From 17819e3d15e62a9de40e700fb63b06c5f71040ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 6 Jul 2018 15:42:29 +0200 Subject: [PATCH] new: Tag sources --- .../modules/bambenekconsulting_Bamital.json | 5 +++- .../bambenekconsulting_Bamital_NS.json | 5 +++- .../modules/bambenekconsulting_Banjori.json | 5 +++- .../bambenekconsulting_Banjori_NS.json | 5 +++- .../bambenekconsulting_Bebloh_URLZone.json | 5 +++- .../bambenekconsulting_Bebloh_URLZone_NS.json | 5 +++- .../modules/bambenekconsulting_Bedep.json | 5 +++- .../modules/bambenekconsulting_Bedep_NS.json | 5 +++- .../modules/bambenekconsulting_Beebone.json | 5 +++- .../bambenekconsulting_Beebone_NS.json | 5 +++- .../modules/bambenekconsulting_Corebot.json | 5 +++- .../bambenekconsulting_Cryptolocker.json | 13 ++++++++- .../bambenekconsulting_Cryptolocker_NS.json | 5 +++- .../modules/bambenekconsulting_Dircrypt.json | 5 +++- .../bambenekconsulting_Dircrypt_NS.json | 5 +++- .../modules/bambenekconsulting_Dyre.json | 5 +++- .../modules/bambenekconsulting_Dyre_NS.json | 5 +++- .../modules/bambenekconsulting_Fobber.json | 5 +++- .../modules/bambenekconsulting_Fobber_NS.json | 5 +++- .../modules/bambenekconsulting_Geodo.json | 6 +++- .../modules/bambenekconsulting_Geodo_NS.json | 6 +++- .../modules/bambenekconsulting_Gozi.json | 5 +++- .../modules/bambenekconsulting_Gozi_NS.json | 5 +++- .../modules/bambenekconsulting_Hesperbot.json | 5 +++- .../bambenekconsulting_Hesperbot_NS.json | 5 +++- .../modules/bambenekconsulting_Kraken.json | 5 +++- .../modules/bambenekconsulting_Kraken_NS.json | 5 +++- .../modules/bambenekconsulting_Locky.json | 5 +++- .../modules/bambenekconsulting_Locky_NS.json | 5 +++- .../modules/bambenekconsulting_Madmax.json | 5 +++- .../modules/bambenekconsulting_Madmax_NS.json | 5 +++- .../modules/bambenekconsulting_Mirai.json | 6 +++- .../modules/bambenekconsulting_Mirai_NS.json | 6 +++- .../modules/bambenekconsulting_Murofet.json | 5 +++- .../bambenekconsulting_Murofet_NS.json | 5 +++- .../modules/bambenekconsulting_Necurs.json | 5 +++- .../modules/bambenekconsulting_Necurs_NS.json | 5 +++- .../modules/bambenekconsulting_Nymaim.json | 5 +++- .../modules/bambenekconsulting_Nymaim_NS.json | 5 +++- .../modules/bambenekconsulting_Padcrypt.json | 5 +++- .../bambenekconsulting_Padcrypt_NS.json | 5 +++- .../bambenekconsulting_Pandabanker.json | 5 +++- .../bambenekconsulting_Pandabanker_NS.json | 5 +++- .../modules/bambenekconsulting_Pushdo.json | 5 +++- .../modules/bambenekconsulting_Pushdo_NS.json | 5 +++- .../modules/bambenekconsulting_Qadars.json | 5 +++- .../modules/bambenekconsulting_Qadars_NS.json | 5 +++- .../modules/bambenekconsulting_Qakbot.json | 6 +++- .../modules/bambenekconsulting_Qakbot_NS.json | 6 +++- .../modules/bambenekconsulting_Ramnit.json | 6 +++- .../modules/bambenekconsulting_Ramnit_NS.json | 6 +++- .../modules/bambenekconsulting_Ranbyus.json | 5 +++- .../bambenekconsulting_Ranbyus_NS.json | 5 +++- .../modules/bambenekconsulting_Shifu.json | 5 +++- .../modules/bambenekconsulting_Shifu_NS.json | 5 +++- .../modules/bambenekconsulting_Simda.json | 5 +++- .../modules/bambenekconsulting_Simda_NS.json | 5 +++- .../modules/bambenekconsulting_Sisron.json | 5 +++- .../modules/bambenekconsulting_Sisron_NS.json | 5 +++- .../modules/bambenekconsulting_Sphinx.json | 5 +++- .../modules/bambenekconsulting_Sphinx_NS.json | 5 +++- .../bambenekconsulting_Tinba_TinyBanker.json | 6 +++- ...ambenekconsulting_Tinba_TinyBanker_NS.json | 6 +++- .../modules/bambenekconsulting_Tinynuke.json | 5 +++- .../bambenekconsulting_Tinynuke_NS.json | 5 +++- .../modules/bambenekconsulting_Tofsee.json | 5 +++- .../modules/bambenekconsulting_Tofsee_NS.json | 5 +++- .../modules/bambenekconsulting_Vawtrak.json | 6 +++- .../bambenekconsulting_Vawtrak_NS.json | 6 +++- .../modules/bambenekconsulting_Virut.json | 5 +++- .../modules/bambenekconsulting_Virut_NS.json | 5 +++- ...ekconsulting_Volatile_Cedar_Explosive.json | 6 +++- ...onsulting_Volatile_Cedar_Explosive_NS.json | 6 +++- .../modules/bambenekconsulting_feeds.py | 29 ++++++++++++++++--- bgpranking/config/modules/module.schema | 7 +++++ requirements.txt | 3 ++ 76 files changed, 349 insertions(+), 77 deletions(-) diff --git a/bgpranking/config/modules/bambenekconsulting_Bamital.json b/bgpranking/config/modules/bambenekconsulting_Bamital.json index 7de025c..326ba05 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bamital.json +++ b/bgpranking/config/modules/bambenekconsulting_Bamital.json @@ -3,5 +3,8 @@ "name": "Bamital", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Bamital\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json b/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json index 3d99115..119f3bc 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json @@ -3,5 +3,8 @@ "name": "Bamital_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Bamital\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Banjori.json b/bgpranking/config/modules/bambenekconsulting_Banjori.json index cce62cb..bfc3878 100644 --- a/bgpranking/config/modules/bambenekconsulting_Banjori.json +++ b/bgpranking/config/modules/bambenekconsulting_Banjori.json @@ -3,5 +3,8 @@ "name": "Banjori", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Banjori\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json b/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json index 011e276..6cba861 100644 --- a/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json @@ -3,5 +3,8 @@ "name": "Banjori_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Banjori\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json index e7e93a5..bc05234 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json +++ b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json @@ -3,5 +3,8 @@ "name": "Bebloh/URLZone", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Bebloh\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json index 568957d..c0003ed 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json @@ -3,5 +3,8 @@ "name": "Bebloh/URLZone_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Bebloh\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bedep.json b/bgpranking/config/modules/bambenekconsulting_Bedep.json index ed41be7..fa15e02 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bedep.json +++ b/bgpranking/config/modules/bambenekconsulting_Bedep.json @@ -3,5 +3,8 @@ "name": "Bedep", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Bedep\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json b/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json index 0e09c10..433e6a5 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json @@ -3,5 +3,8 @@ "name": "Bedep_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Bedep\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Beebone.json b/bgpranking/config/modules/bambenekconsulting_Beebone.json index e647101..1978329 100644 --- a/bgpranking/config/modules/bambenekconsulting_Beebone.json +++ b/bgpranking/config/modules/bambenekconsulting_Beebone.json @@ -3,5 +3,8 @@ "name": "Beebone", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Beebone\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json b/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json index 904453e..704541d 100644 --- a/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json @@ -3,5 +3,8 @@ "name": "Beebone_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Beebone\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Corebot.json b/bgpranking/config/modules/bambenekconsulting_Corebot.json index b1a2dba..0c7e5eb 100644 --- a/bgpranking/config/modules/bambenekconsulting_Corebot.json +++ b/bgpranking/config/modules/bambenekconsulting_Corebot.json @@ -3,5 +3,8 @@ "name": "Corebot", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Corebot\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json b/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json index f718751..28bd998 100644 --- a/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json +++ b/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json @@ -3,5 +3,16 @@ "name": "Cryptolocker", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"CryptoLocker by NTK Ransomware\"", + "misp-galaxy:ransomware=\"MSN CryptoLocker Ransomware\"", + "misp-galaxy:ransomware=\"CryptoLocker 5.1\"", + "misp-galaxy:ransomware=\"FakeCryptoLocker\"", + "misp-galaxy:ransomware=\"PClock3 Ransomware\"", + "misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\"", + "misp-galaxy:ransomware=\"CryptoLocker 1.0.0\"", + "misp-galaxy:ransomware=\"DynA-Crypt Ransomware\"", + "misp-galaxy:ransomware=\"CryptoLocker\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json b/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json index bc6c9dc..893a089 100644 --- a/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json @@ -3,5 +3,8 @@ "name": "Cryptolocker_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"CryptoLocker\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dircrypt.json b/bgpranking/config/modules/bambenekconsulting_Dircrypt.json index 029e269..d0660e7 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dircrypt.json +++ b/bgpranking/config/modules/bambenekconsulting_Dircrypt.json @@ -3,5 +3,8 @@ "name": "Dircrypt", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"DirCrypt\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json b/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json index f1ca4e5..eee8137 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json @@ -3,5 +3,8 @@ "name": "Dircrypt_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"DirCrypt\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dyre.json b/bgpranking/config/modules/bambenekconsulting_Dyre.json index aba06f3..2fdbb85 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dyre.json +++ b/bgpranking/config/modules/bambenekconsulting_Dyre.json @@ -3,5 +3,8 @@ "name": "Dyre", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Dyre\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json b/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json index 1f834ae..d2d9599 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json @@ -3,5 +3,8 @@ "name": "Dyre_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Dyre\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Fobber.json b/bgpranking/config/modules/bambenekconsulting_Fobber.json index c660e15..62494d6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Fobber.json +++ b/bgpranking/config/modules/bambenekconsulting_Fobber.json @@ -3,5 +3,8 @@ "name": "Fobber", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Fobber\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json b/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json index 53393e4..91d8981 100644 --- a/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json @@ -3,5 +3,8 @@ "name": "Fobber_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Fobber\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Geodo.json b/bgpranking/config/modules/bambenekconsulting_Geodo.json index 0b7a107..7703551 100644 --- a/bgpranking/config/modules/bambenekconsulting_Geodo.json +++ b/bgpranking/config/modules/bambenekconsulting_Geodo.json @@ -3,5 +3,9 @@ "name": "Geodo", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Emotet\"", + "misp-galaxy:banker=\"Geodo\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json b/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json index 7a731e4..cb97ef0 100644 --- a/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json @@ -3,5 +3,9 @@ "name": "Geodo_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Emotet\"", + "misp-galaxy:banker=\"Geodo\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Gozi.json b/bgpranking/config/modules/bambenekconsulting_Gozi.json index 5c76d2d..4aee4b9 100644 --- a/bgpranking/config/modules/bambenekconsulting_Gozi.json +++ b/bgpranking/config/modules/bambenekconsulting_Gozi.json @@ -3,5 +3,8 @@ "name": "Gozi", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Gozi\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json b/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json index d1b8e33..7344909 100644 --- a/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json @@ -3,5 +3,8 @@ "name": "Gozi_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Gozi\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Hesperbot.json b/bgpranking/config/modules/bambenekconsulting_Hesperbot.json index 4ae0a5d..5ab0d70 100644 --- a/bgpranking/config/modules/bambenekconsulting_Hesperbot.json +++ b/bgpranking/config/modules/bambenekconsulting_Hesperbot.json @@ -3,5 +3,8 @@ "name": "Hesperbot", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:android=\"Hesperbot\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json b/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json index da3b2dc..d7c884c 100644 --- a/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json @@ -3,5 +3,8 @@ "name": "Hesperbot_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:android=\"Hesperbot\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Kraken.json b/bgpranking/config/modules/bambenekconsulting_Kraken.json index c746a94..8232734 100644 --- a/bgpranking/config/modules/bambenekconsulting_Kraken.json +++ b/bgpranking/config/modules/bambenekconsulting_Kraken.json @@ -3,5 +3,8 @@ "name": "Kraken", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Kraken\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json b/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json index 827fd75..3d773de 100644 --- a/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json @@ -3,5 +3,8 @@ "name": "Kraken_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Kraken\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Locky.json b/bgpranking/config/modules/bambenekconsulting_Locky.json index 18f3c0d..95753b5 100644 --- a/bgpranking/config/modules/bambenekconsulting_Locky.json +++ b/bgpranking/config/modules/bambenekconsulting_Locky.json @@ -3,5 +3,8 @@ "name": "Locky", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"Locky\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Locky_NS.json b/bgpranking/config/modules/bambenekconsulting_Locky_NS.json index 8375964..ff186f6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Locky_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Locky_NS.json @@ -3,5 +3,8 @@ "name": "Locky_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"Locky\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Madmax.json b/bgpranking/config/modules/bambenekconsulting_Madmax.json index 1cf531b..e732f04 100644 --- a/bgpranking/config/modules/bambenekconsulting_Madmax.json +++ b/bgpranking/config/modules/bambenekconsulting_Madmax.json @@ -3,5 +3,8 @@ "name": "Madmax", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Madmax\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json b/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json index 615f184..154f2c1 100644 --- a/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json @@ -3,5 +3,8 @@ "name": "Madmax_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Madmax\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Mirai.json b/bgpranking/config/modules/bambenekconsulting_Mirai.json index e0ec046..38b41c9 100644 --- a/bgpranking/config/modules/bambenekconsulting_Mirai.json +++ b/bgpranking/config/modules/bambenekconsulting_Mirai.json @@ -3,5 +3,9 @@ "name": "Mirai", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Mirai\"", + "misp-galaxy:tool=\"Mirai\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json b/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json index 6f15444..9412be3 100644 --- a/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json @@ -3,5 +3,9 @@ "name": "Mirai_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Mirai\"", + "misp-galaxy:tool=\"Mirai\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Murofet.json b/bgpranking/config/modules/bambenekconsulting_Murofet.json index 67177a1..580d4fc 100644 --- a/bgpranking/config/modules/bambenekconsulting_Murofet.json +++ b/bgpranking/config/modules/bambenekconsulting_Murofet.json @@ -3,5 +3,8 @@ "name": "Murofet", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Licat\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json b/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json index 5622208..4045100 100644 --- a/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json @@ -3,5 +3,8 @@ "name": "Murofet_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Licat\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Necurs.json b/bgpranking/config/modules/bambenekconsulting_Necurs.json index 42b4d72..f7adf01 100644 --- a/bgpranking/config/modules/bambenekconsulting_Necurs.json +++ b/bgpranking/config/modules/bambenekconsulting_Necurs.json @@ -3,5 +3,8 @@ "name": "Necurs", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Necurs\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json b/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json index b5817ad..1586a3d 100644 --- a/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json @@ -3,5 +3,8 @@ "name": "Necurs_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Necurs\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Nymaim.json b/bgpranking/config/modules/bambenekconsulting_Nymaim.json index b047330..50a4623 100644 --- a/bgpranking/config/modules/bambenekconsulting_Nymaim.json +++ b/bgpranking/config/modules/bambenekconsulting_Nymaim.json @@ -3,5 +3,8 @@ "name": "Nymaim", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Nymaim\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json b/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json index c6a1ba3..787d35b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json @@ -3,5 +3,8 @@ "name": "Nymaim_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Nymaim\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Padcrypt.json b/bgpranking/config/modules/bambenekconsulting_Padcrypt.json index f91d182..abcf408 100644 --- a/bgpranking/config/modules/bambenekconsulting_Padcrypt.json +++ b/bgpranking/config/modules/bambenekconsulting_Padcrypt.json @@ -3,5 +3,8 @@ "name": "Padcrypt", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"PadCrypt\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json b/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json index 36a7ce8..c5e7d35 100644 --- a/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json @@ -3,5 +3,8 @@ "name": "Padcrypt_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:ransomware=\"PadCrypt\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pandabanker.json b/bgpranking/config/modules/bambenekconsulting_Pandabanker.json index 6882803..deb51ac 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pandabanker.json +++ b/bgpranking/config/modules/bambenekconsulting_Pandabanker.json @@ -3,5 +3,8 @@ "name": "Pandabanker", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Panda Banker\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json b/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json index a2aee91..c76a430 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json @@ -3,5 +3,8 @@ "name": "Pandabanker_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Panda Banker\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pushdo.json b/bgpranking/config/modules/bambenekconsulting_Pushdo.json index 24a6e7f..f112e7c 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pushdo.json +++ b/bgpranking/config/modules/bambenekconsulting_Pushdo.json @@ -3,5 +3,8 @@ "name": "Pushdo", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Pushdo\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json b/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json index 1642150..a32cd27 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json @@ -3,5 +3,8 @@ "name": "Pushdo_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Pushdo\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qadars.json b/bgpranking/config/modules/bambenekconsulting_Qadars.json index befa921..efbec39 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qadars.json +++ b/bgpranking/config/modules/bambenekconsulting_Qadars.json @@ -3,5 +3,8 @@ "name": "Qadars", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Qadars\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json b/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json index 5b60eee..a69672f 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json @@ -3,5 +3,8 @@ "name": "Qadars_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Qadars\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qakbot.json b/bgpranking/config/modules/bambenekconsulting_Qakbot.json index dc46f0f..a098cff 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qakbot.json +++ b/bgpranking/config/modules/bambenekconsulting_Qakbot.json @@ -3,5 +3,9 @@ "name": "Qakbot", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Akbot\"", + "misp-galaxy:banker=\"Qakbot\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json b/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json index cfbad1c..edec4ca 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json @@ -3,5 +3,9 @@ "name": "Qakbot_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Akbot\"", + "misp-galaxy:banker=\"Qakbot\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ramnit.json b/bgpranking/config/modules/bambenekconsulting_Ramnit.json index 61b9ed5..ebe001c 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ramnit.json +++ b/bgpranking/config/modules/bambenekconsulting_Ramnit.json @@ -3,5 +3,9 @@ "name": "Ramnit", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Ramnit\"", + "misp-galaxy:banker=\"Ramnit\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json b/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json index 202a955..cf049d6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json @@ -3,5 +3,9 @@ "name": "Ramnit_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Ramnit\"", + "misp-galaxy:banker=\"Ramnit\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ranbyus.json b/bgpranking/config/modules/bambenekconsulting_Ranbyus.json index 6392cbd..3ecf1a1 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ranbyus.json +++ b/bgpranking/config/modules/bambenekconsulting_Ranbyus.json @@ -3,5 +3,8 @@ "name": "Ranbyus", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Ranbyus\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json b/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json index e0f6559..29cf9e8 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json @@ -3,5 +3,8 @@ "name": "Ranbyus_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Ranbyus\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Shifu.json b/bgpranking/config/modules/bambenekconsulting_Shifu.json index 61847aa..f90882c 100644 --- a/bgpranking/config/modules/bambenekconsulting_Shifu.json +++ b/bgpranking/config/modules/bambenekconsulting_Shifu.json @@ -3,5 +3,8 @@ "name": "Shifu", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Shifu\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json b/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json index 570065c..03e68fb 100644 --- a/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json @@ -3,5 +3,8 @@ "name": "Shifu_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Shifu\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Simda.json b/bgpranking/config/modules/bambenekconsulting_Simda.json index 4b94656..b942b0c 100644 --- a/bgpranking/config/modules/bambenekconsulting_Simda.json +++ b/bgpranking/config/modules/bambenekconsulting_Simda.json @@ -3,5 +3,8 @@ "name": "Simda", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Simda\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Simda_NS.json b/bgpranking/config/modules/bambenekconsulting_Simda_NS.json index 8f31c1d..4ef18b2 100644 --- a/bgpranking/config/modules/bambenekconsulting_Simda_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Simda_NS.json @@ -3,5 +3,8 @@ "name": "Simda_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Simda\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sisron.json b/bgpranking/config/modules/bambenekconsulting_Sisron.json index 7eb925c..2b7c476 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sisron.json +++ b/bgpranking/config/modules/bambenekconsulting_Sisron.json @@ -3,5 +3,8 @@ "name": "Sisron", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Sisron\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json b/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json index 4f3b05b..5d0f386 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json @@ -3,5 +3,8 @@ "name": "Sisron_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Sisron\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sphinx.json b/bgpranking/config/modules/bambenekconsulting_Sphinx.json index 9a2678e..16854ac 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sphinx.json +++ b/bgpranking/config/modules/bambenekconsulting_Sphinx.json @@ -3,5 +3,8 @@ "name": "Sphinx", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Zeus Sphinx\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json b/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json index 2f9bba8..c051aa0 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json @@ -3,5 +3,8 @@ "name": "Sphinx_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Zeus Sphinx\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json index ae2edb0..bde9a61 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json @@ -3,5 +3,9 @@ "name": "Tinba_/_TinyBanker", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Tinba\"", + "misp-galaxy:tool=\"Tinba\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json index 884f811..6d19469 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json @@ -3,5 +3,9 @@ "name": "Tinba_/_TinyBanker_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"Tinba\"", + "misp-galaxy:tool=\"Tinba\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinynuke.json b/bgpranking/config/modules/bambenekconsulting_Tinynuke.json index 78e51cc..f2e0776 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinynuke.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinynuke.json @@ -3,5 +3,8 @@ "name": "Tinynuke", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"TinyNuke\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json b/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json index a8982dd..fd093cf 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json @@ -3,5 +3,8 @@ "name": "Tinynuke_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:banker=\"TinyNuke\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tofsee.json b/bgpranking/config/modules/bambenekconsulting_Tofsee.json index d192b1e..19deff6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tofsee.json +++ b/bgpranking/config/modules/bambenekconsulting_Tofsee.json @@ -3,5 +3,8 @@ "name": "Tofsee", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Gheg\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json b/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json index 60a6a8a..48ad3fa 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json @@ -3,5 +3,8 @@ "name": "Tofsee_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Gheg\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Vawtrak.json b/bgpranking/config/modules/bambenekconsulting_Vawtrak.json index cbab10b..c5a73c5 100644 --- a/bgpranking/config/modules/bambenekconsulting_Vawtrak.json +++ b/bgpranking/config/modules/bambenekconsulting_Vawtrak.json @@ -3,5 +3,9 @@ "name": "Vawtrak", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Vawtrak\"", + "misp-galaxy:banker=\"Vawtrak\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json b/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json index b7cc2ad..e4116a5 100644 --- a/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json @@ -3,5 +3,9 @@ "name": "Vawtrak_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:tool=\"Vawtrak\"", + "misp-galaxy:banker=\"Vawtrak\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Virut.json b/bgpranking/config/modules/bambenekconsulting_Virut.json index 9558bb5..8688f9b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Virut.json +++ b/bgpranking/config/modules/bambenekconsulting_Virut.json @@ -3,5 +3,8 @@ "name": "Virut", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Virut\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Virut_NS.json b/bgpranking/config/modules/bambenekconsulting_Virut_NS.json index d8cc57e..03bd88d 100644 --- a/bgpranking/config/modules/bambenekconsulting_Virut_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Virut_NS.json @@ -3,5 +3,8 @@ "name": "Virut_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:botnet=\"Virut\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json index 9fc25cc..a35c549 100644 --- a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json +++ b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json @@ -3,5 +3,9 @@ "name": "Volatile_Cedar_/_Explosive", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:threat-actor=\"Volatile Cedar\"", + "misp-galaxy:tool=\"Explosive\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json index 4cab6bb..86a7cb9 100644 --- a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json @@ -3,5 +3,9 @@ "name": "Volatile_Cedar_/_Explosive_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "misp-galaxy:threat-actor=\"Volatile Cedar\"", + "misp-galaxy:tool=\"Explosive\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_feeds.py b/bgpranking/config/modules/bambenekconsulting_feeds.py index b29fb1a..6aab0e2 100644 --- a/bgpranking/config/modules/bambenekconsulting_feeds.py +++ b/bgpranking/config/modules/bambenekconsulting_feeds.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # -*- coding: utf-8 -*- import json @@ -6,34 +6,55 @@ import re import requests from bs4 import BeautifulSoup +from pymispgalaxies import Clusters + + +def find_tags(name): + if '/' in name: + to_search = name.split('/') + else: + to_search = [name] + tags = [] + for name in to_search: + responses = c.search(name.strip(), return_tags=True) + for _, t in responses: + tags += t + return list(set(tags)) + def get_paths(): root = 'http://osint.bambenekconsulting.com' r = requests.get(f'{root}/feeds/') soup = BeautifulSoup(r.text, 'html.parser') - to_return = [] for entry in soup.find_all('p'): name = entry.b.string + tags = find_tags(name) if name: for link in entry.find_all('a'): if link.get('href').endswith('iplist.txt'): path = link.get('href') if link.get('href').endswith('nsiplist.txt'): name = f'{name}_NS' - to_return.append((name, f'{root}{path}')) + to_return.append((name, f'{root}{path}', tags)) return to_return def make_config(entry): name = entry[0].replace(' ', '_') - config = {'url': entry[1], 'name': name, 'vendor': 'bambenekconsulting', 'impact': 3, 'parser': '.parsers.bambenekconsulting'} + config = {'url': entry[1], 'name': name, 'vendor': 'bambenekconsulting', + 'impact': 3, 'parser': '.parsers.bambenekconsulting'} + if len(entry) >= 3 and entry[2]: + config['tags'] = entry[2] + else: + print('No tags:', name) filename = re.sub('[^0-9a-zA-Z]+', '_', name) with open(f'bambenekconsulting_{filename}.json', 'w') as f: json.dump(config, f, indent=2) if __name__ == '__main__': + c = Clusters() for entry in get_paths(): make_config(entry) diff --git a/bgpranking/config/modules/module.schema b/bgpranking/config/modules/module.schema index 6f190ba..cb4e213 100644 --- a/bgpranking/config/modules/module.schema +++ b/bgpranking/config/modules/module.schema @@ -19,6 +19,13 @@ }, "parser": { "type": "string" + }, + "tags": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } } }, "required": [ diff --git a/requirements.txt b/requirements.txt index 37a6c0d..4cf2840 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,3 +5,6 @@ git+https://github.com/jsommers/pytricia.git git+https://github.com/trbs/pid.git aiohttp requests + +git+https://github.com/MISP/PyTaxonomies +git+https://github.com/MISP/PyMISPGalaxies.git