diff --git a/bgpranking/config/modules/bambenekconsulting_Bamital.json b/bgpranking/config/modules/bambenekconsulting_Bamital.json index 326ba05..6b41665 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bamital.json +++ b/bgpranking/config/modules/bambenekconsulting_Bamital.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Bamital\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json b/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json index 119f3bc..e0c5b8f 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Bamital\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Banjori.json b/bgpranking/config/modules/bambenekconsulting_Banjori.json index bfc3878..bff735f 100644 --- a/bgpranking/config/modules/bambenekconsulting_Banjori.json +++ b/bgpranking/config/modules/bambenekconsulting_Banjori.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:banker=\"Banjori\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json b/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json index 6cba861..a356b60 100644 --- a/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:banker=\"Banjori\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json index bc05234..6a40185 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json +++ b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Bebloh\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json index c0003ed..4491ece 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Bebloh\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bedep.json b/bgpranking/config/modules/bambenekconsulting_Bedep.json index fa15e02..91f19ba 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bedep.json +++ b/bgpranking/config/modules/bambenekconsulting_Bedep.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:tool=\"Bedep\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json b/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json index 433e6a5..bba7876 100644 --- a/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:tool=\"Bedep\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Beebone.json b/bgpranking/config/modules/bambenekconsulting_Beebone.json index 1978329..0c343a8 100644 --- a/bgpranking/config/modules/bambenekconsulting_Beebone.json +++ b/bgpranking/config/modules/bambenekconsulting_Beebone.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Beebone\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json b/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json index 704541d..c1655aa 100644 --- a/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Beebone\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Chinad.json b/bgpranking/config/modules/bambenekconsulting_Chinad.json index 5c8e9ba..9c75b65 100644 --- a/bgpranking/config/modules/bambenekconsulting_Chinad.json +++ b/bgpranking/config/modules/bambenekconsulting_Chinad.json @@ -3,5 +3,8 @@ "name": "Chinad", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Chinad_NS.json b/bgpranking/config/modules/bambenekconsulting_Chinad_NS.json index aace75a..e85e259 100644 --- a/bgpranking/config/modules/bambenekconsulting_Chinad_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Chinad_NS.json @@ -3,5 +3,8 @@ "name": "Chinad_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Corebot.json b/bgpranking/config/modules/bambenekconsulting_Corebot.json index 0c7e5eb..252d4bb 100644 --- a/bgpranking/config/modules/bambenekconsulting_Corebot.json +++ b/bgpranking/config/modules/bambenekconsulting_Corebot.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Corebot\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json b/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json index 28bd998..c26f63b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json +++ b/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json @@ -5,14 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:ransomware=\"CryptoLocker by NTK Ransomware\"", - "misp-galaxy:ransomware=\"MSN CryptoLocker Ransomware\"", - "misp-galaxy:ransomware=\"CryptoLocker 5.1\"", - "misp-galaxy:ransomware=\"FakeCryptoLocker\"", - "misp-galaxy:ransomware=\"PClock3 Ransomware\"", - "misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\"", - "misp-galaxy:ransomware=\"CryptoLocker 1.0.0\"", - "misp-galaxy:ransomware=\"DynA-Crypt Ransomware\"", + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"CryptoLocker\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json b/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json index 893a089..6902b3e 100644 --- a/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"CryptoLocker\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dircrypt.json b/bgpranking/config/modules/bambenekconsulting_Dircrypt.json index d0660e7..d4027b2 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dircrypt.json +++ b/bgpranking/config/modules/bambenekconsulting_Dircrypt.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"DirCrypt\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json b/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json index eee8137..b4e9e75 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"DirCrypt\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dromedan.json b/bgpranking/config/modules/bambenekconsulting_Dromedan.json index 28a3fbf..8e0cd48 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dromedan.json +++ b/bgpranking/config/modules/bambenekconsulting_Dromedan.json @@ -3,5 +3,8 @@ "name": "Dromedan", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dromedan_NS.json b/bgpranking/config/modules/bambenekconsulting_Dromedan_NS.json index 4ca315a..be23aaa 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dromedan_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Dromedan_NS.json @@ -3,5 +3,8 @@ "name": "Dromedan_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dyre.json b/bgpranking/config/modules/bambenekconsulting_Dyre.json index 2fdbb85..c82fb2f 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dyre.json +++ b/bgpranking/config/modules/bambenekconsulting_Dyre.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Dyre\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json b/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json index d2d9599..803319b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Dyre\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Fobber.json b/bgpranking/config/modules/bambenekconsulting_Fobber.json index 62494d6..7063f1a 100644 --- a/bgpranking/config/modules/bambenekconsulting_Fobber.json +++ b/bgpranking/config/modules/bambenekconsulting_Fobber.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Fobber\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json b/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json index 91d8981..e8e2400 100644 --- a/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Fobber\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_G01.json b/bgpranking/config/modules/bambenekconsulting_G01.json index 5b83238..0690d5a 100644 --- a/bgpranking/config/modules/bambenekconsulting_G01.json +++ b/bgpranking/config/modules/bambenekconsulting_G01.json @@ -3,5 +3,8 @@ "name": "G01", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_G01_NS.json b/bgpranking/config/modules/bambenekconsulting_G01_NS.json index 205aa80..7421062 100644 --- a/bgpranking/config/modules/bambenekconsulting_G01_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_G01_NS.json @@ -3,5 +3,8 @@ "name": "G01_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Geodo.json b/bgpranking/config/modules/bambenekconsulting_Geodo.json index 7703551..3636ebb 100644 --- a/bgpranking/config/modules/bambenekconsulting_Geodo.json +++ b/bgpranking/config/modules/bambenekconsulting_Geodo.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:tool=\"Emotet\"", - "misp-galaxy:banker=\"Geodo\"" + "false-positive:risk=\"low\"", + "misp-galaxy:banker=\"Geodo\"", + "misp-galaxy:tool=\"Emotet\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json b/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json index cb97ef0..9b4684a 100644 --- a/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:tool=\"Emotet\"", - "misp-galaxy:banker=\"Geodo\"" + "false-positive:risk=\"low\"", + "misp-galaxy:banker=\"Geodo\"", + "misp-galaxy:tool=\"Emotet\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Gozi.json b/bgpranking/config/modules/bambenekconsulting_Gozi.json index 4aee4b9..0942a3a 100644 --- a/bgpranking/config/modules/bambenekconsulting_Gozi.json +++ b/bgpranking/config/modules/bambenekconsulting_Gozi.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Gozi\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json b/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json index 7344909..fd25f80 100644 --- a/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Gozi\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Hesperbot.json b/bgpranking/config/modules/bambenekconsulting_Hesperbot.json index 5ab0d70..9f5d590 100644 --- a/bgpranking/config/modules/bambenekconsulting_Hesperbot.json +++ b/bgpranking/config/modules/bambenekconsulting_Hesperbot.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:android=\"Hesperbot\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json b/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json index d7c884c..e59fb3e 100644 --- a/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:android=\"Hesperbot\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Kraken.json b/bgpranking/config/modules/bambenekconsulting_Kraken.json index 8232734..8c301a9 100644 --- a/bgpranking/config/modules/bambenekconsulting_Kraken.json +++ b/bgpranking/config/modules/bambenekconsulting_Kraken.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Kraken\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json b/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json index 3d773de..b26a3f6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Kraken\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Locky.json b/bgpranking/config/modules/bambenekconsulting_Locky.json index 95753b5..fa93769 100644 --- a/bgpranking/config/modules/bambenekconsulting_Locky.json +++ b/bgpranking/config/modules/bambenekconsulting_Locky.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"Locky\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Locky_NS.json b/bgpranking/config/modules/bambenekconsulting_Locky_NS.json index ff186f6..f8f842f 100644 --- a/bgpranking/config/modules/bambenekconsulting_Locky_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Locky_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"Locky\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Madmax.json b/bgpranking/config/modules/bambenekconsulting_Madmax.json index e732f04..ac977ba 100644 --- a/bgpranking/config/modules/bambenekconsulting_Madmax.json +++ b/bgpranking/config/modules/bambenekconsulting_Madmax.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Madmax\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json b/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json index 154f2c1..58271d7 100644 --- a/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Madmax\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Matsnu.json b/bgpranking/config/modules/bambenekconsulting_Matsnu.json index 6bb40e9..d833a19 100644 --- a/bgpranking/config/modules/bambenekconsulting_Matsnu.json +++ b/bgpranking/config/modules/bambenekconsulting_Matsnu.json @@ -3,5 +3,8 @@ "name": "Matsnu", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"high\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Matsnu_NS.json b/bgpranking/config/modules/bambenekconsulting_Matsnu_NS.json index 3a4cc3b..02aba10 100644 --- a/bgpranking/config/modules/bambenekconsulting_Matsnu_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Matsnu_NS.json @@ -3,5 +3,8 @@ "name": "Matsnu_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"high\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Mirai.json b/bgpranking/config/modules/bambenekconsulting_Mirai.json index 38b41c9..5f2fee5 100644 --- a/bgpranking/config/modules/bambenekconsulting_Mirai.json +++ b/bgpranking/config/modules/bambenekconsulting_Mirai.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:botnet=\"Mirai\"", - "misp-galaxy:tool=\"Mirai\"" + "false-positive:risk=\"low\"", + "misp-galaxy:tool=\"Mirai\"", + "misp-galaxy:botnet=\"Mirai\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json b/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json index 9412be3..e0f4325 100644 --- a/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:botnet=\"Mirai\"", - "misp-galaxy:tool=\"Mirai\"" + "false-positive:risk=\"low\"", + "misp-galaxy:tool=\"Mirai\"", + "misp-galaxy:botnet=\"Mirai\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Murofet.json b/bgpranking/config/modules/bambenekconsulting_Murofet.json index 580d4fc..bc7a083 100644 --- a/bgpranking/config/modules/bambenekconsulting_Murofet.json +++ b/bgpranking/config/modules/bambenekconsulting_Murofet.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Licat\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json b/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json index 4045100..33a62ee 100644 --- a/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Licat\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Necurs.json b/bgpranking/config/modules/bambenekconsulting_Necurs.json index f7adf01..ce1d184 100644 --- a/bgpranking/config/modules/bambenekconsulting_Necurs.json +++ b/bgpranking/config/modules/bambenekconsulting_Necurs.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:tool=\"Necurs\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json b/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json index 1586a3d..cd2b257 100644 --- a/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:tool=\"Necurs\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Nymaim.json b/bgpranking/config/modules/bambenekconsulting_Nymaim.json index 50a4623..455563b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Nymaim.json +++ b/bgpranking/config/modules/bambenekconsulting_Nymaim.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:tool=\"Nymaim\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json b/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json index 787d35b..4632a00 100644 --- a/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:tool=\"Nymaim\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_P2P_GOZ.json b/bgpranking/config/modules/bambenekconsulting_P2P_GOZ.json index d799832..57a89bc 100644 --- a/bgpranking/config/modules/bambenekconsulting_P2P_GOZ.json +++ b/bgpranking/config/modules/bambenekconsulting_P2P_GOZ.json @@ -3,5 +3,8 @@ "name": "P2P_GOZ", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_P2P_GOZ_NS.json b/bgpranking/config/modules/bambenekconsulting_P2P_GOZ_NS.json index f7979f9..dce6b34 100644 --- a/bgpranking/config/modules/bambenekconsulting_P2P_GOZ_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_P2P_GOZ_NS.json @@ -3,5 +3,8 @@ "name": "P2P_GOZ_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_PT_GOZ_New_GOZ_NS.json b/bgpranking/config/modules/bambenekconsulting_PT_GOZ_New_GOZ_NS.json index ed7d391..62dc7e5 100644 --- a/bgpranking/config/modules/bambenekconsulting_PT_GOZ_New_GOZ_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_PT_GOZ_New_GOZ_NS.json @@ -3,5 +3,8 @@ "name": "PT_GOZ_/_New_GOZ_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Padcrypt.json b/bgpranking/config/modules/bambenekconsulting_Padcrypt.json index abcf408..2ef7a4b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Padcrypt.json +++ b/bgpranking/config/modules/bambenekconsulting_Padcrypt.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"PadCrypt\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json b/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json index c5e7d35..25269d9 100644 --- a/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:ransomware=\"PadCrypt\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pandabanker.json b/bgpranking/config/modules/bambenekconsulting_Pandabanker.json index deb51ac..94805d1 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pandabanker.json +++ b/bgpranking/config/modules/bambenekconsulting_Pandabanker.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Panda Banker\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json b/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json index c76a430..aff7aef 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Panda Banker\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pizd.json b/bgpranking/config/modules/bambenekconsulting_Pizd.json index c2b5b42..797a6c6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pizd.json +++ b/bgpranking/config/modules/bambenekconsulting_Pizd.json @@ -3,5 +3,8 @@ "name": "Pizd", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"high\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pizd_NS.json b/bgpranking/config/modules/bambenekconsulting_Pizd_NS.json index ac2cc5b..1398d1d 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pizd_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Pizd_NS.json @@ -3,5 +3,8 @@ "name": "Pizd_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"high\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Proslikefan.json b/bgpranking/config/modules/bambenekconsulting_Proslikefan.json index 8219efa..6b82ada 100644 --- a/bgpranking/config/modules/bambenekconsulting_Proslikefan.json +++ b/bgpranking/config/modules/bambenekconsulting_Proslikefan.json @@ -3,5 +3,8 @@ "name": "Proslikefan", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Proslikefan_NS.json b/bgpranking/config/modules/bambenekconsulting_Proslikefan_NS.json index cbdfb81..f4c9e15 100644 --- a/bgpranking/config/modules/bambenekconsulting_Proslikefan_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Proslikefan_NS.json @@ -3,5 +3,8 @@ "name": "Proslikefan_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pushdo.json b/bgpranking/config/modules/bambenekconsulting_Pushdo.json index f112e7c..ac81f17 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pushdo.json +++ b/bgpranking/config/modules/bambenekconsulting_Pushdo.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Pushdo\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json b/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json index a32cd27..19b0e9b 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Pushdo\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pykspa.json b/bgpranking/config/modules/bambenekconsulting_Pykspa.json index 6542e85..82d11d5 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pykspa.json +++ b/bgpranking/config/modules/bambenekconsulting_Pykspa.json @@ -3,5 +3,8 @@ "name": "Pykspa", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"medium\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Pykspa_NS.json b/bgpranking/config/modules/bambenekconsulting_Pykspa_NS.json index 1ffdf23..20d0237 100644 --- a/bgpranking/config/modules/bambenekconsulting_Pykspa_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Pykspa_NS.json @@ -3,5 +3,8 @@ "name": "Pykspa_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"medium\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qadars.json b/bgpranking/config/modules/bambenekconsulting_Qadars.json index efbec39..56d2561 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qadars.json +++ b/bgpranking/config/modules/bambenekconsulting_Qadars.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Qadars\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json b/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json index a69672f..63f04b6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Qadars\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Qakbot.json b/bgpranking/config/modules/bambenekconsulting_Qakbot.json index a098cff..fe8819a 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qakbot.json +++ b/bgpranking/config/modules/bambenekconsulting_Qakbot.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:tool=\"Akbot\"", "misp-galaxy:banker=\"Qakbot\"" ] diff --git a/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json b/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json index edec4ca..bfdb65f 100644 --- a/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:tool=\"Akbot\"", "misp-galaxy:banker=\"Qakbot\"" ] diff --git a/bgpranking/config/modules/bambenekconsulting_Ramdo.json b/bgpranking/config/modules/bambenekconsulting_Ramdo.json index f08356b..0551818 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ramdo.json +++ b/bgpranking/config/modules/bambenekconsulting_Ramdo.json @@ -3,5 +3,8 @@ "name": "Ramdo", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ramdo_NS.json b/bgpranking/config/modules/bambenekconsulting_Ramdo_NS.json index a26c593..2773ae3 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ramdo_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Ramdo_NS.json @@ -3,5 +3,8 @@ "name": "Ramdo_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ramnit.json b/bgpranking/config/modules/bambenekconsulting_Ramnit.json index ebe001c..d65eed3 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ramnit.json +++ b/bgpranking/config/modules/bambenekconsulting_Ramnit.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Ramnit\"", "misp-galaxy:banker=\"Ramnit\"" ] diff --git a/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json b/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json index cf049d6..a453df4 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:botnet=\"Ramnit\"", "misp-galaxy:banker=\"Ramnit\"" ] diff --git a/bgpranking/config/modules/bambenekconsulting_Ranbyus.json b/bgpranking/config/modules/bambenekconsulting_Ranbyus.json index 3ecf1a1..c1304c2 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ranbyus.json +++ b/bgpranking/config/modules/bambenekconsulting_Ranbyus.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Ranbyus\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json b/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json index 29cf9e8..11ab814 100644 --- a/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Ranbyus\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Shifu.json b/bgpranking/config/modules/bambenekconsulting_Shifu.json index f90882c..ea98007 100644 --- a/bgpranking/config/modules/bambenekconsulting_Shifu.json +++ b/bgpranking/config/modules/bambenekconsulting_Shifu.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:tool=\"Shifu\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json b/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json index 03e68fb..e386e51 100644 --- a/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:tool=\"Shifu\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Simda.json b/bgpranking/config/modules/bambenekconsulting_Simda.json index b942b0c..6c769c1 100644 --- a/bgpranking/config/modules/bambenekconsulting_Simda.json +++ b/bgpranking/config/modules/bambenekconsulting_Simda.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:botnet=\"Simda\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Simda_NS.json b/bgpranking/config/modules/bambenekconsulting_Simda_NS.json index 4ef18b2..7b91513 100644 --- a/bgpranking/config/modules/bambenekconsulting_Simda_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Simda_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:botnet=\"Simda\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sisron.json b/bgpranking/config/modules/bambenekconsulting_Sisron.json index 2b7c476..8127d19 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sisron.json +++ b/bgpranking/config/modules/bambenekconsulting_Sisron.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Sisron\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json b/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json index 5d0f386..918abc0 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Sisron\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sphinx.json b/bgpranking/config/modules/bambenekconsulting_Sphinx.json index 16854ac..b9bb299 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sphinx.json +++ b/bgpranking/config/modules/bambenekconsulting_Sphinx.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Zeus Sphinx\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json b/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json index c051aa0..39fd7b3 100644 --- a/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"Zeus Sphinx\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Suppobox.json b/bgpranking/config/modules/bambenekconsulting_Suppobox.json index b52cc0a..7454889 100644 --- a/bgpranking/config/modules/bambenekconsulting_Suppobox.json +++ b/bgpranking/config/modules/bambenekconsulting_Suppobox.json @@ -3,5 +3,8 @@ "name": "Suppobox", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"high\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Suppobox_NS.json b/bgpranking/config/modules/bambenekconsulting_Suppobox_NS.json index 3500582..daab3a2 100644 --- a/bgpranking/config/modules/bambenekconsulting_Suppobox_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Suppobox_NS.json @@ -3,5 +3,8 @@ "name": "Suppobox_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"high\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Symmi.json b/bgpranking/config/modules/bambenekconsulting_Symmi.json index 7cea3d8..39248c4 100644 --- a/bgpranking/config/modules/bambenekconsulting_Symmi.json +++ b/bgpranking/config/modules/bambenekconsulting_Symmi.json @@ -3,5 +3,8 @@ "name": "Symmi", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tempedreve.json b/bgpranking/config/modules/bambenekconsulting_Tempedreve.json index a46159f..2386392 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tempedreve.json +++ b/bgpranking/config/modules/bambenekconsulting_Tempedreve.json @@ -3,5 +3,8 @@ "name": "Tempedreve", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tempedreve_NS.json b/bgpranking/config/modules/bambenekconsulting_Tempedreve_NS.json index a1f9825..feec328 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tempedreve_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tempedreve_NS.json @@ -3,5 +3,8 @@ "name": "Tempedreve_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json index bde9a61..be4db61 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:banker=\"Tinba\"", - "misp-galaxy:tool=\"Tinba\"" + "false-positive:risk=\"low\"", + "misp-galaxy:tool=\"Tinba\"", + "misp-galaxy:banker=\"Tinba\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json index 6d19469..e2a4fe0 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:banker=\"Tinba\"", - "misp-galaxy:tool=\"Tinba\"" + "false-positive:risk=\"low\"", + "misp-galaxy:tool=\"Tinba\"", + "misp-galaxy:banker=\"Tinba\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinynuke.json b/bgpranking/config/modules/bambenekconsulting_Tinynuke.json index f2e0776..0a0aff7 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinynuke.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinynuke.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"TinyNuke\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json b/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json index fd093cf..11b99e8 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"low\"", "misp-galaxy:banker=\"TinyNuke\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tofsee.json b/bgpranking/config/modules/bambenekconsulting_Tofsee.json index 19deff6..c2957f6 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tofsee.json +++ b/bgpranking/config/modules/bambenekconsulting_Tofsee.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:botnet=\"Gheg\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json b/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json index 48ad3fa..285c657 100644 --- a/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:botnet=\"Gheg\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Unknowndropper.json b/bgpranking/config/modules/bambenekconsulting_Unknowndropper.json index 1029792..995be09 100644 --- a/bgpranking/config/modules/bambenekconsulting_Unknowndropper.json +++ b/bgpranking/config/modules/bambenekconsulting_Unknowndropper.json @@ -3,5 +3,8 @@ "name": "Unknowndropper", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Unknowndropper_NS.json b/bgpranking/config/modules/bambenekconsulting_Unknowndropper_NS.json index 5563b25..bc1a2c8 100644 --- a/bgpranking/config/modules/bambenekconsulting_Unknowndropper_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Unknowndropper_NS.json @@ -3,5 +3,8 @@ "name": "Unknowndropper_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Unknownjs.json b/bgpranking/config/modules/bambenekconsulting_Unknownjs.json index 9536139..45d53ea 100644 --- a/bgpranking/config/modules/bambenekconsulting_Unknownjs.json +++ b/bgpranking/config/modules/bambenekconsulting_Unknownjs.json @@ -3,5 +3,8 @@ "name": "Unknownjs", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Unknownjs_NS.json b/bgpranking/config/modules/bambenekconsulting_Unknownjs_NS.json index 8c8d153..f90b4cf 100644 --- a/bgpranking/config/modules/bambenekconsulting_Unknownjs_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Unknownjs_NS.json @@ -3,5 +3,8 @@ "name": "Unknownjs_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Vawtrak.json b/bgpranking/config/modules/bambenekconsulting_Vawtrak.json index c5a73c5..0ddcc02 100644 --- a/bgpranking/config/modules/bambenekconsulting_Vawtrak.json +++ b/bgpranking/config/modules/bambenekconsulting_Vawtrak.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:tool=\"Vawtrak\"", - "misp-galaxy:banker=\"Vawtrak\"" + "false-positive:risk=\"low\"", + "misp-galaxy:banker=\"Vawtrak\"", + "misp-galaxy:tool=\"Vawtrak\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json b/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json index e4116a5..0ab6a54 100644 --- a/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:tool=\"Vawtrak\"", - "misp-galaxy:banker=\"Vawtrak\"" + "false-positive:risk=\"low\"", + "misp-galaxy:banker=\"Vawtrak\"", + "misp-galaxy:tool=\"Vawtrak\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Vidro.json b/bgpranking/config/modules/bambenekconsulting_Vidro.json index b128e5a..7161e92 100644 --- a/bgpranking/config/modules/bambenekconsulting_Vidro.json +++ b/bgpranking/config/modules/bambenekconsulting_Vidro.json @@ -3,5 +3,8 @@ "name": "Vidro", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Vidro_NS.json b/bgpranking/config/modules/bambenekconsulting_Vidro_NS.json index 4a88d5e..ddd2949 100644 --- a/bgpranking/config/modules/bambenekconsulting_Vidro_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Vidro_NS.json @@ -3,5 +3,8 @@ "name": "Vidro_NS", "vendor": "bambenekconsulting", "impact": 3, - "parser": ".parsers.bambenekconsulting" + "parser": ".parsers.bambenekconsulting", + "tags": [ + "false-positive:risk=\"low\"" + ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Virut.json b/bgpranking/config/modules/bambenekconsulting_Virut.json index 8688f9b..815b765 100644 --- a/bgpranking/config/modules/bambenekconsulting_Virut.json +++ b/bgpranking/config/modules/bambenekconsulting_Virut.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:botnet=\"Virut\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Virut_NS.json b/bgpranking/config/modules/bambenekconsulting_Virut_NS.json index 03bd88d..9634d79 100644 --- a/bgpranking/config/modules/bambenekconsulting_Virut_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Virut_NS.json @@ -5,6 +5,7 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ + "false-positive:risk=\"medium\"", "misp-galaxy:botnet=\"Virut\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json index a35c549..af8b9be 100644 --- a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json +++ b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:threat-actor=\"Volatile Cedar\"", - "misp-galaxy:tool=\"Explosive\"" + "false-positive:risk=\"low\"", + "misp-galaxy:tool=\"Explosive\"", + "misp-galaxy:threat-actor=\"Volatile Cedar\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json index 86a7cb9..41c52fc 100644 --- a/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json +++ b/bgpranking/config/modules/bambenekconsulting_Volatile_Cedar_Explosive_NS.json @@ -5,7 +5,8 @@ "impact": 3, "parser": ".parsers.bambenekconsulting", "tags": [ - "misp-galaxy:threat-actor=\"Volatile Cedar\"", - "misp-galaxy:tool=\"Explosive\"" + "false-positive:risk=\"low\"", + "misp-galaxy:tool=\"Explosive\"", + "misp-galaxy:threat-actor=\"Volatile Cedar\"" ] } diff --git a/bgpranking/config/modules/bambenekconsulting_feeds.py b/bgpranking/config/modules/bambenekconsulting_feeds.py index 6aab0e2..4c8e1de 100644 --- a/bgpranking/config/modules/bambenekconsulting_feeds.py +++ b/bgpranking/config/modules/bambenekconsulting_feeds.py @@ -19,6 +19,8 @@ def find_tags(name): responses = c.search(name.strip(), return_tags=True) for _, t in responses: tags += t + if not tags: + print('No tags for', name) return list(set(tags)) @@ -28,8 +30,14 @@ def get_paths(): soup = BeautifulSoup(r.text, 'html.parser') to_return = [] for entry in soup.find_all('p'): + if 'FP Risk: Low' in str(entry): + tags = ['false-positive:risk="low"'] + if 'FP Risk: Medium' in str(entry): + tags = ['false-positive:risk="medium"'] + if 'FP Risk: High' in str(entry): + tags = ['false-positive:risk="high"'] name = entry.b.string - tags = find_tags(name) + tags += find_tags(name) if name: for link in entry.find_all('a'): if link.get('href').endswith('iplist.txt'): @@ -44,10 +52,7 @@ def make_config(entry): name = entry[0].replace(' ', '_') config = {'url': entry[1], 'name': name, 'vendor': 'bambenekconsulting', 'impact': 3, 'parser': '.parsers.bambenekconsulting'} - if len(entry) >= 3 and entry[2]: - config['tags'] = entry[2] - else: - print('No tags:', name) + config['tags'] = entry[2] filename = re.sub('[^0-9a-zA-Z]+', '_', name) with open(f'bambenekconsulting_{filename}.json', 'w') as f: json.dump(config, f, indent=2)