2023-04-21 15:25:09 +02:00
{
2023-06-14 19:31:25 +02:00
"type" : "bundle" ,
"id" : "bundle--599aa9ab-dd20-4ae1-a3fa-41b5950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:31:35.000Z" ,
"modified" : "2017-08-22T09:31:35.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--599aa9ab-dd20-4ae1-a3fa-41b5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:31:35.000Z" ,
"modified" : "2017-08-22T09:31:35.000Z" ,
"name" : "OSINT - Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack" ,
"published" : "2017-08-22T09:31:40Z" ,
"object_refs" : [
"observed-data--599aa9c0-4c78-432c-ac89-4f21950d210f" ,
"url--599aa9c0-4c78-432c-ac89-4f21950d210f" ,
"x-misp-attribute--599aa9df-3868-455a-9eee-4a7b950d210f" ,
"indicator--599aac56-ee78-4833-b3ec-4d57950d210f" ,
"indicator--599aac8c-01b4-479f-923a-4be1950d210f" ,
"indicator--599aacef-46f4-4c27-9ff5-4761950d210f" ,
"indicator--599aacf0-2780-49c1-bec8-4cbc950d210f" ,
"indicator--599aad87-131c-4268-96da-41fa950d210f" ,
"indicator--599aad88-4574-4084-8bd7-4acf950d210f" ,
"x-misp-attribute--599aafff-d180-48ea-904c-4684950d210f" ,
"indicator--599abd3f-ac00-44a8-8cd2-139402de0b81" ,
"indicator--599abd3f-f9c0-49c7-ba81-139402de0b81" ,
"observed-data--599abd3f-c0fc-4747-97da-139402de0b81" ,
"url--599abd3f-c0fc-4747-97da-139402de0b81" ,
"indicator--599abd3f-b3d4-4d9d-8f76-139402de0b81" ,
"indicator--599abd3f-b4e0-4d85-94b9-139402de0b81" ,
"observed-data--599abd3f-25a4-405b-ad1b-139402de0b81" ,
"url--599abd3f-25a4-405b-ad1b-139402de0b81" ,
"indicator--599abd3f-dcb8-4039-83a5-139402de0b81" ,
"indicator--599abd3f-428c-4a08-9f90-139402de0b81" ,
"observed-data--599abd3f-cfd4-4eab-9f1d-139402de0b81" ,
"url--599abd3f-cfd4-4eab-9f1d-139402de0b81" ,
"indicator--599abf2f-85a0-40a4-aa4c-4a59950d210f" ,
"observed-data--599bf9a1-bf10-4175-a56c-4d7c02de0b81" ,
"url--599bf9a1-bf10-4175-a56c-4d7c02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-intrusion-set=\"Turla\"" ,
"misp-galaxy:threat-actor=\"Turla Group\"" ,
"misp-galaxy:tool=\"Wipbot\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--599aa9c0-4c78-432c-ac89-4f21950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"first_observed" : "2017-08-22T09:30:08Z" ,
"last_observed" : "2017-08-22T09:30:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--599aa9c0-4c78-432c-ac89-4f21950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--599aa9c0-4c78-432c-ac89-4f21950d210f" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--599aa9df-3868-455a-9eee-4a7b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Proofpoint researchers have observed a well-known Russian-speaking APT actor usually referred to as Turla using a new .NET/MSIL dropper for an existing backdoor called JS/KopiLuwak. The backdoor has been analyzed previously and is a robust tool associated with this group, likely being used as an early stage reconnaissance tool."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599aac56-ee78-4833-b3ec-4d57950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak MSIL Dropper" ,
"pattern" : "[file:hashes.SHA256 = '7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599aac8c-01b4-479f-923a-4be1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak JS Dropper" ,
"pattern" : "[file:name = 'Scr.js' AND file:hashes.SHA256 = '1c76a66a670a6f69b4fea25ca0ba4885eca9e1b85a2afbab61da3b4a6d52ae19']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599aacef-46f4-4c27-9ff5-4761950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak JavaScript Decryptor" ,
"pattern" : "[file:name = 'appidpolicyconverter.js' AND file:hashes.SHA256 = '5698c92fb8fe7ded0ff940c75979f44734650e4f2c852bdb4cbc9d46e7993185']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599aacf0-2780-49c1-bec8-4cbc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "Benign PDF Decoy" ,
"pattern" : "[file:name = 'Save the Date G20 Digital Economy Taskforce 23 24 October.pdf' AND file:hashes.SHA256 = 'c978da455018a73ddbc9e1d2bf8c208ad3ec2e622850f68ef6b0aae939e5d2ab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599aad87-131c-4268-96da-41fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak C&C" ,
"pattern" : "[url:value = 'http://www.huluwa.uk/wp-content/plugins/woocommerce/includes/class-wc-log.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599aad88-4574-4084-8bd7-4acf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak C&C" ,
"pattern" : "[url:value = 'http://tresor-rare.com.hk/wp-content/plugins/wordpress-seo/vendor/xrstf/composer-php52/lib/xrstf/Composer52/LogsLoader.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--599aafff-d180-48ea-904c-4684950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "TROJAN Turla JS/KopiLuwak"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abd3f-ac00-44a8-8cd2-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak JavaScript Decryptor - Xchecked via VT: 5698c92fb8fe7ded0ff940c75979f44734650e4f2c852bdb4cbc9d46e7993185" ,
"pattern" : "[file:hashes.SHA1 = 'efb9015be0497bdf6183383ff677fc8474ac69ce']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abd3f-f9c0-49c7-ba81-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak JavaScript Decryptor - Xchecked via VT: 5698c92fb8fe7ded0ff940c75979f44734650e4f2c852bdb4cbc9d46e7993185" ,
"pattern" : "[file:hashes.MD5 = 'df1b4f63c1adb9abfe04e0247956ce66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--599abd3f-c0fc-4747-97da-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"first_observed" : "2017-08-22T09:30:08Z" ,
"last_observed" : "2017-08-22T09:30:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--599abd3f-c0fc-4747-97da-139402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--599abd3f-c0fc-4747-97da-139402de0b81" ,
"value" : "https://www.virustotal.com/file/5698c92fb8fe7ded0ff940c75979f44734650e4f2c852bdb4cbc9d46e7993185/analysis/1503295126/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abd3f-b3d4-4d9d-8f76-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak JS Dropper - Xchecked via VT: 1c76a66a670a6f69b4fea25ca0ba4885eca9e1b85a2afbab61da3b4a6d52ae19" ,
"pattern" : "[file:hashes.SHA1 = '9d7d559ee19321b07785956f8118d96a9ee47fc1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abd3f-b4e0-4d85-94b9-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak JS Dropper - Xchecked via VT: 1c76a66a670a6f69b4fea25ca0ba4885eca9e1b85a2afbab61da3b4a6d52ae19" ,
"pattern" : "[file:hashes.MD5 = 'b318af64676a879dc50b491beccfa951']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--599abd3f-25a4-405b-ad1b-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"first_observed" : "2017-08-22T09:30:08Z" ,
"last_observed" : "2017-08-22T09:30:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--599abd3f-25a4-405b-ad1b-139402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--599abd3f-25a4-405b-ad1b-139402de0b81" ,
"value" : "https://www.virustotal.com/file/1c76a66a670a6f69b4fea25ca0ba4885eca9e1b85a2afbab61da3b4a6d52ae19/analysis/1503311389/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abd3f-dcb8-4039-83a5-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak MSIL Dropper - Xchecked via VT: 7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b" ,
"pattern" : "[file:hashes.SHA1 = '5730e117b1efddc9a438a8bf603ff8b17736453e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abd3f-428c-4a08-9f90-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"description" : "KopiLuwak MSIL Dropper - Xchecked via VT: 7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b" ,
"pattern" : "[file:hashes.MD5 = '7c378d78b7a89aef27e8a3c5066b8511']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--599abd3f-cfd4-4eab-9f1d-139402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"first_observed" : "2017-08-22T09:30:08Z" ,
"last_observed" : "2017-08-22T09:30:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--599abd3f-cfd4-4eab-9f1d-139402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--599abd3f-cfd4-4eab-9f1d-139402de0b81" ,
"value" : "https://www.virustotal.com/file/7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b/analysis/1503304107/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599abf2f-85a0-40a4-aa4c-4a59950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:08.000Z" ,
"modified" : "2017-08-22T09:30:08.000Z" ,
"pattern" : "[file:name = 'Runer.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-22T09:30:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--599bf9a1-bf10-4175-a56c-4d7c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-22T09:30:09.000Z" ,
"modified" : "2017-08-22T09:30:09.000Z" ,
"first_observed" : "2017-08-22T09:30:09Z" ,
"last_observed" : "2017-08-22T09:30:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--599bf9a1-bf10-4175-a56c-4d7c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--599bf9a1-bf10-4175-a56c-4d7c02de0b81" ,
"value" : "https://www.virustotal.com/file/7481e87023604e7534d02339540ddd9565273dd51c13d7677b9b4c9623f0440b/analysis/1503382271/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 15:25:09 +02:00
]
}