441 lines
19 KiB
JSON
441 lines
19 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--599d5067-8168-43bf-971f-497a950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T12:00:23.000Z",
|
||
|
"modified": "2017-08-23T12:00:23.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "grouping",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "grouping--599d5067-8168-43bf-971f-497a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T12:00:23.000Z",
|
||
|
"modified": "2017-08-23T12:00:23.000Z",
|
||
|
"name": "OSINT - Malicious script dropping an executable signed by Avast?",
|
||
|
"context": "suspicious-activity",
|
||
|
"object_refs": [
|
||
|
"observed-data--599d5076-3860-4293-803d-4bd5950d210f",
|
||
|
"url--599d5076-3860-4293-803d-4bd5950d210f",
|
||
|
"x-misp-attribute--599d508f-0070-49fe-82ad-474b950d210f",
|
||
|
"observed-data--599d50c1-3250-4e6c-887d-42b2950d210f",
|
||
|
"email-message--599d50c1-3250-4e6c-887d-42b2950d210f",
|
||
|
"indicator--599d512d-3dec-4480-ad56-45bb950d210f",
|
||
|
"indicator--599d5169-8bcc-47ae-b5f4-42e4950d210f",
|
||
|
"indicator--599d521f-5cb8-40a6-ad5b-4eb9950d210f",
|
||
|
"indicator--599d52e1-1e84-4c24-9ee7-1992950d210f",
|
||
|
"indicator--599d530d-27b4-424a-819a-426d950d210f",
|
||
|
"observed-data--599d5475-c4d4-4400-984a-4a96950d210f",
|
||
|
"url--599d5475-c4d4-4400-984a-4a96950d210f",
|
||
|
"observed-data--599d5475-03a8-4fa8-b299-48de950d210f",
|
||
|
"url--599d5475-03a8-4fa8-b299-48de950d210f",
|
||
|
"indicator--599d6e3f-5458-4c0b-94f0-904802de0b81",
|
||
|
"indicator--599d6e3f-540c-486e-83ab-904802de0b81",
|
||
|
"observed-data--599d6e3f-d8f4-4e01-a929-904802de0b81",
|
||
|
"url--599d6e3f-d8f4-4e01-a929-904802de0b81",
|
||
|
"indicator--599d6e3f-b368-4103-936e-904802de0b81",
|
||
|
"indicator--599d6e3f-24c8-4b3b-a62a-904802de0b81",
|
||
|
"observed-data--599d6e3f-35b4-4889-b8a8-904802de0b81",
|
||
|
"url--599d6e3f-35b4-4889-b8a8-904802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--599d5076-3860-4293-803d-4bd5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T12:00:23.000Z",
|
||
|
"modified": "2017-08-23T12:00:23.000Z",
|
||
|
"first_observed": "2017-08-23T12:00:23Z",
|
||
|
"last_observed": "2017-08-23T12:00:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--599d5076-3860-4293-803d-4bd5950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--599d5076-3860-4293-803d-4bd5950d210f",
|
||
|
"value": "https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--599d508f-0070-49fe-82ad-474b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Yesterday, I found an interesting sample that I started to analyze\u2026 It reached my spam trap attached to an email in Portuguese with the subject: \"Venho por meio desta solicitar or\u00e7amento dos produtos\u201d (\"I hereby request the products budget\u201d). There was one attached ZIP archive: PanilhaOrcamento.zip (SHA1: 3c159f65ba88bb208df30822d2a88b6531e4d0a7) with a VT score of 0/58."
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--599d50c1-3250-4e6c-887d-42b2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"first_observed": "2017-08-23T11:59:59Z",
|
||
|
"last_observed": "2017-08-23T11:59:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--599d50c1-3250-4e6c-887d-42b2950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-subject\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--599d50c1-3250-4e6c-887d-42b2950d210f",
|
||
|
"is_multipart": false,
|
||
|
"subject": "Venho por meio desta solicitar or\u00e7amento dos produtos"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d512d-3dec-4480-ad56-45bb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"pattern": "[file:name = 'PanilhaOrcamento.zip' AND file:hashes.SHA1 = '3c159f65ba88bb208df30822d2a88b6531e4d0a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d5169-8bcc-47ae-b5f4-42e4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"pattern": "[file:name = 'Panilha Orcamento Contabil 32f5.bat' AND file:hashes.SHA1 = 'c191821ddb1db46349afdb08789312ce418696d1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d521f-5cb8-40a6-ad5b-4eb9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"pattern": "[url:value = 'https://1591523753.rsc.cdn77.org/p2r.php?']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d52e1-1e84-4c24-9ee7-1992950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"description": "file signed by Avast",
|
||
|
"pattern": "[file:name = 'C:\\\\rx hsdj\\\\o\\\\i\\\\x\\\\ffax bnzx\\\\fvenotify.exe' AND file:hashes.SHA256 = '6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d530d-27b4-424a-819a-426d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"pattern": "[file:name = 'C:\\\\rx hsdj\\\\o\\\\i\\\\x\\\\ffax bnzx\\\\secur32.dll' AND file:hashes.SHA256 = '2ee0c761a25310e34c9d3c9d3e810192d8bbd10d4051522e3eefdc1bd71a17bb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--599d5475-c4d4-4400-984a-4a96950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"first_observed": "2017-08-23T11:59:59Z",
|
||
|
"last_observed": "2017-08-23T11:59:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--599d5475-c4d4-4400-984a-4a96950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--599d5475-c4d4-4400-984a-4a96950d210f",
|
||
|
"value": "https://www.virustotal.com/#/file/9329de591b51c367908f2916307a4d2277caa2c766f2cecac8d06e02a2416246/detection"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--599d5475-03a8-4fa8-b299-48de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"first_observed": "2017-08-23T11:59:59Z",
|
||
|
"last_observed": "2017-08-23T11:59:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--599d5475-03a8-4fa8-b299-48de950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--599d5475-03a8-4fa8-b299-48de950d210f",
|
||
|
"value": "https://www.virustotal.com/#/file/6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7/detection"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d6e3f-5458-4c0b-94f0-904802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"description": "file signed by Avast - Xchecked via VT: 6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7",
|
||
|
"pattern": "[file:hashes.SHA1 = 'da7d5d84ec06da830330601077f5d01075de2ed5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d6e3f-540c-486e-83ab-904802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"description": "file signed by Avast - Xchecked via VT: 6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7",
|
||
|
"pattern": "[file:hashes.MD5 = '5fd9e7a51f49eae4d722cabd84999ef5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--599d6e3f-d8f4-4e01-a929-904802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"first_observed": "2017-08-23T11:59:59Z",
|
||
|
"last_observed": "2017-08-23T11:59:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--599d6e3f-d8f4-4e01-a929-904802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--599d6e3f-d8f4-4e01-a929-904802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6d28d5453d0c2ca132ba3b3d7f0a121427090c1eb52f7d2a5c3e4e5440411bc7/analysis/1503339647/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d6e3f-b368-4103-936e-904802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"description": "- Xchecked via VT: 3c159f65ba88bb208df30822d2a88b6531e4d0a7",
|
||
|
"pattern": "[file:hashes.SHA256 = '9329de591b51c367908f2916307a4d2277caa2c766f2cecac8d06e02a2416246']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--599d6e3f-24c8-4b3b-a62a-904802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"description": "- Xchecked via VT: 3c159f65ba88bb208df30822d2a88b6531e4d0a7",
|
||
|
"pattern": "[file:hashes.MD5 = '6fcaa7422eceea72bff4e663e4ce708e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-23T11:59:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--599d6e3f-35b4-4889-b8a8-904802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-23T11:59:59.000Z",
|
||
|
"modified": "2017-08-23T11:59:59.000Z",
|
||
|
"first_observed": "2017-08-23T11:59:59Z",
|
||
|
"last_observed": "2017-08-23T11:59:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--599d6e3f-35b4-4889-b8a8-904802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--599d6e3f-35b4-4889-b8a8-904802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9329de591b51c367908f2916307a4d2277caa2c766f2cecac8d06e02a2416246/analysis/1503343138/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|