

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

  •    Javascript

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.

malsub - A Python RESTful API framework for online malware analysis and threat intelligence services

  •    Python

malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces (APIs). It supports submitting files or URLs for analysis, retrieving reports by hash values, domains, IPv4 addresses or URLs, downloading samples and other files, making generic searches and getting API quota values. The framework is designed in a modular way so that new services can be added with ease by following the provided template module and functions to make HTTP GET and POST requests and to pretty print results. This approach avoids having to write individual and specialized wrappers for each and every API by leveraging what they have in common in their calls and responses. The framework is also multi-threaded and dispatches service API functions across a thread pool for each input argument, meaning that it spawns a pool of threads per each file provided for submission or per each hash value provided for report retrieval, for example. Most of these services require API keys that are generated after registering an account in their respective websites, which need to be specified in the apikey.yaml file according to the given structure. Note that some of the already bundled services are limited in supported operations due to the fact that they were developed with free API keys. API keys associated with paid subscriptions are allowed to make additional calls not open to the public and may not be restricted by a given quota. Yet, malsub can process multiple input arguments and pause between requests as a workaround for cooldown periods.

FIR - Fast Incident Response

  •    Python

FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents. FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.

chronograf - Open source monitoring and visualization UI for the TICK stack

  •    TypeScript

Chronograf is an open-source web application written in Go and React.js that provides the tools to visualize your monitoring data and easily create alerting and automation rules. Note: If a telegraf instance isn't running the system and cpu plugins the canned dashboards from that instance won't be generated.

fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality

  •    Python

This module provides a Python wrapper for interacting with AFL (American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/). It supports starting an AFL instance, adding slave workers, injecting and retrieving testcases, and checking various performance metrics. Shellphish used it in Mechanical Phish (our CRS for the Cyber Grand Challenge) to interact with AFL. /!\ We recommend installing our Python packages in a Python virtual environment. That is how we do it, and you'll likely run into problems if you do it otherwise.

yeti - Your Everyday Threat Intelligence

  •    Python

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it. Yeti was born out of frustration of having to answer the question "where have I seen this artifact before?" or Googling shady domains to tie them to a malware family.

SCLAlertView - Beautiful animated Alert View. Written in Objective-C

  •    Objective-C

Animated Alert View written in Swift but ported to Objective-C, which can be used as a UIAlertView or UIAlertController replacement. I tried to build an easy to use API, while beeing flexible enough for multiple variations, but I'm sure there are ways of improving and adding more features, so feel free to collaborate with ideas, issues and/or pull requests.

Machine-Learning-for-Cyber-Security - Curated list of tools and resources related to the use of machine learning for cyber security

  •    

A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.

cyber-dojo - NOTE: cyber-dojo development has moved to...

  •    

NOTE: cyber-dojo development has moved to...

browser - The browser extension vault (Chrome, Firefox, Opera, Edge, Safari, & more).

  •    Javascript

The Bitwarden browser extension is written using the Chrome Web Extension API and AngularJS. By default the extension is targeting the production API. If you are running the Core API locally, you'll need to switch the extension to target your local instance. Open src/services/api.service.ts and set this.baseUrl and this.identityBaseUrl to your local API instance (ex. http://localhost:5000).

SCLAlertView-Swift - Beautiful animated Alert View. Written in Swift

  •    Swift

Animated Alert View written in Swift, which can be used as a UIAlertView or UIAlertController replacement. Since UIAlertView is deprecated and UIAlertController only works on iOS 8.x or above, if you have a Swift project where you want to support iOS 7.x too, SCLAlertView is an ideal substitution. I tried to build an easy to use API, while beeing flexible enough for multiple variations, but I'm sure there are ways of improving and adding more features, so feel free to collaborate with ideas, issues and/or pull requests.

The Cyber Hordes

  •    Java

The Cyber Hordes is a single or multi-player RTS game where each player builds robots and gives them various components (weapons etc..) and then general orders (e.g. Attack), which the AI of the robot will attempt to complete on its own.