2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5c225981-ae64-4141-8a37-430a02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:42:46.000Z" ,
"modified" : "2018-12-26T21:42:46.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5c225981-ae64-4141-8a37-430a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:42:46.000Z" ,
"modified" : "2018-12-26T21:42:46.000Z" ,
"name" : "OSINT - Destructive Shamoon Malware Continues its Return with a New Anti-American Message" ,
"published" : "2018-12-26T21:42:48Z" ,
"object_refs" : [
"observed-data--5c225990-7df0-46a3-8fee-4cb202de0b81" ,
"url--5c225990-7df0-46a3-8fee-4cb202de0b81" ,
"x-misp-attribute--5c2259a6-f400-4bce-ac8d-493102de0b81" ,
"observed-data--5c225a92-e620-4078-96a5-4d8402de0b81" ,
"x509-certificate--5c225a92-e620-4078-96a5-4d8402de0b81" ,
"observed-data--5c225d74-4938-48b1-a404-4e9802de0b81" ,
"file--5c225d74-4938-48b1-a404-4e9802de0b81" ,
"observed-data--5c225d74-ed64-4f4b-8094-4e9a02de0b81" ,
"file--5c225d74-ed64-4f4b-8094-4e9a02de0b81" ,
"indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81" ,
"indicator--5c225a67-c328-4d9e-9076-a51902de0b81" ,
"indicator--5c225af5-c140-458f-b353-4e1d02de0b81" ,
"x-misp-object--8d89302c-d05e-4557-85ae-4717b031f335" ,
"x-misp-object--d6dc565c-ce26-46ea-ad7b-4fd231f06f72" ,
"x-misp-object--d6f1dcfb-ad11-482d-b7af-105f27616350" ,
"x-misp-object--6672ba95-da71-4081-8a5c-34ce8863a146" ,
"x-misp-object--331ae947-e60d-48b4-9b21-325c2acde6ce" ,
"x-misp-object--c3943d4b-93b1-4f83-b1db-a683329ce623" ,
2024-08-07 08:13:15 +00:00
"relationship--66d1ec7b-011c-466a-8054-07dbb1e2448f" ,
"relationship--34d1ecf9-1538-47d4-8311-5792ab5aa5ba" ,
"relationship--887451e5-c9c6-4a14-8865-ff75356ab10f" ,
"relationship--9518b4bb-71a3-409a-9842-faa652b30467"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:tool=\"Shamoon\"" ,
"misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon\"" ,
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c225990-7df0-46a3-8fee-4cb202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:23:44.000Z" ,
"modified" : "2018-12-25T16:23:44.000Z" ,
"first_observed" : "2018-12-25T16:23:44Z" ,
"last_observed" : "2018-12-25T16:23:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c225990-7df0-46a3-8fee-4cb202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c225990-7df0-46a3-8fee-4cb202de0b81" ,
"value" : "https://www.anomali.com/blog/destructive-shamoon-malware-continues-its-return-with-a-new-anti-american-message"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5c2259a6-f400-4bce-ac8d-493102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:24:06.000Z" ,
"modified" : "2018-12-25T16:24:06.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Anomali Labs in its continued hunt for the destructive Shamoon malware, has identified a new Shamoon malware sample that uses an image of a burning US Dollar as part of its destructive attack. Historic versions of the Shamoon destructive wiper have utilized images of a burning American flag and the drowned Syrian refugee and child Alan Kurdi as part of targeted attacks attributed to the Iranian State. The image includes the text \"WE WILL TAKE REVENGE ON THE BLOOD AND TEARS OF OUR CHILDREN\" which is displayed in tandem with the overwriting of files on a victim's system.\r\n\r\nThe newest Shamoon sample was uploaded from France on December 23, 2018 and utilizes the commercial packing tool Enigma version 4 as a means of obfuscation. As observed in previous Shamoon samples the internal file name invokes a known PC tool, likely as a lure to allay initial user suspicion. In this case the malicious internal file name is \"Baidu PC Faster\" and uses the description \"Baidu WiFi Hotspot Setup\". A closer inspection of the file resources utilized by the sample reveals similarities with Shamoon V2 malware. Specifically, the resource \"GRANT\" is included which indicates that this sample was like compiled based on the second version of the codebase."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c225a92-e620-4078-96a5-4d8402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:28:02.000Z" ,
"modified" : "2018-12-25T16:28:02.000Z" ,
"first_observed" : "2018-12-25T16:28:02Z" ,
"last_observed" : "2018-12-25T16:28:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"x509-certificate--5c225a92-e620-4078-96a5-4d8402de0b81"
] ,
"labels" : [
"misp:type=\"x509-fingerprint-sha1\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "x509-certificate" ,
"spec_version" : "2.1" ,
"id" : "x509-certificate--5c225a92-e620-4078-96a5-4d8402de0b81" ,
"hashes" : {
"SHA-1" : "4b953f30f1de4dfef894b136daa155ceafc243a0"
}
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c225d74-4938-48b1-a404-4e9802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:40:20.000Z" ,
"modified" : "2018-12-25T16:40:20.000Z" ,
"first_observed" : "2018-12-25T16:40:20Z" ,
"last_observed" : "2018-12-25T16:40:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c225d74-4938-48b1-a404-4e9802de0b81"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c225d74-4938-48b1-a404-4e9802de0b81" ,
"name" : "gfxprc_X64_pro.exe"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c225d74-ed64-4f4b-8094-4e9a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:40:20.000Z" ,
"modified" : "2018-12-25T16:40:20.000Z" ,
"first_observed" : "2018-12-25T16:40:20Z" ,
"last_observed" : "2018-12-25T16:40:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c225d74-ed64-4f4b-8094-4e9a02de0b81"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c225d74-ed64-4f4b-8094-4e9a02de0b81" ,
"name" : "gfxprc_X64.exe"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:42:44.000Z" ,
"modified" : "2018-12-26T21:42:44.000Z" ,
"description" : "Shamoon (Packed)" ,
"pattern" : "[file:hashes.MD5 = 'd0c3852e376423247ae45c24592880b6' AND file:hashes.SHA1 = '7335b8bdc62f35e2579ba18b91dc6227c586ef75' AND file:hashes.SHA256 = 'f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-26T21:42:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c225a67-c328-4d9e-9076-a51902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:42:45.000Z" ,
"modified" : "2018-12-26T21:42:45.000Z" ,
"description" : "Shamoon (Unpacked)" ,
"pattern" : "[file:hashes.MD5 = '5711ac3dd15b019f558ec29e68d13ca9' AND file:hashes.SHA1 = 'b18b92a25078aa5f23a9987fd9038440b58b9566' AND file:hashes.SHA256 = 'c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-26T21:42:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c225af5-c140-458f-b353-4e1d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:29:41.000Z" ,
"modified" : "2018-12-25T16:29:41.000Z" ,
"pattern" : "[x509-certificate:hashes.SHA1 = '4b953f30f1de4dfef894b136daa155ceafc243a0' AND x509-certificate:issuer = 'CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa c10, OU=VeriSign Trust Network, O=\\\\\"VeriSign, Inc.\\\\\", C=US\r\nSerial: 5faee9e83f32948f3b2040ac6df0145c' AND x509-certificate:serial_number = '5faee9e83f32948f3b2040ac6df0145c' AND x509-certificate:subject = 'CN=\\\\\"Baidu Online Network Technology Beijing Co.,Ltd.\\\\\", OU=Baidu security, O=\\\\\"Baidu Online Network Technology Beijing Co.,Ltd.\\\\\", L=Beijing, ST=Beijing, C=CN']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-25T16:29:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"x509\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8d89302c-d05e-4557-85ae-4717b031f335" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:35:15.000Z" ,
"modified" : "2018-12-25T16:35:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-24T12:02:45" ,
"category" : "Other" ,
"uuid" : "24757b25-e392-4525-b407-8c37aeb11fe7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545652965/" ,
"category" : "External analysis" ,
"uuid" : "ff29c3a5-6fd7-433f-8a09-c432727c88ca"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/69" ,
"category" : "Other" ,
"uuid" : "582751d6-7f02-4f98-ad88-85bb6f4a62b0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d6dc565c-ce26-46ea-ad7b-4fd231f06f72" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-25T16:35:16.000Z" ,
"modified" : "2018-12-25T16:35:16.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-24T15:16:39" ,
"category" : "Other" ,
"uuid" : "c5f5eb09-38ee-4bfa-b02e-d0df84f64dde"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545664599/" ,
"category" : "External analysis" ,
"uuid" : "c78c0cb0-5e91-4886-ab6e-4fcd5558c7a3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/68" ,
"category" : "Other" ,
"uuid" : "55f75f6c-75a4-48e7-806d-9323b916f2d7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d6f1dcfb-ad11-482d-b7af-105f27616350" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:27:50.000Z" ,
"modified" : "2018-12-26T21:27:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-24T12:02:45" ,
"category" : "Other" ,
"uuid" : "a92b6f8d-367f-47bf-bc24-d7ba884d1cd6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545652965/" ,
"category" : "External analysis" ,
"uuid" : "38ef2af6-3419-4fcf-a241-310d4927f1c9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/69" ,
"category" : "Other" ,
"uuid" : "efec593f-48cd-433f-97aa-bde26003aa72"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6672ba95-da71-4081-8a5c-34ce8863a146" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:27:51.000Z" ,
"modified" : "2018-12-26T21:27:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-26T20:58:38" ,
"category" : "Other" ,
"uuid" : "cc6abc85-e4fd-4877-8928-cf40bd36e0bd"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545857918/" ,
"category" : "External analysis" ,
"uuid" : "cd8c1b95-440e-469f-b4da-2adb4dcce401"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/70" ,
"category" : "Other" ,
"uuid" : "a91f8039-b52b-4b4d-b56e-17a544538240"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--331ae947-e60d-48b4-9b21-325c2acde6ce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:42:45.000Z" ,
"modified" : "2018-12-26T21:42:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-24T12:02:45" ,
"category" : "Other" ,
"uuid" : "caf5dc57-8207-43de-96eb-e8de55273ee1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545652965/" ,
"category" : "External analysis" ,
"uuid" : "006f3849-b2a3-4383-b093-aa18f8577a47"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/69" ,
"category" : "Other" ,
"uuid" : "cfd788c2-f51f-4978-94ec-415097d849ba"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c3943d4b-93b1-4f83-b1db-a683329ce623" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-26T21:42:46.000Z" ,
"modified" : "2018-12-26T21:42:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-26T20:58:38" ,
"category" : "Other" ,
"uuid" : "41a18372-be40-4844-b6db-820b3e6d5812"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545857918/" ,
"category" : "External analysis" ,
"uuid" : "41808df6-6a9f-4c20-94e8-fa206a56f065"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/70" ,
"category" : "Other" ,
"uuid" : "08437b29-50a1-4188-aeeb-d7a9e1c7e60e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--66d1ec7b-011c-466a-8054-07dbb1e2448f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-12-25T16:39:30.000Z" ,
"modified" : "2018-12-25T16:39:30.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81" ,
"target_ref" : "x-misp-object--d6dc565c-ce26-46ea-ad7b-4fd231f06f72"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--34d1ecf9-1538-47d4-8311-5792ab5aa5ba" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-12-26T21:42:47.000Z" ,
"modified" : "2018-12-26T21:42:47.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c225a33-d8ec-4e9d-9c63-42fe02de0b81" ,
"target_ref" : "x-misp-object--c3943d4b-93b1-4f83-b1db-a683329ce623"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--887451e5-c9c6-4a14-8865-ff75356ab10f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-12-25T16:38:20.000Z" ,
"modified" : "2018-12-25T16:38:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c225a67-c328-4d9e-9076-a51902de0b81" ,
"target_ref" : "x-misp-object--8d89302c-d05e-4557-85ae-4717b031f335"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9518b4bb-71a3-409a-9842-faa652b30467" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-12-26T21:42:47.000Z" ,
"modified" : "2018-12-26T21:42:47.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c225a67-c328-4d9e-9076-a51902de0b81" ,
"target_ref" : "x-misp-object--331ae947-e60d-48b4-9b21-325c2acde6ce"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
