MISP Galaxy - adding target operating system of a malware describedin malpedia

[adulau]

Is your feature request related to a problem?

We developed a new repository for testing some malware automatically and having a public repository malware-dataset. To be able to redirect the execution to the right sandbox, we would like to have the target operating system in the MISP galaxy cluster in a meta field.

Describe the solution you'd like

A sample JSON output:

  {
        "synonyms": [
          "Bladabindi",
          "Lime-Worm"
        ],
        "type": [],
        "os":  ["Windows"]
      },
      "uuid": "ff611c24-289e-4f2d-88d2-cfbf771a4e4b",
      "value": "NjRAT"

Describe alternatives you've considered

Pulling the data from the Malpedia API and update the galaxy but then it's a two-step process instead of using the official MISP galaxy export from Malpedia.

[danielplohmann]

Hi Alex,

sure, we can add that easily since it's already encoded as platform for basically all families in Malpedia, so changing the generation of the galaxy cluster should be a one-liner.

Do you already have a set of preferred platform tags that we should use, like ["Windows", "Linux", "macOS", "Android", "iOS", "..."]?