chg: Add FP risk tags to bambenekconsulting feeds

2018-07-10 13:27:31 +02:00 · 2018-07-10 13:27:31 +02:00 · 77c62cd937
parent 17819e3d15
commit 77c62cd937
104 changed files with 223 additions and 63 deletions
--- a/bgpranking/config/modules/bambenekconsulting_Bamital.json
+++ b/bgpranking/config/modules/bambenekconsulting_Bamital.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Bamital\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Bamital_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Bamital\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Banjori.json
+++ b/bgpranking/config/modules/bambenekconsulting_Banjori.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:banker=\"Banjori\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Banjori_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:banker=\"Banjori\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json
+++ b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Bebloh\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Bebloh_URLZone_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Bebloh\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Bedep.json
+++ b/bgpranking/config/modules/bambenekconsulting_Bedep.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:tool=\"Bedep\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Bedep_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:tool=\"Bedep\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Beebone.json
+++ b/bgpranking/config/modules/bambenekconsulting_Beebone.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Beebone\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Beebone_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Beebone\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Chinad.json
+++ b/bgpranking/config/modules/bambenekconsulting_Chinad.json
@ -3,5 +3,8 @@
  "name": "Chinad",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Chinad_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Chinad_NS.json
@ -3,5 +3,8 @@
  "name": "Chinad_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Corebot.json
+++ b/bgpranking/config/modules/bambenekconsulting_Corebot.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Corebot\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json
+++ b/bgpranking/config/modules/bambenekconsulting_Cryptolocker.json
@ -5,14 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:ransomware=\"CryptoLocker by NTK Ransomware\"",
-    "misp-galaxy:ransomware=\"MSN CryptoLocker Ransomware\"",
-    "misp-galaxy:ransomware=\"CryptoLocker 5.1\"",
-    "misp-galaxy:ransomware=\"FakeCryptoLocker\"",
-    "misp-galaxy:ransomware=\"PClock3 Ransomware\"",
-    "misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\"",
-    "misp-galaxy:ransomware=\"CryptoLocker 1.0.0\"",
-    "misp-galaxy:ransomware=\"DynA-Crypt Ransomware\"",
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"CryptoLocker\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Cryptolocker_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"CryptoLocker\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Dircrypt.json
+++ b/bgpranking/config/modules/bambenekconsulting_Dircrypt.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"DirCrypt\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Dircrypt_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"DirCrypt\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Dromedan.json
+++ b/bgpranking/config/modules/bambenekconsulting_Dromedan.json
@ -3,5 +3,8 @@
  "name": "Dromedan",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Dromedan_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Dromedan_NS.json
@ -3,5 +3,8 @@
  "name": "Dromedan_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Dyre.json
+++ b/bgpranking/config/modules/bambenekconsulting_Dyre.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Dyre\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Dyre_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Dyre\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Fobber.json
+++ b/bgpranking/config/modules/bambenekconsulting_Fobber.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Fobber\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Fobber_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Fobber\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_G01.json
+++ b/bgpranking/config/modules/bambenekconsulting_G01.json
@ -3,5 +3,8 @@
  "name": "G01",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_G01_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_G01_NS.json
@ -3,5 +3,8 @@
  "name": "G01_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Geodo.json
+++ b/bgpranking/config/modules/bambenekconsulting_Geodo.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:tool=\"Emotet\"",
-    "misp-galaxy:banker=\"Geodo\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:banker=\"Geodo\"",
+    "misp-galaxy:tool=\"Emotet\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Geodo_NS.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:tool=\"Emotet\"",
-    "misp-galaxy:banker=\"Geodo\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:banker=\"Geodo\"",
+    "misp-galaxy:tool=\"Emotet\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Gozi.json
+++ b/bgpranking/config/modules/bambenekconsulting_Gozi.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Gozi\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Gozi_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Gozi\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Hesperbot.json
+++ b/bgpranking/config/modules/bambenekconsulting_Hesperbot.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:android=\"Hesperbot\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Hesperbot_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:android=\"Hesperbot\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Kraken.json
+++ b/bgpranking/config/modules/bambenekconsulting_Kraken.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Kraken\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Kraken_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Kraken\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Locky.json
+++ b/bgpranking/config/modules/bambenekconsulting_Locky.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"Locky\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Locky_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Locky_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"Locky\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Madmax.json
+++ b/bgpranking/config/modules/bambenekconsulting_Madmax.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Madmax\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Madmax_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Madmax\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Matsnu.json
+++ b/bgpranking/config/modules/bambenekconsulting_Matsnu.json
@ -3,5 +3,8 @@
  "name": "Matsnu",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"high\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Matsnu_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Matsnu_NS.json
@ -3,5 +3,8 @@
  "name": "Matsnu_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"high\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Mirai.json
+++ b/bgpranking/config/modules/bambenekconsulting_Mirai.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:botnet=\"Mirai\"",
-    "misp-galaxy:tool=\"Mirai\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:tool=\"Mirai\"",
+    "misp-galaxy:botnet=\"Mirai\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Mirai_NS.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:botnet=\"Mirai\"",
-    "misp-galaxy:tool=\"Mirai\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:tool=\"Mirai\"",
+    "misp-galaxy:botnet=\"Mirai\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Murofet.json
+++ b/bgpranking/config/modules/bambenekconsulting_Murofet.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Licat\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Murofet_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Licat\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Necurs.json
+++ b/bgpranking/config/modules/bambenekconsulting_Necurs.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:tool=\"Necurs\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Necurs_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:tool=\"Necurs\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Nymaim.json
+++ b/bgpranking/config/modules/bambenekconsulting_Nymaim.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:tool=\"Nymaim\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Nymaim_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:tool=\"Nymaim\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_P2P_GOZ.json
+++ b/bgpranking/config/modules/bambenekconsulting_P2P_GOZ.json
@ -3,5 +3,8 @@
  "name": "P2P_GOZ",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_P2P_GOZ_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_P2P_GOZ_NS.json
@ -3,5 +3,8 @@
  "name": "P2P_GOZ_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_PT_GOZ_New_GOZ_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_PT_GOZ_New_GOZ_NS.json
@ -3,5 +3,8 @@
  "name": "PT_GOZ_/_New_GOZ_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Padcrypt.json
+++ b/bgpranking/config/modules/bambenekconsulting_Padcrypt.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"PadCrypt\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Padcrypt_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:ransomware=\"PadCrypt\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pandabanker.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pandabanker.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Panda Banker\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pandabanker_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Panda Banker\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pizd.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pizd.json
@ -3,5 +3,8 @@
  "name": "Pizd",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"high\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pizd_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pizd_NS.json
@ -3,5 +3,8 @@
  "name": "Pizd_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"high\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Proslikefan.json
+++ b/bgpranking/config/modules/bambenekconsulting_Proslikefan.json
@ -3,5 +3,8 @@
  "name": "Proslikefan",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Proslikefan_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Proslikefan_NS.json
@ -3,5 +3,8 @@
  "name": "Proslikefan_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pushdo.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pushdo.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Pushdo\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pushdo_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Pushdo\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pykspa.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pykspa.json
@ -3,5 +3,8 @@
  "name": "Pykspa",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"medium\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Pykspa_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Pykspa_NS.json
@ -3,5 +3,8 @@
  "name": "Pykspa_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"medium\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Qadars.json
+++ b/bgpranking/config/modules/bambenekconsulting_Qadars.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Qadars\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Qadars_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Qadars\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Qakbot.json
+++ b/bgpranking/config/modules/bambenekconsulting_Qakbot.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:tool=\"Akbot\"",
    "misp-galaxy:banker=\"Qakbot\""
  ]
--- a/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Qakbot_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:tool=\"Akbot\"",
    "misp-galaxy:banker=\"Qakbot\""
  ]
--- a/bgpranking/config/modules/bambenekconsulting_Ramdo.json
+++ b/bgpranking/config/modules/bambenekconsulting_Ramdo.json
@ -3,5 +3,8 @@
  "name": "Ramdo",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Ramdo_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Ramdo_NS.json
@ -3,5 +3,8 @@
  "name": "Ramdo_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Ramnit.json
+++ b/bgpranking/config/modules/bambenekconsulting_Ramnit.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Ramnit\"",
    "misp-galaxy:banker=\"Ramnit\""
  ]
--- a/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Ramnit_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:botnet=\"Ramnit\"",
    "misp-galaxy:banker=\"Ramnit\""
  ]
--- a/bgpranking/config/modules/bambenekconsulting_Ranbyus.json
+++ b/bgpranking/config/modules/bambenekconsulting_Ranbyus.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Ranbyus\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Ranbyus_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Ranbyus\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Shifu.json
+++ b/bgpranking/config/modules/bambenekconsulting_Shifu.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:tool=\"Shifu\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Shifu_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:tool=\"Shifu\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Simda.json
+++ b/bgpranking/config/modules/bambenekconsulting_Simda.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:botnet=\"Simda\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Simda_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Simda_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:botnet=\"Simda\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Sisron.json
+++ b/bgpranking/config/modules/bambenekconsulting_Sisron.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Sisron\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Sisron_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Sisron\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Sphinx.json
+++ b/bgpranking/config/modules/bambenekconsulting_Sphinx.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Zeus Sphinx\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Sphinx_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"Zeus Sphinx\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Suppobox.json
+++ b/bgpranking/config/modules/bambenekconsulting_Suppobox.json
@ -3,5 +3,8 @@
  "name": "Suppobox",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"high\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Suppobox_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Suppobox_NS.json
@ -3,5 +3,8 @@
  "name": "Suppobox_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"high\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Symmi.json
+++ b/bgpranking/config/modules/bambenekconsulting_Symmi.json
@ -3,5 +3,8 @@
  "name": "Symmi",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tempedreve.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tempedreve.json
@ -3,5 +3,8 @@
  "name": "Tempedreve",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tempedreve_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tempedreve_NS.json
@ -3,5 +3,8 @@
  "name": "Tempedreve_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:banker=\"Tinba\"",
-    "misp-galaxy:tool=\"Tinba\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:tool=\"Tinba\"",
+    "misp-galaxy:banker=\"Tinba\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tinba_TinyBanker_NS.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:banker=\"Tinba\"",
-    "misp-galaxy:tool=\"Tinba\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:tool=\"Tinba\"",
+    "misp-galaxy:banker=\"Tinba\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tinynuke.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tinynuke.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"TinyNuke\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tinynuke_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"low\"",
    "misp-galaxy:banker=\"TinyNuke\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tofsee.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tofsee.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:botnet=\"Gheg\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Tofsee_NS.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:botnet=\"Gheg\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Unknowndropper.json
+++ b/bgpranking/config/modules/bambenekconsulting_Unknowndropper.json
@ -3,5 +3,8 @@
  "name": "Unknowndropper",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Unknowndropper_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Unknowndropper_NS.json
@ -3,5 +3,8 @@
  "name": "Unknowndropper_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Unknownjs.json
+++ b/bgpranking/config/modules/bambenekconsulting_Unknownjs.json
@ -3,5 +3,8 @@
  "name": "Unknownjs",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Unknownjs_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Unknownjs_NS.json
@ -3,5 +3,8 @@
  "name": "Unknownjs_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Vawtrak.json
+++ b/bgpranking/config/modules/bambenekconsulting_Vawtrak.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:tool=\"Vawtrak\"",
-    "misp-galaxy:banker=\"Vawtrak\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:banker=\"Vawtrak\"",
+    "misp-galaxy:tool=\"Vawtrak\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Vawtrak_NS.json
@ -5,7 +5,8 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
-    "misp-galaxy:tool=\"Vawtrak\"",
-    "misp-galaxy:banker=\"Vawtrak\""
+    "false-positive:risk=\"low\"",
+    "misp-galaxy:banker=\"Vawtrak\"",
+    "misp-galaxy:tool=\"Vawtrak\""
  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Vidro.json
+++ b/bgpranking/config/modules/bambenekconsulting_Vidro.json
@ -3,5 +3,8 @@
  "name": "Vidro",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Vidro_NS.json
+++ b/bgpranking/config/modules/bambenekconsulting_Vidro_NS.json
@ -3,5 +3,8 @@
  "name": "Vidro_NS",
  "vendor": "bambenekconsulting",
  "impact": 3,
-  "parser": ".parsers.bambenekconsulting"
+  "parser": ".parsers.bambenekconsulting",
+  "tags": [
+    "false-positive:risk=\"low\""
+  ]
 }
--- a/bgpranking/config/modules/bambenekconsulting_Virut.json
+++ b/bgpranking/config/modules/bambenekconsulting_Virut.json
@ -5,6 +5,7 @@
  "impact": 3,
  "parser": ".parsers.bambenekconsulting",
  "tags": [
+    "false-positive:risk=\"medium\"",
    "misp-galaxy:botnet=\"Virut\""
  ]
 }
--- a/Show More
+++ b/Show More