connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[Sekoia is merging entities and repeated renaming entries

Open fruitcakej opened this issue 3 weeks ago • 1 comments

Description

It appears that this connector is merging entities, I am not sure it is supposed to do so. In this specific case, the merge dates are also incorrect! I am convinced that I saw the ‘mirai’ malware a few days ago.

In the screenshot below, if we go by the merge dates, the connector merged mirai into bianlian. However, this summer I merged (that's true) the mirai botnet into mirai. There's a problem.

Environment

  1. SaaS 6.8.13

Screenshots (optional)

Image Image Image Image

fruitcakej avatar Dec 02 '25 16:12 fruitcakej

Jumping in to highlight the importance of troubleshooting this bug: discovering that the connector merged major entities would break the state of capitalization by merging two completely independent entities together without having the possibility of reverting those changes!

DreadFog avatar Dec 05 '25 11:12 DreadFog

By definition, no connector merges entities directly. If this behavior has been observed, it is possible that the Sekoia Feed contains two malware sharing the same alias for example.

romain-filigran avatar Dec 16 '25 22:12 romain-filigran