Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support: How do I convert Galaxy Clusters to STIX2.1 format? #55

Open
1 task done
babo0n opened this issue Dec 4, 2023 · 0 comments
Open
1 task done

Support: How do I convert Galaxy Clusters to STIX2.1 format? #55

babo0n opened this issue Dec 4, 2023 · 0 comments

Comments

@babo0n
Copy link

babo0n commented Dec 4, 2023

Support Questions

Hello, I am trying to convert galaxy or galaxy_clusters json file to Stix 2.1 format.

Sample:

[
  {
    "GalaxyCluster": {
      "id": "61806",
      "uuid": "5abe8673-4f85-440b-8860-de39fc1b671c",
      "collection_uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
      "type": "rat",
      "value": "Iperius Remote",
      "tag_name": "misp-galaxy:rat=\"Iperius Remote\"",
      "description": "Iperius Remote is advertised with these features: Control remotely any computer with Iperius Remote Desktop Free. For remote support or presentations. Ideal for technical assistance. Easy to use and secure.",
      "galaxy_id": "52",
      "source": "MISP Project",
      "authors": ["Various", "raw-data"],
      "version": "44",
      "distribution": "3",
      "sharing_group_id": null,
      "org_id": "0",
      "orgc_id": "0",
      "default": true,
      "locked": false,
      "extends_uuid": "",
      "extends_version": "0",
      "published": false,
      "deleted": false
    }
  },
  {
    "GalaxyCluster": {
      "id": "61807",
      "uuid": "8ee3c015-3088-4a5f-8c94-602c27d767c0",
      "collection_uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
      "type": "rat",
      "value": "TeamViewer",
      "tag_name": "misp-galaxy:rat=\"TeamViewer\"",
      "description": "TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.",
      "galaxy_id": "52",
      "source": "MISP Project",
      "authors": ["Various", "raw-data"],
      "version": "44",
      "distribution": "3",
      "sharing_group_id": null,
      "org_id": "0",
      "orgc_id": "0",
      "default": true,
      "locked": false,
      "extends_uuid": "",
      "extends_version": "0",
      "published": false,
      "deleted": false
    }
  }
]

I can only find functions to convert events to STIX2.1 on documentation, and was wondering if there are any ways to do this.

Thank you in advance.

MISP version

2.4.178

Python version

3.10

Relevant log output

No response

Extra attachments

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@babo0n