MISP
/
misp-galaxy
의 미러 https://github.com/MISP/misp-galaxy
2
0
포크 0
코드 이슈 릴리즈 위키 활동

Merge branch 'main' of github.com:MISP/misp-galaxy into main

pull/607/head
Alexandre Dulaunoy 2020-11-30 15:50:42 +01:00
부모 b00ea12677 9be4a53f77
커밋 790053b5b0
No known key found for this signature in database
GPG 키 ID: 09E2CD4944E6CBCD
7개의 변경된 파일11367개의 추가작업 그리고 895개의 파일을 삭제
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
.github/workflows/nosetests.yml vendored Normal file
파일 보기

@ -0,0 +1,52 @@
name: Python application
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.6, 3.7, 3.8, 3.9]
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{matrix.python-version}}
uses: actions/setup-python@v2
with:
python-version: ${{matrix.python-version}}
- name: Initialize submodules
run: git submodule update --init --recursive
- name: Install system dependencies
run: sudo apt install jq moreutils
- name: Validate files
run: ./validate_all.sh
- name: Install Python dependencies
run: python -m pip install poetry
- name: Install testing via python module
run: |
git clone https://github.com/MISP/PyMISPGalaxies.git
pushd PyMISPGalaxies
git submodule update --init
git submodule foreach git pull origin main
poetry install
popd
- name: Test with Python module
run: |
pushd PyMISPGalaxies
poetry run nosetests-3.4 --with-coverage --cover-package=pymispgalaxies -d
popd

3458
clusters/mitre-attack-pattern.json
파일 보기

파일 크기가 너무 크기때문에 변경 상태를 표시하지 않습니다. Load Diff

1216
clusters/mitre-course-of-action.json
파일 보기

파일 크기가 너무 크기때문에 변경 상태를 표시하지 않습니다. Load Diff

1263
clusters/mitre-intrusion-set.json
파일 보기

파일 크기가 너무 크기때문에 변경 상태를 표시하지 않습니다. Load Diff

5667
clusters/mitre-malware.json
파일 보기

파일 크기가 너무 크기때문에 변경 상태를 표시하지 않습니다. Load Diff

601
clusters/mitre-tool.json
파일 보기

@ -66,348 +66,6 @@
"uuid": "a52edc76-328d-4596-85e7-d56ef5a9eb69",
"value": "Pass-The-Hash Toolkit - S0122"
},
{
"description": "[Cobalt Strike](https://attack.mitre.org/software/S0154) is a commercial, full-featured, penetration testing tool which bills itself as “adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors”. Cobalt Strike’s interactive post-exploit capabilities cover the full range of ATT&CK tactics, all executed within a single, integrated system. (Citation: cobaltstrike manual)\n\nIn addition to its own capabilities, [Cobalt Strike](https://attack.mitre.org/software/S0154) leverages the capabilities of other well-known tools such as Metasploit and [Mimikatz](https://attack.mitre.org/software/S0002). (Citation: cobaltstrike manual)",
"meta": {
"external_id": "S0154",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S0154",
"https://cobaltstrike.com/downloads/csmanual38.pdf"
],
"synonyms": [
"Cobalt Strike"
]
},
"related": [
{
"dest-uuid": "ca44dd5e-fd9e-48b5-99cb-0b2629b9265f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "1a1d3ea4-972e-4c48-8d85-08d9db8f1550",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "99709758-2b96-48f2-a68a-ad7fbd828091",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f72eb8a8-cd4c-461d-a814-3f862befbf00",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f879d51c-5476-431c-aedf-f14d207e4d1e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "aafea02e-ece5-4bb2-91a6-3bf8c7f38a39",
"value": "Cobalt Strike - S0154"
},
{
"description": "[Imminent Monitor](https://attack.mitre.org/software/S0434) was a commodity remote access tool (RAT) offered for sale from 2012 until 2019, when an operation was conducted to take down the Imminent Monitor infrastructure. Various cracked versions and variations of this RAT are still in circulation.(Citation: Imminent Unit42 Dec2019)",
"meta": {
@ -779,6 +437,96 @@
"uuid": "d5e96a35-7b0b-4c6a-9533-d63ecbda563e",
"value": "HTRAN - S0040"
},
{
"description": "[MCMD](https://attack.mitre.org/software/S0500) is a remote access tool that provides remote command shell capability used by [Dragonfly 2.0](https://attack.mitre.org/groups/G0074).(Citation: Secureworks MCMD July 2019)",
"meta": {
"external_id": "S0500",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S0500",
"https://www.secureworks.com/research/mcmd-malware-analysis"
],
"synonyms": [
"MCMD"
]
},
"related": [
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "975737f1-b10d-476f-8bda-3ec26ea57172",
"value": "MCMD - S0500"
},
{
"description": "[pwdump](https://attack.mitre.org/software/S0006) is a credential dumper. (Citation: Wikipedia pwdump)",
"meta": {
@ -2969,13 +2717,6 @@
]
},
"related": [
{
"dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"tags": [
@ -4653,7 +4394,167 @@
],
"uuid": "5fc81b43-62b5-41b1-9113-c79ae5f030c4",
"value": "CARROTBALL - S0465"
},
{
"description": "[CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted networks.(Citation: CME Github September 2018)",
"meta": {
"external_id": "S0488",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S0488",
"https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference"
],
"synonyms": [
"CrackMapExec"
]
},
"related": [
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "uses"
}
],
"uuid": "c4810609-7da6-48ec-8057-1b70a7814db0",
"value": "CrackMapExec - S0488"
}
],
"version": 18
"version": 19
}

5
clusters/threat-actor.json
파일 보기

@ -6231,7 +6231,8 @@
"https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
"https://securelist.com/luckymouse-hits-national-data-center/86083/",
"https://attack.mitre.org/groups/G0027/",
"https://www.secureworks.com/research/threat-profiles/bronze-union"
"https://www.secureworks.com/research/threat-profiles/bronze-union",
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/"
],
"synonyms": [
"Emissary Panda",
@ -8498,5 +8499,5 @@
"value": "Operation Skeleton Key"
}
],
"version": 190
"version": 191
}