mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
57 lines
2.2 KiB
JSON
57 lines
2.2 KiB
JSON
{
|
|
"values": [
|
|
{
|
|
"meta": {
|
|
"refs": [
|
|
"http://windows.microsoft.com/en-us/windows/back-up-restore-faq#1TC=windows-7."
|
|
],
|
|
"Complexity": "Medium",
|
|
"Effectiveness": "High",
|
|
"Impact": "Low",
|
|
"Type": "Recovery"
|
|
},
|
|
"value": "Backup and Restore Process",
|
|
"description": "Make sure to have adequate backup processes on place and frequently test a restore of these backups.
|
|
(Schrödinger's backup - it is both existent and non-existent until you've tried a restore"
|
|
},
|
|
{
|
|
"meta": {
|
|
"refs": [
|
|
"https://support.office.com/en-us/article/Enable-or-disable-macros-in-Office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6?ui=en-US&rs=en-US&ad=US",
|
|
"https://www.404techsupport.com/2016/04/office2016-macro-group-policy/?utm_source=dlvr.it&utm_medium=twitter"
|
|
],
|
|
"Complexity": "Low",
|
|
"Effectiveness": "High",
|
|
"Impact": "Low",
|
|
"Type": "GPO"
|
|
},
|
|
"value": "Block Macros",
|
|
"description": "Disable macros in Office files downloaded from the Internet. This can be configured to work in two different modes:
|
|
A.) Open downloaded documents in 'Protected View'
|
|
B.) Open downloaded documents and block all macros"
|
|
},
|
|
{
|
|
"meta": {
|
|
"refs": [
|
|
"http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Customization/DisableWindowsScriptingHostWSH.html"
|
|
],
|
|
"Complexity": "Low",
|
|
"Effectiveness": "Medium",
|
|
"Impact": "Medium",
|
|
"Type": "GPO"
|
|
},
|
|
"value": "Disable WSH",
|
|
"description": "Disable Windows Script Host"
|
|
},
|
|
],
|
|
"name": "Preventive Measure",
|
|
"type": "preventive-measure",
|
|
"source": "MISP Project",
|
|
"authors": [
|
|
"Various"
|
|
],
|
|
"description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
|
|
"uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65",
|
|
"version": 1
|
|
}
|
|
|