MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge https://github.com/MISP/misp-galaxy

Browse source
This commit is contained in:
Delta-Sierra 2023-01-26 11:46:14 +01:00
commit 89bb349184
8 changed files with 24071 additions and 2282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1516
clusters/country.json
View file

File diff suppressed because it is too large Load diff

24277
clusters/sigma-rules.json
View file

File diff suppressed because it is too large Load diff

10
clusters/threat-actor.json
View file

@ -8677,7 +8677,13 @@
"meta": {
"refs": [
"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-common-raven-iocs",
"https://www2.swift.com/isac/report/10118"
"https://www2.swift.com/isac/report/10118",
"https://blog.group-ib.com/opera1er-apt"
],
"synonyms": [
"OPERA1ER",
"NXSMS",
"DESKTOP-GROUP"
]
},
"uuid": "da581c60-7c3d-4de6-b54c-cafea1c58389",
@ -9986,5 +9992,5 @@
"value": "Malteiro"
}
],
"version": 256
"version": 257
}

482
clusters/uavs.json Normal file
View file

@ -0,0 +1,482 @@
{
"authors": [
"Enes AYATA"
],
"category": "military equipment",
"description": "Unmanned Aerial Vehicles / Unmanned Combat Aerial Vehicles",
"name": "UAVs/UCAVs",
"source": "Popular Mechanics",
"type": "uavs",
"uuid": "bef5c29d-b0db-4923-aa9a-80921f26d3ab",
"values": [
{
"description": "R18",
"meta": {
"Flight time": "40 minutes",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "N/A",
"Wingspan": "About 6 feet"
},
"uuid": "82a0a264-59dd-467a-9830-72c3fc8b25e6",
"value": "R18"
},
{
"description": "KBLA-IVT",
"meta": {
"Flight time": "60 minutes",
"Made in": "Russia",
"Operator": "Russia",
"Power plant": "Internal combustion",
"Top speed": "N/A",
"Wingspan": "15 feet"
},
"uuid": "25bc036b-8b71-4098-8615-bf63204509d2",
"value": "KBLA-IVT"
},
{
"description": "Autel Evo II",
"meta": {
"Flight time": "40 minutes",
"Made in": "China",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "45 mph",
"Wingspan": "16 inches"
},
"uuid": "c24e2133-23c7-4dcf-8fa1-5a38c713ad68",
"value": "Autel Evo II"
},
{
"description": "DJI Mavic Series",
"meta": {
"Flight time": "31 minutes",
"Made in": "China",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "29 mph",
"Wingspan": "8 inches"
},
"uuid": "8df0e639-8ce6-4b6a-b35a-cab3e6ccb56a",
"value": "DJI Mavic Series"
},
{
"description": "Golden Eagle",
"meta": {
"Flight time": "Up to 55 minutes",
"Made in": "USA",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top Speed": "50 mph",
"Wingspan": "About 20 inches"
},
"uuid": "de616d7c-8a9d-427f-8c6d-aeed9a3f2f3a",
"value": "Golden Eagle"
},
{
"description": "Skydio X2",
"meta": {
"Flight time": "35 minutes",
"Made in": "USA",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "25 mph",
"Wingspan": "26 inches"
},
"uuid": "50b4a527-b371-4daf-8f93-8e5de4de6c90",
"value": "Skydio X2"
},
{
"description": "RQ-4 Global Hawk",
"meta": {
"Flight time": "More than 34 hours",
"Made in": "USA",
"Operator": "USA",
"Powerplant": "Turbofan jet",
"Top speed": "Faster than 350 mph",
"Wingspan": "131 feet"
},
"uuid": "5ca96911-329e-4c0c-a582-e7857cc64963",
"value": "RQ-4 Global Hawk"
},
{
"description": "Orion",
"meta": {
"Flight time": "24 hours",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Internal combustion",
"Top speed": "120 mph",
"Wingspan": "48 feet"
},
"uuid": "8c35bf52-03ae-4155-ba7c-ca1141001395",
"value": "Orion"
},
{
"description": "Bayraktar TB2",
"meta": {
"Flight time": "More than 20 hours",
"Made in": "Turkey",
"Operator": "Ukraine",
"Powerplant": "Gasoline internal combustion",
"Top speed": "100 mph",
"Wingspan": "39 feet"
},
"uuid": "6b4b821a-fd00-47b4-b2da-451cf2017621",
"value": "Bayraktar TB2"
},
{
"description": "UJ-22 Airborne",
"meta": {
"Flight time": "7 hours",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Powerplant": "Gasoline internal combustion",
"Top speed": "100 mph",
"Wingspan": "32 feet"
},
"uuid": "0177e51e-6c68-415f-a887-4b40392f8010",
"value": "UJ-22 Airborne"
},
{
"description": "Forpost",
"meta": {
"Flight time": "20 hours",
"Made in": "Russia",
"Operator": "Russia",
"Power plant": "Gasoline internal combustion",
"Top speed": "125 mph",
"Wingspan": "28 feet"
},
"uuid": "5f6f611d-4edb-48da-ac71-abb93f687270",
"value": "Forpost"
},
{
"description": "Zala 421",
"meta": {
"Flight time": "6 hours",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Electric",
"Top speed": "74 mph",
"Wingspan": "17 feet"
},
"uuid": "385e7996-1f7e-4bc2-9606-e85aa9760448",
"value": "Zala 421"
},
{
"description": "PD-1 Peoples Drone",
"meta": {
"Flight time": "7 hours",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Powerplant": "Internal combustion engine",
"Top speed": "90 mph",
"Wingspan": "13 feet"
},
"uuid": "c33bdc2c-8a52-4a74-8e7d-602ad4a4d3f4",
"value": "PD-1 Peoples Drone"
},
{
"description": "Tupolev Tu-141 Strizh",
"meta": {
"Flight time": "60 minutes",
"Made in": "Former USSR Member States",
"Operator": "Unknown",
"Powerplant": "Turbojet",
"Top speed": "680 mph",
"Wingspan": "12 feet"
},
"uuid": "e90bee1e-0e27-4712-90d9-86093b0dafee",
"value": "Tupolev Tu-141 Strizh"
},
{
"description": "WB FlyEye",
"meta": {
"Flight time": "2.5 hours",
"Made in": "Poland",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "80 mph",
"Wingspan": "12 feet"
},
"uuid": "5048ea6b-1df9-4d19-8a7a-0837289a1399",
"value": "WB FlyEye"
},
{
"description": "Granat-4",
"meta": {
"Flight time": "6 hours",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Gasoline internal combustion",
"Top speed": "90 mph",
"Wingspan": "11 feet"
},
"uuid": "e2c10d80-0641-4d82-b5b5-ea2d6d4d74d8",
"value": "Granat-4"
},
{
"description": "Orlan-10",
"meta": {
"Flight time": "18 hours",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Internal combustion",
"Top speed": "93 mph",
"Wingspan": "10 feet"
},
"uuid": "4d604fd6-80b2-45dc-ab2b-a4f9e7f87a0d",
"value": "Orlan-10"
},
{
"description": "Orlan-30",
"meta": {
"Flight time": "5 hours",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Internal combustion",
"Top speed": "93 mph",
"Wingspan": "10 feet"
},
"uuid": "9536d2ee-e4a2-46ee-a4d2-313169312cdf",
"value": "Orlan-30"
},
{
"description": "Quantum Systems Vector",
"meta": {
"Flight time": "2 hours",
"Made in": "Germany",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "Over 25 mph",
"Wingspan": "9 feet"
},
"uuid": "b9e20493-a291-46f5-be3d-17c1335412c9",
"value": "Quantum Systems Vector"
},
{
"description": "Spectator",
"meta": {
"Flight time": "2 hours",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "75 mph",
"Wingspan": "10 feet"
},
"uuid": "a5b73ec0-a229-4117-b960-1a6636cfdd55",
"value": "Spectator"
},
{
"description": "RQ-20 Puma",
"meta": {
"Flight time": "2.5 hours",
"Made in": "USA",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "47 mph",
"Wingspan": "9 feet"
},
"uuid": "9e390aab-cd07-4d3f-96ba-872605b22186",
"value": "RQ-20 Puma"
},
{
"description": "E95",
"meta": {
"Flight time": "30 minutes",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Pulse jet",
"Top speed": "250 mph",
"Wingspan": "8 feet"
},
"uuid": "098c796d-0798-4506-a5eb-724b438448fc",
"value": "E95"
},
{
"description": "Tupolev Tu-143 Reis",
"meta": {
"Flight time": "13 minutes",
"Made in": "Former Soviet Union",
"Operator": "Ukraine",
"Powerplant": "Turbojet",
"Top speed": "Over 600 mph",
"Wingspan": "9 feet"
},
"uuid": "381f9b9a-617c-4908-9081-2b1d0e6507b2",
"value": "Tupolev Tu-143 Reis"
},
{
"description": "Zastava",
"meta": {
"Flight time": "80 minutes",
"Made in": "Russia and Israel",
"Operator": "Russia",
"Powerplant": "Electric",
"Top speed": "52 mph",
"Wingspan": "7 feet"
},
"uuid": "fcc0f47a-f148-4e94-a8e5-683984e9c489",
"value": "Zastava"
},
{
"description": "Punisher",
"meta": {
"Flight time": "90 minutes",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Power plant": "Electric",
"Top speed": "Over 50 mph",
"Wingspan": "7.5 feet"
},
"uuid": "38a1456f-85d5-4714-aebd-dcfc92a409b3",
"value": "Punisher"
},
{
"description": "Mini-Bayraktar",
"meta": {
"Flight time": "60 minutes",
"Made in": "Turkey",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "Over 45 mph",
"Wingspan": "7 feet"
},
"uuid": "ac021cef-204f-4d14-8960-c3b40734f477",
"value": "Mini-Bayraktar"
},
{
"description": "Takion",
"meta": {
"Flight time": "2 hours",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Electric",
"Top speed": "75 mph",
"Wingspan": "7 feet"
},
"uuid": "f5e68cef-7eca-483b-8487-2fc8384310ca",
"value": "Takion"
},
{
"description": "Leleka-100 “Stork”",
"meta": {
"Flight time": "2.5 hours",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "75 mph",
"Wingspan": "7 feet"
},
"uuid": "7e46ff41-3f34-4dd7-8b58-67c7bb2130c6",
"value": "Leleka-100 “Stork”"
},
{
"description": "Athlon Avia A1-CM Furia",
"meta": {
"Flight time": "3 hours",
"Made in": "Ukraine",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "Over 60 mph",
"Wingspan": "7 feet"
},
"uuid": "4c535ed3-2fee-43a4-a220-1ed8b85498d2",
"value": "Athlon Avia A1-CM Furia"
},
{
"description": "Eleron-3",
"meta": {
"Flight time": "100 minutes",
"Made in": "Russia",
"Operator": "Russia",
"Powerplant": "Electric",
"Top speed": "80 mph",
"Wingspan": "4 feet"
},
"uuid": "7d741517-6e70-4267-8b6f-7df4e025a0b0",
"value": "Eleron-3"
},
{
"description": "AeroVironment Quantix",
"meta": {
"Flight time": "45 minutes",
"Made in": "USA",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "Over 40 mph",
"Wingspan": "About 4 feet"
},
"uuid": "91e4c548-fd50-43da-891a-8d5990c32cda",
"value": "AeroVironment Quantix"
},
{
"description": "Switchblade 300",
"meta": {
"Flight time": "Over 15 minutes",
"Made in": "USA",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "Over 100 mph",
"Wingspan": "About 4 feet"
},
"uuid": "cd70cac7-e795-48ed-84cf-83fc688e368e",
"value": "Switchblade 300"
},
{
"description": "Switchblade 600",
"meta": {
"Flight time": "Over 40 minutes",
"Made in": "USA",
"Operator": "Ukraine",
"Powerplant": "Electric",
"Top speed": "115 mph",
"Wingspan": "About 6 feet"
},
"uuid": "809bbef1-3477-4dd3-90ec-68c6f45cd76b",
"value": "Switchblade 600"
},
{
"description": "Phoenix Ghost",
"meta": {
"Flight Time": "6 hours",
"Made in": "USA",
"Operator": "Ukraine",
"Power plant": "Electric",
"Top speed": "N/A",
"Wingspan": "N/A"
},
"uuid": "2a15042a-55a3-47f5-b1bf-d1319d3d2c87",
"value": "Phoenix Ghost"
},
{
"description": "WB Group Warmate",
"meta": {
"Flight time": "50 minutes",
"Made in": "Poland and Ukraine",
"Operator": "Ukraine",
"Power plant": "Electric",
"Top speed": "50 mph",
"Wingspan": "4.5 feet"
},
"uuid": "7eab87c7-608c-4837-8adb-7aae9e422fa9",
"value": "WB Group Warmate"
},
{
"description": "Zala KYB",
"meta": {
"Flight time": "30 minutes",
"Made in": "Russia",
"Operator": "Russia",
"Power plant": "Electric",
"Top speed": "80 mph",
"Wingspan": "4 feet"
},
"uuid": "7329fec9-c22c-42e4-83be-e778872c7b3d",
"value": "Zala KYB"
}
],
"version": 1
}

8
galaxies/uavs.json Normal file
View file

@ -0,0 +1,8 @@
{
"description": "Unmanned Aerial Vehicles / Unmanned Combat Aerial Vehicles",
"icon": "plane",
"name": "UAVs/UCAVs",
"type": "uavs",
"uuid": "bef5c29d-b0db-4923-aa9a-80921f26d3ab",
"version": 1
}

2
tools/mitre-cti/v2.0/create_mitre-enterprise-attack-attack-pattern_galaxy.py
View file

@ -29,7 +29,7 @@ for element in os.listdir('.'):
for reference in temp['external_references']:
if 'url' in reference and reference['url'] not in value['meta']['refs']:
value['meta']['refs'].append(reference['url'])
if 'external_id' in reference and reference['external_id'] not in value['meta']['external_id]:
if 'external_id' in reference and reference['external_id'] not in value['meta']['external_id']:
value['meta']['external_id'].append(reference['external_id'])
value['meta']['kill_chain'] = []
for killchain in temp['kill_chain_phases']:

3
tools/sigma/config.ini Normal file
View file

@ -0,0 +1,3 @@
[MISP]
cluster_path = ../../clusters/
mitre_attack_cluster = mitre-attack-pattern.json

55
tools/sigma/sigma-to-galaxy.py
View file

@ -3,7 +3,7 @@
Author: Jose Luis Sanchez Martinez
Twitter: @Joseliyo_Jstnk
date: 2022/11/18
Modified: 2022/12/05
Modified: 2023/01/03
GitHub: https://github.com/jstnk9/MISP
Description: This script can create MISP Galaxies from Sigma Rules. It can be done setting the path
where you have stored your sigma rules in the system.
@ -12,7 +12,7 @@
"""
import os, json, yaml, argparse, uuid
import os, json, yaml, argparse, uuid, configparser, time
unique_uuid = '9cf7cd2e-d5f1-48c4-9909-7896ba1c96b2'
@ -22,10 +22,56 @@ def main(args):
galaxyCluster = create_cluster(uuidGalaxy=unique_uuid)
valuesData = create_cluster_value(args.inputPath, args.recursive, galaxyCluster)
galaxyCluster["values"].extend(valuesData)
galaxyCluster = createRelations(galaxyCluster)
create_cluster_json(galaxyCluster)
check_duplicates(galaxyCluster)
def createRelations(galaxyCluster):
"""
:param galaxyCluster: Content of the cluster with all the values related to the Sigma Rules
:return galaxyCluster: Content of the cluster adding the relation between sigma rule and MITRE technique
"""
for obj in galaxyCluster["values"]:
for attack in obj["meta"]["tags"]:
if attack.startswith("attack.t"):
with open(
config["MISP"]["cluster_path"]
+ config["MISP"]["mitre_attack_cluster"],
"r",
) as mitreCluster:
data = json.load(mitreCluster)
for technique in data["values"]:
if (
technique["meta"]["external_id"]
== attack.split(".", 1)[1].upper()
):
if obj.get("related"):
obj["related"].append(
{
"dest-uuid": "%s" % (technique["uuid"]),
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to",
}
)
else:
obj["related"] = []
obj["related"].append(
{
"dest-uuid": "%s" % (technique["uuid"]),
"tags": [
"estimative-language:likelihood-probability=\"almost-certain\""
],
"type": "related-to",
}
)
return galaxyCluster
def check_duplicates(galaxy):
"""
:param galaxy: Content of the cluster with all the values
@ -81,6 +127,7 @@ def create_cluster(uuidGalaxy=unique_uuid):
:return cluster: Dict with the basic information needed for the JSON file.
"""
version = int(time.strftime("%Y%m%d"))
cluster = {
"authors": ["@Joseliyo_Jstnk"],
"category": "rules",
@ -90,7 +137,7 @@ def create_cluster(uuidGalaxy=unique_uuid):
"type": "sigma-rules",
"uuid": uuidGalaxy,
"values": [],
"version": 1,
"version": version
}
return cluster
@ -197,6 +244,8 @@ def create_galaxy_json():
if __name__ == '__main__':
config = configparser.ConfigParser()
config.read("config.ini")
parser = argparse.ArgumentParser(
description="This script can convert your sigma rules in MISP galaxies, generating both files needed for cluster and galaxies. If you need more information about how to import it, please, go to https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma"
)