search

MISP / misp-playbooks

MISP Playbooks
https://misp.github.io/misp-playbooks/
BSD 2-Clause "Simplified" License
174 stars 17 forks source link

Create a MISP event on a malware incident – without sample #4

Closed cudeso closed 2 days ago

cudeso commented 1 year ago

The title of the playbook

Create a MISP event on a malware incident – without sample

Purpose of the playbook

This playbook is similar to the paybook on a malware incident with a sample, except that in this case the analyst has to provide the sample details manually instead of uploading the sample. Similar as https://github.com/MISP/misp-playbooks/issues/2 but with a sample. The attributes are then combined into one or more file objects and attached to a MISP event.

External resources used by this playbook

MWDBcore, VirusTotal, OTX, Hashlookup, Mattermost (or Slack), TheHive (optional), DFIR-IRIS (optional)

Target audience

SOC, CSIRT

Breefly list the execution steps or workflow

No response

cudeso commented 2 days ago

This playbook would be the same as #15