misp-objects/objects/thaicert-group-cards/definition.json

{
  "attributes": {
    "country": {
      "description": "Country of group - group location where it operates from.",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 1
    },
    "description": {
      "description": "Description of group activities or TTP used for group actions.",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": false,
      "ui-priority": 4
    },
    "more informations": {
      "description": "List more informations by url - reports, group links etc..",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 7
    },
    "motivation": {
      "description": "Motivation behind group ie. espionage, ransomware, other criminal activity, hacktivism . . .",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 3
    },
    "name": {
      "description": "Names or nicknames for group.",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 0
    },
    "observed": {
      "description": "What sector is this group active at? Government, telecommunication etc and country of activity.",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 5
    },
    "sponsor": {
      "description": "Sponsor of group ie. country, state, criminal ring, cartel etc..",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 2
    },
    "tools used": {
      "description": "What known tools are used by group.",
      "disable_correlation": false,
      "misp-attribute": "text",
      "multiple": true,
      "ui-priority": 6
    }
  },
  "description": "Adversary group cards inspired by ThaiCERT",
  "meta-category": "misc",
  "name": "thaicert-group-cards",
  "required": [
    "name"
  ],
  "uuid": "f42db88d-1889-4c2f-a903-971cf8e65174",
  "version": 3
}
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`{`
			`"attributes": {`
			`"country": {`
			`"description": "Country of group - group location where it operates from.",`
			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": true,`
			`"ui-priority": 1`
			`},`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"description": {`
			`"description": "Description of group activities or TTP used for group actions.",`
			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": false,`
			`"ui-priority": 4`
			`},`
			`"more informations": {`
			`"description": "List more informations by url - reports, group links etc..",`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": true,`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"ui-priority": 7`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`},`
			`"motivation": {`
			`"description": "Motivation behind group ie. espionage, ransomware, other criminal activity, hacktivism . . .",`
			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": true,`
			`"ui-priority": 3`
			`},`
fix: [thaicert-group-cards] name is singular has a single value which can be multiple 2022-12-22 13:12:05 +01:00			`"name": {`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"description": "Names or nicknames for group.",`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`"disable_correlation": false,`
			`"misp-attribute": "text",`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"multiple": true,`
			`"ui-priority": 0`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`},`
			`"observed": {`
			`"description": "What sector is this group active at? Government, telecommunication etc and country of activity.",`
			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": true,`
			`"ui-priority": 5`
			`},`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"sponsor": {`
			`"description": "Sponsor of group ie. country, state, criminal ring, cartel etc..",`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": true,`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"ui-priority": 2`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`},`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"tools used": {`
			`"description": "What known tools are used by group.",`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`"disable_correlation": false,`
			`"misp-attribute": "text",`
			`"multiple": true,`
fix: [jq] JSON fixed 2022-12-15 14:39:52 +01:00			`"ui-priority": 6`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`}`
			`},`
			`"description": "Adversary group cards inspired by ThaiCERT",`
			`"meta-category": "misc",`
chg: [groups->thaicert-group-cards] to make it more logical 2022-12-22 13:08:34 +01:00			`"name": "thaicert-group-cards",`
Create definition in groups Inspired by threat actor group cards 2022-12-12 19:02:23 +01:00			`"required": [`
			`"name"`
			`],`
			`"uuid": "f42db88d-1889-4c2f-a903-971cf8e65174",`
fix: [thaicert-group-cards] name is singular has a single value which can be multiple 2022-12-22 13:12:05 +01:00			`"version": 3`
fix: [jq] all 2022-12-22 13:15:10 +01:00			`}`