misp-circl-feed/feeds/circl/stix-2.1/5755628d-ebd4-4150-abb0-4bfd950d210f.json

{
    "type": "bundle",
    "id": "bundle--5755628d-ebd4-4150-abb0-4bfd950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T12:00:13.000Z",
            "modified": "2016-06-06T12:00:13.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5755628d-ebd4-4150-abb0-4bfd950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T12:00:13.000Z",
            "modified": "2016-06-06T12:00:13.000Z",
            "name": "OSINT - CryptXXX Ransomware Learns the Samba, Other New Tricks With Version 3.100",
            "published": "2016-06-06T12:11:49Z",
            "object_refs": [
                "observed-data--5755630a-b728-4018-919c-4396950d210f",
                "url--5755630a-b728-4018-919c-4396950d210f",
                "x-misp-attribute--57556324-f848-48fe-b41c-4954950d210f",
                "indicator--57556351-973c-48c8-aa87-4672950d210f",
                "indicator--57556421-ae98-438b-9b9f-4b44950d210f",
                "indicator--575564c0-3360-41aa-89dc-464e950d210f",
                "indicator--575564d2-3238-48dd-8b3f-4272950d210f",
                "indicator--575564e2-8fa4-4206-827e-475a950d210f",
                "indicator--575564fc-c040-4d55-8b48-4bfd02de0b81",
                "indicator--575564fc-f68c-419c-b73c-4ec902de0b81",
                "observed-data--575564fc-97cc-40f4-a02d-495902de0b81",
                "url--575564fc-97cc-40f4-a02d-495902de0b81",
                "indicator--575564fc-7644-4049-bf11-4f3d02de0b81",
                "indicator--575564fc-3c30-46d5-a432-4cc002de0b81",
                "observed-data--575564fd-d104-4573-8bdd-4ac302de0b81",
                "url--575564fd-d104-4573-8bdd-4ac302de0b81",
                "indicator--575564fd-63ec-4199-aad2-448902de0b81",
                "indicator--575564fd-65a0-4dc6-a550-440502de0b81",
                "observed-data--575564fd-4084-417a-8a33-4d8a02de0b81",
                "url--575564fd-4084-417a-8a33-4d8a02de0b81",
                "indicator--575564fd-cf54-4538-b70e-433602de0b81",
                "indicator--575564fe-8ca4-41d0-9f52-433202de0b81",
                "observed-data--575564fe-9fe4-4c3a-adc6-41ea02de0b81",
                "url--575564fe-9fe4-4c3a-adc6-41ea02de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT",
                "ecsirt:malicious-code=\"ransomware\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5755630a-b728-4018-919c-4396950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:48:26.000Z",
            "modified": "2016-06-06T11:48:26.000Z",
            "first_observed": "2016-06-06T11:48:26Z",
            "last_observed": "2016-06-06T11:48:26Z",
            "number_observed": 1,
            "object_refs": [
                "url--5755630a-b728-4018-919c-4396950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5755630a-b728-4018-919c-4396950d210f",
            "value": "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--57556324-f848-48fe-b41c-4954950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:48:52.000Z",
            "modified": "2016-06-06T11:48:52.000Z",
            "labels": [
                "misp:type=\"comment\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "comment",
            "x_misp_value": "Proofpoint researchers have been tracking the rapid development of CryptXXX since they first discovered the ransomware in April [1]. In mid-May, the first major CryptXXX update temporarily broke the decryption tool available from our colleagues at Kaspersky Labs and locked the screens of infected PCs, making it harder to access the file systems [3]. Last week, we observed the latest version of CryptXXX (Version 3.100) in the wild, which introduced additional capabilities including network share encryption. For the time being, at least, it has once again rendered the decryption tool ineffective.\r\n\r\nThis new round of updates means that even if users are able to decrypt their files, whether through an updated third-party tool or by paying the ransom, CryptXXX can still cause significant downtime by encrypting files on network shares. In this post, we also detail for the first time the StillerX module that underlies the information-stealing capabilities in CryptXXX and allows threat actors to sell credentials or launch targeted attacks.\r\n- See more at: https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100#sthash.A46I51Xy.dpuf"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--57556351-973c-48c8-aa87-4672950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:49:37.000Z",
            "modified": "2016-06-06T11:49:37.000Z",
            "description": "CryptXXX C&C (communication is non-SSL TCP on port 443)",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.25.194.116']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:49:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--57556421-ae98-438b-9b9f-4b44950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:53:05.000Z",
            "modified": "2016-06-06T11:53:05.000Z",
            "description": "StillerX sample (2016-04-29)",
            "pattern": "[file:hashes.SHA256 = '7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:53:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564c0-3360-41aa-89dc-464e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:55:44.000Z",
            "modified": "2016-06-06T11:55:44.000Z",
            "description": "StillerX sample (2016-06-01)",
            "pattern": "[file:hashes.SHA256 = '011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:55:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564d2-3238-48dd-8b3f-4272950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:02.000Z",
            "modified": "2016-06-06T11:56:02.000Z",
            "description": "CryptXXX sample (2016-05-28)",
            "pattern": "[file:hashes.SHA256 = '36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564e2-8fa4-4206-827e-475a950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:30.000Z",
            "modified": "2016-06-06T11:56:30.000Z",
            "description": "CryptXXX sample (2016-05-31)",
            "pattern": "[file:hashes.SHA256 = '139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fc-c040-4d55-8b48-4bfd02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:44.000Z",
            "modified": "2016-06-06T11:56:44.000Z",
            "description": "CryptXXX sample (2016-05-31) - Xchecked via VT: 139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863",
            "pattern": "[file:hashes.SHA1 = 'a3ce6e877365857c9de757d7a4183c9a6f98eb93']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fc-f68c-419c-b73c-4ec902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:44.000Z",
            "modified": "2016-06-06T11:56:44.000Z",
            "description": "CryptXXX sample (2016-05-31) - Xchecked via VT: 139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863",
            "pattern": "[file:hashes.MD5 = 'cb7769918a8237f08a4ef748aca2d9c4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--575564fc-97cc-40f4-a02d-495902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:44.000Z",
            "modified": "2016-06-06T11:56:44.000Z",
            "first_observed": "2016-06-06T11:56:44Z",
            "last_observed": "2016-06-06T11:56:44Z",
            "number_observed": 1,
            "object_refs": [
                "url--575564fc-97cc-40f4-a02d-495902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--575564fc-97cc-40f4-a02d-495902de0b81",
            "value": "https://www.virustotal.com/file/139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863/analysis/1464720315/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fc-7644-4049-bf11-4f3d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:44.000Z",
            "modified": "2016-06-06T11:56:44.000Z",
            "description": "CryptXXX sample (2016-05-28) - Xchecked via VT: 36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c",
            "pattern": "[file:hashes.SHA1 = 'b0735aabb42c1105475983ce2f00228655cecd09']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fc-3c30-46d5-a432-4cc002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:44.000Z",
            "modified": "2016-06-06T11:56:44.000Z",
            "description": "CryptXXX sample (2016-05-28) - Xchecked via VT: 36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c",
            "pattern": "[file:hashes.MD5 = 'e2ba73dc7ad68e65249e1672d5cb2dc3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--575564fd-d104-4573-8bdd-4ac302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:45.000Z",
            "modified": "2016-06-06T11:56:45.000Z",
            "first_observed": "2016-06-06T11:56:45Z",
            "last_observed": "2016-06-06T11:56:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--575564fd-d104-4573-8bdd-4ac302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--575564fd-d104-4573-8bdd-4ac302de0b81",
            "value": "https://www.virustotal.com/file/36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c/analysis/1464973888/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fd-63ec-4199-aad2-448902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:45.000Z",
            "modified": "2016-06-06T11:56:45.000Z",
            "description": "StillerX sample (2016-06-01) - Xchecked via VT: 011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de",
            "pattern": "[file:hashes.SHA1 = 'a68cc8f8e92e0cfcd8ca551a12d2ceb56a09959d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fd-65a0-4dc6-a550-440502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:45.000Z",
            "modified": "2016-06-06T11:56:45.000Z",
            "description": "StillerX sample (2016-06-01) - Xchecked via VT: 011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de",
            "pattern": "[file:hashes.MD5 = '9bdedb2ed6fb049c4d58469716f9737a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--575564fd-4084-417a-8a33-4d8a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:45.000Z",
            "modified": "2016-06-06T11:56:45.000Z",
            "first_observed": "2016-06-06T11:56:45Z",
            "last_observed": "2016-06-06T11:56:45Z",
            "number_observed": 1,
            "object_refs": [
                "url--575564fd-4084-417a-8a33-4d8a02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--575564fd-4084-417a-8a33-4d8a02de0b81",
            "value": "https://www.virustotal.com/file/011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de/analysis/1464964307/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fd-cf54-4538-b70e-433602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:45.000Z",
            "modified": "2016-06-06T11:56:45.000Z",
            "description": "StillerX sample (2016-04-29) - Xchecked via VT: 7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88",
            "pattern": "[file:hashes.SHA1 = '5a3a0ed4c3b6c5cc6e6d5b7db707e60e5d049442']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--575564fe-8ca4-41d0-9f52-433202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:46.000Z",
            "modified": "2016-06-06T11:56:46.000Z",
            "description": "StillerX sample (2016-04-29) - Xchecked via VT: 7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88",
            "pattern": "[file:hashes.MD5 = '1b8d33f27c9fac662028c788a86e80fd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-06-06T11:56:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--575564fe-9fe4-4c3a-adc6-41ea02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-06-06T11:56:46.000Z",
            "modified": "2016-06-06T11:56:46.000Z",
            "first_observed": "2016-06-06T11:56:46Z",
            "last_observed": "2016-06-06T11:56:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--575564fe-9fe4-4c3a-adc6-41ea02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--575564fe-9fe4-4c3a-adc6-41ea02de0b81",
            "value": "https://www.virustotal.com/file/7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88/analysis/1464964304/"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--5755628d-ebd4-4150-abb0-4bfd950d210f",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T12:00:13.000Z",`
			`"modified": "2016-06-06T12:00:13.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--5755628d-ebd4-4150-abb0-4bfd950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T12:00:13.000Z",`
			`"modified": "2016-06-06T12:00:13.000Z",`
			`"name": "OSINT - CryptXXX Ransomware Learns the Samba, Other New Tricks With Version 3.100",`
			`"published": "2016-06-06T12:11:49Z",`
			`"object_refs": [`
			`"observed-data--5755630a-b728-4018-919c-4396950d210f",`
			`"url--5755630a-b728-4018-919c-4396950d210f",`
			`"x-misp-attribute--57556324-f848-48fe-b41c-4954950d210f",`
			`"indicator--57556351-973c-48c8-aa87-4672950d210f",`
			`"indicator--57556421-ae98-438b-9b9f-4b44950d210f",`
			`"indicator--575564c0-3360-41aa-89dc-464e950d210f",`
			`"indicator--575564d2-3238-48dd-8b3f-4272950d210f",`
			`"indicator--575564e2-8fa4-4206-827e-475a950d210f",`
			`"indicator--575564fc-c040-4d55-8b48-4bfd02de0b81",`
			`"indicator--575564fc-f68c-419c-b73c-4ec902de0b81",`
			`"observed-data--575564fc-97cc-40f4-a02d-495902de0b81",`
			`"url--575564fc-97cc-40f4-a02d-495902de0b81",`
			`"indicator--575564fc-7644-4049-bf11-4f3d02de0b81",`
			`"indicator--575564fc-3c30-46d5-a432-4cc002de0b81",`
			`"observed-data--575564fd-d104-4573-8bdd-4ac302de0b81",`
			`"url--575564fd-d104-4573-8bdd-4ac302de0b81",`
			`"indicator--575564fd-63ec-4199-aad2-448902de0b81",`
			`"indicator--575564fd-65a0-4dc6-a550-440502de0b81",`
			`"observed-data--575564fd-4084-417a-8a33-4d8a02de0b81",`
			`"url--575564fd-4084-417a-8a33-4d8a02de0b81",`
			`"indicator--575564fd-cf54-4538-b70e-433602de0b81",`
			`"indicator--575564fe-8ca4-41d0-9f52-433202de0b81",`
			`"observed-data--575564fe-9fe4-4c3a-adc6-41ea02de0b81",`
			`"url--575564fe-9fe4-4c3a-adc6-41ea02de0b81"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"type:OSINT",`
			`"ecsirt:malicious-code=\"ransomware\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5755630a-b728-4018-919c-4396950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:48:26.000Z",`
			`"modified": "2016-06-06T11:48:26.000Z",`
			`"first_observed": "2016-06-06T11:48:26Z",`
			`"last_observed": "2016-06-06T11:48:26Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5755630a-b728-4018-919c-4396950d210f"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5755630a-b728-4018-919c-4396950d210f",`
			`"value": "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100"`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--57556324-f848-48fe-b41c-4954950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:48:52.000Z",`
			`"modified": "2016-06-06T11:48:52.000Z",`
			`"labels": [`
			`"misp:type=\"comment\"",`
			`"misp:category=\"External analysis\""`
			`],`
			`"x_misp_category": "External analysis",`
			`"x_misp_type": "comment",`
			"x_misp_value": "Proofpoint researchers have been tracking the rapid development of CryptXXX since they first discovered the ransomware in April [1]. In mid-May, the first major CryptXXX update temporarily broke the decryption tool available from our colleagues at Kaspersky Labs and locked the screens of infected PCs, making it harder to access the file systems [3]. Last week, we observed the latest version of CryptXXX (Version 3.100) in the wild, which introduced additional capabilities including network share encryption. For the time being, at least, it has once again rendered the decryption tool ineffective.\r\n\r\nThis new round of updates means that even if users are able to decrypt their files, whether through an updated third-party tool or by paying the ransom, CryptXXX can still cause significant downtime by encrypting files on network shares. In this post, we also detail for the first time the StillerX module that underlies the information-stealing capabilities in CryptXXX and allows threat actors to sell credentials or launch targeted attacks.\r\n- See more at: https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100#sthash.A46I51Xy.dpuf"
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--57556351-973c-48c8-aa87-4672950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:49:37.000Z",`
			`"modified": "2016-06-06T11:49:37.000Z",`
			`"description": "CryptXXX C&C (communication is non-SSL TCP on port 443)",`
			`"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.25.194.116']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:49:37Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"ip-dst\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--57556421-ae98-438b-9b9f-4b44950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:53:05.000Z",`
			`"modified": "2016-06-06T11:53:05.000Z",`
			`"description": "StillerX sample (2016-04-29)",`
			`"pattern": "[file:hashes.SHA256 = '7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:53:05Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564c0-3360-41aa-89dc-464e950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:55:44.000Z",`
			`"modified": "2016-06-06T11:55:44.000Z",`
			`"description": "StillerX sample (2016-06-01)",`
			`"pattern": "[file:hashes.SHA256 = '011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:55:44Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564d2-3238-48dd-8b3f-4272950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:02.000Z",`
			`"modified": "2016-06-06T11:56:02.000Z",`
			`"description": "CryptXXX sample (2016-05-28)",`
			`"pattern": "[file:hashes.SHA256 = '36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:02Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564e2-8fa4-4206-827e-475a950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:30.000Z",`
			`"modified": "2016-06-06T11:56:30.000Z",`
			`"description": "CryptXXX sample (2016-05-31)",`
			`"pattern": "[file:hashes.SHA256 = '139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:30Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fc-c040-4d55-8b48-4bfd02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:44.000Z",`
			`"modified": "2016-06-06T11:56:44.000Z",`
			`"description": "CryptXXX sample (2016-05-31) - Xchecked via VT: 139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863",`
			`"pattern": "[file:hashes.SHA1 = 'a3ce6e877365857c9de757d7a4183c9a6f98eb93']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:44Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha1\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fc-f68c-419c-b73c-4ec902de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:44.000Z",`
			`"modified": "2016-06-06T11:56:44.000Z",`
			`"description": "CryptXXX sample (2016-05-31) - Xchecked via VT: 139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863",`
			`"pattern": "[file:hashes.MD5 = 'cb7769918a8237f08a4ef748aca2d9c4']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:44Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--575564fc-97cc-40f4-a02d-495902de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:44.000Z",`
			`"modified": "2016-06-06T11:56:44.000Z",`
			`"first_observed": "2016-06-06T11:56:44Z",`
			`"last_observed": "2016-06-06T11:56:44Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--575564fc-97cc-40f4-a02d-495902de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--575564fc-97cc-40f4-a02d-495902de0b81",`
			`"value": "https://www.virustotal.com/file/139c9a4f3d8c2b244408644a78be6fdac353cc173727b47cb087e5b9fff10863/analysis/1464720315/"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fc-7644-4049-bf11-4f3d02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:44.000Z",`
			`"modified": "2016-06-06T11:56:44.000Z",`
			`"description": "CryptXXX sample (2016-05-28) - Xchecked via VT: 36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c",`
			`"pattern": "[file:hashes.SHA1 = 'b0735aabb42c1105475983ce2f00228655cecd09']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:44Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha1\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fc-3c30-46d5-a432-4cc002de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:44.000Z",`
			`"modified": "2016-06-06T11:56:44.000Z",`
			`"description": "CryptXXX sample (2016-05-28) - Xchecked via VT: 36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c",`
			`"pattern": "[file:hashes.MD5 = 'e2ba73dc7ad68e65249e1672d5cb2dc3']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:44Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--575564fd-d104-4573-8bdd-4ac302de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:45.000Z",`
			`"modified": "2016-06-06T11:56:45.000Z",`
			`"first_observed": "2016-06-06T11:56:45Z",`
			`"last_observed": "2016-06-06T11:56:45Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--575564fd-d104-4573-8bdd-4ac302de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--575564fd-d104-4573-8bdd-4ac302de0b81",`
			`"value": "https://www.virustotal.com/file/36b96a2a476449f8a8653b04d4d5f506409d110235eafc60613207aba762d62c/analysis/1464973888/"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fd-63ec-4199-aad2-448902de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:45.000Z",`
			`"modified": "2016-06-06T11:56:45.000Z",`
			`"description": "StillerX sample (2016-06-01) - Xchecked via VT: 011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de",`
			`"pattern": "[file:hashes.SHA1 = 'a68cc8f8e92e0cfcd8ca551a12d2ceb56a09959d']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:45Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha1\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fd-65a0-4dc6-a550-440502de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:45.000Z",`
			`"modified": "2016-06-06T11:56:45.000Z",`
			`"description": "StillerX sample (2016-06-01) - Xchecked via VT: 011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de",`
			`"pattern": "[file:hashes.MD5 = '9bdedb2ed6fb049c4d58469716f9737a']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:45Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--575564fd-4084-417a-8a33-4d8a02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:45.000Z",`
			`"modified": "2016-06-06T11:56:45.000Z",`
			`"first_observed": "2016-06-06T11:56:45Z",`
			`"last_observed": "2016-06-06T11:56:45Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--575564fd-4084-417a-8a33-4d8a02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--575564fd-4084-417a-8a33-4d8a02de0b81",`
			`"value": "https://www.virustotal.com/file/011ff7879fbc4a51fd5acea6ef8a0cc7ee7afda35452063b627efe6cfb7c23de/analysis/1464964307/"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fd-cf54-4538-b70e-433602de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:45.000Z",`
			`"modified": "2016-06-06T11:56:45.000Z",`
			`"description": "StillerX sample (2016-04-29) - Xchecked via VT: 7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88",`
			`"pattern": "[file:hashes.SHA1 = '5a3a0ed4c3b6c5cc6e6d5b7db707e60e5d049442']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:45Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha1\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--575564fe-8ca4-41d0-9f52-433202de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:46.000Z",`
			`"modified": "2016-06-06T11:56:46.000Z",`
			`"description": "StillerX sample (2016-04-29) - Xchecked via VT: 7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88",`
			`"pattern": "[file:hashes.MD5 = '1b8d33f27c9fac662028c788a86e80fd']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2016-06-06T11:56:46Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--575564fe-9fe4-4c3a-adc6-41ea02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2016-06-06T11:56:46.000Z",`
			`"modified": "2016-06-06T11:56:46.000Z",`
			`"first_observed": "2016-06-06T11:56:46Z",`
			`"last_observed": "2016-06-06T11:56:46Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--575564fe-9fe4-4c3a-adc6-41ea02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--575564fe-9fe4-4c3a-adc6-41ea02de0b81",`
			`"value": "https://www.virustotal.com/file/7e6ef093a00b60cc4d487725b1b02103a94b5a9299f5a752d48510e9180e2f88/analysis/1464964304/"`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
			`]`
			`}`