Categories: Kali Linux

Mimir : Smart OSINT Collection Of Common IOC Types

Mimir is a smart OSINT collection of common IOC types. This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.

The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added “wisdom” by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.

Base Collection

For network based IOCs, Mimir gathers basic information including:

  • Whois
  • ASN
  • Geolocation
  • Reverse DNS
  • Passive DNS

Also Read – Check-LocalAdminHash : PowerShell Tool To Authenticate Multiple Hosts Over WMI Or SMB

Collection Sources

Some of these sources will require an API key, and occassionally only by getting a paid account. I’ve tried to limit reliance on paid services as much as possible.

  • PassiveTotal
  • VirusTotal
  • DomainTools
  • OPSWAT
  • Google SafeBrowsing
  • Shodan
  • PulseDive
  • CSIRTG
  • URLscan
  • HpHosts
  • Blacklist checks
  • Spam blacklist checks

Risk Scoring

The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.

Machine Learning Predictions

The machine learning prediction results come from the CSIRT Gadgets projects csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.

Output

Mimir offers results output in various options including local file reports or exporting the results to an external service.

  • stdout (console output)
    • normalizes result data, printed with headers and subheaders per module
  • JSON file
    • beautified output to local file
  • Excel
    • uses multiple sheets per IOC type
  • MISP
    • commit new indicators
  • ThreatConnect
    • commit new indicators with confidence and threat ratings (optionally assign tags, a description, and a TLP setting)
Download
R K

Share
Published by
R K
6 years ago

Recent Posts

Install Gitea Ubuntu: Complete Setup Guide for Developers

Managing source code efficiently is essential for modern software development, and Install Gitea Ubuntu is…

20 hours ago

Install Ruby Ubuntu – 3 Easy Ways to Set Up Ruby on Ubuntu 20.04

Ruby remains one of the most popular programming languages for web development, automation, and software…

21 hours ago

Plex Media Server Setup: Install and Configure on Ubuntu 20.04

A Plex Media Server Setup on Ubuntu 20.04 is one of the easiest ways to…

22 hours ago

Why Deploying AI Is Just the Beginning: The Case for Ongoing AI Operations Monitoring

Most enterprise AI programs treat deployment as the destination. The business case is built around…

2 days ago

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

7 days ago

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

7 days ago