D4
/
BGP-Ranking
mirror of https://github.com/D4-project/BGP-Ranking
2
0
Fork 0
Code Issues Releases Wiki Activity

new: Tag sources

pull/12/head
Raphaël Vinot 2018-07-06 15:42:29 +02:00
parent eba9a4b692
commit 17819e3d15
76 changed files with 349 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bgpranking/config/modules/bambenekconsulting_Bamital.json
View File

@ -3,5 +3,8 @@
"name": "Bamital", "name": "Bamital",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Bamital\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Bamital_NS.json
View File

@ -3,5 +3,8 @@
"name": "Bamital_NS", "name": "Bamital_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Bamital\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Banjori.json
View File

@ -3,5 +3,8 @@
"name": "Banjori", "name": "Banjori",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Banjori\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Banjori_NS.json
View File

@ -3,5 +3,8 @@
"name": "Banjori_NS", "name": "Banjori_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Banjori\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json
View File

@ -3,5 +3,8 @@
"name": "Bebloh/URLZone", "name": "Bebloh/URLZone",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Bebloh\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json
View File

@ -3,5 +3,8 @@
"name": "Bebloh/URLZone_NS", "name": "Bebloh/URLZone_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Bebloh\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Bedep.json
View File

@ -3,5 +3,8 @@
"name": "Bedep", "name": "Bedep",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Bedep\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Bedep_NS.json
View File

@ -3,5 +3,8 @@
"name": "Bedep_NS", "name": "Bedep_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Bedep\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Beebone.json
View File

@ -3,5 +3,8 @@
"name": "Beebone", "name": "Beebone",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Beebone\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Beebone_NS.json
View File

@ -3,5 +3,8 @@
"name": "Beebone_NS", "name": "Beebone_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Beebone\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Corebot.json
View File

@ -3,5 +3,8 @@
"name": "Corebot", "name": "Corebot",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Corebot\""
]
} }

13
bgpranking/config/modules/bambenekconsulting_Cryptolocker.json
View File

@ -3,5 +3,16 @@
"name": "Cryptolocker", "name": "Cryptolocker",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"CryptoLocker by NTK Ransomware\"",
"misp-galaxy:ransomware=\"MSN CryptoLocker Ransomware\"",
"misp-galaxy:ransomware=\"CryptoLocker 5.1\"",
"misp-galaxy:ransomware=\"FakeCryptoLocker\"",
"misp-galaxy:ransomware=\"PClock3 Ransomware\"",
"misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\"",
"misp-galaxy:ransomware=\"CryptoLocker 1.0.0\"",
"misp-galaxy:ransomware=\"DynA-Crypt Ransomware\"",
"misp-galaxy:ransomware=\"CryptoLocker\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json
View File

@ -3,5 +3,8 @@
"name": "Cryptolocker_NS", "name": "Cryptolocker_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"CryptoLocker\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Dircrypt.json
View File

@ -3,5 +3,8 @@
"name": "Dircrypt", "name": "Dircrypt",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"DirCrypt\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json
View File

@ -3,5 +3,8 @@
"name": "Dircrypt_NS", "name": "Dircrypt_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"DirCrypt\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Dyre.json
View File

@ -3,5 +3,8 @@
"name": "Dyre", "name": "Dyre",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Dyre\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Dyre_NS.json
View File

@ -3,5 +3,8 @@
"name": "Dyre_NS", "name": "Dyre_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Dyre\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Fobber.json
View File

@ -3,5 +3,8 @@
"name": "Fobber", "name": "Fobber",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Fobber\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Fobber_NS.json
View File

@ -3,5 +3,8 @@
"name": "Fobber_NS", "name": "Fobber_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Fobber\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Geodo.json
View File

@ -3,5 +3,9 @@
"name": "Geodo", "name": "Geodo",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Emotet\"",
"misp-galaxy:banker=\"Geodo\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Geodo_NS.json
View File

@ -3,5 +3,9 @@
"name": "Geodo_NS", "name": "Geodo_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Emotet\"",
"misp-galaxy:banker=\"Geodo\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Gozi.json
View File

@ -3,5 +3,8 @@
"name": "Gozi", "name": "Gozi",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Gozi\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Gozi_NS.json
View File

@ -3,5 +3,8 @@
"name": "Gozi_NS", "name": "Gozi_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Gozi\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Hesperbot.json
View File

@ -3,5 +3,8 @@
"name": "Hesperbot", "name": "Hesperbot",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:android=\"Hesperbot\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json
View File

@ -3,5 +3,8 @@
"name": "Hesperbot_NS", "name": "Hesperbot_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:android=\"Hesperbot\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Kraken.json
View File

@ -3,5 +3,8 @@
"name": "Kraken", "name": "Kraken",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Kraken\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Kraken_NS.json
View File

@ -3,5 +3,8 @@
"name": "Kraken_NS", "name": "Kraken_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Kraken\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Locky.json
View File

@ -3,5 +3,8 @@
"name": "Locky", "name": "Locky",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"Locky\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Locky_NS.json
View File

@ -3,5 +3,8 @@
"name": "Locky_NS", "name": "Locky_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"Locky\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Madmax.json
View File

@ -3,5 +3,8 @@
"name": "Madmax", "name": "Madmax",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Madmax\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Madmax_NS.json
View File

@ -3,5 +3,8 @@
"name": "Madmax_NS", "name": "Madmax_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Madmax\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Mirai.json
View File

@ -3,5 +3,9 @@
"name": "Mirai", "name": "Mirai",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Mirai\"",
"misp-galaxy:tool=\"Mirai\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Mirai_NS.json
View File

@ -3,5 +3,9 @@
"name": "Mirai_NS", "name": "Mirai_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Mirai\"",
"misp-galaxy:tool=\"Mirai\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Murofet.json
View File

@ -3,5 +3,8 @@
"name": "Murofet", "name": "Murofet",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Licat\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Murofet_NS.json
View File

@ -3,5 +3,8 @@
"name": "Murofet_NS", "name": "Murofet_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Licat\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Necurs.json
View File

@ -3,5 +3,8 @@
"name": "Necurs", "name": "Necurs",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Necurs\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Necurs_NS.json
View File

@ -3,5 +3,8 @@
"name": "Necurs_NS", "name": "Necurs_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Necurs\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Nymaim.json
View File

@ -3,5 +3,8 @@
"name": "Nymaim", "name": "Nymaim",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Nymaim\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json
View File

@ -3,5 +3,8 @@
"name": "Nymaim_NS", "name": "Nymaim_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Nymaim\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Padcrypt.json
View File

@ -3,5 +3,8 @@
"name": "Padcrypt", "name": "Padcrypt",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"PadCrypt\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json
View File

@ -3,5 +3,8 @@
"name": "Padcrypt_NS", "name": "Padcrypt_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:ransomware=\"PadCrypt\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Pandabanker.json
View File

@ -3,5 +3,8 @@
"name": "Pandabanker", "name": "Pandabanker",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Panda Banker\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json
View File

@ -3,5 +3,8 @@
"name": "Pandabanker_NS", "name": "Pandabanker_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Panda Banker\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Pushdo.json
View File

@ -3,5 +3,8 @@
"name": "Pushdo", "name": "Pushdo",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Pushdo\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json
View File

@ -3,5 +3,8 @@
"name": "Pushdo_NS", "name": "Pushdo_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Pushdo\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Qadars.json
View File

@ -3,5 +3,8 @@
"name": "Qadars", "name": "Qadars",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Qadars\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Qadars_NS.json
View File

@ -3,5 +3,8 @@
"name": "Qadars_NS", "name": "Qadars_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Qadars\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Qakbot.json
View File

@ -3,5 +3,9 @@
"name": "Qakbot", "name": "Qakbot",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Akbot\"",
"misp-galaxy:banker=\"Qakbot\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json
View File

@ -3,5 +3,9 @@
"name": "Qakbot_NS", "name": "Qakbot_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Akbot\"",
"misp-galaxy:banker=\"Qakbot\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Ramnit.json
View File

@ -3,5 +3,9 @@
"name": "Ramnit", "name": "Ramnit",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Ramnit\"",
"misp-galaxy:banker=\"Ramnit\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json
View File

@ -3,5 +3,9 @@
"name": "Ramnit_NS", "name": "Ramnit_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Ramnit\"",
"misp-galaxy:banker=\"Ramnit\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Ranbyus.json
View File

@ -3,5 +3,8 @@
"name": "Ranbyus", "name": "Ranbyus",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Ranbyus\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json
View File

@ -3,5 +3,8 @@
"name": "Ranbyus_NS", "name": "Ranbyus_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Ranbyus\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Shifu.json
View File

@ -3,5 +3,8 @@
"name": "Shifu", "name": "Shifu",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Shifu\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Shifu_NS.json
View File

@ -3,5 +3,8 @@
"name": "Shifu_NS", "name": "Shifu_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Shifu\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Simda.json
View File

@ -3,5 +3,8 @@
"name": "Simda", "name": "Simda",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Simda\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Simda_NS.json
View File

@ -3,5 +3,8 @@
"name": "Simda_NS", "name": "Simda_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Simda\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Sisron.json
View File

@ -3,5 +3,8 @@
"name": "Sisron", "name": "Sisron",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Sisron\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Sisron_NS.json
View File

@ -3,5 +3,8 @@
"name": "Sisron_NS", "name": "Sisron_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Sisron\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Sphinx.json
View File

@ -3,5 +3,8 @@
"name": "Sphinx", "name": "Sphinx",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Zeus Sphinx\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json
View File

@ -3,5 +3,8 @@
"name": "Sphinx_NS", "name": "Sphinx_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Zeus Sphinx\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json
View File

@ -3,5 +3,9 @@
"name": "Tinba_/_TinyBanker", "name": "Tinba_/_TinyBanker",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Tinba\"",
"misp-galaxy:tool=\"Tinba\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json
View File

@ -3,5 +3,9 @@
"name": "Tinba_/_TinyBanker_NS", "name": "Tinba_/_TinyBanker_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"Tinba\"",
"misp-galaxy:tool=\"Tinba\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Tinynuke.json
View File

@ -3,5 +3,8 @@
"name": "Tinynuke", "name": "Tinynuke",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"TinyNuke\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json
View File

@ -3,5 +3,8 @@
"name": "Tinynuke_NS", "name": "Tinynuke_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:banker=\"TinyNuke\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Tofsee.json
View File

@ -3,5 +3,8 @@
"name": "Tofsee", "name": "Tofsee",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Gheg\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json
View File

@ -3,5 +3,8 @@
"name": "Tofsee_NS", "name": "Tofsee_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Gheg\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Vawtrak.json
View File

@ -3,5 +3,9 @@
"name": "Vawtrak", "name": "Vawtrak",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Vawtrak\"",
"misp-galaxy:banker=\"Vawtrak\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json
View File

@ -3,5 +3,9 @@
"name": "Vawtrak_NS", "name": "Vawtrak_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:tool=\"Vawtrak\"",
"misp-galaxy:banker=\"Vawtrak\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Virut.json
View File

@ -3,5 +3,8 @@
"name": "Virut", "name": "Virut",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Virut\""
]
} }

5
bgpranking/config/modules/bambenekconsulting_Virut_NS.json
View File

@ -3,5 +3,8 @@
"name": "Virut_NS", "name": "Virut_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:botnet=\"Virut\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json
View File

@ -3,5 +3,9 @@
"name": "Volatile_Cedar_/_Explosive", "name": "Volatile_Cedar_/_Explosive",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:threat-actor=\"Volatile Cedar\"",
"misp-galaxy:tool=\"Explosive\""
]
} }

6
bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json
View File

@ -3,5 +3,9 @@
"name": "Volatile_Cedar_/_Explosive_NS", "name": "Volatile_Cedar_/_Explosive_NS",
"vendor": "bambenekconsulting", "vendor": "bambenekconsulting",
"impact": 3, "impact": 3,
"parser": ".parsers.bambenekconsulting" "parser": ".parsers.bambenekconsulting",
"tags": [
"misp-galaxy:threat-actor=\"Volatile Cedar\"",
"misp-galaxy:tool=\"Explosive\""
]
} }

29
bgpranking/config/modules/bambenekconsulting_feeds.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/env python #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import json import json
@ -6,34 +6,55 @@ import re
import requests import requests
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
from pymispgalaxies import Clusters
def find_tags(name):
if '/' in name:
to_search = name.split('/')
else:
to_search = [name]
tags = []
for name in to_search:
responses = c.search(name.strip(), return_tags=True)
for _, t in responses:
tags += t
return list(set(tags))
def get_paths(): def get_paths():
root = 'http://osint.bambenekconsulting.com' root = 'http://osint.bambenekconsulting.com'
r = requests.get(f'{root}/feeds/') r = requests.get(f'{root}/feeds/')
soup = BeautifulSoup(r.text, 'html.parser') soup = BeautifulSoup(r.text, 'html.parser')
to_return = [] to_return = []
for entry in soup.find_all('p'): for entry in soup.find_all('p'):
name = entry.b.string name = entry.b.string
tags = find_tags(name)
if name: if name:
for link in entry.find_all('a'): for link in entry.find_all('a'):
if link.get('href').endswith('iplist.txt'): if link.get('href').endswith('iplist.txt'):
path = link.get('href') path = link.get('href')
if link.get('href').endswith('nsiplist.txt'): if link.get('href').endswith('nsiplist.txt'):
name = f'{name}_NS' name = f'{name}_NS'
to_return.append((name, f'{root}{path}')) to_return.append((name, f'{root}{path}', tags))
return to_return return to_return
def make_config(entry): def make_config(entry):
name = entry[0].replace(' ', '_') name = entry[0].replace(' ', '_')
config = {'url': entry[1], 'name': name, 'vendor': 'bambenekconsulting', 'impact': 3, 'parser': '.parsers.bambenekconsulting'} config = {'url': entry[1], 'name': name, 'vendor': 'bambenekconsulting',
'impact': 3, 'parser': '.parsers.bambenekconsulting'}
if len(entry) >= 3 and entry[2]:
config['tags'] = entry[2]
else:
print('No tags:', name)
filename = re.sub('[^0-9a-zA-Z]+', '_', name) filename = re.sub('[^0-9a-zA-Z]+', '_', name)
with open(f'bambenekconsulting_{filename}.json', 'w') as f: with open(f'bambenekconsulting_{filename}.json', 'w') as f:
json.dump(config, f, indent=2) json.dump(config, f, indent=2)
if __name__ == '__main__': if __name__ == '__main__':
c = Clusters()
for entry in get_paths(): for entry in get_paths():
make_config(entry) make_config(entry)

7
bgpranking/config/modules/module.schema
View File

@ -19,6 +19,13 @@
}, },
"parser": { "parser": {
"type": "string" "type": "string"
},
"tags": {
"type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
} }
}, },
"required": [ "required": [

3
requirements.txt
View File

@ -5,3 +5,6 @@ git+https://github.com/jsommers/pytricia.git
git+https://github.com/trbs/pid.git git+https://github.com/trbs/pid.git
aiohttp aiohttp
requests requests
git+https://github.com/MISP/PyTaxonomies
git+https://github.com/MISP/PyMISPGalaxies.git