MISP
/
misp-galaxy
miroir de https://github.com/MISP/misp-galaxy
2
0
Bifurcation 0
Code Tickets Versions Wiki Activité

Merge branch 'main' of github.com:MISP/misp-galaxy into main

pull/607/head
Alexandre Dulaunoy 2020-11-30 15:50:42 +01:00
Parent b00ea12677 9be4a53f77
révision 790053b5b0
Aucune clé connue n'a été trouvée dans la base pour cette signature
ID de la clé GPG: 09E2CD4944E6CBCD
7 fichiers modifiés avec 11367 ajouts et 895 suppressions
Voir les Statistiques Télécharger le Fichier Patch Télécharger le Fichier des Différences Développer tous les fichiers Réduire tous les fichiers

52
.github/workflows/nosetests.yml externe Normal file
Voir le fichier

@ -0,0 +1,52 @@
name: Python application
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.6, 3.7, 3.8, 3.9]
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{matrix.python-version}}
uses: actions/setup-python@v2
with:
python-version: ${{matrix.python-version}}
- name: Initialize submodules
run: git submodule update --init --recursive
- name: Install system dependencies
run: sudo apt install jq moreutils
- name: Validate files
run: ./validate_all.sh
- name: Install Python dependencies
run: python -m pip install poetry
- name: Install testing via python module
run: |
git clone https://github.com/MISP/PyMISPGalaxies.git
pushd PyMISPGalaxies
git submodule update --init
git submodule foreach git pull origin main
poetry install
popd
- name: Test with Python module
run: |
pushd PyMISPGalaxies
poetry run nosetests-3.4 --with-coverage --cover-package=pymispgalaxies -d
popd

3458
clusters/mitre-attack-pattern.json
Voir le fichier

Fichier diff supprimé car celui-ci est trop grand Voir la Diff

1216
clusters/mitre-course-of-action.json
Voir le fichier

Fichier diff supprimé car celui-ci est trop grand Voir la Diff

1263
clusters/mitre-intrusion-set.json
Voir le fichier

Fichier diff supprimé car celui-ci est trop grand Voir la Diff

5667
clusters/mitre-malware.json
Voir le fichier

Fichier diff supprimé car celui-ci est trop grand Voir la Diff

601
clusters/mitre-tool.json
Voir le fichier

@ -66,348 +66,6 @@
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
"value": "Pass-The-Hash Toolkit - S0122"
},
{
"description": "[Cobalt Strike](https://attack.mitre.org/software/S0154) is a commercial, full-featured, penetration testing tool which bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors”. Cobalt Strike’s interactive post-exploit capabilities cover the full range of ATT&CK tactics, all executed within a single, integrated system. (Citation: cobaltstrike manual)\n\nIn addition to its own capabilities, [Cobalt Strike](https://attack.mitre.org/software/S0154) leverages the capabilities of other well-known tools such as Metasploit and [Mimikatz](https://attack.mitre.org/software/S0002). (Citation: cobaltstrike manual)",
"meta": {
"external_id": "S0154",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S0154",
"https://cobaltstrike.com/downloads/csmanual38.pdf"
],
"synonyms": [
"Cobalt Strike"
]
},
"related": [
{
"dest-uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
"value": "Cobalt Strike - S0154"
},
{
"description": "[Imminent Monitor](https://attack.mitre.org/software/S0434) was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure. Various cracked versions and variations of this RAT are still in circulation.(Citation: Imminent Unit42 Dec2019)",
"meta": {
@ -779,6 +437,96 @@
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
"value": "HTRAN - S0040"
},
{
"description": "[MCMD](https://attack.mitre.org/software/S0500) is a remote access tool that provides remote command shell capability used by [Dragonfly 2.0](https://attack.mitre.org/groups/G0074).(Citation: Secureworks MCMD July 2019)",
"meta": {
"external_id": "S0500",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S0500",
"https://www.secureworks.com/research/mcmd-malware-analysis"
],
"synonyms": [
"MCMD"
]
},
"related": [
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "975737f1-b10d-476f-8bda-3ec26ea57172",
"value": "MCMD - S0500"
},
{
"description": "[pwdump](https://attack.mitre.org/software/S0006) is a credential dumper. (Citation: Wikipedia pwdump)",
"meta": {
@ -2969,13 +2717,6 @@
]
},
"related": [
{
"dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"tags": [
@ -4653,7 +4394,167 @@
],
"uuid": "5fc81b43-62b5-41b1-9113-c79ae5f030c4",
"value": "CARROTBALL - S0465"
},
{
"description": "[CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted networks.(Citation: CME Github September 2018)",
"meta": {
"external_id": "S0488",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S0488",
"https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference"
],
"synonyms": [
"CrackMapExec"
]
},
"related": [
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c4810609-7da6-48ec-8057-1b70a7814db0",
"value": "CrackMapExec - S0488"
}
],
"version": 18
"version": 19
}

5
clusters/threat-actor.json
Voir le fichier

@ -6231,7 +6231,8 @@
"https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
"https://securelist.com/luckymouse-hits-national-data-center/86083/",
"https://attack.mitre.org/groups/G0027/",
"https://www.secureworks.com/research/threat-profiles/bronze-union"
"https://www.secureworks.com/research/threat-profiles/bronze-union",
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/"
],
"synonyms": [
"Emissary Panda",
@ -8498,5 +8499,5 @@
"value": "Operation Skeleton Key"
}
],
"version": 190
"version": 191
}