{ "type": "bundle", "id": "bundle--570c9b9a-dc20-448a-8f24-443f950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:41.000Z", "modified": "2016-04-12T06:59:41.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--570c9b9a-dc20-448a-8f24-443f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:41.000Z", "modified": "2016-04-12T06:59:41.000Z", "name": "Rokku Ransomware shows possible link with Chimera", "published": "2016-04-12T07:01:12Z", "object_refs": [ "x-misp-attribute--570c9bbc-3e44-4a98-b0d3-4aea950d210f", "observed-data--570c9bc8-fcd0-4608-b703-4848950d210f", "url--570c9bc8-fcd0-4608-b703-4848950d210f", "indicator--570c9c0d-b684-4990-8b90-4dcc950d210f", "indicator--570c9c0d-bc48-4fc6-b1dc-4f17950d210f", "indicator--570c9c0d-addc-4cd3-85fd-4956950d210f", "indicator--570c9c4b-6ad4-427e-8c07-489e950d210f", "indicator--570c9c4b-53c4-464c-9303-4c91950d210f", "x-misp-attribute--570c9c84-3d14-4715-b999-48cf950d210f", "indicator--570c9cdd-39d8-4f9e-802c-402702de0b81", "indicator--570c9cdd-79fc-450e-86b0-486a02de0b81", "observed-data--570c9cde-1aac-4cde-b159-451302de0b81", "url--570c9cde-1aac-4cde-b159-451302de0b81", "indicator--570c9cde-b944-4147-a64c-42fd02de0b81", "indicator--570c9cde-06ac-4ace-8186-4ff702de0b81", "observed-data--570c9cdf-4e74-4cf3-b93a-4e9c02de0b81", "url--570c9cdf-4e74-4cf3-b93a-4e9c02de0b81", "indicator--570c9cdf-7d2c-4580-bef9-44be02de0b81", "indicator--570c9cdf-e470-4fbf-b638-46eb02de0b81", "observed-data--570c9ce0-0140-46c7-b4b9-4a6402de0b81", "url--570c9ce0-0140-46c7-b4b9-4a6402de0b81", "indicator--570c9ce0-f1b0-4d89-b14f-4ff202de0b81", "indicator--570c9ce0-92c4-4f1c-a35c-403102de0b81", "observed-data--570c9ce1-ac20-4b2a-8b30-44e702de0b81", "url--570c9ce1-ac20-4b2a-8b30-44e702de0b81", "indicator--570c9ce1-c698-48aa-b27a-46e602de0b81", "indicator--570c9ce1-5af8-482a-a990-46c702de0b81", "observed-data--570c9ce1-6d14-459a-8a69-4f7502de0b81", "url--570c9ce1-6d14-459a-8a69-4f7502de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--570c9bbc-3e44-4a98-b0d3-4aea950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:54:52.000Z", "modified": "2016-04-12T06:54:52.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Rokku is yet another ransomware, discovered in recent weeks. Currently, it\u00e2\u20ac\u2122s most common distribution method is spam where a malicious executable is dropped by a VB script belonging to the e-mail\u00e2\u20ac\u2122s attachment.\r\n\r\nThe building blocks of Rokku reminded us of the Chimera ransomware. That\u00e2\u20ac\u2122s why we decided to take a closer look, not only at the internal structure of this malware but also at the similarities and differences between these two products." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570c9bc8-fcd0-4608-b703-4848950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:55:04.000Z", "modified": "2016-04-12T06:55:04.000Z", "first_observed": "2016-04-12T06:55:04Z", "last_observed": "2016-04-12T06:55:04Z", "number_observed": 1, "object_refs": [ "url--570c9bc8-fcd0-4608-b703-4848950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570c9bc8-fcd0-4608-b703-4848950d210f", "value": "https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9c0d-b684-4990-8b90-4dcc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:56:13.000Z", "modified": "2016-04-12T06:56:13.000Z", "description": "original executable (malware)", "pattern": "[file:hashes.MD5 = '97512f4617019c907cd0f88193039e7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9c0d-bc48-4fc6-b1dc-4f17950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:56:13.000Z", "modified": "2016-04-12T06:56:13.000Z", "description": "UPX layer removed (malware)", "pattern": "[file:hashes.MD5 = '5a0e3a6e3106e754381bd1cc3295c97f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9c0d-addc-4cd3-85fd-4956950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:56:13.000Z", "modified": "2016-04-12T06:56:13.000Z", "description": "payload: encryptor.dll (malware) - the analysis", "pattern": "[file:hashes.MD5 = 'be6552aed5e7509b3b539cef8a965131']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:56:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9c4b-6ad4-427e-8c07-489e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:57:15.000Z", "modified": "2016-04-12T06:57:15.000Z", "description": "original executable: decryptor.exe (decryptor)", "pattern": "[file:hashes.MD5 = '82fea20bb4c96050b4cf55f83de0f3e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:57:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9c4b-53c4-464c-9303-4c91950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:57:15.000Z", "modified": "2016-04-12T06:57:15.000Z", "description": "UPX layer removed (decryptor)", "pattern": "[file:hashes.MD5 = '1be4a0932a66ebdb9ede56214d8ccdf9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:57:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--570c9c84-3d14-4715-b999-48cf950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:58:12.000Z", "modified": "2016-04-12T06:58:12.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"Artifacts dropped\"" ], "x_misp_category": "Artifacts dropped", "x_misp_comment": "Finally, removing backups and stopping backup services is performed \u00e2\u20ac\u201c by execution of the following commands:", "x_misp_type": "comment", "x_misp_value": "wmic shadowcopy delete /nointeractive\r\nvssadmin delete shadows /all /quiet\r\nreg add \"HKLM\\SYSTEM\\CurrentControlSet\\services\\VSS\" /v Start /t REG_DWORD /d 4 /f\r\nreg add \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore\" /v DisableSR /t REG_DWORD /d 1 /f\r\nnet stop vss\r\nnet stop swprv\r\nnet stop srservice" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9cdd-39d8-4f9e-802c-402702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:41.000Z", "modified": "2016-04-12T06:59:41.000Z", "description": "UPX layer removed (decryptor) - Xchecked via VT: 1be4a0932a66ebdb9ede56214d8ccdf9", "pattern": "[file:hashes.SHA256 = '09eecd70914e38a1ee83295db5834cfdf848bab987a51afa6ed1c3b2dff027fc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9cdd-79fc-450e-86b0-486a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:41.000Z", "modified": "2016-04-12T06:59:41.000Z", "description": "UPX layer removed (decryptor) - Xchecked via VT: 1be4a0932a66ebdb9ede56214d8ccdf9", "pattern": "[file:hashes.SHA1 = '27e46208f348de4df378c8646c14f499d2290793']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570c9cde-1aac-4cde-b159-451302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:42.000Z", "modified": "2016-04-12T06:59:42.000Z", "first_observed": "2016-04-12T06:59:42Z", "last_observed": "2016-04-12T06:59:42Z", "number_observed": 1, "object_refs": [ "url--570c9cde-1aac-4cde-b159-451302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570c9cde-1aac-4cde-b159-451302de0b81", "value": "https://www.virustotal.com/file/09eecd70914e38a1ee83295db5834cfdf848bab987a51afa6ed1c3b2dff027fc/analysis/1459878434/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9cde-b944-4147-a64c-42fd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:42.000Z", "modified": "2016-04-12T06:59:42.000Z", "description": "original executable: decryptor.exe (decryptor) - Xchecked via VT: 82fea20bb4c96050b4cf55f83de0f3e6", "pattern": "[file:hashes.SHA256 = 'e477e3337636b44477bb2feaf4016a0d2ad9eca273b0c2ef9b55ccb2c9902d87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9cde-06ac-4ace-8186-4ff702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:42.000Z", "modified": "2016-04-12T06:59:42.000Z", "description": "original executable: decryptor.exe (decryptor) - Xchecked via VT: 82fea20bb4c96050b4cf55f83de0f3e6", "pattern": "[file:hashes.SHA1 = '035af05addaf8cf9c103bbb27b355477ce336cc1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570c9cdf-4e74-4cf3-b93a-4e9c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:43.000Z", "modified": "2016-04-12T06:59:43.000Z", "first_observed": "2016-04-12T06:59:43Z", "last_observed": "2016-04-12T06:59:43Z", "number_observed": 1, "object_refs": [ "url--570c9cdf-4e74-4cf3-b93a-4e9c02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570c9cdf-4e74-4cf3-b93a-4e9c02de0b81", "value": "https://www.virustotal.com/file/e477e3337636b44477bb2feaf4016a0d2ad9eca273b0c2ef9b55ccb2c9902d87/analysis/1459878217/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9cdf-7d2c-4580-bef9-44be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:43.000Z", "modified": "2016-04-12T06:59:43.000Z", "description": "payload: encryptor.dll (malware) - the analysis - Xchecked via VT: be6552aed5e7509b3b539cef8a965131", "pattern": "[file:hashes.SHA256 = '186073cd4539725cbc26f8dac867c97e21d4c88836305a16acf50a70d6121f51']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9cdf-e470-4fbf-b638-46eb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:43.000Z", "modified": "2016-04-12T06:59:43.000Z", "description": "payload: encryptor.dll (malware) - the analysis - Xchecked via VT: be6552aed5e7509b3b539cef8a965131", "pattern": "[file:hashes.SHA1 = 'da1ad69f282ae49a0af6aa7bef190f434ac18c7b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570c9ce0-0140-46c7-b4b9-4a6402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:44.000Z", "modified": "2016-04-12T06:59:44.000Z", "first_observed": "2016-04-12T06:59:44Z", "last_observed": "2016-04-12T06:59:44Z", "number_observed": 1, "object_refs": [ "url--570c9ce0-0140-46c7-b4b9-4a6402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570c9ce0-0140-46c7-b4b9-4a6402de0b81", "value": "https://www.virustotal.com/file/186073cd4539725cbc26f8dac867c97e21d4c88836305a16acf50a70d6121f51/analysis/1459758054/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9ce0-f1b0-4d89-b14f-4ff202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:44.000Z", "modified": "2016-04-12T06:59:44.000Z", "description": "UPX layer removed (malware) - Xchecked via VT: 5a0e3a6e3106e754381bd1cc3295c97f", "pattern": "[file:hashes.SHA256 = '1c40b5c96d13580f1dfa38f59f177502349aa1c962ff95559e0ec805155eb983']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9ce0-92c4-4f1c-a35c-403102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:44.000Z", "modified": "2016-04-12T06:59:44.000Z", "description": "UPX layer removed (malware) - Xchecked via VT: 5a0e3a6e3106e754381bd1cc3295c97f", "pattern": "[file:hashes.SHA1 = '49239500b0510ce7643c48ebfaf6c9e35aa1cce5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570c9ce1-ac20-4b2a-8b30-44e702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:45.000Z", "modified": "2016-04-12T06:59:45.000Z", "first_observed": "2016-04-12T06:59:45Z", "last_observed": "2016-04-12T06:59:45Z", "number_observed": 1, "object_refs": [ "url--570c9ce1-ac20-4b2a-8b30-44e702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570c9ce1-ac20-4b2a-8b30-44e702de0b81", "value": "https://www.virustotal.com/file/1c40b5c96d13580f1dfa38f59f177502349aa1c962ff95559e0ec805155eb983/analysis/1459828258/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9ce1-c698-48aa-b27a-46e602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:45.000Z", "modified": "2016-04-12T06:59:45.000Z", "description": "original executable (malware) - Xchecked via VT: 97512f4617019c907cd0f88193039e7c", "pattern": "[file:hashes.SHA256 = '438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--570c9ce1-5af8-482a-a990-46c702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:45.000Z", "modified": "2016-04-12T06:59:45.000Z", "description": "original executable (malware) - Xchecked via VT: 97512f4617019c907cd0f88193039e7c", "pattern": "[file:hashes.SHA1 = '24cfa261ee30f697e7d1e2215eee1c21eebf4579']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-04-12T06:59:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--570c9ce1-6d14-459a-8a69-4f7502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-04-12T06:59:45.000Z", "modified": "2016-04-12T06:59:45.000Z", "first_observed": "2016-04-12T06:59:45Z", "last_observed": "2016-04-12T06:59:45Z", "number_observed": 1, "object_refs": [ "url--570c9ce1-6d14-459a-8a69-4f7502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--570c9ce1-6d14-459a-8a69-4f7502de0b81", "value": "https://www.virustotal.com/file/438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499/analysis/1459900992/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }