876 lines
38 KiB
JSON
876 lines
38 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56dc93a4-5a6c-470d-9c9b-4e9902de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-07T08:35:30.000Z",
|
||
|
"modified": "2016-03-07T08:35:30.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56dc93a4-5a6c-470d-9c9b-4e9902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-07T08:35:30.000Z",
|
||
|
"modified": "2016-03-07T08:35:30.000Z",
|
||
|
"name": "OSINT - New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer",
|
||
|
"published": "2016-03-07T08:36:54Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--56dc93be-d390-4377-82cb-49cf02de0b81",
|
||
|
"url--56dc93be-d390-4377-82cb-49cf02de0b81",
|
||
|
"indicator--56dc93e5-4c30-4f24-82fc-434802de0b81",
|
||
|
"indicator--56dc93e5-fc70-4680-aa2d-494a02de0b81",
|
||
|
"indicator--56dc93e6-86ac-4ac2-98f2-413c02de0b81",
|
||
|
"indicator--56dc93e6-adac-4282-a062-485f02de0b81",
|
||
|
"indicator--56dc93e6-e290-4489-803f-4b7c02de0b81",
|
||
|
"indicator--56dc93e7-2fd0-4b80-b378-4d4702de0b81",
|
||
|
"x-misp-attribute--56dc93fc-4dd4-4bfe-894e-48a102de0b81",
|
||
|
"indicator--56dc9420-1368-4259-8c98-489a02de0b81",
|
||
|
"indicator--56dc9420-f8cc-4387-bc53-450f02de0b81",
|
||
|
"indicator--56dc9421-1ccc-46b1-8490-4aa402de0b81",
|
||
|
"indicator--56dc9421-5d8c-45fb-ba7d-424e02de0b81",
|
||
|
"indicator--56dc9421-e5b4-4527-967d-4fe202de0b81",
|
||
|
"indicator--56dc9421-9300-4c6c-be38-478e02de0b81",
|
||
|
"indicator--56dc9443-d870-4509-9d9f-434802de0b81",
|
||
|
"indicator--56dc9444-7a0c-4639-bbba-4af202de0b81",
|
||
|
"observed-data--56dc9444-9d10-4be0-b1d0-4aa002de0b81",
|
||
|
"url--56dc9444-9d10-4be0-b1d0-4aa002de0b81",
|
||
|
"indicator--56dc9444-dc2c-4d09-81d0-40d402de0b81",
|
||
|
"indicator--56dc9445-499c-4bda-bcb6-4af402de0b81",
|
||
|
"observed-data--56dc9445-2b00-4197-b2e2-4c3f02de0b81",
|
||
|
"url--56dc9445-2b00-4197-b2e2-4c3f02de0b81",
|
||
|
"indicator--56dc9445-ce5c-44c4-a315-41cd02de0b81",
|
||
|
"indicator--56dc9445-24e0-46a9-b8a8-498b02de0b81",
|
||
|
"observed-data--56dc9446-e51c-44cc-99f8-483402de0b81",
|
||
|
"url--56dc9446-e51c-44cc-99f8-483402de0b81",
|
||
|
"indicator--56dc9446-f4cc-4f5c-8ba7-4bfc02de0b81",
|
||
|
"indicator--56dc9446-f628-40c4-abde-46b202de0b81",
|
||
|
"observed-data--56dc9447-33e4-4cd8-9ebf-4aa502de0b81",
|
||
|
"url--56dc9447-33e4-4cd8-9ebf-4aa502de0b81",
|
||
|
"indicator--56dc9447-47e8-4c94-bb95-472102de0b81",
|
||
|
"indicator--56dc9447-547c-4cda-9caa-478302de0b81",
|
||
|
"observed-data--56dc9447-0350-4947-b63f-4c5802de0b81",
|
||
|
"url--56dc9447-0350-4947-b63f-4c5802de0b81",
|
||
|
"indicator--56dc9448-9050-44a5-9e8c-4a3302de0b81",
|
||
|
"indicator--56dc9448-6488-4152-816e-411d02de0b81",
|
||
|
"observed-data--56dc9448-d060-4412-9815-4c3f02de0b81",
|
||
|
"url--56dc9448-d060-4412-9815-4c3f02de0b81",
|
||
|
"x-misp-attribute--56dc9469-a334-4c0d-9ab7-416402de0b81",
|
||
|
"x-misp-attribute--56dd3d52-8768-4ce1-a546-48f0950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc93be-d390-4377-82cb-49cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:31:58.000Z",
|
||
|
"modified": "2016-03-06T20:31:58.000Z",
|
||
|
"first_observed": "2016-03-06T20:31:58Z",
|
||
|
"last_observed": "2016-03-06T20:31:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc93be-d390-4377-82cb-49cf02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc93be-d390-4377-82cb-49cf02de0b81",
|
||
|
"value": "http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc93e5-4c30-4f24-82fc-434802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:32:37.000Z",
|
||
|
"modified": "2016-03-06T20:32:37.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[url:value = 'lclebb6kvohlkcml.onion.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:32:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc93e5-fc70-4680-aa2d-494a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:32:37.000Z",
|
||
|
"modified": "2016-03-06T20:32:37.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'lclebb6kvohlkcml.onion.nu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:32:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc93e6-86ac-4ac2-98f2-413c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:32:38.000Z",
|
||
|
"modified": "2016-03-06T20:32:38.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[url:value = 'bmacyzmea723xyaz.onion.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:32:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc93e6-adac-4282-a062-485f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:32:38.000Z",
|
||
|
"modified": "2016-03-06T20:32:38.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'bmacyzmea723xyaz.onion.nu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:32:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc93e6-e290-4489-803f-4b7c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:32:38.000Z",
|
||
|
"modified": "2016-03-06T20:32:38.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[url:value = 'nejdtkok7oz5kjoc.onion.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:32:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc93e7-2fd0-4b80-b378-4d4702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:32:39.000Z",
|
||
|
"modified": "2016-03-06T20:32:39.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'nejdtkok7oz5kjoc.onion.nu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:32:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56dc93fc-4dd4-4bfe-894e-48a102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:00.000Z",
|
||
|
"modified": "2016-03-06T20:33:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Antivirus detection\""
|
||
|
],
|
||
|
"x_misp_category": "Antivirus detection",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "Ransomware.OSX.KeRanger"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9420-1368-4259-8c98-489a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:36.000Z",
|
||
|
"modified": "2016-03-06T20:33:36.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:33:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9420-f8cc-4387-bc53-450f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:36.000Z",
|
||
|
"modified": "2016-03-06T20:33:36.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:33:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9421-1ccc-46b1-8490-4aa402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:37.000Z",
|
||
|
"modified": "2016-03-06T20:33:37.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger",
|
||
|
"pattern": "[file:hashes.SHA256 = '31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:33:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9421-5d8c-45fb-ba7d-424e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:37.000Z",
|
||
|
"modified": "2016-03-06T20:33:37.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:33:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9421-e5b4-4527-967d-4fe202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:37.000Z",
|
||
|
"modified": "2016-03-06T20:33:37.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:33:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9421-9300-4c6c-be38-478e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:33:37.000Z",
|
||
|
"modified": "2016-03-06T20:33:37.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger",
|
||
|
"pattern": "[file:hashes.SHA256 = '6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:33:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9443-d870-4509-9d9f-434802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:11.000Z",
|
||
|
"modified": "2016-03-06T20:34:11.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: 6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153",
|
||
|
"pattern": "[file:hashes.SHA1 = '260f02e7dd4a62575eca7c1a09f3e6b152733e40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9444-7a0c-4639-bbba-4af202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:12.000Z",
|
||
|
"modified": "2016-03-06T20:34:12.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: 6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153",
|
||
|
"pattern": "[file:hashes.MD5 = '861c3da2bbce6c09eda2709c8994f34c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc9444-9d10-4be0-b1d0-4aa002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:12.000Z",
|
||
|
"modified": "2016-03-06T20:34:12.000Z",
|
||
|
"first_observed": "2016-03-06T20:34:12Z",
|
||
|
"last_observed": "2016-03-06T20:34:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc9444-9d10-4be0-b1d0-4aa002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc9444-9d10-4be0-b1d0-4aa002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6061a554f5997a43c91f49f8aaf40c80a3f547fc6187bee57cd5573641fcf153/analysis/1457131054/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9444-dc2c-4d09-81d0-40d402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:12.000Z",
|
||
|
"modified": "2016-03-06T20:34:12.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f2fe3ff6da97a5adfc9278c475536883adcef93b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9445-499c-4bda-bcb6-4af402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:13.000Z",
|
||
|
"modified": "2016-03-06T20:34:13.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a",
|
||
|
"pattern": "[file:hashes.MD5 = '3151d9a085d14508fa9f10d48afc7016']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc9445-2b00-4197-b2e2-4c3f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:13.000Z",
|
||
|
"modified": "2016-03-06T20:34:13.000Z",
|
||
|
"first_observed": "2016-03-06T20:34:13Z",
|
||
|
"last_observed": "2016-03-06T20:34:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc9445-2b00-4197-b2e2-4c3f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc9445-2b00-4197-b2e2-4c3f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ddc3dbee2a8ea9d8ed93f0843400653a89350612f2914868485476a847c6484a/analysis/1457131063/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9445-ce5c-44c4-a315-41cd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:13.000Z",
|
||
|
"modified": "2016-03-06T20:34:13.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e2f6d5912565ad3a2c9b3393cf7aff0110738f5c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9445-24e0-46a9-b8a8-498b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:13.000Z",
|
||
|
"modified": "2016-03-06T20:34:13.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5",
|
||
|
"pattern": "[file:hashes.MD5 = '24a8f01cfdc4228b4fc9bb87fedf6eb7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc9446-e51c-44cc-99f8-483402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:14.000Z",
|
||
|
"modified": "2016-03-06T20:34:14.000Z",
|
||
|
"first_observed": "2016-03-06T20:34:14Z",
|
||
|
"last_observed": "2016-03-06T20:34:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc9446-e51c-44cc-99f8-483402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc9446-e51c-44cc-99f8-483402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5/analysis/1457294776/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9446-f4cc-4f5c-8ba7-4bfc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:14.000Z",
|
||
|
"modified": "2016-03-06T20:34:14.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: 31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fd1f246ee9effafba0811fd692e2e76947e82687']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9446-f628-40c4-abde-46b202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:14.000Z",
|
||
|
"modified": "2016-03-06T20:34:14.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: 31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9",
|
||
|
"pattern": "[file:hashes.MD5 = '14a4df1df622562b3bf5bc9a94e6a783']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc9447-33e4-4cd8-9ebf-4aa502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:15.000Z",
|
||
|
"modified": "2016-03-06T20:34:15.000Z",
|
||
|
"first_observed": "2016-03-06T20:34:15Z",
|
||
|
"last_observed": "2016-03-06T20:34:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc9447-33e4-4cd8-9ebf-4aa502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc9447-33e4-4cd8-9ebf-4aa502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/31b6adb633cff2a0f34cefd2a218097f3a9a8176c9363cc70fe41fe02af810b9/analysis/1457127744/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9447-47e8-4c94-bb95-472102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:15.000Z",
|
||
|
"modified": "2016-03-06T20:34:15.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f4c95047938cd66368f1f0fe7cbf87de8378a1fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9447-547c-4cda-9caa-478302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:15.000Z",
|
||
|
"modified": "2016-03-06T20:34:15.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574",
|
||
|
"pattern": "[file:hashes.MD5 = '56b1d956112b0b7bd3e44f20cf1f2c19']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc9447-0350-4947-b63f-4c5802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:15.000Z",
|
||
|
"modified": "2016-03-06T20:34:15.000Z",
|
||
|
"first_observed": "2016-03-06T20:34:15Z",
|
||
|
"last_observed": "2016-03-06T20:34:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc9447-0350-4947-b63f-4c5802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc9447-0350-4947-b63f-4c5802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e3ad733cea9eba29e86610050c1a15592e6c77820927b9edeb77310975393574/analysis/1457127757/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9448-9050-44a5-9e8c-4a3302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:16.000Z",
|
||
|
"modified": "2016-03-06T20:34:16.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1",
|
||
|
"pattern": "[file:hashes.SHA1 = '5f8ae46ae82e346000f366c3eabdafbec76e99e9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56dc9448-6488-4152-816e-411d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:16.000Z",
|
||
|
"modified": "2016-03-06T20:34:16.000Z",
|
||
|
"description": "Samples of Ransomware.OSX.KeRanger - Xchecked via VT: d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1",
|
||
|
"pattern": "[file:hashes.MD5 = '1d6297e2427f1d00a5b355d6d50809cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-06T20:34:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56dc9448-d060-4412-9815-4c3f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:16.000Z",
|
||
|
"modified": "2016-03-06T20:34:16.000Z",
|
||
|
"first_observed": "2016-03-06T20:34:16Z",
|
||
|
"last_observed": "2016-03-06T20:34:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56dc9448-d060-4412-9815-4c3f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56dc9448-d060-4412-9815-4c3f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1/analysis/1457294749/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56dc9469-a334-4c0d-9ab7-416402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-06T20:34:49.000Z",
|
||
|
"modified": "2016-03-06T20:34:49.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware \u00e2\u20ac\u0153KeRanger.\u00e2\u20ac\u009d The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.\r\n\r\nAttackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site (https://download.transmissionbt.com/files/Transmission-2.90.dmg) Transmission is an open source project. It\u00e2\u20ac\u2122s possible that Transmission\u00e2\u20ac\u2122s official website was compromised and the files were replaced by re-compiled malicious versions, but we can\u00e2\u20ac\u2122t confirm how this infection occurred."
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56dd3d52-8768-4ce1-a546-48f0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-07T08:35:30.000Z",
|
||
|
"modified": "2016-03-07T08:35:30.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1PGAUBqHNcwSHYKnpHgzCrPkyxNxvsmEof"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|