{ "type": "bundle", "id": "bundle--5474459d-1c60-456a-b057-4bdc950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-26T10:52:09.000Z", "modified": "2015-01-26T10:52:09.000Z", "name": "CthulhuSPRL.be", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5474459d-1c60-456a-b057-4bdc950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2015-01-26T10:52:09.000Z", "modified": "2015-01-26T10:52:09.000Z", "name": "OSINT Operation Double Tap from FireEye", "published": "2015-01-26T16:53:53Z", "object_refs": [ "observed-data--547445a7-3164-46d3-9c23-4e61950d210b", "url--547445a7-3164-46d3-9c23-4e61950d210b", "x-misp-attribute--547445c3-5b5c-49a6-a928-45a5950d210b", "x-misp-attribute--547445c3-24b8-4f71-bd6c-4ccd950d210b", "x-misp-attribute--547445c3-eca0-4eda-82aa-493a950d210b", "x-misp-attribute--547445c3-7c64-41bb-882f-40b8950d210b", "x-misp-attribute--547445dc-8fa4-48fc-8ba8-9e39950d210b", "vulnerability--547445f6-b298-4ea9-93fa-f86d950d210b", "vulnerability--547445f6-e44c-4db8-8e83-f86d950d210b", "indicator--54744638-bbb8-480b-a710-476e950d210b", "indicator--54744638-9f64-4b40-b6b3-476e950d210b", "indicator--54744638-5f98-4012-a6ed-476e950d210b", "indicator--54744638-10bc-4f77-9945-476e950d210b", "x-misp-attribute--54744678-280c-4a9c-ae2d-4d12950d210b", "x-misp-attribute--54744678-2fd4-45f2-a1a1-49db950d210b", "x-misp-attribute--54744678-8284-4572-b6ea-4112950d210b", "indicator--547446a9-8200-4d85-b473-4eae950d210b", "indicator--547446a9-90e4-4653-ab99-4ddf950d210b", "indicator--547446a9-409c-428c-ba14-4d62950d210b", "indicator--547446a9-799c-4f23-a52f-4871950d210b", "indicator--547446c2-a09c-4a4b-8f91-44a4950d210b", "indicator--547446c2-bef4-4f07-88b0-48f5950d210b", "indicator--547446e7-7414-4a27-9505-4d81950d210b", "indicator--547446e7-d078-4cbf-9780-49fe950d210b", "indicator--5474472c-1498-40ec-94a9-402d950d210b", "indicator--54744751-3e1c-47e7-b3ba-428b950d210b", "indicator--54744751-596c-4935-81e9-4238950d210b", "indicator--54744751-2a40-4cad-89da-4e6c950d210b", "observed-data--5474477a-bf40-4c76-8817-476e950d210b", "url--5474477a-bf40-4c76-8817-476e950d210b", "x-misp-attribute--547447f6-e394-440d-9044-4066950d210b", "x-misp-attribute--547447f6-39d0-4340-8a51-4986950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--547445a7-3164-46d3-9c23-4e61950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:02:31.000Z", "modified": "2014-11-25T09:02:31.000Z", "first_observed": "2014-11-25T09:02:31Z", "last_observed": "2014-11-25T09:02:31Z", "number_observed": 1, "object_refs": [ "url--547445a7-3164-46d3-9c23-4e61950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--547445a7-3164-46d3-9c23-4e61950d210b", "value": "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547445c3-5b5c-49a6-a928-45a5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:02:59.000Z", "modified": "2014-11-25T09:02:59.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "APT3" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547445c3-24b8-4f71-bd6c-4ccd950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:02:59.000Z", "modified": "2014-11-25T09:02:59.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "UPS" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547445c3-eca0-4eda-82aa-493a950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:02:59.000Z", "modified": "2014-11-25T09:02:59.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Operation Clandestine Fox" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547445c3-7c64-41bb-882f-40b8950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:02:59.000Z", "modified": "2014-11-25T09:02:59.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Clandestine Fox" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547445dc-8fa4-48fc-8ba8-9e39950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:03:24.000Z", "modified": "2014-11-25T09:03:24.000Z", "labels": [ "misp:type=\"comment\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "comment", "x_misp_value": "Data entered by David ANDRE" }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--547445f6-b298-4ea9-93fa-f86d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:03:50.000Z", "modified": "2014-11-25T09:03:50.000Z", "name": "CVE-2014-6332", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-6332" } ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--547445f6-e44c-4db8-8e83-f86d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:03:50.000Z", "modified": "2014-11-25T09:03:50.000Z", "name": "CVE-2014-4113", "labels": [ "misp:type=\"vulnerability\"", "misp:category=\"Payload delivery\"" ], "external_references": [ { "source_name": "cve", "external_id": "CVE-2014-4113" } ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744638-bbb8-480b-a710-476e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:04:55.000Z", "modified": "2014-11-25T09:04:55.000Z", "pattern": "[file:hashes.MD5 = '5a0c4e1925c76a959ab0588f683ab437']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:04:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744638-9f64-4b40-b6b3-476e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:04:56.000Z", "modified": "2014-11-25T09:04:56.000Z", "pattern": "[file:hashes.MD5 = '492a839a3bf9c61b7065589a18c5aa8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:04:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744638-5f98-4012-a6ed-476e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:04:56.000Z", "modified": "2014-11-25T09:04:56.000Z", "pattern": "[file:hashes.MD5 = '744a17a3bc6dbd535f568ef1e87d8b9a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:04:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744638-10bc-4f77-9945-476e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:04:56.000Z", "modified": "2014-11-25T09:04:56.000Z", "pattern": "[file:hashes.MD5 = '5c08957f05377004376e6a622406f9aa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:04:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54744678-280c-4a9c-ae2d-4d12950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:00.000Z", "modified": "2014-11-25T09:06:00.000Z", "labels": [ "misp:type=\"pattern-in-file\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pattern-in-file", "x_misp_value": "%USERPROFILE%\\Documents\\Visual Studio 2008\\Projects\\MShell\\Release\\MShell.pdb" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54744678-2fd4-45f2-a1a1-49db950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:00.000Z", "modified": "2014-11-25T09:06:00.000Z", "labels": [ "misp:type=\"pattern-in-file\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pattern-in-file", "x_misp_value": "%USERPROFILE%\\Documents\\Visual Studio 2008\\Projects\\4113\\Release\\4113.pdb" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--54744678-8284-4572-b6ea-4112950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:00.000Z", "modified": "2014-11-25T09:06:00.000Z", "labels": [ "misp:type=\"pattern-in-file\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Artifacts dropped", "x_misp_type": "pattern-in-file", "x_misp_value": "%USERPROFILE%\\Documents\\Visual Studio 2010\\Projects\\MyRat\\Client\\Client\\obj\\x86\\Release\\Client.pdb" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446a9-8200-4d85-b473-4eae950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:49.000Z", "modified": "2014-11-25T09:06:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.157.198.103']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:06:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446a9-90e4-4653-ab99-4ddf950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:49.000Z", "modified": "2014-11-25T09:06:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.109.99.64']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:06:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446a9-409c-428c-ba14-4d62950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:49.000Z", "modified": "2014-11-25T09:06:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.184.60.229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:06:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446a9-799c-4f23-a52f-4871950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:06:49.000Z", "modified": "2014-11-25T09:06:49.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.55.115.71']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:06:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446c2-a09c-4a4b-8f91-44a4950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:07:14.000Z", "modified": "2014-11-25T09:07:14.000Z", "pattern": "[domain-name:value = 'inform.bedircati.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446c2-bef4-4f07-88b0-48f5950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:07:14.000Z", "modified": "2014-11-25T09:07:14.000Z", "pattern": "[domain-name:value = 'pn.lamb-site.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:07:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446e7-7414-4a27-9505-4d81950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:07:51.000Z", "modified": "2014-11-25T09:07:51.000Z", "pattern": "[domain-name:value = 'securitywap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--547446e7-d078-4cbf-9780-49fe950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:07:51.000Z", "modified": "2014-11-25T09:07:51.000Z", "pattern": "[domain-name:value = 'www.securitywap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:07:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5474472c-1498-40ec-94a9-402d950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:09:00.000Z", "modified": "2014-11-25T09:09:00.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.151.248.173']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:09:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744751-3e1c-47e7-b3ba-428b950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:09:37.000Z", "modified": "2014-11-25T09:09:37.000Z", "pattern": "[domain-name:value = 'join.playboysplus.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:09:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744751-596c-4935-81e9-4238950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:09:37.000Z", "modified": "2014-11-25T09:09:37.000Z", "pattern": "[domain-name:value = 'walterclean.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:09:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--54744751-2a40-4cad-89da-4e6c950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:09:37.000Z", "modified": "2014-11-25T09:09:37.000Z", "pattern": "[domain-name:value = 'www.walterclean.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2014-11-25T09:09:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5474477a-bf40-4c76-8817-476e950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:10:18.000Z", "modified": "2014-11-25T09:10:18.000Z", "first_observed": "2014-11-25T09:10:18Z", "last_observed": "2014-11-25T09:10:18Z", "number_observed": 1, "object_refs": [ "url--5474477a-bf40-4c76-8817-476e950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5474477a-bf40-4c76-8817-476e950d210b", "value": "https://github.com/fireeye/iocs/tree/master/APT3" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547447f6-e394-440d-9044-4066950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:12:22.000Z", "modified": "2014-11-25T09:12:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Double Tap" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--547447f6-39d0-4340-8a51-4986950d210b", "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f", "created": "2014-11-25T09:12:22.000Z", "modified": "2014-11-25T09:12:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Operation Double Tap" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:GREEN", "definition": { "tlp": "green" } } ] }