mirror of https://github.com/MISP/PyMISP
156 lines
17 KiB
JSON
156 lines
17 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"id": "1208",
|
||
|
"orgc_id": "1",
|
||
|
"org_id": "1",
|
||
|
"date": "2019-03-04",
|
||
|
"threat_level_id": "2",
|
||
|
"info": "Japanese Lorem Ipsum 条イ音態ぞゃご法説イシ技",
|
||
|
"published": false,
|
||
|
"uuid": "5c7cdc3b-2f40-4dca-8200-276c0a00020f",
|
||
|
"attribute_count": "1",
|
||
|
"analysis": "1",
|
||
|
"timestamp": "1551686770",
|
||
|
"distribution": "1",
|
||
|
"proposal_email_lock": false,
|
||
|
"locked": false,
|
||
|
"publish_timestamp": "0",
|
||
|
"sharing_group_id": "0",
|
||
|
"disable_correlation": false,
|
||
|
"extends_uuid": "",
|
||
|
"event_creator_email": "admin@admin.test 条イ音態ぞゃご法説イシ技",
|
||
|
"Org": {
|
||
|
"id": "1",
|
||
|
"name": "ORGNAME 条イ音態ぞゃご法説イシ技",
|
||
|
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
|
||
|
},
|
||
|
"Orgc": {
|
||
|
"id": "1",
|
||
|
"name": "ORGNAME 条イ音態ぞゃご法説イシ技",
|
||
|
"uuid": "5c6983c8-3af8-4304-869c-4800d6c1883c"
|
||
|
},
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"id": "242461",
|
||
|
"type": "text",
|
||
|
"category": "Antivirus detection",
|
||
|
"to_ids": false,
|
||
|
"uuid": "5c7cdc72-c9a4-4075-acb5-0e1b0a00020f",
|
||
|
"event_id": "1208",
|
||
|
"distribution": "5",
|
||
|
"timestamp": "1551686770",
|
||
|
"comment": "This is a contextual comment 条イ音態ぞゃご法説イシ技",
|
||
|
"sharing_group_id": "0",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_id": "0",
|
||
|
"object_relation": null,
|
||
|
"value": "\u6761\u30a4\u97f3\u614b\u305e\u3083\u3054\u6cd5\u8aac\u30a4\u30b7\u6280\u4f4d\u30fc\u30a4\u80fd\u76ee\u9580\u521d\u30f1\u5909\u6574\u3054\u3052\u5c55\u540c\u30bd\u30d8\u590954\u62ab\u30c8\u3093\u30d5\u8a18\u66ae\u30ce\u30e9\u6c17\u6708\u8cea\u3093\u3092\u554f\u63b2\u5f8c\u3076\u30e9\u306a\u8ee2\u6b69\u30ea\u30e4\u30f2\u88fd\u51fa\u30ed\u30a2\u7d42\u4ed6\u8f38\u3084\u3057\u3002\u672a\u554f\u30bb\u30b5\u30ea\u5357\u6587\u306f\u3076\u66ae\u6b69\u30a6\u30b1\u30ef\u53ef\u9ad8\u3084\u793e\u4f1a\u30a2\u5c53\u91d1\u30f2\u30cd\u902374\u9023\u3074\u53ef\u6b73\u30ce\u30b3\u30a8\u30bb\u73fe\u5e02\u305c\u304b\u3072\u308b\u54e1\u89e3\u5916\u55b6\u4f0a\u5e2b\u53df\u305a\u3002\u969b\u304e\u3071\u3055\u8077\u6587\u308c\u304e\u30ec\u30c3\u4e8b\u8457\u5834\u307b\u3086\u3066\u70b9\u8cbb\u307e\u30b9\u3055\u4ef0\u62d3\u753a\u30e2\u30eb\u30cf\u30df\u534a\u539f\u30ec\u4f1a\u5e73\u30cf\u30cc\u65c5\u56f2\u30b5\u30d2\u30a2\u30b1\u587e\u4e2d\u3059\u9928\u8a9e\u307f\u611b8\u4f1a\u304f\u3042\u305f\u7a3f27\u8a13\u3059\u30e9\u305e\u308a\u3002\r\n\r\n\u9014\u3053\u306f\u8abf\u53ef\u30cd\u30ab\u97628\u7981\u3086\u3060\u3044\u5e74\u4eba\u30d5\u5faa\u90e8\u306e\u3076\u30f3\u672a\u4e8b\u30c1\u30a8\u30f2\u4f9b\u671d\u30f3\u3065\u59cb\u5207\u3066\u30b9\u30af\u3061\u6458\u4e0d\u3061\u3086\u305a\u5de8\u7121\u30d5\u30db\u9686\u5177\u30e9\u30b9\u30e6\u5ea7\u61f8\u308f\u4eac\u7389\u306b\u3079\u3075\u3089\u6307\u6a80\u30a6\u30b3\u30cd\u6d17\u9762\u30b5\u30c8\u30bb\u534170\u5347\u5fcd\u66c7\u690e\u307b\u300236\u5eb7\u3070\u3050\u8ca1\u6709\u793e\u30ea\u8ad6\u5f92\u30e2\u30b1\u30aa\u5854\u98db\u8868\u5fdc\u30c8\u30db\u4e0a\u5bfe\u5404\u30d5\u962a\u8fce\u30db\u30bf\u6599\u4e07\u306e\u307d\u8981\u52a9\u63a8\u308d\u304a\u3071\u5408\u584a\u30db\u8005\u653f\u30ec\u305f\u3052\u3048\u6d3b\u7d19\u30aa\u30ab\u5374\u80b2\u304b\u6c37\u5348\u4ef0\u5de3\u6bc5\u3079\u30af\u3072\u3002\r\n\r\n\u516d\u30aa\u62c9\u885d\u30b7\u30e0\u30bd\u30c6\u624b\u76f8\u30ec\u990a\u53e4\u30e6\u30cb\u30f1\u4e2d\u63d0\u30c9\u3060\u4e0a\u66ff\u304f\u307e\u30c9\u4efb\u8a00\u30cc\u652f\u7279\u30ca\u30ed\u30a2\u30df\u653f\u8aad\u304f\u306b\u3084\u3048\u5bb9\u826f\u3052\u308b\u305e\u3067\u5e7b\u901f\u30fc\u9178\u7acb\u308f\u30f3\u70b9\u53f7\u30b5\u30e2\u4e88\u969b\u3082\u3080\u751f\u6cbf\u3054\u3053\u30e9\u3057\u7d9a\u8a18\u3093\u307c\u30af\u305b\u60c5\u61b2\u63f4\u5091\u307c\u305c\u3002\u53d7\u30c8\u30db\u65e593\u5b9f\u30b7\u30eb\u9000\u4e2d\u30eb\u30d2\u30e6\u30b5\u5c0f\u60d1\u30d5\u30c9\u3042\u5712\u7dbf\u30e2\u30b1\u9707\u4ea4\u5065\u3050\u3086\u3081\u3066\u8aad\u65e53\u5e38\u79fb\u9700\u667a\u30db\u30e4\u30d2\u52b9\u53e4\u4e26\u52d9\u9ed2\u7b46\u62f3\u3050\u3086\u3002\u5357\u30c3\u4f5c3\u547c\u305f\u7528\u52d9\u5a18\u30db\u82b8\u672c\u3068\u304b\u3080\u30af\u4efb\u5199\u30cd\u30a6\u30b1\u6700\u66f4\u304d\u77f3\u7981\u3076\u30c3\u65ec\u88d5\u5b57\u307d\u6226\u6a2a\u30f2\u602765\u4e57\u304a\u6a29\u518d\u6676\u90ca\u9673\u308b\u3066\u3002\r\n\r\n\u7a7a\u30db\u30c4\u30b3\u7881\u8f09\u30a4\u30c4\u30ec\u518d\u5e74\u30e0\u30cb\u30e2\u4e8c\u96a0\u30f1\u30d8\u30a4\u901f\u66f4\u6bd2\u3068\u3073\u30f3\u65706\u9078\u3084\u305e\u3080\u7279\u5168\u304b\u30fc\u3080\u6d6e\u666f\u30b9\u30c4\u82e5\u4e8b\u518d\u30bb\u30e4\u66f4\u8a2d\u539f\u3083\u3048\u306e\u3002\u4e92\u3064\u308c\u554640\u5411\u306b\u55b6\u6e29\u5909\u30b7\u7d22\u5199\u307f\u30b9\u6c34\u4fee\u30b5\u30d8\u30cd\u512a\u5e745\u53f0\u306f\u3061\u8fba\u8302\u30c9\u30af\u5b88\u969b\u74b0\u3070\u3044\u30f3\u5b58\u72b6\u30a4\u30e2\u30d5\u30db\u516c\u4e21\u3064\u3069\u6c17\u7d44\u305b\u3088\u5b58\u6cc1\u30cf\u56f0\u4e2d\u3086\u3067\u307f\u5eb7\u96ea\u30c8\u30cc\u30eb\u6b4c\u4eee\u3057\u3055\u305e\u3002\u56fd\u611b\u30d5\u30e8\u30b3\u30cb\u712139\u7d50\u30cb\u30cd\u30e8\u30b7\u592787\u9593\u3055\u30ec\u3058\u3083\u65e5\u793a\u30b5\u30b3\u54c1\u65c5\u307e\u3081\u3066\u983c\u5236\u3068\u5143\u89b3\u305d\u3073\u3088\u30f3\u6d88\u73fe\u30af\u3079\u60d1\u8a71\u30c3\u3086\u8996\u66ae\u660e\u4e00\u30e8\u30e6\u30ed\u4fdd\u9662\u696d\u7406\u304c\u305e\u3050\u3002\r\n\r\n\u76df\u30eb\u4e00\u5186\u3052\u8981\u4ed8\u3046\u535a\u5f53\u308d\u3051\u3
|
||
|
"Galaxy": [],
|
||
|
"ShadowAttribute": []
|
||
|
}
|
||
|
],
|
||
|
"ShadowAttribute": [],
|
||
|
"RelatedEvent": [],
|
||
|
"Galaxy": [
|
||
|
{
|
||
|
"id": "10",
|
||
|
"uuid": "fb5a36c0-1707-11e8-81f5-d732b22a4982",
|
||
|
"name": "Enterprise Attack 条イ音態ぞゃご法説イシ技 - Course of Action",
|
||
|
"type": "mitre-enterprise- 条イ音態ぞゃご法説イシ技 attack-course-of-action",
|
||
|
"description": "ATT&CK 条イ音態ぞゃご法説イシ技 Mitigation",
|
||
|
"version": "5",
|
||
|
"icon": "chain",
|
||
|
"namespace": "deprecated",
|
||
|
"GalaxyCluster": [
|
||
|
{
|
||
|
"id": "1524",
|
||
|
"collection_uuid": "95c29444-49f9-49f7-8b20-bcd68d8fcaa6",
|
||
|
"type": "mitre-enterprise- 条イ音態ぞゃご法説イシ技attack-course-of-action",
|
||
|
"value": "AppCert DLLs 条イ音態ぞゃご法説イシ技 Mitigation - T1182",
|
||
|
"tag_name": "misp-galaxy:mitre-e 条イ音態ぞゃご法説イシ技nterprise-attack-course-of-action=\"AppCert DLLs Mitigation - T1182\" 条イ音態ぞゃご法説イシ技",
|
||
|
"description": "Identify and block 条イ音態ぞゃご法説イシ技 potentially malicious software that may be executed through AppCert DLLs by using whitelisting (Citation: Beechey 2010) tools, like AppLocker, (Citation: Windows Commands JPCERT) (Citation: NSA MS AppLocker) that are capable of auditing and\/or blocking unknown DLLs.",
|
||
|
"galaxy_id": "10",
|
||
|
"source": "https:\/\/git条イ音態ぞゃご法説イシ技hub.com\/mitre\/cti",
|
||
|
"authors": [
|
||
|
"MITRE"
|
||
|
],
|
||
|
"version": "5",
|
||
|
"uuid": "",
|
||
|
"tag_id": "730",
|
||
|
"meta": {
|
||
|
"external_id": [
|
||
|
"T1182"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"id": "30",
|
||
|
"uuid": "1023f364-7831-11e7-8318-43b5531983ab",
|
||
|
"name": "Intrusion Set",
|
||
|
"type": "mitre-intrusion-set",
|
||
|
"description": "Name of ATT&CK Group",
|
||
|
"version": "8",
|
||
|
"icon": "user-secret",
|
||
|
"namespace": "mitre-attack",
|
||
|
"GalaxyCluster": [
|
||
|
{
|
||
|
"id": "4015",
|
||
|
"collection_uuid": "247cb30b-955f-42eb-97a5-a89fef69341e",
|
||
|
"type": "mitre-intrusion-set",
|
||
|
"value": "APT32 - G0050",
|
||
|
"tag_name": "misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"",
|
||
|
"description": "[APT32](https:\/\/attack.mitre.org\/groups\/G0050) is a threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as with foreign governments, dissidents, and journalists with a strong focus on Southeast Asian countries like Vietnam, Phillipines, Laos, and Cambodia. They have extensively used strategic web compromises to compromise victims. \nThe group is believed to be Vietnam-based. (Citation: FireEye APT32 May 2017) (Citation: Volexity OceanLotus Nov 2017) (Citation: ESET OceanLotus)",
|
||
|
"galaxy_id": "30",
|
||
|
"source": "https:\/\/github.com\/mitre\/cti",
|
||
|
"authors": [
|
||
|
"MITRE"
|
||
|
],
|
||
|
"version": "12",
|
||
|
"uuid": "",
|
||
|
"tag_id": "731",
|
||
|
"meta": {
|
||
|
"external_id": [
|
||
|
"G0050"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https:\/\/attack.mitre.org\/groups\/G0050",
|
||
|
"https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/05\/cyber-espionage-apt32.html",
|
||
|
"https:\/\/www.volexity.com\/blog\/2017\/11\/06\/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society\/",
|
||
|
"https:\/\/www.welivesecurity.com\/2018\/03\/13\/oceanlotus-ships-new-backdoor\/"
|
||
|
],
|
||
|
"synonyms": [
|
||
|
"APT32",
|
||
|
"OceanLotus Group",
|
||
|
"APT-C-00"
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
],
|
||
|
"Object": [],
|
||
|
"Tag": [
|
||
|
{
|
||
|
"id": "730",
|
||
|
"name": "misp-galaxy:mitre-enterprise条イ音態ぞゃご法説イシ技-attack-course-of-action=\"AppCert DLLs Mitigation - T1182\"",
|
||
|
"colour": "#0088cc",
|
||
|
"exportable": true,
|
||
|
"user_id": "0",
|
||
|
"hide_tag": false,
|
||
|
"numerical_value": null
|
||
|
},
|
||
|
{
|
||
|
"id": "731",
|
||
|
"name": "misp-galaxy:mitre-intrusion-条イ音態ぞゃご法説イシ技set=\"APT32 - G0050\"",
|
||
|
"colour": "#0088cc",
|
||
|
"exportable": true,
|
||
|
"user_id": "0",
|
||
|
"hide_tag": false,
|
||
|
"numerical_value": null
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|