misp-circl-feed/feeds/circl/stix-2.1/571de51c-4f04-491f-b34a-4567950d210f.json

577 lines
145 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--571de51c-4f04-491f-b34a-4567950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-17T16:17:00.000Z",
"modified": "2016-05-17T16:17:00.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--571de51c-4f04-491f-b34a-4567950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-17T16:17:00.000Z",
"modified": "2016-05-17T16:17:00.000Z",
"name": "OSINT - TWO BYTES TO $951M (SWIFT payment system abuse)",
"published": "2016-05-17T16:17:14Z",
"object_refs": [
"observed-data--571de55b-62c4-4164-a6b8-4912950d210f",
"url--571de55b-62c4-4164-a6b8-4912950d210f",
"x-misp-attribute--571de56d-9d20-4984-9f77-475b950d210f",
"indicator--571de5a5-b484-480f-bf60-4d4b950d210f",
"indicator--571de5a5-c824-4d41-a44b-43da950d210f",
"indicator--571de5a5-d18c-4a5a-b7d8-4b30950d210f",
"indicator--571de5a5-e3f8-46bb-a301-43ff950d210f",
"indicator--571de5be-0198-4c01-a9c7-4bd002de0b81",
"indicator--571de5be-2994-4d3e-ae5b-4aef02de0b81",
"observed-data--571de5be-97cc-48d7-b0df-432102de0b81",
"url--571de5be-97cc-48d7-b0df-432102de0b81",
"indicator--571de5be-8280-488c-a1bf-437502de0b81",
"indicator--571de5be-f358-4523-b8ee-41a202de0b81",
"observed-data--571de5be-941c-4514-b651-4a9202de0b81",
"url--571de5be-941c-4514-b651-4a9202de0b81",
"indicator--571de5bf-ad68-4e97-8c1b-412702de0b81",
"indicator--571de5bf-064c-4a4c-a302-4bdf02de0b81",
"observed-data--571de5bf-0df4-421c-bb52-4f7c02de0b81",
"url--571de5bf-0df4-421c-bb52-4f7c02de0b81",
"indicator--571de5bf-f638-4ae5-820f-473002de0b81",
"indicator--571de5bf-0b34-45ba-b14c-44fd02de0b81",
"observed-data--571de5bf-b9bc-48f8-9821-478602de0b81",
"url--571de5bf-b9bc-48f8-9821-478602de0b81",
"indicator--571de5ef-8fa8-4d8e-a3e1-4c79950d210f",
"indicator--571de60d-6454-4aa4-b4e7-4352950d210f",
"observed-data--571de6a3-4548-4238-8b4d-4396950d210f",
"file--571de6a3-4548-4238-8b4d-4396950d210f",
"artifact--571de6a3-4548-4238-8b4d-4396950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:topic=\"finance\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571de55b-62c4-4164-a6b8-4912950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:37:31.000Z",
"modified": "2016-04-25T09:37:31.000Z",
"first_observed": "2016-04-25T09:37:31Z",
"last_observed": "2016-04-25T09:37:31Z",
"number_observed": 1,
"object_refs": [
"url--571de55b-62c4-4164-a6b8-4912950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571de55b-62c4-4164-a6b8-4912950d210f",
"value": "http://baesystemsai.blogspot.lu/2016/04/two-bytes-to-951m.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--571de56d-9d20-4984-9f77-475b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:37:49.000Z",
"modified": "2016-04-25T09:37:49.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In February 2016 one of the largest cyber heists was committed and subsequently disclosed. An unknown attacker gained access to the Bangladesh Bank\u00e2\u20ac\u2122s (BB) SWIFT payment system and reportedly instructed an American bank to transfer money from BB\u00e2\u20ac\u2122s account to accounts in The Philippines. The attackers attempted to steal $951m, of which $81m is still unaccounted for. \r\n\r\nThe technical details of the attack have yet to be made public, however we\u00e2\u20ac\u2122ve recently identified tools uploaded to online malware repositories that we believe are linked to the heist. The custom malware was submitted by a user in Bangladesh, and contains sophisticated functionality for interacting with local SWIFT Alliance Access software running in the victim infrastructure. \r\n\r\nThis malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers\u00e2\u20ac\u2122 tracks as they sent forged payment instructions to make the transfers. This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place. \r\n\r\nThe tools are highly configurable and given the correct access could feasibly be used for similar attacks in the future."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5a5-b484-480f-bf60-4d4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:38:45.000Z",
"modified": "2016-04-25T09:38:45.000Z",
"description": "evtdiag.exe",
"pattern": "[file:hashes.SHA1 = '525a8e3ae4e3df8c9c61f2a49e38541d196e9228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5a5-c824-4d41-a44b-43da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:38:45.000Z",
"modified": "2016-04-25T09:38:45.000Z",
"description": "evtsys.exe",
"pattern": "[file:hashes.SHA1 = '76bab478dcc70f979ce62cd306e9ba50ee84e37e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5a5-d18c-4a5a-b7d8-4b30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:38:45.000Z",
"modified": "2016-04-25T09:38:45.000Z",
"description": "nroff_b.exe",
"pattern": "[file:hashes.SHA1 = '70bf16597e375ad691f2c1efa194dbe7f60e4eeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5a5-e3f8-46bb-a301-43ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:38:45.000Z",
"modified": "2016-04-25T09:38:45.000Z",
"description": "gpca.dat",
"pattern": "[file:hashes.SHA1 = '6207b92842b28a438330a2bf0ee8dcab7ef0a163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5be-0198-4c01-a9c7-4bd002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:10.000Z",
"modified": "2016-04-25T09:39:10.000Z",
"description": "gpca.dat - Xchecked via VT: 6207b92842b28a438330a2bf0ee8dcab7ef0a163",
"pattern": "[file:hashes.SHA256 = 'b07b37f0246bd436addbe5d702b12485d7bc8a9ef1475b54bff513a18e68fef7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5be-2994-4d3e-ae5b-4aef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:10.000Z",
"modified": "2016-04-25T09:39:10.000Z",
"description": "gpca.dat - Xchecked via VT: 6207b92842b28a438330a2bf0ee8dcab7ef0a163",
"pattern": "[file:hashes.MD5 = 'f7272bb1374bf3af193ea1d1845b27fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571de5be-97cc-48d7-b0df-432102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:10.000Z",
"modified": "2016-04-25T09:39:10.000Z",
"first_observed": "2016-04-25T09:39:10Z",
"last_observed": "2016-04-25T09:39:10Z",
"number_observed": 1,
"object_refs": [
"url--571de5be-97cc-48d7-b0df-432102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571de5be-97cc-48d7-b0df-432102de0b81",
"value": "https://www.virustotal.com/file/b07b37f0246bd436addbe5d702b12485d7bc8a9ef1475b54bff513a18e68fef7/analysis/1461049792/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5be-8280-488c-a1bf-437502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:10.000Z",
"modified": "2016-04-25T09:39:10.000Z",
"description": "nroff_b.exe - Xchecked via VT: 70bf16597e375ad691f2c1efa194dbe7f60e4eeb",
"pattern": "[file:hashes.SHA256 = '5b7c970fee7ebe08d50665f278d47d0e34c04acc19a91838de6a3fc63a8e5630']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5be-f358-4523-b8ee-41a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:10.000Z",
"modified": "2016-04-25T09:39:10.000Z",
"description": "nroff_b.exe - Xchecked via VT: 70bf16597e375ad691f2c1efa194dbe7f60e4eeb",
"pattern": "[file:hashes.MD5 = '1d0e79feb6d7ed23eb1bf7f257ce4fee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571de5be-941c-4514-b651-4a9202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:10.000Z",
"modified": "2016-04-25T09:39:10.000Z",
"first_observed": "2016-04-25T09:39:10Z",
"last_observed": "2016-04-25T09:39:10Z",
"number_observed": 1,
"object_refs": [
"url--571de5be-941c-4514-b651-4a9202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571de5be-941c-4514-b651-4a9202de0b81",
"value": "https://www.virustotal.com/file/5b7c970fee7ebe08d50665f278d47d0e34c04acc19a91838de6a3fc63a8e5630/analysis/1460698377/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5bf-ad68-4e97-8c1b-412702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:11.000Z",
"modified": "2016-04-25T09:39:11.000Z",
"description": "evtsys.exe - Xchecked via VT: 76bab478dcc70f979ce62cd306e9ba50ee84e37e",
"pattern": "[file:hashes.SHA256 = 'ae086350239380f56470c19d6a200f7d251c7422c7bc5ce74730ee8bab8e6283']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5bf-064c-4a4c-a302-4bdf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:11.000Z",
"modified": "2016-04-25T09:39:11.000Z",
"description": "evtsys.exe - Xchecked via VT: 76bab478dcc70f979ce62cd306e9ba50ee84e37e",
"pattern": "[file:hashes.MD5 = '5d0ffbc8389f27b0649696f0ef5b3cfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571de5bf-0df4-421c-bb52-4f7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:11.000Z",
"modified": "2016-04-25T09:39:11.000Z",
"first_observed": "2016-04-25T09:39:11Z",
"last_observed": "2016-04-25T09:39:11Z",
"number_observed": 1,
"object_refs": [
"url--571de5bf-0df4-421c-bb52-4f7c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571de5bf-0df4-421c-bb52-4f7c02de0b81",
"value": "https://www.virustotal.com/file/ae086350239380f56470c19d6a200f7d251c7422c7bc5ce74730ee8bab8e6283/analysis/1461067332/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5bf-f638-4ae5-820f-473002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:11.000Z",
"modified": "2016-04-25T09:39:11.000Z",
"description": "evtdiag.exe - Xchecked via VT: 525a8e3ae4e3df8c9c61f2a49e38541d196e9228",
"pattern": "[file:hashes.SHA256 = '4659dadbf5b07c8c3c36ae941f71b631737631bc3fded2fe2af250ceba98959a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5bf-0b34-45ba-b14c-44fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:11.000Z",
"modified": "2016-04-25T09:39:11.000Z",
"description": "evtdiag.exe - Xchecked via VT: 525a8e3ae4e3df8c9c61f2a49e38541d196e9228",
"pattern": "[file:hashes.MD5 = '24d76abbc0a10e4c977a28b33c879248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571de5bf-b9bc-48f8-9821-478602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:11.000Z",
"modified": "2016-04-25T09:39:11.000Z",
"first_observed": "2016-04-25T09:39:11Z",
"last_observed": "2016-04-25T09:39:11Z",
"number_observed": 1,
"object_refs": [
"url--571de5bf-b9bc-48f8-9821-478602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--571de5bf-b9bc-48f8-9821-478602de0b81",
"value": "https://www.virustotal.com/file/4659dadbf5b07c8c3c36ae941f71b631737631bc3fded2fe2af250ceba98959a/analysis/1461049613/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de5ef-8fa8-4d8e-a3e1-4c79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:39:59.000Z",
"modified": "2016-04-25T09:39:59.000Z",
"description": "The configuration file contains a list of transaction IDs, some additional environment information, and the following IP address to be used for command-and-control (C&C):",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.202.103.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-25T09:39:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--571de60d-6454-4aa4-b4e7-4352950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-17T16:17:00.000Z",
"modified": "2016-05-17T16:17:00.000Z",
"pattern": "[file:name = '\\\\Users\\\\Administrator\\\\AppData\\\\Local\\\\Allians\\\\gpca.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-17T16:17:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--571de6a3-4548-4238-8b4d-4396950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-25T09:42:59.000Z",
"modified": "2016-04-25T09:42:59.000Z",
"first_observed": "2016-04-25T09:42:59Z",
"last_observed": "2016-04-25T09:42:59Z",
"number_observed": 1,
"object_refs": [
"file--571de6a3-4548-4238-8b4d-4396950d210f",
"artifact--571de6a3-4548-4238-8b4d-4396950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--571de6a3-4548-4238-8b4d-4396950d210f",
"name": "http://baesystemsai.blogspot.lu/2016/04/two-bytes-to-951m.html",
"content_ref": "artifact--571de6a3-4548-4238-8b4d-4396950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--571de6a3-4548-4238-8b4d-4396950d210f",
"payload_bin": "PCFET0NUWVBFIGh0bWw+CjxodG1sIHhtbG5zPSdodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sJyB4bWxuczpiPSdodHRwOi8vd3d3Lmdvb2dsZS5jb20vMjAwNS9nbWwvYicgeG1sbnM6ZGF0YT0naHR0cDovL3d3dy5nb29nbGUuY29tLzIwMDUvZ21sL2RhdGEnIHhtbG5zOmV4cHI9J2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS8yMDA1L2dtbC9leHByJz4KPGhlYWQ+CjxsaW5rIGhyZWY9J2h0dHA6Ly9mb250cy5nb29nbGVhcGlzLmNvbS9jc3M/ZmFtaWx5PU9wZW4rU2Fuczo3MDAsNDAwLDMwMHxWaWdhfFBUK1NlcmlmOjQwMCw3MDAsNDAwaXRhbGljLDcwMGl0YWxpYycgcmVsPSdzdHlsZXNoZWV0Jy8+CjxsaW5rIGhyZWY9J2h0dHA6Ly9mb250cy5nb29nbGVhcGlzLmNvbS9jc3M/ZmFtaWx5PU9zd2FsZDo0MDAsNzAwLDMwMCcgcmVsPSdzdHlsZXNoZWV0JyB0eXBlPSd0ZXh0L2NzcycvPgo8bWV0YSBjaGFyc2V0PSd1dGYtOCcvPgo8bWV0YSBjb250ZW50PSd3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wJyBuYW1lPSd2aWV3cG9ydCcvPgo8bWV0YSBjb250ZW50PSdJRT1lZGdlLGNocm9tZT0xJyBodHRwLWVxdWl2PSdYLVVBLUNvbXBhdGlibGUnLz4KPG1ldGEgY29udGVudD0ndGV4dC9odG1sOyBjaGFyc2V0PVVURi04JyBodHRwLWVxdWl2PSdDb250ZW50LVR5cGUnLz4KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPihmdW5jdGlvbigpIHsgKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gYyhhKXt0aGlzLnQ9e307dGhpcy50aWNrPWZ1bmN0aW9uKGEsYyxiKXt2YXIgZD12b2lkIDAhPWI/YjoobmV3IERhdGUpLmdldFRpbWUoKTt0aGlzLnRbYV09W2QsY107aWYodm9pZCAwPT1iKXRyeXt3aW5kb3cuY29uc29sZS50aW1lU3RhbXAoIkNTSS8iK2EpfWNhdGNoKGUpe319O3RoaXMudGljaygic3RhcnQiLG51bGwsYSl9dmFyIGE7d2luZG93LnBlcmZvcm1hbmNlJiYoYT13aW5kb3cucGVyZm9ybWFuY2UudGltaW5nKTt2YXIgaD1hP25ldyBjKGEucmVzcG9uc2VTdGFydCk6bmV3IGM7d2luZG93LmpzdGltaW5nPXtUaW1lcjpjLGxvYWQ6aH07aWYoYSl7dmFyIGI9YS5uYXZpZ2F0aW9uU3RhcnQsZT1hLnJlc3BvbnNlU3RhcnQ7MDxiJiZlPj1iJiYod2luZG93LmpzdGltaW5nLnNydD1lLWIpfWlmKGEpe3ZhciBkPXdpbmRvdy5qc3RpbWluZy5sb2FkOzA8YiYmZT49YiYmKGQudGljaygiX3d0c3J0Iix2b2lkIDAsYiksZC50aWNrKCJ3dHNydF8iLAoiX3d0c3J0IixlKSxkLnRpY2soInRic2RfIiwid3RzcnRfIikpfXRyeXthPW51bGwsd2luZG93LmNocm9tZSYmd2luZG93LmNocm9tZS5jc2kmJihhPU1hdGguZmxvb3Iod2luZG93LmNocm9tZS5jc2koKS5wYWdlVCksZCYmMDxiJiYoZC50aWNrKCJfdGJuZCIsdm9pZCAwLHdpbmRvdy5jaHJvbWUuY3NpKCkuc3RhcnRFKSxkLnRpY2soInRibmRfIiwiX3RibmQiLGIpKSksbnVsbD09YSYmd2luZG93Lmd0YkV4dGVybmFsJiYoYT13aW5kb3cuZ3RiRXh0ZXJuYWwucGFnZVQoKSksbnVsbD09YSYmd2luZG93LmV4dGVybmFsJiYoYT13aW5kb3cuZXh0ZXJuYWwucGFnZVQsZCYmMDxiJiYoZC50aWNrKCJfdGJuZCIsdm9pZCAwLHdpbmRvdy5leHRlcm5hbC5zdGFydEUpLGQudGljaygidGJuZF8iLCJfdGJuZCIsYikpKSxhJiYod2luZG93LmpzdGltaW5nLnB0PWEpfWNhdGNoKGspe319KSgpO3dpbmRvdy50aWNrQWJvdmVGb2xkPWZ1bmN0aW9uKGMpe3ZhciBhPTA7aWYoYy5vZmZzZXRQYXJlbnQpe2RvIGErPWMub2Zmc2V0VG9wO3doaWxlKGM9Yy5vZmZzZXRQYXJlbnQpfWM9YTs3NTA+PWMmJndpbmRvdy5qc3RpbWluZy5sb2FkLnRpY2soImFmdCIpfTt2YXIgZj0hMTtmdW5jdGlvbiBnKCl7Znx8KGY9ITAsd2luZG93LmpzdGltaW5nLmxvYWQudGljaygiZmlyc3RTY3JvbGxUaW1lIikpfXdpbmRvdy5hZGRFdmVudExpc3RlbmVyP3dpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJzY3JvbGwiLGcsITEpOndpbmRvdy5hdHRhY2hFdmVudCgib25zY3JvbGwiLGcpOwogfSkoKTs8L3NjcmlwdD4KPG1ldGEgY29udGVudD0nYmxvZ2dlcicgbmFtZT0nZ2VuZXJhdG9yJy8+CjxsaW5rIGhyZWY9J2h0dHA6Ly9iYWVzeXN0ZW1zYWkuYmxvZ3Nwb3QuY29tLmVzL2Zhdmljb24uaWNvJyByZWw9J2ljb24nIHR5cGU9J2ltYWdlL3gtaWNvbicvPgo8bGluayBocmVmPSdodHRwOi8vYmFlc3lzdGVtc2FpLmJsb2dzcG90LmNvbS8yMDE2LzA0L3R3by1ieXRlcy10by05NTFtLmh0bWwnIHJlbD0nY2Fub25pY2FsJy8+CjxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9hdG9tK3htbCIgdGl0bGU9IkJBRSBTeXN0ZW1zIFRocmVhdCBSZXNlYXJjaCBCbG9nIC0gQXRvbSIgaHJlZj0iaHR0cDovL2JhZXN5c3RlbXNhaS5ibG9nc3BvdC5jb20vZmVlZHMvcG9zdHMvZGVmYXVsdCIgLz4KPGxpbmsgcmVsPSJhbHRlcm5hdGUiIHR5cGU9ImFwcGxpY2F0aW9uL3Jzcyt4bWwiIHRpdGxlPSJCQUUgU3lzdGVtcyBUaHJlYXQgUmVzZWFyY2ggQmxvZyAtIFJTUyIgaHJlZj0iaHR0cDovL2JhZXN5c3RlbXNhaS5ibG9nc3BvdC5jb20vZmVlZHMvcG9zdHMvZGVmYXVsdD9hbHQ9cnNzIiAvPgo8bGluayByZWw9InNlcnZpY2UucG9zdCIgdHlwZT0iYXBwbGljYXRpb24vYXRvbSt4bWwiIHRpdGxlPSJCQUUgU3lzdGVtcyBUaHJlYXQgUmVzZWFyY2ggQmxvZyAtIEF0b20iIGhyZWY9Imh0dHBzOi8vd3d3LmJsb2dnZXIuY29tL2ZlZWRzLzczNDU1MTUwODU4Mzg0MjI3OTkvcG9zdHMvZGVmYXVsdCIgLz4KCjxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9hdG9tK3htbCIgdGl0bGU9IkJBRSBTeXN0ZW1zIFRocmVhdCBSZXNlYXJjaCBCbG9nIC0gQXRvbSIgaHJlZj0iaHR0cDovL2JhZXN5c3RlbXNhaS5ibG9nc3BvdC5jb20vZmVlZHMvMzU1NDQ2MDU2MzYwMTY4ODk4L2NvbW1lbnRzL2RlZmF1bHQiIC8+CjxsaW5rIGhyZWY9J2h0dHBzOi8vMi5icC5ibG9nc3BvdC5jb20vLWtKZzhvN2xZSHp3L1Z4aE1sMXFCQ3JJL0FBQUFBQUFBQWZBL24tVXVySUk4cTJFeXlhVWxZTXd2Z05qVmRXQTRpSzdPZ0NMY0IvczY0MC9
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}