{ "type": "bundle", "id": "bundle--5784f9df-02ac-4e17-92bc-7e4502de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:31.000Z", "modified": "2016-07-12T14:16:31.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5784f9df-02ac-4e17-92bc-7e4502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:31.000Z", "modified": "2016-07-12T14:16:31.000Z", "name": "OSINT - NetTraveler APT Targets Russian, European Interests", "published": "2016-07-12T14:17:18Z", "object_refs": [ "observed-data--5784fa2a-8458-4a0c-a95c-810502de0b81", "url--5784fa2a-8458-4a0c-a95c-810502de0b81", "x-misp-attribute--5784fa38-74cc-477f-bd43-7e5002de0b81", "indicator--5784fa79-d184-473b-a5ae-810902de0b81", "indicator--5784fa79-21b8-4987-be1e-810902de0b81", "indicator--5784fa7a-60b8-45c9-a1e5-810902de0b81", "indicator--5784fa7a-84a0-4486-ac75-810902de0b81", "indicator--5784fa7a-a708-4990-b0b2-810902de0b81", "indicator--5784fa7a-cda4-48c9-979b-810902de0b81", "indicator--5784fa7a-9d6c-445a-b764-810902de0b81", "indicator--5784fa7b-5d80-4866-a6ab-810902de0b81", "indicator--5784fa7b-ea18-4c8e-a69c-810902de0b81", "indicator--5784fab0-412c-417b-be07-4f2802de0b81", "indicator--5784fab0-dda0-445d-ae25-465902de0b81", "indicator--5784fab0-4e48-4ce6-812d-472602de0b81", "indicator--5784fab1-fd54-4eb4-88e7-4d2802de0b81", "indicator--5784fab1-b3f8-4eef-ba14-4c9d02de0b81", "indicator--5784fb8d-2db8-494b-ba32-810b02de0b81", "indicator--5784fb8d-1060-456c-8e3f-810b02de0b81", "indicator--5784fb8d-dd64-4930-b8b6-810b02de0b81", "indicator--5784fb8e-2738-4a94-8c2d-810b02de0b81", "indicator--5784fb8e-f0c8-4566-a390-810b02de0b81", "indicator--5784fb8e-d22c-457f-9847-810b02de0b81", "indicator--5784fb8e-da98-44f7-881c-810b02de0b81", "indicator--5784fb8e-ca60-4b4d-9e2a-810b02de0b81", "indicator--5784fb8f-bc08-4eaa-afff-810b02de0b81", "indicator--5784fb8f-9bb8-47b7-9915-810b02de0b81", "indicator--5784fb8f-701c-4f5b-b8c5-810b02de0b81", "indicator--5784fbbf-7edc-492c-9f2b-897902de0b81", "indicator--5784fbbf-6c38-4ec2-a5d0-897902de0b81", "observed-data--5784fbbf-51b0-4f31-a3af-897902de0b81", "url--5784fbbf-51b0-4f31-a3af-897902de0b81", "indicator--5784fbbf-9694-43fd-8d94-897902de0b81", "indicator--5784fbc0-3ef8-4c30-854a-897902de0b81", "observed-data--5784fbc0-5880-40f8-99d8-897902de0b81", "url--5784fbc0-5880-40f8-99d8-897902de0b81", "indicator--5784fbc0-961c-4588-89ba-897902de0b81", "indicator--5784fbc0-d858-4ebf-a529-897902de0b81", "observed-data--5784fbc0-a28c-48a2-b05a-897902de0b81", "url--5784fbc0-a28c-48a2-b05a-897902de0b81", "indicator--5784fbc1-d30c-4ceb-8366-897902de0b81", "indicator--5784fbc1-1264-47ad-950a-897902de0b81", "observed-data--5784fbc1-7b7c-4c2f-94cb-897902de0b81", "url--5784fbc1-7b7c-4c2f-94cb-897902de0b81", "indicator--5784fbc1-5c88-4863-a24a-897902de0b81", "indicator--5784fbc1-5928-4195-840d-897902de0b81", "observed-data--5784fbc2-2194-4940-aa90-897902de0b81", "url--5784fbc2-2194-4940-aa90-897902de0b81", "indicator--5784fbc2-07c4-46d6-b2bd-897902de0b81", "indicator--5784fbc2-4718-443f-bc6e-897902de0b81", "observed-data--5784fbc2-fb6c-4d07-b42f-897902de0b81", "url--5784fbc2-fb6c-4d07-b42f-897902de0b81", "indicator--5784fbc3-5210-4c19-b102-897902de0b81", "indicator--5784fbc3-319c-4095-9990-897902de0b81", "observed-data--5784fbc3-e1a4-475f-89b7-897902de0b81", "url--5784fbc3-e1a4-475f-89b7-897902de0b81", "indicator--5784fbc3-4c24-43c1-b5d5-897902de0b81", "indicator--5784fbc3-4960-474d-b472-897902de0b81", "observed-data--5784fbc4-fbc0-4c27-8494-897902de0b81", "url--5784fbc4-fbc0-4c27-8494-897902de0b81", "indicator--5784fbc4-b124-4199-ae5f-897902de0b81", "indicator--5784fbc4-3b24-448e-9ad8-897902de0b81", "observed-data--5784fbc4-88d8-4785-816b-897902de0b81", "url--5784fbc4-88d8-4785-816b-897902de0b81", "indicator--5784fbc5-f5b8-4f27-91bd-897902de0b81", "indicator--5784fbc5-f5a8-4fa8-ab4e-897902de0b81", "observed-data--5784fbc5-f4fc-485d-8226-897902de0b81", "url--5784fbc5-f4fc-485d-8226-897902de0b81", "indicator--5784fbc5-bd04-447a-a61d-897902de0b81", "indicator--5784fbc5-572c-41b3-88f3-897902de0b81", "observed-data--5784fbc6-c44c-42ed-8ce6-897902de0b81", "url--5784fbc6-c44c-42ed-8ce6-897902de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fa2a-8458-4a0c-a95c-810502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:09:46.000Z", "modified": "2016-07-12T14:09:46.000Z", "first_observed": "2016-07-12T14:09:46Z", "last_observed": "2016-07-12T14:09:46Z", "number_observed": 1, "object_refs": [ "url--5784fa2a-8458-4a0c-a95c-810502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fa2a-8458-4a0c-a95c-810502de0b81", "value": "https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5784fa38-74cc-477f-bd43-7e5002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:10:00.000Z", "modified": "2016-07-12T14:10:00.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Throughout 2016, Proofpoint researchers tracked a cyber-espionage campaign targeting victims in Russia and neighboring countries. The actor utilizes spear phishing campaigns to deliver NetTraveler, also known as TravNet. First observed as early as 2004, NetTraveler is a Trojan used widely in targeted attacks. We believe that this attacker operates out of China. In addition to Russia, targeted regions include neighboring countries such as Mongolia, Belarus, and other European countries. The spear-phishing campaigns we detected use links to RAR-compressed executables and Microsoft Word attachments that exploit the CVE-2012-0158 vulnerability.\r\n\r\nThis particular APT is targeting organizations that include weapons manufacturers, human rights activists, and pro-democracy groups, among others." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa79-d184-473b-a5ae-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:05.000Z", "modified": "2016-07-12T14:11:05.000Z", "description": "NetTraveler C&C and payload hosting site", "pattern": "[domain-name:value = 'www.interfaxru.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa79-21b8-4987-be1e-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:05.000Z", "modified": "2016-07-12T14:11:05.000Z", "description": "NetTraveler C&C and payload hosting site", "pattern": "[domain-name:value = 'www.info-spb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7a-60b8-45c9-a1e5-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:06.000Z", "modified": "2016-07-12T14:11:06.000Z", "description": "NetTraveler C&C", "pattern": "[domain-name:value = 'www.tassnews.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7a-84a0-4486-ac75-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:06.000Z", "modified": "2016-07-12T14:11:06.000Z", "description": "NetTraveler C&C", "pattern": "[domain-name:value = 'www.riaru.net']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7a-a708-4990-b0b2-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:06.000Z", "modified": "2016-07-12T14:11:06.000Z", "description": "NetTraveler C&C", "pattern": "[domain-name:value = 'www.voennovosti.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7a-cda4-48c9-979b-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:06.000Z", "modified": "2016-07-12T14:11:06.000Z", "description": "NetTraveler C&C", "pattern": "[domain-name:value = 'www.mogoogle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7a-9d6c-445a-b764-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:06.000Z", "modified": "2016-07-12T14:11:06.000Z", "description": "NetTraveler C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.231.184.164']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7b-5d80-4866-a6ab-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:07.000Z", "modified": "2016-07-12T14:11:07.000Z", "description": "NetTraveler C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.231.184.163']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fa7b-ea18-4c8e-a69c-810902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:11:07.000Z", "modified": "2016-07-12T14:11:07.000Z", "description": "NetTraveler C&C", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.126.38.107']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:11:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fab0-412c-417b-be07-4f2802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:12:00.000Z", "modified": "2016-07-12T14:12:00.000Z", "description": "NetTraveler payload URL", "pattern": "[url:value = 'http://www.interfaxru.com/html/rostechnologii/20160420.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fab0-dda0-445d-ae25-465902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:12:00.000Z", "modified": "2016-07-12T14:12:00.000Z", "description": "NetTraveler payload URL", "pattern": "[url:value = 'http://www.info-spb.com/analiz/voennye_kommentaria/n148584.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fab0-4e48-4ce6-812d-472602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:12:00.000Z", "modified": "2016-07-12T14:12:00.000Z", "description": "NetTraveler payload URL", "pattern": "[url:value = 'http://www.info-spb.com//worldnews/almaz-antey/no.15.02.2016.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:12:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fab1-fd54-4eb4-88e7-4d2802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:12:01.000Z", "modified": "2016-07-12T14:12:01.000Z", "description": "NetTraveler payload URL", "pattern": "[url:value = 'http://www.info-spb.com/worldnews/mfa/ua/2016-02-16.zip']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:12:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fab1-b3f8-4eef-ba14-4c9d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:12:01.000Z", "modified": "2016-07-12T14:12:01.000Z", "description": "NetTraveler payload URL", "pattern": "[url:value = 'http://www.info-spb.com/worldnews/mfa/uz/03.02.2016.rar']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:12:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8d-2db8-494b-ba32-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:41.000Z", "modified": "2016-07-12T14:15:41.000Z", "description": "20160420.rar", "pattern": "[file:hashes.SHA256 = '5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8d-1060-456c-8e3f-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:41.000Z", "modified": "2016-07-12T14:15:41.000Z", "description": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar", "pattern": "[file:hashes.SHA256 = '67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8d-dd64-4930-b8b6-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:41.000Z", "modified": "2016-07-12T14:15:41.000Z", "description": "20160330.rar", "pattern": "[file:hashes.SHA256 = 'f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8e-2738-4a94-8c2d-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:42.000Z", "modified": "2016-07-12T14:15:42.000Z", "description": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar", "pattern": "[file:hashes.SHA256 = '69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8e-f0c8-4566-a390-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:42.000Z", "modified": "2016-07-12T14:15:42.000Z", "description": "13_11.rar", "pattern": "[file:hashes.SHA256 = '8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8e-d22c-457f-9847-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:42.000Z", "modified": "2016-07-12T14:15:42.000Z", "description": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar", "pattern": "[file:hashes.SHA256 = '1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8e-da98-44f7-881c-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:42.000Z", "modified": "2016-07-12T14:15:42.000Z", "description": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar", "pattern": "[file:hashes.SHA256 = '409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8e-ca60-4b4d-9e2a-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:42.000Z", "modified": "2016-07-12T14:15:42.000Z", "description": "n148584.rar", "pattern": "[file:hashes.SHA256 = '3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8f-bc08-4eaa-afff-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:43.000Z", "modified": "2016-07-12T14:15:43.000Z", "description": "20160623.doc", "pattern": "[file:hashes.SHA256 = '80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8f-9bb8-47b7-9915-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:43.000Z", "modified": "2016-07-12T14:15:43.000Z", "description": "20160607.doc", "pattern": "[file:hashes.SHA256 = '60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fb8f-701c-4f5b-b8c5-810b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:15:43.000Z", "modified": "2016-07-12T14:15:43.000Z", "description": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc", "pattern": "[file:hashes.SHA256 = 'b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:15:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbbf-7edc-492c-9f2b-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:31.000Z", "modified": "2016-07-12T14:16:31.000Z", "description": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a", "pattern": "[file:hashes.SHA1 = 'c64ac1fed412c4abaf7b65342441db01a53d497e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbbf-6c38-4ec2-a5d0-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:31.000Z", "modified": "2016-07-12T14:16:31.000Z", "description": "\u00d0\u0178\u00d0\u203a\u00d0\u0090\u00d0\u009d \u00d0\u00a0\u00d0\u2022\u00d0\u0090\u00d0\u203a\u00d0\u02dc\u00d0\u2014\u00d0\u0090\u00d0\u00a6\u00d0\u02dc\u00d0\u02dc \u00d0\u0178\u00d0\u00a0\u00d0\u017e\u00d0\u2022\u00d0\u0161\u00d0\u00a2\u00d0\u0090.doc - Xchecked via VT: b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a", "pattern": "[file:hashes.MD5 = 'e7f1589362f77d770063922b068e47aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbbf-51b0-4f31-a3af-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:31.000Z", "modified": "2016-07-12T14:16:31.000Z", "first_observed": "2016-07-12T14:16:31Z", "last_observed": "2016-07-12T14:16:31Z", "number_observed": 1, "object_refs": [ "url--5784fbbf-51b0-4f31-a3af-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbbf-51b0-4f31-a3af-897902de0b81", "value": "https://www.virustotal.com/file/b3a5c562e3531fb8be476af4947eaa793a77cc61715284bfb9c380b7048da44a/analysis/1453440894/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbbf-9694-43fd-8d94-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:31.000Z", "modified": "2016-07-12T14:16:31.000Z", "description": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe", "pattern": "[file:hashes.SHA1 = '65335358fab48ab899c29dc488a47aeb97ce607c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc0-3ef8-4c30-854a-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:32.000Z", "modified": "2016-07-12T14:16:32.000Z", "description": "20160607.doc - Xchecked via VT: 60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe", "pattern": "[file:hashes.MD5 = 'aa5a1cd27c964bc229156a521fbd6a4b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc0-5880-40f8-99d8-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:32.000Z", "modified": "2016-07-12T14:16:32.000Z", "first_observed": "2016-07-12T14:16:32Z", "last_observed": "2016-07-12T14:16:32Z", "number_observed": 1, "object_refs": [ "url--5784fbc0-5880-40f8-99d8-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc0-5880-40f8-99d8-897902de0b81", "value": "https://www.virustotal.com/file/60386112fc4b0ddb833fc9a877a9a4f0fe76828ebab4457637b0827106b269fe/analysis/1468011599/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc0-961c-4588-89ba-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:32.000Z", "modified": "2016-07-12T14:16:32.000Z", "description": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692", "pattern": "[file:hashes.SHA1 = 'a617e7da200fff238fcb0e61409ef18e6888f189']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc0-d858-4ebf-a529-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:32.000Z", "modified": "2016-07-12T14:16:32.000Z", "description": "20160623.doc - Xchecked via VT: 80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692", "pattern": "[file:hashes.MD5 = '45782441c73fa949495ffafdb8f9bb62']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc0-a28c-48a2-b05a-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:32.000Z", "modified": "2016-07-12T14:16:32.000Z", "first_observed": "2016-07-12T14:16:32Z", "last_observed": "2016-07-12T14:16:32Z", "number_observed": 1, "object_refs": [ "url--5784fbc0-a28c-48a2-b05a-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc0-a28c-48a2-b05a-897902de0b81", "value": "https://www.virustotal.com/file/80ba8997067025dd830d49d09c57c0dcb1e2f303fa0e093069bd9cff29420692/analysis/1468011596/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc1-d30c-4ceb-8366-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:33.000Z", "modified": "2016-07-12T14:16:33.000Z", "description": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1", "pattern": "[file:hashes.SHA1 = '68507a30c659d2b3f165b9450b6776c58c8f3a23']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc1-1264-47ad-950a-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:33.000Z", "modified": "2016-07-12T14:16:33.000Z", "description": "n148584.rar - Xchecked via VT: 3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1", "pattern": "[file:hashes.MD5 = '31413f6a097a9e07722d122ecdb62f79']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc1-7b7c-4c2f-94cb-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:33.000Z", "modified": "2016-07-12T14:16:33.000Z", "first_observed": "2016-07-12T14:16:33Z", "last_observed": "2016-07-12T14:16:33Z", "number_observed": 1, "object_refs": [ "url--5784fbc1-7b7c-4c2f-94cb-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc1-7b7c-4c2f-94cb-897902de0b81", "value": "https://www.virustotal.com/file/3adacca54c6fe4bb905e233e48dffd8f6d03078d3d2d309d40e2e67a04a70db1/analysis/1468011596/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc1-5c88-4863-a24a-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:33.000Z", "modified": "2016-07-12T14:16:33.000Z", "description": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1", "pattern": "[file:hashes.SHA1 = '135e0e646a8ca2aa08283f85690d0fae654c085f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc1-5928-4195-840d-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:33.000Z", "modified": "2016-07-12T14:16:33.000Z", "description": "\u00d0\u00a2\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a \u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d0\u00b2\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b8\u00d1\u008f \u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d1\u2039 \u00d0\u00b3\u00d0\u00be\u00d1\u0081\u00d1\u0192\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00b0.rar - Xchecked via VT: 409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1", "pattern": "[file:hashes.MD5 = 'a4571b830569d85c0f7d07297219bde9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc2-2194-4940-aa90-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:34.000Z", "modified": "2016-07-12T14:16:34.000Z", "first_observed": "2016-07-12T14:16:34Z", "last_observed": "2016-07-12T14:16:34Z", "number_observed": 1, "object_refs": [ "url--5784fbc2-2194-4940-aa90-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc2-2194-4940-aa90-897902de0b81", "value": "https://www.virustotal.com/file/409bb7f9faf4b7dc168f71084edb695707f22a83a2e79b810a0b4a27966d78f1/analysis/1457504808/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc2-07c4-46d6-b2bd-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:34.000Z", "modified": "2016-07-12T14:16:34.000Z", "description": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599", "pattern": "[file:hashes.SHA1 = 'a047912dfb7c811d9f0c72d662eb081206fad322']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc2-4718-443f-bc6e-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:34.000Z", "modified": "2016-07-12T14:16:34.000Z", "description": "\u00d0\u201c\u00d0\u00bb\u00d0\u00b0\u00d0\u00b2\u00d0\u00bd\u00d1\u2039\u00d0\u00b9 \u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d0\u00b0\u00d0\u00ba\u00d1\u201a\u00d0\u00be\u00d1\u20ac Sputnik\u00e2\u20ac\u201c\u00d0\u00a2\u00d1\u0192\u00d1\u20ac\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00b2 \u00d1\u0081\u00d1\u20ac\u00d0\u00b5\u00d0\u00b4\u00d1\u0192 \u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b5\u00d1\u201a\u00d1\u0081\u00d1\u008f \u00d0\u00b2 \u00d0\u0153\u00d0\u00be\u00d1\u0081\u00d0\u00ba\u00d0\u00b2\u00d1\u0192.rar - Xchecked via VT: 1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599", "pattern": "[file:hashes.MD5 = 'af8a9d91f30566b2ed77617a045761ba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc2-fb6c-4d07-b42f-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:34.000Z", "modified": "2016-07-12T14:16:34.000Z", "first_observed": "2016-07-12T14:16:34Z", "last_observed": "2016-07-12T14:16:34Z", "number_observed": 1, "object_refs": [ "url--5784fbc2-fb6c-4d07-b42f-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc2-fb6c-4d07-b42f-897902de0b81", "value": "https://www.virustotal.com/file/1bcafa596c597868a179fe3d783b8c5bcd1b487d891b99cb90e76e8abd55a599/analysis/1468011597/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc3-5210-4c19-b102-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:35.000Z", "modified": "2016-07-12T14:16:35.000Z", "description": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4", "pattern": "[file:hashes.SHA1 = '6a5082d6b5eb17b832be4a71284a4e1efc7054e1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc3-319c-4095-9990-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:35.000Z", "modified": "2016-07-12T14:16:35.000Z", "description": "13_11.rar - Xchecked via VT: 8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4", "pattern": "[file:hashes.MD5 = '024baaaa8247f1d06a6f803a2226efc4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc3-e1a4-475f-89b7-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:35.000Z", "modified": "2016-07-12T14:16:35.000Z", "first_observed": "2016-07-12T14:16:35Z", "last_observed": "2016-07-12T14:16:35Z", "number_observed": 1, "object_refs": [ "url--5784fbc3-e1a4-475f-89b7-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc3-e1a4-475f-89b7-897902de0b81", "value": "https://www.virustotal.com/file/8e3e5b12f0964e73e4057610ce7a6aa25607c94536762128dabebf9ccfa667d4/analysis/1468011598/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc3-4c24-43c1-b5d5-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:35.000Z", "modified": "2016-07-12T14:16:35.000Z", "description": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf", "pattern": "[file:hashes.SHA1 = '24cd712a744b4b290341417fe2fcde0bdbacd18a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc3-4960-474d-b472-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:35.000Z", "modified": "2016-07-12T14:16:35.000Z", "description": "\u00d0\u00a1\u00d0\u00be\u00d0\u00b2\u00d0\u00bc\u00d0\u00b5\u00d1\u0081\u00d1\u201a\u00d0\u00bd\u00d0\u00be\u00d0\u00b5 \u00d0\u00b0\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00be\u00d0\u00b5 \u00d1\u0192\u00d1\u2021\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00b5 \u00c2\u00ab\u00d0\u0090\u00d0\u00bd\u00d1\u201a\u00d0\u00b8\u00d1\u201a\u00d0\u00b5\u00d1\u20ac\u00d1\u20ac\u00d0\u00be\u00d1\u20ac-2016\u00c2\u00bb.rar - Xchecked via VT: 69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf", "pattern": "[file:hashes.MD5 = 'a93c47161adc1645e2018e5d03cbd104']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc4-fbc0-4c27-8494-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:36.000Z", "modified": "2016-07-12T14:16:36.000Z", "first_observed": "2016-07-12T14:16:36Z", "last_observed": "2016-07-12T14:16:36Z", "number_observed": 1, "object_refs": [ "url--5784fbc4-fbc0-4c27-8494-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc4-fbc0-4c27-8494-897902de0b81", "value": "https://www.virustotal.com/file/69527b0471c2effab2d21106556ace6bd501daf7758b2ebbf3b2780d6399ecbf/analysis/1468011598/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc4-b124-4199-ae5f-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:36.000Z", "modified": "2016-07-12T14:16:36.000Z", "description": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6", "pattern": "[file:hashes.SHA1 = '5cb432180a440b67f0493654514e8378014baad9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc4-3b24-448e-9ad8-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:36.000Z", "modified": "2016-07-12T14:16:36.000Z", "description": "20160330.rar - Xchecked via VT: f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6", "pattern": "[file:hashes.MD5 = '1b3cafb71e8e1ccd13bcbe79e3d5c05c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc4-88d8-4785-816b-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:36.000Z", "modified": "2016-07-12T14:16:36.000Z", "first_observed": "2016-07-12T14:16:36Z", "last_observed": "2016-07-12T14:16:36Z", "number_observed": 1, "object_refs": [ "url--5784fbc4-88d8-4785-816b-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc4-88d8-4785-816b-897902de0b81", "value": "https://www.virustotal.com/file/f3997f8269e4177342aec8816c28cfebaef17a86f22eef15d90b4f9e5b15d8e6/analysis/1468011597/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc5-f5b8-4f27-91bd-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:37.000Z", "modified": "2016-07-12T14:16:37.000Z", "description": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d", "pattern": "[file:hashes.SHA1 = '13df492660de3497d11808e1160463437c20c7c4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc5-f5a8-4fa8-ab4e-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:37.000Z", "modified": "2016-07-12T14:16:37.000Z", "description": "\u00d0\u02dc\u00d0\u00bd\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d1\u008f \u00d0\u00be \u00d0\u00bf\u00d0\u00b5\u00d1\u20ac\u00d0\u00b5\u00d1\u2021\u00d0\u00bd\u00d0\u00b5 \u00d0\u00b7\u00d0\u00be\u00d0\u00bd \u00d0\u00b4\u00d0\u00b5\u00d1\u008f\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be\u00d1\u0081\u00d1\u201a\u00d0\u00b8 \u00d1\u0081\u00d0\u00b5\u00d1\u201a\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b9 \u00d0\u00be\u00d1\u20ac\u00d0\u00b3\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00b7\u00d0\u00b0\u00d1\u2020\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b2 2016 \u00d0\u00b3.rar - Xchecked via VT: 67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d", "pattern": "[file:hashes.MD5 = 'a6777d7632039897a4a7abebb887cba0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc5-f4fc-485d-8226-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:37.000Z", "modified": "2016-07-12T14:16:37.000Z", "first_observed": "2016-07-12T14:16:37Z", "last_observed": "2016-07-12T14:16:37Z", "number_observed": 1, "object_refs": [ "url--5784fbc5-f4fc-485d-8226-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc5-f4fc-485d-8226-897902de0b81", "value": "https://www.virustotal.com/file/67c994ad328cd3d8b954366b2baa5e643b31ed42280548eebbd0c30c53f9e37d/analysis/1467988434/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc5-bd04-447a-a61d-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:37.000Z", "modified": "2016-07-12T14:16:37.000Z", "description": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de", "pattern": "[file:hashes.SHA1 = 'd8137dce31b5e05d8a855fcd1217a1853c05794d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5784fbc5-572c-41b3-88f3-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:37.000Z", "modified": "2016-07-12T14:16:37.000Z", "description": "20160420.rar - Xchecked via VT: 5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de", "pattern": "[file:hashes.MD5 = '3de759a545bc530f0ca846a141201597']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-07-12T14:16:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5784fbc6-c44c-42ed-8ce6-897902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-07-12T14:16:38.000Z", "modified": "2016-07-12T14:16:38.000Z", "first_observed": "2016-07-12T14:16:38Z", "last_observed": "2016-07-12T14:16:38Z", "number_observed": 1, "object_refs": [ "url--5784fbc6-c44c-42ed-8ce6-897902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5784fbc6-c44c-42ed-8ce6-897902de0b81", "value": "https://www.virustotal.com/file/5afcaca6f6dd6fb3bad26585f30870f71462c59e251cc76b0df5851ac2aa17de/analysis/1468011596/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }