Deborah Servili

Sorry, I definitely miss a lot of notifications. If I do remember correctly (sorry it was some times ago already), the idea was to create a galaxy listing existing OS...

Hm... To be honest I never had this confusion but this is conceivable. To stay consistent with the source, I think we need to keep the name "mitre-tool.json" (because I...

Yes, still relevant.

Ew, to be honest, I kind of always forget what is the best methodology. But usually I try to merge both in the "biggest one" (the onea with most information)....

Self-reminder (can be moved): Might be interesting to find a easy way to manage reciprocal relationships, such as dropped(dropper)/dropped-by or uses/used-by for instance

- dropped/dropped-by --> Fallout (exploit-kit) - dropped --> CoalaBot (tool -to add-) - dropped-by

- dropped/dropped-by --> Fallout (exploit-kit) - dropped --> SAVEFiles (ransomware) - dropped-by - variant-of --> Panda Banker (Banker) --> Zeus (Banker) -------------------- ref: https://www.bleepingcomputer.com/news/security/new-backdoor-ties-notpetya-and-industroyer-to-telebots-group/ - uses/used-by --> TeleBots Group -->...

- uses/used-by --> APT 10 --> Quasar RAT - Related (probably) --> MVP Ransomware --> Scarab Ransomware ref: https://twitter.com/siri_urz/status/1039077365039673344 - Related --> Scarab-DiskDoctor (Ransomware) --> Scarab (Ransomware) ------- ref: https://www.bleepingcomputer.com/news/security/hookads-malvertising-installing-malware-via-the-fallout-exploit-kit/...

This can be considered as WIP indeed. Or a kind of memo.

> The script will do the trick, but why not using the CSV loader? https://github.com/MISP/PyMISP/blob/main/pymisp/tools/csvloader.py *Cough* Probably because I could not find it in the first place... :zipper_mouth_face: Didn't search...