From 267c167acbd0ead479c82c08b54b699493467415 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 7 May 2021 23:31:17 +0200 Subject: [PATCH 001/132] chg: [doc] cof2misp documentation added --- documentation/website/import_mod/cof2misp.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 documentation/website/import_mod/cof2misp.json diff --git a/documentation/website/import_mod/cof2misp.json b/documentation/website/import_mod/cof2misp.json new file mode 100644 index 0000000..cbbb0cc --- /dev/null +++ b/documentation/website/import_mod/cof2misp.json @@ -0,0 +1,12 @@ +{ + "description": "Passive DNS Common Output Format (COF) MISP importer", + "requirements": [ + "PyMISP" + ], + "features": "Takes as input a valid COF file or the output of the dnsdbflex utility and creates MISP objects for the input.", + "references": [ + "https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html" + ], + "input": "Passive DNS output in Common Output Format (COF)", + "output": "MISP objects" +} From 77035a82e0c39d26fa97270dd254edd36d199331 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 11 May 2021 14:46:16 +0200 Subject: [PATCH 002/132] chg: [cof2misp] bailiwick is optional --- misp_modules/modules/import_mod/cof2misp.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/import_mod/cof2misp.py b/misp_modules/modules/import_mod/cof2misp.py index 16bf259..bca2df5 100755 --- a/misp_modules/modules/import_mod/cof2misp.py +++ b/misp_modules/modules/import_mod/cof2misp.py @@ -81,7 +81,8 @@ def parse_and_insert_cof(data: str) -> dict: o = MISPObject(name='passive-dns', standalone=False, comment='created by cof2misp') # o.add_tag('tlp:amber') # FIXME: we'll want to add a tlp: tag to the object - o.add_attribute('bailiwick', value=entry['bailiwick'].rstrip('.')) + if 'bailiwick' in entry: + o.add_attribute('bailiwick', value=entry['bailiwick'].rstrip('.')) # # handle the combinations of rrtype (domain, ip) on both left and right side From 7aa6b39da82bb39b9a2e00a6903e7588a3d881eb Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Wed, 12 May 2021 18:30:54 +0530 Subject: [PATCH 003/132] Added a default distribution setting to Objects --- misp_modules/modules/expansion/farsight_passivedns.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py index 47e7eaa..ff877a1 100755 --- a/misp_modules/modules/expansion/farsight_passivedns.py +++ b/misp_modules/modules/expansion/farsight_passivedns.py @@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries'] DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info' DEFAULT_LIMIT = 10 - +org_distribution = '0' TYPE_TO_FEATURE = { "btc": "Bitcoin address", "dkim": "domainkeys identified mail", @@ -103,6 +103,7 @@ class FarsightDnsdbParser(): comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value']) for result in results: passivedns_object = MISPObject('passive-dns') + passivedns_object.distribution = org_distribution if result.get('rdata') and isinstance(result['rdata'], list): for rdata in result.pop('rdata'): passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata)) @@ -121,7 +122,7 @@ class FarsightDnsdbParser(): return {'results': results} def _parse_attribute(self, comment, feature, value): - attribute = {'value': value, 'comment': comment} + attribute = {'value': value, 'comment': comment, 'distribution': org_distribution} attribute.update(self.passivedns_mapping[feature]) return attribute From f6c0f6826330bf18705ec24c86b744b72d64df53 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Wed, 12 May 2021 18:38:55 +0530 Subject: [PATCH 004/132] Default distribution setting to DNSDB Objects --- misp_modules/modules/expansion/farsight_passivedns.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py index ff877a1..3167f4c 100755 --- a/misp_modules/modules/expansion/farsight_passivedns.py +++ b/misp_modules/modules/expansion/farsight_passivedns.py @@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries'] DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info' DEFAULT_LIMIT = 10 -org_distribution = '0' +DEFAULT_DISTRIBUTION_SETTING = '0' TYPE_TO_FEATURE = { "btc": "Bitcoin address", "dkim": "domainkeys identified mail", @@ -103,7 +103,7 @@ class FarsightDnsdbParser(): comment = self.comment % (query_type, TYPE_TO_FEATURE[self.attribute['type']], self.attribute['value']) for result in results: passivedns_object = MISPObject('passive-dns') - passivedns_object.distribution = org_distribution + passivedns_object.distribution = DEFAULT_DISTRIBUTION_SETTING if result.get('rdata') and isinstance(result['rdata'], list): for rdata in result.pop('rdata'): passivedns_object.add_attribute(**self._parse_attribute(comment, 'rdata', rdata)) @@ -122,7 +122,7 @@ class FarsightDnsdbParser(): return {'results': results} def _parse_attribute(self, comment, feature, value): - attribute = {'value': value, 'comment': comment, 'distribution': org_distribution} + attribute = {'value': value, 'comment': comment, 'distribution': DEFAULT_DISTRIBUTION_SETTING} attribute.update(self.passivedns_mapping[feature]) return attribute From 6a731454f1309e5d71b1bb131c31982ea6f80f74 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Wed, 12 May 2021 21:42:25 +0530 Subject: [PATCH 005/132] Updated Distribution Constant --- misp_modules/modules/expansion/farsight_passivedns.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py index 3167f4c..7cf6f66 100755 --- a/misp_modules/modules/expansion/farsight_passivedns.py +++ b/misp_modules/modules/expansion/farsight_passivedns.py @@ -2,7 +2,7 @@ import dnsdb2 import json from . import check_input_attribute, standard_error_message from datetime import datetime -from pymisp import MISPEvent, MISPObject +from pymisp import MISPEvent, MISPObject, Distribution misperrors = {'error': 'Error'} standard_query_input = [ @@ -43,7 +43,7 @@ moduleconfig = ['apikey', 'server', 'limit', 'flex_queries'] DEFAULT_DNSDB_SERVER = 'https://api.dnsdb.info' DEFAULT_LIMIT = 10 -DEFAULT_DISTRIBUTION_SETTING = '0' +DEFAULT_DISTRIBUTION_SETTING = Distribution.your_organisation_only.value TYPE_TO_FEATURE = { "btc": "Bitcoin address", "dkim": "domainkeys identified mail", From d495ca7366560fbcd449d39cf049d2b7a3e91d3b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 14 May 2021 13:45:36 +0200 Subject: [PATCH 006/132] chg: [test] onyphe no way to test without authentication keys --- tests/test_expansions.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 84958ac..1bcc93e 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -310,6 +310,8 @@ class TestExpansions(unittest.TestCase): def test_onyphe(self): module_name = "onyphe" + if LiveCI: + return True query = {"module": module_name, "ip-src": "8.8.8.8"} if module_name in self.configs: query["config"] = self.configs[module_name] @@ -324,6 +326,8 @@ class TestExpansions(unittest.TestCase): def test_onyphe_full(self): module_name = "onyphe_full" + if LiveCI: + return True query = {"module": module_name, "ip-src": "8.8.8.8"} if module_name in self.configs: query["config"] = self.configs[module_name] From 5b41c82f78a1dc29b5ae51c3311e8e2d8b455a1c Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Wed, 26 May 2021 12:16:11 +0200 Subject: [PATCH 007/132] Add a function to validate dnsdbflex output Signed-off-by: aaronkaplan --- misp_modules/lib/cof2misp/cof.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/misp_modules/lib/cof2misp/cof.py b/misp_modules/lib/cof2misp/cof.py index 395569e..a222a3d 100644 --- a/misp_modules/lib/cof2misp/cof.py +++ b/misp_modules/lib/cof2misp/cof.py @@ -93,6 +93,25 @@ def validate_cof(d: dict, strict=True) -> bool: else: return is_cof_valid_strict(d) +def validate_dnsdbflex(d: dict, strict=True) -> bool: + """ + Validate if dict d is valid dnsdbflex. It should looks like this: + { "rrtype": , "rrname": } + """ + if "rrname" not in d: + print("Missing MANDATORY field 'rrname'", file=sys.stderr) + return False + if not isinstance(d['rrname'], str): + print("Type error: 'rrname' is not a JSON string", file=sys.stderr) + return False + if "rrtype" not in d: + print("Missing MANDATORY field 'rrtype'", file=sys.stderr) + return False + if not isinstance(d['rrtype'], str): + print("Type error: 'rrtype' is not a JSON string", file=sys.stderr) + return False + return True + if __name__ == "__main__": # simple, poor man's unit tests. From 4816844d16dadac5c9e85cfcf101ec8b9607621a Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Wed, 26 May 2021 12:38:56 +0200 Subject: [PATCH 008/132] Add a function to validate dnsdbflex output add dnsdbflex parser. It's rather easy Signed-off-by: aaronkaplan --- misp_modules/lib/cof2misp/cof.py | 40 +++++++++++---------- misp_modules/modules/import_mod/cof2misp.py | 31 ++++++++++++++-- 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/misp_modules/lib/cof2misp/cof.py b/misp_modules/lib/cof2misp/cof.py index a222a3d..7b8d35c 100644 --- a/misp_modules/lib/cof2misp/cof.py +++ b/misp_modules/lib/cof2misp/cof.py @@ -27,7 +27,7 @@ def is_valid_ip(ip: str) -> bool: try: ipaddress.ip_address(ip) except Exception as ex: - print("is_valid_ip(%s) returned False. Reason: %s" % (ip, str(ex)), file=sys.stderr) + print("is_valid_ip(%s) returned False. Reason: %s" % (ip, str(ex)), file = sys.stderr) return False return True @@ -39,7 +39,7 @@ def is_cof_valid_strict(d: dict) -> bool: -------- True on success, False on validation failure. """ - return True # FIXME + return True # FIXME def is_cof_valid_simple(d: dict) -> bool: @@ -51,28 +51,29 @@ def is_cof_valid_simple(d: dict) -> bool: """ if "rrname" not in d: - print("Missing MANDATORY field 'rrname'", file=sys.stderr) + print("Missing MANDATORY field 'rrname'", file = sys.stderr) return False if not isinstance(d['rrname'], str): - print("Type error: 'rrname' is not a JSON string", file=sys.stderr) + print("Type error: 'rrname' is not a JSON string", file = sys.stderr) return False if "rrtype" not in d: - print("Missing MANDATORY field 'rrtype'", file=sys.stderr) + print("Missing MANDATORY field 'rrtype'", file = sys.stderr) return False if not isinstance(d['rrtype'], str): - print("Type error: 'rrtype' is not a JSON string", file=sys.stderr) + print("Type error: 'rrtype' is not a JSON string", file = sys.stderr) return False if "rdata" not in d: - print("Missing MANDATORY field 'rdata'", file=sys.stderr) + print("Missing MANDATORY field 'rdata'", file = sys.stderr) return False if "rdata" not in d: - print("Missing MANDATORY field 'rdata'", file=sys.stderr) + print("Missing MANDATORY field 'rdata'", file = sys.stderr) return False if not isinstance(d['rdata'], str) and not isinstance(d['rdata'], list): - print("'rdata' is not a list and not a string.", file=sys.stderr) + print("'rdata' is not a list and not a string.", file = sys.stderr) return False if not ("time_first" in d and "time_last" in d) or ("zone_time_first" in d and "zone_time_last" in d): - print("We are missing EITHER ('first_seen' and 'last_seen') OR ('zone_time_first' and zone_time_last') fields", file=sys.stderr) + print("We are missing EITHER ('first_seen' and 'last_seen') OR ('zone_time_first' and zone_time_last') fields", + file = sys.stderr) return False # currently we don't check the OPTIONAL fields. Sorry... to be done later. return True @@ -93,22 +94,23 @@ def validate_cof(d: dict, strict=True) -> bool: else: return is_cof_valid_strict(d) + def validate_dnsdbflex(d: dict, strict=True) -> bool: """ Validate if dict d is valid dnsdbflex. It should looks like this: { "rrtype": , "rrname": } """ if "rrname" not in d: - print("Missing MANDATORY field 'rrname'", file=sys.stderr) + print("Missing MANDATORY field 'rrname'", file = sys.stderr) return False if not isinstance(d['rrname'], str): - print("Type error: 'rrname' is not a JSON string", file=sys.stderr) + print("Type error: 'rrname' is not a JSON string", file = sys.stderr) return False if "rrtype" not in d: - print("Missing MANDATORY field 'rrtype'", file=sys.stderr) + print("Missing MANDATORY field 'rrtype'", file = sys.stderr) return False if not isinstance(d['rrtype'], str): - print("Type error: 'rrtype' is not a JSON string", file=sys.stderr) + print("Type error: 'rrtype' is not a JSON string", file = sys.stderr) return False return True @@ -116,8 +118,8 @@ def validate_dnsdbflex(d: dict, strict=True) -> bool: if __name__ == "__main__": # simple, poor man's unit tests. - print(80 * "=", file=sys.stderr) - print("Unit Tests:", file=sys.stderr) + print(80 * "=", file = sys.stderr) + print("Unit Tests:", file = sys.stderr) assert not is_valid_ip("a.2.3.4") assert is_valid_ip("99.88.77.6") assert is_valid_ip("2a0c:88:77:6::1") @@ -128,7 +130,7 @@ if __name__ == "__main__": i = 0 for entry in ndjson.loads(mock_input): - retval = validate_cof(entry, strict=False) + retval = validate_cof(entry, strict = False) assert retval print("line %d is valid: %s" % (i, retval)) i += 1 @@ -137,5 +139,5 @@ if __name__ == "__main__": for entry in ndjson.loads(test2): assert validate_cof(entry) - print(80 * "=", file=sys.stderr) - print("Unit Tests DONE", file=sys.stderr) + print(80 * "=", file = sys.stderr) + print("Unit Tests DONE", file = sys.stderr) diff --git a/misp_modules/modules/import_mod/cof2misp.py b/misp_modules/modules/import_mod/cof2misp.py index 3fe36fc..abddc0b 100755 --- a/misp_modules/modules/import_mod/cof2misp.py +++ b/misp_modules/modules/import_mod/cof2misp.py @@ -22,7 +22,7 @@ import ndjson # from pymisp import MISPObject, MISPEvent, PyMISP from pymisp import MISPObject -from cof2misp.cof import validate_cof +from cof2misp.cof import validate_cof, validate_dnsdbflex create_specific_attributes = False # this is for https://github.com/MISP/misp-objects/pull/314 @@ -147,7 +147,34 @@ def parse_and_insert_dnsdbflex(data: str): -------- none """ - return {"error": "NOT IMPLEMENTED YET"} # XXX FIXME: need a MISP object for dnsdbflex + objects = [] + try: + entries = ndjson.loads(data) + for entry in entries: # iterate over all ndjson lines + + # validate here (simple validation or full JSON Schema validation) + if not validate_dnsdbflex(entry): + return {"error": "Could not validate the dnsdbflex input '%s'" % entry} + + # Next, extract some fields + rrtype = entry['rrtype'].upper() + rrname = entry['rrname'].rstrip('.') + + # create a new MISP object, based on the passive-dns object for each nd-JSON line + o = MISPObject(name='passive-dns-dnsdbflex', standalone=False, comment='created by cof2misp') + o.add_attribute('rrname', value=rrname) + o.add_attribute('rrtype', value=rrtype) + + # + # add dnsdbflex entry to MISP object + # + objects.append(o.to_json()) + + r = {'results': {'Object': [json.loads(o) for o in objects]}} + except Exception as ex: + misperrors["error"] = "An error occured during parsing of input: '%s'" % (str(ex),) + return misperrors + return r def is_dnsdbflex(data: str) -> bool: From 6824b4e99143ba1113f07a91ff7684ed549a7178 Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Thu, 27 May 2021 01:58:23 +0200 Subject: [PATCH 009/132] push version --- misp_modules/modules/import_mod/cof2misp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/import_mod/cof2misp.py b/misp_modules/modules/import_mod/cof2misp.py index abddc0b..96fd4c4 100755 --- a/misp_modules/modules/import_mod/cof2misp.py +++ b/misp_modules/modules/import_mod/cof2misp.py @@ -37,7 +37,7 @@ mispattributes = {'inputSource': ['file'], 'output': ['MISP objects'], 'format': 'misp_standard'} -moduleinfo = {'version': '0.2', 'author': 'Aaron Kaplan', +moduleinfo = {'version': '0.3', 'author': 'Aaron Kaplan', 'description': 'Module to import the passive DNS Common Output Format (COF) and merge as a MISP objet into a MISP event.', 'module-type': ['import']} From c4bc2408ad92924d907029a3166417ef78ef2558 Mon Sep 17 00:00:00 2001 From: Alex Resnick Date: Fri, 28 May 2021 14:53:35 -0500 Subject: [PATCH 010/132] add proxy configs for virus total modules --- misp_modules/modules/expansion/virustotal.py | 49 +++++++++++++++++-- .../modules/expansion/virustotal_public.py | 46 ++++++++++++++++- 2 files changed, 88 insertions(+), 7 deletions(-) diff --git a/misp_modules/modules/expansion/virustotal.py b/misp_modules/modules/expansion/virustotal.py index f5f29c5..2922417 100644 --- a/misp_modules/modules/expansion/virustotal.py +++ b/misp_modules/modules/expansion/virustotal.py @@ -1,5 +1,6 @@ import json import requests +from urllib.parse import urlparse from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject @@ -13,7 +14,7 @@ moduleinfo = {'version': '4', 'author': 'Hannah Ward', 'module-type': ['expansion']} # config fields that your code expects from the site admin -moduleconfig = ["apikey", "event_limit"] +moduleconfig = ["apikey", "event_limit", 'proxy_host', 'proxy_port', 'proxy_username', 'proxy_password'] class VirusTotalParser(object): @@ -27,6 +28,7 @@ class VirusTotalParser(object): 'domain': self.parse_domain, 'hostname': self.parse_domain, 'md5': self.parse_hash, 'sha1': self.parse_hash, 'sha256': self.parse_hash, 'url': self.parse_url} + self.proxies = None def query_api(self, attribute): self.attribute = MISPAttribute() @@ -43,7 +45,7 @@ class VirusTotalParser(object): ################################################################################ def parse_domain(self, domain, recurse=False): - req = requests.get(self.base_url.format('domain'), params={'apikey': self.apikey, 'domain': domain}) + req = requests.get(self.base_url.format('domain'), params={'apikey': self.apikey, 'domain': domain}, proxies=self.proxies) if req.status_code != 200: return req.status_code req = req.json() @@ -67,7 +69,7 @@ class VirusTotalParser(object): return self.parse_related_urls(req, recurse, uuid) def parse_hash(self, sample, recurse=False, uuid=None, relationship=None): - req = requests.get(self.base_url.format('file'), params={'apikey': self.apikey, 'resource': sample}) + req = requests.get(self.base_url.format('file'), params={'apikey': self.apikey, 'resource': sample}, proxies=self.proxies) status_code = req.status_code if req.status_code == 200: req = req.json() @@ -88,7 +90,7 @@ class VirusTotalParser(object): return status_code def parse_ip(self, ip, recurse=False): - req = requests.get(self.base_url.format('ip-address'), params={'apikey': self.apikey, 'ip': ip}) + req = requests.get(self.base_url.format('ip-address'), params={'apikey': self.apikey, 'ip': ip}, proxies=self.proxies) if req.status_code != 200: return req.status_code req = req.json() @@ -106,7 +108,7 @@ class VirusTotalParser(object): return self.parse_related_urls(req, recurse, uuid) def parse_url(self, url, recurse=False, uuid=None): - req = requests.get(self.base_url.format('url'), params={'apikey': self.apikey, 'resource': url}) + req = requests.get(self.base_url.format('url'), params={'apikey': self.apikey, 'resource': url}, proxies=self.proxies) status_code = req.status_code if req.status_code == 200: req = req.json() @@ -179,6 +181,42 @@ class VirusTotalParser(object): self.misp_event.add_object(**vt_object) return vt_object.uuid + def set_proxy_settings(self, config: dict) -> dict: + """Returns proxy settings in the requests format. + If no proxy settings are set, return None.""" + proxies = None + host = config.get('proxy_host') + port = config.get('proxy_port') + username = config.get('proxy_username') + password = config.get('proxy_password') + + if host: + if not port: + misperrors['error'] = 'The virustotal_proxy_host config is set, ' \ + 'please also set the virustotal_proxy_port.' + raise KeyError + parsed = urlparse(host) + if 'http' in parsed.scheme: + scheme = 'http' + else: + scheme = parsed.scheme + netloc = parsed.netloc + host = f'{netloc}:{port}' + + if username: + if not password: + misperrors['error'] = 'The virustotal_proxy_username config is set, ' \ + 'please also set the virustotal_proxy_password.' + raise KeyError + auth = f'{username}:{password}' + host = auth + '@' + host + + proxies = { + 'http': f'{scheme}://{host}', + 'https': f'{scheme}://{host}' + } + self.proxies=proxies + return True def parse_error(status_code): status_mapping = {204: 'VirusTotal request rate limit exceeded.', @@ -205,6 +243,7 @@ def handler(q=False): if not isinstance(event_limit, int): event_limit = 5 parser = VirusTotalParser(request['config']['apikey'], event_limit) + parser.set_proxy_settings(request.get('config')) attribute = request['attribute'] status = parser.query_api(attribute) if status != 200: diff --git a/misp_modules/modules/expansion/virustotal_public.py b/misp_modules/modules/expansion/virustotal_public.py index 989e48d..12aba9f 100644 --- a/misp_modules/modules/expansion/virustotal_public.py +++ b/misp_modules/modules/expansion/virustotal_public.py @@ -1,6 +1,8 @@ import json +import logging import requests from . import check_input_attribute, standard_error_message +from urllib.parse import urlparse from pymisp import MISPAttribute, MISPEvent, MISPObject misperrors = {'error': 'Error'} @@ -10,13 +12,16 @@ moduleinfo = {'version': '1', 'author': 'Christian Studer', 'description': 'Get information from VirusTotal public API v2.', 'module-type': ['expansion', 'hover']} -moduleconfig = ['apikey'] +moduleconfig = ['apikey', 'proxy_host', 'proxy_port', 'proxy_username', 'proxy_password'] +LOGGER = logging.getLogger('virus_total_public') +LOGGER.setLevel(logging.INFO) class VirusTotalParser(): def __init__(self): super(VirusTotalParser, self).__init__() self.misp_event = MISPEvent() + self.proxies = None def declare_variables(self, apikey, attribute): self.attribute = MISPAttribute() @@ -66,8 +71,44 @@ class VirusTotalParser(): def get_query_result(self, query_type): params = {query_type: self.attribute.value, 'apikey': self.apikey} - return requests.get(self.base_url, params=params) + return requests.get(self.base_url, params=params, proxies=self.proxies) + def set_proxy_settings(self, config: dict) -> dict: + """Returns proxy settings in the requests format. + If no proxy settings are set, return None.""" + proxies = None + host = config.get('proxy_host') + port = config.get('proxy_port') + username = config.get('proxy_username') + password = config.get('proxy_password') + + if host: + if not port: + misperrors['error'] = 'The virustotal_public_proxy_host config is set, ' \ + 'please also set the virustotal_public_proxy_port.' + raise KeyError + parsed = urlparse(host) + if 'http' in parsed.scheme: + scheme = 'http' + else: + scheme = parsed.scheme + netloc = parsed.netloc + host = f'{netloc}:{port}' + + if username: + if not password: + misperrors['error'] = 'The virustotal_public_proxy_username config is set, ' \ + 'please also set the virustotal_public_proxy_password.' + raise KeyError + auth = f'{username}:{password}' + host = auth + '@' + host + + proxies = { + 'http': f'{scheme}://{host}', + 'https': f'{scheme}://{host}' + } + self.proxies=proxies + return True class DomainQuery(VirusTotalParser): def __init__(self, apikey, attribute): @@ -182,6 +223,7 @@ def handler(q=False): return {'error': 'Unsupported attribute type.'} query_type, to_call = misp_type_mapping[attribute['type']] parser = to_call(request['config']['apikey'], attribute) + parser.set_proxy_settings(request.get('config')) query_result = parser.get_query_result(query_type) status_code = query_result.status_code if status_code == 200: From 1004bb8bb79d1bbeb76d53273387a5bdbf66777e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 9 Jun 2021 14:31:27 -0700 Subject: [PATCH 011/132] chg: Bump deps --- Pipfile | 1 - Pipfile.lock | 1311 +++++++++++++++++++++++--------------------------- 2 files changed, 592 insertions(+), 720 deletions(-) diff --git a/Pipfile b/Pipfile index cd631be..98a6f18 100644 --- a/Pipfile +++ b/Pipfile @@ -17,7 +17,6 @@ passivetotal = "*" pypdns = "*" pypssl = "*" pyeupi = "*" -uwhois = { editable = true, git = "https://github.com/Rafiot/uwhoisd.git", ref = "testing", subdirectory = "client" } pymisp = { extras = ["fileobjects,openioc,pdfexport,email"], version = "*" } pyonyphe = { editable = true, git = "https://github.com/sebdraven/pyonyphe" } pydnstrails = { editable = true, git = "https://github.com/sebdraven/pydnstrails" } diff --git a/Pipfile.lock b/Pipfile.lock index 896a592..e649998 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "1e40a27ecb603ad61301ace74783297f581773a131fb83638a03ae2488ba4e12" + "sha256": "7a06c4c5e7971831c0908f2db178124724b73d092f902d03f004bd928a3f2c94" }, "pipfile-spec": 6, "requires": { @@ -18,52 +18,52 @@ "default": { "aiohttp": { "hashes": [ - "sha256:0b795072bb1bf87b8620120a6373a3c61bfcb8da7e5c2377f4bb23ff4f0b62c9", - "sha256:0d438c8ca703b1b714e82ed5b7a4412c82577040dadff479c08405e2a715564f", - "sha256:16a3cb5df5c56f696234ea9e65e227d1ebe9c18aa774d36ff42f532139066a5f", - "sha256:1edfd82a98c5161497bbb111b2b70c0813102ad7e0aa81cbeb34e64c93863005", - "sha256:2406dc1dda01c7f6060ab586e4601f18affb7a6b965c50a8c90ff07569cf782a", - "sha256:2858b2504c8697beb9357be01dc47ef86438cc1cb36ecb6991796d19475faa3e", - "sha256:2a7b7640167ab536c3cb90cfc3977c7094f1c5890d7eeede8b273c175c3910fd", - "sha256:3228b7a51e3ed533f5472f54f70fd0b0a64c48dc1649a0f0e809bec312934d7a", - "sha256:328b552513d4f95b0a2eea4c8573e112866107227661834652a8984766aa7656", - "sha256:39f4b0a6ae22a1c567cb0630c30dd082481f95c13ca528dc501a7766b9c718c0", - "sha256:3b0036c978cbcc4a4512278e98e3e6d9e6b834dc973206162eddf98b586ef1c6", - "sha256:3ea8c252d8df5e9166bcf3d9edced2af132f4ead8ac422eac723c5781063709a", - "sha256:41608c0acbe0899c852281978492f9ce2c6fbfaf60aff0cefc54a7c4516b822c", - "sha256:59d11674964b74a81b149d4ceaff2b674b3b0e4d0f10f0be1533e49c4a28408b", - "sha256:5e479df4b2d0f8f02133b7e4430098699450e1b2a826438af6bec9a400530957", - "sha256:684850fb1e3e55c9220aad007f8386d8e3e477c4ec9211ae54d968ecdca8c6f9", - "sha256:6ccc43d68b81c424e46192a778f97da94ee0630337c9bbe5b2ecc9b0c1c59001", - "sha256:6d42debaf55450643146fabe4b6817bb2a55b23698b0434107e892a43117285e", - "sha256:710376bf67d8ff4500a31d0c207b8941ff4fba5de6890a701d71680474fe2a60", - "sha256:756ae7efddd68d4ea7d89c636b703e14a0c686688d42f588b90778a3c2fc0564", - "sha256:77149002d9386fae303a4a162e6bce75cc2161347ad2ba06c2f0182561875d45", - "sha256:78e2f18a82b88cbc37d22365cf8d2b879a492faedb3f2975adb4ed8dfe994d3a", - "sha256:7d9b42127a6c0bdcc25c3dcf252bb3ddc70454fac593b1b6933ae091396deb13", - "sha256:8389d6044ee4e2037dca83e3f6994738550f6ee8cfb746762283fad9b932868f", - "sha256:9c1a81af067e72261c9cbe33ea792893e83bc6aa987bfbd6fdc1e5e7b22777c4", - "sha256:c1e0920909d916d3375c7a1fdb0b1c78e46170e8bb42792312b6eb6676b2f87f", - "sha256:c68fdf21c6f3573ae19c7ee65f9ff185649a060c9a06535e9c3a0ee0bbac9235", - "sha256:c733ef3bdcfe52a1a75564389bad4064352274036e7e234730526d155f04d914", - "sha256:c9c58b0b84055d8bc27b7df5a9d141df4ee6ff59821f922dd73155861282f6a3", - "sha256:d03abec50df423b026a5aa09656bd9d37f1e6a49271f123f31f9b8aed5dc3ea3", - "sha256:d2cfac21e31e841d60dc28c0ec7d4ec47a35c608cb8906435d47ef83ffb22150", - "sha256:dcc119db14757b0c7bce64042158307b9b1c76471e655751a61b57f5a0e4d78e", - "sha256:df3a7b258cc230a65245167a202dd07320a5af05f3d41da1488ba0fa05bc9347", - "sha256:df48a623c58180874d7407b4d9ec06a19b84ed47f60a3884345b1a5099c1818b", - "sha256:e1b95972a0ae3f248a899cdbac92ba2e01d731225f566569311043ce2226f5e7", - "sha256:f326b3c1bbfda5b9308252ee0dcb30b612ee92b0e105d4abec70335fab5b1245", - "sha256:f411cb22115cb15452d099fec0ee636b06cf81bfb40ed9c02d30c8dc2bc2e3d1" + "sha256:02f46fc0e3c5ac58b80d4d56eb0a7c7d97fcef69ace9326289fb9f1955e65cfe", + "sha256:0563c1b3826945eecd62186f3f5c7d31abb7391fedc893b7e2b26303b5a9f3fe", + "sha256:114b281e4d68302a324dd33abb04778e8557d88947875cbf4e842c2c01a030c5", + "sha256:14762875b22d0055f05d12abc7f7d61d5fd4fe4642ce1a249abdf8c700bf1fd8", + "sha256:15492a6368d985b76a2a5fdd2166cddfea5d24e69eefed4630cbaae5c81d89bd", + "sha256:17c073de315745a1510393a96e680d20af8e67e324f70b42accbd4cb3315c9fb", + "sha256:209b4a8ee987eccc91e2bd3ac36adee0e53a5970b8ac52c273f7f8fd4872c94c", + "sha256:230a8f7e24298dea47659251abc0fd8b3c4e38a664c59d4b89cca7f6c09c9e87", + "sha256:2e19413bf84934d651344783c9f5e22dee452e251cfd220ebadbed2d9931dbf0", + "sha256:393f389841e8f2dfc86f774ad22f00923fdee66d238af89b70ea314c4aefd290", + "sha256:3cf75f7cdc2397ed4442594b935a11ed5569961333d49b7539ea741be2cc79d5", + "sha256:3d78619672183be860b96ed96f533046ec97ca067fd46ac1f6a09cd9b7484287", + "sha256:40eced07f07a9e60e825554a31f923e8d3997cfc7fb31dbc1328c70826e04cde", + "sha256:493d3299ebe5f5a7c66b9819eacdcfbbaaf1a8e84911ddffcdc48888497afecf", + "sha256:4b302b45040890cea949ad092479e01ba25911a15e648429c7c5aae9650c67a8", + "sha256:515dfef7f869a0feb2afee66b957cc7bbe9ad0cdee45aec7fdc623f4ecd4fb16", + "sha256:547da6cacac20666422d4882cfcd51298d45f7ccb60a04ec27424d2f36ba3eaf", + "sha256:5df68496d19f849921f05f14f31bd6ef53ad4b00245da3195048c69934521809", + "sha256:64322071e046020e8797117b3658b9c2f80e3267daec409b350b6a7a05041213", + "sha256:7615dab56bb07bff74bc865307aeb89a8bfd9941d2ef9d817b9436da3a0ea54f", + "sha256:79ebfc238612123a713a457d92afb4096e2148be17df6c50fb9bf7a81c2f8013", + "sha256:7b18b97cf8ee5452fa5f4e3af95d01d84d86d32c5e2bfa260cf041749d66360b", + "sha256:932bb1ea39a54e9ea27fc9232163059a0b8855256f4052e776357ad9add6f1c9", + "sha256:a00bb73540af068ca7390e636c01cbc4f644961896fa9363154ff43fd37af2f5", + "sha256:a5ca29ee66f8343ed336816c553e82d6cade48a3ad702b9ffa6125d187e2dedb", + "sha256:af9aa9ef5ba1fd5b8c948bb11f44891968ab30356d65fd0cc6707d989cd521df", + "sha256:bb437315738aa441251214dad17428cafda9cdc9729499f1d6001748e1d432f4", + "sha256:bdb230b4943891321e06fc7def63c7aace16095be7d9cf3b1e01be2f10fba439", + "sha256:c6e9dcb4cb338d91a73f178d866d051efe7c62a7166653a91e7d9fb18274058f", + "sha256:cffe3ab27871bc3ea47df5d8f7013945712c46a3cc5a95b6bee15887f1675c22", + "sha256:d012ad7911653a906425d8473a1465caa9f8dea7fcf07b6d870397b774ea7c0f", + "sha256:d9e13b33afd39ddeb377eff2c1c4f00544e191e1d1dee5b6c51ddee8ea6f0cf5", + "sha256:e4b2b334e68b18ac9817d828ba44d8fcb391f6acb398bcc5062b14b2cbeac970", + "sha256:e54962802d4b8b18b6207d4a927032826af39395a3bd9196a5af43fc4e60b009", + "sha256:f705e12750171c0ab4ef2a3c76b9a4024a62c4103e3a55dd6f99265b9bc6fcfc", + "sha256:f881853d2643a29e643609da57b96d5f9c9b93f62429dcc1cbb413c7d07f0e1a", + "sha256:fe60131d21b31fd1a14bd43e6bb88256f69dfc3188b3a89d736d6c71ed43ec95" ], - "index": "pypi", - "version": "==3.7.3" + "markers": "python_version >= '3.6'", + "version": "==3.7.4.post0" }, "antlr4-python3-runtime": { "hashes": [ "sha256:15793f5d0512a372b4e7d2284058ad32ce7dd27126b105fb0b2245130445db33" ], - "index": "pypi", + "markers": "python_version >= '3'", "version": "==4.8" }, "apiosintds": { @@ -78,39 +78,30 @@ "sha256:62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4", "sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314" ], - "index": "pypi", "version": "==1.4.0" }, "assemblyline-client": { "hashes": [ - "sha256:6a36a654185ba40d10bdd0213a1926aacb4351290824e406cbff6b6b5b251f5f" + "sha256:3403d532f9ce08ac19374ceaecba543baeb297257ab1ae56b23f2fe1b651d3e0" ], "index": "pypi", - "version": "==4.0.1" + "version": "==4.0.5" }, "async-timeout": { "hashes": [ "sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f", "sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3" ], - "index": "pypi", + "markers": "python_full_version >= '3.5.3'", "version": "==3.0.1" }, "attrs": { "hashes": [ - "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6", - "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700" - ], - "index": "pypi", - "version": "==20.3.0" - }, - "backoff": { - "hashes": [ - "sha256:5e73e2cbe780e1915a204799dba0a01896f45f4385e636bcca7a0614d879d0cd", - "sha256:b8fba021fac74055ac05eb7c7bfce4723aedde6cd0a504e5326bcb0bdd6d19a4" + "sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1", + "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.10.0" + "version": "==21.2.0" }, "backscatter": { "hashes": [ @@ -129,14 +120,6 @@ "index": "pypi", "version": "==4.9.3" }, - "bidict": { - "hashes": [ - "sha256:4fa46f7ff96dc244abfc437383d987404ae861df797e2fd5b190e233c302be09", - "sha256:929d056e8d0d9b17ceda20ba5b24ac388e2a4d39802b87f9f4d3f45ecba070bf" - ], - "index": "pypi", - "version": "==0.21.2" - }, "blockchain": { "hashes": [ "sha256:dbaa3eebb6f81b4245005739da802c571b09f98d97eb66520afd95d9ccafebe2" @@ -144,72 +127,74 @@ "index": "pypi", "version": "==1.4.4" }, - "censys": { - "hashes": [ - "sha256:0a2e2c73471d37fb55c4c5597d48334cfc56fd39daebbae18c7b07f0d2a51dc4", - "sha256:d7d935ffe3309f8279d566113f2d958803154fd090ad07abe0d3458a396db9fd" - ], - "index": "pypi", - "version": "==1.1.1" - }, "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "index": "pypi", - "version": "==2020.12.5" + "version": "==2021.5.30" }, "cffi": { "hashes": [ - "sha256:00a1ba5e2e95684448de9b89888ccd02c98d512064b4cb987d48f4b40aa0421e", - "sha256:00e28066507bfc3fe865a31f325c8391a1ac2916219340f87dfad602c3e48e5d", - "sha256:045d792900a75e8b1e1b0ab6787dd733a8190ffcf80e8c8ceb2fb10a29ff238a", - "sha256:0638c3ae1a0edfb77c6765d487fee624d2b1ee1bdfeffc1f0b58c64d149e7eec", - "sha256:105abaf8a6075dc96c1fe5ae7aae073f4696f2905fde6aeada4c9d2926752362", - "sha256:155136b51fd733fa94e1c2ea5211dcd4c8879869008fc811648f16541bf99668", - "sha256:1a465cbe98a7fd391d47dce4b8f7e5b921e6cd805ef421d04f5f66ba8f06086c", - "sha256:1d2c4994f515e5b485fd6d3a73d05526aa0fcf248eb135996b088d25dfa1865b", - "sha256:2c24d61263f511551f740d1a065eb0212db1dbbbbd241db758f5244281590c06", - "sha256:51a8b381b16ddd370178a65360ebe15fbc1c71cf6f584613a7ea08bfad946698", - "sha256:594234691ac0e9b770aee9fcdb8fa02c22e43e5c619456efd0d6c2bf276f3eb2", - "sha256:5cf4be6c304ad0b6602f5c4e90e2f59b47653ac1ed9c662ed379fe48a8f26b0c", - "sha256:64081b3f8f6f3c3de6191ec89d7dc6c86a8a43911f7ecb422c60e90c70be41c7", - "sha256:6bc25fc545a6b3d57b5f8618e59fc13d3a3a68431e8ca5fd4c13241cd70d0009", - "sha256:798caa2a2384b1cbe8a2a139d80734c9db54f9cc155c99d7cc92441a23871c03", - "sha256:7c6b1dece89874d9541fc974917b631406233ea0440d0bdfbb8e03bf39a49b3b", - "sha256:7ef7d4ced6b325e92eb4d3502946c78c5367bc416398d387b39591532536734e", - "sha256:840793c68105fe031f34d6a086eaea153a0cd5c491cde82a74b420edd0a2b909", - "sha256:8d6603078baf4e11edc4168a514c5ce5b3ba6e3e9c374298cb88437957960a53", - "sha256:9cc46bc107224ff5b6d04369e7c595acb700c3613ad7bcf2e2012f62ece80c35", - "sha256:9f7a31251289b2ab6d4012f6e83e58bc3b96bd151f5b5262467f4bb6b34a7c26", - "sha256:9ffb888f19d54a4d4dfd4b3f29bc2c16aa4972f1c2ab9c4ab09b8ab8685b9c2b", - "sha256:a5ed8c05548b54b998b9498753fb9cadbfd92ee88e884641377d8a8b291bcc01", - "sha256:a7711edca4dcef1a75257b50a2fbfe92a65187c47dab5a0f1b9b332c5919a3fb", - "sha256:af5c59122a011049aad5dd87424b8e65a80e4a6477419c0c1015f73fb5ea0293", - "sha256:b18e0a9ef57d2b41f5c68beefa32317d286c3d6ac0484efd10d6e07491bb95dd", - "sha256:b4e248d1087abf9f4c10f3c398896c87ce82a9856494a7155823eb45a892395d", - "sha256:ba4e9e0ae13fc41c6b23299545e5ef73055213e466bd107953e4a013a5ddd7e3", - "sha256:c6332685306b6417a91b1ff9fae889b3ba65c2292d64bd9245c093b1b284809d", - "sha256:d5ff0621c88ce83a28a10d2ce719b2ee85635e85c515f12bac99a95306da4b2e", - "sha256:d9efd8b7a3ef378dd61a1e77367f1924375befc2eba06168b6ebfa903a5e59ca", - "sha256:df5169c4396adc04f9b0a05f13c074df878b6052430e03f50e68adf3a57aa28d", - "sha256:ebb253464a5d0482b191274f1c8bf00e33f7e0b9c66405fbffc61ed2c839c775", - "sha256:ec80dc47f54e6e9a78181ce05feb71a0353854cc26999db963695f950b5fb375", - "sha256:f032b34669220030f905152045dfa27741ce1a6db3324a5bc0b96b6c7420c87b", - "sha256:f60567825f791c6f8a592f3c6e3bd93dd2934e3f9dac189308426bd76b00ef3b", - "sha256:f803eaa94c2fcda012c047e62bc7a51b0bdabda1cad7a92a522694ea2d76e49f" + "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813", + "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373", + "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69", + "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f", + "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06", + "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05", + "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea", + "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee", + "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0", + "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396", + "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7", + "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f", + "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73", + "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315", + "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76", + "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1", + "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49", + "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed", + "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892", + "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482", + "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058", + "sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5", + "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53", + "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045", + "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3", + "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55", + "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5", + "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e", + "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c", + "sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369", + "sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827", + "sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053", + "sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa", + "sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4", + "sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322", + "sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132", + "sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62", + "sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa", + "sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0", + "sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396", + "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e", + "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991", + "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6", + "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc", + "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1", + "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406", + "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333", + "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d", + "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c" ], - "index": "pypi", - "version": "==1.14.4" + "version": "==1.14.5" }, "chardet": { "hashes": [ - "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", - "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" + "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa", + "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5" ], - "index": "pypi", - "version": "==3.0.4" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==4.0.0" }, "clamd": { "hashes": [ @@ -221,18 +206,17 @@ }, "click": { "hashes": [ - "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", - "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" + "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", + "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" ], - "index": "pypi", - "version": "==7.1.2" + "markers": "python_version >= '3.6'", + "version": "==8.0.1" }, "click-plugins": { "hashes": [ "sha256:46ab999744a9d831159c3411bb0c79346d94a444df9a3a3742e9ed63645f264b", "sha256:5d262006d3222f5057fd81e1623d4443e41dcda5dc815c06b442aa3c02889fc8" ], - "index": "pypi", "version": "==1.1.1" }, "colorama": { @@ -240,118 +224,96 @@ "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b", "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==0.4.4" }, "colorclass": { "hashes": [ "sha256:b05c2a348dfc1aff2d502527d78a5b7b7e2f85da94a96c5081210d8e9ee8e18b" ], - "index": "pypi", "version": "==2.2.0" }, "compressed-rtf": { "hashes": [ "sha256:c1c827f1d124d24608981a56e8b8691eb1f2a69a78ccad6440e7d92fde1781dd" ], - "index": "pypi", "version": "==1.0.6" }, "configparser": { "hashes": [ - "sha256:005c3b102c96f4be9b8f40dafbd4997db003d07d1caa19f37808be8031475f2a", - "sha256:08e8a59ef1817ac4ed810bb8e17d049566dd6e024e7566f6285c756db2bb4ff8" + "sha256:85d5de102cfe6d14a5172676f09d19c465ce63d6019cf0a4ef13385fc535e828", + "sha256:af59f2cdd7efbdd5d111c1976ecd0b82db9066653362f0962d7bf1d3ab89a1fa" ], - "index": "pypi", - "version": "==5.0.1" + "markers": "python_version >= '3.6'", + "version": "==5.0.2" }, "cryptography": { "hashes": [ - "sha256:0003a52a123602e1acee177dc90dd201f9bb1e73f24a070db7d36c588e8f5c7d", - "sha256:0e85aaae861d0485eb5a79d33226dd6248d2a9f133b81532c8f5aae37de10ff7", - "sha256:594a1db4511bc4d960571536abe21b4e5c3003e8750ab8365fafce71c5d86901", - "sha256:69e836c9e5ff4373ce6d3ab311c1a2eed274793083858d3cd4c7d12ce20d5f9c", - "sha256:788a3c9942df5e4371c199d10383f44a105d67d401fb4304178020142f020244", - "sha256:7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6", - "sha256:83d9d2dfec70364a74f4e7c70ad04d3ca2e6a08b703606993407bf46b97868c5", - "sha256:84ef7a0c10c24a7773163f917f1cb6b4444597efd505a8aed0a22e8c4780f27e", - "sha256:9e21301f7a1e7c03dbea73e8602905a4ebba641547a462b26dd03451e5769e7c", - "sha256:9f6b0492d111b43de5f70052e24c1f0951cb9e6022188ebcb1cc3a3d301469b0", - "sha256:a69bd3c68b98298f490e84519b954335154917eaab52cf582fa2c5c7efc6e812", - "sha256:b4890d5fb9b7a23e3bf8abf5a8a7da8e228f1e97dc96b30b95685df840b6914a", - "sha256:c366df0401d1ec4e548bebe8f91d55ebcc0ec3137900d214dd7aac8427ef3030", - "sha256:dc42f645f8f3a489c3dd416730a514e7a91a59510ddaadc09d04224c098d3302" + "sha256:0f1212a66329c80d68aeeb39b8a16d54ef57071bf22ff4e521657b27372e327d", + "sha256:1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959", + "sha256:240f5c21aef0b73f40bb9f78d2caff73186700bf1bc6b94285699aff98cc16c6", + "sha256:26965837447f9c82f1855e0bc8bc4fb910240b6e0d16a664bb722df3b5b06873", + "sha256:37340614f8a5d2fb9aeea67fd159bfe4f5f4ed535b1090ce8ec428b2f15a11f2", + "sha256:3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713", + "sha256:3d8427734c781ea5f1b41d6589c293089704d4759e34597dce91014ac125aad1", + "sha256:7ec5d3b029f5fa2b179325908b9cd93db28ab7b85bb6c1db56b10e0b54235177", + "sha256:8e56e16617872b0957d1c9742a3f94b43533447fd78321514abbe7db216aa250", + "sha256:de4e5f7f68220d92b7637fc99847475b59154b7a1b3868fb7385337af54ac9ca", + "sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d", + "sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9" ], - "index": "pypi", - "version": "==3.3.1" - }, - "dataclasses": { - "hashes": [ - "sha256:0201d89fa866f68c8ebd9d08ee6ff50c0b255f8ec63a71c16fda7af82bb887bf", - "sha256:8479067f342acf957dc82ec415d355ab5edb7e7646b90dc6e2fd1d96ad084c97" - ], - "markers": "python_version < '3.7'", - "version": "==0.8" + "version": "==3.4.7" }, "decorator": { "hashes": [ - "sha256:41fa54c2a0cc4ba648be4fd43cff00aedf5b9465c9bf18d64325bc225f08f760", - "sha256:e3a62f0520172440ca0dcc823749319382e377f37f140a0b99ef45fecb84bfe7" + "sha256:6e5c199c16f7a9f0e3a61a4a54b3d27e7dad0dbdde92b944426cb20914376323", + "sha256:72ecfba4320a893c53f9706bebb2d55c270c1e51a28789361aa93e4a21319ed5" ], - "index": "pypi", - "version": "==4.4.2" + "markers": "python_version >= '3.5'", + "version": "==5.0.9" }, "deprecated": { "hashes": [ - "sha256:471ec32b2755172046e28102cd46c481f21c6036a0ec027521eba8521aa4ef35", - "sha256:924b6921f822b64ec54f49be6700a126bab0640cfafca78f22c9d429ed590560" + "sha256:08452d69b6b5bc66e8330adde0a4f8642e969b9e1702904d137eeb29c8ffc771", + "sha256:6d2de2de7931a968874481ef30208fd4e08da39177d61d3d4ebdf4366e7dbca1" ], - "index": "pypi", - "version": "==1.2.11" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "version": "==1.2.12" }, "dnsdb2": { "hashes": [ - "sha256:55c9f43eb231ff21f40a69183fdb0220f175519e108bc19d0c098e07532d0dfe" + "sha256:e7ed25c8ca1e456c77deaf67f440ae0c2ff94c714dab4d67df14ccc82f501faf" ], "index": "pypi", - "version": "==1.1.2" + "version": "==1.1.3" }, "dnspython": { "hashes": [ - "sha256:40f563e1f7a7b80dc5a4e76ad75c23da53d62f1e15e6e517293b04e1f84ead7c", - "sha256:861e6e58faa730f9845aaaa9c6c832851fbf89382ac52915a51f89c71accdd31" + "sha256:95d12f6ef0317118d2a1a6fc49aac65ffec7eb8087474158f42f26a639135216", + "sha256:e4a87f0b573201a0f3727fa18a516b055fd1107e0e5477cded4a2de497df1dd4" ], "index": "pypi", - "version": "==1.15.0" - }, - "dnspython3": { - "hashes": [ - "sha256:6eb9504abafb91cb67ed9dc3d3289a3ccc438533b460eccbf77e36c5323100f4" - ], - "index": "pypi", - "version": "==1.15.0" + "version": "==2.1.0" }, "domaintools-api": { "hashes": [ - "sha256:62e2e688d14dbd7ca51a44bd0a8490aa69c712895475598afbdbb1e1e15bf2f2", - "sha256:fe75e3cc86e7e2904b06d8e94b1986e721fdce85d695c87d1140403957e4c989" + "sha256:10fd899b2fe063a23edbcf15daf516fe14fb4a67ef1bf72af630a183161cb003", + "sha256:fde92d0f1fb0cfc324548eca85c3bab7774ffa93581fd92ced954ce11d5891e1" ], "index": "pypi", - "version": "==0.5.2" + "version": "==0.5.4" }, "easygui": { "hashes": [ - "sha256:690658af9fca3f2f2a55f24421045f9b33ca33c877ed5fb61d4b942d8ec335f3", - "sha256:dbc89afbb1aca83830ea4af568eb2491654e16b2706a14d040757fdf1fafbbfe" + "sha256:073f728ca88a77b74f404446fb8ec3004945427677c5618bd00f70c1b999fef2", + "sha256:8d38764803c27bbccab2771e6c021cb20647049b36617f765fac79f01af07a27" ], - "index": "pypi", - "version": "==0.98.1" + "version": "==0.98.2" }, "ebcdic": { "hashes": [ "sha256:33b4cb729bc2d0bf46cc1847b0e5946897cb8d3f53520c5b9aa5fa98d7e735f1" ], - "index": "pypi", "version": "==1.1.1" }, "enum-compat": { @@ -359,22 +321,19 @@ "sha256:3677daabed56a6f724451d585662253d8fb4e5569845aafa8bb0da36b1a8751e", "sha256:88091b617c7fc3bbbceae50db5958023c48dc40b50520005aa3bf27f8f7ea157" ], - "index": "pypi", "version": "==0.0.3" }, "extract-msg": { "hashes": [ - "sha256:7300a50bfa91405a381826f8e22f39458c7322fea1cd660ef699c4157a58be4b", - "sha256:7ce5761911b2caa9f07042efdecfcc9cf4afe524c3efbfd0aa5fa277faa1cc53" + "sha256:6ad2702bef86e6c1b8505e2993c7f3d37a1f3d140903138ee2df4a299dd2a29c", + "sha256:7ebdbd7863a3699080a69f71ec0cd30ed9bfee70bad9acc6a8e6abe9523c78c0" ], - "index": "pypi", - "version": "==0.28.1" + "version": "==0.28.7" }, "ez-setup": { "hashes": [ "sha256:303c5b17d552d1e3fb0505d80549f8579f557e13d8dc90e5ecef3c07d7f58642" ], - "index": "pypi", "version": "==0.9" }, "ezodf": { @@ -384,11 +343,18 @@ "index": "pypi", "version": "==0.3.2" }, + "filelock": { + "hashes": [ + "sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59", + "sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836" + ], + "version": "==3.0.12" + }, "future": { "hashes": [ "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d" ], - "index": "pypi", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==0.18.2" }, "futures": { @@ -397,38 +363,36 @@ "sha256:51ecb45f0add83c806c68e4b06106f90db260585b25ef2abfcda0bd95c0132fd", "sha256:c4884a65654a7c45435063e14ae85280eb1f111d94e542396717ba9828c4337f" ], - "index": "pypi", "version": "==3.1.1" }, "geoip2": { "hashes": [ - "sha256:57d8d15de2527e0697bbef44fc16812bba709f03a07ef99297bd56c1df3b1efd", - "sha256:707025542ef076bd8fd80e97138bebdb7812527b2a007d141a27ad98b0370fff" + "sha256:906a1dbf15a179a1af3522970e8420ab15bb3e0afc526942cc179e12146d9c1d", + "sha256:b97b44031fdc463e84eb1316b4f19edd978cb1d78703465fcb1e36dc5a822ba6" ], "index": "pypi", - "version": "==4.1.0" + "version": "==4.2.0" }, "httplib2": { "hashes": [ - "sha256:8af66c1c52c7ffe1aa5dc4bcd7c769885254b0756e6e69f953c7f0ab49a70ba3", - "sha256:ca2914b015b6247791c4866782fa6042f495b94401a0f0bd3e1d6e0ba2236782" + "sha256:0b12617eeca7433d4c396a100eaecfa4b08ee99aa881e6df6e257a7aad5d533d", + "sha256:2ad195faf9faf079723f6714926e9a9061f694d07724b846658ce08d40f522b4" ], - "index": "pypi", - "version": "==0.18.1" + "version": "==0.19.1" }, "idna": { "hashes": [ "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6", "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.10" }, "idna-ssl": { "hashes": [ "sha256:a933e3bb13da54383f9e8f35dc4f9cb9eb9b3b78c6b36f311254d6d0d92c6c7c" ], - "index": "pypi", + "markers": "python_version < '3.7'", "version": "==1.1.0" }, "imapclient": { @@ -436,123 +400,131 @@ "sha256:3eeb97b9aa8faab0caa5024d74bfde59408fbd542781246f6960873c7bf0dd01", "sha256:60ba79758cc9f13ec910d7a3df9acaaf2bb6c458720d9a02ec33a41352fd1b99" ], - "index": "pypi", "version": "==2.1.0" }, - "importlib-metadata": { - "hashes": [ - "sha256:c9db46394197244adf2f0b08ec5bc3cf16757e9590b02af1fca085c16c0d600a", - "sha256:d2d46ef77ffc85cbf7dac7e81dd663fde71c45326131bea8033b9bad42268ebe" - ], - "markers": "python_version < '3.8'", - "version": "==3.10.0" - }, "isodate": { "hashes": [ "sha256:2e364a3d5759479cdb2d37cce6b9376ea504db2ff90252a2e5b7cc89cc9ff2d8", "sha256:aa4d33c06640f5352aca96e4b81afd8ab3b47337cc12089822d6f322ac772c81" ], - "index": "pypi", "version": "==0.6.0" }, + "itsdangerous": { + "hashes": [ + "sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c", + "sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.1" + }, "jbxapi": { "hashes": [ - "sha256:7cebd7ea73838ffd9e77b6a3bac6e4e1263b8cb4678b0579361b9257db684893" + "sha256:2cdb8e935cb35c3af83209b847cedb3911b5f0b4d905ed89f76fa0e34d62ea26" ], "index": "pypi", - "version": "==3.14.0" + "version": "==3.16.0" }, "json-log-formatter": { "hashes": [ - "sha256:ee187c9a80936cbf1259f73573973450fc24b84a4fb54e53eb0dcff86ea1e759" + "sha256:03029bddba697d2f6c81419a80f1c58d3a89ae715336c6a88b370e7d2c983198" ], - "index": "pypi", - "version": "==0.3.0" + "version": "==0.3.1" }, "jsonschema": { "hashes": [ "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163", "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a" ], - "index": "pypi", "version": "==3.2.0" }, "lark-parser": { "hashes": [ - "sha256:20bdefdf1b6e9bcb38165ea5cc4f27921a99c6f4c35264a3a953fd60335f1f8c", - "sha256:8b747e1f544dcc2789e3feaddd2a50c6a73bed69d62e9c69760c1e1f7d23495f" + "sha256:e29ca814a98bb0f81674617d878e5f611cb993c19ea47f22c80da3569425f9bd" ], - "index": "pypi", - "version": "==0.11.1" + "version": "==0.11.3" }, "lief": { "hashes": [ - "sha256:0cd2665ff28937755c8acedc2e3fb9de5ba752353e19b51b89297b8be3f63ccb", - "sha256:1a110bd5db41b4fde1a61094658b0366352ed4c0a00b55bde821046a59c2f913", - "sha256:1fb570712fa17ee153aca263ab1f1ec763772ccb46992e415b3dc1c0248466bc", - "sha256:2ee8f9787ea92109f19e5e4d22773042184ac524a3f11399ea5e13d974ac1f05", - "sha256:348ee294567826cad638b7e6cf2ede4ffe03524cd5b6038896f78e5b006d6295", - "sha256:77ba7dd0d48933c0b26c980bda1ab4a7ad3c7031880181fab0b94caad3bc1a4d", - "sha256:8774076dfbcf9b6906be4d9243de4a78fc09d317292251072d460ed1e0eeb96e", - "sha256:93d79a47db9977e6471b21d5efd4e7af4c29c76261d6583141fcf10f6ccd0eba", - "sha256:96d2a8d2310c7accaeb5c6679833c0cd8f0fb6d8c682a5df59d4d868c8881661", - "sha256:9837166402248a4ef29018d498c4eccc11cbc92ee4083da046fa747d3863b43d", - "sha256:9f2bd417090df21548af3a0216f3a02056291348c0826a5ff78e3f3046283978", - "sha256:ad19b9ef5c2a2552a82683bbf92ef3e986b422d552968b378195e356191aa545", - "sha256:afe4d15b519dd7d97732e85b7a2b11154c97a40ce517e1044b5cd5f80074ce36", - "sha256:b0a55424b3ffa08d16bf8ee6e5e9474b0a4b392ca4d94545c16e47e6366e41d4", - "sha256:ccf977099153eaefa351e72e84dfa829334699521ef00434b50647d80de2cc56", - "sha256:d95cf1224c7b311b8d25dbd4de627d28717266e62b9721f1dc4c8427f929a60f", - "sha256:e6ff05e6ebcb9bea8833fcb558d4db3bc2a78031c4792fcac9f9612fa78258b3", - "sha256:e8c66834a0ee9ed1899db165c09ca04aba8dee574de1ccc866d82fbf0c059bb8", - "sha256:f31fde4e7174b4bc9b67ff22fd93fa15fc3faa1592ac669f3addc95d9e66168e", - "sha256:f9b00c396c9f45c5f4cf37c034428ad525d6d7c7d38fc6c49ddc4b558201151b" + "sha256:17314177c0124ccd450554bbcb203b8cd2660c94e36bdc05a6eba04bb0af3954", + "sha256:1cca100e77382f4137a3b1283769efa0e68a965fa4f3e21e64e3f67b6e22fdc8", + "sha256:208294f208354f57ded772efc4c3b2ea61fae35325a048d38c21571cb35e4bfc", + "sha256:3f510836d19cee407015ee565ea566e444471f0ecb3028a5c5e2219a7583f3c4", + "sha256:44bd7804a39837ff46cd543154f6e4a28e2d4fafa312752ca6deea1c849995ce", + "sha256:5122e4e70fecc32e7fdf2e9cd9b580ddd63fb4509eae373be78b3c11d67175b8", + "sha256:544b0f8a587bc5f6fd39cf47d9785af2714f982682efcd1dd3291604e7cb6351", + "sha256:5a0da170943aaf7019b27b9a7199b860298426c0455f88add392f472605c39ee", + "sha256:5f5fb42461b5d5d5b2ccf7fe17e8f26bd632afcbaedf29a9d30819eeea5dab29", + "sha256:621ad19f77884a008d61e05b92aed8309a8460e93916f4722439beaa529ca37d", + "sha256:710112ebc642bf5287a7b25c54c8a4e1079cbb403d4e844a364e1c3cbed52486", + "sha256:8b219ce4a41b0734fe9a7fbfde7d23a92bc005c8684882662808fc438568c1b5", + "sha256:8fd1ecdb3001e8e19df7278b77df5d6394ad6071354e177d11ad08b0a727d390", + "sha256:932ba495388fb52b4ba056a0b00abe0bda3567ad3ebc6d726be1e87b8be08b3f", + "sha256:9c6cc9da3e3a56ad29fc4e77e7109e960bd0cae3e3ba5307e3ae5c65d85fbdc4", + "sha256:a1f7792f1d811a898d3d676c32731d6b055573a2c3e67988ab1b32917db3de96", + "sha256:a4bb649a2f5404b8e2e4b8beb3772466430e7382fc5f7f014f3f778137133987", + "sha256:b275a542b5ef173ec9602d2f511a895c4228db63bbbc58699859da4afe8bfd58", + "sha256:bfc0246af63361e22a952f8babd542477d64288d993c5a053a72f9e3f59da795", + "sha256:c672dcd78dbbe2c0746721cdb1593b237a8b983d039e73713b055449e4a58207", + "sha256:c773eaee900f398cc98a9c8501d9ab7465af9729979841bb78f4aaa8b821fd9a", + "sha256:e6d9621c1db852ca4de37efe98151838edf0a976fe03cace471b3a761861f95e", + "sha256:e743345290649f54efcf2c1ea530f3520a7b22583fb8b0772df48b1901ecb1ea", + "sha256:eb8c2ae617ff54c4ea73dbd055544681b3cfeafbdbf0fe4535fac494515ab65b", + "sha256:f4e8a878615a46ef4ae016261a59152b8c019a35adb865e26a37c8ef25200d7e", + "sha256:fd41077526e30bfcafa3d03bff8466a4a9ae4bbe21cadd6a09168a62ce18710c" ], - "index": "pypi", - "version": "==0.11.0" + "version": "==0.11.5" }, "lxml": { "hashes": [ - "sha256:0448576c148c129594d890265b1a83b9cd76fd1f0a6a04620753d9a6bcfd0a4d", - "sha256:127f76864468d6630e1b453d3ffbbd04b024c674f55cf0a30dc2595137892d37", - "sha256:1471cee35eba321827d7d53d104e7b8c593ea3ad376aa2df89533ce8e1b24a01", - "sha256:2363c35637d2d9d6f26f60a208819e7eafc4305ce39dc1d5005eccc4593331c2", - "sha256:2e5cc908fe43fe1aa299e58046ad66981131a66aea3129aac7770c37f590a644", - "sha256:2e6fd1b8acd005bd71e6c94f30c055594bbd0aa02ef51a22bbfa961ab63b2d75", - "sha256:366cb750140f221523fa062d641393092813b81e15d0e25d9f7c6025f910ee80", - "sha256:42ebca24ba2a21065fb546f3e6bd0c58c3fe9ac298f3a320147029a4850f51a2", - "sha256:4e751e77006da34643ab782e4a5cc21ea7b755551db202bc4d3a423b307db780", - "sha256:4fb85c447e288df535b17ebdebf0ec1cf3a3f1a8eba7e79169f4f37af43c6b98", - "sha256:50c348995b47b5a4e330362cf39fc503b4a43b14a91c34c83b955e1805c8e308", - "sha256:535332fe9d00c3cd455bd3dd7d4bacab86e2d564bdf7606079160fa6251caacf", - "sha256:535f067002b0fd1a4e5296a8f1bf88193080ff992a195e66964ef2a6cfec5388", - "sha256:5be4a2e212bb6aa045e37f7d48e3e1e4b6fd259882ed5a00786f82e8c37ce77d", - "sha256:60a20bfc3bd234d54d49c388950195d23a5583d4108e1a1d47c9eef8d8c042b3", - "sha256:648914abafe67f11be7d93c1a546068f8eff3c5fa938e1f94509e4a5d682b2d8", - "sha256:681d75e1a38a69f1e64ab82fe4b1ed3fd758717bed735fb9aeaa124143f051af", - "sha256:68a5d77e440df94011214b7db907ec8f19e439507a70c958f750c18d88f995d2", - "sha256:69a63f83e88138ab7642d8f61418cf3180a4d8cd13995df87725cb8b893e950e", - "sha256:6e4183800f16f3679076dfa8abf2db3083919d7e30764a069fb66b2b9eff9939", - "sha256:6fd8d5903c2e53f49e99359b063df27fdf7acb89a52b6a12494208bf61345a03", - "sha256:791394449e98243839fa822a637177dd42a95f4883ad3dec2a0ce6ac99fb0a9d", - "sha256:7a7669ff50f41225ca5d6ee0a1ec8413f3a0d8aa2b109f86d540887b7ec0d72a", - "sha256:7e9eac1e526386df7c70ef253b792a0a12dd86d833b1d329e038c7a235dfceb5", - "sha256:7ee8af0b9f7de635c61cdd5b8534b76c52cd03536f29f51151b377f76e214a1a", - "sha256:8246f30ca34dc712ab07e51dc34fea883c00b7ccb0e614651e49da2c49a30711", - "sha256:8c88b599e226994ad4db29d93bc149aa1aff3dc3a4355dd5757569ba78632bdf", - "sha256:923963e989ffbceaa210ac37afc9b906acebe945d2723e9679b643513837b089", - "sha256:94d55bd03d8671686e3f012577d9caa5421a07286dd351dfef64791cf7c6c505", - "sha256:97db258793d193c7b62d4e2586c6ed98d51086e93f9a3af2b2034af01450a74b", - "sha256:a9d6bc8642e2c67db33f1247a77c53476f3a166e09067c0474facb045756087f", - "sha256:cd11c7e8d21af997ee8079037fff88f16fda188a9776eb4b81c7e4c9c0a7d7fc", - "sha256:d8d3d4713f0c28bdc6c806a278d998546e8efc3498949e3ace6e117462ac0a5e", - "sha256:e0bfe9bb028974a481410432dbe1b182e8191d5d40382e5b8ff39cdd2e5c5931", - "sha256:f4822c0660c3754f1a41a655e37cb4dbbc9be3d35b125a37fab6f82d47674ebc", - "sha256:f83d281bb2a6217cd806f4cf0ddded436790e66f393e124dfe9731f6b3fb9afe", - "sha256:fc37870d6716b137e80d19241d0e2cff7a7643b925dfa49b4c8ebd1295eb506e" + "sha256:079f3ae844f38982d156efce585bc540c16a926d4436712cf4baee0cce487a3d", + "sha256:0fbcf5565ac01dff87cbfc0ff323515c823081c5777a9fc7703ff58388c258c3", + "sha256:122fba10466c7bd4178b07dba427aa516286b846b2cbd6f6169141917283aae2", + "sha256:1b38116b6e628118dea5b2186ee6820ab138dbb1e24a13e478490c7db2f326ae", + "sha256:1b7584d421d254ab86d4f0b13ec662a9014397678a7c4265a02a6d7c2b18a75f", + "sha256:26e761ab5b07adf5f555ee82fb4bfc35bf93750499c6c7614bd64d12aaa67927", + "sha256:289e9ca1a9287f08daaf796d96e06cb2bc2958891d7911ac7cae1c5f9e1e0ee3", + "sha256:2a9d50e69aac3ebee695424f7dbd7b8c6d6eb7de2a2eb6b0f6c7db6aa41e02b7", + "sha256:3082c518be8e97324390614dacd041bb1358c882d77108ca1957ba47738d9d59", + "sha256:33bb934a044cf32157c12bfcfbb6649807da20aa92c062ef51903415c704704f", + "sha256:3439c71103ef0e904ea0a1901611863e51f50b5cd5e8654a151740fde5e1cade", + "sha256:36108c73739985979bf302006527cf8a20515ce444ba916281d1c43938b8bb96", + "sha256:39b78571b3b30645ac77b95f7c69d1bffc4cf8c3b157c435a34da72e78c82468", + "sha256:4289728b5e2000a4ad4ab8da6e1db2e093c63c08bdc0414799ee776a3f78da4b", + "sha256:4bff24dfeea62f2e56f5bab929b4428ae6caba2d1eea0c2d6eb618e30a71e6d4", + "sha256:4c61b3a0db43a1607d6264166b230438f85bfed02e8cff20c22e564d0faff354", + "sha256:542d454665a3e277f76954418124d67516c5f88e51a900365ed54a9806122b83", + "sha256:5a0a14e264069c03e46f926be0d8919f4105c1623d620e7ec0e612a2e9bf1c04", + "sha256:5c8c163396cc0df3fd151b927e74f6e4acd67160d6c33304e805b84293351d16", + "sha256:66e575c62792c3f9ca47cb8b6fab9e35bab91360c783d1606f758761810c9791", + "sha256:6f12e1427285008fd32a6025e38e977d44d6382cf28e7201ed10d6c1698d2a9a", + "sha256:74f7d8d439b18fa4c385f3f5dfd11144bb87c1da034a466c5b5577d23a1d9b51", + "sha256:7610b8c31688f0b1be0ef882889817939490a36d0ee880ea562a4e1399c447a1", + "sha256:76fa7b1362d19f8fbd3e75fe2fb7c79359b0af8747e6f7141c338f0bee2f871a", + "sha256:7728e05c35412ba36d3e9795ae8995e3c86958179c9770e65558ec3fdfd3724f", + "sha256:8157dadbb09a34a6bd95a50690595e1fa0af1a99445e2744110e3dca7831c4ee", + "sha256:820628b7b3135403540202e60551e741f9b6d3304371712521be939470b454ec", + "sha256:884ab9b29feaca361f7f88d811b1eea9bfca36cf3da27768d28ad45c3ee6f969", + "sha256:89b8b22a5ff72d89d48d0e62abb14340d9e99fd637d046c27b8b257a01ffbe28", + "sha256:92e821e43ad382332eade6812e298dc9701c75fe289f2a2d39c7960b43d1e92a", + "sha256:b007cbb845b28db4fb8b6a5cdcbf65bacb16a8bd328b53cbc0698688a68e1caa", + "sha256:bc4313cbeb0e7a416a488d72f9680fffffc645f8a838bd2193809881c67dd106", + "sha256:bccbfc27563652de7dc9bdc595cb25e90b59c5f8e23e806ed0fd623755b6565d", + "sha256:c47ff7e0a36d4efac9fd692cfa33fbd0636674c102e9e8d9b26e1b93a94e7617", + "sha256:c4f05c5a7c49d2fb70223d0d5bcfbe474cf928310ac9fa6a7c6dddc831d0b1d4", + "sha256:cdaf11d2bd275bf391b5308f86731e5194a21af45fbaaaf1d9e8147b9160ea92", + "sha256:ce256aaa50f6cc9a649c51be3cd4ff142d67295bfc4f490c9134d0f9f6d58ef0", + "sha256:d2e35d7bf1c1ac8c538f88d26b396e73dd81440d59c1ef8522e1ea77b345ede4", + "sha256:d916d31fd85b2f78c76400d625076d9124de3e4bda8b016d25a050cc7d603f24", + "sha256:df7c53783a46febb0e70f6b05df2ba104610f2fb0d27023409734a3ecbb78fb2", + "sha256:e1cbd3f19a61e27e011e02f9600837b921ac661f0c40560eefb366e4e4fb275e", + "sha256:efac139c3f0bf4f0939f9375af4b02c5ad83a622de52d6dfa8e438e8e01d0eb0", + "sha256:efd7a09678fd8b53117f6bae4fa3825e0a22b03ef0a932e070c0bdbb3a35e654", + "sha256:f2380a6376dfa090227b663f9678150ef27543483055cc327555fb592c5967e2", + "sha256:f8380c03e45cf09f8557bdaa41e1fa7c81f3ae22828e1db470ab2a6c96d8bc23", + "sha256:f90ba11136bfdd25cae3951af8da2e95121c9b9b93727b1b896e3fa105b2f586" ], "index": "pypi", - "version": "==4.6.2" + "version": "==4.6.3" }, "maclookup": { "hashes": [ @@ -574,19 +546,20 @@ "hashes": [ "sha256:47e86a084dd814fac88c99ea34ba3278a74bc9de5a25f4b815b608798747c7dc" ], - "index": "pypi", + "markers": "python_version >= '3.6'", "version": "==2.0.3" }, "misp-modules": { "editable": true, - "file": "file:///usr/local/src/misp-modules" + "path": "." }, "msoffcrypto-tool": { "hashes": [ - "sha256:56a1fe5e58ca417ca8756e8d7224ae599323996da65f81a35273c0f1e2eaf490" + "sha256:234f85ef59945fa1ebb618ca029f31f0cb43a637344dbda5c1bb8578b2d96a68", + "sha256:7f04b621365e3753f8cef8ba40536acc23d0d201c0ad2dcb1b3d82c83056b7ff" ], - "index": "pypi", - "version": "==4.11.0" + "markers": "platform_python_implementation != 'PyPy' or (python_version >= '3' and platform_system != 'Windows' and platform_system != 'Darwin')", + "version": "==4.12.0" }, "multidict": { "hashes": [ @@ -628,7 +601,7 @@ "sha256:f21756997ad8ef815d8ef3d34edd98804ab5ea337feedcd62fb52d22bf531281", "sha256:fc13a9524bc18b6fb6e0dbec3533ba0496bbed167c56d0aabefd965584557d80" ], - "index": "pypi", + "markers": "python_version >= '3.6'", "version": "==5.1.0" }, "np": { @@ -640,43 +613,33 @@ }, "numpy": { "hashes": [ - "sha256:012426a41bc9ab63bb158635aecccc7610e3eff5d31d1eb43bc099debc979d94", - "sha256:06fab248a088e439402141ea04f0fffb203723148f6ee791e9c75b3e9e82f080", - "sha256:0eef32ca3132a48e43f6a0f5a82cb508f22ce5a3d6f67a8329c81c8e226d3f6e", - "sha256:1ded4fce9cfaaf24e7a0ab51b7a87be9038ea1ace7f34b841fe3b6894c721d1c", - "sha256:2e55195bc1c6b705bfd8ad6f288b38b11b1af32f3c8289d6c50d47f950c12e76", - "sha256:2ea52bd92ab9f768cc64a4c3ef8f4b2580a17af0a5436f6126b08efbd1838371", - "sha256:36674959eed6957e61f11c912f71e78857a8d0604171dfd9ce9ad5cbf41c511c", - "sha256:384ec0463d1c2671170901994aeb6dce126de0a95ccc3976c43b0038a37329c2", - "sha256:39b70c19ec771805081578cc936bbe95336798b7edf4732ed102e7a43ec5c07a", - "sha256:400580cbd3cff6ffa6293df2278c75aef2d58d8d93d3c5614cd67981dae68ceb", - "sha256:43d4c81d5ffdff6bae58d66a3cd7f54a7acd9a0e7b18d97abb255defc09e3140", - "sha256:50a4a0ad0111cc1b71fa32dedd05fa239f7fb5a43a40663269bb5dc7877cfd28", - "sha256:603aa0706be710eea8884af807b1b3bc9fb2e49b9f4da439e76000f3b3c6ff0f", - "sha256:6149a185cece5ee78d1d196938b2a8f9d09f5a5ebfbba66969302a778d5ddd1d", - "sha256:759e4095edc3c1b3ac031f34d9459fa781777a93ccc633a472a5468587a190ff", - "sha256:7fb43004bce0ca31d8f13a6eb5e943fa73371381e53f7074ed21a4cb786c32f8", - "sha256:811daee36a58dc79cf3d8bdd4a490e4277d0e4b7d103a001a4e73ddb48e7e6aa", - "sha256:8b5e972b43c8fc27d56550b4120fe6257fdc15f9301914380b27f74856299fea", - "sha256:99abf4f353c3d1a0c7a5f27699482c987cf663b1eac20db59b8c7b061eabd7fc", - "sha256:a0d53e51a6cb6f0d9082decb7a4cb6dfb33055308c4c44f53103c073f649af73", - "sha256:a12ff4c8ddfee61f90a1633a4c4afd3f7bcb32b11c52026c92a12e1325922d0d", - "sha256:a4646724fba402aa7504cd48b4b50e783296b5e10a524c7a6da62e4a8ac9698d", - "sha256:a76f502430dd98d7546e1ea2250a7360c065a5fdea52b2dffe8ae7180909b6f4", - "sha256:a9d17f2be3b427fbb2bce61e596cf555d6f8a56c222bd2ca148baeeb5e5c783c", - "sha256:ab83f24d5c52d60dbc8cd0528759532736b56db58adaa7b5f1f76ad551416a1e", - "sha256:aeb9ed923be74e659984e321f609b9ba54a48354bfd168d21a2b072ed1e833ea", - "sha256:c843b3f50d1ab7361ca4f0b3639bf691569493a56808a0b0c54a051d260b7dbd", - "sha256:cae865b1cae1ec2663d8ea56ef6ff185bad091a5e33ebbadd98de2cfa3fa668f", - "sha256:cc6bd4fd593cb261332568485e20a0712883cf631f6f5e8e86a52caa8b2b50ff", - "sha256:cf2402002d3d9f91c8b01e66fbb436a4ed01c6498fffed0e4c7566da1d40ee1e", - "sha256:d051ec1c64b85ecc69531e1137bb9751c6830772ee5c1c426dbcfe98ef5788d7", - "sha256:d6631f2e867676b13026e2846180e2c13c1e11289d67da08d71cacb2cd93d4aa", - "sha256:dbd18bcf4889b720ba13a27ec2f2aac1981bd41203b3a3b27ba7a33f88ae4827", - "sha256:df609c82f18c5b9f6cb97271f03315ff0dbe481a2a02e56aeb1b1a985ce38e60" + "sha256:1676b0a292dd3c99e49305a16d7a9f42a4ab60ec522eac0d3dd20cdf362ac010", + "sha256:16f221035e8bd19b9dc9a57159e38d2dd060b48e93e1d843c49cb370b0f415fd", + "sha256:43909c8bb289c382170e0282158a38cf306a8ad2ff6dfadc447e90f9961bef43", + "sha256:4e465afc3b96dbc80cf4a5273e5e2b1e3451286361b4af70ce1adb2984d392f9", + "sha256:55b745fca0a5ab738647d0e4db099bd0a23279c32b31a783ad2ccea729e632df", + "sha256:5d050e1e4bc9ddb8656d7b4f414557720ddcca23a5b88dd7cff65e847864c400", + "sha256:637d827248f447e63585ca3f4a7d2dfaa882e094df6cfa177cc9cf9cd6cdf6d2", + "sha256:6690080810f77485667bfbff4f69d717c3be25e5b11bb2073e76bb3f578d99b4", + "sha256:66fbc6fed94a13b9801fb70b96ff30605ab0a123e775a5e7a26938b717c5d71a", + "sha256:67d44acb72c31a97a3d5d33d103ab06d8ac20770e1c5ad81bdb3f0c086a56cf6", + "sha256:6ca2b85a5997dabc38301a22ee43c82adcb53ff660b89ee88dded6b33687e1d8", + "sha256:6e51534e78d14b4a009a062641f465cfaba4fdcb046c3ac0b1f61dd97c861b1b", + "sha256:70eb5808127284c4e5c9e836208e09d685a7978b6a216db85960b1a112eeace8", + "sha256:830b044f4e64a76ba71448fce6e604c0fc47a0e54d8f6467be23749ac2cbd2fb", + "sha256:8b7bb4b9280da3b2856cb1fc425932f46fba609819ee1c62256f61799e6a51d2", + "sha256:a9c65473ebc342715cb2d7926ff1e202c26376c0dcaaee85a1fd4b8d8c1d3b2f", + "sha256:c1c09247ccea742525bdb5f4b5ceeacb34f95731647fe55774aa36557dbb5fa4", + "sha256:c5bf0e132acf7557fc9bb8ded8b53bbbbea8892f3c9a1738205878ca9434206a", + "sha256:db250fd3e90117e0312b611574cd1b3f78bec046783195075cbd7ba9c3d73f16", + "sha256:e515c9a93aebe27166ec9593411c58494fa98e5fcc219e47260d9ab8a1cc7f9f", + "sha256:e55185e51b18d788e49fe8305fd73ef4470596b33fc2c1ceb304566b99c71a69", + "sha256:ea9cff01e75a956dbee133fa8e5b68f2f92175233de2f88de3a682dd94deda65", + "sha256:f1452578d0516283c87608a5a5548b0cdde15b99650efdfd85182102ef7a7c17", + "sha256:f39a995e47cb8649673cfa0579fbdd1cdd33ea497d1728a6cb194d6252268e48" ], - "index": "pypi", - "version": "==1.19.5" + "markers": "python_version >= '3.7'", + "version": "==1.20.3" }, "oauth2": { "hashes": [ @@ -695,76 +658,63 @@ "hashes": [ "sha256:133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.46" }, "oletools": { "hashes": [ - "sha256:8481cd60352399e15e9290ac57862a65952e9c83e3526ba833991a5c78f5cca1" + "sha256:e2a6d3e3c860822d8539d47cfd89bb681a9663ae4d1ea9ec99e88b14d85b6c4e", + "sha256:eb5310d15e79201f4d33d8107209dd8795a7ea0178030ecbc45c4cc915a166e2" ], - "index": "pypi", - "version": "==0.56" + "version": "==0.56.2" }, "opencv-python": { "hashes": [ - "sha256:30edebc81b260bcfeb760b3600c367c5261dfb2fe41e5d1408d5357d0867b40d", - "sha256:32dee1c9fd3e31e28edef7b56f868e2b40e280b7062304f9fb8a14dbc51547d5", - "sha256:4982fa8ccc38310a2bd93e06334ba090b12b6aff2f6fcb8ff9613e3c9bc48f48", - "sha256:5172cb37dfd8a0b4945b071a493eb36e5f17675a160637fa380f9c1d9d80535c", - "sha256:6d8434a45e8f75c4da5fd0068ce001f4f8e35771cc851d746d4721eeaf517e25", - "sha256:78a6db8467639383caedf1d111da3510a4ee1a0aacf2117821cae2ee8f92ce37", - "sha256:9646875c501788b1b098f282d777b667d6da69801739504f1b2fd1268970d1da", - "sha256:9c77d508e6822f1f40c727d21b822d017622d8305dce7eccf0ab06caac16d5c6", - "sha256:a1dfa0486db367594510c0c799ec7481247dc86e651b69008806d875ab731471", - "sha256:b2b9ac86aec5f2dd531545cebdea1a1ef4f81ef1fb1760d78b4725f9575504f9", - "sha256:bcb27773cfd5340b2b599b303d9f5499838ef4780c20c038f6030175408c64df", - "sha256:c0503bfaa2b7b743d6ff5d81f1dd8428dbf4c33e7e4f836456d11be20c2e7721", - "sha256:c1159d91f29a85c3333edef6ca420284566d9bcdae46dda2fe7282515b48c8b6", - "sha256:c4ea4f8b217f3e8be6247fc0787fb81797d85202c722523f41070124a7a621c7", - "sha256:c8cc1f5ff3c352ebe756119014c4e4ec7ae5ac536d1f66b0316667ced37637c8", - "sha256:d16144c435b816c5536d5ff012c1a2b7e93155017db7103942ff7efb98c4df1f", - "sha256:d8aefcb30b71064dbbaa2b0ace161a36464c29375a83998fbda39a1d1740f942", - "sha256:e27d062fa1098d90f48b6c047351c89816492a08906a021c973ce510b04a7b9d", - "sha256:e2c17714da59d9d516ceef0450766ff9557ee232d62f702665af905193557582", - "sha256:e38fbd7b2db03204ec09930609b7313d6b6d2b271c8fe2c0aa271fa69b726a1b", - "sha256:e77d0feaff37326f62b127098264e2a7099deb476e38432b1083ce11cdedf560", - "sha256:ebe83901971a6755512424c4fe9f63341cca501b7c497bf608dd38ee31ba3f4c", - "sha256:efac9893d9e21cfb599828801c755ecde8f1e657f05ec6f002efe19422456d5a", - "sha256:fc1472b825d26c8a4f1cfb172a90c3cc47733e4af7522276c1c2efe8f6006a8b", - "sha256:ffc75c614b8dc3d8102f3ba15dafd6ec0400c7ffa71a91953d41511964ee50e0" + "sha256:0118a086fad8d77acdf46ac68df49d4167fbb85420f8bcf2615d7b74fc03aae0", + "sha256:050227e5728ea8316ec114aca8f43d56253cbb1c50983e3b136a988254a83118", + "sha256:08327a38564786bf73e387736f080e8ad4c110b394ca4af2ecec8277b305bf44", + "sha256:0a3aef70b7c53bbd22ade86a4318b8a2ad98d3c3ed3d0c315f18bf1a2d868709", + "sha256:10325c3fd571e33a11eb5f0e5d265d73baef22dbb34c977f28df7e22de47b0bc", + "sha256:2436b71346d1eed423577fac8cd3aa9c0832ea97452444dc7f856b2f09600dba", + "sha256:4b8814d3f0cf01e8b8624125f7dcfb095893abcc04083cb4968fa1629bc81161", + "sha256:4e6c2d8320168a4f76822fbb76df3b18688ac5e068d49ac38a4ce39af0f8e1a6", + "sha256:6b2573c6367ec0052b37e375d18638a885dd7a10a5ef8dd726b391969c227f23", + "sha256:6e2070e35f2aaca3d1259093c786d4e373004b36d89a94e81943247c6ed3d4e1", + "sha256:89a2b45429bf945988a17b0404431d9d8fdc9e04fb2450b56fa01f6f9477101d", + "sha256:8cf81f53ac5ad900ca443a8252c4e0bc1256f1c2cb2d8459df2ba1ac014dfa36", + "sha256:9680ab256ab31bdafd74f6cf55eb570e5629b5604d50fd69dd1bd2a8124f0611", + "sha256:a8020cc6145c6934192189058743a55189750df6dff894396edb8b35a380cc48", + "sha256:b3bef3f2a2ab3c201784d12ec6b5c9e61c920c15b6854d8d2f62fd019e3df846", + "sha256:b724a96eeb88842bd2371b1ffe2da73b6295063ba5c029aa34139d25b8315a3f", + "sha256:c446555cbbc4f5e809f9c15ac1b6200024032d9859f5ac5a2ca7669d09e4c91c", + "sha256:d9004e2cc90bb2862cdc1d062fac5163d3def55b200081d4520d3e90b4c7197b", + "sha256:ef3102b70aa59ab3fed69df30465c1b7587d681e963dfff5146de233c75df7ba", + "sha256:f12f39c1e5001e1c00df5873e3eee6f0232b7723a60b7ef438b1e23f1341df0e" ], "index": "pypi", - "version": "==4.5.1.48" + "version": "==4.5.2.54" }, "pandas": { "hashes": [ - "sha256:0a643bae4283a37732ddfcecab3f62dd082996021b980f580903f4e8e01b3c5b", - "sha256:0de3ddb414d30798cbf56e642d82cac30a80223ad6fe484d66c0ce01a84d6f2f", - "sha256:19a2148a1d02791352e9fa637899a78e371a3516ac6da5c4edc718f60cbae648", - "sha256:21b5a2b033380adbdd36b3116faaf9a4663e375325831dac1b519a44f9e439bb", - "sha256:24c7f8d4aee71bfa6401faeba367dd654f696a77151a8a28bc2013f7ced4af98", - "sha256:26fa92d3ac743a149a31b21d6f4337b0594b6302ea5575b37af9ca9611e8981a", - "sha256:2860a97cbb25444ffc0088b457da0a79dc79f9c601238a3e0644312fcc14bf11", - "sha256:2b1c6cd28a0dfda75c7b5957363333f01d370936e4c6276b7b8e696dd500582a", - "sha256:2c2f7c670ea4e60318e4b7e474d56447cf0c7d83b3c2a5405a0dbb2600b9c48e", - "sha256:3be7a7a0ca71a2640e81d9276f526bca63505850add10206d0da2e8a0a325dae", - "sha256:4c62e94d5d49db116bef1bd5c2486723a292d79409fc9abd51adf9e05329101d", - "sha256:5008374ebb990dad9ed48b0f5d0038124c73748f5384cc8c46904dace27082d9", - "sha256:5447ea7af4005b0daf695a316a423b96374c9c73ffbd4533209c5ddc369e644b", - "sha256:573fba5b05bf2c69271a32e52399c8de599e4a15ab7cec47d3b9c904125ab788", - "sha256:5a780260afc88268a9d3ac3511d8f494fdcf637eece62fb9eb656a63d53eb7ca", - "sha256:70865f96bb38fec46f7ebd66d4b5cfd0aa6b842073f298d621385ae3898d28b5", - "sha256:731568be71fba1e13cae212c362f3d2ca8932e83cb1b85e3f1b4dd77d019254a", - "sha256:b61080750d19a0122469ab59b087380721d6b72a4e7d962e4d7e63e0c4504814", - "sha256:bf23a3b54d128b50f4f9d4675b3c1857a688cc6731a32f931837d72effb2698d", - "sha256:c16d59c15d946111d2716856dd5479221c9e4f2f5c7bc2d617f39d870031e086", - "sha256:c61c043aafb69329d0f961b19faa30b1dab709dd34c9388143fc55680059e55a", - "sha256:c94ff2780a1fd89f190390130d6d36173ca59fcfb3fe0ff596f9a56518191ccb", - "sha256:edda9bacc3843dfbeebaf7a701763e68e741b08fccb889c003b0a52f0ee95782", - "sha256:f10fc41ee3c75a474d3bdf68d396f10782d013d7f67db99c0efbfd0acb99701b" + "sha256:167693a80abc8eb28051fbd184c1b7afd13ce2c727a5af47b048f1ea3afefff4", + "sha256:2111c25e69fa9365ba80bbf4f959400054b2771ac5d041ed19415a8b488dc70a", + "sha256:298f0553fd3ba8e002c4070a723a59cdb28eda579f3e243bc2ee397773f5398b", + "sha256:2b063d41803b6a19703b845609c0b700913593de067b552a8b24dd8eeb8c9895", + "sha256:2cb7e8f4f152f27dc93f30b5c7a98f6c748601ea65da359af734dd0cf3fa733f", + "sha256:52d2472acbb8a56819a87aafdb8b5b6d2b3386e15c95bde56b281882529a7ded", + "sha256:612add929bf3ba9d27b436cc8853f5acc337242d6b584203f207e364bb46cb12", + "sha256:649ecab692fade3cbfcf967ff936496b0cfba0af00a55dfaacd82bdda5cb2279", + "sha256:68d7baa80c74aaacbed597265ca2308f017859123231542ff8a5266d489e1858", + "sha256:8d4c74177c26aadcfb4fd1de6c1c43c2bf822b3e0fc7a9b409eeaf84b3e92aaa", + "sha256:971e2a414fce20cc5331fe791153513d076814d30a60cd7348466943e6e909e4", + "sha256:9db70ffa8b280bb4de83f9739d514cd0735825e79eef3a61d312420b9f16b758", + "sha256:b730add5267f873b3383c18cac4df2527ac4f0f0eed1c6cf37fcb437e25cf558", + "sha256:bd659c11a4578af740782288cac141a322057a2e36920016e0fc7b25c5a4b686", + "sha256:c601c6fdebc729df4438ec1f62275d6136a0dd14d332fc0e8ce3f7d2aadb4dd6", + "sha256:d0877407359811f7b853b548a614aacd7dea83b0c0c84620a9a643f180060950" ], "index": "pypi", - "version": "==1.1.5" + "version": "==1.2.4" }, "pandas-ods-reader": { "hashes": [ @@ -776,72 +726,71 @@ }, "passivetotal": { "hashes": [ - "sha256:2944974d380a41f19f8fbb3d7cbfc8285479eb81092940b57bf0346d66706a05", - "sha256:a0cbea84b0bd6e9f3694ddeb447472b3d6f09e28940a7a0388456b8cf6a8e478", - "sha256:e35bf2cbccb385795a67d66f180d14ce9136cf1611b1c3da8a1055a1aced6264" + "sha256:32740c5b5a1f950320c0350aa002b0b35cda5941db7e441b22b01419f4923eec", + "sha256:3c2c7be55764930d7db83ad53baa42e69228d1534195451cc3a519f866a856c8" ], "index": "pypi", - "version": "==1.0.31" + "version": "==2.4.2" }, "pcodedmp": { "hashes": [ "sha256:025f8c809a126f45a082ffa820893e6a8d990d9d7ddb68694b5a9f0a6dbcd955", "sha256:4441f7c0ab4cbda27bd4668db3b14f36261d86e5059ce06c0828602cbe1c4278" ], - "index": "pypi", "version": "==1.2.6" }, "pdftotext": { "hashes": [ - "sha256:98aeb8b07a4127e1a30223bd933ef080bbd29aa88f801717ca6c5618380b8aa6" + "sha256:caf8ddbaeaf0a5897f07655a71747242addab2e695e84c5d47f2ea92dfe2a594" ], "index": "pypi", - "version": "==2.1.5" + "version": "==2.1.6" }, "pillow": { "hashes": [ - "sha256:165c88bc9d8dba670110c689e3cc5c71dbe4bfb984ffa7cbebf1fac9554071d6", - "sha256:1d208e670abfeb41b6143537a681299ef86e92d2a3dac299d3cd6830d5c7bded", - "sha256:22d070ca2e60c99929ef274cfced04294d2368193e935c5d6febfd8b601bf865", - "sha256:2353834b2c49b95e1313fb34edf18fca4d57446675d05298bb694bca4b194174", - "sha256:39725acf2d2e9c17356e6835dccebe7a697db55f25a09207e38b835d5e1bc032", - "sha256:3de6b2ee4f78c6b3d89d184ade5d8fa68af0848f9b6b6da2b9ab7943ec46971a", - "sha256:47c0d93ee9c8b181f353dbead6530b26980fe4f5485aa18be8f1fd3c3cbc685e", - "sha256:5e2fe3bb2363b862671eba632537cd3a823847db4d98be95690b7e382f3d6378", - "sha256:604815c55fd92e735f9738f65dabf4edc3e79f88541c221d292faec1904a4b17", - "sha256:6c5275bd82711cd3dcd0af8ce0bb99113ae8911fc2952805f1d012de7d600a4c", - "sha256:731ca5aabe9085160cf68b2dbef95fc1991015bc0a3a6ea46a371ab88f3d0913", - "sha256:7612520e5e1a371d77e1d1ca3a3ee6227eef00d0a9cddb4ef7ecb0b7396eddf7", - "sha256:7916cbc94f1c6b1301ac04510d0881b9e9feb20ae34094d3615a8a7c3db0dcc0", - "sha256:81c3fa9a75d9f1afafdb916d5995633f319db09bd773cb56b8e39f1e98d90820", - "sha256:887668e792b7edbfb1d3c9d8b5d8c859269a0f0eba4dda562adb95500f60dbba", - "sha256:93a473b53cc6e0b3ce6bf51b1b95b7b1e7e6084be3a07e40f79b42e83503fbf2", - "sha256:96d4dc103d1a0fa6d47c6c55a47de5f5dafd5ef0114fa10c85a1fd8e0216284b", - "sha256:a3d3e086474ef12ef13d42e5f9b7bbf09d39cf6bd4940f982263d6954b13f6a9", - "sha256:b02a0b9f332086657852b1f7cb380f6a42403a6d9c42a4c34a561aa4530d5234", - "sha256:b09e10ec453de97f9a23a5aa5e30b334195e8d2ddd1ce76cc32e52ba63c8b31d", - "sha256:b6f00ad5ebe846cc91763b1d0c6d30a8042e02b2316e27b05de04fa6ec831ec5", - "sha256:bba80df38cfc17f490ec651c73bb37cd896bc2400cfba27d078c2135223c1206", - "sha256:c3d911614b008e8a576b8e5303e3db29224b455d3d66d1b2848ba6ca83f9ece9", - "sha256:ca20739e303254287138234485579b28cb0d524401f83d5129b5ff9d606cb0a8", - "sha256:cb192176b477d49b0a327b2a5a4979552b7a58cd42037034316b8018ac3ebb59", - "sha256:cdbbe7dff4a677fb555a54f9bc0450f2a21a93c5ba2b44e09e54fcb72d2bd13d", - "sha256:cf6e33d92b1526190a1de904df21663c46a456758c0424e4f947ae9aa6088bf7", - "sha256:d355502dce85ade85a2511b40b4c61a128902f246504f7de29bbeec1ae27933a", - "sha256:d673c4990acd016229a5c1c4ee8a9e6d8f481b27ade5fc3d95938697fa443ce0", - "sha256:dc577f4cfdda354db3ae37a572428a90ffdbe4e51eda7849bf442fb803f09c9b", - "sha256:dd9eef866c70d2cbbea1ae58134eaffda0d4bfea403025f4db6859724b18ab3d", - "sha256:f50e7a98b0453f39000619d845be8b06e611e56ee6e8186f7f60c3b1e2f0feae" + "sha256:01425106e4e8cee195a411f729cff2a7d61813b0b11737c12bd5991f5f14bcd5", + "sha256:031a6c88c77d08aab84fecc05c3cde8414cd6f8406f4d2b16fed1e97634cc8a4", + "sha256:083781abd261bdabf090ad07bb69f8f5599943ddb539d64497ed021b2a67e5a9", + "sha256:0d19d70ee7c2ba97631bae1e7d4725cdb2ecf238178096e8c82ee481e189168a", + "sha256:0e04d61f0064b545b989126197930807c86bcbd4534d39168f4aa5fda39bb8f9", + "sha256:12e5e7471f9b637762453da74e390e56cc43e486a88289995c1f4c1dc0bfe727", + "sha256:22fd0f42ad15dfdde6c581347eaa4adb9a6fc4b865f90b23378aa7914895e120", + "sha256:238c197fc275b475e87c1453b05b467d2d02c2915fdfdd4af126145ff2e4610c", + "sha256:3b570f84a6161cf8865c4e08adf629441f56e32f180f7aa4ccbd2e0a5a02cba2", + "sha256:463822e2f0d81459e113372a168f2ff59723e78528f91f0bd25680ac185cf797", + "sha256:4d98abdd6b1e3bf1a1cbb14c3895226816e666749ac040c4e2554231068c639b", + "sha256:5afe6b237a0b81bd54b53f835a153770802f164c5570bab5e005aad693dab87f", + "sha256:5b70110acb39f3aff6b74cf09bb4169b167e2660dabc304c1e25b6555fa781ef", + "sha256:5cbf3e3b1014dddc45496e8cf38b9f099c95a326275885199f427825c6522232", + "sha256:624b977355cde8b065f6d51b98497d6cd5fbdd4f36405f7a8790e3376125e2bb", + "sha256:63728564c1410d99e6d1ae8e3b810fe012bc440952168af0a2877e8ff5ab96b9", + "sha256:66cc56579fd91f517290ab02c51e3a80f581aba45fd924fcdee01fa06e635812", + "sha256:6c32cc3145928c4305d142ebec682419a6c0a8ce9e33db900027ddca1ec39178", + "sha256:8b56553c0345ad6dcb2e9b433ae47d67f95fc23fe28a0bde15a120f25257e291", + "sha256:8bb1e155a74e1bfbacd84555ea62fa21c58e0b4e7e6b20e4447b8d07990ac78b", + "sha256:95d5ef984eff897850f3a83883363da64aae1000e79cb3c321915468e8c6add5", + "sha256:a013cbe25d20c2e0c4e85a9daf438f85121a4d0344ddc76e33fd7e3965d9af4b", + "sha256:a787ab10d7bb5494e5f76536ac460741788f1fbce851068d73a87ca7c35fc3e1", + "sha256:a7d5e9fad90eff8f6f6106d3b98b553a88b6f976e51fce287192a5d2d5363713", + "sha256:aac00e4bc94d1b7813fe882c28990c1bc2f9d0e1aa765a5f2b516e8a6a16a9e4", + "sha256:b91c36492a4bbb1ee855b7d16fe51379e5f96b85692dc8210831fbb24c43e484", + "sha256:c03c07ed32c5324939b19e36ae5f75c660c81461e312a41aea30acdd46f93a7c", + "sha256:c5236606e8570542ed424849f7852a0ff0bce2c4c8d0ba05cc202a5a9c97dee9", + "sha256:c6b39294464b03457f9064e98c124e09008b35a62e3189d3513e5148611c9388", + "sha256:cb7a09e173903541fa888ba010c345893cd9fc1b5891aaf060f6ca77b6a3722d", + "sha256:d68cb92c408261f806b15923834203f024110a2e2872ecb0bd2a110f89d3c602", + "sha256:dc38f57d8f20f06dd7c3161c59ca2c86893632623f33a42d592f097b00f720a9", + "sha256:e98eca29a05913e82177b3ba3d198b1728e164869c613d76d0de4bde6768a50e", + "sha256:f217c3954ce5fd88303fc0c317af55d5e0204106d86dea17eb8205700d47dec2" ], "index": "pypi", - "version": "==8.1.0" + "version": "==8.2.0" }, "progressbar2": { "hashes": [ "sha256:ef72be284e7f2b61ac0894b44165926f13f5d995b2bf3cd8a8dedc6224b255a7", "sha256:fe2738e7ecb7df52ad76307fe610c460c52b50f5335fd26c3ab80ff7655ba1e0" ], - "index": "pypi", "version": "==3.53.1" }, "psutil": { @@ -875,13 +824,13 @@ "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3", "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563" ], - "index": "pypi", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==5.8.0" }, "pybgpranking": { "editable": true, "git": "https://github.com/D4-project/BGP-Ranking.git/", - "ref": "fd9c0e03af9b61d4bf0b67ac73c7208a55178a54", + "ref": "68de39f6c5196f796055c1ac34504054d688aa59", "subdirectory": "client" }, "pycparser": { @@ -889,100 +838,85 @@ "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0", "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.20" }, "pycryptodome": { "hashes": [ - "sha256:19cb674df6c74a14b8b408aa30ba8a89bd1c01e23505100fb45f930fbf0ed0d9", - "sha256:1cfdb92dca388e27e732caa72a1cc624520fe93752a665c3b6cd8f1a91b34916", - "sha256:21ef416aa52802d22b9c11598d4e5352285bd9d6b5d868cde3e6bf2b22b4ebfb", - "sha256:27397aee992af69d07502126561d851ba3845aa808f0e55c71ad0efa264dd7d4", - "sha256:28f75e58d02019a7edc7d4135203d2501dfc47256d175c72c9798f9a129a49a7", - "sha256:2a68df525b387201a43b27b879ce8c08948a430e883a756d6c9e3acdaa7d7bd8", - "sha256:411745c6dce4eff918906eebcde78771d44795d747e194462abb120d2e537cd9", - "sha256:46e96aeb8a9ca8b1edf9b1fd0af4bf6afcf3f1ca7fa35529f5d60b98f3e4e959", - "sha256:4ed27951b0a17afd287299e2206a339b5b6d12de9321e1a1575261ef9c4a851b", - "sha256:50826b49fbca348a61529693b0031cdb782c39060fb9dca5ac5dff858159dc5a", - "sha256:5598dc6c9dbfe882904e54584322893eff185b98960bbe2cdaaa20e8a437b6e5", - "sha256:5c3c4865730dfb0263f822b966d6d58429d8b1e560d1ddae37685fd9e7c63161", - "sha256:5f19e6ef750f677d924d9c7141f54bade3cd56695bbfd8a9ef15d0378557dfe4", - "sha256:60febcf5baf70c566d9d9351c47fbd8321da9a4edf2eff45c4c31c86164ca794", - "sha256:62c488a21c253dadc9f731a32f0ac61e4e436d81a1ea6f7d1d9146ed4d20d6bd", - "sha256:6d3baaf82681cfb1a842f1c8f77beac791ceedd99af911e4f5fabec32bae2259", - "sha256:6e4227849e4231a3f5b35ea5bdedf9a82b3883500e5624f00a19156e9a9ef861", - "sha256:6e89bb3826e6f84501e8e3b205c22595d0c5492c2f271cbb9ee1c48eb1866645", - "sha256:70d807d11d508433daf96244ec1c64e55039e8a35931fc5ea9eee94dbe3cb6b5", - "sha256:76b1a34d74bb2c91bce460cdc74d1347592045627a955e9a252554481c17c52f", - "sha256:7798e73225a699651888489fbb1dbc565e03a509942a8ce6194bbe6fb582a41f", - "sha256:834b790bbb6bd18956f625af4004d9c15eed12d5186d8e57851454ae76d52215", - "sha256:843e5f10ecdf9d307032b8b91afe9da1d6ed5bb89d0bbec5c8dcb4ba44008e11", - "sha256:8f9f84059039b672a5a705b3c5aa21747867bacc30a72e28bf0d147cc8ef85ed", - "sha256:9000877383e2189dafd1b2fc68c6c726eca9a3cfb6d68148fbb72ccf651959b6", - "sha256:910e202a557e1131b1c1b3f17a63914d57aac55cf9fb9b51644962841c3995c4", - "sha256:946399d15eccebafc8ce0257fc4caffe383c75e6b0633509bd011e357368306c", - "sha256:a199e9ca46fc6e999e5f47fce342af4b56c7de85fae893c69ab6aa17531fb1e1", - "sha256:a3d8a9efa213be8232c59cdc6b65600276508e375e0a119d710826248fd18d37", - "sha256:a4599c0ca0fc027c780c1c45ed996d5bef03e571470b7b1c7171ec1e1a90914c", - "sha256:b17b0ad9faee14d6318f965d58d323b0b37247e1e0c9c40c23504c00f4af881e", - "sha256:b4e6b269a8ddaede774e5c3adbef6bf452ee144e6db8a716d23694953348cd86", - "sha256:b68794fba45bdb367eeb71249c26d23e61167510a1d0c3d6cf0f2f14636e62ee", - "sha256:b830fae2a46536ee830599c3c4af114f5228f31e54adac370767616a701a99dc", - "sha256:d7ec2bd8f57c559dd24e71891c51c25266a8deb66fc5f02cc97c7fb593d1780a", - "sha256:e15bde67ccb7d4417f627dd16ffe2f5a4c2941ce5278444e884cb26d73ecbc61", - "sha256:eb01f9997e4d6a8ec8a1ad1f676ba5a362781ff64e8189fe2985258ba9cb9706", - "sha256:f381036287c25d9809a08224ce4d012b7b7d50b6ada3ddbc3bc6f1f659365120", - "sha256:faa682c404c218e8788c3126c9a4b8fbcc54dc245b5b6e8ea5b46f3b63bd0c84" + "sha256:09c1555a3fa450e7eaca41ea11cd00afe7c91fef52353488e65663777d8524e0", + "sha256:12222a5edc9ca4a29de15fbd5339099c4c26c56e13c2ceddf0b920794f26165d", + "sha256:1723ebee5561628ce96748501cdaa7afaa67329d753933296321f0be55358dce", + "sha256:1c5e1ca507de2ad93474be5cfe2bfa76b7cf039a1a32fc196f40935944871a06", + "sha256:2603c98ae04aac675fefcf71a6c87dc4bb74a75e9071ae3923bbc91a59f08d35", + "sha256:2dea65df54349cdfa43d6b2e8edb83f5f8d6861e5cf7b1fbc3e34c5694c85e27", + "sha256:31c1df17b3dc5f39600a4057d7db53ac372f492c955b9b75dd439f5d8b460129", + "sha256:38661348ecb71476037f1e1f553159b80d256c00f6c0b00502acac891f7116d9", + "sha256:3e2e3a06580c5f190df843cdb90ea28d61099cf4924334d5297a995de68e4673", + "sha256:3f840c49d38986f6e17dbc0673d37947c88bc9d2d9dba1c01b979b36f8447db1", + "sha256:501ab36aae360e31d0ec370cf5ce8ace6cb4112060d099b993bc02b36ac83fb6", + "sha256:60386d1d4cfaad299803b45a5bc2089696eaf6cdd56f9fc17479a6f89595cfc8", + "sha256:6260e24d41149268122dd39d4ebd5941e9d107f49463f7e071fd397e29923b0c", + "sha256:6bbf7fee7b7948b29d7e71fcacf48bac0c57fb41332007061a933f2d996f9713", + "sha256:6d2df5223b12437e644ce0a3be7809471ffa71de44ccd28b02180401982594a6", + "sha256:758949ca62690b1540dfb24ad773c6da9cd0e425189e83e39c038bbd52b8e438", + "sha256:77997519d8eb8a4adcd9a47b9cec18f9b323e296986528186c0e9a7a15d6a07e", + "sha256:7fd519b89585abf57bf47d90166903ec7b43af4fe23c92273ea09e6336af5c07", + "sha256:98213ac2b18dc1969a47bc65a79a8fca02a414249d0c8635abb081c7f38c91b6", + "sha256:99b2f3fc51d308286071d0953f92055504a6ffe829a832a9fc7a04318a7683dd", + "sha256:9b6f711b25e01931f1c61ce0115245a23cdc8b80bf8539ac0363bdcf27d649b6", + "sha256:a3105a0eb63eacf98c2ecb0eb4aa03f77f40fbac2bdde22020bb8a536b226bb8", + "sha256:a8eb8b6ea09ec1c2535bf39914377bc8abcab2c7d30fa9225eb4fe412024e427", + "sha256:a92d5c414e8ee1249e850789052608f582416e82422502dc0ac8c577808a9067", + "sha256:d3d6958d53ad307df5e8469cc44474a75393a434addf20ecd451f38a72fe29b8", + "sha256:e0a4d5933a88a2c98bbe19c0c722f5483dc628d7a38338ac2cb64a7dbd34064b", + "sha256:e3bf558c6aeb49afa9f0c06cee7fb5947ee5a1ff3bd794b653d39926b49077fa", + "sha256:e61e363d9a5d7916f3a4ce984a929514c0df3daf3b1b2eb5e6edbb131ee771cf", + "sha256:f977cdf725b20f6b8229b0c87acb98c7717e742ef9f46b113985303ae12a99da", + "sha256:fc7489a50323a0df02378bc2fff86eb69d94cc5639914346c736be981c6a02e7" ], - "index": "pypi", - "version": "==3.9.9" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==3.10.1" }, "pycryptodomex": { "hashes": [ - "sha256:15c03ffdac17731b126880622823d30d0a3cc7203cd219e6b9814140a44e7fab", - "sha256:20fb7f4efc494016eab1bc2f555bc0a12dd5ca61f35c95df8061818ffb2c20a3", - "sha256:28ee3bcb4d609aea3040cad995a8e2c9c6dc57c12183dadd69e53880c35333b9", - "sha256:305e3c46f20d019cd57543c255e7ba49e432e275d7c0de8913b6dbe57a851bc8", - "sha256:3547b87b16aad6afb28c9b3a9cd870e11b5e7b5ac649b74265258d96d8de1130", - "sha256:3642252d7bfc4403a42050e18ba748bedebd5a998a8cba89665a4f42aea4c380", - "sha256:404faa3e518f8bea516aae2aac47d4d960397199a15b4bd6f66cad97825469a0", - "sha256:42669638e4f7937b7141044a2fbd1019caca62bd2cdd8b535f731426ab07bde1", - "sha256:4632d55a140b28e20be3cd7a3057af52fb747298ff0fd3290d4e9f245b5004ba", - "sha256:4a88c9383d273bdce3afc216020282c9c5c39ec0bd9462b1a206af6afa377cf0", - "sha256:4ce1fc1e6d2fd2d6dc197607153327989a128c093e0e94dca63408f506622c3e", - "sha256:55cf4e99b3ba0122dee570dc7661b97bf35c16aab3e2ccb5070709d282a1c7ab", - "sha256:5e486cab2dfcfaec934dd4f5d5837f4a9428b690f4d92a3b020fd31d1497ca64", - "sha256:65ec88c8271448d2ea109d35c1f297b09b872c57214ab7e832e413090d3469a9", - "sha256:6c95a3361ce70068cf69526a58751f73ddac5ba27a3c2379b057efa2f5338c8c", - "sha256:73240335f4a1baf12880ebac6df66ab4d3a9212db9f3efe809c36a27280d16f8", - "sha256:7651211e15109ac0058a49159265d9f6e6423c8a81c65434d3c56d708417a05b", - "sha256:7b5b7c5896f8172ea0beb283f7f9428e0ab88ec248ce0a5b8c98d73e26267d51", - "sha256:836fe39282e75311ce4c38468be148f7fac0df3d461c5de58c5ff1ddb8966bac", - "sha256:871852044f55295449fbf225538c2c4118525093c32f0a6c43c91bed0452d7e3", - "sha256:892e93f3e7e10c751d6c17fa0dc422f7984cfd5eb6690011f9264dc73e2775fc", - "sha256:934e460c5058346c6f1d62fdf3db5680fbdfbfd212722d24d8277bf47cd9ebdc", - "sha256:9736f3f3e1761024200637a080a4f922f5298ad5d780e10dbb5634fe8c65b34c", - "sha256:a1d38a96da57e6103423a446079ead600b450cf0f8ebf56a231895abf77e7ffc", - "sha256:a385fceaa0cdb97f0098f1c1e9ec0b46cc09186ddf60ec23538e871b1dddb6dc", - "sha256:a7cf1c14e47027d9fb9d26aa62e5d603994227bd635e58a8df4b1d2d1b6a8ed7", - "sha256:a9aac1a30b00b5038d3d8e48248f3b58ea15c827b67325c0d18a447552e30fc8", - "sha256:b696876ee583d15310be57311e90e153a84b7913ac93e6b99675c0c9867926d0", - "sha256:bef9e9d39393dc7baec39ba4bac6c73826a4db02114cdeade2552a9d6afa16e2", - "sha256:c885fe4d5f26ce8ca20c97d02e88f5fdd92c01e1cc771ad0951b21e1641faf6d", - "sha256:d2d1388595cb5d27d9220d5cbaff4f37c6ec696a25882eb06d224d241e6e93fb", - "sha256:d2e853e0f9535e693fade97768cf7293f3febabecc5feb1e9b2ffdfe1044ab96", - "sha256:d62fbab185a6b01c5469eda9f0795f3d1a5bba24f5a5813f362e4b73a3c4dc70", - "sha256:f20a62397e09704049ce9007bea4f6bad965ba9336a760c6f4ef1b4192e12d6d", - "sha256:f81f7311250d9480e36dec819127897ae772e7e8de07abfabe931b8566770b8e" + "sha256:00a584ee52bf5e27d540129ca9bf7c4a7e7447f24ff4a220faa1304ad0c09bcd", + "sha256:04265a7a84ae002001249bd1de2823bcf46832bd4b58f6965567cb8a07cf4f00", + "sha256:0bd35af6a18b724c689e56f2dbbdd8e409288be71952d271ba3d9614b31d188c", + "sha256:20c45a30f3389148f94edb77f3b216c677a277942f62a2b81a1cc0b6b2dde7fc", + "sha256:2959304d1ce31ab303d9fb5db2b294814278b35154d9b30bf7facc52d6088d0a", + "sha256:36dab7f506948056ceba2d57c1ade74e898401960de697cefc02f3519bd26c1b", + "sha256:37ec1b407ec032c7a0c1fdd2da12813f560bad38ae61ad9c7ce3c0573b3e5e30", + "sha256:3b8eb85b3cc7f083d87978c264d10ff9de3b4bfc46f1c6fdc2792e7d7ebc87bb", + "sha256:3dfce70c4e425607ae87b8eae67c9c7dbba59a33b62d70f79417aef0bc5c735b", + "sha256:418f51c61eab52d9920f4ef468d22c89dab1be5ac796f71cf3802f6a6e667df0", + "sha256:4195604f75cdc1db9bccdb9e44d783add3c817319c30aaff011670c9ed167690", + "sha256:4344ab16faf6c2d9df2b6772995623698fb2d5f114dace4ab2ff335550cf71d5", + "sha256:541cd3e3e252fb19a7b48f420b798b53483302b7fe4d9954c947605d0a263d62", + "sha256:564063e3782474c92cbb333effd06e6eb718471783c6e67f28c63f0fc3ac7b23", + "sha256:72f44b5be46faef2a1bf2a85902511b31f4dd7b01ce0c3978e92edb2cc812a82", + "sha256:8a98e02cbf8f624add45deff444539bf26345b479fc04fa0937b23cd84078d91", + "sha256:940db96449d7b2ebb2c7bf190be1514f3d67914bd37e54e8d30a182bd375a1a9", + "sha256:961333e7ee896651f02d4692242aa36b787b8e8e0baa2256717b2b9d55ae0a3c", + "sha256:9f713ffb4e27b5575bd917c70bbc3f7b348241a351015dbbc514c01b7061ff7e", + "sha256:a6584ae58001d17bb4dc0faa8a426919c2c028ef4d90ceb4191802ca6edb8204", + "sha256:c2b680987f418858e89dbb4f09c8c919ece62811780a27051ace72b2f69fb1be", + "sha256:d8fae5ba3d34c868ae43614e0bd6fb61114b2687ac3255798791ce075d95aece", + "sha256:dbd2c361db939a4252589baa94da4404d45e3fc70da1a31e541644cdf354336e", + "sha256:e090a8609e2095aa86978559b140cf8968af99ee54b8791b29ff804838f29f10", + "sha256:e4a1245e7b846e88ba63e7543483bda61b9acbaee61eadbead5a1ce479d94740", + "sha256:ec9901d19cadb80d9235ee41cc58983f18660314a0eb3fc7b11b0522ac3b6c4a", + "sha256:f2abeb4c4ce7584912f4d637b2c57f23720d35dd2892bfeb1b2c84b6fb7a8c88", + "sha256:f3bb267df679f70a9f40f17d62d22fe12e8b75e490f41807e7560de4d3e6bf9f", + "sha256:f933ecf4cb736c7af60a6a533db2bf569717f2318b265f92907acff1db43bc34", + "sha256:fc9c55dc1ed57db76595f2d19a479fc1c3a1be2c9da8de798a93d286c5f65f38" ], - "index": "pypi", - "version": "==3.9.9" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==3.10.1" }, "pydeep": { "hashes": [ "sha256:22866eb422d1d5907f8076ee792da65caecb172425d27576274e2a8eacf6afc1" ], - "index": "pypi", "version": "==0.4" }, "pydnstrails": { @@ -998,14 +932,6 @@ "index": "pypi", "version": "==1.1" }, - "pyfaup": { - "hashes": [ - "sha256:5648bc3ebd80239aec927aedfc218c3a6ff36de636cc53822bfeb70b0869b1e7", - "sha256:75f96f7da86ffb5402d3fcc2dbf98a511e792cf9100c159e34cdba8996ddc7f9" - ], - "index": "pypi", - "version": "==1.2" - }, "pygeoip": { "hashes": [ "sha256:1938b9dac7b00d77f94d040b9465ea52c938f3fcdcd318b5537994f3c16aef96", @@ -1017,12 +943,12 @@ "pyintel471": { "editable": true, "git": "https://github.com/MISP/PyIntel471.git", - "ref": "0df8d51f1c1425de66714b3a5a45edb69b8cc2fc" + "ref": "917272fafa8e12102329faca52173e90c5256968" }, "pyipasnhistory": { "editable": true, "git": "https://github.com/D4-project/IPASN-History.git/", - "ref": "fc5e48608afc113e101ca6421bf693b7b9753f9e", + "ref": "1f020c44c440988899a6798903fd6941e06f8930", "subdirectory": "client" }, "pymisp": { @@ -1033,11 +959,11 @@ "pdfexport" ], "hashes": [ - "sha256:439389a5377a9128018e9e4cc8e7ed9efa45a5efc4e77afbb55310ec7935d197", - "sha256:eed98c96b41a5e13ad1147f331ccb66e4fd9284df87528da5c99d759e29309d8" + "sha256:81be4569199c117513d35d06f3cd46d5b412c1e8509ec1cfa0e6bfd19751ef4f", + "sha256:cf04fe19391fed4251cef1f267d80a19e37ed4b88602fb5f9790a3cd814d9d00" ], "index": "pypi", - "version": "==2.4.137.1" + "version": "==2.4.144" }, "pyonyphe": { "editable": true, @@ -1049,7 +975,6 @@ "sha256:4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51", "sha256:818ae18e06922c066f777a33f1fca45786d85edfe71cd043de6379337a7f274b" ], - "index": "pypi", "version": "==20.0.1" }, "pyparsing": { @@ -1057,29 +982,30 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], - "index": "pypi", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" }, "pypdns": { "hashes": [ - "sha256:640a7e08c3e1e6d6cf378bc7bf48225d847a9c86583c196994fb15acc20ec6f4", - "sha256:9cd2d42ed5e9e4ff7ea29b3947b133a74b0fe0f548ca4c9fac26c0b8f8b750d5" + "sha256:1cef645d6534a86670070762dcb9af62ce1456b018fc818302cb8a2a4bf5a8ec", + "sha256:b54ded94416e8770f1e26f91988798018cfab0e637908aab6086b0d2fc54f57d" ], "index": "pypi", - "version": "==1.5.1" + "version": "==1.5.2" }, "pypssl": { "hashes": [ - "sha256:4dbe772aefdf4ab18934d83cde79e2fc5d5ba9d2b4153dc419a63faab3432643" + "sha256:249ea2152827c10e746fe94c2957c0a525f8ed7ca9db2cd972690a3a136d7bb7", + "sha256:88cedaa4191b50154951fce98396521ad6c1d7e3eb914343e7a12ec0df1882a8" ], "index": "pypi", - "version": "==2.1" + "version": "==2.2" }, "pyrsistent": { "hashes": [ "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e" ], - "index": "pypi", + "markers": "python_version >= '3.5'", "version": "==0.17.3" }, "pytesseract": { @@ -1093,7 +1019,6 @@ "hashes": [ "sha256:0539f8bd0464013b05ad62e0a1673f0ac9086c76b43ebf9f833053527cd9931b" ], - "index": "pypi", "version": "==1.2.2" }, "python-dateutil": { @@ -1101,64 +1026,59 @@ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.8.1" }, "python-docx": { "hashes": [ - "sha256:bc76ecac6b2d00ce6442a69d03a6f35c71cd72293cd8405a7472dfe317920024" + "sha256:1105d233a0956dd8dd1e710d20b159e2d72ac3c301041b95f4d4ceb3e0ebebc4" ], "index": "pypi", - "version": "==0.8.10" + "version": "==0.8.11" }, "python-engineio": { "hashes": [ - "sha256:33f7a214be5db35c867e97027bfe63676cb003d82aa17a607612b25ba5d84e5b", - "sha256:9f34afa4170f5ba6e3d9ff158752ccf8fbb2145f16554b2f0fc84646675be99a" + "sha256:5a9e6086d192463b04a1428ff1f85b6ba631bbb19d453b144ffc04f530542b84", + "sha256:eab4553f2804c1ce97054c8b22cf0d5a9ab23128075248b97e1a5b2f29553085" ], - "index": "pypi", - "version": "==4.0.0" + "version": "==3.14.2" }, "python-magic": { "hashes": [ - "sha256:356efa93c8899047d1eb7d3eb91e871ba2f5b1376edbaf4cc305e3c872207355", - "sha256:b757db2a5289ea3f1ced9e60f072965243ea43a2221430048fd8cacab17be0ce" + "sha256:4fec8ee805fea30c07afccd1592c0f17977089895bdfaae5fec870a84e997626", + "sha256:de800df9fb50f8ec5974761054a708af6e4246b03b4bdaee993f948947b0ebcf" ], - "index": "pypi", - "version": "==0.4.18" + "version": "==0.4.24" }, "python-pptx": { "hashes": [ - "sha256:a857d69e52d7e8a8fb32fca8182fdd4a3c68c689de8d4e4460e9b4a95efa7bc4" + "sha256:cbac6cdf28bde418acab332b62f961225f69993579f4662faf9f7a878150d2b5" ], "index": "pypi", - "version": "==0.6.18" + "version": "==0.6.19" }, "python-socketio": { "extras": [ "client" ], "hashes": [ - "sha256:870f8b00a63ef7c9a1f85fd70028624867bf246115e82625f28ef79def8847bb", - "sha256:f53fd0d5bd9f75a70492062f4ae6195ab5d34d67a29024d740f25e468392893e" + "sha256:5a21da53fdbdc6bb6c8071f40e13d100e0b279ad997681c2492478e06f370523", + "sha256:cd1f5aa492c1eb2be77838e837a495f117e17f686029ebc03d62c09e33f4fa10" ], - "index": "pypi", - "version": "==5.0.4" + "version": "==4.6.1" }, "python-utils": { "hashes": [ - "sha256:10e155d88b706b25ede773354ea782eee6d494294651228469c916eb20f7ee1c", - "sha256:2643aec3bfcd1062accafb915aa624b81a2b0f6dad9d0c1021debead4a35cda7" + "sha256:18fbc1a1df9a9061e3059a48ebe5c8a66b654d688b0e3ecca8b339a7f168f208", + "sha256:352d5b1febeebf9b3cdb9f3c87a3b26ef22d3c9e274a8ec1e7048ecd2fac4349" ], - "index": "pypi", - "version": "==2.5.2" + "version": "==2.5.6" }, "pytz": { "hashes": [ "sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d", "sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be" ], - "index": "pypi", "version": "==2019.3" }, "pyyaml": { @@ -1193,7 +1113,7 @@ "sha256:fdc842473cd33f45ff6bce46aea678a54e3d21f1b61a7750ce3c498eedfe25d6", "sha256:fe69978f3f768926cfa37b867e3843918e012cf83f680806599ddce33c2c68b0" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==5.4.1" }, "pyzbar": { @@ -1207,18 +1127,17 @@ }, "pyzipper": { "hashes": [ - "sha256:80d3acd52e9c9291d88f3d7ae36f30ade38e4639941c198c62285018667dc777", - "sha256:dd4cc0d222e207e3b25570f5214411625cc117b7f463d2d51e22d669c7880992" + "sha256:6040069654dad040cf8708d4db78ce5829238e2091ad8006a47d97d6ffe275d6", + "sha256:e696e9d306427400e23e13a766c7614b64d9fc3316bdc71bbcc8f0070a14f150" ], - "index": "pypi", - "version": "==0.3.4" + "markers": "python_version >= '3.5'", + "version": "==0.3.5" }, "rdflib": { "hashes": [ "sha256:78149dd49d385efec3b3adfbd61c87afaf1281c30d3fcaf1b323b34f603fb155", "sha256:88208ea971a87886d60ae2b1a4b2cdc263527af0454c422118d43fe64b357877" ], - "index": "pypi", "version": "==5.0.0" }, "redis": { @@ -1226,54 +1145,43 @@ "sha256:0e7e0cfca8660dea8b7d5cd8c4f6c5e29e11f31158c0b0ae91a397f00e5a05a2", "sha256:432b788c4530cfe16d8d943a09d40ca6c16149727e4afe8c2c9d5580c59d9f24" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==3.5.3" }, "reportlab": { "hashes": [ - "sha256:009fa61710647cdc62eb373345248d8ebb93583a058990f7c4f9be46d90aa5b1", - "sha256:04a08d284da86882ec3a41a7c719833362ef891b09ee8e2fbb47cee352aa684a", - "sha256:07bff6742fba612da8d1b1f783c436338c6fdc6962828159827d5ca7d2b67935", - "sha256:09fb11ab1500e679fc1b01199d2fed24435499856e75043a9ac0d31dd48fd881", - "sha256:18a876449c9000c391dd3415ebc8454cd7bb9e488977b894886a2d7d018f16cd", - "sha256:18eec161411026dde49767bee4e5e8eeb8014879554811a62581dc7433628d5b", - "sha256:19353aead39fc115a4d6c598d6fb9fa26da7e69160a0443ebb49b02903e704e8", - "sha256:1b85c20e89c22ae902ca973df2afdd2d64d27dc4ffd2b29ebad8c805a213756b", - "sha256:1da3d7a35f918cee905facfa94bd00ae6091cadc06dca1b0b31b69ae02d41d1d", - "sha256:33f3cfdc492575f8af3225701301a7e62fc478358729820c9e0091aff5831378", - "sha256:3b0026c1129147befd4e5a8cf25da8dea1096fce371e7b2412e36d7254019c06", - "sha256:3d7713dddaa8081ed709a1fa2456a43f6a74b0f07d605da8441fd53fef334f69", - "sha256:3e2b4d69763103b9dc9b54c0952dc3cee05cedd06e28c0987fad7f84705b12c0", - "sha256:4ca5233a19a5ceca23546290f43addec2345789c7d65bb32f8b2668aa148351f", - "sha256:5214a289cf01ebbd65e49bae83709671dd9edb601891cf0ae8abf85f3c0b392f", - "sha256:52f8237654acbc78ea2fa6fb4a6a06e5b023b6da93f7889adfe2deba09473fad", - "sha256:5ed00894e0f8281c0b7c0494b4d3067c641fd90c8e5cf933089ec4cc9a48e491", - "sha256:6191961533d49c9d860964d42bada4d7ac3bb28502d984feb8034093f2012fa8", - "sha256:6f3ad2b1afe99c436563cd436d8693d4a12e2c4bd45f70c7705759ff7837fe53", - "sha256:739b743b7ca1ba4b4d64c321de6fccb49b562d0507ea06c817d9cc4faed5cd22", - "sha256:792efba0c0c6e4ee94f6dc95f305451733ee9230a1c7d51cb8e5301a549e0dfb", - "sha256:79d63ca40231ca3860859b39a92daa5219035ba9553da89a5e1b218550744121", - "sha256:83b28104edd58ad65748d2d0e60e0d97e3b91b3e90b4573ea6fe60de6811972c", - "sha256:85650446538cd2f606ca234634142a7ccd74cb6db7cfec250f76a4242e0f2431", - "sha256:9da445cb79e3f740756924c053edc952cde11a65ff5af8acfda3c0a1317136ef", - "sha256:9fabd5fbd24f5971085ffe53150d663f158f7d3050b25c95736e29ebf676d454", - "sha256:a0c377bc45e73c3f15f55d7de69fab270d174749d5b454ab0de502b15430ec2a", - "sha256:a1d3f7022a920d4a5e165d264581f1862e1c1b877ceeabb96fe98cec98125ae5", - "sha256:a315edef5c5610b0c75790142f49487e89ea34397fc247ae8aa890fe6d6dd057", - "sha256:a755cca2dcf023130b03bb671670301a992157d5c3151d838c0b68ef89894536", - "sha256:b1b20208ecdfffd7ca027955c4fe8972b28b30a4b3b80cf25099a08d3b20ed7c", - "sha256:b26d6f416891cef93411d6d478a25db275766081a5fb66368248293ef459f3be", - "sha256:b4ba4c30af7044ee987e61c88a5ffb76031ca0c53666bc85d823b7de55ddbc75", - "sha256:b71faf3b6e4d7058e1af1b8afedaf39a962db4a219affc8177009d8244ec10d4", - "sha256:cfa854bea525f8c913cb77e2bda724d94b965a0eb3bcfc4a645a9baa29bb86e2", - "sha256:dd9687359e466086b9f6fe6d8069034017f8b6ca3080944fae5709767ca6814e", - "sha256:de0c675fc2998a7eaa929c356ba49c84f53a892e9ab25e8ee7d8ebbbdcb2ac16", - "sha256:e2b4e33fea2ce9d3a14ea39191b169e41eb2ac995274f54ac8fd27519974bce8", - "sha256:f3d4a1a273dc141e03b72a553c11bc14dd7a27ec7654a071edcf83eb04f004bc", - "sha256:ff547cf4c1de7e104cad1a378431ff81efcb03e90e40871ee686107da5b91442" + "sha256:0cf2206c73fbca752c8bd39e12bb9ad7f2d01e6fcb2b25b9eaf94ea042fe86c9", + "sha256:0d670e119d7f7a68a1136de024464999e8e3d5d1491f23cdd39d5d72481af88f", + "sha256:1656722530b3bbce012b093abf6290ab76dcba39d21f9e703310b008ddc7ffe9", + "sha256:1e41b441542881e007420530bbc028f08c0f546ecaaebdf9f065f901acdac106", + "sha256:34d827c771d6b4d7b45f7fc49a638c97fbd8a0fab6c9d3838ff04d307420b739", + "sha256:370c5225f0c395a9f1482ac8d4f974d2073548f186eaf49ceb91414f534ad4d8", + "sha256:42b90b0cb3556f4d1cc1c538345abc249b6ff58939d3af5e37f5fa8421d9ae07", + "sha256:492bd47aabeaa3215cde7a8d3c0d88c909bf7e6b63f0b511a645f1ffc1e948f6", + "sha256:4c5785b018ed6f48e762737deaa6b7528b0ba43ad67fca566bf10d0337a76dcd", + "sha256:519ef25d49fe807c6c0402abb5fe4d14b47a8e2358050d8d7673beecfbe116b2", + "sha256:51a2d5de2c605117cd25dfb3f51d1d14caf1cbed4ef6db582f085eeb0a0c922f", + "sha256:55ef4476b2cdecfa643ae4d7591aa157568f903c378c83ea544650b33b2d856d", + "sha256:5b4acfb15ca028bbc652a6c8d63073dec2a3c8c0db7585d68b96b52940f65899", + "sha256:5c483c96d4cbeb4919ad9fcf2f262e8e08e34dcbcf8d2bda16263ef002c890d4", + "sha256:5c931032aa955431c808e469eb0780ca7d12b39228a02ae7ea09f63d47b1e260", + "sha256:6a3119d0e985e5c7dadfcf29fb79bbab19806b08ad901622b23f5868c0221fce", + "sha256:72bb5417f198eb059f01d5a9e1ef80f2fbaf3eaa4cd63e9a681bbbd0ed9fcdf9", + "sha256:8cd355f8a4c7c126a246f4b4a9803c80498939709bb37d3db4f8dbee1eb7d8f0", + "sha256:9517f26a512a62d49fc4800222b306e21a14ceec8bd82c93182313ef1eefaa7a", + "sha256:9945e80a0a6e370f90a23907cc70a0811e808f79420fb9051e26d9c79eb8e26b", + "sha256:9989737a409235a734ec783b0545f2966247b26ff555e847f3d0f945e5a11493", + "sha256:9c0d71aef4fb5d30dc6ebd08a2bce317a7eaf37d468f85320947eb580daea90a", + "sha256:9d48fd4a1c2d98ec6686511717f0980d36f5590e038d5afe4e5241f328f06e38", + "sha256:af12fbff15a9652ef117456d1d6a4d6fade8fdc02670d6fd31212402e9d03559", + "sha256:b2b72a0742a493979c348dc3c9a329bd5b87e4243ffecf837b1c8739d58410ba", + "sha256:bda784ebb116d56d3e7133c8e0942cf68cb7fd58bdccf57231dbe56b6430eb01", + "sha256:df2784a474028b15a723f6b347625f1f91740de418bed4a0a2694c954de34dd7", + "sha256:e2b47a8e0126ec0a3820a2e299a94a6fc29ba132249957dd32c447d380eaae5f", + "sha256:e4b9b443e88735be4927529d66d9e1164b4fbd6a882e90114967eedc6ad608e7" ], "index": "pypi", - "version": "==3.5.59" + "version": "==3.5.67" }, "requests": { "extras": [ @@ -1288,42 +1196,48 @@ }, "requests-cache": { "hashes": [ - "sha256:813023269686045f8e01e2289cc1e7e9ae5ab22ddd1e2849a9093ab3ab7270eb", - "sha256:81e13559baee64677a7d73b85498a5a8f0639e204517b5d05ff378e44a57831a" + "sha256:1102daa13a804abe23fad62d694e7dee58d6063a35d94bf6e8c9821e22e5a78b", + "sha256:dd9120a4ab7b8128cba9b6b120d8b5560d566a3cd0f828cced3d3fd60a42ec40" ], - "index": "pypi", - "version": "==0.5.2" + "markers": "python_version >= '3.6'", + "version": "==0.6.4" + }, + "requests-file": { + "hashes": [ + "sha256:07d74208d3389d01c38ab89ef403af0cfec63957d53a0081d8eca738d0247d8e", + "sha256:dfe5dae75c12481f68ba353183c53a65e6044c923e64c24b2209f6c7570ca953" + ], + "version": "==1.5.1" }, "rtfde": { "hashes": [ "sha256:18386e4f060cee12a2a8035b0acf0cc99689f5dff1bf347bab7e92351860a21d", "sha256:b86b5d734950fe8745a5b89133f50554252dbd67c6d1b9265e23ee140e7ea8a2" ], - "index": "pypi", "version": "==0.0.2" }, "shodan": { "hashes": [ - "sha256:0b5ec40c954cd48c4e3234e81ad92afdc68438f82ad392fed35b7097eb77b6dd" + "sha256:7e2bddbc1b60bf620042d0010f4b762a80b43111dbea9c041d72d4325e260c23" ], "index": "pypi", - "version": "==1.24.0" + "version": "==1.25.0" }, "sigmatools": { "hashes": [ - "sha256:5cca698e11f9f3f2f80b92cb4873f9958898ad23d26ce78ee4a573777f4f2035", - "sha256:719c6c19ff60177f3a155d0dd2b054a4ad7e906dec3e88dae668c2b2d200f82c" + "sha256:0c30884589dc4b3fd30ae7f4e335a0d1dc284ddf0998983c4736176bc9087447", + "sha256:841136694829069c92a21b6b9d6d9cef4bd53b4d25e50d35da863a2e5601f71d" ], "index": "pypi", - "version": "==0.18.1" + "version": "==0.19.1" }, "six": { "hashes": [ - "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", - "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" + "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926", + "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254" ], - "index": "pypi", - "version": "==1.15.0" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", + "version": "==1.16.0" }, "socialscan": { "hashes": [ @@ -1337,16 +1251,15 @@ "hashes": [ "sha256:ef2e362a85ef2816fb224d727319c4b743d63b4dd9e1da99c622c9643fc4e2a0" ], - "index": "pypi", "version": "==0.5.7.4" }, "soupsieve": { "hashes": [ - "sha256:4bb21a6ee4707bf43b61230e80740e71bfe56e55d1f1f50924b087bb2975c851", - "sha256:6dc52924dc0bc710a5d16794e6b3480b2c7c08b07729505feab2b2c16661ff6e" + "sha256:052774848f448cf19c7e959adf5566904d525f33a3f8b6ba6f6f8f26ec7de0cc", + "sha256:c2c1c2d44f158cdbddab7824a9af8c4f83c76b1e23e049479aa432feb6c4c23b" ], - "index": "pypi", - "version": "==2.1" + "markers": "python_version >= '3.0'", + "version": "==2.2.1" }, "sparqlwrapper": { "hashes": [ @@ -1369,11 +1282,18 @@ }, "tabulate": { "hashes": [ - "sha256:ac64cb76d53b1231d364babcd72abbb16855adac7de6665122f97b593f1eb2ba", - "sha256:db2723a20d04bcda8522165c73eea7c300eda74e0ce852d9022e0159d7895007" + "sha256:d7c013fe7abbc5e491394e10fa845f8f32fe54f8dc60c6622c6cf482d25d47e4", + "sha256:eb1d13f25760052e8931f2ef80aaf6045a6cceb47514db8beab24cded16f13a7" ], - "index": "pypi", - "version": "==0.8.7" + "version": "==0.8.9" + }, + "tldextract": { + "hashes": [ + "sha256:cfae9bc8bda37c3e8c7c8639711ad20e95dc85b207a256b60b0b23d7ff5540ea", + "sha256:e57f22b6d00a28c21673d2048112f1bdcb6a14d4711568305f6bb96cf5bb53a1" + ], + "markers": "python_version >= '3.5'", + "version": "==3.1.0" }, "tornado": { "hashes": [ @@ -1419,46 +1339,43 @@ "sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68", "sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5" ], - "index": "pypi", + "markers": "python_version >= '3.5'", "version": "==6.1" }, "tqdm": { "hashes": [ - "sha256:4621f6823bab46a9cc33d48105753ccbea671b68bab2c50a9f0be23d4065cb5a", - "sha256:fe3d08dd00a526850568d542ff9de9bbc2a09a791da3c334f3213d8d0bbbca65" + "sha256:736524215c690621b06fc89d0310a49822d75e599fcd0feb7cc742b98d692493", + "sha256:cd5791b5d7c3f2f1819efc81d36eb719a38e0906a7380365c556779f585ea042" ], - "index": "pypi", - "version": "==4.56.0" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "version": "==4.61.0" }, "trustar": { "hashes": [ - "sha256:2618a377e3c000a41a47eb34b31ea694215eed4a1d2e3cfca1801ac6baebd958" + "sha256:e2988cb892103b58a8a22aae232518cb3c7d3899fa90408bc7958d3ab959af09" ], "index": "pypi", - "version": "==0.3.34" + "version": "==0.3.35" }, "typing-extensions": { "hashes": [ - "sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918", - "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c", - "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f" + "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497", + "sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342", + "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84" ], - "index": "pypi", - "version": "==3.7.4.3" + "version": "==3.10.0.0" }, "tzlocal": { "hashes": [ "sha256:643c97c5294aedc737780a49d9df30889321cbe1204eac2c2ec6134035a92e44", "sha256:e2cb6c6b5b604af38597403e9852872d7f534962ae2954c7f35efcb1ccacf4a4" ], - "index": "pypi", "version": "==2.1" }, "unicodecsv": { "hashes": [ "sha256:018c08037d48649a0412063ff4eda26eaa81eff1546dbffa51fa5293276ff7fc" ], - "index": "pypi", "version": "==0.14.1" }, "url-normalize": { @@ -1466,7 +1383,7 @@ "sha256:d23d3a070ac52a67b83a1c59a0e68f8608d1cd538783b401bc9de2c0fac999b2", "sha256:ec3c301f04e5bb676d333a7fa162fa977ad2ca04b7e652bfc9fac4e405728eed" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.4.3" }, "urlarchiver": { @@ -1478,63 +1395,54 @@ }, "urllib3": { "hashes": [ - "sha256:19188f96923873c92ccb987120ec4acaa12f0461fa9ce5d3d0772bc965a39e08", - "sha256:d8ff90d979214d7b4f8ce956e80f4028fc6860e4431f731ea4a8c08f23f99473" + "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c", + "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098" ], - "index": "pypi", - "version": "==1.26.2" - }, - "uwhois": { - "editable": true, - "git": "https://github.com/Rafiot/uwhoisd.git", - "ref": "783bba09b5a6964f25566089826a1be4b13f2a22", - "subdirectory": "client" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4.0'", + "version": "==1.26.5" }, "validators": { "hashes": [ "sha256:f0ac832212e3ee2e9b10e156f19b106888cf1429c291fbc5297aae87685014ae" ], - "index": "pypi", "version": "==0.14.0" }, "vt-graph-api": { "hashes": [ - "sha256:200c4f5a7c0a518502e890c4f4508a5ea042af9407d2889ef16a17ef11b7d25c", - "sha256:223c1cf32d69e10b5d3e178ec315589c7dfa7d43ccff6630a11ed5c5f498715c" + "sha256:3b13ce6e460aadd9917e883a8fc205f491ba09107963c9ebd3f5df4a8b3e67b7", + "sha256:d766285b06b854da04dd26cdb0ad3613fa17a935c00825b3dc04ea2b307381a6" ], "index": "pypi", - "version": "==1.0.1" + "version": "==1.1.2" }, "vulners": { "hashes": [ - "sha256:065aa63d5626d51cf45260bc6cc3a6ea682977689c036a6daba695905e881ba7", - "sha256:0e1356040f456f87841ccfe9f2f6ed36a256370606d530679d5d9993fe91386c", - "sha256:ab9ed8fbf1d3c80f0d066b13ac9d70d11dc9cb0b77568be65396117a4245e916" + "sha256:146305b799a991961dde97735d00605b9c335c15e0168050a5953ff9d69bdc28", + "sha256:d09b360549550abe669d70f962f60c696eae889c4ad7d5e8b9b47e71f1b81fb3", + "sha256:fa5a85d969734a58d9bedfba459002c272c6414196ab54207a05ef394af064c3" ], "index": "pypi", - "version": "==1.5.9" + "version": "==1.5.11" }, "wand": { "hashes": [ - "sha256:473af4a143d2c87693cc43dbd6f64d91ccfd7f0506cf4da53851cd34f114b39d", - "sha256:ec981b4f07f7582fc564aba8b57763a549392e9ef8b6a338e9da54cdd229cf95" + "sha256:540a2da5fb3ada1f0abf6968e0fa01ca7de6cd517f3be5c52d03a4fc8d54d75e", + "sha256:b752b2c2ee6ce04210da4b2e591013a4d9303fbed3fcbd3fb450930777dcb117" ], "index": "pypi", - "version": "==0.6.5" + "version": "==0.6.6" }, "websocket-client": { "hashes": [ - "sha256:0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549", - "sha256:d735b91d6d1692a6a181f2a8c9e0238e5f6373356f561bb9dc4c7af36f452010" + "sha256:3e2bf58191d4619b161389a95bdce84ce9e0b24eb8107e7e590db682c2d0ca81", + "sha256:abf306dc6351dcef07f4d40453037e51cc5d9da2ef60d0fc5d0fe3bcda255372" ], - "index": "pypi", - "version": "==0.57.0" + "version": "==1.0.1" }, "wrapt": { "hashes": [ "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7" ], - "index": "pypi", "version": "==1.12.1" }, "xlrd": { @@ -1547,11 +1455,10 @@ }, "xlsxwriter": { "hashes": [ - "sha256:9b1ade2d1ba5d9b40a6d1de1d55ded4394ab8002718092ae80a08532c2add2e6", - "sha256:b807c2d3e379bf6a925f472955beef3e07495c1bac708640696876e68675b49b" + "sha256:1a7fac99687020e76aa7dd0d7de4b9b576547ed748e5cd91a99d52a6df54ca16", + "sha256:641db6e7b4f4982fd407a3f372f45b878766098250d26963e95e50121168cbe2" ], - "index": "pypi", - "version": "==1.3.7" + "version": "==1.4.3" }, "yara-python": { "hashes": [ @@ -1610,42 +1517,33 @@ "sha256:f0b059678fd549c66b89bed03efcabb009075bd131c248ecdf087bdb6faba24a", "sha256:fcbb48a93e8699eae920f8d92f7160c03567b421bc17362a9ffbbd706a816f71" ], - "index": "pypi", - "version": "==1.6.3" - }, - "zipp": { - "hashes": [ - "sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76", - "sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098" - ], "markers": "python_version >= '3.6'", - "version": "==3.4.1" + "version": "==1.6.3" } }, "develop": { "attrs": { "hashes": [ - "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6", - "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700" + "sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1", + "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb" ], - "index": "pypi", - "version": "==20.3.0" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==21.2.0" }, "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "index": "pypi", - "version": "==2020.12.5" + "version": "==2021.5.30" }, "chardet": { "hashes": [ - "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", - "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" + "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa", + "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5" ], - "index": "pypi", - "version": "==3.0.4" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==4.0.0" }, "codecov": { "hashes": [ @@ -1716,28 +1614,20 @@ }, "flake8": { "hashes": [ - "sha256:12d05ab02614b6aee8df7c36b97d1a3b2372761222b19b58621355e82acddcff", - "sha256:78873e372b12b093da7b5e5ed302e8ad9e988b38b063b61ad937f26ca58fc5f0" + "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b", + "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907" ], "index": "pypi", - "version": "==3.9.0" + "version": "==3.9.2" }, "idna": { "hashes": [ "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6", "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" ], - "index": "pypi", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.10" }, - "importlib-metadata": { - "hashes": [ - "sha256:c9db46394197244adf2f0b08ec5bc3cf16757e9590b02af1fca085c16c0d600a", - "sha256:d2d46ef77ffc85cbf7dac7e81dd663fde71c45326131bea8033b9bad42268ebe" - ], - "markers": "python_version < '3.8'", - "version": "==3.10.0" - }, "iniconfig": { "hashes": [ "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3", @@ -1806,16 +1696,16 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], - "index": "pypi", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" }, "pytest": { "hashes": [ - "sha256:671238a46e4df0f3498d1c3270e5deb9b32d25134c99b7d75370a68cfbe9b634", - "sha256:6ad9c7bdf517a808242b998ac20063c41532a570d088d77eec1ee12b0b5574bc" + "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b", + "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890" ], "index": "pypi", - "version": "==6.2.3" + "version": "==6.2.4" }, "requests": { "extras": [ @@ -1833,33 +1723,16 @@ "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==0.10.2" }, - "typing-extensions": { - "hashes": [ - "sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918", - "sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c", - "sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f" - ], - "index": "pypi", - "version": "==3.7.4.3" - }, "urllib3": { "hashes": [ - "sha256:19188f96923873c92ccb987120ec4acaa12f0461fa9ce5d3d0772bc965a39e08", - "sha256:d8ff90d979214d7b4f8ce956e80f4028fc6860e4431f731ea4a8c08f23f99473" + "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c", + "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098" ], - "index": "pypi", - "version": "==1.26.2" - }, - "zipp": { - "hashes": [ - "sha256:3607921face881ba3e026887d8150cca609d517579abe052ac81fc5aeffdbd76", - "sha256:51cb66cc54621609dd593d1787f286ee42a5c0adbb4b29abea5a63edc3e03098" - ], - "markers": "python_version >= '3.6'", - "version": "==3.4.1" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4.0'", + "version": "==1.26.5" } } } From 99b13eed43f6995ca8806da44b5b6950a9f53bd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 9 Jun 2021 14:42:49 -0700 Subject: [PATCH 012/132] chg: Bump deps --- Pipfile | 1 + Pipfile.lock | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Pipfile b/Pipfile index 98a6f18..f445eb0 100644 --- a/Pipfile +++ b/Pipfile @@ -64,6 +64,7 @@ markdownify = "==0.5.3" socialscan = "*" dnsdb2 = "*" clamd = "*" +aiohttp = ">=3.7.4" [requires] python_version = "3" diff --git a/Pipfile.lock b/Pipfile.lock index e649998..94f7879 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "7a06c4c5e7971831c0908f2db178124724b73d092f902d03f004bd928a3f2c94" + "sha256": "f466a54a3a73ee9c0475f4955d374184cac4e3b799fea8ca4ead77f2e526cb9a" }, "pipfile-spec": 6, "requires": { @@ -56,7 +56,7 @@ "sha256:f881853d2643a29e643609da57b96d5f9c9b93f62429dcc1cbb413c7d07f0e1a", "sha256:fe60131d21b31fd1a14bd43e6bb88256f69dfc3188b3a89d736d6c71ed43ec95" ], - "markers": "python_version >= '3.6'", + "index": "pypi", "version": "==3.7.4.post0" }, "antlr4-python3-runtime": { @@ -354,7 +354,7 @@ "hashes": [ "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.18.2" }, "futures": { @@ -558,7 +558,7 @@ "sha256:234f85ef59945fa1ebb618ca029f31f0cb43a637344dbda5c1bb8578b2d96a68", "sha256:7f04b621365e3753f8cef8ba40536acc23d0d201c0ad2dcb1b3d82c83056b7ff" ], - "markers": "platform_python_implementation != 'PyPy' or (python_version >= '3' and platform_system != 'Windows' and platform_system != 'Darwin')", + "markers": "python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin')", "version": "==4.12.0" }, "multidict": { @@ -982,7 +982,7 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.4.7" }, "pypdns": { @@ -1026,7 +1026,7 @@ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.8.1" }, "python-docx": { @@ -1236,7 +1236,7 @@ "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926", "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.16.0" }, "socialscan": { @@ -1258,7 +1258,7 @@ "sha256:052774848f448cf19c7e959adf5566904d525f33a3f8b6ba6f6f8f26ec7de0cc", "sha256:c2c1c2d44f158cdbddab7824a9af8c4f83c76b1e23e049479aa432feb6c4c23b" ], - "markers": "python_version >= '3.0'", + "markers": "python_version >= '3'", "version": "==2.2.1" }, "sparqlwrapper": { @@ -1696,7 +1696,7 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.4.7" }, "pytest": { @@ -1723,7 +1723,7 @@ "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.10.2" }, "urllib3": { From cb12d8a055bce4757df71fe081341836ac4329a3 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 10 Jun 2021 07:04:18 +0200 Subject: [PATCH 013/132] chg: [travis] remove old docker before install --- .travis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index dca4f44..47fb784 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,9 +11,6 @@ python: - "3.7-dev" - "3.8-dev" -before_install: - - docker build -t misp-modules --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") docker/ - install: - sudo apt-get install libzbar0 libzbar-dev libpoppler-cpp-dev tesseract-ocr libfuzzy-dev libcaca-dev liblua5.3-dev - pip install pipenv From f422463f7034cf1170e5d2da8d4e6733384df71b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Jun 2021 11:19:57 +0200 Subject: [PATCH 014/132] chg: [tests] btc_steroid not working via CI --- tests/test_expansions.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 1bcc93e..838c39b 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -110,6 +110,9 @@ class TestExpansions(unittest.TestCase): self.assertEqual(self.get_object(response), 'asn') def test_btc_steroids(self): + if LiveCI: + return True + query = {"module": "btc_steroids", "btc": "1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA"} response = self.misp_modules_post(query) try: From 7248eb72e5bfe2bd172e0aed09ccfdb7284e0ad2 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Jun 2021 11:22:25 +0200 Subject: [PATCH 015/132] chg: [requirements] remove the pypi index from the requirements This fixes #505 but we need to find a clean solution for Pipfile generating it. --- REQUIREMENTS | 1 - 1 file changed, 1 deletion(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index 0fcfcb2..120d7c1 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -5,7 +5,6 @@ # pipenv lock --requirements # --i https://pypi.org/simple -e . -e git+https://github.com/D4-project/BGP-Ranking.git/@fd9c0e03af9b61d4bf0b67ac73c7208a55178a54#egg=pybgpranking&subdirectory=client -e git+https://github.com/D4-project/IPASN-History.git/@fc5e48608afc113e101ca6421bf693b7b9753f9e#egg=pyipasnhistory&subdirectory=client From 94795e49936e555040a2f13e61dfa8a43a25f360 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Jun 2021 14:51:30 +0200 Subject: [PATCH 016/132] chg: [virustotal] make flake8 happy --- misp_modules/modules/expansion/virustotal.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/virustotal.py b/misp_modules/modules/expansion/virustotal.py index 2922417..2c82787 100644 --- a/misp_modules/modules/expansion/virustotal.py +++ b/misp_modules/modules/expansion/virustotal.py @@ -215,9 +215,10 @@ class VirusTotalParser(object): 'http': f'{scheme}://{host}', 'https': f'{scheme}://{host}' } - self.proxies=proxies + self.proxies = proxies return True + def parse_error(status_code): status_mapping = {204: 'VirusTotal request rate limit exceeded.', 400: 'Incorrect request, please check the arguments.', From 3e53398dee88f9663dca43d8ff4caad07201dfdf Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Jun 2021 14:52:28 +0200 Subject: [PATCH 017/132] chg: [travis] flake8 updated --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 47fb784..9332806 100644 --- a/.travis.yml +++ b/.travis.yml @@ -49,7 +49,7 @@ script: - nosetests --with-coverage --cover-package=misp_modules - kill -s KILL $pid - pip install flake8 - - flake8 --ignore=E501,W503,E226 misp_modules + - flake8 --ignore=E501,W503,E226,E126 misp_modules after_success: - coverage combine .coverage* From 605231e089c5d5a3a65972a55785ed94981b57fc Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 11 Jun 2021 14:54:07 +0200 Subject: [PATCH 018/132] chg :[virustotal_public] make flake8 happy --- misp_modules/modules/expansion/virustotal_public.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/virustotal_public.py b/misp_modules/modules/expansion/virustotal_public.py index 12aba9f..c10f4d2 100644 --- a/misp_modules/modules/expansion/virustotal_public.py +++ b/misp_modules/modules/expansion/virustotal_public.py @@ -17,6 +17,7 @@ moduleconfig = ['apikey', 'proxy_host', 'proxy_port', 'proxy_username', 'proxy_p LOGGER = logging.getLogger('virus_total_public') LOGGER.setLevel(logging.INFO) + class VirusTotalParser(): def __init__(self): super(VirusTotalParser, self).__init__() @@ -107,9 +108,10 @@ class VirusTotalParser(): 'http': f'{scheme}://{host}', 'https': f'{scheme}://{host}' } - self.proxies=proxies + self.proxies = proxies return True + class DomainQuery(VirusTotalParser): def __init__(self, apikey, attribute): super(DomainQuery, self).__init__() From d1aeafb3aebd6b4d4e3a909b01c05947e3118860 Mon Sep 17 00:00:00 2001 From: Aaron Kaplan Date: Thu, 17 Jun 2021 14:33:15 +0000 Subject: [PATCH 019/132] unit test for dnsdbflex in lib/cof.py --- misp_modules/lib/cof2misp/cof.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/misp_modules/lib/cof2misp/cof.py b/misp_modules/lib/cof2misp/cof.py index 7b8d35c..d7420a0 100644 --- a/misp_modules/lib/cof2misp/cof.py +++ b/misp_modules/lib/cof2misp/cof.py @@ -125,6 +125,9 @@ if __name__ == "__main__": assert is_valid_ip("2a0c:88:77:6::1") # COF validation + print(80 * "=", file = sys.stderr) + print("COF unit tests....", file = sys.stderr) + mock_input = """{"count":1909,"rdata":["cpa.circl.lu"],"rrname":"www.circl.lu","rrtype":"CNAME","time_first":"1315586409","time_last":"1449566799"} {"count":2560,"rdata":["cpab.circl.lu"],"rrname":"www.circl.lu","rrtype":"CNAME","time_first":"1449584660","time_last":"1617676151"}""" @@ -139,5 +142,24 @@ if __name__ == "__main__": for entry in ndjson.loads(test2): assert validate_cof(entry) + # dnsdbflex validation + print(80 * "=", file = sys.stderr) + print("dnsdbflex unit tests....", file = sys.stderr) + + mock_input = """{"rrname":"labs.deep-insights.ai.","rrtype":"A"} +{"rrname":"www.deep-insights.ca.","rrtype":"CNAME"} +{"rrname":"mail.deep-insights.ca.","rrtype":"CNAME"} +{"rrname":"cpanel.deep-insights.ca.","rrtype":"A"} +{"rrname":"webdisk.deep-insights.ca.","rrtype":"A"} +{"rrname":"webmail.deep-insights.ca.","rrtype":"A"}""" + + i = 0 + for entry in ndjson.loads(mock_input): + retval = validate_dnsdbflex(entry, strict = False) + assert retval + print("dnsdbflex line %d is valid: %s" % (i, retval)) + i += 1 + + print(80 * "=", file = sys.stderr) print("Unit Tests DONE", file = sys.stderr) From 4078119db099986c5505baa3ad6a7041975b6363 Mon Sep 17 00:00:00 2001 From: Aaron Kaplan Date: Thu, 17 Jun 2021 14:36:27 +0000 Subject: [PATCH 020/132] fix the last issues of #493 (https://github.com/MISP/misp-modules/issues/493) --- misp_modules/modules/import_mod/cof2misp.py | 36 +++++++++++---------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/misp_modules/modules/import_mod/cof2misp.py b/misp_modules/modules/import_mod/cof2misp.py index 90998ec..841da09 100755 --- a/misp_modules/modules/import_mod/cof2misp.py +++ b/misp_modules/modules/import_mod/cof2misp.py @@ -82,7 +82,7 @@ def parse_and_insert_cof(data: str) -> dict: # o.add_tag('tlp:amber') # FIXME: we'll want to add a tlp: tag to the object if 'bailiwick' in entry: - o.add_attribute('bailiwick', value=entry['bailiwick'].rstrip('.')) + o.add_attribute('bailiwick', value=entry['bailiwick'].rstrip('.'), distribution=0) # # handle the combinations of rrtype (domain, ip) on both left and right side @@ -91,26 +91,26 @@ def parse_and_insert_cof(data: str) -> dict: if create_specific_attributes: if rrtype in ['A', 'AAAA', 'A6']: # address type # address type - o.add_attribute('rrname_domain', value=rrname) + o.add_attribute('rrname_domain', value=rrname, distribution=0) for r in rdata: - o.add_attribute('rdata_ip', value=r) + o.add_attribute('rdata_ip', value=r, distribution=0) elif rrtype in ['CNAME', 'DNAME', 'NS']: # both sides are domains - o.add_attribute('rrname_domain', value=rrname) + o.add_attribute('rrname_domain', value=rrname, distribution=0) for r in rdata: - o.add_attribute('rdata_domain', value=r) + o.add_attribute('rdata_domain', value=r, distribution=0) elif rrtype in ['SOA']: # left side is a domain, right side is text - o.add_attribute('rrname_domain', value=rrname) + o.add_attribute('rrname_domain', value=rrname, distribution=0) # # now do the regular filling up of rrname, rrtype, time_first, etc. # - o.add_attribute('rrname', value=rrname) - o.add_attribute('rrtype', value=rrtype) + o.add_attribute('rrname', value=rrname, distribution=0) + o.add_attribute('rrtype', value=rrtype, distribution=0) for r in rdata: - o.add_attribute('rdata', value=r) - o.add_attribute('raw_rdata', value=json.dumps(rdata)) # FIXME: do we need to hex encode it? - o.add_attribute('time_first', value=entry['time_first']) - o.add_attribute('time_last', value=entry['time_last']) + o.add_attribute('rdata', value=r, distribution=0) + o.add_attribute('raw_rdata', value=json.dumps(rdata), distribution=0) # FIXME: do we need to hex encode it? + o.add_attribute('time_first', value=entry['time_first'], distribution=0) + o.add_attribute('time_last', value=entry['time_last'], distribution=0) o.first_seen = entry['time_first'] # is this redundant? o.last_seen = entry['time_last'] @@ -119,7 +119,7 @@ def parse_and_insert_cof(data: str) -> dict: # for k in ['count', 'sensor_id', 'origin', 'text', 'time_first_ms', 'time_last_ms', 'zone_time_first', 'zone_time_last']: if k in entry and entry[k]: - o.add_attribute(k, value=entry[k]) + o.add_attribute(k, value=entry[k], distribution=0) # # add COF entry to MISP object @@ -152,7 +152,6 @@ def parse_and_insert_dnsdbflex(data: str): try: entries = ndjson.loads(data) for entry in entries: # iterate over all ndjson lines - # validate here (simple validation or full JSON Schema validation) if not validate_dnsdbflex(entry): return {"error": "Could not validate the dnsdbflex input '%s'" % entry} @@ -162,9 +161,12 @@ def parse_and_insert_dnsdbflex(data: str): rrname = entry['rrname'].rstrip('.') # create a new MISP object, based on the passive-dns object for each nd-JSON line - o = MISPObject(name='passive-dns-dnsdbflex', standalone=False, comment='created by cof2misp') - o.add_attribute('rrname', value=rrname) - o.add_attribute('rrtype', value=rrtype) + try: + o = MISPObject(name='passive-dns', standalone=False, distribution=0, comment='DNSDBFLEX import by cof2misp') + o.add_attribute('rrtype', value=rrtype, distribution=0, comment='DNSDBFLEX import by cof2misp') + o.add_attribute('rrname', value=rrname, distribution=0, comment='DNSDBFLEX import by cof2misp') + except Exception as ex: + print("could not create object. Reason: %s" % str(ex)) # # add dnsdbflex entry to MISP object From 83fd44ed1347880efe52e233f52d74201cd5d24f Mon Sep 17 00:00:00 2001 From: Jason Zhang Date: Thu, 29 Jul 2021 12:13:31 +0100 Subject: [PATCH 021/132] add vmware_nsx module --- Pipfile | 2 + README.md | 1 + documentation/logos/vmware_nsx.png | Bin 0 -> 53372 bytes .../website/expansion/lastline_query.json | 2 +- .../website/expansion/lastline_submit.json | 2 +- .../website/expansion/vmware_nsx.json | 14 + .../website/import_mod/lastline_import.json | 2 +- .../modules/expansion/lastline_query.py | 2 + .../modules/expansion/lastline_submit.py | 2 + misp_modules/modules/expansion/vmware_nsx.py | 615 ++++++++++++++++++ .../modules/import_mod/lastline_import.py | 2 + 11 files changed, 641 insertions(+), 3 deletions(-) create mode 100644 documentation/logos/vmware_nsx.png create mode 100644 documentation/website/expansion/vmware_nsx.json create mode 100644 misp_modules/modules/expansion/vmware_nsx.py diff --git a/Pipfile b/Pipfile index f445eb0..4057e4f 100644 --- a/Pipfile +++ b/Pipfile @@ -65,6 +65,8 @@ socialscan = "*" dnsdb2 = "*" clamd = "*" aiohttp = ">=3.7.4" +tau-clients = "*" +vt-py = ">=0.7.1" [requires] python_version = "3" diff --git a/README.md b/README.md index 3d21bef..777fd8d 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [virustotal](misp_modules/modules/expansion/virustotal.py) - an expansion module to query the [VirusTotal](https://www.virustotal.com/gui/home) API with a high request rate limit required. (More details about the API: [here](https://developers.virustotal.com/reference)) * [virustotal_public](misp_modules/modules/expansion/virustotal_public.py) - an expansion module to query the [VirusTotal](https://www.virustotal.com/gui/home) API with a public key and a low request rate limit. (More details about the API: [here](https://developers.virustotal.com/reference)) * [VMray](misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray. +* [VMware NSX](misp_modules/modules/expansion/vmware_nsx.py) - a module to enrich a file or URL with VMware NSX Defender. * [VulnDB](misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/). * [Vulners](misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API. * [whois](misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd). diff --git a/documentation/logos/vmware_nsx.png b/documentation/logos/vmware_nsx.png new file mode 100644 index 0000000000000000000000000000000000000000..4d4ba96e16ffdded17202903cda9962ce13e6d44 GIT binary patch literal 53372 zcmZ^K19)Z6vTroe#F^O6#F&ZgOgOP^+qN^Y?TKyMwr%d1Z|8r`J@>x*y|?za_UhGL z)!nO6UG=N(P+4hFcvx&$5D*Y}aWNq|5D?H?VE6$V68L}mv+xh_0b$H9#Sa2f9sTuH z_Y3fyP+v?=3IxQB90bHC00iV280B*W0^-O30&=1Q0>Y6D0)k1QvRC;3aYwaM05`J3G@k zGt*hy8PhYev$NAPFwrwH(E=%G?Om-LbX{nz>`DHW$$#Y|WN5E%XKLeMYHdaMnXj&% zwW9+!G4W?X|GEBEPX|+@|1QbO{@EP`hWiM25$hmVLEoA|w7J*cE4ltBMg;;6EOF|b!0+D_DiF^gz=)SFsXEOn zXcY(=uupa}hZojQ{(s(md3=1xZh34_EiwL;`pF8j{to|N)WX?_ggP+oh-*TtU;euw zfktoe|5W7&99l)-5}b9~sr#RbeX@3-g8`|tFA1k0WOhU+gOie;jW$-!4eTq1(39#P zSFG6Gdw|48s?aXWbCukuK`NFsV0glOs%e^F4>va(h?e2&oHEmqw8>fp8QuJ%^|gzt zz-)tYKqZcXacoyJg|ojxW1f(AyB&8rCD-Sapx;H_nOIl|SbCz3oZcYe#fK1f+B7V& zlmO%`CMrd$Dlu}wJ-7CE;Ry)n9|8NbiJ5I3F^=qRb&kH=M!?qakOzLmN8z8wb2SJA zA3k|`lFCO8U)C78QyjD3DhZ*lVe6FTbfWx<95;VivWv;#3+h#iEsObe-$d5z=FH$i z@e$|As5|QCSbl6j9y;l%TEXx5dm!~LR>=}XgkSYOQfdnYJ&~kt%ICczV{d)kR8kxY zVHNz6dX@12TDLIp-T>?n1V~WMU@wNF*`D*U&VEv+%NqKj->0>SZ`_xNuD|Fw38R2VOIE?$duN_O75V~IWUBs3zDO7}+H$-!}+& z2_l+VOj5GL)2^@UbM@8OId9rumE*T^7H3Oo4%@qsQRid>fu7Fxb4!^1T~*P7e9H9q z`sDuC;SPhg2FhvhvA-aLs}537-xnf364>S)vQ+QI2kGMNIrB|gFmzu!65v1_om%!o z_w^UdCX3-5TMTHsfwQ1~g*CV1(;xi7=dJFu<6waE3=yWRK`xx{ z1-j0mG<>M^C>(YO z3Q5cfAx}mda01Hpp{t9>Gxi-a@!RehC}@+75M^OOkUrAkMmx7ri-WPF5^!?+3I_PV zhj9vZt(eh*l_M_&54qM9Q++M1Mb{C(k6TiG&q;woyv7svSN^6dNS#jS5L<6y5YxnZ zIC$6Iz=-M?*<4J*zi{)ze-`J-n~}W5Q={kmEB>e(E{2PFhENTG z1#Le<3s~6EBt3OyQBpSk<)5wE5%Kk#>+pb|lhP7g!_kQxFrCTgO4SziMLp1&2nW=E zI%oUdD$qY~fZYQT1@)Y)uHQWP5`@6k^p4w+Enb`$KNU z#o%y)x{>9PurNp2ty}iQ*FbrQERXp8ewM8bl&~O}X8)1b3T9$aQB@2^WB+-Jub^+v zPs>A7*iRp>h3riF@C}7K<6>x+NcF<(duoxu(@q_yog*z22rn+WA2o%Lo}67s_49lg znNyBVKk=03r*Pz6gAK1m zA3BGvKYbJk`q}Kpn@D2eo~WF0744kYm$;REif=r@E)=&xn;K2@65jDrICD2n9Dh$ZX)92Z(LJAt=r_@}4NcquD1d|1L@*XoDB(>G7dszX3Ucg?W}Hyp@eq72qX%wcLa5 z>xpbbYtX!ilXg@w@d^!?vEo;n$EKr~2#j_{D!*isAwt$>D0dmipRZ)5J0;37)|Kl) z!$k9j6ZhESA*D0d{wT3Z>Ugkxn|eoKl~AUSMxa%vE-o8X#zJ#3*T=#qYUYf4*$^v~ z=#YJr*9}{{R>M!CQ|5ZHeL&WIoQPMs{hEj4r?-9u3Hf4#e1!5jRw2@84Uiu>z-Y^F zxC_#*FB(LvxIU0u7GCT(*fs?BYKBb1XNj%%Qm^HV?B(z4^YpCy^WTl9v9o+YHroMP zl*!)}!SE!Ro(kcR57%G1!S-1lcw-1?4Jlky%i9?NaN&Fz9L%hTc7O&=8au@)y*7Q8a4{cL z99V(74EnrLsDKhzWX&AMoM zAs6k1eW3*J3bFH-1<$6EZ_bre-9cQm#Sa5IQCd#3a2VKfM4^2h5??n>tF>8)AsW+h zC;8!PS7a3^2ATd5MhHMPqurlxd6Wjsl4uK}oxLnhGcjn9bu&;gFq&k=8g4j*c@NHt zn5E`W#Ni?f(2wE!~;c2-H+py&~&*bE)jG)$bm7>WyjZ|uvar)k& zrh*mxc6*refSjrUMcdQnBfE;P);bF*BP}AeacUqKaZryhm>7)}*6a+^mlsHbX3mK# zB^?@&)9oEC(2MjGEO1dcJ-7|7xS*8O83rKY9r2F|_RVXRnn) z$pQ)coKJYO!yT#+DKR(Mc3B5A^kl|lmz9drgkEd=x5NQ0xV#E2DI@1;!r4imIz`eZU+Md{VD^4&U52pv z^=7@X?d3IG%M!)R6)jU3Td1yptV%1kV6V}(AF}t3*B5cq zJHHGE*t{qgTpbv=fx)b0s7DugX(`ZF<|2P&p!=H_4y1yLj@|?d@TwOHXE%OMm&OhD z(g$7PuCkANp~Uh@)c}fxtiE#L-W0Q+%PI$QBE!1aY%*F4e}ZP?@cT?l7Kw*g*P0d- zZ)Gd+oMBXyF27eAY1TMNNx!*W4XX4etbZLl(wpN^yU+ANNN zrmHWS0ooVc!yHdVN1Lw^S(0=HL|t)Jeh>x%4pzpch}WM12?N7-ym)w_S@v4oA^Fzg z?dsNn;I=0fzE*lMI;FrNgIcI-7|=DG*IKwB`AIGi&FK&bk~ML4I%tA1JUHZ10A zGN@(h?;~0DeX~9?z_{x?=95N{c%zyi3XK!nG!6Xd)LL^|gH)hc*zg(?ZEOEFBUeLa z{(F|Z{`GoZbI#XEyc3nWM9VX(ihlY-<6ScHLU9;CHywh=+P>v?TpJ7e(!sktLEFs~ zaHI)tZFL0bIWlT=Uu#a_Z0bDs25tCw5zZz{q2G8y8TMdF%8wL`!(jcrZDoR@U5WW^ zvAk<*s@8Tnxl@Pl(MB-H&ZZTo=BzQsitYQ(%e6Vy51iCs2AeR%oq z*6mj6tgS@wCYX zB{Wvzr1Nkh$(x*HV2w6BZ#Kv+T{bVdmz5QCeSrV~lBM61&dlIR6OrQyD<>IrbVghV zwBU(5$&q6uT6k9@8t6ogYBf+r?uhak6JR3VXI49yj2X*=OW}+;i@+#a=agwUw<@67Rj*Ia#KDsVqbn)YlFbH}TYq4tW!D{GLerGpNpvG{PrU)iUm0k= z%gNzMPE!iJ>}(F^55?wUw?B~<2MXB7d*BRvTXny*oP6;22@!^9)SGOr8{0R^;;TVU ziQ5x9(30F%Q)z|7fcFGDjBZKUyBGunPckK)1icg+pykbJ?{nDGO3CMes{af{lCpa|QX~!++8F3DENK6j+Vh>X;yCJ3_z7>XO`GA?j_+8`qyg-=!WKD16v#MDWdO8-ZJ8{ilH-sbRb%#I7 z6#!~;YV#C=VcWAM0Z(UCp=mJ_NsOSJo&1+uR!37xkR(j}#O`~@WCZyuN-s#$TX>$m z4&mWKibi`n;A8~jFvXA6RBx5~5>Ch9dUjok8}UmuXT>dfL=<8lWNZsT?Q-bcgKcNr z+(%U%M6`Fe3P{*&-hExeAT5~ZC%WMI^1ia+2nM=nsHGMcT(qF2U#6*jDT|^3Z+@K% zip$UXqNed{^!0IXxzI@PU|o`gE{6J~HPav^B~Rt@zJGHNXB+=(8(EH`QY-Vxc>>y- zJ*;M^VKRl1d57@9g&;qS(FzJYi_o5M|2`#E$&cyd3gPv2pjG``+{9Pb@#n%Bfy=I> z^j0nB>5lQ^tLnUA1}YsIrpYLX#rNG_DLadF|#LH)lL*%UN0K2@9&MNcWZ~?!EJLXGkrauxTB;k6)|mYgLpxy4W2|E8kd^D@4~Wa z$un$5ukJ7q`P*4v1PNeaTWGIH*q{7}{8D;}&2~mr(x0&MHddx-y+dBH@xW2Hm6<-$?5fs^UR_66K}C&W}{ zdwQ`^wI30AA%&rm|Y%V zb)`dxIjO1=HhLJ*)dk8paPsYm^=s#;vScy=&!%cr0%@~NEOW*YsihqkZ`QJG(8vxp zS)d@@VxqCl%M2n*;#NGOU3Ez@zAdR2a;{LyK5Po{efRM-Cg$;_=_GrRvue9pN6lY! z@3%|hJ*8RfgKiyO0yu1}02$}_tx!&-9J(gV-rznGCa$G#=o2qT?TsT7o`75DZ;cA@ z#ifIz8qpPNmp8vC=g%2j$&-O5LLGe&bFy^A21>=mPoqkp+@phNIUJsAeYU8thju}- z5i88Z`P){vjqq*JLMR)tHjfcn+I&3iXwdTJZ%;a7Gzl?-Z-p5J*t^cQz2>x5T`X&n z;ckm|r;o&>CsfI{7A7}O{KcM#0)u-ReacWYsCCG7k2zp5&B#!-@!MN$LdDuaBLPOQ z$9bgK?Q5yhiIa4oJ_yW<7u_Yt)4n7ww=-*0N-NYN9gPp~Y6#KjA-ntz`Pa02qRtc! zNvyE~i}(eDqm%df)C`qdJ@kRWM|n|t@-%Y+BLAzPnZE?Q%y7;hmOmji-yt^Cn+ny- z9q*L=VTWa8B)j%Yy2W;b=+p%1r_swu*feeKJtm5bm9gH|Pcx{2ic9w8=iI;CP+zSD zC*0cpGB>A8)W@n6x*)6dkRX0|lIIF&kxI^ZhK$WiZf#GC9blt#3Xb2@tb!z&^hS~K zZbC(!2$Rij9`-1#MgHYF!jjaf8UPxXXEVnJ>0eJ`CoB;kvR^qUtgmkiUN;T5zh6(zw_xY_)uO{t2N5*=RYg9rZAS z-**sun6QCMasNSEf%zetINhW?c8GMiNOimg8j~VcUh@|L@$FFX^?rap#?6ebf$s((#OzQQTYxHURd$?7c^vwEx${nre&PV2}l zotwRT?y3LdOnS4~h6oBSKa=;zs}P(XLppSA0<(`Y`%cTG`6+gl!@LvM&F!Jfbqt;u z7du3ZgLl%D1R-*_xlWCl_;+bebCCD@V0#8);iv8S7UG?8LrpK{Yw)r?@QV+gUBv;g zVtb9!_uDzjbWWZT7uvbG?uJ>zFP8k_UAjPX@L3mfjb#xP*#=r9b@;8r;=zMv@|~ap z`-4IA{Ca>xxhBOQIcW^=b<}pW-FoZ#rBR2t{6;S}YavyF*mS>Q_m!n#Vf$j0Tz5iv zP)Fy3(td*MHy|&AHK|QumAW+C=DO$$h%<%!uO(knC+vgqGjh*(0Yy+7?9x{w0Zc0n zqRi3G^z_S$`Aup0p!jw6>%S))V;?TGUeDg)RpwGK12WJBMZP62TyL>=9pp)-2B)4^ zPo4CAjB#>O^%WiG_0uW4h#u+wTrC^k9vU=|ZhlWKweJ&0dX@G6!*g)Y2BCHltF)*h z{FOOGW6<^9s%C7~X@9q6vm+updER2D7-=ughm_|B5eep4y^$@JG)F1H`)fEB+w;&j z`-zNNr{P)LwMlgel+|%EQ|n6lZffVDol0GRj3(aJv_zo3(5pR&`hL1GyiiY(Qg=}HIEDl`3S zWztNdoDH(|=qwH+sW971m+8ITSbiAUGH|*e@^MP7^rHLXe;OG0?&f8Bn-E||s>$1J z{@y@gWT24F0Qwn;W(@eVv9Han&bAthMKenQBlLt$J#N7_j=PD$-}PeBM_TD5xM`v3`+TS^wme-8ViN3Mp z-ErH-^e0;+YhtxwU$K@_p^LeWhjuc?qVtj7@rRB`W$n#C7}1~{z75bY7O&~H_m+oW zS8Jul+c$t{mO(_NVE;~a5%^E2Z~hbBoo}3^+Ej#yP*0R}*3r9E`%3rya!o#Dw!#}y z-JY5u)!+g$LYUdb!cqi{91ec4_CYJ8nk1d_J~4l(KCx5lmx1wf>*V*MODN(O&oGCp z;MIqkFl?@?%BQAXj8QClBvUcX7Lzcdh{ER-`EVCt}2wy5P zxsApkuGY?1ogfq7{08wNm3^s~9bxz3b+7+=bt1zMb2|GK3xaaYu!NZq z59c6Be|ty5=B7Fi4zgmkqt#)<8Ma`W*=8!!4v6e|B7*k+0V=Aut`Hgz_B^xcS})I5 z9&Pn=%%YZsY2&$d7a;tJ*MOJMeseS584Mr01^4Z z%0JCE-ynMgUaCH}{+ha&UBH#4Du+=@GY?VcLc5e(;c#$6%yv9*ELd*nkC+fnY3h~P zH5B^Fc^N`xYQ32kK4@C}b!JUIu4u5}M)%G9baQ6fV3Z*QMEap65%4Ca4|7*6}=3Vl~~F zOHr4+6g9u2=W~a5(&70<*Io=3VaYH~btXP&a5xO&U8Z_9#0zi95>ByZkp_c(S2wN{ z=6lU{oHvZPe}AE}Qs{ZB6`k6A@lK;+IBACCs-wi1k9g-%k#jDSpr?8DAhBw5LM9)J zU@*^9tOVQoVeEBa`*!ufNoNoR$mWqcxFC>_kjt{)W^_4QHYL47IT&qjn;vYHD zs3Y-@z6Z2E4?L^Y97(_`96KV?l04EC!*evK8dCZgh1^5zH?LV|s1a9`><=SmoiVoJ zwLARxOuNaO!&-6*Oj}1z7@Wi~@mo)cg+zlqsE5|t18K$I+?CS<+}~NyN;~sk)&)=c zBWRP^IKFwm^ijB84k6>J)83p!!p~Hi?PO=my&7d+*9QeA;-2_JuZ-R z>WUJ}uD6dzA9w{Kwyr@7mD~_3YZm#;c^~6T_Dut?(^0GY`zm{J&Bu+$_F0?xdBJKY z(E@R{Jf@W;!@UR_jq9{8Dw9tRnw2lpWV))uze9})$sDMta2l>VPTrMlhu2KX#yY>U z8y+8En-}0aN0O4583wUK9&z>uGxPI}mVF58 zzXfO7h`N2fnobW?#l&ELo?d|`Z%aK46QZvLZ1VmfNRXsBZQ9_JIZ^vl#1r%=x|96Q z%J5=|a5}?MVR!iA^W<1Xez+^R_*=bJcne1WxQw$xv{~L?5pK!d=AMsj^aRj>*5yBO ziSlM_UE&M`+Dp|n5`jFdOqh`G$O=7Vp6O}4c!$R@agUKkZ4(7Ny6V40QK_8|?xfE~ z+x)##iOw+1x)UQ46Q^wiDWTadsnkNs;zCG1uoiUl zOpE&iVpgPb-^xi;NAziRh;l`*f{1UT$g>gp)(+^Ac(}nanYShYePD0rDMbkfm@|fa z7cG4{TS&~QCyh#z_lp^WHV+NHT&XOJWDYV>u^BI1f1F<*Wi*0y#@dA>%|)p%e;d~q zXtSBks7zZQIx+Db5ttvY_@jVBRp%~t7ha|r&P7s-^zgRJ4M%W~S<(FDN~6_~aP1T2 z%%6aZpyzyRyHIRSk_7ef#C0P-2M(}ht&;PATU-x%72z$nHn@KI6>OLxp zG&AEj4K!;n^CTBf^`yqGk~(VE&F`i_=RG$p5Lw|qaZ)jCK?Qw?b|0RAW%?o>k7&ic z(>o8{na(`p!3=2BG+k_}5MPn$cw~Rrw#rpcvTvlNnn6F@b~x;8EcxS}+8IIccHym3 zOVk^Iub`B_y56@DJM`0qQm3J%=)fz8KZz?!{k;kTbppB@r_|o|HU97_oVTMdfUY%i zz$lwYOr^RaT&qE7awAfHy#H zDGzkCNBg*P0bI4jonPWssUustlMK)X^jA$eqNDG6L*CcsBX+p%Ig8>X7;qXdy8UG= z`;X!YnW4&@eiGn{S^J!n=k=%bh-;LKe>}APkW7C6_WpX*nr=^T){v>$bD9qMqDAX@ zixL{jwy)&vxM7!m{YGIsPDVgTmJOp%&O8ji3n^DJ=~Afc`Pe^>>HHkm1lVq@PN{GS z1)C-%zV|O+Q>Hi;#JuXiu}rp~t!*+{P`@hOXX-HBCXY*>F#YK>)BRVfeGG)8wZWB6 zlfzL7H`fRx-x~As!J=h7T*^iR^#oIb5x2Dzow$~Cyd?3hUJv=`{8JA)cb+=gBnP_y zxaw>DR6<`M%7l<0!MpXr(SBqX=MVXMPX^;OzJ8(RUD@6mhOc2IK}8+y7&=zEJhgCU z7AGl!yjHIP(CRW&?ZvwKX{1N!<+&;c*LG{$cJ+*60*)%ErBGViS8=Z}KxTJL8va`E z+}Trhn$;C(+#ZO>ZiqS99UuVtgSY>2P%R)KkcgK_nWkkKp13mc*E6;%*yIWvZSi zSX?Ht*m4Ij5AL6rcs{Ck6h-iIzbs{Qy0Le$6lQ@!MZVfjcV(otb(M^FC`x<+x%qq2 z4Am}pf`;orMt~KO#odZ+H(82*S39e>cF|RJBz~}A6YHy(%nQbBx1@Ab=H6&N!x>pd zI|Yth6|ezr9i~{qiDZNSuFhnd5jQ081cy=bJDG}!yhz8Q$z_l)60~x(EHF3K_KYPLyDe4ltoc;_M`=o^ZM&Gc+m+ zp_iGw_}(wG1&>Fy%gG|KYP||YJaz7lTDd<@q{igPB^=)i!O}g(zCP|}(Cd?w>m&cs zDyP*){wtAq@iWz1tClMjYyhasOEgU^>5YosGWt% z?|t-xti@w4xsO%K=g$sRk*kMFdT+wFnof3#IL%90+Z=cPEBcM$CM zEM@&NoO#qDj~96+B304#gm?)eu<`wf?^{#-zpHMq*jkx;!7q5J`Ko)fB7gmGhsS@s zQ#Bc~+>&;YE?2}Rl|twX2P~vEJKwbm$63unJvv+{RcS*&p;Fit=yAX747N`5aR(8# zo}ld|UNSh=olSyL)fWLJE(&O?r&)9xtx}0UKOdqevJ8>4Qn)J<9w=!k$9ojTZv*9@ zJB4#Puluj0yB_BjoVg6Yg@g@h>6*4-Jn9Od{RQ?~4n;_~s>_R!SGC*Gzx(e<&XXC= zyPUqEB?Ab-4`-+toCGNSYrB3zinWgx5h$xouke-F z^iZ?d$kjN+a=*D|Kg`>FH9^apPgmJ~UO0WL0xo`yxuo9E7&x4HJec z4uJlv=lPF9KW@KSdf_(h>7jB>-_t>l5E9fPd)Wa+XcjyRD5UzNTLp;6$@MVdY-^&e z*oy-{Y?1z-48~2Yb}mz|)p4T1%$U+5+0a6yvsk7msx?z?BEg*>MhFAAczQHzge|qK zMT$EMmr=|HbSTqZ#Kbg6%33Zo(p*NQnXXS?UoR%m_=wBxFQO~%u2Z!a&G-K3#M+>G zJFb&Z~0P07e~MZ^sdkq&JhrNk*qvbu0QAZ+?UY5xLeQ3Mr*n8HTXb)8tPMQC1_ zCum;y*`(5#wph07RNX1r@BG1xCLe_ftBpWNE`=Ep7ljwPxT)!jL!d5RL*JjR?}sd2 zs>NYy##fa;07+3v&G@qGw6FJ5fJW3qnj4q>{ zu0^UscbjY>P)f7n49r})i7OCR7&xc|bQvKJk+3{E3 z3=N=hkhd>#(KD=ijJHCE*)p=_IRnL`KyMecliH+#KrR-}9?#zY>p zx8!k@TWC;QC|}tpR-WqsdtYE$l3C!1^g;7fNOv6-l6-C61Mtmc zfh{ed4+J~uoF6}`rURy&y)(S$h&PULA|+xkXdAgaIMD5K*l0`qL^lhYa}%oQaG z*N^k@jG)(49qCRh;Q$G!cL}gwd}^l;Y`+%oc2}nYEX>a z<2r|~W@Uf;Psozgg(Ln_mjU-9`btg*}sqN`D1)F)_#XDKgKK&+l}wg*rQ#LO&%Gmcmw&s!{7 z+=^fqTp_iezeFhtq48O`NhyjL{1!V~dPqO$i0EPJWP-!W1fl4VQ7SF$S0wU6;$j4{ zSYtntY5nso&f$uTI+&rSGIfx}vS2=QAw(RbfBV8XYM^dcgve3MZ(9DmrEl47V|iYb zlnUz)l5Qd71cxJW;s+%>{kXcncW1H)pb0;85P~Rdp(e3ak&$ZS4pyv_@PwiU@gufmArJFbCssTo<8iznIHrv{m>VR_f_$wR6RP+71X{I&zjVtq1ba zzIB8*zjH;Q8-fxXFp|cBq3rKr@>=DT2vJ0-cgUZ+Vj6#q8`iOh2MdN|v?=YTsTEKn zkxq|w>pIbRs0mTH*uB)YMUiIr`ho9l%Xsm=Zl=Q(H$@6z=bDC!Oo!qqyjjcvyVQ6q zoKA4aalYx{jVsM*OG+Mv7g20O@jI#lBc`;xA!N2(CaXM@n~FI3F0y}kFls=iVmN=k z12np$8s>C^?ng^OAJmi-E%k!xt>v@ z`t@h+zxIDxms0{1acX_OX`_x6HlM-@TW6qz?vYZ|cv_b-q@Az<_z0D&Q?zJ zE*C}hf`6z6Bz?q0^~DKBD3(FnDhnML){RggKzGB_OZCEtA_{&46d!c)%oj0=iiWI} z&%QYfE9@&q6OgPAM&g=i+0$`EEnG{Fd76L0SFghn>`m_|EwlNZ?}hpHUdnuQGYNI^ zGOJKgofXyx+%ooj&>hIpL0~Hr91N*9^C&d-LW9^5p;x-iB}iN(#j~v8!<~*TCLO`T z(ZX?AG=g4~-XI7r$TtXfssF`xwyW!Dm$GbxadCv!8n{_k9eIjj9=Kvp5^e?9PW#a9 zyjBd2&oW~l4%}jY%ju#Jryy9<GgPQJXdQ0aSh}4WY-`58=nn%P z6Nc_D?s-STa1Y*-WO-u6Muhp&u)JgOWNG>yS7W=cOZ25pW#iLgAtoK(qON#{O%gWi zs^3-KrstcUf{ihmoFOrzinjR9TMpOxCt%`&C`IZ0n!KdVDA{E;{9w<!`h&CKy#;Fg%Na_839ip`JOdzB$+PXf6ww zXJD|>M?gJvaX6OjZ&_eg3xSJZWZ%P!wKmWY_y!m;=TtS`nprkGzXM|0em)t3m*1Ux zPNr$0kBDf$%jctZnn9|4*G?hEm1hGYUi>Yj_{8HAIf2Qg5qi?JK_pGx&mly3X}r9$ zt3lA*WeZbNK717thjym=zV44le2Tby7huw;U+Y@k3gOzF88M(VcXZNYaN>?=B8iQY3! z<0ceLfKIYoq)#~O5036Un+pWoVXR3)k_V@J+l+oVHogL;2HCI?WnAZ@`++xi+vc&z zsKltsfNklhqSpA&eKB}JS=mMV-o~N;BGz8DbIogbT*SRtb_AwhrRLQ){&v{o8{-Qu z%0u<#_$~v#p!FSILvmo+NI~Ps3z?MPY}cF`mR!ITDoW1-ABEX75he+IFn4J_|bJq?}G#cg++O zTp_@9k$kX$o-TSL3PQEc!qcHSM}uLH4xKDYT-a$#b5i!KS4xa7+@E|qAZV=&oQTOv zEiR+J)0h(k*(|Mj1Nxbez!n59ktFYPHv;(ZXm5YQEyRKr>af+yM*14~V`>!ey0Ge$ z_IlntI#HV@6dE(fNYo+v{}p2(eJYG~gF7b(>*}HtnIzx~y(kz0|Ka2_JMZA=U!tkq zqK_@DXXVD~c?ufl_*6$@!~A7BH%NN372R;XGUxr`HUvu3YKT~%vgA-_94HwvJ~zx_ zY;u*ltwNhDR-qXE(C1@GW}D9^N)Sgcr0t``_hQ-P1Sp9Jd0uTE76Q8y|vG~MJxg$zY;5M z(-Np{GPeDiHjje=?9%ZsJQU}M;e7N!B-)L>MOA4&ibzMJu5Jk2WJmD?>w;@=dQYUr zu`IPxvw*NZeMT)#NZ21t&|r=3C&yX}FUBx|0qRTLcYI|!M`kyh$)h6dXGnu7kO^-2 zxejw~XM-}`y1U{tk1I`Wg{3!zei1I+$jmTKxlZ+(ysW?S%?IjXbH&yS;W+B}4M0q@ z{S(t{KXFnu7H#VFe+1$#=`(5TO_R;!I$_5M&OM>2{Q8(m8R#MiQtiJVw;MN^Ej+ z`uEJMAuoI3`BabD$K)_IiogjwZjirm>^M4#eXyRO1-RwN`g6;*b%(ps0}C=kl+F#G zd4&o2EsKQX7U5|bv3%fPBQK13u{JiSQ?XNY?%>udq8enZpg@MDsMgWqFSKz8xvjjV z#bM%FnEQjIKZ4~o7Tw(~!}$q?kgTBz~&TJ-o$g;ORZ=808 z9^F^#^N5+2V{2Ir9)H(TfQN`X+{gj3RMhg)YwN7GO3_TfN%f_i&xsA~qV!^87TAoY z20He@(+1OEzviU>Thr}@KVE@Ju`^Tuc~Mxe-7gg}<(PcIo%C?>-`2yG-4$z8G`sJ| z1V)QGsQyrZddqaXD=K!rQ+HjeEnAdUjAbV#KtI7?q>l97g^Tz#KPDE&(7xRU?h@Nj z>q7(CCP7p0OkydTNvQoMzR;7=Z{vgV2Uw41YmsEOHG}ktGiqc0xN%U^4?1OPUnTaImO9lr{5t4cuulQ)mu8@Nh6`pC zmDHE>)-&#$#Hywqm{E$(lkOq~4G`4wLd|81!7m=V2j!upIZ!H$2XD^joJ|+x?xH*h zfl}@Zy&_ek3dVz1X*ER@fydDa>CiVgh`)?-cE(Y-Ym7yIsJUh0>MVqaJ|{)^btDKD zMf_eJgZpYjDkrcnywGpaCX2T%@n&z=!|pk&8ybc4Zu}(c6{>@idZ41A5!|1}EU_7@ zr@_X6q#POE1tWQcYG~IMzJz!d=6oq*Ad7n-*+g&`VWym|@2L;|%gipdwy${+EAUg@ z#rRZrG1h5H%?6RKa_$N}rvO7JD?}Ow#Bo(+3ptS$JXLQVo{S+9b3Ds)K7QwGRCUSd zCJ3y*OmB5(uq@|xW^4v;&xRC#<@ZFek>cwMaCnLzC>5MC*-V!W;PJ zBdBix`b`U5OiYnCmV{eV@x$LiCD%|d^zXCiDdvPBv`PWJ(BT6-9r@Ao)q{yg`tB=}7rwajo$^zCjNM|69vs=x9~EhA43v^N_S3bTkXp`@wF zckEinJ(ejMz6`$zEh-Fbq#Q(8YKC4|KriqFh8x-^qB?(GGvWjRdOpdWiufq=XrZ*E z5(#_#y)*o2{U?Ct=4ehoO^5{MAhA%l23nbA3-Lj+%QjBllgr(Z)F3y)MU{n+n4p z@wkXsWd^4lXyFfkBrf)XV5BEwJ{-;}zYbYa>Tq2LiN@KW%+bGiZE2wuAs_QiJc@hI z$~lRUdT0T7ps~wQd+JUq7d>V)utU>83MO|#+{0D`WS;ceBV`rNDvg;CWVjj>b7FCb zk~hF!c2AfAE0#}}l&jk^7b-W*uwkaYqa+&=3-0fWGe2GfT5T_}%fY48wkNetg55So z?VIeoH1tD1#Tv@tI0J7MHfZC5AU%e>St#MBv~s14QqKE|zs_ijdNQDSd$Uwm z5UcAYQw}VNech>I?eX;D-&Ugz%-vl{Ap0J7=CNSdIF?~B&!S$=>hwPSgrCRMxIge! z;W>SM%%yl9f3tW^aMwXihsBq&_#l4#QoDFkrXU&6?{*9f&_uaB;qstp*>UrYEP7^r zXbXG6*A9*;A)+jDSL@a>KTO!_oRk@?Ps&(251^|c6~$JKSNcC}yi<5(!PYL^LC3bO zPCDw?wr$%<$F^-J9ec&LZQHh;oaFn?-v7DypSqYgbFEQTvuccY=nabB7~WnJ0+DaF zw8jQU1(@z)yK>2{hd@GpG`V_!MwwKp|IJTd-DsBYI|;j0y0nI7-^FpXI#_rlD{8}& z!0>qNOOtN{u(`LK^@?8n?Qe}6^PP~6KKpJE<7aXr~4~Cq%#*Sthv&%zCVONLZIj&sAB#S$nZUeBLIozn5?zZ*1k9K%Zpy zd#$p6NqwKPQ#&Fy3D|CJ^bCU4_!B8D{lJ>Y$x5$WQ54o(24y!hntD|r(Z-XvD0E=1 zliPfQ^^t{j9LzF#96VWx=SM}>&lunApi=b@OpTHxZb9N*PB-&*`KEFAc#4TgFL7QX zuItrxVu_;7!}SlER$NFp5{T?T1FG%eh_p7g7|R>MiR*A{^V29fn=DTL%C+LIw)xkB zJdwU@5Rr0?OKYl=hR?*4QRovpHoxKs4i^|IKhj4pOJ>=&wW>7OCIouTJdMNQum z-Z6&!W0VE*ul2r7c9xS@9%nPd;}JcO=MgN98%*BYjdN|r7_%~|zu*{UJlZO`4Ks=# zdhhV1d0tdO*TbxMj?|3S9$CN0ZzcK^+9;JTg-m}CJk-1w>Y*%CK@D|>KGkWi&9Fk* zDI23ybUBGl?ku2SrH!vtYa?Uc(2~Ff zM+(zDiR*CT?EMbk@%L&BoTs= zTA7m*d#Bz_LPu36y!Ml$5ByN%^}828N(`ze<%91CA5#~2RV#6=1hL*sShEEmZ)dT3 zEKc2WvTUG;gQ}Xo2x}5m-v3XBCMjDq9&*V)7U2CDCH>hG(91mbK{Y?~TXr(^AY@V6e;-X|dvS{K6;o-KV_2dK2h z0ZvLxB?0H5_H}v^6t{6yNE*4Pq*{c?h?%0EhUVUHhYiSA?V~(hh_ytqqmq_FW8vH% zLv(M?QHdd;P(72C9P2Tb$)Z~9^6M%KXxnM<&@ibsq+;%hEH8~-@reM(&*>a)<4xD` zlEs@Xi)Kd`>hRTA0L8XPFuYfnAzcw1Z2w$0p=iVvi*oD9pCgxzo0LP(X8_diHRYgJ z2GMy*bc>}FjDcHJfG%fJagMN%;z+r+X@zX~riR&a_}rzswjV~zwhcRd_txdHaX8hv zN;vN(Zx>kqedMdD`!-(}sXF4BE3L^^dEUZvxQLB1I#U&%XKRuq;BJKR zKlf+QHlfN8yh8JCT9lQmemjiIown}m+-bC{5MfjZpf_8T3RuiC1VTe9?|r;(6S6ux zfDVv?rH?tM|1G8SHu&Y$(VVetD!6k7Pkm(zha$K! zDktiL`aV%P4ic+~wxYb^lROzV7>JxZzEw&ELZxi>6%Wb#MzeV~(MkXbh$~+J`Ahbp z$a1$p+IRjA>liRh-_|>suZT(YNnTv%8bppkQDhMc59@gk-}!bZVPW zI-mAg-!2AHLtx;|@gUABQJrI|gG1H9xH~0ctwZ!h41cx~{i#H-P^pnQ$xBfpM)oY7 zeUsd?sSv8%BBVxDTy(7`d{V_*{J2Y-oS2_s9)S-AC-#$oxI_)=8%b7nAS!|}7wiAo z7Vyxnz{NwX=FQ5ZbV!4mJo7R~z_|<=SoX?ze-H>@nOm1PxcG+$?$!B`7zSS zEfNQ#PKgF1>C1)yFcJn2?KMJRdyx7&4Ni11B*??EH1L{HEIO*d4c}U@fB3iEtt2l@ z`|!41r1!8IwR8tHCNUT*0SLxYWh5oxrUs%XWs3<0WQP%#twv-65u$50ku!uR4H857wYzV&A4j%|RTV@Xe?`YykI5!~RSdR_fbH2Gr(Mey z-_}(buyx6yw8V8cSqwOq;%^Gpv(c+luui`o%c#vaXEWa!lW))kvQn)v(a6<$q`SrVY?}jgA-yy`E z$8qB;P(VxY&s*iYAQTFSWy#6~7+rb#Q$q-E>$YwA=c}u5fxr=G;Vv#>vX9CcpbN#A zRH0qW0pFq|AppnUcMog6D0yx21}fx;w3jXUl{xevWAQvee$lsU@%aBeBQvRzK!Oe%b6+y-8n9WWe<73bUn2JstPAQOOx7P9;DlPE|5U43^W zTkxX4hYU$OkTX}YR)&t$O4WxJ($l8khM6S(YBojbBDUYPDH890D zUh(pP_0^-#2aB^N9Om258^0fM*cjt#k)lJ7b`+LCIm*32oZUT6&;PAFpQtKgbpQ31biB$&NrFp!CmlBRZG|(@B2%3K(2kSns zjnW^3+sCSDh1;D~hA8>|MQ#p$D!oIplpa-xW$wq#Kcgt`Ce21m>1xQV3DO9ylFuFu z$!l6#MJO=AWs6oIbi=*dv1DFfHo2LaWNlhX(}|4K)PEqX_^K&YAx?0EhF57aTi=jN zI{dfLFiP!h+{R-J58HhO6cHx_k&Et!UEB0?^$7(pjJ|m4haWo=GyLX*c6kTvK39{0 z&@W@U=kaO*{)$siTFwUzd|uv9oQf|hBQ#*VT)4t{HvxTu6HywuH;LqW94V^v&l-!d z8Vbi1TLp0U&)>Hx_6|NM3)_WUxLt0wtd(n`J+8XqBw5_la5B=-{S^lM)xjjRD)k4^ zq%|JF^zyHj79&@f#Lc8>ct>GPv6mu|5(6*fm3@6cIjR!S99bY3Jn8^4-w7XHO}7g} z1y7B0(-@-XOZkWJ3!8y!%t=3chf9uDT`-E~KDkgsMpLtj`j#9Zzf`2H{lDHaI0zBp zDW+uHeu9&7z6XmMVZf;S%cj5n)?3UWh=zNiF|^~3q5u%_{;1&J{Ux+_oGQACNstve zHUT3%80xSgqw(>tUTtoU_;X=~w_ahgNp(&e&U^XI&2iakqPz=2pv&qj0>I79JII?7d0cm^VYxo@YP7+gpNH zioGEtAPdL8)tFR&{;QCcdjS5~a*6bwKefq$_|wEFc3JmK7ea{Spk;IOeR00&V@I*v zqcsKba$_k@AzXt7FKVv)x-h*0q>FRnXZapVkCw$~jHHd9{GNE-zU3&4C6si$4QJ+p zO=9l*3W8ofkRSTyT6eE9nLpd>vcsB0IIFMy%F4t-qKiIy55Bgdpg)mHLLOJxQ`9q%=cd45zg+teQHXt6FXUV=A%uyh85?mAQaht4v!a}wv z?n~daVSRIIyueep}ZlZMO+h#Q;U` zs`#%ZYK3+qqv85IgZv=e#9C_!|G^zx5nk-3R{`)MRfCSSJ@&vLckUITa$XfP(?SB zx!$fFh^Y(O>sWi0R`^ihPeNq?T>!AKt{;U-nSMK@#v3y-kMx?WQ<^X8Y5+<<>L;=RmNjY&?mGJHC9h zw9j9oi5PcTT>)aIER8i2>#Iu|4vyKqlB!3`GcwV{pC0rckKd-EHe{i$x6ye4eK#ff zA*J3OL^K1ikKb#*LSqEZ(4p0H|9nb|8Nw)>vH6DvhND^G%Oz`BaKpO~CF>BYJEJ`q zp!3$rumB^lTBlV(r`{ah{wHC7gym38ak8Av@bYu(uIYy&vVHUWs2V}w>0PpI)%CNJ z$w}|a`aQZ{LF0FbyK$4R%sU<8s@dxIBms9*rFc%ouur{9jW6DTfY?zw^hx!vc#?BX zWA0TqWZ$6`Dy0=UFLc)-PYuDptkL#!!&w3JVGY*QL{7tsU}0v|Ekr$zf*`=DH~U5d zspI%Gq{o7beX6PD!WX-Cd2v@=mo&NutR~QM&R)wE%kvH&h4RuOtQJd-fb6>hRIm2{ z2u-@Mcoasf`ZbA_)QjnTZN;1?&wGQ)iI;<8N^MoS5H-yi79VX0DVrw5bN{FOUt2>2 z(H^gB$966!xg-(BRjUZr6>gJbKu=eGA2@PP1o27kVTUCok1lAZcoR+j_}=m%?#=#q z&(9YAbc^PjTI#{@s@xeP<|Y3e7Cm{=Uxz-;DT9&bbQJK}HH-NT-%MB|b1nSh6>01AoN&79;t!%^XWf@`Z-0Wt=gr(;wRa%QJluzO**~fC~m~Ort;3B!WADd!h zjG*-c9E(V+Ij?q^+*&0_L0FJLyLEn=KdDvyzIapr9@X`=a6$=w%_-}k<#Y7#kSNuY zdXLYaVG@2{!5Dr0WY7-x^<@-n=Z4sT6*{-s$poOWU&N5E4YrE_kbxD(TKp;~Nd%HU zx6bh*ZgMzZAnk8D^)F`@)l#>ODF8yEzGLmF&=VAlgJ__AI$b1L3x>q zkj^w2O3WMEj^FFW)+16{d z#CIF_-;4f(JNvl@SDEAJj-Pj%Cw3#YQW1q=RO^F>RESe4Ht7htp4U{=gRX+Ma{_-u zm$Kl17Cp?5=0$XSPI9F4$M$M`*`KaOCk9isB;_L7J(_U|Yl!*N>4KNjgP(DR^+(7) zlR60P@>qA!!p-JH+u0-S5c5k&<@k^OX3*3?5{I;_NOnHGh2O|N7!z$DC%yM;Wm?K^ zIFn_Q9W7D*OyiFdoKmTm598md)~U_rFYS{p#5?I=#lmi4sCwJ08FiuhzMssp70&pm zM-%qkf+0~40`@kpb*UDFsU8xLn#u`emn|UX|&eg4*SFC=#)L$ z*|(U~UdL~o2C3m=ft9v#iS3#8yU}s~F1K6U_tVkI$Oe24HNv8fGw@N{uAf}m{xIOF zS&Gb}3^-1N*C%;{iYV92eRl8BAu-#uA)O4qjup|Oi$dPVp&JEr!r|!l(M9q7g;~se zjDF~K5&2CAX48m+t>}!Ih0%cu9Hj@w;~$tr=mwUZq%e{-1rz$9K*)4 zxtP#+NcgB$G?yTXzQQdLQEeA~c5+X9eqRKuEIH*rOKiyOqqmX(JnD)eDvN*kHx;zZ zl(@JRVh9}-@g8-VXS%Q**}zE!p5pEf#RJMPBZ??GWs_z-Ww+K%o*kExF7Jl>hfu0) zzOq6=-&rB2-tv}A0baBcLyEk0Z%z^jR}xhr>rqn96!_15&C2(ExIu9n3$8!341dcH zw#7!cJ$A~(g{;Z{@?Nbbl0IFcyOQy1fC3%_C5bqUl3LH(C4cKOI(n-|^_NQu#tC)4 z);;}zDUude+}2C@jreE%T#kf63J3z;lZ}`y<%^h1RWz5Kk<6E>$yHl@q-=`d51E%m z%DYr9tT`E#JsvoDJ?H*G4gT2W-_*{otwyR8RbirBhs!{=sfqM7)0yy}(tB->ha`^2 zy~gQ_1DCp5Ak8QjJ&*R)W3|$rxQE>=bVY9jZkT(7bk$HeK9L4nx$so;KP3JNQ-V8j z;*H^rl&bU)Ds^OXbg=Dc9zN^wd_kK3W*S@leC%#(w)zd&f=7y)AS9!$7#1aGuhG<} zP|pov?ZqgVxDi;QVffhdx)NoDYl0K+^6=l?>(DA)&Cs>gltQA}SXGPr7?0Fw*GgfzOBzq zmvFnjMMg2Bh2|8fni}v4xqe@harqQuD2*hwN6%u?zIJAoG2&wG218?1$PyaX?3e}u z?!qu$>r=&MY)iq-*4Vl1K^AZ?3a_@H)DlvOd1-7f)hIRI35v47@6FuySri0+<9$ra@B77x2oYv*g&tXbq`RTh?)?Ckj`+||>s=&4nFbDOsx@J%j9-T_ zD5oxbYn{Fyh#yZhASAV{iT_H#;-Qir?=siaYr`{6oQ8Eazg#0Xv)X$XOpM1R}!Io79H{(1j31hFz@L&flvpm>~v>Bx+JUtZu! zIm0GFjY#2GO?eET#39#X67}=22ROsbWg>|Y1h2`MpTn+i!Nzw2bfMERnf5O+o#`EN zI_G8`sUh1?k=QM2#=FB>NZOF6n);)~N1U7bHaCEf3d>UB1ne-wBrZkHGiuRgP;3VcY z0O#RvUV2@9-^+ooujt*G`{jnfI&y{QV&LCV?7XZ&?!yV&duw$K-)|%WjTo~y{9V9B zyakq(8G{vtO{Sy|w|=Q`JdqgE)`u6wI~H5n*&KA2T34=<)9<$J-aPQmnGld$Y_8_! zW)@I>qF7WDXGYE}Pt-7s-Q{?CI*IRt(&8C8-`NS)3Fzs@jg_~oOzAe5j6?Bc{U@7r zhv8J7Q0_!zKM{PDlAxkfkUf{4zvN3GEjHB;nEEp=Gus;_Ta#0682Wo1M*k1<0)AuW z$|Qo3^SumviZ6WU+f@^5d4a_n&syzz<^aM$tfHvg(}f@Vu3=FJLlE2JBE|Afg?AnD zz4gh#wdh73(L~=-VGHYoU|s+OtT!9YB1o7 znpzg8=Eoqo@A80aq^06;@Wf{picp+ao_v*|e=n*yYYe$rTU)SF(#@m=;BI0WOf z(e=$0L401IDg8Q&Yc70yKejX7^6+IIGNT?zuKd@#8385qyTZzGQfZaXM;qB7kR$eu zy^uR>c~ouU>+G=*>%L30KVPV=w+8s&?SO|Flhx1oS@_edDuWUx|7Eq0)?wv_s%7nb z1*iF0R>;vBlHXP0CJ6dW6tG~PJ9v|r8-?9+&MuT?y`?;QNx7IgLqaNgqOJW_G|9|# zSZ+-zH?i11?PxBJG0=yq&jtQl&yc4;DsgB&OZu|!SKSsZ$B0^%F{Qn<^J}a7WFZ67 z`Q%{IZsqA{b0&4|a{ZPbViPd>q$16W6UkQ@Jb`eo^KImQY4glit^L>BrxrSQHrDXV zzKF(rAXuYs8fcMYFG=m;?d$DIehX(N&JUS6z~~7+755?FjE0;I3-r)s035%FxrA{j z%_eOfAw5Q;aOM`+#H{PAS7PE7>RvaLO75nkq;0h}Rvuz0C=-?30x0r>(o{@&gvC^D z7VKvB#qnI`Kno_vb_+RffeY;EA@UUYYw@}WE4sygp0*OCvPX)b&gS$9XZUva5~79e z4g6WshuOv5phe#QIo{taE-V{NW%iAPTdG@bJ}mm46GbkD%U>k!t45- z9#;%`>A^59WqS3h3L4QY8yda_w3*?1UTd_OFbw9ZbbcqNwim~hyY7vg!L%xtEG06i zrewf>L)K+wlNGO#%%;m7Ll-%Jhz8WxnXksnG}@)B6^7yVP@5)_ucH>Y;TAJl!T`T< zut-e*Vov#bUybA(%ksho5;A>PtMEMwP1c&k~c)ox5~a;I?h z5G&aOR&0^bY5emqF-A=dH%DQbfJv!F{Ktx*kli^MLiGJy{WkOB5B`O#*;BD7$)xzp z=~kmp=Xh8Jj1;HCF!{E|>7_F|UuSCClc39qw>I>JKmDhP*=Pj5w}-9jvCV12ht;Ad zZi5R@XTJ#BYvC*ACv>AcBcn9e5)`G0V<`aQRbO^u{JT4I+V8uvM;O)UVhr0J1iLQv z)YZ&LfUao~Y3-TQl9BObO}<^X!QLy*-v8>mZjG;A7xO?Sqy>H5wO*@HfiJQ#>(>;U ztelY*iLlR-=@GPwJ!LcQSYr9A75t8t(zfa;uYX0osvSJr-tD@JbqHxpkskXu#BOBY z8i4msF!^wUO%`;i|WHzhCrl&vC7>Is!+_m7LA zFn#swub?TNo}r=8B{!QaCp9g3(s`s#WFCzTFv0nTjqNW?z$hivD624v0dm+$Mb3?_R+8TMqH z+^0ohZw<2{FVzuyP{1&8j_FCTy`QhsKlOU%EP9&T(}O3qSCJY`7;s~b)#224RcQ74+sQ|LdP0pBD$ViqTig!nc%Pm zMKz3&M(<1E`8n*yJFdd3EzZ=HneKl&IxD|FKmBN%$X?_6>Zjg~IM1n_dma757U;Cn z{>KR)isxK`M{}kn>1`-p!cbQpYjp9Amg+IUC_P@mF-&&RiJrW+uT58k_qRJurf)N5 z#nXio4v=Q5=LmQRy+j{xa}O`c(Y`q=5uK4Q5Q)u1ZnTY)epCMJyWVccWZfnU8U<9_ zUzc>hk~?_&Moyfp%y$dK&vzo2eiM>l!*i39qO2(<&ga9^9{WmdlojSO;!w|Uh@_qH z@P7+PKr7TewL$?M;`5X_i!p9FhmiODxI1dW$AmE)Ml-r|}v~npz#Yy&H6PvmaA}l$O&Ydo#%0Qwl1>8&2xsSNNVM zf%PqNG_a_RNC6EB?UdUSY#hC~HkHG1Q4GhG`@@&niuxZ zXiSxQX)ddsZlMjw(CK9-=nx>?*sxL z1Q9x~WmhL}otQotv-^uU=c-&c437EtZjKf~;gh&18y|;@J+rhr2w+7_Pz*Y&XxuuD zEOW``Z8`b697IVY?yV5hcKQ%4r$MzHhs;nQv-xUIF3u_Sx{*w&F_&`-@zQYC6-WCo zLp$W~b@1;`hr}Oyx900Em~=%s7l=9@ab~)^@9kDn&3y1l1XR z$Y(8~xzG2!itWZrK>bVXT&9@l-~D%%#1x*_C79OSg~%-k>sobN1ocONy}BBw zTWhOU1iU=U$|tU3Zd7~i?_*@T7__dsBV|^MUw4R3<^Zn(BkfvsO#}1DejY@Sf(T#H zDGAK&>gJnJAmS1LXYufkq*997}NWj&%nb6+-Z)wS-#?eDNPN9`a!HZZqiMMyUHsM&aKwca(2 zqtH>puWkE<&o0-B$SQ!c);NQ6{3NN6b0XvW>@SU;$_;g5=j+~7lauBj3BbfNoE{*@ z)6py^QO^-m(&kP8v%nwrlDaIz&|Q#+^-!6P_P8Y`qbu7axTNKXIfp%%G+96oY8Fnb zq-+z6?H|pSz$BTMNKu3bPRXqklkRoZRO)?)hRo6h^g=L-bTEQ`+TCEk{WSh!@Fq^U zx~*eH_M~uo$E9I&R8|lPXO!f5ZDOU(AE9TdIkdw7@aTEN(u)OLT=?co!u~|E6h@uTuoBA^xRV#9g<0A1e`XkedWLwVP+32pxysytsy9K z@liZ)D56=iG^k_?-lrWe!*QK{mFVc5Z_wFT5lvqtnSU-b$!niBYsr;*SmYx#ok7_B^z_!k zV4xv(K%m#Dyvzt7c6FY*9CgBhqRm<-$|yax(Mr_TfEkuGgJ#9vQfB>q6Uy;`+&`7JJ%1F)*#$bHgVR%TC)oEuI|O-ntrbVZ2|ne-aw>CP`8VHp|C(b2P_m zxuxAhBeC@yOQZs+HJqGzeJs5Hfl4q}4-CQg56J*nh|!nlwRQzlws-0;MSqH)R!Q_- z|I4@MNLGHB{ON464)j^n%+Z@DQyKHRsU1IOCeC9-dg4c?usNUw-V?2@jcJ|U#^w;0 z&?(-@Hx^qsTdzSqr*#n>X^lp6M$MMV9zd?EON^a!>j2>f!j&f}G24z0qtS3p4GJBT zcQZauUj9?PYy0SEXN2b7AzNamNOTfb>00Jz|Bq9WuYC*gMS)3~PA9pakOB|HcJILc z;I?-$Rji2qYunSZ8S+Im`U-ymXM+3bIGtEZB)+Dv+{XErs9NAEZh?>$_GBKay|uA+ z(MxV>^-n|KczR=CD)d57!6-`r8@qr`gSmp~=70?^#|#^}>ig`J?vDnV~`TAX3E zyiEzi(PwHSgU9RKyIx=xvS*=d<}R?;!2(q~KCOS#T!1@P73_SZrHzgQYlMegh1xia zf-kIFhv*uwh}iNj$-A?sr4R;3iz}-_V?n4F7GWXHiBEb;A;Vkxz6rOKutnx6F1?RH z;D$6C!2x`fd6Hu-c5=C_{J5(5itLHA*d`q>C;1H?%c#|Iv(Df_a4#*S4%Ph&JJ8rb zBPxLZ@XDW^j2UQ7pgDyIjFJ+Jh_AAk7=4>Y4u(YV-S%kKT(xPtt8DwD`7m%mP4Jz! zFn@!mt?4dZ@3f*w_{*6wbcbpm`}pm3;o`ohk!J}-T?|RP@DFG#bj#{nVrmWg)`|)uAIyR2AWN7R zl#_s8y`4+j1fmvp06a~s%{#P3RROdW$wKAA>z{V@P_-q%i!e_o^V{M-t?hJyv|zLr z?W8(^;7=Kk8u~R(yIQ%q2mK#wY3;Eql|>Ke$7uC~lje8;tQ5LmZV5sjxKYNiptXJn zztIsZY5q9@H|1Y9>w`Ltts|k0Fjcm{wD4cqZbXl+KDN#){m2dw^BoTPrT>q}V2hR7 zdO=tc5d;xLr^{z3Nf})5Ixi97{x-50AFfqOJ~)4Cqrq;oD93x&CZNpylX9+dS<)zG zE(eZOhS2ibSfgh-)aAjN)DtN-0jh1ZcT@lxvGINc)Rl|C`d?>HX+zxJ%Rq}~m<`Q+ zJ=XNE=9122uX=%_Vtf0PAVuJmE+7E^lfyoM?y7&jCMH=Ted07ZEGC|{cA&y?SXxdI zvnmp|&_bnO_3iNqb~_T)ou5N&-(}j~SjL>HNm(o~s`N9_UL)YvEsZThY_BARlwIvB@wX92jhIZpvg5dz!X_J(TULAJAw4; zMnMICYofInAs-2J5Rs6VK`I^SM=^OD#foHzMK44k%*bEc8x2;UMMQo@!4_`sOb(WF zt69BN_~A|J14vK1f;5Yz3=D7jYiU>bVZ9s5^7Lq%adzW}I8Z7IebIROkkRlS$eF>D z9W?@`1qdY*D2A1r6SYF~^t`Rx^GtegrCd497@)wjF6QLYx};>!Ov#IPD0rwI-nmgV&{$tER}t(tkp*xVqxANH4odHFHBWa<*Kvp>Lr_}r60`ly^W}Z zHsxRnp={<4_wvx1naUi$+e_OK?I-%9g~qlqv2q6{N%rbQc*??kw}_b5Hbf(Rg~)(6 z@z$0?*d#@vT$0E?LNSU%FoxV6mHY67Qi#FAa6yKDQ6oM2Fq;I~Jif}JElW5eFLR0= z!p>tQZLN|_JH^5~G}?Y<-1g4adK)!1xuUe(IMoEU;QVSW11?=-tMV1{IE^V07$oyx znWJY&4Q!<_a7VO%+u)Mpz9&tiYVls`nU4d1Y|_b?6*f75?FAF-D?xAh2d7iEh}Evy zFO3;;j)r)9+A;_EsJX)JFy;{33!F7j%u_FgI{5-8ci@Lz+!Sz84jLb)igNT@hle(9 z?=#Zcv8O~U4glqSjDxqLz8S{qB-9}|nG=r7oDeUm66C{4PSs+0zL zets3@-GqQ;JnD0Pk>12fIw|)K#{jk!eJ`;B26z{F5Hmtx5pyocBR?;ll`3== zzrzPHGNk)bWEScF@&X)Th>l58xzQ56ec?zyAo7!7{#CH`-bb)bl&rLO9le!-R_d^| zoL-Ln^Zp8{9R2;W4%f*$+r_*1p5g{?m|k`*Y^*s;YuTg#cMZK3c*1~xdR8AJRR?-= zwHABc-kMK1eicwTo+RA21#X2);h^5K1IDlSJx6E%FnpC(AA+BW+A!TBbt+wsK?}BP z(6M|G5n`p=x=SRZ?|LxcdnC3n_#5J`f{RjR47(mecZP!5!p_K4>g1@+18OzqVJc8C z0pZ$auw}s~`bbT(fj;bO(%`kRj@@DNPJ8h4&dMEu8t?($5vInm`!RRO$<4&iJ4Ii3 zCc@VgMI}~*wny6-!}hTbB={ky8u}AcTl*z*s!BZ#LV^p?!LNY-x9xQ)D)VJJqWb&= z_Qd5|>s05xEf-6wil5>2YlTK{;M?t|gT#ur%xb9*%{)pxSA0(?&BT=R>8mJaKdhCC zgtc*SFPTuJ24GZ{jDqGxySYVeO%1Mmx;4C}0TI!Om@#6OV2KV4W2qh`R;S?QLGKPs zDbdD-9MOY+%6eAfQ_5{18CNpah_vtlW2T#cz?`ZRZl~AmPtz#{lRLE7LB^;z(eOt- zY|X@?i3w7|s{VMTvb&07IqpSke)}?nEbV+h3cak_w-;rEIlL4tKgdhT_hC8Sx;^|% z>`>GM+<8Ql>>u11LdUmls8wPA;2FFShzq`u=Dr$Ir$J%_SGDQ5g9C;jkRdB2%@(f(gyM?O1RGIAo401Q7dug9hYp&>)$I`6_>c(e;8`17fvQ zWg+C^`hnjQjOl#h)L@5!@DngUCQ0 zTSlBV$4%s&lgB{j=%X)8Rsj^jndSnm$mR|ycVgT^HC#YZE=Pd%nw!|DgD+V?p*;qW z^LaW%V1`%X)^y?UsXqClr@Hu(lSvawXeHaUC>GujEOKZGFLMlMZ^u(;Y(oPF6pEKN zu2h6EbKKc2z&3YZCq!Mm`V80BXZL7Wbp$>095A|e$a!3L7Iad{Nz34TSlM zN&qGO{zy#-dMu^X&V``o%na`KoQZO915vTYPmtusy+oguf)~H8s67jn^jxB%jB*Ds z%Bs=GW5=G*<9mLab#rC%S$VwiAE|3285+w6m8;0yY7NAk?Jg=Vk@hYrKsS&{%K8u# zBPu;3lz*(UAcJxoYK(wRp3D7GQ129JNh~&4VsgS8FubXac&m^$53_l;PT*i8Ph6K2 zt1h+9u__5>AtLI+Uj@18=a7Lt2dP(dkQd4!!+hf5U8#tNDL+XYSMZW&-xzp^f(R$T zs(4)zTI<9)rXu>M)7h}rb~ZG%PxCp~AuFupskugv0O@XoIk%c;9~h)$<^}MsL2A~4 zxuO1HqxYUQDYV2P<|z4grP!mb09w_+*^YKFmR9hc&~T1U}1(V5NUD%Qu_@dBOpV(UVZ(W>>Q z+$Gv4E>pYW$7IGlk>(2Rv=eK5TpW{E1V*s~MhIy846NCi>~l9S((;&%&T5N^R!ZAj z0iD;q)!)|@G%Q66V#v0@kQ?b~>XP_Gq}^uqsp_iJE=dN6WI`8HoyRs?kGxxfVBx`F zI9T^Ub|$PNzzy+CE2{J}2oQrgh5FHr$H?UKONj6ft1eE=5zk$wej}Y)T8H_clvMX? z#KVX~e$ZMd@QVPV_es3_9yTtl0PPBk;1>B#6Pd0=45SVWg z>8w8*u6mdMLeA||t(68%<1Ji}sEaQ?3jNK44wGfMZcEY=bwh%TVzw_{82JwLBtm|x zhQjFx&tJ(Hbil@fq=d@pPL*)8DxJ7wMunYxL5iTLiV*&El(yb-|_9`eNL) zkRhawdk974J7{l$OVI}orRBAI_ntV%)?S5hr$BUvVQ8rkiK7+MDtH=(rmI#s=oWjOMt>DsDNC2EAlGC0+d5Ir zCTK%`&oY-0V*BJHuvGoW#y3mjXR_Tz6fA+s>P1jcX?MRPSHt1m1nvlFV53r2S}C!B zqwW(~jTQHyUn?ko@{s@1u+>)s_2DAfc35 z_U1*FNFL6W(9kSiNC(y_7zdWm*;Pu6nrSDpW#YIc`>kQBcz=H3LWNRthYE`{65Pxw z2t6C=d1?Ar?QSJp`2*ED7^qbeAv=g@QdVa)dO5o|tQ=fP>{R60B(rmB1z->}LD0o+ z_&_kQxer8lu7DCO{yC=vRJc|B9M(bITx*tY zGLzl4Kbp+W9rFe4q->(waC(Lk~!E_I7w(8EJlWWrVA}gP~1Kv@(gIhs)sad z<=6GMOuhQKeXxHd=QM8TsLdOBzzD|SzsYk)4>OSZ@Oz>;a0Z+PK#x3Q^Iv*XW{KCS zvfjKMOTMt?Jl&m@#vp$SRd~s>o`-%I#?zngGeUcNG}w{M0Yh@~lvm*7v)1gbuvBBA zpxSKZq}t%9tlDTFtGRUnKP3~wX{VtXKJI?M>lTO`Y#fZA{DaRqzd-zylQ`fsLaDWf zBit!K#jx*T8Ekk7r&z+Ag~?ynlB`ri<&yL7OBoJ3jc89FfRqPibK^c0-|^zZe}Snt zWa7T(--9Fn>R3$m3n|jy7=$l}mFx?MeYJ|{|I^gxmH*W@Mu7#Smhnc~g~wVag7mgh zWq&zQW%h`L_|y#5QA26DUQ2qmlAS}qWWhhsF}y7TVj{|asZfsO=H$SZQ9=h;btNcY z%si@HxP-;8SV#WDd%>ivMM=PkOw4b2V)^>6-*L;%a$@{ftsFXC@(E!!WXhyuo97J>4#Bxb%A_~A z=J0x@d=}uDF5HCQ&-Oji9LrDe)0e$rH-!eEV%M!gQ}Ch{wyN^1Mz$tpl(Fr`U(w8* zwN>>Is17htZVmA|be(bzjfN*C{Vj>`Z&`H$_#E2P^jjyc#B;g-bVz(RdgI6sHsU%3 zireSU`qpo8PPs~m?HZ{paR<$bKk(>fQ~w8?V~sB*hXCmj#2z3kk_6B>%j={;*b`;f zK{h{vdO$uODv)eMB|m+={yzb1I*3tT#Qzh&3&N|9 z_y3L`Ul){X!v8xc`M*Ql=Nq4O6AaJ@!u)sm;T`_x2VYOpuCJ_BqAr2~IuY1^2Vb;3 zf&PESKP26+Qz=dtQVso|=^%a?sX?~?XEKoADNP@WV|{gxk7j)tu;(92o^ZFIoTZ$}kPO3Z%Scev&8J7I;aI-x@ug z31Z<~xt=aq>Ak<)>&+HQJ+$lf2IVM~CFRKF3Fn9>?xC!XCNO(NDfF_P!i!_aEouMn zU$J%bs#y(@u6w@pk3!1ut#CLTP0^Fi`OS%J)O6YNtw@e@*lfIAO>kTWh3=9EV=-9- z3`AmMayMA5;x(K)_K5lS7RUAqYoQSdcoP^->Za4V zM#UP9QQP*50Ijd(N9vsf;|HqfxN=2cu>IDwKUWH3sU!xkOBl+NCqLTguFz-*THJJD zh!@DS84P@XeF$tgUkO4a4oVg^ftD}nZFajqp|f6F%~7sM+rA>q%n>c<`2lyd$#aK4 zMXLgbENwksI-k>m24?p8@m`pO$z+~D#>YqSYol$W5|`skGwOJ9VJudVMV0;4T&gv( z!C*AiJz8&70lZUco9bI3f*AP&>44W7k2f?NIL!Qq3m~#dyS-(5YFi-f5ptU2^{h6Z z-%6G8lmIm;n)`)yu0&yQh3g+zo>^_-_85amp!qzMH~Y!GzuCgO-!pWN(Rt)|mES0AtV0dD#Ta76p$fqlF+2m-y|*VwHTM?Z zGO1Lqmo@uIH00SiTOi~btJQ|9L!Ni0a_x4qw=0oNXsuQ!sq-ClZd$b(#x>{5cfH^g zpX~QHC&Ul5f*BU@{HxkN3yQ5)crO9!BrA=^pvHlA>@-Fz95_5fdQ#+klgTXMHxGW4 zs!;v$j}3SHfMjhKQbwC;O**`~Vdz0-%O%X_29P!TgE3g-{4}$rs;`b}COxOKCCr)G zSu48)$4xSs4?50|C550ve|1%*dcAUuR_;2h)d2`MKxR0P;I~qEdeLaK&Rpo8%{jf! zj3`!0bZ8M0gzI^%uUyxSD>$Ssv37sASOmaMa^CYFO;u-}W3Dz{LU_JB`~d>@yLg5I z4o+UK{XYQ3Ksvu?Px$b|so|}+-U-W>t&qfBBh;>4$0YCCBHF$$d)<`d1;f8_+43$le|>~ z=YjCgdmqr5`PT4@U;d}c2nTPBvw92`Bs0}pt5&VhO#SNAsgw5iwD2!K`$_oQ-|h)_ z{_!v2U;pi=lH}{=iX*G182^+yK?impxDg{qgik*H)QkxrmMo@>^%;8hNjUHPbBnQ? z1*^*8!|>swsUL?5AAUw?(4c`8 z^)^%M;Th$>`qgX0MyaJUGBzrIeG`sQ<O|7pmpB*k}40zbE zVMA!$x|NMLj1oltl1nd=bbiiJ{XmLGjsE*T++ln9-|xOBeDu*YeQvCL32rDrz3iR+ z`}Yl3Uvrf)Iyc{ZQ~39P{eR*0*WL)1U0!m1Gk{b6lu=-rWP+w?!Sw3W%d7@LIx3I) z8te%ZCfPG45YNjhefsHiJ6}3ZDkvW`IL(t!I?+JN3pUhu2M->wa+IZS5cjDceiG)+ zotKoC3aBj7#EFwbh87pZoO3haLqme3E_SOdK#FZf43r55P%)$WJ$T61!NIUkM}N&* zGz*VE{#3vaihYO;yQGuDLR-n2ObA6`+689PlqnyE-~9S_VU;A%maSTt>YlneVk04- zaE6W)&N(ndm(M)Inj2UUMA+*NXg}j~(`HSK*?8gkm%<&t`F&uYB;~YUJMQY$s~5(M zxyFuF!8i38o+a77^3v-@IH{u~@jOn#)Z|GYngB`LB($wqs9$pF#l|<$exhpM9-esY z$#B!nH<;Fvyf7f`q`_?7ym_dV$>5N;cI{eL$BfTrhQ}U#Tt^tY?O5W5uU!|OdFF+% zX3ZLkmkKQ_6A7KU2I8veoaWS1PYKgL`83q8U(Xg6TVR>(r7!QqT6rgAxKz8lXOBpZwFEcZCZsIM=kQsGq%k?>lYsEG<1PjJfWbaL?cG zH7$WLQfiMQ*M}Z@)YSRy+b72jlqrtn1R7h3r=NUIXWGpT4~!!)p;o`{`mY);$m`=f zd-iOzml`~HP!<^c4pRd&aQ=no8eyjoOP4MSA5NJnhN)$k{^<;Q2AI$^ ztXsD}eB+jzjQ)6D-btT-zA*Ia)x)IutiFhep&u|b5PBqa(#a>EBzv%JVaAM^p_*s| zhK3{zsRs=n5a!OA7eph5ser$7`IokLF>Vyd4iQUNnjcs5Vx zJqzZ4UWl5DRs^`1WH1!T`FA3*V^osXDJ}Hu*`r7epxS0)z47K)S(Wdx3F4EeNEPQ% z*eB$Q6)VHL@4Rp7ph(Q~Kv?`KVn7&RjbQ1H^fhkmxN?sZU*|~8k4p86#7$yPwX@>Q zTSCv?J;G0Av~~75XGu-mDr^6tZ1xvraa-%xzhAiJmYc)B{PebPk__Td%Oja)sp9n+ zW7-ein-C^VnnbZ26ZMlWyzl~PD7%<+4>4y?tRok&#fz5&)cB;L5~OmM;R!dYjZDGl+EquQekeOoInF~)q^6J6lA0!9ao?PlS0_Ut)kFo$-6vbAJn z=qWwDqa^s{=0W7oO7gwT2zqL#`fI|#)g6%fgTw@^S*wOk4s#U~l1n4`gj=|9QJ6D( zt}zzC!dWwCO$XRUQ%6C|_~O8ojtS@A3tCUiA2IM{zyRyR z*9hwc50_`2eoh8lQp4&u_Js1BP_-{zyiEI7tt?`W)Ce(#FuR+W?|0tc?CS?E#BucrQ67^FT0^3)w8zUw|8d(wZDtZo{ zaTgo==38O>2NSHgx0_R4`F-}#8Ww<~PY$1cgcJ10`6~mKY*UnukS2}a1ObNOV zFy~W4be4`029tvYQ%`5=pL{YsEM2zjD5Pg$ssug&4{7qGDTx|LpLvG53WJD&1N+#sFNfIXkY`84PKXcrbQUSjZ( zx1h=U_vy4x!;8$V9)+4 zPWVf*Zs07A`m@(@tnbBzpPbq`R^2(3;aO2qZguALyeRFIc3IZSUTw;4L~PR2)6CYy zi8tz6nD57B`HUKuyhX)harVz)!R}|7_7(OQo&o>P9lOE>7oKn0MFwDWa$sFMU_7=Qu z|Cb-jb?xY2V+5K>liD3ic#`ALzLdb9!i{V(0^%KP-@d(!;0Bs%8^kj(4HT4RvfM7# z%cy~TK52`w`7cxjG2gp)Ul!thfKNQ>gfHYR@ByM=K^iCZ^cSU(4IWe^_h5X}0mio^*=j`z7U;lTOZBc&f_w{hz zdFLqhd2f?;k&MAJ#BcSQHFnGap`;zppBKpFp?xCXJ@W8lre%RRvu=6MSijL2h{1yg zS~W!d%q`)Cgpd5@&6})bI%G}w14jt&B(~euxyTdtl_6g zOVFc7j{-9$xxsa;=VfN)o(h;FfapULCQQ~(3}7+{5OY)~XPrGdwMemk_V#hrK;7=q z-IyFiYr;~oLx&F5rZ1er005^*d7q#}C|WN|OAJZQJFoZy>Cg@v5=;Z`a`cnr&*>kZ z^P4y$a-!yCD33L8aU|eF`Y~2LvqI`F2#k5bLEYKUvcLfnK~4#Hc#(%W2^?%V%!$pL zH<^275;{|Hu%#|Ut%e5#k)c}10v1URNyhO*T}9~&8w7QvCSXtCOP>1g-VS3%@zeVg)JW#iSq7AfU5qEJAQ8j7^3b+oF9BJL3MWsqehL) zSM`pAmtK6yjH*%JGyfsx*g*B`-}?)}V{)swSFfH{4h`zrnY5>h);D!wyp0_cY54GA zvWQ<4@Ifc?CW0w*pEPskEcySh(LCvA-%I09xgh915M8@=2|eX1uw?NPbFE+zL0kzm zGeibyoYOFgJb!T`=(Epeh|AiL<*UeKWfL7DM#Co{{+tC(l%*cHWHwbcMCV2uOG+O% z_8oK4E6%vTj;EP3X37t8hWgaZ77DPi$kVh?z%L;ko#5owFRyE{#^t$Zo;UjjC+xi6 zaN~7mW8nF6t0%YTUJh50XQ^MVeI$s*dGc@N%+B-VR!45ny&O2_Yz~zw@l!$K|I&lfBVn-yJ(JpM{;pEA4%uL-9=K(-hC75ksLO!B%@ z%N*-78x!hYckiTrTxAGe(YCGBhk}K~a}v?7*kqEI)Vhvv$~1uDSLaTa%tQ zC!EkHe#iLv>T9kDfBEy>=Dr4@-l9E(eSouff`*Zp=gg7MwZ?GUBbwa5|Hr@DevjeY zGL zv(G*=<^$h}3 zBwL6ybCatRNz934p|ZI_;F-(GB_Fi0V8Q36rfu7HY`E~E3k*-bY2;^tJN&%c`KZqI z@NWh8D_5)z*Nj1Q)xo9@=D$=^Mhlk zH(wtsb*|24)i#?WaSTY=`#?F8!#ij8JjL*S!!F?%K4O^QNG=}9Ud{@YlRs!1JfX>0 zA~p7`nX^shen5KzQW^}-qmMimzW4p_9McfY>ne+P_8#_ul1xPzOW_`VgdhI+`^F%6-u&PLuO^t{ z|NZ@)7L)y~v(D5#7d=fIRkv~8+X*TTX@i$t$#*_wavUEG5khqKN)D?d#Y zTb{gEb+I**|B4`Z9Xlq${24exGO~e8m@v^et?YxD|C;m8Id9%PQ=OnnVbWC9L_oDV zR15~2IM0fd=!+)Vi6@?5>N+Gv>z|%M9NvBVJ*j6_*|Q?Il?mvl)23VKN;Y%rlQ9ol z<$iavNseqv5P@SQ$2lt6lTSIxm;g9faD{~@k~PWm9jm_7-+_yANPI+DYTLH8-8GD= zmYCD?<}EO(lstvO3k#Zr9RZRRF#ENK{rdHhgq5hrQelUqe^)Mkzm*#BuDk9wcO_ha zU}#XGv!MeE#BPTSj$l0SOXZz@5PeFd-TDOqqaQGgcZu64mNfMjyg!ooMNFxWKJX%* z0WLozW3JY(4}bZ~-@^U>e8}2>8G=FeO%tXL_4sbVk{2$0Opr$I)+G~n|Lq@Pllpd~ zzNAeyGy1|@hG?MqVUANCMuz|w@4I!e)c&y29Y%zVYp%X3 zG-}w$m?io}ADRDi#O%HN(klj6>ij7+Kyzq_b%U!fiSdD1U%q06!JI?(a`g!2>14Uq zaYV#?2G79HIrbBeKWT2wJ}wS;GS|51Wk-1M!G}!{^E|9mj%+W#@={|MJg=9{?cK`* z!}T{@XA$iF_2>W3)*e3e7#KQ3>-$Tu-o3&_7hNdfqqolfpB3}FOhIzKXNRMBV3E_O=~{FTRUK(A=clQLjw@R;2ge{q_&0`fJ^$RTk3$ zQ_3xRoFPJd+3- z4@Uv(*Ke>5*q3T6#Sve%YK_6TaN$C0BmaHR3DS~(1|H}SSD0RZ!x&@MI7cNhk6`d# z(Rgx;8L6!M1H5RQ_6s&X0}pe4!Tg0fc3EIBy2ZDBDJOp%R@TUsGB!gJN7KZ2_5qma zkEVX2+up_=1+mXn9zOTn^X4_g{%U)NY#~^Gr$_)9J$lqph-@4TT_Wb*Q{9I#EJYG@xf!Fht8~Sv66NmKp3nMsf}mFk$ggMX8)N~D@e*r1`K16xJI8f%G7M0uV`%^ zQ56jwI6!v`cQvCThyraQJrYm>H4nG36}3&&#LJc}v-2r79~K8L8$?HfQ9+{OSwU0h zE}d+_Q77ZzT<}Us0ra7;i3@A!GsM;tn<a!-P<_DKmidEp@|QpV)wBRyOH6o9;N|XVB!(V6 zyW2TC=h&ut7mktkNvSw>d|}MP9nfepQUh|JjbNk2NVHF%-qJL6G)cv!6zYR%G3 z4?py%jVtG@%-K|Ylq77ab^F-iBIVjYe&;zyG*3PCO!(gSzAbo@u&n%+I`(`o%LFXo z4lN+(>A(NoA4SL$V^w3GWCMgPLp#Mr$F_mI4*z@ay|4Qz-V-5hVQZW9yLXQ+*b&18 zgTQykPeJ-f{gmU_id)nMX%Bkm?RN#+ou;*AzatM!GYs>ICk+b!^^1SEwc%wQ#)7n4 zl)UANpgR(fAW*%G8~08Yk!54~Sl6nu2@;a8FawkwQI6~>Q>Lbn5x8$$RO%~`Oyb^< zySYSj z&f>*OjDcYRQa?ux7;15ug0&>PdqSm3>eQ)|xlz9T)_W$Q;kL+}>?DHD_~n$2t165C zsx^$rLI8LT6m!ZMAmhNs0#R?Jb9^?ZM$w^s#Votlvk<+8S*U`w(+!zxD}^=HU4rdhn5AjYEDc zSaSOvZyYS~o#AGlfOE7;cj-6=!i1rwr&Pk|YutY;?RRIMx@lbyYn}^RIIf~EzzNQ| zEQb)ZoLiF?>bMVM(ZuLC*++T4XU}fkv;HkR$EIv<^Od}LC2->F6TI=d`kE_E>$ORq zF8s!xh!%@^@9lV*yy`BA-^z{3J$vT}Q z#^S|GWw7~XLAzZh`IGTNb5kW;aph&kgcB7EV$M29;*c*@9P$?pzQT-WQ9I@^a$yK+ zX6!j&AW4irYjmTSG9=%JAAZy#u|X&qOUinA#<4u45hI2hLx@%pEg*g1og*(aBEXKy z`#v#-Ff5+P!%cD!U5IZow~I#Rd_3JY0Rnz}x2~cQCkfXl8}o{00bDx%yo|$DTJJ^c zX$e5-h(Mh;XwU#V>jY73#&Bqpw1Kg~_yjB}2-BubvvUv@D~SQ2?vpfF{@p$l;~yp` z8|_)6&$J2ZcN5b#KBQxHZ!cN`$3=dccDOS#GUNvLcEBADoKXixTFrH~##Oahso*pu z3!cuMI~f5n&RH;XPPcgR5@RB=>My{DSvr5Rz6vIA10i73=QA%p<982aAVh|w3I-benuk7{koHXLOLdM`ct`8dPG|H#zU@|7;wE+<{1HO*&)6V1U6JcbP^}QnFI3DKd&pdcW)nQ{hQzVhJv;v*4E4$&U%U4O(ZSKleau4 zU}P+j!mhvJtC9fs8n|GN{-Amvt93Vi`~-Vmmi-wyYJ@Qz9B=r(2JC2b(1LyN{)F)B zU)>SzzWX17ccK}N(FY$#9|y{mc0YVBuqR%2`6YHd2oYy40%Lu}kjLZX#TQ=Ex%msm z>_gC5QxJ1viHsOIEDReq%)3!+@2UH=&+XKA8Up^ZOv$cOmJsC7Hb??7#CJz3cQvS= zZBN&kYEhEckMR!1a4-sNU~E!}I<{{}OHZ>VN@9S#P9)tEPaJFpRXeW%?xMrKl?NCdj26phS=uB8MHr#DB#;&lmw%K(H{ml-}?3~_U>cs?c`Oz z_YI?|w{*nSv>E5!vboUw;YKPp)nU?9kjU$dN?vvPZ{9xe^ytw&TzSQ1VUw6~yDn3i z@L}itljL}^FXi+PeFq0!yP|fz!mj0nh>##CFe#5c@`T0Fpg%qirPUqU1U}aJ*KfX2 zM;m*LnNO9}fr^0_tP! zy(36S-FqBw=Yk9-L>CT|Kr;|tkjg|WY?>*eiRCSZO+JBlYY`yHqE0JH-Fd-eaNC(> z6{*2TYLXt2##uDD=@H!x4m&@61Wxj;TD3a7E%!Gw?#rx`I+)~GV3WvKl;oRKFP#tD z?Rc3Br>3O3c{(a^f|cJk@Eyg73N`N`sqcXg-+$__&TUM>2a+LbGz_iso09o*(9ZTz zLjyMq1Mp$cl^?u%TSdW{x5KhMsn6=-s!M#TKVNJTRtyC@qEDHAy_H zC~4U6VPW{lVa9+WXgGd|miNGe51TreaVYIR`Fw-v`0;H&Fm$4thVk%u0rSBN%@;>C ztgl(KW`_svd)N%Ve)Y@W=&br7i)XN8$r2N)sMiH6`c%^Wa@=+5)JYeqTy4x{Dr3T$ z#<0`pyTPQni}nO5-qw2&_qvKQ7gOQP|H@A-Rl=W>O(rqsICba{1!du!IU(Mt1DELh ztsv51c5ta5$$x^>O-P0?3Os`|?W$|_x^?fKy-2ZtclAxzu3hA&H$)qK;(N(NWU``G zay9d@77wtK-h1~wV*-5PvH)=1z_Oi5eyn=((@Ad&OMHyG_RGDGdO4#birU(>Ypt66 zwl!nMOcCzHuY3Q#19oWwkb$uN%(|Lq z;1*j6&VkD!brpjO(c~-+c+fnoSiaIWf8cSr^9!44UnKFKea@LWLg;MeeeCm7hqs3f z!>77p677&bgONJ#{ByI;FOP-uyxOBIxQB3z8adK53Or*C;B7H;W}=PCtB&&W8*qao zR@|kRT&z%^ZMARgF=9y{8Piqrs378@<;%=pn(#Y}9QFL{=eJwvQS4AKm}JiI@-cz1 z11H3t^~}v++qZ8IljWgs_h0`ZH^V=M-~H}?&F~VpVQ1LA4WBP1(LdTC;l?~#8aw&` z>?CmQXWGnpej9V$HRgE%Oa)m7R$(RiQ!WWQxXm0(ixP%kEq>uX3EA9Hm7{9$LC^1a zuu+i~ELdPcOR&mi0x(f9h8rsDU=}6M3R-u5Veovu7)FTGr+xp#8C z`d)^!$oF+NmK+}>5&n$lNE%1MZ5N9M>2Vbx`0atn;xBXRXbdGdGJ+6t$hwC{JJ5N5DNdcM8@7)i=yJE1*Dgg^HVFde)TW$_N`tc8JFThxiV-Lm~%>w%l;|qc08AK9k9s!_@ zf;=%k7}&n}{7d1EU;jSbdFP+ay%qt4HoTpZ>L-05U3|$`j4^>JNu7^qyU==ZG=zZ~ z37EdDspu=UgfQn5g>w{>U?piXcuYLFNka0u3f2cbKcKjzk59WvOPLGN+=*n>UX(DS z`Ds5jkM|K*lVQV7&$3LVKWHKrFJ2<6{*O|NeBra#fy$KRbD4z-fy6z|nU><3=*|?O zy5@E&f^8(@Qpe82fj>WOEnB|aE-&zLKZctqi-el^WGC)5*c~A86ect$Fu?3__W_IoiDv~# z>FH_V+A&9~gdvQ$j&WJX0@)_e&w|Xi;)0WQ!6#$duU}ueaedo7Hn<^- zeKjLvqa7JA-sCa0y!Kd!*9g4Ivjz#S)3`~auzcx?aPPhME9lVg?aZCB-cCu3o!1SM z&xJVNp5sWXQCh-%=HAA$vcR*$QXbwDi;nUDNggl^l!W=l8)LKXwS~3Eu!cbV-MSrb z6Dp75SwAu1m>>lG_(ZNgwux!OWz&aPTy)X-b`I(JvI>^MhciUbC+em-pO8pjoP~3i z&aF;J#M$BU?-(>qp7fzf29#rQVq?%pZgDJR68$c&rpve6-10 zBLEAMEQ#3i;B>vh*0yflIbiYYfmHy#Emk_I26i zm)br|pM75Oxi}K-0|z&55|yt>)5Lqn>$ZJTYwqEP9<%wwp5$db&zI@FToZJkj7T8( zrK83&gD(Y1K_x^uz%yl3=C@6G{$mXwu0AX}&(9=;7!5ulkxGtLzBqpe2HIx>#ZUZs zskYb@n5ZnQ)vMRqd6r+{m)bUE$u~}JZf@Ae@2J30P2m;?p)Kx3=6J(}r-vl!@#802 zJ8T$h1n+XWi8(I3vM2Mq5xFu$V-^?uRo26Bn&p*J=9H#!lB=28F zhQioN#cn}+)SF#9cFRY4OH3&T=HW?Z#ul|>fAE(d0nBcdmtd^+5$U{T=G^B1PAqLhIsl4zgA(N6<;+2Cn| zh6q>S)vH(QCc)2j3D8QpdM-2LMb6Y=Ojz5@Q_3^%=nHckw@_5^*WGY!z#D>jSzLW| z!n{_oLLPeXQDe^i+}zhMZP7QrGE zu(#o*3iHm<2k;an5ex{!M#GEXrjMLS;!ei=%VblE(nMBS*dN>+Ie!HwJ`Pp11~-VY zNKz(3vr3ik4?dqz33Gq?Z>5U1qYF(8&epMMnKEf=NKZ?%?Z*~pd&msX)0SlLVg6;#8o}O;%V=mcX6JrpW zU<8`sZf7L-{A`lkK!&fg-w)21QI}uMnx8s~dz|Sb?IKN%KI=^LW#wioo4n$TH|VTu z!uSc{D;Hm6O*@QC>NnpUmx+&Lfl?Rc@Z)B}d*0%P+3Vx{zg@ewnQHfHrmABDAnF(r zeD?NzJh50ut;Z&hQCM1f2a{;2*Yoh1(74^YA8$9|A*I*S27-&tkRfs{)M8Fe-WEg( z>7PZ;Gsd@(T)J?BB&F7$TAt5d$7;C%61RKCjF~nr%okOal^}NZ!XQfjsFRm(GHi5i z+($G$V0v4O4-AiMO|mL02^Y_tu6d5+83x`nhW&2nmZ7DqKFB-&=3JE2;NHy99!T1U`s=&IKYK@0e#uSKtXhR8mRxhkC&) zj16e&aUhx#7VBJkfCPx8JaNBa)I1Nc!|_94xbg0@=`*ED zs}t(!EPd9@Ii_~Uf;TlkWk|Tr(SEb$vSt^Ij63Rf{Ip5A;l%4&ym*N&C%MZQjW+VI z;Jg=DNN97|#5nSyKF;>RI~TVc(1yc#IPD?jz;MB=&>s0Ph-2(%r>v9XV6P+~;CGOK z4V-gaP*RCDz=J2$xy%8iF{C|yclbO{d4G3!F(y3!f^)*FufB04nj-T>D((j#cqH8Z zFF)42EZm(0C5Z!v-`nsx%5y?s^CFG{%=BxozHVxH_oyK+s&MQ>UU~U7^NwH+6*l?! zPnq(e-A?HH8%z*{yQb_@zVVHl!YUmR{9bN#ty&ZB{h<8@;eSkwINF9TUAx#?Eo?Zial%VRTuh%8yW%+7w87z{LL z%|pe7vZ<6M=gh)kB4d4u-}pc8eISca1Lq!brSD4(%H;}dz#KPVD2SHAH%H2ocf`oy zhB99mj=z$6$1?zfAnyY(;1???_6^uD9x(9IJa?mtKBxc;UGh?fPEU zDhb0qE=0l@F()mdWvZlqzPQ_#!;bofiE#$erm!+jq>99tjm>i2ym<-aIS4~zdzn$Ujx-tT`0rCaft?e zAUzHncAB|&peik`{@_l6stqE*B1U>8oGXNvt&GbUxOm^Mc^(K*WovqWp1oE#`DZOe2sH^9y3LS;YK;3(pG| zTyUO!r!2Tmt;av7!r^W3jNjSh(J0gx>}>LUFU#a`HIyoNpXL?)XYF9|e&R`k!)2FU zDmY7z@c>8INRS+#_N9XT0f)>F=H(4HTo?YNqZ^kp8F!e==Oj_K*O3Mqtct|MFfP34 zAN{=W!t-_fHQUw--_cIN*y0xK^Q$1kN8OZr_SxqoxGXcKnRUosjj+P88P{i%JTL8C zBj)M1cl#x{d488Ch3s zGATS!j)c!TzUvS=5)*}mR^D7?I8!FE*n9WxVa8@G76>w^ddOe^6;Va{*_)SJLi6F;Sj;OcqHEnIS?9(FaDZpM>K+Rw8UF8$NA-4|wDaXr`e@}fU zuP3wx*_i?Vt*qW*j#6D7fdfql(qz-7P0h^@SHF^eVUGZgD??(;nQKUn7him#xvoK! zNQ^&>IQM#UyyF3CDpJ3_e=zcRvtU@6JX7>T?Xm35engeqn#}^-3??-l<3e>B? zCk)C`H3K$8kU^d@Wvcap!6W%3!8i1yOk+A+N|+=}x>JUnY((8Bh!ra9KLVYJ2j_{D zjl-ng8!ETAvPx;`X{I@05h8V9csO(BEHe&cJbV-2LYzc8 zO=9PF>YSeCE|?SSK9;ETX#>Jbzfr4E7x*9#FYq=~5(AnFqy;tt+~U&H({rlYp7|VM zb0t))S>CID`oYF~?zv}MKI*0qg-PBAo0j}J!fzI)x?(BgFg4ev#}NT|1Q$eZ!=NxD zBMGrfzjt?j?NDWe3Eza;wQFmB)^KE;->?}WQG7Ugs`*O-o=-SFeP!pE7gj%rhy+^Pz5Eym*NbW!OBV z`0hQr8MjZKyzs(pZm9o{Qy5!t&23|Y1`o7Ng!WVM@9kCOcgF?C0Di1Pf50<7$KaAg zzS4SGgO%hDIP-aX_0?Ay(}Y%#=LfW3;q`z4*~>4#dZfpiXT_ChyEIaD?W4)flt)^l z?fkY+KGqg)u4pY_)IC9%VJxq?_6mzc=Xw42?C%5_8zLc%x?qwHO0Zx)BfLHS_>-oU z^>N8wwz7P$Py`*M`$R#yPPjNpJW5Ood|5yFWSV^^AA?6oSI$xzHEw7N$@1A|JwUEG z9V{>T%3A_{CM9P^`!WN6IE-+qB;ZC0MS4A1;ZVyu^;Fa;A0J@Da(Vvz`B`8QTOFdF zC6OpkPS)*N1+snU(zUY@e;7E%5f6n03qH@vg%$b64V#QZr~O@0w{vtsa=5ZGXZw($ zfJ3f&M%vh^x-pn6&SdjU<0@XGTqJM;V~gzx!H8gZnOhk9ef-hK2BX1TE}*S=K!7{& z=_+CFR$$&T{Onyk$Ia`*OwA(q!xvZbaXZ$$FKT-*DT$UWsR{Qr<`jmj$4bBkoRoj+ z$)^>}X1!Uc^BrQ&Ucns~!-fybvnuMKF7}lxuDo1$ZJua8glp@d6+r*LajD(Lm7LRahs5%LY3K7Itn^e*h-Wn;y zAMaN6w~h$ekQEti(w zF;8{7!|%9g+qPXu@6^%C(pS{O1gK%rk}#ShR3*P9j83bNCik-ZBsL}imYG!>vFap3 z9jT~u#LHu#w^Db1v*G!(%m&N!jdfI`W^(sDa3MW%PdN+{$r;Ep1+s!R&OQWAQ3+oz zl`xthR|zw3IV!vVz6VVbty8;>o&6TJt3Ibbc>ja&;fF_#AN_e@>&>a0uSpExYAHaJ z8TV=V95{Huj@z)!AbGx=>hNcTuAVq?ih1%7cY}Qm?HYl4uxh6c`jA&${Kh=RVEBd` zuRBWRZ_JZ|`#ksTi{aBxr&~Rhbxv0}g3cu1Yy_h!h%!M&#GOq(lg zpcBS>Ael_5PHJAPs=IXQ;`6E8zWYKPF><&`b?RbPVgeJ0qjTp@7OpYthcfu!3k@Io z#D!$LL4j(0_N+Nld2O{9hKron!dY>QfU#PBJq*AFV?LmNe=AFyoRz~cz}dst5fTLph^gE1zk3;oM0IlQ=^ zKK;~lX21sFr4H)nGg0^0FFbEv_3@j})2>~+$gS>*qnIb^Kui13gO6AY4Dwba4})X% z-G8r;1l_2cdcegU_(0=N?vobj0)K517SHCBoO$NVAmZaVbm)*QDT#9BH92hQ>1h^8 z4XbNkD7>luFGU(h0pv}!S4$RDW#_(%oQ|s)op1I zZQ3&&s7`LWA`k^p10j~Qi&0L$e5%`l0sDijnC7aRGx~Y+=G*4t<4{mo$q$_Lncy<7 zzVezG+BvQYQ(tkH@y&VEs1c@>U~K^(*8YL>)!}#-HEGSJW{~ z$|sV=q)Ahb(l~LAGV6|`H&SkG@jQVyBit{8HTLX7Vrod>2zTN!U%ghwtZ7yUc?+6` z4<8mrj2dQYd-fV|$~zt$k195Nf|Fz}7PRj2oWJ0hDhIvs1%d>~r794%)bqb3i?NbDM>OVx#Hj)Xd#acI}Boqf;GAFsbno3<8o2bCPSKmsQQ0fvwGsFSF_ zwXEA=_VSx>VFW&4=2fR|ZByaHh>!}i$@*9!$vphFP@I@$&iT<@59Ik`S6SG$#){@Q~eJN7;hnH9zf@$2{PUzM>Mw z#R_*yPnC2FUUmA69}1kXSUhOg$sc zlxSsezqYZ;;Ah*`?O}+*yrRbOiIrMcdHn1Xv`w2f#&K@mw8a*{4iO35+OQ_4e`P%} zy?t=suU{V{UOXc*AD1i4U@WwlSf7jos`Z(7H zWAojI*}-@ESmW$)bKPs_>fY1B`4WY_d;2{*Ui-v^_4o#z)$+*<4?lh{`L>sd+dS!&@M+*BSs94N zwbymW`E<*R)ju&pc1nBNwQCmz`?}DoHJlWJ-qHqev(Ljkc^`luqE0Lbt4fyu01W;~ zL_t*jmoY}nv@z_VQ)*9eBY33?%GMB{i2HMx$gRF zlOx2;p|BbMMM`1LZVhGV0|Nxcq{} z4M%Ui^{x$|m+=ARI|I3S^X9-g;j!+~_VVTF-4`wH7^6pz40rzVuJFSj{Xj%5A!7Vq z9+Jb6o}O;uQ!z>e_be_Y+m5LWZ}Ze5MYvRU~?LH(%uxt%F3 zEv*1GCRtC?ZFZAnZHpy3H@i_6R`Y9hkqpFWNDpW6BECkqZeNvyP+~GCGhTGfNL#{*rBC^r-o0m&T5+0VY?tLi->4|f6#FBq z9Zyf{fwR;2%^jkOp=O@Kp3?D`+ynWbWSlK@p03HM9Co(HL+Hl~1VZSm-Tp7a=o0qX2?WfcwJRrM#?H14Kt5A2|;OM%Q0oQE9$CmKEJaD zR{e1NQnZY!I{mTRiyi|C^A?pkO{XnHK+wvwa?|1d2Q;H!&Y;LSFSB95UN`KNu0m#% zAsC}D1rMiEzkoJTIDhZ1b0>4zP&~tE@KRW{S`KG^t;oQdRb#N*qXDi(VNpfiw0V3O z9=1^LC8lo>ax6{^CIjC^_vp10KC${o7@;{2h+T(^A6)fRr%rlQs9kWV_4y^+^yLkM z6Xnvd?`75oVS7HzoOLf(jEp#!VQ%K=n?y#4&bHaRY=%z@1J7w^59QA1Fpw8TLq~$X z=hk9uf^h{Ym6u!}?QlJ9PI8p)_@+E4mym$1gR6!2WU7hp*i6QgTtSg40cSL*MMzPj zTfTS!W^}9V9=zbV5W!u5^$HQ%^KWg%b)_&r>ToA(J3-tgtCK;bXg$mh%LgXyesYMc6`9WX{Z1%e*w4(cY*8D2Ym>lb7vI3ofd-l z7+a?^jM;@Wq}B>-h{`0+8OKl#4Xv>1@jLXXy7@x(NIV;E8JXW?ldmx$p-l)ov~pDSGK32}`=$`0rMx4xQ|tLByCXA zxq!SK?!e)v2=8;WE2!+>42OqMldoe~D;QX>aXvG}@`{BzH~DL9M<47n%*XQKWzPMu zzg({kh)_IdL!;QF<~`J|gPuA;Zo4n)9(qAtG2R!9R3(V0YHSv$FFyio!$%wt0L}PEaX!&=-2V~)w5Voq8n1IUT!Ds zx5>k$8W5vqJM%hMg_@_?5$EB+Yf^ffZ$Y&UUw|%o79*?#8ZCJrB01MpKZKN1F6vVH z2N9IZHQ{wa%{Qf}wmjDdT+XV=&?mEqf7O5jDzx4|w$Al2M794Gt-nG@OJ*v(D;Qpw z?@>)5e>(otSBc1V|4BGo6~L&yTLI>eTSln5OaB!;O@p2sN_Bl+Jtc?73luJQ3R7bR zjlJN2-2PO25#%tW+(6mT^nL7kjx^v{#nD!z#cGj3okosMz%@4hV+Wd9kVF<_z)J08 zHtUlyCp7?g5Ml8OfIpy1=!!!%0465RZD($o?5=Ptuu6Wtg48)8Yg`(OlnB@m4Ii+D zdQYTtf9{VW&2^f2SV+JGWDK0_LqaOnC>ID&G_+2v{#!`3CVrlVJikkrn!e(P51%*? z>A@`7-|)55(;kDg$X%94D1>Cg!9Xzo6e$nuY+Y)-s&CW3YOz6k*r>S0xz!ypG8)OR z5=;NeKNh0mKE9mHb4a%nmCX8G`@S;%+aF?q;>5Vd_9%Tx@fQRdF)7%Sv5$dgOy2RQ zus`H|BnSJRH`PL=qJ~3$3dWl2{P7A14@|OmeV@z&Y62M4!1g6^uR0#uJmMQf(nw=T z)|bg_rfaAx*#jxj@B!UCx&+!)&Kc^pb7o@S_F}Rfbu=^vzTa!o@|fY!esW#RVQB-1 z*v#>9KesViUmNHM#A)7acUXj(hu!_al2o#Q@}-Ui<8S|{>QNWCOZ$Y8iU#dPw=D#V3*(ZZ8f=u#)CiABi^Q6C94XXwel;l}y2iK)b#=Zsg zaQ{gBTgS7Tq#7^dk0pe-ceH+9T9UG|S>$D&FM^z9LE3HrTfICDU&>$FDXOv-^Vb>` z(kECkQ^DmRDZRj&MAz~29)rHs#o#6#R!toBBW+anvZkNL$nY?nm9N8jpKh}*&`_|;+(`Y-nYR^`lU`? zVvkMx#@JFNOhXVipTr7Jx1Q6HeS8dLcbb$fFaxW8yYc#=tdMbRzoDOR$PdIZ?rrqt=cWgX?$3Bq0JkoT_LgbC!K^oRo#ubnfJ)`_Z*`ocNNK+pmUpvWd-;elq=Sn zv%ize-*c7ph`oAp3BR{cGjOlpA%D7uPa3ka(A{6u;brecW`Pvkn+s`onCe_NDExD{ue1Mujy!j<^9zAVyWVXk>puT;-u?dz c_qI>ZYy_l9G?%w&a pymisp.MISPEvent: + """ + Parse the analysis result into a MISP event. + + :param str analysis_link: the analysis link + :param dict[str, any] result: the JSON returned by the analysis client. + :rtype: pymisp.MISPEvent + :return: a MISP event + """ + misp_event = pymisp.MISPEvent() + + # Add analysis subject info + if "url" in result["analysis_subject"]: + o = pymisp.MISPObject("url") + o.add_attribute("url", result["analysis_subject"]["url"]) + else: + o = pymisp.MISPObject("file") + o.add_attribute("md5", type="md5", value=result["analysis_subject"]["md5"]) + o.add_attribute("sha1", type="sha1", value=result["analysis_subject"]["sha1"]) + o.add_attribute("sha256", type="sha256", value=result["analysis_subject"]["sha256"]) + o.add_attribute( + "mimetype", + category="Payload delivery", + type="mime-type", + value=result["analysis_subject"]["mime_type"] + ) + misp_event.add_object(o) + + # Add HTTP requests from url analyses + network_dict = result.get("report", {}).get("analysis", {}).get("network", {}) + for request in network_dict.get("requests", []): + parsed_uri = parse.urlparse(request["url"]) + o = pymisp.MISPObject(name="http-request") + o.add_attribute("host", parsed_uri.netloc) + o.add_attribute("method", "GET") + o.add_attribute("uri", request["url"]) + o.add_attribute("ip-dst", request["ip"]) + misp_event.add_object(o) + + # Add network behaviors from files + for subject in result.get("report", {}).get("analysis_subjects", []): + + # Add DNS requests + for dns_query in subject.get("dns_queries", []): + hostname = dns_query.get("hostname") + # Skip if it is an IP address + try: + if hostname == "wpad" or hostname == "localhost": + continue + # Invalid hostname, e.g., hostname: '2.2.0.10.in-addr.arpa. + if hostname[-1] == ".": + continue + _ = ipaddress.ip_address(hostname) + continue + except ValueError: + pass + + o = pymisp.MISPObject(name="domain-ip") + o.add_attribute("hostname", type="hostname", value=hostname) + for ip in dns_query.get("results", []): + o.add_attribute("ip", type="ip-dst", value=ip) + + misp_event.add_object(o) + + # Add HTTP conversations (as network connection and as http request) + for http_conversation in subject.get("http_conversations", []): + o = pymisp.MISPObject(name="network-connection") + o.add_attribute("ip-src", http_conversation["src_ip"]) + o.add_attribute("ip-dst", http_conversation["dst_ip"]) + o.add_attribute("src-port", http_conversation["src_port"]) + o.add_attribute("dst-port", http_conversation["dst_port"]) + o.add_attribute("hostname-dst", http_conversation["dst_host"]) + o.add_attribute("layer3-protocol", "IP") + o.add_attribute("layer4-protocol", "TCP") + o.add_attribute("layer7-protocol", "HTTP") + misp_event.add_object(o) + + method, path, http_version = http_conversation["url"].split(" ") + if http_conversation["dst_port"] == 80: + uri = "http://{}{}".format(http_conversation["dst_host"], path) + else: + uri = "http://{}:{}{}".format( + http_conversation["dst_host"], + http_conversation["dst_port"], + path + ) + o = pymisp.MISPObject(name="http-request") + o.add_attribute("host", http_conversation["dst_host"]) + o.add_attribute("method", method) + o.add_attribute("uri", uri) + o.add_attribute("ip-dst", http_conversation["dst_ip"]) + misp_event.add_object(o) + + # Add sandbox info like score and sandbox type + o = pymisp.MISPObject(name="sandbox-report") + sandbox_type = "saas" if tau_clients.is_task_hosted(analysis_link) else "on-premise" + o.add_attribute("score", result["score"]) + o.add_attribute("sandbox-type", sandbox_type) + o.add_attribute("{}-sandbox".format(sandbox_type), "vmware-nsx-defender") + o.add_attribute("permalink", analysis_link) + misp_event.add_object(o) + + # Add behaviors + o = pymisp.MISPObject(name="sb-signature") + o.add_attribute("software", "VMware NSX Defender") + for activity in result.get("malicious_activity", []): + a = pymisp.MISPAttribute() + a.from_dict(type="text", value=activity) + o.add_attribute("signature", **a) + misp_event.add_object(o) + + # Add mitre techniques + for techniques in result.get("activity_to_mitre_techniques", {}).values(): + for technique in techniques: + for misp_technique_id, misp_technique_name in self.techniques_galaxy.items(): + if technique["id"].casefold() in misp_technique_id.casefold(): + # If report details a sub-technique, trust the match + # Otherwise trust it only if the MISP technique is not a sub-technique + if "." in technique["id"] or "." not in misp_technique_id: + misp_event.add_tag(misp_technique_name) + break + return misp_event + + +def _parse_submission_response(response: Dict[str, Any]) -> Tuple[str, List[str]]: + """ + Parse the response from "submit_*" methods. + + :param dict[str, any] response: the client response + :rtype: tuple(str, list[str]) + :return: the task_uuid and whether the analysis is available + :raises ValueError: in case of any error + """ + task_uuid = response.get("task_uuid") + if not task_uuid: + raise ValueError("Submission failed, unable to process the data") + if response.get("score") is not None: + tags = [WORKFLOW_COMPLETE_TAG] + else: + tags = [WORKFLOW_INCOMPLETE_TAG] + return task_uuid, tags + + +def _unzip(zipped_data: bytes, password: bytes = DEFAULT_ZIP_PASSWORD) -> bytes: + """ + Unzip the data. + + :param bytes zipped_data: the zipped data + :param bytes password: the password + :rtype: bytes + :return: the unzipped data + :raises ValueError: in case of any error + """ + try: + data_file_object = io.BytesIO(zipped_data) + with zipfile.ZipFile(data_file_object) as zip_file: + sample_hash_name = zip_file.namelist()[0] + return zip_file.read(sample_hash_name, password) + except (IOError, ValueError) as e: + raise ValueError(str(e)) + + +def _download_from_vt(client: vt.Client, file_hash: str) -> bytes: + """ + Download file from VT. + + :param vt.Client client: the VT client + :param str file_hash: the file hash + :rtype: bytes + :return: the downloaded data + :raises ValueError: in case of any error + """ + try: + buffer = io.BytesIO() + client.download_file(file_hash, buffer) + buffer.seek(0, 0) + return buffer.read() + except (IOError, vt.APIError) as e: + raise ValueError(str(e)) + finally: + # vt.Client likes to free resources at shutdown, and it can be used as context to ease that + # Since the structure of the module does not play well with how MISP modules are organized + # let's play nice and close connections pro-actively (opened by "download_file") + if client: + client.close() + + +def _get_analysis_tags( + clients: Dict[str, nsx_defender.AnalysisClient], + task_uuid: str, +) -> List[str]: + """ + Get the analysis tags of a task. + + :param dict[str, nsx_defender.AnalysisClient] clients: the analysis clients + :param str task_uuid: the task uuid + :rtype: list[str] + :return: the analysis tags + :raises exceptions.ApiError: in case of client errors + :raises exceptions.CommunicationError: in case of client communication errors + """ + client = clients[DEFAULT_ENDPOINT] + response = client.get_analysis_tags(task_uuid) + tags = set([]) + for tag in response.get("analysis_tags", []): + tag_header = None + tag_type = tag["data"]["type"] + if tag_type == "av_family": + tag_header = "av-fam" + elif tag_type == "av_class": + tag_header = "av-cls" + elif tag_type == "lastline_malware": + tag_header = "nsx" + if tag_header: + tags.add("{}:{}".format(tag_header, tag["data"]["value"])) + return sorted(tags) + + +def _get_latest_analysis( + clients: Dict[str, nsx_defender.AnalysisClient], + file_hash: str, +) -> Optional[str]: + """ + Get the latest analysis. + + :param dict[str, nsx_defender.AnalysisClient] clients: the analysis clients + :param str file_hash: the hash of the file + :rtype: str|None + :return: the task uuid if present, None otherwise + :raises exceptions.ApiError: in case of client errors + :raises exceptions.CommunicationError: in case of client communication errors + """ + def _parse_expiration(task_info: Dict[str, str]) -> datetime.datetime: + """ + Parse expiration time of a task + + :param dict[str, str] task_info: the task + :rtype: datetime.datetime + :return: the parsed datetime object + """ + return datetime.datetime.strptime(task_info["expires"], "%Y-%m-%d %H:%M:%S") + results = [] + for data_center, client in clients.items(): + response = client.query_file_hash(file_hash=file_hash) + for task in response.get("tasks", []): + results.append(task) + if results: + return sorted(results, key=_parse_expiration)[-1]["task_uuid"] + else: + return None + + +def _get_mitre_techniques_galaxy(misp_client: pymisp.PyMISP) -> Dict[str, str]: + """ + Get all the MITRE techniques from the MISP galaxy. + + :param pymisp.PyMISP misp_client: the MISP client + :rtype: dict[str, str] + :return: all techniques indexed by their id + """ + galaxy_attack_patterns = misp_client.get_galaxy( + galaxy=GALAXY_ATTACK_PATTERNS_UUID, + withCluster=True, + pythonify=True, + ) + ret = {} + for cluster in galaxy_attack_patterns.clusters: + ret[cluster.value] = cluster.tag_name + return ret + + +def introspection() -> Dict[str, Union[str, List[str]]]: + """ + Implement interface. + + :return: the supported MISP attributes + :rtype: dict[str, list[str]] + """ + return mispattributes + + +def version() -> Dict[str, Union[str, List[str]]]: + """ + Implement interface. + + :return: the module config inside another dictionary + :rtype: dict[str, list[str]] + """ + moduleinfo["config"] = moduleconfig + return moduleinfo + + +def handler(q: Union[bool, str] = False) -> Union[bool, Dict[str, Any]]: + """ + Implement interface. + + :param bool|str q: the input received + :rtype: bool|dict[str, any] + """ + if q is False: + return False + + request = json.loads(q) + config = request.get("config", {}) + + # Load the client to connect to VMware NSX ATA (hard-fail) + try: + analysis_url = config.get("analysis_url") + login_params = { + "key": config["analysis_key"], + "api_token": config["analysis_api_token"], + } + # If 'analysis_url' is specified we are connecting on-premise + if analysis_url: + analysis_clients = { + DEFAULT_ENDPOINT: nsx_defender.AnalysisClient( + api_url=analysis_url, + login_params=login_params, + verify_ssl=bool(config.get("analysis_verify_ssl", True)), + ) + } + logger.info("Connected NSX AnalysisClient to on-premise infrastructure") + else: + analysis_clients = { + data_center: nsx_defender.AnalysisClient( + api_url=tau_clients.NSX_DEFENDER_ANALYSIS_URLS[data_center], + login_params=login_params, + verify_ssl=bool(config.get("analysis_verify_ssl", True)), + ) for data_center in [ + tau_clients.NSX_DEFENDER_DC_WESTUS, + tau_clients.NSX_DEFENDER_DC_NLEMEA, + ] + } + logger.info("Connected NSX AnalysisClient to hosted infrastructure") + except KeyError as ke: + logger.error("Integration with VMware NSX ATA failed to connect: %s", str(ke)) + return {"error": "Error connecting to VMware NSX ATA: {}".format(ke)} + + # Load the client to connect to MISP (soft-fail) + try: + misp_client = pymisp.PyMISP( + url=config["misp_url"], + key=config["misp_key"], + ssl=bool(config.get("misp_verify_ssl", True)), + ) + except (KeyError, pymisp.PyMISPError): + logger.error("Integration with pyMISP disabled: no MITRE techniques tags") + misp_client = None + + # Load the client to connect to VT (soft-fail) + try: + vt_client = vt.Client(apikey=config["vt_key"]) + except (KeyError, ValueError): + logger.error("Integration with VT disabled: no automatic download of samples") + vt_client = None + + # Decode and issue the request + try: + if request["attribute"]["type"] == "url": + sample_url = request["attribute"]["value"] + response = analysis_clients[DEFAULT_ENDPOINT].submit_url(sample_url) + task_uuid, tags = _parse_submission_response(response) + else: + if request["attribute"]["type"] == "malware-sample": + # Raise TypeError + file_data = _unzip(base64.b64decode(request["attribute"]["data"])) + file_name = request["attribute"]["value"].split("|", 1)[0] + hash_value = hashlib.sha1(file_data).hexdigest() + elif request["attribute"]["type"] == "attachment": + # Raise TypeError + file_data = base64.b64decode(request["attribute"]["data"]) + file_name = request["attribute"].get("value") + hash_value = hashlib.sha1(file_data).hexdigest() + else: + hash_value = request["attribute"]["value"] + file_data = None + file_name = "{}.bin".format(hash_value) + # Check whether we have a task for that file + tags = [] + task_uuid = _get_latest_analysis(analysis_clients, hash_value) + if not task_uuid: + # If we have no analysis, download the sample from VT + if not file_data: + if not vt_client: + raise ValueError("No file available locally and VT is disabled") + file_data = _download_from_vt(vt_client, hash_value) + tags.append(VT_DOWNLOAD_TAG) + # ... and submit it (_download_from_vt fails if no sample availabe) + response = analysis_clients[DEFAULT_ENDPOINT].submit_file(file_data, file_name) + task_uuid, _tags = _parse_submission_response(response) + tags.extend(_tags) + except KeyError as e: + logger.error("Error parsing input: %s", request["attribute"]) + return {"error": "Error parsing input: {}".format(e)} + except TypeError as e: + logger.error("Error decoding input: %s", request["attribute"]) + return {"error": "Error decoding input: {}".format(e)} + except ValueError as e: + logger.error("Error processing input: %s", request["attribute"]) + return {"error": "Error processing input: {}".format(e)} + except (exceptions.CommunicationError, exceptions.ApiError) as e: + logger.error("Error issuing API call: %s", str(e)) + return {"error": "Error issuing API call: {}".format(e)} + else: + analysis_link = tau_clients.get_task_link( + uuid=task_uuid, + analysis_url=analysis_clients[DEFAULT_ENDPOINT].base, + prefer_load_balancer=True, + ) + + # Return partial results if the analysis has yet to terminate + try: + tags.extend(_get_analysis_tags(analysis_clients, task_uuid)) + report = analysis_clients[DEFAULT_ENDPOINT].get_result(task_uuid) + except (exceptions.CommunicationError, exceptions.ApiError) as e: + logger.error("Error retrieving the report: %s", str(e)) + return { + "results": { + "types": "link", + "categories": ["External analysis"], + "values": analysis_link, + "tags": tags, + } + } + + # Return the enrichment + try: + techniques_galaxy = None + if misp_client: + techniques_galaxy = _get_mitre_techniques_galaxy(misp_client) + result_parser = ResultParser(techniques_galaxy=techniques_galaxy) + misp_event = result_parser.parse(analysis_link, report) + for tag in tags: + if tag not in frozenset([WORKFLOW_COMPLETE_TAG]): + misp_event.add_tag(tag) + return { + "results": { + key: json.loads(misp_event.to_json())[key] + for key in ("Attribute", "Object", "Tag") + if (key in misp_event and misp_event[key]) + } + } + except pymisp.PyMISPError as e: + logger.error("Error parsing the report: %s", str(e)) + return {"error": "Error parsing the report: {}".format(e)} + + +def main(): + """Main function used to test basic functionalities of the module.""" + parser = argparse.ArgumentParser() + parser.add_argument( + "-c", + "--config-file", + dest="config_file", + required=True, + help="the configuration file used for testing", + ) + parser.add_argument( + "-t", + "--test-attachment", + dest="test_attachment", + default=None, + help="the path to a test attachment", + ) + args = parser.parse_args() + conf = configparser.ConfigParser() + conf.read(args.config_file) + config = { + "analysis_verify_ssl": conf.getboolean("analysis", "analysis_verify_ssl"), + "analysis_key": conf.get("analysis", "analysis_key"), + "analysis_api_token": conf.get("analysis", "analysis_api_token"), + "vt_key": conf.get("vt", "vt_key"), + "misp_url": conf.get("misp", "misp_url"), + "misp_verify_ssl": conf.getboolean("misp", "misp_verify_ssl"), + "misp_key": conf.get("misp", "misp_key"), + } + + # TEST 1: submit a URL + j = json.dumps( + { + "config": config, + "attribute": { + "type": "url", + "value": "https://www.google.com", + } + } + ) + print(json.dumps(handler(j), indent=4, sort_keys=True)) + + # TEST 2: submit a file attachment + if args.test_attachment: + with open(args.test_attachment, "rb") as f: + data = f.read() + j = json.dumps( + { + "config": config, + "attribute": { + "type": "attachment", + "value": "test.docx", + "data": base64.b64encode(data).decode("utf-8"), + } + } + ) + print(json.dumps(handler(j), indent=4, sort_keys=True)) + + # TEST 3: submit a file hash that is known by NSX ATA + j = json.dumps( + { + "config": config, + "attribute": { + "type": "md5", + "value": "002c56165a0e78369d0e1023ce044bf0", + } + } + ) + print(json.dumps(handler(j), indent=4, sort_keys=True)) + + # TEST 4 : submit a file hash that is NOT known byt NSX ATA + j = json.dumps( + { + "config": config, + "attribute": { + "type": "sha1", + "value": "2aac25ecdccf87abf6f1651ef2ffb30fcf732250", + } + } + ) + print(json.dumps(handler(j), indent=4, sort_keys=True)) + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/misp_modules/modules/import_mod/lastline_import.py b/misp_modules/modules/import_mod/lastline_import.py index 37f6249..3307852 100644 --- a/misp_modules/modules/import_mod/lastline_import.py +++ b/misp_modules/modules/import_mod/lastline_import.py @@ -1,5 +1,7 @@ #!/usr/bin/env python3 """ +Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module. + Module (type "import") to import a Lastline report from an analysis link. """ import json From b3daa138f107cc68625628ecbf0442df8cde0870 Mon Sep 17 00:00:00 2001 From: Brad Chiappetta Date: Mon, 9 Aug 2021 15:37:37 -0400 Subject: [PATCH 022/132] add cve support and enhance ip lookups --- misp_modules/modules/expansion/greynoise.py | 272 +++++++++++++++----- 1 file changed, 207 insertions(+), 65 deletions(-) diff --git a/misp_modules/modules/expansion/greynoise.py b/misp_modules/modules/expansion/greynoise.py index 19b4653..a2ccf13 100644 --- a/misp_modules/modules/expansion/greynoise.py +++ b/misp_modules/modules/expansion/greynoise.py @@ -1,10 +1,12 @@ -import requests import json +import requests +from pymisp import MISPEvent, MISPObject + misperrors = {"error": "Error"} -mispattributes = {"input": ["ip-dst", "ip-src"], "output": ["text"]} +mispattributes = {"input": ["ip-dst", "ip-src", "vulnerability"], "output": ["text"]} moduleinfo = { - "version": "1.0", + "version": "1.1", "author": "Brad Chiappetta ", "description": "Module to access GreyNoise.io API.", "module-type": ["hover"], @@ -15,16 +17,71 @@ codes_mapping = { "0x01": "The IP has been observed by the GreyNoise sensor network", "0x02": "The IP has been observed scanning the GreyNoise sensor network, " "but has not completed a full connection, meaning this can be spoofed", - "0x03": "The IP is adjacent to another host that has been directly observed by " - "the GreyNoise sensor network", + "0x03": "The IP is adjacent to another host that has been directly observed by the GreyNoise sensor network", "0x04": "Reserved", "0x05": "This IP is commonly spoofed in Internet-scan activity", - "0x06": "This IP has been observed as noise, but this host belongs to a cloud " - "provider where IPs can be cycled frequently", + "0x06": "This IP has been observed as noise, but this host belongs to a cloud provider where IPs can be " + "cycled frequently", "0x07": "This IP is invalid", - "0x08": "This IP was classified as noise, but has not been observed engaging in " - "Internet-wide scans or attacks in over 60 days", + "0x08": "This IP was classified as noise, but has not been observed engaging in Internet-wide scans or " + "attacks in over 90 days", + "0x09": "IP was found in RIOT", + "0x10": "IP has been observed by the GreyNoise sensor network and is in RIOT", } +vulnerability_mapping = { + "id": ("vulnerability", "CVE #"), + "details": ("text", "Details"), + "count": ("text", "Total Scanner Count"), +} +enterprise_context_basic_mapping = {"ip": ("text", "IP Address"), "code_message": ("text", "Code Message")} +enterprise_context_advanced_mapping = { + "noise": ("text", "Is Internet Background Noise"), + "link": ("link", "Visualizer Link"), + "classification": ("text", "Classification"), + "actor": ("text", "Actor"), + "tags": ("text", "Tags"), + "cve": ("text", "CVEs"), + "first_seen": ("text", "First Seen Scanning"), + "last_seen": ("text", "Last Seen Scanning"), + "vpn": ("text", "Known VPN Service"), + "vpn_service": ("text", "VPN Service Name"), + "bot": ("text", "Known BOT"), +} +enterprise_context_advanced_metadata_mapping = { + "asn": ("text", "ASN"), + "rdns": ("text", "rDNS"), + "category": ("text", "Category"), + "tor": ("text", "Known Tor Exit Node"), + "region": ("text", "Region"), + "city": ("text", "City"), + "country": ("text", "Country"), + "country_code": ("text", "Country Code"), + "organization": ("text", "Organization"), +} +enterprise_riot_mapping = { + "riot": ("text", "Is Common Business Service"), + "link": ("link", "Visualizer Link"), + "category": ("text", "RIOT Category"), + "name": ("text", "Provider Name"), + "trust_level": ("text", "RIOT Trust Level"), + "last_updated": ("text", "Last Updated"), +} +community_found_mapping = { + "ip": ("text", "IP Address"), + "noise": ("text", "Is Internet Background Noise"), + "riot": ("text", "Is Common Business Service"), + "classification": ("text", "Classification"), + "last_seen": ("text", "Last Seen"), + "name": ("text", "Name"), + "link": ("link", "Visualizer Link"), +} +community_not_found_mapping = { + "ip": ("text", "IP Address"), + "noise": ("text", "Is Internet Background Noise"), + "riot": ("text", "Is Common Business Service"), + "message": ("text", "Message"), +} +misp_event = MISPEvent() def handler(q=False): # noqa: C901 @@ -33,66 +90,153 @@ def handler(q=False): # noqa: C901 request = json.loads(q) if not request.get("config") or not request["config"].get("api_key"): return {"error": "Missing Greynoise API key."} - if request["config"]["api_type"] and request["config"]["api_type"] == "enterprise": - greynoise_api_url = "https://api.greynoise.io/v2/noise/quick/" - else: - greynoise_api_url = "https://api.greynoise.io/v3/community/" headers = { "Accept": "application/json", "key": request["config"]["api_key"], "User-Agent": "greynoise-misp-module-{}".format(moduleinfo["version"]), } - for input_type in mispattributes["input"]: - if input_type in request: - ip = request[input_type] - break - else: - misperrors["error"] = "Unsupported attributes type." + + if not (request.get("vulnerability") or request.get("ip-dst") or request.get("ip-src")): + misperrors["error"] = "Vulnerability id missing" return misperrors - response = requests.get(f"{greynoise_api_url}{ip}", headers=headers) # Real request - if response.status_code == 200: - if request["config"]["api_type"] == "enterprise": - return { - "results": [ - { - "types": ["text"], - "values": codes_mapping[response.json()["code"]], - } - ] - } - elif response.json()["noise"]: - return { - "results": [ - { - "types": ["text"], - "values": "IP Address ({}) has been observed by GreyNoise " - "scanning the internet in the last 90 days. GreyNoise has " - "classified it as {} and it was last seen on {}. For more " - "information visit {}".format( - response.json()["ip"], - response.json()["classification"], - response.json()["last_seen"], - response.json()["link"], - ), - } - ] - } - elif response.json()["riot"]: - return { - "results": [ - { - "types": ["text"], - "values": "IP Address ({}) is part of GreyNoise Project RIOT " - "and likely belongs to a benign service from {}. For more " - "information visit {}".format( - response.json()["ip"], - response.json()["name"], - response.json()["link"], - ), - } - ] - } + + ip = "" + vulnerability = "" + + if request.get("ip-dst"): + ip = request.get("ip-dst") + elif request.get("ip-src"): + ip = request.get("ip-src") + else: + vulnerability = request.get("vulnerability") + + if ip: + if request["config"]["api_type"] and request["config"]["api_type"] == "enterprise": + greynoise_api_url = "https://api.greynoise.io/v2/noise/quick/" + else: + greynoise_api_url = "https://api.greynoise.io/v3/community/" + + response = requests.get(f"{greynoise_api_url}{ip}", headers=headers) # Real request for IP Query + if response.status_code == 200: + if request["config"]["api_type"] == "enterprise": + response = response.json() + enterprise_context_object = MISPObject("greynoise-ip-context") + for feature in ("ip", "code_message"): + if feature == "code_message": + value = codes_mapping[response.get("code")] + else: + value = response.get(feature) + if value: + attribute_type, relation = enterprise_context_basic_mapping[feature] + enterprise_context_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + if response["noise"]: + greynoise_api_url = "https://api.greynoise.io/v2/noise/context/" + context_response = requests.get(f"{greynoise_api_url}{ip}", headers=headers) + context_response = context_response.json() + context_response["link"] = "https://www.greynoise.io/viz/ip/" + ip + if "tags" in context_response: + context_response["tags"] = ",".join(context_response["tags"]) + if "cve" in context_response: + context_response["cve"] = ",".join(context_response["cve"]) + for feature in enterprise_context_advanced_mapping.keys(): + value = context_response.get(feature) + if value: + attribute_type, relation = enterprise_context_advanced_mapping[feature] + enterprise_context_object.add_attribute( + relation, **{"type": attribute_type, "value": value} + ) + for feature in enterprise_context_advanced_metadata_mapping.keys(): + value = context_response["metadata"].get(feature) + if value: + attribute_type, relation = enterprise_context_advanced_metadata_mapping[feature] + enterprise_context_object.add_attribute( + relation, **{"type": attribute_type, "value": value} + ) + + if response["riot"]: + greynoise_api_url = "https://api.greynoise.io/v2/riot/" + riot_response = requests.get(f"{greynoise_api_url}{ip}", headers=headers) + riot_response = riot_response.json() + riot_response["link"] = "https://www.greynoise.io/viz/riot/" + ip + for feature in enterprise_riot_mapping.keys(): + value = riot_response.get(feature) + if value: + attribute_type, relation = enterprise_riot_mapping[feature] + enterprise_context_object.add_attribute( + relation, **{"type": attribute_type, "value": value} + ) + misp_event.add_object(enterprise_context_object) + event = json.loads(misp_event.to_json()) + results = {key: event[key] for key in ("Attribute", "Object") if (key in event and event[key])} + return {"results": results} + else: + response = response.json() + community_context_object = MISPObject("greynoise-community-ip-context") + for feature in community_found_mapping.keys(): + value = response.get(feature) + if value: + attribute_type, relation = community_found_mapping[feature] + community_context_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + misp_event.add_object(community_context_object) + event = json.loads(misp_event.to_json()) + results = {key: event[key] for key in ("Attribute", "Object") if (key in event and event[key])} + return {"results": results} + if response.status_code == 404 and request["config"]["api_type"] != "enterprise": + response = response.json() + community_context_object = MISPObject("greynoise-community-ip-context") + for feature in community_not_found_mapping.keys(): + value = response.get(feature) + if value: + attribute_type, relation = community_not_found_mapping[feature] + community_context_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + misp_event.add_object(community_context_object) + event = json.loads(misp_event.to_json()) + results = {key: event[key] for key in ("Attribute", "Object") if (key in event and event[key])} + return {"results": results} + + if vulnerability: + if request["config"]["api_type"] and request["config"]["api_type"] == "enterprise": + greynoise_api_url = "https://api.greynoise.io/v2/experimental/gnql/stats" + querystring = {"query": f"last_seen:1w cve:{vulnerability}"} + else: + misperrors["error"] = "Vulnerability Not Supported with Community API Key" + return misperrors + + response = requests.get(f"{greynoise_api_url}", headers=headers, params=querystring) # Real request + + if response.status_code == 200: + response = response.json() + vulnerability_object = MISPObject("greynoise-vuln-info") + response["details"] = ( + "The IP count below reflects the number of IPs seen " + "by GreyNoise in the last 7 days scanning for this CVE." + ) + response["id"] = vulnerability + for feature in ("id", "details", "count"): + value = response.get(feature) + if value: + attribute_type, relation = vulnerability_mapping[feature] + vulnerability_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + classifications = response["stats"].get("classifications") + for item in classifications: + if item["classification"] == "benign": + value = item["count"] + attribute_type, relation = ("text", "Benign Scanner Count") + vulnerability_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + if item["classification"] == "unknown": + value = item["count"] + attribute_type, relation = ("text", "Unknown Scanner Count") + vulnerability_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + if item["classification"] == "malicious": + value = item["count"] + attribute_type, relation = ("text", "Malicious Scanner Count") + vulnerability_object.add_attribute(relation, **{"type": attribute_type, "value": value}) + misp_event.add_object(vulnerability_object) + event = json.loads(misp_event.to_json()) + results = {key: event[key] for key in ("Attribute", "Object") if (key in event and event[key])} + return {"results": results} + # There is an error errors = { 400: "Bad request.", @@ -103,9 +247,7 @@ def handler(q=False): # noqa: C901 try: misperrors["error"] = errors[response.status_code] except KeyError: - misperrors[ - "error" - ] = f"GreyNoise API not accessible (HTTP {response.status_code})" + misperrors["error"] = f"GreyNoise API not accessible (HTTP {response.status_code})" return misperrors From baa31c464c8eebe4d81a09659c34670995b4b259 Mon Sep 17 00:00:00 2001 From: Brad Chiappetta Date: Mon, 9 Aug 2021 15:52:49 -0400 Subject: [PATCH 023/132] documenation updates --- documentation/README.md | 16 +++++++++++----- documentation/logos/greynoise.png | Bin 114641 -> 92083 bytes 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/documentation/README.md b/documentation/README.md index b25258a..6eefef5 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -608,16 +608,22 @@ Module to query a local copy of Maxmind's Geolite database. Module to access GreyNoise.io API - **features**: ->The module takes an IP address as input and queries Greynoise for some additional information about it: basically it checks whether a given IP address is “Internet background noise”, or has been observed scanning or attacking devices across the Internet. The result is returned as text. +> - Query an IP from GreyNoise to see if it is internet background noise or a common business service +> - Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days +> - Supports Enterprise (Paid) and Community API for IP lookup +> - CVE Lookup is only supported with an Enterprise API Key - **input**: ->An IP address. +>An IP address or CVE ID. - **output**: ->Additional information about the IP fetched from Greynoise API. +> - For IPs: IP Lookup Details +> - FOR CVEs: Scanner Count for last 7 days - **references**: > - https://greynoise.io/ -> - https://github.com/GreyNoise-Intelligence/api.greynoise.io +> - https://docs.greyniose.io/ +> - https://www.greynoise.io/viz/account/ - **requirements**: ->A Greynoise API key. +> - A Greynoise API key. +> - Selection of API Key type: `enterprise` (for Paid users) or `community` (for Free users) ----- diff --git a/documentation/logos/greynoise.png b/documentation/logos/greynoise.png index b4d4f9167a556040a6191b4dfd6d82e27f6e2713..0c57e64567d59019bb24e5d6ce882496674bf2a2 100644 GIT binary patch literal 92083 zcmdqJi9gi)A3r)$R6^5&C`#wlak7Omb}GwBO6in+OCikI_dU^cBy|$TV3dQhj%43P zglfi;ow4PZk-f&g{@$O@$NAphy??^>c$^2Fc`vW^`P$w*zJ5)Qcfas{6bi+A`44R) z6pBX)h2k#R%LV?AQ^j%+__ojO4^vMRO5j)MKaR^rzs#dhCsCKRFZ}73JUuvb;}_$S zH>1@@*kbv6WCf^&VZuB~b{7&P588!0@<_kairkY>GIB&TjC+LRUR}lWbW0TpZC~~c zF;#i;+1C#Q(uMLErhhKRmI^#4?g6*$e5LKtEa&;}A1IX8x!o=Q*T3Zd|M#!0(c3VC z^8)Deflc9q_n0ptASIwi^u*;)9D;tLQgs^KCC1Bqk3PzX>u@k${JPxTBCHa=ZuI%e z`GrftL34qIME}x=V;s=x-b3N?(047n)Q_Ks*F5h_>f^iYWWr`&e-GKHvIw<4!V7)e z#)mAUK3(`QzIA52W36>?tf9KMGUQ;ear%U2skQ_2-C#R>WaEXA1JE7{2f95r-l4U| zXIRs%CEa6qVDDgTnwT8h_96@V97S>8BgF?BW0l zzIonmXHhCaNjl@WW^`g@sD{Tim*#A))~USKFT$F`$~Mp`D1<`U8`aPJPsoZ5G#GHs zPBpT|Rl-UZk3pX&3h%6Nx@fQat*~@vH9x9VQG*luEd3WZSd6--#jjnFXcgn0l|Aia zUeBsrJS|UVxIs&7nh|rNp44f`6_gwJd|-R3P*6=qrxp5?+O{_t;y#S2K0sqc($CHc zSADX6&7xVTXh5H*-9p$%lR&#~NZOYWkClvV^~JMPS+K0$Yaue5zBSmQmJ>VMsyDlL z`eU}BT0uJNZ0RoOgkB6nKIJC*{L~(LiTtI3S@ND%{#iljQwk0_-^N+|+kBso{RR00 z19mcgR{K+7s&EIDU_M3Il8&>YXRitBUY&<8c1fnf!dZDnnBb->D%8Kvi(rw2)ikee zYC-3Ql^#ZRx*kGjRi~}K=-{jw3pt_Y!2Egv)^@=uL~=Ff#QCmBu&UpzHb3T=TPPM( z(^S%iP8j(Wp=`u;GM>p^Q*ysZ6;R8!W6e6-Ybf7^R;2BS?q{uek^?w^T8C1#uY}EV zUJTis_=cdAf8JA2G4!VzO8BPNPVc?a9`q{RXX$VvZzqlt(cTb zdJ7gW1l{n2jBu$dE#7UOR9T=mitPrBUP5%i$__xd#xSK@5wTtgq<-~XRor=3LO7Q4sCiwb;+s|qVQ zq-O*Z*9eW7k8M*0A$$W%#XKp_)6*LB{(2W{+r!GKPk( zhZokSXj~I#9;ZNJwLu}~-UcK;t3%hD?HI~+qB3F=$#QJ`YgU~|7kPZl;Rm~rJXLMB zc#%cgM}{p-;WEMx?_+{=NOI33dO>CJP-9iD^>z`lFW$K1Ek4AmsdY+oy>B>A+Q-U^ zU(5ocEld$Hf;0~F`2tdsX1SQEyE#@)Gq+Tphj{-oFS)0#D5kZtBe-oe8}Ad6_*n zY%RxrH_id;MskNB4sX@TNF06commqN<5(jyf}xId<*|#b7J|OzZ++Cn#d1Rw4Ix}@!O zVc?#`c=NGMdNvn*N{Y@OL+75pp?zFqU{>wlp7!l`k42#ye6Aptr;hnt`6iarfh`yd zWb%o2?~*4+OwK?`PaXSNiR!Qe^FAj?Q~+fEgP7b%?8urn>sT-JS(p(&SXT<6L|6a28)}7F#zcBW(j-;E@&U`Y4fki>Rq)amM`3eln^$EfU|4>+TBFI z{LOPlT)q7bdD%Y#2`OUo?A{_cRa&|P%Z2K=_<=d=F59ju<;10XPp^<&E6@Hc59|HE zB@=r|U$S|Ubm-Jx+3;5JXf$F~Sw}v%-o6lbK8st?IswXjn@29ETvr zPh*W5y6$YBS{VqjPSHdd;VRI@C1k|492ZKdm>0Uw{l68)#~knd7M5Z@9?CMf0FvSkie1jbsn zfpAM)ZKJB8B8-MrTc+$;FI;I`=Jr-)MbPmS>m6Fs8}AD)y30OS^|i!eh81LasK0d% zqug#_RhNeix4vJ3VVn|*tWLt#QC4f>-c5)SS3AMc=||BljF$$DMpT8_fNyVwx0IV!ih*) zZR3V0W7$CUV;?vJ$@ap})fma?skOAA+Dh5I8* zxC{|{>(*{?=M8Js_4yoY*=d1Q)cl`#9CyelgUN_D3OUyIeW(XVkLI$6u>~dcE8_ej zN6~^9yoONwry-x7IO3Q8eZG?miJ;L%_)3uN-qk)EV2M>6#>gV&0QDE-3Xs+)<%^Is zV<&zom}+D``tN|mBgh4F0%*(Lpd0$iLUj`PlU$RL6xb0_Hlc_Zs!X+M6$i_JmL7DN zKcX8W#sKsA0+IGem-shIBbBV@=JdfH{veDCF;c&mgtFf4-=<#bK$BxQc(P(yi0u)Hw0KJv-;! z9PF?9Eh9*H{_S28BEy};f*Pvbpd&F33{7_AaQSThDS5H~bRFi4K(c`afR;SE1E)NX4;Y~h?`~D9(L#~%_?!-t+jwB2b3YFKpC>I7`nBm6F%TH!d+rwMe%A+ zxYeQ^F9}4MU8-zJ6OFu69{vInWIjKU^~^!vcF)c2s;N!?6FNMvVJ?LcB_tBUU2(G| z6;}6{_c)8Fx{Ke&7sn`#pHt+ss=cR#0;+#qyI-x-AMXd<7q+>>HkDecxP7}+QM3Bn za3oW^LB%9QRBoV5?Rcs8*LyNyC3}RS+ovM@ZFz&84P$Htr_2664*L6v-B0uosw&fb3F zcJ+uqk$A=T2z0cN2<%N%t*)!@jRD+qRy>fVReq)c)@|=jwl?IJzVdezp^sM2f>fqN z4bBrI5X}jtRlF=22nkY1`(6ud=Yy)ExcE~tRNmB!iS`tF@}|xu!!9lR%MMkK3HbFN z1)NE1g;8`YFYQCv;sfTQ-5=qa(;ZGHRC$nk=M;`&FUr{@CuaUi$qk6xZs*P!2E zljeD@+cIp}80QqKj?<;CXv7dmcF^_H(Y$!kIqrSKr!a_KZw#d+KU_(a|G zm&~ByR{u2z=q{)b>TzAxacTz2Qa#VX7wnXH3jg3sXFf1nIm>0NEBtXdW_d+;5GaaX zxt!u2vcH8@9lpzqDS}m?r~?Ca8$tM?G}obsA%FoTzCW`FN^>|T4G%e4Wl$j%@z+4~ zpym*DIcfo`XEGx=7_l-$;Niy=(gZPN{(o0_rlXL`#1D}TRaB?JmY1Z-Kcc~iH2@BdYR7@d?*=;|H5NgbrC*?eJKE^;<*{X(Tl(cRS`IK8Lv1=Ws&^W8k&S0?xU}JS zlB^KY`mG-~m^@IXeD$@x&6fta+e3{;+(A_UJ$U9{Yhg`abJE#tya2i9(HnmY(JK<0 z{O7zbd>`a7_A}lto%>81cQ(w@DB!dHQP5(wGUOh-kP`Eg@9KazZ;ESX$U%r(BtqLb z0BFZ&yQtGD3(QH@`^ApE0@1`gNk(5nZ}!K@1-tQ(XN+xj$B~eyQ_fTO=gf-)w-}qM zXDi81eNDQSKcAbs1RW-8iRkjgn}I6{oV|qgU*%;)5+kH?ZcO+OcDjh*&1VA#UXs^H z@x$*h#Dv9?%ggl>-g{>pUP)OthXRdh9=H#8AV%yEM$JLc(pn1~W4So9wc(VW#kqI3 zY0@8*bEQ(z2_o&$X+73^+SYx|q5R;^BsUC9H<66J7vv-tb6aD`KU|6a?bPEgmjU{x zl~=avwfLW{pcnCDthU%WQt#`HOUb^YZ1-TA)9zro#iG9Fw@TZ~2d1YlDZ^Y@AzVql z;b6S`F)~w#$CY4w{s93Bq|yqDMZK@Rn?cnlwqbD9*pnCSFl1FeoeD@ z#(&Jk8|w3fp%Hv=`9mATV6uot>wqwp2c!3z>u<}>AX|~?%E!d}`r0(7g&;Grkdk4C z>aNwVtqKs|2V!A!9Eotc+pqJd121_zfmY>W!>4!>WM!QUkL$zP>sGX?BN|^T)dae%+(G#pOK=}Y2x+BJxjWn54={qhPAF>t-~&)O8UYFgtRl~G>$wsx`V~#? zCpy7%-(3Sr##g;7mK$&!4!r&!BMT+>H+gPlaLO_(YGeh#5Fr}h;@pTkk zym8Jv&yFdqFkGxA>7uWFeE9*3*z=c|S=aL16>|n8`LwHu{(Rq%yh2@9rngdv#=NvT z)h?SKAXgZ2)2?-WVDA?`vU(NoJmFHW3f-!p4Fkr!F1irp8u$gq>{Pe?E0$IlePpl^ zE{I&q@-DDrSjtt`Wc)M=tb-lD%~dS7=FlwOE5eN!gXaj{FM(%m>8}^*woX^@*vYfs zhMW4OR~!u*nrAy(&jyMlxn}zBrhp2dpC`4NxzS}Oaqotm!(0|b1?4P4x$&C;naZ-C z|J1R~x+s0!pE$B@*`Q8zoOHO6*DaFd+_}-#@TaWNV!i6-Op8_YR$H}zLfL7-4K^9zgWJIoo+iGQz>vW{d<`GESY6!VkH+dUDxAKCHL3_?_GJ zb~augV-Aa`lS3Vtw>UlL_kUn&2G8J}1eo$1FVO3)GifA=?qC7x~wP=+@?VI+M16-yLq5FR)q)Q zyB@h&-MeGzZhMU{dq_we~qifQM8jiv@WhgWb2bs->X4Xy7aag8yhkEcZI4%{AFk=EMwzLT(3 zET}jj$+w}SO$#Vw*FC(ZHvuEN7}E4OQ-CK~C<<8*_LQyW13S1N<5H7&y{boDrT~Ni zb07=el&troTNP0){2()eOdtZu7|-P46RPgZUfVPqv*)-UaYjf{bLqAHE75uU;v%~W z@1sF#zPumid?W_uoO%}kh4JRl$YSUxkex6`_MqE!=n04Sl8iB1weNI}_eKGPf91KX zltew{`-&aOF9Z1sH5L{`*kvaLyj9oy{dTIP+D)>2!ePQZNELWmFWDqay8fBiGt*+X zh5D3@Z>T+l2(T2{_X%WoMw`WjQz6r@rAZzGH`6Pnbybi3xaZSatHVnI2{|{^;LLr_ z{@85oTiLcMCtt9Wq$eSr$uqx-R}k2qc0EDX`oz9}d*ca8dA966f(+X^Cdn179g&%w zn*Z2bs-oH5*4GUUWKa``#k^>DWCW!U*<8#t(5jJEbe=DNCsBgojF5Yt*HVh{vQk89 zrs)(|heFlDy51L9S&jLN4k980H^^rN7tc3dePyZUd(T{6_U_@{Nd~UFcAf*y{4%e> zi15TL=5|61F37^$HeM=bhCuKi>P!hf{gks&TD--1B1rMw70WJMOUMA6xx7H6 zqWiYJ3>4{dhm&WmK@dZ&u$!f4N-CuX>cS-^t4nD z#U}pKUxY6e*l=&=0g_ecm~%$usFoVYBx3^7YQpw^38}IM~2!LS|yh~ z@t=yfMLglLx^A1LptYCCYjbJRXZs6BR7)vQ*%@iN_5KdWQ&~sM^$O?T@HGYQ?3AAN?GmLo4;9scM(wJbh#WnTqe|3vK?yAyu|4V5lX$i`L7=ka@eVy=dD*yC%B!% z50MEI-`+n$H_&@9Hl%10M@dd#YYPqk!gD$Nt;}Mn?EA^+GN{}RdrPT!>nO^x zH20W?kQ~?+kfGS+EyJO87NC~IxD(Z!x~wAJ%^rLue{-2Hd?%7`2vzfHw=8>m z7D@f3di``E$>?((Rd-G?$QrJ@Q55b)_1yKaFYVmhQ`_TMU1+E5Jt?JI8d2$pkRlvtk2!ERmTly9|EF@ct^MC|ZYP5ETXsJgdEtJGTQ2y5Ij(=TtP zK}{-~-IMFK%eG|esjd}OxSPBH*GplSqX}b1pDiWEbxqz|E*i6k<3M{!&ZE@Qa|p+9 zu@OM&zS&a$H@jw7t-J}kYMvYMXn#wKyQ*_OApE&*$~|*8wseUnCV*&42cuV`&!a`F zsbHRF34`m%X(UT>)}a989lfZ8#k2O!X)J>FXLPuXo&OFL?K z$U`oN5)y|AMTy+1{{nhMtnlRN1pE+Ov9H7qb&s=R>p5`RP%4B9^F=(4avoL?|0!x! zo;e9hh4xM2Y^_{vQuigoXCm`1Y7|n~3u|@&n}b7ZyS4v$JTB&!#NAe6-in~1}E+Nf&E_|%j(79QXQCAIg4Zu zRVVsyI&QMyBT-z)9GqI&Sysdo#V@Q`SAfBXKplwR#kSD>BM7#G!6DymD>oC`-N+jrwbUCe*gY?^Jqch}OhDCor&AF4cn7d3#fiM(> zTKWSHQq&yKXpbS8Kh*?1fJeKLM&f@%O3fpnn~m3STzOy9UDnrazja2u;@PT28$!_x z5<2FA{hR8q7LVQp`SogMxT&M|pi<3H+s3D0Sh``OND(#v8ferU+;j=tWa!>h^QnQt~pwi4nZf1Zk())If5w6wK$m6jJFt2Kl4tRxPj9 zVm2OEbKgcl@fQ#pGMWDA10Rr^8+ZD(zlaNf{u{5=k6?*$HK@}Y$^RFjel`Sz?*@N3 zbw;@&1N+1<;bb3ob{1E`5*R>%%8whw+nA(QoHKrCridd!=D^0+-{hnVTqzDTEOcfa=%<8F-)b2v}<;Axe-NT1Z!wQfULg+{5h?jXs0$3+mW^r!{hUh+P>C=^@EZ}Cd1;Ytc#T%9gEES zpmqOYfiMsUq!~!ev8?7?yo&~@&40%;ZT>-|!0RlFuaU|~jwTHp1nBcKMZZ_l3D$7f zK7?q6?7Fg5*dfmQV_aqx6+=_0rfTs<`Pw_ApFl|G!hqBTt|1fOuT_=3iH$&$KW5{d ztnM-`IoU7+C{-j>I2uH_vs;Pfjy6w0^!6XTtHz|P?v!ot!rsF$3Ta&ujwV$~Rd^PD z4*^e%qUd?M=SV)o1Kk@6`Bz|nLJc8y(nbJ9wkg!G`0@*|Sp`#*(^ z1l5W_pYTb1CMa(}|2`uw;`s?$a7>A-i!)-=HAwrH;t=zZzKj9=(%B2z$)JdGyqna>c*KWKb7uoqtcl8pv52{>FY&|KyA9ik!H9g# z9jIaD&W`WOqYoY<^SW(-jK9wl&R`!?wXU<5S?9?OAV2F%QeD`F6&;)B>&b8VWw z1eVujA|yvJv(Ox&)640kbN2RangWr{|Ees;snW%T=Ssj4E63 zj6&a(?<77%GGoKnz6B|*P}D>n`-(bfQ^7&l+@^oz-p+`#b7zA|C`fP;IG(JTON@W5 zM%0-(A~p*Nml_MdF13%2mK>ZJjWKUIeVFtShLCy zl_=R;2p$CKX@i-%#>|f=AuY7Xzy)`7dnCOUdmLL3U{3mopfu?7*;hbSCrX9@4KcR| z#`?Spr!oTBpkx3qWh63^F>25h6wZ-$UOp5c1)v{5!FZ#ka^+Ps#)kW%hO|g5sptPW z`QM{(0gc+q$8XHM?tP(tq7`S~!bpmJOfVf}1hq{NK!%GnlYz9h9p<)Tzo~pJ;aDyz z-j0^pHM-a4^uecEO1oa|eRx{-FB|vW7tuoEvf7k`br*NbXwL_E=i0~Qk<*le12PM8 z{`$Lg`t`b6u)VIiH#rcnQ}M%44+6aT=P&lu({E0A4?hng6O?|-sG9PNcExxV?VF6) zZS9%&3ho|-H64U&TECOxnQh;{MA~~8>-T-3nLGUSLc3e&`*(a_!aF&${ka2euZQyd zs=2|MS!1_F-!hO8uURO_;#L){nY+5ZLFwE0Syx-TAPT>gq^yFM#;_@pU)2r^CVdPp zTm31rWv+2byhLB(X4&ekEVgpasQsvc{S9l*%8a;m%`Xus_ChTg*ZZ%`B)KPay?oIM za%U7}XgAc1KxypeEOovzVZ=cNj|)3Z)vogTT+3@#J%M-KUm#}BybS20cP(ena9?0n zuQ|jnZ+*pY2?V7MjTJW4id zk&JB5CG_Tp7yr8J-Ax<3vHV0wryIMHuhi#8J-y|nW~UExojiDLpwYi7XFZA~98jZp z3EYVa>q5gCk2;D@;3>|!##23470;CY=E`Ha3?3nP^r%~9jWTm27}d`y@z`V59QeY<)#HRSmj?y-l_<~M(%#Ql6-lvgd2aoov%Flg}=VLg+{ zN^gyr^YIn)N!?lqgQFL<2{xm!SK19n@I$5}Nm)xR>bAX2Z%3Kz$d>6VRu0U|4uN-c zCWA|@L*FaNmwsoD{u7lVa}}mR3u(pup?&Co=l0~g?@yb#$IMfm9`F*v*O1IY0VT;?Qc0>0OgMvC( zHMRz1)sA|hrlC@3ci7dF2;;eg#EVv{JQl;wxTN9ydbgsb8O#xMAf|W2X~9&s>bv@M znWAc-7@W6s|BVp*T>RS`&~e?>vjmyMt>H|tjctCqKWQ}jJv?7QIbVU5*QN2w4yZu{z!fjz{Hra}Mi;ZA?gn>l8+Xbl?ebDR z;lj#R#5zmQ81O2Jy)?3l(TI-9?5W=j?DgLCpSV)j^QEAAyX%pmhC}5RgEVy3M{HwG z(9#fJWYL*cby8Z37qDo~gq>r$di1T(|(>AbuH!L!@o*(y)MC_SOY>g&F7=5nf zD-mZ@Jrj1($kjX@rBNWdJIPSBm!DT{ui9LKk<|eecF}k5IZycaicIz(l*|B>O$`|G z8wOLX!pd>>L(QMwr{G-~jYM89>KEz7f<)u+3g~g666=yI^a5pul zPxfk@ePwSiZ_>N!5>VSro8m(rapZFBs09e)pAFx!>ePG88r6S0oXS?KB5YFKJTIXO zv3o*P_ZGM6ydg5V_Nf{U6Wo%CdMBpgY;z(RzQ3(n_@8P#!V-CQ_lckP0m55Y zOI7iXGIgC$?6SC@9-K0B`B6!Rn3AIRYi6ps;jF7c&ujt+BPU_Vfdtzo0TYuJh<2~g zdh_$_g(jd~iHSA)QQTfE_7GYR{^;0!b;Mr{99PVP!8>Ve(4aPzR;4B7D}_08;m~Fxh%TDgR;;mmIg#n7+kZa83OCL6fZR( z(JJRTEcK(Xe@gP;XZF?V_?!HavJcj5K6FlQcyLNDXKT240dR&- ziQEh4MwVb+(s&{7?RRf;p`RV#wUeTYv`(47F6OxZJ1x7lY)gYWCQZ$nJr#ELEkF0w z(XGu!{=M{3oV}A56wAXdY}VI7%vHa&{n9NJ$Nhm$7C<+Bpp))9;qqDQ>q(DD!wE(q z%{28S#;y#0&5IM4v*z4xc2{PN&FF`)F{ zmhp8`76z}n_Vf&!h_v+w883&bMXCUw_Ig_rE0(wF9PDJT`Jbvz!w{!s4D@Wf`PI$v zrkj(o)=#@)jHgq5a7mj$zP?0YQn9gXcu(K&R}1>agk5}Gso4IoG`7xW$sTeKObH6H z91(OOc)o`}{$|tk+`mnerWVpd4-ey0FF;uXc;Tn&ToznsZxT*OtSKA;X~-R3mOt?6 ztQ~(ye2(}-3_(dEqspm_oI_)Ha|cO^w+J4nz2B930q3f2MR~sdb~nkE3#8v7DLv;W zHbVB_4>W{`2%{tUmDek-yb#x_1TX^4P#q}%e7&eKbzH6NXG~k%{-?yJ1E<5pHhHm*ejwp<%dBpJ0dNjtyNLsRow3%wPAuazo`6q9EM)h%N6wGDX3 zvz!Gij<`ha>5N}a#~e`EP9`>;n1<69lT!#LxMTiY%pcXj>q}IAcoBN5o^rEnrSGD- zUkdRoPhPbhT8M^Kmwu>D8B<$d16J8)_aaQ7e%aAz|oV7B$Uysscc zkEfc|i;}Ll_ZNSYH&p56nLoNX`uO|i_{SvLWH2tWb_Rh6>S0H?NQv)MdEzh0*Z^VN z`AXu&{J@kacR;+p%=>m(6rU<8=Vvaaa1bAbc}`3qDpy-?|2bS4xC|Zyh@uB(&qG9+ z7z)F~Y@N=w_E3@h;1|RP*Z4cRWuqr0Y*)WnWuTGIwFT1Y4`c|X4tteDadx|>;Iw@@KAn|?(_(AI?+I>iA zWFvyvtJ%dIW=DP~1gVcrxHnc;+kigcs#2R8-T!sQo12qB$TRxfE?kARd}*|lDKNPc zq=Lc`=zH6*HXz5?xZV8o^jV%rQo%zK8NdIaZo_>R$A?Oz&r>u8yCTBfAbgaj23kZp zQG~$aoBHMX{A&<7s1qHqY!r^7Z%+L1Pse0Y#!E6AHKlsDrX*`F!S3y>RAB5-T-W94%k zpZef|CJ3VPT%RB5vLr^-s(mfJRGvxrZJKWe!i|TvQwZiA21s)$DQ{PcG4cDki5!*f zsmOi>@RaA%uBrTLsOC=gVm!z$KDP3jkeHMls}dp>NCv4q#7o;TR@&-sL)7Fwl z{|=U6Y$z0)E|gxo6mCWecm12#lv1i(`xoKG+DZ5=aN9n34|Q6=kza%KAmQ3lgm7GN zDfKI8DyVbxHUZQ*AB(Xmg`1hmOU3-?#yh1^2SYqvuDFp1tZT7hgG``H+c?Iyp2 z_@VDE&NnCAkh+NSYBF%-{v&=r#%zmm>VIzmx?E4sQ~4l1CAHw*rfgRH3?2J{9_s#1 zt86t^%ViAHW5)a1+6Pprzh$`aU^zW=a4j7X=Ur7rmKKh!nQI^SLI6(aDGZph(f!SS zy>1mB=(n_wOC3o}=?`%gH1U;EckBxp>f6dXv!L#<@BN=*Mr(x{k{vI6FCs=^bvG0K zZLM?0mr80ClBPR{s%DOC3np#0?z*y_M3my3ah|zQR_^^}DS^@TtfJfA=KLbZThPjk zZn-wPs>wlqt4=9ke1JS!72W21K1uYhj`v&x1SMv z(#ci;@tzk5%d7+R6)q_EQ8|DGk@w2OQI6Z$^~=UrVMS8zAQawGc4Q1mGL9FP0yEMt zTb)wj86NDKPjQo{puv;9IJsahD{l|=B)Ioz^KnOjX!OmI760`6POf-OcHnk)ot#E` zy&F4Ko>TG0<`Uuircc(3FCG6vZEe)K*KqfK1z%iDxz%<%ko|}#CUp=Wa_+bFdl(nr z{>x?lPKtxx_SDSJH1ONCqQCnOfBMx4aiF8^upNFUW$NkKFae2K2P6}48A>7R!La+CeNUHab<7>`kIR3No0IG>2N#X5x zncxwF_t}JCQON7zP2KUZP0m;IiCmj^T$Rr{}8gQ7upS0664Fd9qXsdlz(3CiXZtB71Q@3hjyfG?ExWimp7<`KNl3& z9kFr5m;?>24De}yClv3dULA%+g2ij_% zCM8>IKU{W#Y21y_nBG-jR*OGUcA{ocRy=cRyZXmFO?#$4fS-$cF=-#@sNuA&>U#mh zL#BRKHOSx1sCkZ%D8VNjrMf3v<2|-?A;*oKrPEO2CQl9cL>uV;H>h~NG4w4w??j=3 zB9RU4AVRu^4B2>qLSFUfzOIv;)nulJa+sXNMir{(Ex>~t_^@c>^WNptF-2wfTLM~9-mT=skPz(CBqpi=$Q>VRu`ku+!=AcJafJiJ)G3+F1H`6 zALtt$5jyL9aN4Pn344j(lXTsVqz@(O*nMIcysL%)e#=CAdOw!aCG{FmhOTx_tvOWq zQO$Nd<3+!h-{5avz}Fw~ZggIs2^E(1e?c4oB=f|~t+t}^T!}X}Y3kN1)mvG#}E=yG$g|?JMH~uuU-o7xl*!}TqI2M>15xh{udDNJ@b)UsJ@wuW8YwHDg*IE`wB1~xXEjsKJhS_-1Uqd4?iIZ;}@5YfuywZ zTDW4fx;+k*Yg0E2e-UpH;Y!Xr*)!YB-ijk63g-=j+QC}BsEczC>d#^w|4&O>-(RH% zv*0Qh(Wa|so8vXXh)1Mlky5M}4|e+&Z|Mn{vPh7cqrSYk+H$3ayY>m;bQ2t4kSzrS zs8=2;LjMlB^CuP!Ks_O%>H3~=73W%mdvCQ28cuN@ee(yl@cXf)0g0%v)`_%F+f6hz zUk!-uCkVFAWAb(-V8O-w!racW4@sIH?`+CeokqK_qd+R6!9OIe6x*@Z221Jy(q&yq zy3N5Ft22B(Zv54{b6((#9p%RIP=z9Sw!s?c4sa)<#I ziQlQckv?OIYd!Jx&PrInCdoKJ5p^o_D~O6QCtd79s>hua zWM27E%o%wX$1E-vGS&>g|K16#Sq|uiR*$F+Ib;^0OiqJ-@BEx@=(3!6ycs-z5I_^} z{{**EtwEDTVqB9q(<6aso_BC1yOX-4bM(Z%T@&q6J`<6r;O`%85Q79KZFB zYLLnOa>=O;{!LZIR0LvfnicQn8@Mx2R=uhl$R;}};U2rO#YW%n>E2_bGg*IePB4*G z^t^TvGU2cvNPyNjgf7MWAzvyc#|~&X4C3d8ihSg24O;Miq3s&#*CZ^5qPDidu!eh0 zTfJPZy?qXMJJ^k~Igd!H_6_}m)Cce@#E(d%5-blk^g8GLEA(&I%Z}N|1J$1F4GH$k zD8??@o`81sIwHO|JcCVYZhke8&TEf1=bbY8&vk zZoH$?z{u;81Jre+X0BzufPN5d8&a!{0GFBj5UM5bm8RY!%#FVJT-f@6Xt#&y!i zr5`$PC$4s1Tpmye6ll49@8A; zTdjwd`^`r^kZb1ziT9s?A7#q`o;i@|YLO%wLlpNFY4*qt%S}GnmKM)^wk#8qQ2m)U z*ys#L50uLXTYQ~x^3vFQq>U8TMhtJiQF=ZgQHALl`tehKFpC>K#=sX3rc?haL1yhNmAAO8t_ zKA%X*ya<;|d2DPltx8 zz+dI*^Xub$wWEbqxc5jcGuxfq%EkLYRMCtTY;OgC#W;_1s6$=d>6|jGF0I4Jd1?It z1FvoU8kU%YMxU>xkL$X+YB(xQeH!c>Vz{Xznmq;Uo|0zuH9_# zF(GfyuAxT}ihm>Hgkjn=bG(@Mc=j0&!>MDLAu@ zcuWA-vbl`a?*y_#(%WX}&9(!=zqoeA1<$4ZK;~Mgdf1-Be!O=Q5~ ziJC$j;ea7rKpgld>Jp0&D>y?h3ea>aD_3!<8Ui^1EC5s#GWoLWbM`7e&6RAv$JS6d zuOo$!I6G|2yNtm+Cl`G3LzXH=!AAPzUTs}hYD~B6add|T8Dlc(G*88SSz=a3S;BXaRA0`w#lXRVf%Xg{k-+}2j0bRAs#igt zwD1*{#9-{K6-}~Kue`?=d~)0&7bzm1ywV9|)5A_NB6O#oFn(jmxdp`&FGVgOA`kcl zR=!=Yv)juo&Y>&2TI9{rs#htiItU`{Oc;dfzi=5V|H;N_PsalfHkk~z9|HI3NpUuH zBp38JK+ojB7YRu@6fJOdDVFw6yGIz=)&33k)8A_b@keN6#(h_0GCuJL){IMy00*mx zV=jG@%bCF|biCHL(=Bf--25FvTLt2gqyiw6pnukX6ZZjs<4r`;`>RdNZ08cwIA#e` zj1?G+?t5)j59yb(MdseSrR=?&EKKXtFiB2=0k3^A1Q-O0uU0E{K&3(T!excNkI7XqPI zFQ9G7+WH;_zE4~LGe^cS{Pgt8I+<4Gr4=iPHqVGlDew72v)$E#E*!j*8Bu~YT%O9& z{qjGJB9pP|-n@0c8=+eV(K-{WmjOrte@j0r)ld3D;9wbjzEEF$O*kJOrJ<;YVR&qd z9+a6LbAH8QgEraUq3z-$Y6gLxU3W5#BT9J00AyA#!;g+oVOuctwMEb9&5q5zVpXnF z*b$km=MhhKwVXQwQJBCRFPv|wB%WzM&5DUvb$SnHAt=-^D2g@!YbM}zxzE=fPQ5-X(UuW8DTp33o&k%nSwULct#JRr3PQ&jbX~mGU#A zec;Z)8^VuHUkqeV&R|W(oTzS|Irh`9cO-2Syisoo?6)nvd{+yS=8)!GIM4KN=pqTDnp5cbm$C7J9M6Bt;K$?@4K$^ z@BG?so%O{1+?|wP8X*@o6YT8R`BL~~(U4LEu%81CN@MKA4pa)!B(Cw~N$POR3Zfso zE?jWWq9sSj*)C!le+fzz^5!A8BQU@(R#d_nY|h-CdrG1fJ&-_7{|`{i`~NyeI}^+P zWf;G)2I|q~hz`r|GzdN=t0dqYZ>7~9j_!@#=c6Jp6if$ZsmR1?{_&SWS9n($dQQv_ z1utE|gt+IfV#l$_Q7^*6kMJE-^zSxbI#WG}iFw{oA$DNWB>mu`fShAVyIVSJbpWK0 zgr9)(C|hy4Z0rxYA>lEl?@DF|6T|IY3JNzk^ZU7|X{Rsms#E`g$=vc$+vESSJBJ%k;2n1g6gkb!1m7?r_>=;LM2m5PU)pr? zv=j~OPD7!35dw~ih^QP)XvHvBy3-|shm9b3L*aE#tR*&{ED^k%r9oGl6rVV{8fLtl(b*_55D^$LT!ANTSfE{*QXJj#XrJo&?u<|#(AKH*cgDz4Q7TN+scB0w25jx!WS8K=B)cd4r z_RUptaldzy6GWFV$8vrS=)%Nw)54ZGU_sB22Z~d?>MPZm-98L3`y7PXc8$*L+;y!w z@T~!EFvEhDaQYMf)Ge~JE5F@q_weS{s}RQy1dPC;36a|W?d&Z{i5CjJn$oeorN!{9 z{WxdJK$zAiSu<%lhkc3Fe+foq5PSkJT6KKnf>H@VB3m4M~^4h6eFPy`8>s%-N$guU2{!<(ht zU+OzYjqOM*2 z=SfmNmyGWNGCve3k*!IUYyaXiXCx6{9Eu;-XmGtGXU`h$DRnDA#(?A#e*Ynkd{^n8 zf%C-vGYE>p?6v2IoV6-sfdjPu0-3pYs(FZ2@?|{<4uqj3_~3of2~{FqFURgiy&f{a z{uCVZAI8L3B54XBL)ZeoBSzWI)iQ}Qc&OEwt2?+-;Epg}1Xk35+ER}|;j~~0OJVzL zF_CC+rLtI7F7`sJX5muQe~({u0@=*IOF=2JQms-JTY15Rx$wRn{~d&Rj8!4>^kx*U zxOcp#!r9~GaqzO7n(@CaLoUL5fFH^rY(cDTWIi5W9+H@aqcDKNG52%Sq4V15wB+ai z-R&QEJDIO-mohi}Nu#RQXNmyG=K#D4X?-IQ49A$lXi*~VRh0|2Ja+2kV49ov%dH26 z^%wqoK3Z58zoc!JQF8=H&h(OB?SXpOjH2~FiRGWTk)ywc@%56nd-yf2L#k!;k+Da< zB~^K>+ml8|UjQ8l*0;e=so^xd)c41`EuZ`hd4~sF>Y^t8u3gtT6@A`)*3${!wEv&J z8}6r^WyW}FdxqX_8K9fboX76&0I3;>Y^eYnNtcd-{>@c0m#D}!0Fe*7J3iE7=^En$ zq9gLn&654{4W=tF!!<@fzIHpt;L(KG{8#WoSOfYpO@}t$O^&bf=JSfgy^IqE;&-;3x)jm%w1DwhLdim@h+Ed3@1-~H?=fC?t zROM(`?H>7gd=dHdxmuq8&$}V4Eo1#o)*Dsj(@Zt>SQpoJ9iWa#e&a*1GHcfwiWn1c zKvaw{OMkB%{8<`_@NXvMHGYEdfJisKlDb{(@dMtPGN9ogpYCT(*}m1F|J!@*FMU;5 z=@Iy8zY^aLZlR`i;Rr5%TT&3z$zyq;a-23dPkNQj{u1`g@`F zcjZKvR5#pJO7TIbKYl5Q2Jmx zK)~RLewmh1H)SL#0EN;-?7ip=pkuuxjaTv}{-*%YBL7l!2QPm;cfA`i= z2pxrT##9nW$4&_&dNqL>!9oe3eGG{FrS}V4*%55m2WlLmRwi5`;FHbeVqPKMIPmre zTS9$$i7&r_h!u>;Dp?SqAZv_;G}U zQA$YCrr0d8`g5t_V^UcR!j^IJ2(2ADnE18^Jf0<-`2^a~AWpgc^j>hq{lCzp+#$`> zcxWMqAao=0BCq%N3ChqP4D8DX!ejpe$#-l>*>(;4k`a+PC}p1ahhXP03Rj1ua3TOi zeL{RJ`~UY)ZJ&_g|DQs%%Hl|1P9ClGh=l(VDnVh1os=smvtDzn*{eT)fWU@&iqb#$ zSm*?M@EH9;O^on?U^edPOP3DP3Q8QVS5tSb<;k`)xFEvzs~!JyZYJmEMt1q1`yI=~ zd6_7$QD%ZO{E8Uo^CbQgQVU8NDq8A%al*)vOl4t`#QX#C8Va_LY$yeX0#GP-1XyF0 z()-wXH_e*-UoLORN*wUoI7#H8 zgnVSzYBZa=3Oa1CBkW9w^8jERBJIm8)vFiTH~8>ACK3iCTF9x^8DP{S<_qe7qQq40 zA2l5TlreszoeALss6}8nBWMBr=Kp>*+(qBtMWJGcA0R9Z|sayxK$|5L^%}t7OSdAzIZG^Ch_^sZ7@#rx5&t4c$7C782e@pjKi&RZGYzdi zCJ%!F*F`*D!R0!_)HaJMQXFCadoG_Ef{qN5B4GPI#SX8j0E=fTCRva18xEreQ zEr*4F%ad68XPN&>AAE&E1-6cAgJ10Li(~M@;yKue!#HAITuaC!Nfd4)=I>f?rQYkM zHRuU2+z6uq)spVvW||O5R$0#U{ZQ7oeMXBD_E%%}g&qi0=gpY8!9R%XpsQ zv#T$}X(W))u;&%^TL&4&++)6v$@(e!sV5SZX;BinkRG@f@DF0r?O&(pEZ?CvcjE9r za@WUd)1G&cXi)vmK%VRbKpYhl0>4O{1$HFvzA<*5G=B0*C0^byq`2rX%27GLF~O~l zQ5JgI{|G>4!4(v_#cy<|#%*-ap-4b9ONriS2fsk=)3j&kYm?;kG#_tv_m1}fe;vyW zdM(^j#t;t3qyg(UqVDC@?Z<^NG_d9doio;ly6!(+|3nM_%3!f#T;9 zFZal904eqFZPIPrebIJ3`oS&V&`R=y^MaO4>`xD@cgFn0U~K>?9Sg4zn4)TzkA;rX zh&-4HaX9WX%U5D}MBG-`4cbE)MkR;%4{cBheIxRY1`$OB+im#oMCjh{#^yb;_J^JO zY8z24;K>M254(~olZpMBx1`Ssa70s~)TZAK)!-K@?+E?iG0lZGag2kh(@6U12N`!d z=P>$D%bs18KMBAMYVyJOSXzB$sd3ks(sffv8jab&xHro{b+tD`aOxvxtdv!_u{x?> z319*~KwPSL0&ZKe&ss1hvwr_7bq}>QwoofSt84^*SyYh^$J-%;8*X^N;@?9FU!fxy z!*v@t(e%f>7n(NAB=FGsWKC1Q?n(&2y}G!#4} z(|<_Z4`4mVj4}8<&Iln-b?j4iR}AAltj1AG4R2dFjg*Cxq$8-vTiXRdMK*tUCmdFB z_hTosN0pJTq2(QsayV!fezK)Ay!E9J`7c*7&iDrk$%Zhjm5-C@y6| zNyYD|KPKkMow~~`+Us+p9wJ2K=$B57YxPbAk{o!Zlk(`ti2UCU;4FH0!`Ey;&Q71P z!_5!kh{nYPOCp>FrQzsrJjt0;m47PuR>?)6N)z7Xt{*=Ru4yC<04WDaiXsIVNneU6 zOIxcSc{Tw{vW!Yt84v4nayczBD?$Z1aMgAsiJP}+F^~yn7j$+Qy5*W)~ouU{~ zEPEZphr*`T`xLX->{8D5!Xhyj2Kc4Y%Es77u}UTytz%cIY{URgUtwEHJMnDmB_3$j zz@GgQ-F9CW+wLTvY!sg zQBHyD^^H~E2HbdTLo`s8CQ;TQLdFrSh>JyVbYN)jYTd$4Ic<`21(nj8eTqu}>}>wbO#YNT zfX$#Kw^im>L+OCHQe+c!vt;XmcHYBmXVObp7=JmNH~S}Zjvhrh7DtY@Ss$oWmZ+7b zNN@zXKoB?0-y=g2dHuWzfj_a42VN^$GhA5HU%$*c9@xLQw$?kag6f7~DXJ3G@=Ep~ z%B#+Avh#@;v@QP`bdI z9qXf%dK+52>iu_>)d`gx-a!oUde(oAwV1vT`L%3Mnvp;D&YBNZ+h1}r3$vOG%v7Hc z+5{jVQMf&r>l2RfV_D=_yMd()Sao+`hx=o9R_wY|-ybXq=gxcXnHigF^2iPa--5z9 zdEIo~Ne^`+TS|>|Y?C2{ByYq@Nf7*(b5Vlw%$<&<_t!fCd6hn80cUcF|MSSZ1TFif z0(u4A{QgFnGVnGzwyylA$IMGsvrON>Ac}_>wRW81m=X=Erkz_sT&ux>cN~}hjihZh z0-d|kR_m=v?5O12!by^n{O_9QJOCX02sjpDWHf!0G1Qh#|AOz6nAQal3Ou_>xAhzyPB!k^F6ZQM@@XX6U@f_rJlft)pflD;|U+I)?VgLfV}tg#+UMem6_tZV0KeLuRF%PnX%2~%#f31`!P&by|O zJJ}jMVt`sVx1o{pNWd@9`U-L+um3cc6FmM+!!@@zA>{YTA9vr_Zc8lJC}!HnWtl%w1*v%!U(&+DcW!tuo)?eg~Oa1$y$>^&cSu0I>)mm5-6H^Xmvhz zY36dO#tQfeP@%{hs$=bskK|QSPj01`Os<}8fc~WHFa3DeC&lkZ0zjC6Xu2A_6p5xTuZ}YEHXwL@OI~_;bd4J-!D4X zj#pM6P~#WMqL+*PF=o!@TA-j3$l)tAK9oPF3v7mZqa7AwCv$XEq=#AaCY0xiaX@(Y zJKz8~1Exic6B9{)?MT*Phve2I0E@4b)kp2sM3%MeL~!RH=S7X=(#xr?mVUn~+RKT6 zM*y)Zu5nO-P})0pI^B%1sVF>P36amf+Fl;YDboV%9jYvUJzn!@tDwKAgojPiDQ+lb z%Xi<8HHP>P&SgvqECHV?V3o$r{>FS>wLCR*OCQF3Z-DoszI1kI%&^qjPE54dp?pvh zw)hYY#dKiET8p_o0fd!q1J+n_gd;!JFFmw{irZ|opYjoNgnujS{qtLni`{ULbWss` zm^o|Gl8x#OUk%ZQ(~Z({CZ)`4lfSfX_H25q^j9B{D9c$TMaEorF#NE4+|3daxV!sa z^n{xHbAn;?zahLl;Z^c^JW{5{`pRU!gxm;PF*@Qo543a7=j7Js*h&}m!33YUOe(Vv z@Ct}`Ks%wT-si&2FK(-@O_;Y`kvNJib9=r7-}~lcxTHQ=icuo^!Kmzyn0I%C(9OQ^ zE6pIUR1#Ts0jP;Q*=`krt{+t~-L5^7vzb70+MYw1UhfG@&ZSCmZPr8*XmGK}%NS_1 zNILM1~rg*~u* zSgckm>jid2B33D|1DL>btK@YIyK8|hAOC5I0kaQhA60Oij4#b*Sh*Eihf38^*O_bc zqnT8`Ptw0URJ$}=fys*WfURp|Sf|1;i|$$ny~9yvWBP%3tBUk`*o33p?~*%D=Wv`3 z!vrFch9AXw#Q;eH>xK_Tj=aknCrm;pSP+aapiilubqa3$LYyuRvU*sDPNeET#wMBH z%n~)9X|MJ@{?@_7QRj|_;A7MeBzonB-zX?um7{pv;*+dlz;EbFq-=#;oG?Bvpn`U- z<_ODZ*JOM~UDTZ;Ge5Li`rFo$bI7G<6LQsJ&LYf=v$$MtEdxNS(t2M zu3%26l&vtK@o$g(OofxTU~ii@#IkU?ilbwPSqI?2>f%p?(M3fr0_Q$*_w`whGTMT# z_q$4GwH`l{LYbWvv@Geh@4BpW}+!F2JC6s+nMBM1(lRd7Pdx8H0* z^KG*aMU?cgiI!~4z1%gyL@@p{)1QN*3=;jh7j?5u!65;BqFhktgDU25x#+tK_E8ig zhq({76#>wfU}^$;xvW*p`hn$@nZSB|B&o9lQ4o0S_(oER{(b1G^W64XoaB*)wObND zzSIwX!~Tw{j~}KoEsttg1@$<2ra^@UMiG!%1l|^p04u%fkpqutv>7{(fMkRjoAFQ3 zH|dd^aptGy$_kOAD3zRY**ek0q;Jd`xm~g{MtL8SH$TG}oynJBD!K@iNPd>yUNl<{ zx6=)?akqJNqC=vC8!d(=r_2-oYesP_QD>v_?E zjW7l|FC(p|4sHcY!&%l3P{!jQ7X`zdT;}UmI4=KfA?B_7LCF||cErJwFWSJF4s3@< z73pnuXPE?p5}(C&@<^fPjTnoKj)MbBza_l%fl+D{_Bmj4!bZzUgA&!{^;wN<;l1hdtsrh@uyz;nnvF3c#E0d`e~?~UVoc1& zQT#16o9d6qRvdX{otG`?_bYviN*I*f=a()pkj?zunG@cF4^g#9ZJ5L9v1%WV%TYD_ zKaOc46#L0atlguXj`bzA{^UpRBb2mBmZNTirLt4Tm!HGO!*R7F+T7EvG9)*cdE;tyY84>D514;6u zR{muS{#6;AU>eX;iZ(nwA+TL@6Le*6^`v}BJdRoJN-*In|kyLWIbSEEV8 zVXnyaw7^c-D<>vDsRz$sf6xo~=KZuBV(kaoDOt`xEzE%p75X=Ulbo`!m+e{&xP3r7 z)j9*4TM=Plt$A#&tvjr0GHo0QfHiE(b?&i$$AtO;nGXQ8W!X z{uzjh7)O6peTnA^jro}${#}zbl4_A=Qv_wC+pu5}y`8t2@y zi3#B`P6ll4+&T5YA;3Y?qUG>8aN#3{$vWO@5=Gud5}@#diR;1q+rbw6?)r2`z%W|zi;iwXT^3+G zXE(P|MZbM#_S}{%%;|@At7WnnUMU(tr@;V61ducR4EWnUHxNX=x~<=c^lv+1 zZ`5P!-?M`5e5?T`3iEF-qSnET1@wt+P)5RW=31UbkIS-?RXA7#RdgA~6UP^Wj~tYb zO~*`GM@RYu^u!(#X!B4N+;!0Hm`dPx?B&_Edm~kb4f>|)=MA7k$|=%VuNjveRc`_n zqgK+167paz0+O-Sf11Oo@jM;VgfR^^+`(<0xz$Rl&IRod)Jl9oto}Lne(s&hsP^Me zj{)8Yut{E&72xb3@;Zd27?omGIg_QK%So`qDn{8gBaj!yNlqJE|CMK(SnA`PJNjdN z8@wOrBJ>*XRi&zt(5 z%^c6Mt0*5aK6oWoXd)Gp2>3wwNYl1WhW_`N-hs>5_Dc;ro;QdajeFyCpHUA>Je zrq%kCf6x;83mAAGj{?jdAABq{QQ|sZm^TR4L6JbYp)d4=Jjx}Dg^y--%v_@Rudv?V zwW_ZHo)A~D_PICm$qgGV0^6#?H(KItutpXBasqe?gCRlZg%lxG@Q#AUSPJ9Nj#bjG z{_dblJEV7D-$A8kI448kH<#y~Zkw8OcVP@0h>b94Oj$5X94+as#a}6EXe(B7R#QqNAabZbvGxAIG4L_ZdZXAyBX?7d3~#~BB92S&CHyIjk=ukmTzg|5UjbDkf{ z-8Y;1H1)3@oxi*&$R zvYe2Htb?$PvK(7Y<>-iz=OfSf59ZUyvdWg9%MB;Yb5%qv2wk}=Phg3R;L0z3-%udr z+_d%bTk4w8xG8iFHN>(p10w8<5be?2N4)67?6O-Mp-~)@)2O%q(H|d4#txlU&eQIPFPa3r-dr%u8$DC=yUri6$mK z5-g`#tLigbOVznB0@_qP=?u8 zg)4U7D0g0nRw*~4dLY*Ra^~`TS;n^Q_ZU@z=f;U4bB>&yPD9lIoK=d(?@a?ZnS*cu z+1?YKNH**_;;n$jCHBNM7{oG~6WO0uJ&B+$JV5A;lljai{_sO)0OeR+#ShrqQM9%H zp%E2%98I}EDJb={lK7EqeC2g#;~i}$%eav(hw(t%3Mfz;+kEhrF(3&qYx%-zx$SZx zL-_t0NSaO=npN2Nv1=@ylUcrfUak_BZ#S22WA8&}G#@A1!mqghasiyb14T={>9$+y zs@fV}1hZxK%IO=D)y26VZpmWcKi9MT>0M6caBRd2j~i4~pk_UNepLKnLQBmtcHFBc z5q5KHlUGbuq^AZbFE-Ij6|Ps|nkF0#LW+zzJo+7)erCREs|i3*%N4(yrtDO7t``bk ziD1BJfX;IjV(V+|7bx|LOT2GF?;`2xrik`vRv4~2&p1CRA;?1Oe>bP$_<6b{E92Dg zjW>?pwp9ef2GyyGG?j<^yU~MYQ-48qXb!W#*-62S7}xO7KKn^FfDVKP1g;!LCx^zL zGIS6V(ojA}Pg`HZ`}Co=S{}VwOn)Xt_$WA`p?dsYwkyR6tI#t+y@S71z_x%WN9Pc4 ztA#<&16ljAcYm%fcJto})&SLZ1$DPwSI_&o3!|DhdF~DLm)3O-sm4^`=cUZq>Dp;v z6Vw>VflUIF%{9atw?e{L3;m|B&W7F^A!6E!=N-lNYNn-Jg?=&V&w$e6@kfS1|Kb;v zHmz1h8y6VDtLHM`KuEpcpu+Q7kHPmw8dtx5O>G&qsfDfE23dP|A16}%u@K{P-jxAK zB5QjF9+6-CxSA&+Ubc7$7Pzzj=Ah=Yw8BkjR5D&WinX812`9exXB`bswDLZRB7u%0 zpj7iw_x5S2T$w*kF%faSLoK0wTgC`V`yw1fwfwJ~d?mgT5noZZb zOc$@=PiBmc?ldd~P9N$AMW+MA1#n4SYPdZU zS5?CkzfVYw#;mTYH>nwn{gROi4Ky|1v#gx9o_wz}w|qt@kc=W)i;a_r)f8M182^KI z*c0b_(C-29bwWH`wT{VL#xx8*@*C)$P^y}YkTYFW8MoQ-`~8kC^>y0UV;D8#!_LWx zpu+O|{S|M-=$t`(W#XU2KV=qQ9!>t%`Bh^aT;fVQNJ}_1PU^$oF12<9^B^`#zUD8+ z3rKY%PQg$?DP_pn=6RiUZ^x=jdFLXSmFE`{*?3v4U2=wR6kO4QAuo514yJAKTui)Sc5^B7E6HZ{Lj}=mG|e%w1HV7 zP}5>H8j~Dy?uXv+6C(e+>i41;5F=fNhnl*1;XgzEf;wB_;+qS%U!6&Sd3*0ZDH``2 zT(cir%;&TT>q(H)V+h$z`FQ3R(_(I|c!JEG8uR)R=;6?+hkjR0Sf4MkgOt2HpenTh z&l{A!6P~775p)l`(lwB)FV|u?I1+q`!J#{(SytJ$`rWkDgMq;ws<7qD6&tQJYkN*u z%lt6~<80O3s)<$77O~_clmdfcL>{8gDD=9fGgm?UU9tAOn=T}!X{yOnx+%|71Sg0I z2coA!n9n%S%hrKfd_%70aS~Pxb_OUTst)LDmRh=+lIFKP7@_rSZM6mjw$NZ5W7ggs zzf*mg7umVLMGh>Vak(er*Ou(^J`C=-J#vLDTO|QpKOqtTPT*!N<5cK}bpy=yMLRXDSy-rhR+% zZG%7|ep~7NRr)y5O82Bq3Ks^<*J3}t`^J@GTxpv>$7Qt`dh`;!brc+)6RMcccXCg7 zbWtq~?Q6Kt-t8S2<@NG2uCx=xBO|5{J`pf^-~fv3gTw`IpdCgzSp5?4Mwv0tDn%!s z<3YXwplaFDxYg9rA%4(wsYw=y_N`sLE>}a$&ZVOQ4!vd?eMhSO644|niZe~$fkmUu zj2JtowFjr9d`8iVAH+BA?o=wD>nz)mt%J*d1`)+0JC37U=FL^@r^@I&nORL*`3RL6BUI zK))uN+mFV!o|8ZI*qnED7?bQJk}O?+!3@gr3>-y_ekaJ&p4d=zz$R_QDVg3xA2>^X5J^~nev5WflV!w`{i%nFeO%() z$A)K=61K^9GF?9{n_K0jtpx!#=fLC{nn%;!Pef&#??QpneS?ZAJzPKMK$uN>?QLb9 zn?EP2)rC$d4Kk>;hv%1uN66i-FGX#~+8qV$tY#t?jHMMD+By!iaqX;Se1BmGpP>xt zg`A#k?>4fal^vV&v3bKtb(7E7CG;fO?gc@Q?Ib;I9++=g+B=VSXgT{ye4J!6#cNw@ zg_)A-fawA0X)N(_M10%yVFx;K<`!+vc<%BuO8MD@<{-_co*%D2J#wI;?UQ}7<2N8t zmWBs?T*7w!ZkB#nR0BkFZGGTS)wO9f0;4+GtC!9Ezb+5Lr=30lE32Eoo8#}|qME6ir8&6T1REW97S zKciT)$}>h#z2787Ce;4CqdRhs^xTy~j*76`*?JKCwnOO*_#8LPhM#r=z?DcGVKL=M z-PqG)2D1^bIm~4?oUEI!w+9B4PIXz?_pb?dFT#qrCCYb|<(zH}nEkw`H;(01Nq$S$ zvsXjt1Xp^9Tq*7eoJgbjzPS>|X|wKL^L1kZOfR~KmkAzPDdHh~1}1w%#e9O&TKSIi5HP%#o$0pKT^BPAE95Op4m3gWED|qBB!=pCp zOjQQdaayXs$3aBnL8u|X>WwJ#mC+b`n;X1f8C1VAtO-QtiF#M5KA7?h<|IdroS+A* zEEw}VNZytbboMX9=>o4K^J@1M>wZGRQ5#Yh!9Ac8y`?w)tT6ONzwu6$-2k_1MT435A6@{p(XIihk8BPOKviiEn+)rF#P)v%X%!)M#N<25M`@%PPE7BZ%{CIUmt zC7kFtOw`S{qNzIA*vR>%RUF|7df@R3_c+g$PXE?H$k+>3J0(7Sdp+vzZh>X6wiNfT zTWroC7`p@%4skE?ozJA*elF{bO0ltbdK!`aYBxnA6RXr0z$!cH^UmrQ7_+*mh8;O4 zAr5Yd(trgYH`;}>RxCc`&5rHrNwLm}ZBfCenn^C6YS?7mlLfCvi0rmoB7)+j^3(#9 z%MO&K>u0W3Y@AhZ>bVj#w1$`8{CpWKg-bdE8%CwNb+5!eJ3Q=)4K7S;#^?8`nU5B% ztJKaowP&8K;Kb0BrIuE%=$ZhPY?z_o{)~E42^G2LK%a8HP)C_RoE5ivNIc~BDy zBq(L^dX&4})Vk@^zZTE%hT5djNLhNN7IqA<*vuW=!#+5HL;YI$@eFieyT5tpn5ww+ zcIam(=uDEZYDYLPs#cy}-fm%BF2`v8kCoa#a?Q(caXw_1pE-%*{J@qms=3wvl#bvce4y_fpXzn2#Mnmf3#Z}8ok zPh1!W$#p;03{fBHP6i*BaN>za512XZ{W)_g?`Hy0>B!R^g>LMt-htfEupnT4F~-22 z^(%r>ZIE6GTKx~B{ccMOj6Mz2@l_w zjg#a_vC3wF3{J0@oFZl4FDoBYB8xl?i+8SJM|_%VZ;YzD7k9d+Bu@s9GJuoeBzKzK zfinqbwc_uke{gh#)K;d-vDdF{x*TbqD;9A+Z}JRD=yNqD~b zgi+P`TE#|L_?^&%x|`~J=RmWwM9@(PEE=s18~EEdmL!K7Wf|5Mi9rnEi36xuU?#Zg z2zMuR6_)=KA?M?mpJYQ?0aABrbAbZ&xsD?J3MZDh-J#z6iULUP`c`{g3u`GZ4Y{yU zXH(%;MuBIf3Vp{48h!}-EBuw3x;!ZW*1nQr5;}P~dn7vWR=?(6=_+`d$cO~~c3Mtp z8Z)7Z92b>=*RGTjpXr5$HeQb!&}Jte4#=TkYFTu9^_Iapu~*zzF8kZkRQ&_b!4kI< zQn8V;tp53vy#sp6Q%VnumCwDUOUN9Zw43b874xNE+qp+8w#fUPdcK8`S=H%+l9?@( zp0;n#pj75_BwYQJd>!ntwKFHl*Wc`{d-UI~XaEq%W=0h z+(87lPZj4}f(An{2UL!Mm7wrt30ojG< z6H-7^Hq>ADY;|6Hl`2KFX$@&JJiMAfTvn{T%;wfR8u~ubhBPcrJO!Q2>imUnX&}D{ zTFaiJduJ09Tzn6^nbv&W%$(TTOORkrkBG?b+DI|;t#ZlGJrs`~pIKgM^VxGrxYD*z z1E{}#L(2O!VV4$^jkxl~JVCa@@{!XUr z(-OJ83uLe6lL>uKD{cN!o|3Dfj5;kj>0KskGtVxzc%JB2s&vUu8t5N1i+(|pLePKhl&?}UTqDC+f3C_GI@>5M)Z246u>aFa6q#MuWqsq6o^7!=%I0>I zEnaopD`T`Y@JRD=)#eUoctWP`RV~mGxUWw|J1il^*VO`+A-KJ_FcR)Q<|O;pI6bhx zKYX5VXlaTmJ7`4Q596IMyrxM$>vBP8CU~#-_=Zl3on4C7-h4`LLO7%4=knTONK&q| z!z$t88Q;5OgAG34C$_a;jQT7UwXhi|pFUSmF0W_(1$dy^oGykg2S!JPM^sFWD|2hA zC+fzK@=H@Zfnr))db`4h_Us|ZdVr&1u}C+Aj?TfuL86Jd<7SD2=P7{@(~1|AE z#kgrQZR1l)Jfl{S4CrKlPPlTzFSKz4OavMCE>Z|EZ0UJ=@U$7Lu4P$ofuEX^W9jZO z<-y<#602@ZZDYzE$xN_r=ECIB(PpqL$bhelI|+fn@zvXe#_6n$E&*Mao3-coSLFoT zqgoytO*8-PJ{=|C`Rl8Wb*+Gz11p=`F}6mR6V_Wg<3Fa?LGInhLm?A3 zY2MV#eWtFI3xB)jx!qMZx6(z$WtAa+*~PoiNym_=`Pi||=ZmTw?LR?Jl#82EXw1kN z@TZ$fr}Kbrg#69qe;s2`*GoVDZhR4fi@e({xfy`4XkXfb9D0P)(A|rS-%g;CdUi zrJjQQQ2q|#4IEg;oqyNtb4>Xk&+Hen>WIVN^8}D$y?cNn_Cms3sRIU zZ=HS+cywdvpJQELc2=cV96T%;S4%~1)OTOeOnk4rqRaB;QGTl_I9qmjLI53PR4oGM zIk@lGSr9VS+l|MwCjabk4=TSTl<`d7KO;hJ#=52JO7eno4XdKw-VA7!tlkvGe=ktL zo?r6E-bh04KqZE9VY5muG{H*TUj%U-IU=)a{6lHbiNGI%w^^kO={bGdv&2lfT%cfs z-K=MpJBI-m{*g-Yi&b7!+VMJrst5?=vQ@c_dC|tBTTf!7+Woz}_7{61QOA3i84yY7JBOeRuBnAZGmvu zp0ZRSwDxzp%Vd#DWT)m(njV6#?TjbrJt-JNb9oIHfUrV7;=_{H^_7z%u-+iLjp}x&bKxhcKi%^#U zXSau7m&kwk)4AmDXJZ#-U(=811bZ^KON0=szY&3|3s^@viMw{-uEX3Q6y~&~mn}3= zJ*JKv;3Vv3!7-a(~s57j{kuv4D`CJ>DmBkE1YG+gCo8Elh+E&th8^; ze42b^J{90Fr_K%4ZQ!oMOidyLAcL1GXZze;EWh__&`mla^wH%8l71>3O3$x%Q z1)~)uhn0V4{aO+gj2^BD)D4u{T$!|@jeA!kNdJf`?hlcO?^U`pr`Vbe!xOcO3>7UD z7W~6rTh2Q)Ng*n^-q<_Bwj#N(K)c=rW}w*OQW&={9$Lw&@jXO4elfA!uFb~ND^V~_ zC3y19Q_j805n(}umtKYE?|Ey$LuCRQ{k98<<_d*-J*PiezP?#Tx4yI>h%4baLqOkh=1pqI6U_(>-XJZiK0V}z-roH>}$s7zitPaR4+ z3;MnOzNE@)+I^>iM^WI-P0u-IA$P;;@(u>Y9j~4{ENHd1k3=D(^B$_f26N##LC@ z%XGM}H_H>)%1NVj>P^2dolMUj=#=~*mBe;Y&s6=#8eT8y_*(=y=i$k_80vw$UkYWF zvKN%3SQAIA2y&csW*YCmHj`TN5V{C>R&j) zOy*wdlYqT%#P{yoZz8hBCtRp^*4MyT^C=r@y&ujuZa25nQ4jOgKeQ;x+8`d~%E+&I zb51ew@SZz1*|P`|kEnHIoVcUDy1BEQbLCg!aq{|tVA^LTRp#Z%AnBx|pG5>$uZw7j zdC!a8dKV-s_8{MYazV-^sdzdnV#l-Huj+Dxt_if#LtPk(ygvlrjLKG%LEp(HpWRl% z3wAJBK(RrFyWFokX~tnt)CA70rSscM%=9l7T* zHUKBRGQqPdi>$>SRSmgrdp^f+wXc9m7Xy*s-Ir8%-Ld@4%f-PaWt>V0i%J$=V%S=C z>EiFssR}cTUb_Xu=J)@F)9=zxz_N-8c;&$SMCQGFu|h$FOGishznlDK2w+Q|9@1NSm4ZFSp=6&ko_dhK0jIedi$9+=T~8Cs3dcFoI;(cZk z_ugxSUo;*(ZhL62omdRklSq}B_SiY)JKrLTt#yvIN!c;af{NgZMAz4 z&P#~Gmh2+LVXTJWyt$jtfJ zi2064E^S=@-G1Th|sTK8@r?T%F)}^o5jR)I7=F0-x_F#JY2sS_iS~?scUJWzXR_xfb^>x z`-z;XC^%y;fJnSc-c6y6HkjHjdCam1tzER*y7mMEK}+L>=jqG<8Cj@H#Rqb75u z=Qv#lJ^w5>N&<^)oeJB8oD|pbJV<3m)keWIL(9o#CN?lIvUq*>6w_9wr%C}G(;KCm z{M_aV3<0A%!kd-7cYk}l$>{ISUEN6yYg|yUn6U6W(xg^r2CX8Y00V#O664pv(Z%Zp z7bvH$lzz4AzOl!>SOGHi=urW-qurd;L(!|I9s?UdELGiuzKe?#NW2FA%WawP&cAj% zbXK$JN%x+f)8_aV)tf~TK^-?*992(t8=KpJ^OYGe%iZP0{_snk$V2Vm!_FrW{dTdl zLB-=7J5z2X)~E=D{3X{^fdvB!O5z!tj#B|pTiobopv`bxHjkhb;fHCuBfNLg{x)1( zEFvn|#|8*oVIF?N_Mz`*8H#W(=AONK&7nUv2>FRf!N#b-E`?PFP#=WqlGAg|1-d z?`{A3EH-%5Dfl94@zKB!QY%|i8whhAJq~Zj3~#qQ{Z9Fj{|ir{iKZ2BJ#!}Z zr&A5>Ks^ciziu*Fa+zg6Xo@~|ebxX(wAn@T~9+&iu$n!m!wdhl^LQkj1 zlE%fzPdtlc0nMgq9H^Al1RPWF&h6_P(vK=C1L=m4;k^O)I9~kh37_yoK*;Xj5$c1h^}{V^QPthp=`Y`WT*sO%N_=$#(Ib z7}NEW{xltI)tMn2#N&NT&<0g;1`>Qx&vhIN#L+{ueozP*Rcx|@f&PGDe>!lhPItiB z`mj}J!vrh!LPsVinwl^R`V&H9BzO4?hPF>its#S27rBl?CJi(y9rU`NLFMjvVUsIw z)SeTxpYoR*J7T|W*_hQz)d$?T_OjbxEbB=0FP)*%?6y`Gr2pZ*FpW@edVsTge6bcx zH+AUy_C`ZJCd!M>{Lzb(1n^5ULz|YwuG;){Dd-Uig7d3kg0QFg#bL<*Bn$)op+kS2Trk zNKw(BS#LmfPtkf<%knQa-S)RiT)+BTV3S|n9AT}F=BYbBsBVYie$OMLrM@#lv3u-B z@u`y3fmLjj-aVK_L<7|XLz+WrEviU`wvQfWTQOL!W2t6(kx0dz1P@;UO_H@LwyR`H zH}XPCp=}Am$eEjfzyY1fGgh4cwOxHKm=-n`PJO;{;{b*o-S2;)liB?Icy)7Ic>yd- zy=w(#A?l4b0cWMR?Y7siiHHz;)6sXI1f(*B(3(YdIL78jT}X}Mztu=uy%#yE#UtC7 z@MJd$Pd9;u_FWG=4Hfqi4yvmM9Nes;dio0}<5gj``5IS@MjWx(_1&@d9XbFpbT-Jz_0DR1}zAIMt+rs=q65vDJ1ve3z;fgxA!VgY7R ziRTsRtL%UIKf|{M_fZj=N;_&po;+@o{Xguz`9D38f;krpCUN<&!K) zO7(eha&75=Y z`?{~?eJ$s@gdA2k$a#6FaFRBGe1y@igN+HA1CEcbjkNK~ah2k{|8Z95uP?v(4qEtS z-+PAXntg$`&-&FT6&sem_CXXVZW0e01W_>npFedyi2yBEk6^gZ@k}*MThWIHPt;H? zSb(F^L~{N5aDt4S9qZiRke`aPj)V0Vb4TWp0QSjjEyIfM5~csx*FU?7@8XM2^x=23 zn0|XKXyb##0~O^Rt|g-KuZhi5J8sr4^tBIuPnMLWaM8>8pzwh)K=t5l#;fkAiiMiyg%qIbd0P%L+M;(pU z^AhA$wDH3>vQ=66446L0IcW=qJ4PXA$*Y*}zd!`)_Ihyt`}JwI&~wu(p7+$HJbpA- zmmZ#>6|x`3ER^-E#dfUj{`yM>(@>ijqQwTdx>Hd?|PX%K*PBb$@@`W(qP#S; z{oXO0Co%#~Y>=K*L|+UX0BEe6SH@T2iF2HJrxDOWzrMn@Q&fxc{8aKt)NSduD9}wb zX?o5M&=OEZ2XL+#lg{ska+-q1hc@0gjr57B%ox|ic$&n|6S$I1tQqLNQD0j z@aWTT=Mqw6Oqq&x)i+Agj~$m0Hv}!sEGBkNss6|a`r%>&kiBwyan8{=N7g_~LCf+SI(S^@Nj5G9F6~HabR_ zR{xmzSkAm4HddyU+F!F8s~&RRb?%y^S`FKPeLA+r!E{_t4$1B~AIRaN23$H_oAJNW zag95#s#&FyJxY1&bgNJOiaa&{dq}|3i8%?}@nr;dB)*naeE#se`oC#GKLX0h#5DU1 z^Cu3xH$ZlZsJ#A+Jnbd^z3N&Z{}9YNpB_D^tc=Ng44Ruy*t5tcEXg`MrtR*e_+;~) z5Bov9^X+;sIpzgoHsljtcomZUsD0oGB1=nch>cEO8=a^vbM!W0;3{!|p}SEWJ3YPE zSFcuS+fMR8C#fVbpSKQRS`pvN({!jy!Yz_-1c^|nx_tx9j*KgpYn$sFwbPzi_QPoP z)!Ijuc>BMXj$4rTyq`Pj!=kX|KWVz9VHDJwo9&aGfXe)psf8?%7_V4_(Xw|4OegQ# z%AF{r)acc3xrnb1)|WK^7?RrS?E5%pFz(mgVBnpGC@xdQ)ADxJWp9m<@?R1XdgRy2 z`mau`WcOirU8f#`QDVZGu8QR4;ih3g3Ynf{QUmIhX0DBV@HYrO4N}{$BjbGr$Ev)a zBihSM3|nZl9w$Gm?s`w$5@DW8=Ht1S%s!F_`|K0`q~N9<45l ztmaCV{e)cQXI+liVa9#T)YmFhnv~F(kstmdhg>=ui36{IUS%WJB_FY?? z1oms(_a`?#f`E-nSyG`2-UjnIi)Zz)SeMU7VUq>is&viRQ=*|J5{%VFZjlitw|pv!q?(^5?rYaW#aDm>@e?^Wtv7Xa{07)fa)p@)YkZAU8l^k)eB<$<7t*z8XF3vhmGjoHTenn=$Z>{^fd~Ez3m@ve(3mPTxy5Mlay7O@F2t`v$li64`Q=@%yZxpu_8NITaP~A`QiOm9;(~3yhs$8c1M>y-!mOM$=B43Du;9^deK;jwO}PUOQ^RaxK|s1ZLP57vR?n zk}i_X@2x1()zXUPyx&F304jPFF(4FYj&gX_u_CrK;9no&qx?EwCFJ`PzP%)yi6nCzF-RfrC{cEU;#cNLMz{_##m=w@*PJVgHNyt{-?Jb!is3ZzS=2@ApNp4?V&h1&|@^+CKPxqoE@v&2tC3z&!sbbDp{}jiog&+RT~zunmB}tN1xK|ORfP*vo%Sc z#|s00XrdEicZ8$P4JOPPnGR?jV0Ianch&;CMHnoQ`6UogHm<&q@1t;*s6Mg{ub% z?y7CD#%z5@QBEv8#J~2;E(GbgpF2XCQly8owMexr zo$)SL!53a2Gxo}vdX5HHvQd}@M&Y?ilNNtQ-ReNHOs1T6;}3%-zoF~a$(PBufJ7)( z(jn}N&nCqyr(-BJq2(io+6?02eaA>|UlN9@E@ccBXj;|bTmKA7z@lNsOp*Q1rTq2R z7zQ}Kd%(jl@z`gR*Ur`83c##d!NJE&Ow;Y8&Ey;P&RSroQS2V8SozD=a<>t>^ZTB#9~7>9y^{Od5F-% zD;Q1QU%|^nBJhB3@z+O;qkww^CT{?fGuqdGawUJY-gIwE%l8d-Zy+IRX1Te4#JT6! zpP%yDyXVDY;k%&PDLU|(E!FVHXBArG+u!;tO~P!e9FFlvYIs{k@L2582m32T1RORE zjndSI88=P}K5J3-D3V|4haoa=FmWyiSAjzReYYP(NY25! z2G3JuGtl4u5dEiy(5gZ^9aoBAshlItg+!3Rh#b(mdLPb0X096W%B$L+{^H`5x}U7! z8sH!A^FaMWN1{T6ZJ)=_wL+#xoJ_Qwd9YAIW_R{4uzXFDRcQ)Hn5dEac&y?Qh-c`- zMW0~CEhU=JhG9LqH~6(`>H_gML${bue5GK<%$qxSHP1ZfTl|5_O*}lF|66u8C7R}* zdng^ySF3vsXj5tZ7C|7O2@~7a&s(-qV_ZRR>Hn>p5~o(|QO1)%|8ODK0EtG;irlD@ zHdw%+(Z4XiD6WC;5leRDQ7h4{M(#zd@KK<2D5xX7?ZLR8o_e1|yqBA*{EtdHxI-~O z5fl{{_To!C;>Sj5%tyJOKeAIv|7WxXQj867F#z{M6@O_>zw?c#^|snj{efze2`w@{ zyjAvcMyK4KhHg-F(0X+~3SyI$?Y}Q_~d@?)Az3WMaGw`QYWl%K!H}3>*N!*?J(pR)V)* z(SX!4WamiAv0))DeiGI^P;1ivWxMY?y*~t{)MiI}FN-C=5Q1QuMe6=tfoATatCNmUyl4MDpr602;0>-O(}9mM?GHaDCcxsMV-i=TAk@ zkAcD>j=f|8Igbvpzkn@eTn#y#ASeTeB51h+M2*-s_(C)YhAWdY)FoR$5Y#5C@|rTFCd#u$Wz{p zlR5!7i8txhIEU{poda`I^DG^J2(`H=bI% z%ZcGZ?Qoa_jq??^tpD3((C!gE1&<0gqT{=gxKc~;qnKOO2!h7dgLS+-tNrgM(wS6$ zti@Bfo&!!xLblQoiOy4{pr{LkApDv&ZV;FdtxfcreU$trP`l1Z%;^emHoNxPJ=LgWV0At)ybZ&NM zG9~DTQ{8%D0xLqKh8vb9Ys%8OKFFm7w*URTF>f$Vro5~UJ$R=bJ9WDt|kh(J9Dt9k%XlS zGEt-_;MMsDFmpEHGLayA23Uv6@$ocpW`iOKZrCG9hRZX&P}Ks?eL_y+s_ds=s>}O!7svZ@A3)E>a73rxB6u;)VJCo_WEozMLb1 z;;buc-eZ|C5!oqzJdPe6qC!ly!`S+aitTiCT>qMm=z4H=!&Ug6F8T3Z!8UdsyI$Q- zCphbKMJ5X5ZjN<^!!Ds{0PGl`?jL8mc4en?V>o~!V3$R^HoAuLR0x@JBnhVCj$eO3 zPTbUa_GfNIj*eS+f*gjtd?=Gr@v@-a{~j;>cSW_=+sL5&N$$|I8F~&TnpYV(+aXAwKwsmD7-QEUFT&n}Hk@l{?v|i%7L~078Q( zAw8(Wi7=Sl#+!JVU)$LDxKnu~)mby!Uv8E+rgoKPb$-Y0gc~cZ%dfZxL z6YA45Wz+s(r}gAI%p$TB0Yzl1c-fq%yQ%4xlWN6QZIksiKCg$Up){;tRcvYaJd~J(&rW8RR81JumS_@)d zweQ)GfWtDGFFMjDHsifPCKv%de7*PlnrC2{n8CZJ`iD0+qFAD{B+f3_Z$yH_fwl<@zx%nYCAQ!2Q?&{0PiW~ zywC~bunWg)f&7upBBx!?VgMRbj^T(at=4NBOq(#wf*pf(6UrLNR+_%qQ_Xd4U0mni zS^y_XcoZb!i+e1H=}g8QxSpX>!Urqsq(0bp9nGK|gft7&wbQ#+7l_16O*eAT4g80p zV-Cr_k;KmXhGx&BnDtu1Agml~1YpTjYylyfgI1P@l@vf4LY!3g4BJ-e>0fAJ(}779 zS^50tk3r{*KU_`F%TBq1*xxyDI#fyvrY*=C8U-@ zA?SG~ICQS&UI!4o8f>rF<3oB4(U>*0tIcOVkJ~$5C;g-h(tJ$ePxdHQ|L(6}s?Qs& z2H*K+XFUvdqMBp81(dC2yfs5@rGciclTOK+75U&&Zc!)~1)@54zJa)M7E}KAziEk} z!yzH3rRU=pj+$PyC0kKQl@e(Yy#vbXGo>Q=XKH|VW;Njff(zICpA%OmeFiqHtmi;R z3MoeV35zilMhS14HT7R5O0#Uteu?;Xga1$GRUMOC$}@S*c;EBeoKKu94d~yAh?9Os zkZl*FOW8^sikwSH40Cu#(&Yam39El`7w2zo{7c^K?J6X&09}E)M%XC6qv1TpXPCJ~gJ}pQoE0Kk^?)x3eP{;d^Y{U;&@^vP>;JC%+-)*!6k+H)P29TbsbX*G;M z(UcwD@~ALU&|C2M!?6AfEBS~OpWKk-tkHs?@8!8D9~N<&iP=F37(9++UZbAkQ)MkHokmD9Q zSRJLWksl91oRq>QlyhiEE#ild7j?B&8thR)iY=75#%KcBEk=%SyYc@4&$s@6eti=j z!QOv;j9;{!5^6{}4@)Nm!py6NlQl9?oG15}74mWbMHH*{V$aWX(YiK7{x{| zMo1$i9G;!iM3)n;02Q}Fz7C`a_X&0%9x4b*EJc_H#;RGJlaK62I!yL&ai4`rMu;vz zq5-pOlqGFLRu(X0L2(CQl?ZV#F>PHtB%D!$8I3S4eMxp?D4N5plfteJcfp(5Z9cwF zWdb`QW(C3M-hV?$Yn1Hhm)RwSZtc62RK<+BEj?viY_q|6>=|NjtqRa z@IbP#7-U90{*BnoQDl}K$R9|txHQ`Q&eS63%pGa>#{%z{!J?c1_@>8{DIi-?5 z?x$TLcS>SN(aZXzv?=xj-X`UoOH30w#rQ-J{g+{5W=Mpu9t5AJ7%U9A@>0B=#u+c(mh`` zu8IR-vmdO>rQBFlojh_|%BisOIlfEp7-rxh?DoTtSV*IgH>^MG262i4D)#H6pamYv zcN&eYz)zEIuWZHx&VqF)wBSJD9bP`32oP4vh?zZ=G?akt-5@)v@E_Ti6z=)@&S%o7 z364iVICct|<787wfguzg`8QZ5%E44Ta-CQ%t}tx@vn7;bNO^`eK-?`EF<$t(UJ6|% zDJmJ&7aD>AD7Z~;f!hntHBJCPIfF}vN(+QhR|nDP?~%1;)639>IH8E%mnC4ixh&6J@KL4;xn zAyXzMUmzf<{+nqOe+s^Ow3@=0qf9`igYX_Xq%yg!v}(PX!KcJ&tsWR$L+w&QoAfueL4Bq#**Rsy88Al}&86wDpn_;`@eb6ys5EGMx%q+Qo<<6Lut&fQ21%b}@&#fY4KQK4QeH5j+;Pbbv*{=EsTRHy zDx4w(ibNiZKq1e7-+mrr7DA8foJ1BWRH}g}k`xAtoJ-pt%nTOhvMPuS9JwEOBn93L zn3D{%ujqBAVl1n4y&Hp?6^mjauL2vBJ2#wK(AX*21!_IEwh+d7X6pMFxLOduR@u_t zdqxB$!z-6I5#k~?rQC!QOu4r!`|S!pvWnh!u3sA21?gT4Cv07C?DxsKh(2#<%<5pz=Aq{5+eeWKrt@z$5WCOGHzW_lLfaP*TpHI&< z$nSFFEnE_5>VUm9?^#$G6UdzADz; zbFXL190MH&R?AZ#DLDzjPQs|WNjz+;7Xp8@ZaEHkMh*IQU<|F;&EJgieB$eXi)>^Nn4C}s+0Lwt*qjU>!y zy!eujb%7APw$ZEmwDBrtOo}X&tuH>DV{QF_flODN9YqdNVc70-o^?YCMn0Lpi19u} z$H?EJVkwXn`WR6l%PlNdj}@wmHnpCp9fNmYBTG3>mwVj?P}rOrae2Q{pGLF>zB;Piu|%Me=|DZ-wg;es%Iy>wY0Ag{{Gk1M;n{ z7$x!#pnn&MW6Q%9L<-A|gd~e}XT?`mE}w(HPkc&|=FwB#2En;?k@a=gdbq#0=G{t$ zWe~?tArNHJW`OkiyRkXBL>l8+=6#Cas&O3H+0`5-v^vMilV>PGC|wFtg#2uf`M)PO zjw?H>-A`pysQ;L2BNOqKJIT8a9nXzlCc$@3l%r4&7ykgsS)jx{D7SeavVNp?b%n8% zs69~T@3&mCX1c!nyHz%Tf+lqK&zc_FEnUaDV_LVmL>;B9n)2N%3cT6> z;S~y>Q9dbB!pr+#{r9l{$Ou9IF$naZoc*Ukp#O9u^q+}={xhD?f3V;`SnwY#02ui{ zSnwY#_zxC0`&T~9e@e*|^-60jTlMRZXg^sH7=((ql?}tm&$({B`Nmg(A$r23mPK_Wt zi0OX|bXRg~;jk4P(21jrV&4z$m|cOpRPBF4eTCa!?SF!J;raIee){ji|A<4$qQD&S z|0&Mdow&Ep#z#R7NtQYLYOs0599b?DstrgLu^^Bhu_yYn8u_o2W zKvhP}oup>{hi-{KWdm^stGS&AtGR=ZV!Lm#ok8&nVDCv-A4Kq4z6gKvgGiIKn!LvK z=o*60EFiLhV0MC%EJN|5QEj`QwGH`X;=Y_4`D`%oXQwJ*lnKgHYP?;*u$6TF%jaiI<*xiV0bA3_0^@K3-P$Pduckc#8kj*sHj<=EY zWvcgx_@g2XKU7C2?~Kwx6Cwy>#|Ygr%;LuDT*BwGOY)HWxlvh5ChLH@;u62mXNk_0 zjPj;VN1p~H&yB$e3rN(1$yPqpqm+md;Bxw8oL6FeM3x38EBG+cRpC(OaqmNCqfw+V z<&+KE37PNp#MP3Q?9a|ph*`(q-5$Ybv{4jXy_KS~mDPA155)DCLpkOqo*Q9O z!(r>Wh4%S`A;I3dJKuEj(mC_pIcI(Qr3ZZSO5zz`2wl!7UHnvN$)%Eyttb@LjM|Wj zNY3z#UVmL3UPNkMW?-BkREaT5OjRw849?m;Xeh{U=|?Bu&xqM$c$!vK(#$YPd=sAb8knbd zbX+4BOvfbJqYjj%{n&7)lL)-c6dcrxbPI6eg_6%(&ti%#Y@b`)11#w{c- zc0MXK-4$vSL)y zk0lVDgRk18!qF%TH|zgt87x%TW5oo8D?sZ4R75RA&b0yTo9_`KDA@!Kb@{&A)KFMP zcmMSi?r4!odSm{{4|)>o!ztMIIC33<=YdMH>BInwgWeb~P!BF_Ii&?A~Dil-c!R3K*db{(2 z#!a$Kx#K-mIoKQx{Oeg&7I%oXARNQfyKR^^TVx#Ax^qOD2DiuLpv5!n$c3X45Il^&L+DUy!b6Eo>c+VUd= zMfgF}yrZ(z4HJEK%wl_`zv<65`?qcMQ(uJ^&fDkDZfx>y{Hk4){pSU!56qQJ@Ow1U zW1z=l+9&_U`t3z~m z90;0l_OkTD*gXwvv)0eRlM?b|UFp7%g|14Z7 zZI-^R!-UER8J+R)s~6LhY1eGzy^LaEatU}J&S|(8)_nWzZ$ z;61bDTT_S6@4~mJ4L{03m(PxFD~e^?nMTz26=Q83ahsVjKM#SI)X9|c+$*w6@|A>kMoV=8GrA>ipmMF##nh(9;-LdaQJ-;2_Su**d07Y`V?SAiS(@Ra-?Eii`Fx zyJ{Vu^}``jiW+s0*(Cr)S7oBMCD@&+XS}IrD1>Ss(sri@FknOvxg&QSAK$+|-Z(U> z)|A-bv(#M8@uGoOX}#o@nZ+Kpub7(I3{}zX zKsU>JVcxIWGIz(!tNLpd?4P9?lqL+$XoZJF>>+Ipmr4 zyHO|1DsWtyO7Y#~a9s>_@O_TGfQ|6IVeMqO8zLXvb|!j1^^4;g=_CVH?mEhwE;!|H zeT^GQmtLt2*7`Ej0@mk?{D2axrE;b_35aH1i?IelA}hWk<)?LLbW540dAs2VswwWo~78(#|_#)8zhP` zS&AMIji`+q4=_R2dTLUkoFzjKZ?}G3A+5?HEiaESlep$zi*#zX>QI^XRMB8J@NPYH zDfPY2z2!TgR?R#QxhFV@=*|=V`0To6=h;xV%&F9`{W^NpVAr}0QQn%q}F%nhf) z3-Z$Zk}RC3z0UD0W$Q_sk%43F%X{W(hi*XW$6XIWb-8+zVFHhWU*4YVn2ZqwTq7-SobksyoYz4sdmh z%huLur~29Kw(YUh%i$)w1|sWSqX>k6?+8l#daxnV112FOQjW77sL$uF(6 zI(9H*fH~ zE@xgfKL768WHTMGJ$Sz@x&K)v7~Q_0d6Q#7-b)ub6gar|{35z|Ict2;je}l6H|VWY z{B2yNk0DYHgL@<@MvY%^Z$G>e`_kmw13kqVa{w^B8-qlgEVz1mW4nrm5BY;veEIIo zEO=VxeVja|FJ_%Mwf;Lp_yj~EDIjZY78gXZ7=wiVg8XD;zCxElWDlzoS6Z_Qhf&kh zr9D+_&%og`{joL3XTRe_spIn29UO&D5e%$ySLMWyei|824UfB>^b}*ucH#B`$WQ0) zz?V6?k8I|bD!kgw-A0R1w6b3lvW*VoLU_(xZFV8)9nkAH=m&E%_xkiLeYubh^XKX0 zFFJ;=_RESwr_}j%C&vRgEZ>yH@3UUWhsa_bWTtxWluHEXje4yj zi$9KnZM)9T@%Py5ci$n}&{U?mRXdS%DD59;y79wOG$lWIch4{Q)u)cH96-d(tb>*k zbr%KPO)i?gmnc?x_XgNm_iS0xu+j0bU$W9`R131;Wi=j@367Eagd$~gV9d7YLx6gJ(05MM`%A89t zsqG%S(beziD5r9lOYYsMqHV~~MDh%Rc0z!+nt(vWJPdwOr$QFiPY4Yi6OC9E^cgGR7`6N5R_dW8mG~v21}y+u24S@Ikie|w;MYKxXOHErYmK(h z!UeI&l6-;MTt-CTTwR>GL+Ly9I-<%zlg%(>#&wU`CBk@u$UI;*oO68d69b8x)Td~B zq)T;vw%3tCP|4wvPu-ss(l9IEISBO+bYlPL);2+`|*3_9j z%H}4DFT||P$}h=j!1%ej!R<-qsFX*_Z9ak2D#D1J6Bu1+G`L9?-~6_!vV8Gd-3%eN zSv3~`rQpM7ex_bGgh)kTCjDn&(ud~>3QY{8bXKke++wT2(dT%CXQKAGNr!T&B6emv z>3Y%PW00R_{z}@X_v@*|>MrTo<1{xW8JFO zfH#yhDj3SL?9Q^m{re4Vh#%pRyTe|^pHIb7r_Bzra=Q%ENobq%WFB+a<;pLa5!Ehg zH<(^gHZa__U^=58O5m;b4g6e(Zf1c{B2s^g*aNL)KMH5Wq?@ywTufeWDYNsP?KyqI z=j{RS=U`kIB8SUqlU*s5St(T>(cM!fwzgHtb{!AN-fR86Ecm#$PQ+BL#d9NBEi__Q zO~(vrn2_gWVR8y}*w7tU8MEZTGd8iBu^!3ZoBgFjNsvJvjW|1y6yj6%r-znZuk_yI zvLItDTmJzn$n->NaQZm9<2n~>-+i9Xn7*~@ANPAt9@{8QJm`&j`8;91rz7G(P?@FW z+}h4tM!--g+Ucv2B_F~ctU4M5R$VH>hC2|rNv?|X>%&Xo@EfUbQvFrH^xY9htZKlIP{e_35V z?R$p*_F+**^ifIehp|2becOVb(j_W}4vy`OKLo_6(5xeF1j{T}Mv=7UlMv3dN!fe# z!g}tVZ*KPkE7kdD{oP;rJ)IBoO1aE&7pk+MM%r`hDJEvJZrTmm8Ls=Ghwgxxk?Wc4 z-)pAa-^Py%I6B=DvLuBg&*%-(p9i#GV8IL+V(F+;M zC&ln$#aOSN5*lGE4?*$Jwsk0+$oK3ywb8+3Y9MjN*l@1kA-)N@&`Z97@_3{zNqr8Fw zk9XvX`)#*s2?qzCTzgp-G^<3q5!^8xeoq&I0-44_W+1}^ucDMaA1lmS%R#4EnJNHALp6x9Z-N9n==&Sr!tJeMYqqKNA+=LVByh zR+_BVYv#eBmr4~E4~An&@LH^vEiBFJIVKf`+vCg6Cq8!(R~&g&vZ@5($`iwu^VWp2 z5XM3`_%rmaL! zUa=mVco|~Bs@-SSHJ5SB6B5V99Ko|0(n*wy;F2xNkBhU?{M_Mtv3S&p3gLc4id%V_ zA41iK9G*@ezg%+uf<$0Oj1A|UWrD=urWeoxXqI+L9NiTg5i<*`&O2*#7M|)ZM-%NNo5@~#0P|!^$h3sIHJ}*kLdi z)G?_|-!@(~J9|A{*u8^Fzi{%OsJ@re8QU$(4&#qa6n>2kcN?%|Lvh6qXcN=Fsd{d; z5&Uf(V=cUn(=*c~)GN4_Z`=aU6+s8Lwtk(J6FLmg><4UF<+I#z^s@TFVxQ2;jG1uK zJTgD_R_%*dsh>*5Yf0I^7>c|N^>vZcf_vH6{-YHx94ssfp0XVnI;p+VZ)gU^3F|J# zCGHN^-``^yzpVI$RGLH94rNqCI`P`S+aEpI7;gesMTkW?8*WWb+evq_;UsLm z9HWH_2pV_&z9$)0z3d*s{kBrL#n7mOGf-~cOhVdAw095j7QP7y4W0F0t^0jyUX@4- zb@L$${vZ~;#M8d~^+OJiey%;B|Kh=+L`$k1V#NHG@x;@-%S_B-TO)SCcHnt5%3EJs zF`d-{ywuRh36|!M5`yKg5`CVg6R>d@;$$C6KcUvGt_tv`r9%XlcjE9 z(n@IPkaN8Ym3;QZu?3e!xy=khM{%zUIAsur`6ZK}-{PXLu5;=k7e4KmVWw^am-jpG zw|+xoSLzlvjtT1IeZY7b>24iI+BaUf%z7}L>n9>WurQ4z0!_ctTb@ieYTNd^IKC}= z!~`mW-10{K+Rdq^Oa`p#oW<;i($q;4PHy=i#--?&GleY;aPEQl`A4X(FH_6s zX|Cu-{q2wRn2fz*0)4-di*hSvm!4d9mGF#rbG9t6Tsw&CczExpC}>XSrz`v2O6cj} zz~4dYM70pjM}2EVVV^;Ir2Fd%bI%T|yD|skYO^&0d;iM1*N%(SwIk#|aTCnzTBz=w zOMgnDWeFta57iq?2R!tJ^k4NINKCK7=W2;~U2OVB>{q;WNO_nIQn z)KRkri?C?1LboY@8mQwc8s#=qHjDk9so4bPjwmK|ygxjPxf2RZ$!N8GepYd%R7dU| zbyby90k`@8l-{r@TEpHO`{$qIR3EqqeuxiHNm;$;<)CDVue5HuNV)j$*Pck_ zU`^b!8x@*(Sx8MdBaG_B0f+8R?;`v;BI(XIaW7i4s4Ma#zK%y}pa9%B4IV@}8M-{) zC781dUZ+x|#dhC2HjNm2!w?h#p@Ks+@Ao|k<3wK=VEg?EJx)_OefI(Dy+U1<-3dX2 z8q})le%z;P%sVK-r!?Z64Z$4x{-#|>$QMrsc|W~Ln`lYBVH_N5KQ=)ut~d-Wr-HT* zMS41im;IN-&U~J5EX#5%7|;w@iKcUa{Lfr;d^c2@enLT%Z_%gge5cRF!Pdx7F}Fx! zIt{on`symFFFf%$q%qKWS#m8d1WepP%~t%A(;Zdp%K_;Zbi{FdanCt2=^1m!fNn`; z2_2Y+%{flX*=#hY6MW=VwSXcun5Ap3+Y|naT2?O%W9nJ)YF26{p5su_CExSOtr_LC z;NB0(1nGF*@RitqU_A;S;t+KZ@-AYJet17+D_!NIK#IRg+&P&z?}4!$ z8b76$Bd>zR?jI9<0Q|MFJ-wyHA%6BIeV*~eAx#@TyWLZ$KW*Xk5Ub$~XQ}+poX3*N06ORKvKv?G3yqfR@V3;v zg_AV&{VaIB>GIV|6nNdSqJz3qWeEvEjM2r#H$e&fI+L0XMmV~8<)Mz%wQBKR&3ru- zr??2NTM)vcAFp(1A zCYR83<{90kB?K_|W-x>IC~(^v`Akaf3XR{n>}R`)d8~e zb=fjFeXH3{Qn zp%lT@B}D)YhbwPsvvCkhZpfEQKWh*?i~@3!L>AltJ*yV2J;t8)i4ca zhY*Ml4_~CeSZ}RdNP@~PxE=Lje&e26Z7`iRzP9G%a2zrVkPr8764;`_Eo){xb(?rL zg_)9uMCtFJ=Y9`H3N2hHe(-ok>>JSpyxKMRfg5y_(kw9Rt$k>C|y`|`h_&mwak^44eon*MD#}S;X{yqd_GVMu?_%Kb$I~aus}`zoBtXo#IEFt z9-pX*S&B|r@z${;YA$^*6?k#|xTrWFs_}+@aC$(-iAAeuz=UU^o61UeFSOkXJ0;$7 z(b*Dc4?}B-Lwe+1Le>^XSQ5qgEaX2cBOpv4vM|g;_=wyhKb|z~Xa4GsHAdQiGH27i} zL~eLD24Mh+UQRFHzIT`jV!x3kkV4z;lo%|d?L-((w0&}1@I8bU3^K$_XQ2=<$&iwV(U4$#>tmE_6yA!fEI$Q$d-6)UI*@ejlJsPJll@i6&mGZ_O8YQFI2|Jq>(HPs!9z zcS4I!zPdO~`Xel*d_+O8?o&zC-|SyUMHMW)`W{b!cV;@uejLHaGlp@g0^*`{ntyFh zkLOlpz3%lgzHm>ZCQF=MP~+~yy|%HuVUVQt-GeOEg-^R%4}NOGs2*2%=AwYB3FCAb zcH5&e>n}Uu5^;F=*?ZHyx^C&!6mn)Z<>0u%pV7##_kZc}|M}9jo0}c>u6BL-o)?pT zrU8FYOgtHP{+NQE@tdr1Me~qlmVfdeNn6X zhui@5AJ0U6rI}$L{y%&YOM6XEI}*TYGc7%7mYG^ORmTj5iT}n$Ut~LWWzL+{BK@!9 z&*B`gW$shW3F?}M0 zo(q)Q?KZ@2h_7+5D}jT_H9)SeANd@^@9!I%nc6Y|T zp&Pf+d$j6*Oq3f4;@_k>8Gs80=p=3A&b|vF>y;{izZVuYm!`>Tsc@q}RZ=vUqqmk3 zdyl2WTqUh*r-i|0`+L7a%M-q@dBc8xyG3t2m~H?{mqfP7dH?jF+ywuby|6uH=vWGF zhZ3@N5^8JYC)G0}uPcvyY!Ig&q>S^-?d<>lS~b zBSd<|#Z42x(%%^m7mrdnrhhY5u3malp4Bzhl@kc z^B3vpXhYiOmQy23wN7n(yl(R;v!N@W#eAjbA>36DdP%ir%(LgF`H#gRK}G&Qm7v3I zt4=;PC{lr!dlQY-I|)+C(^awCSDeqkXUMzjcW9aJDrXb%H139#-ihT0O?emZJ(BNy zL}j*VpP&3%dJ!-;=qO+E)UEqM@k@4S6!}~aLYX|i3&}+u8%MJxjDS!JQ7>QbzG#Zj ztMaLD^D;&+?`NFsI`<^_Tkl||?eSYtSoxY9%?wEVtxoesv%$m=WTrL2<>Evi%xeLe zol-3v&FhkcfO3-g$o9#rTa@vHUWYKSbXxTGX1e)Uz3Hkc7ae@5{GmENX|I_JMwgKG zg3UfZ59xNvP)(de4u4VghT`Icsfck!Lz?Sd#HY8QB6iF2z3&AnbkG7Hw);B+iy|ZF zT5IYcrF~@CK|11XCX^8I+F;nZ|7Ga5!6?nhYwRPf`*&H-bq9+#I{M~#QEQmCHdy7+ z)D@j$fig4hA0+05N|IMA^*KqjVs#jT9;1(>NPHF9vi^V;%82pYVTd-JxRHOY`ubJT z8XE3$2g^$BXIXiXn2HvC2$l8y-N0hrA&B|s<y z6Cudq`=el|6KuC~cTc6x&P;Wd_iNFN+(9}fSOMJiPw?gJFO1tLP$Y0ig5I2y^7Z&dzFmrh-@xG z**SZjBH5MQ8AV3+mVI`G6S6mP_Tgki{NC61d7j_z`TzIlbAL3{y~peQ+ViRgPd`0c z8K@p(k;YH@Ey>3%VD^Q$kHY=A*Al5humJu0vuW7`e;_|%9>Hcr+Y)OBzOf~7EvBx( zo+8x=l5Q@~y2R@^mroBtFc&`qH+0IYx+rx!@M5A&9s&~(WcI+(nQD_G-s()n;1JoQ zuhC%X{}r<%!PEj`3?qJN28_G#V$L%$Z{o4nBD!|kF*)`3WQ2gwS-x6{LM_zi5uh&j ziO)F!B|S-n#2$i0m`ZI49yOvd?9owcIi&yv3PuW=Zf+Z^u_<(W^QRFVc&LPRM{M!4 zSTK7SLn+}=9riUAoe2=^SRcq6RFYm`w=y-vugt%|9vvW2Joy61-!jAUu?&kNM|(8x zx(HKmLA@7Nux%NNyU?E~&nvZcqk4>Nnfsc7uT4gDSdUM}{ZVX&m<(QZ$`D-;omwy?T}1Q*9vGAGn#Q0B*CbIs=J$Q2s}DVuaw z#2e521vzqQBGmq4vNSPX(Mz`=loAju)sZhK?5_cZRIBfqyLjqy7MK=wc`JbUu%b|B z_FTK$+mlNuKcFlX4Vt5uDlcC&;<<56%QriogzpXAPi8mLl(-FE^xe=jd$9vjNb?Po zTWnZCxmh&ubCjx`rbA#m1J`CTOVIO*tBZR)WM=vtqhptQhOp~iU3UHg(e~pV-$9$o zZ?O)AWu`2TG*lpCDgt{1V-%)(!?*Toy|cM00XOviMK2|qrFc)P1430iHuzC_9-LSI zU(Cv^kSl&b&+!(ZF1CGu3&q;5sIdk34V&yO%(;ci3&zROp5nO2MM}hzU0YRU^dwDC zN=S+7gMegUNSU8aY~^d*jQwSk}MbIsaQd<5kUx-^-;r3^-lr zwUY~hJ-rB2cG-mXj|5O3;u#Y=D~N!jaw))J^nJqagYfbRi@dc0R3yk$$T~6%=X1+- zzg~3LNr$!JJVIQ2glkd0RE8TB-LYK4&Z>`X;>j`hcOgQ^@c=?Dn_xQ{wd~})0tv(Q z!W=frm2d+-1W-!7v6C+{Acc&+h!dXiqt#~U8OSmLmc}hLHr`#Vvf*i_`7`6j==)$` zY2jOga&s6BENCKNOuIXKhV|vVl`}iKk`;;;Dtr#|p`f{_h51wd)wTQ?YN%JKxVqcA z2l>h1HBU~JLtgk-Azbr_gB-aB9nvvQrg3D3p>UTdyRw9I@nS=JTgEY=uuyt^Uf@?? z2bW}jp@)Ru79rrO4eWT3P;;v%9&b4mGX)YLq@T8aZuq&_H0Jdyh1|s6D86}h`w|qa z@7Tota^5z)&|Rvv-~{zq)ygQU|E4i=U^G6j;wb|neEqO!ziy;yKUx2qEx=CDKDkgV zj}nb%Zp+r9huVWC`6FadFHjdBIGuj0k`4KmiBV^rl3-H{V@H%&XK#j|D?REWl;)op zTX(QADi5psax(>tz!kpBmO0$~6L#^X6-he5+-e0Ox?lA)P?G5r1fvse7cVd&fGX*u z1UTa3j@`^QMKpQr*(PLK9)37KmTS8H%;0VRNWpHL{J}XV6OYM@{$eTRbdHHTGY8XD z!VmB(tAf6{88`XnE)e9t*T|qS$?h&QbV$9A-)3SmI#?Fi&;8S-=e(rKH zrrQp1PCI_D8!hT`M8ik|&>}?TaHBJ($^+8q#d#yFqU zE8GXN+6EcPpk@9pG1qwAM?&=udv0&OJN$unm)|21rbt)lK{6KvwPr;(mppW=E&=%- z@m_kO?kaf3phlldG(3p3<8pZH{4o-)Yo#!_aygccWcbb+G}DgT7B<7qKBPY z6OAP(p${f5PYAUOpEM-6>uC%WQ$rGuiPO4g3_WCbu|$we1jxf-6g2&1SL{oGxFNk( z_T4?hkddp+3o9CQ@RAidg@};dVi0b;zeL6KXrpCupgmn!j3t-|5I$8IoqNXG%d&Qm z%mxOK$+w|-Wr@oC;Q4=rm)*^_KB2d9=9-oeOwXa%nf>SWqcktGFTNXAm#75gB{JF6 z9Q6?Dk^T9L=U5+3VCo$9g@bKM3oZP0%k0$CLx2v=WKDV%b5&-M-NnGG*@r1AT4I6q4|Te8~p;2-8G4#Myy+7=>q&>O6td? zMTr-!!sd0PP=F?t^r-11{KsUfMgFvLxbtv&Fue~cY!$zQ7+}6)10qu=mP-l{>}%HB z-Z91`#nA#1OSxak%EFj{z3k)4hDR4e4-n&@sxv$&P0}5Ws4IVBnU?44j)}{(sz*lN zY+zFS-(~j`^|vJJ3xXDfISGK$*P!=EJtDL^eLk-g5f}y)zPMjD#WNMay4gut$^ML}E zG$H0xn1)YUd>a=ml+kb47=Bd7L*SmGNID0QNB~*I5eCihZ>(*0_H%?4Xz<+ixKtml zeJ6Ru@{wf`tJqtUBGx!IH+BnZ&M(PL7r$DiekQgnO&FZW&GgJ4^Txh#qvES^?d>9u zzVj#}*1G&Eymz?Z^M<0G$Tf-jCe7w7$$D={^E(rj29Hp-vs-R^&C$mZzvURBO5y$I zd*)_^?LXw<;n2v{NE&kw!L2G9GNhwUP6D!@u)o4o*m)#|rJa8y=FI-*tbO@q=;8b7 z#+dM9E18!_*U59DSRn}JY<=gd|K%!HDoNVGt`~7fSjEP;l57SA^a`?GCoFK0% z(R#KG?Me4oFjYedAIh(arl5L+i9Mhpi{`OF?;qZgpkTh70N@vSPTnm-OAeWdc%ghZ z(wA$mohd+b5m^p!s`1NS%}Hu)0uaj7ld_Yo%NToAN7kU+S3Z3I2^8mXVR*IDB0=8( zNenCQy#}45v`r%daihbAwyZ$5*KrS*fsdu#C5u%$@K$gA3T2tf>b_Ny=l-* zUDRtd7{aIbH#=op<6L)M*V9PqeL4?L&7WIU!sHrXszTL~9<+4kJ@5h9truEHz*Hy@ z>wPHaY6-BjDIVCI86_irf-5J?#q~HK$xjV6jtn%U>Agr{{CE#zuuApvh|bCo6Q9Ja zW8!fJ6&THPVuDxEO5Y0gAZzBGacAGVBG|gZvDfy<%6xWwPs`hVPpzMU=1DNQ=V+^H zS?YGaNA^$`C*C_+OXtuW>(GZ?n1>_rbGMr}rMk3I0ZA*;oUw>)bxVm10ng~cIhb>7 zw!dD@Sx_!f{BFR{7j<6#1kmpz{*|f4aTgtlcJydD`(_;jLXFOi6v6nEHm3N3mE7$N zwVdVS`?wk9l8(U7B3#)+vn8=4H}Zf)Zlr_Ja5=%`H= z;=&AlA=~Q}Aca9j0TJ8MW7l$c}J-Z+F(@>}XeASZk)$1v=2 z^M&4^P=j18Fgk871TcM(_W~)6_ZscO+l9@&#;Cm=sL6{Ak53#~--JIpym55la@9Vn zV5$8h@a;ULqlI8mctNo#I?@)mXg`?_&&%zTWKYs}34bKz7{=)Fi)79bI8MisBunHn zf!iMPX^bEHo>X`LEt|`!v7@|Z5Dh}zakv=_J{xG31c8!owv*Qv*#N4%zE)pa{Tlal zy#%NW*(?m%YfmK$WNIBf=t$0Y%|PU+-am1yMAP#rg9jUK4a>`>uv0a-8-DDYbRjGYZ+@fq77-P=mhv91T(9Q7dVh zy1h&YOikRrRXsAKW2o4@*KAn!Y@Og#*Xj34`KyLeCA1*$sND{>B9}drqizpB$7+dL zfL&WTaoS`ig7x8D%g%L?-}*AA2!N~Ya{m*$pMX+CLl&Wwv@zn7iuPx0N%{dy?G^dG z=g!Kpz$?p4=hd8F%?_lM&lYx|*x99%S`;MGy5=On@7N4jEuo&B7rCnikS zR6Q{V11#RfmelQTAocy14zY1^IT3my5`;kq+xQg=f!6vu+t7cN;gx^nP`(Z&sy5xj z6xDp6f~rQ<9`xyIcF3;BsTX?&U)yf%qU@J#7jERq38>IxhRNqzg4uk=vHP!^I6id_+rv?H5~ zFGuzEU^Ipq-T*TJqkE{q(%?u0(Tg2{z(ps~O{mw*>{TEe?Rdc;1YMsb@6gs}WoBH|hF0^OuzF-MhPVIh6>mR>tkb*c zB%@7P(-Laf_^HJ1xNT_CM$PKt<|Uooh?(BsD+D#!hRzC1PA}CRf-{p{`qmERUM2#= z`s<%sdjBN($Zc^b?mJVVY+!E7&77*RXLsyZu6H@vw4`{7UsPPdN|PeSUmex<^ohS; z+1&|PwD-R1U6tP5G9d;pbdV2O45_PdY1FASmSh*7n`+afpcnCa=RFs7daS_%u#a}s zG%K@;Nxg(cYa~bH3aX;I|43iMtV}8e718WU&_r>W48`AR?^mednG$f)lAvE=wlXM7 zVpkaWFeTn*GwH$vAwo}CqyTsL^e8z~fl3bBccRe}VZUrc!Za5SatA9;?MZ7@0ncAv z6s#xQppqnlwAyxvC+^SuFxBO9mxq>%0&{0Qq)wxZH%Nb9JjPDU3Kb^($epp%hM01~ z5R;}Z$Vy=OW6@`T+xI-WsGxkcP}+g@xlnu;DBn;Ax!?{zXSo3(4taAp1&w&^kF!wW z%UIHve4@zUwID0WINE1qtNfX*(J!MFhYjCbA?HSPzHmV7JcRui5F;R{TdF!$pl%1Q zZ3Xm(=@v-6%U!x2k|c-CR>5La+WmXjb>OH+T*zvy~z z>x4W9;Bdu2`zqtz9IqVld*~=1xrSEkK3S-d?Ue5TO!tg8=Vm&gdc(9!ts&S-_kiRA?vw-qlDK^ zku-4~bVb|1yZIH^LB$iZujMDZQ+OKnS`2k!OPr=gD+SU|o&nEFLsWWQaB20H+CQ7H zyn1HVPw}S#T}oEQTRl?qY^k7KI@58JYE_iC{da?HAF%RA-jG5P%AS~b)AdSFS7RVa z3}De~u8NXgys8VHux1gYe!?f;u*$-jrHv`y&D|vPP6!zZ}BgKn?-4pZkiy2v6c}aF|Mqo)*PwPH=uzF+d(JazA|l`q$Er zGO=U{EGnug3^tJK5`EVz{?(W;NN6GS*6No9&(g%pC-p;h@~fn&!^F6fFp$0 z0SD|5)4kYuQ%gcfSghFgF^}yA%^GIe1*%!Tu4G|DdcEaiVDQFqWB7mtcc^@ZS}T!p zeEBHb7V )nTE=3zb*}Z|b1~rxS8uFuf zZ#oE4=RYBGQV%VS&3YG<%NC-3?~w&f#!cS4Td@IbjMSiFrrLhgnALT5lB34M*(y=r z;{#DjgfvN-m?{R4d)=F~WJ&jkc(5la!bNA$u~ z<}Gkk!k5Bc%yqMIn>R$asDnP95(U!srOA?HISeMZ5EMu=)RFMKHzDd{2j|ac;VNI6 z^uN_L;M>CXJaBA^)&4O)@w}|SXj{2@M3*9Q)SFnsI3ilO1%Sv&Jvt`Sdo3VfS%FB) z$P^@cn`C2iMd*l7mpsfv1N1b$=DXlyMNUBBb#@AxoxeGg(h#oq*g*N9_G?xm@UmL7 zQ($fa9&Gl*-5$ukb5}9b`jKdEh(6Jz)%Tv?Hn4tCykIRb#c0Fd2&{$L1?*p@dS70$ z1=6*%pkWuvMs#a4;0U3bq6c40j5rYy7l2Ajv0g=9M<4ZC(N_rnES%L22Hsz}?Scq0 z1Z^yw)xtcP1h37d>1ne;hj-YN&}0LQgop@r8mUoJG4@m7PA!v=XS!-e)dI)zgYO$> z*;+r!v<&XHu1A%eQe!uO6P)=Qy5p#EV*d#w1i<~?}6GOR}o8`hO z)<_UAy7t#Kl94|$(X2b`^*I)swTAC;TqaySQu(u{`C#HiDK2uLOxYyShLP4<&$?LZ z+N+NsW~F7|{;14i{UK^1dZtq7y1ni|Fzj;<& z4QxG=a>I~b7tlP}KFq)kd6PP+`k4_E4a|Cw=&!rbVDrP8#L?TWe0}_D_EhQZ@D>(h zo7k?396rKOB)b^ddNOg@6d#t1IJjJfaEC=C-}whh67zqd?%ST4rXyS}wcxh-WF)zm@QDU@1B9XaqcFT-SG^ zhbh$)r-1+j@4OM9H&`Mt9I}4h4TmcpSm2|rJqC{QY%k|+!sBJ}IL6wV{g^~TXPR`G zf4R`=dRm(^12X|+ccnneURd+G`M+}kijw`kNK#%~GNy%hu$6)n8W+ZY)DT2^nR1gB z`+#KuoEdv3f5wZoKyk^#Y`?-?SySOpQ%9r-SOCT3nPxSnZO)D8R4=+GsXR}dlHRe_hY!j0>K6YJoi}+%VvnF$ zWpdL=do_-yIn!ZatL5Z46<27+jp83lCMxMfetDc$gQs4!t=*PHP?v$$I=7z78ar3))WAjN_yoI~g@G?gPy%(!gXS+g1EKzXd7s1p-^qi`Fl`lZiZU&c7Pq1K zpJ?Z-mt;K!#>ZTQ*}}{w!Bn++%EVAgp5p-xtj^EKjr{_Lf-au)+>3t?SnS>yGwj0` zDl={Rh989ihts4o&8+vEL&?-?JF;wzl9_;I7Xnnku&Ed!8fZ{j9TJ3S6M7L@{99Cl ziak1aw3o5QPCEXLsTgon@=Wl9&~J0c3$CJtb116eAE^;VEg`Zb^1x~BGOdcRU1N9K z5~j-r!RbOn$EM3K=RL!5t^)j<=6~T3Nog#<%si2H8gXzwz-ZYHVx>u`N(ooEC({*W z+&~H~Z^j>!l>w14CwE;pY0Q=iRRDq(2OHhzM(33HOu!+Gb5pDizt8`i83z}6==dk$ z@WAK3#_9m$xgdk(iBg>~;Ptn0HQtS;6s9wy_zO%AAjhVzw|oJLV6w{%um=B#Isis1 zmxIsi-Yd(gEq8MB69#7v8q~x0uZ|QEAdVWmXbF;@n*H;huem4IfGumWYdgc2^TY-( zI`NQDV_Rl+%6f@?b;a)CXpKdpQ|deYZ0pc#yfM8WbO5sPV7UT(v3W_&! zY}(ojJk&S{WypRJfPcAY(Y&ssO3FGC( zhWgAWj|)NU_ASwu0$?+M{HGc|DOzxl_fep(Ve75c6QMe7E^w1F3vdVLUAijmAIuVZ z?a3;_VwE;#>#u)LE!jt*7aOibRog(u?EP^NRrN0fy!cmryK=MxEmUO6AF%gi=QrmB z86ku^v&Y7kE~tXa%)rxel+!E+5==bo(n=z7>O zwOdJNbzF^4&eTMr!vfurP}PSpN_099G8e7Tb^O%LCENP0PJ(#B?;DwQLtH{qap(ix z7BfMg2<9k5mC+)fYdK*y`p_@a^9nIE;<2PmQ1u}K0S}9~D1alFTlaP`xp-ncZ~o*4 zo?yfh;exH*wTv?stKWToDm?d3k1^N&Bb;N9eeJS`NV1&Q(y7q^5GN^_BC@xkGL>Qj zw=G_+j>~w3M(A7H+~$|Oe~><kuBQ%^T#n@Cg|w7sTn-r zXfQ+SI7jm?zou0SN-ZCKPk`8Dxkl!-Tl%nJ8wS@i z{mL$d0e2HtERU$~f}dG>gb<&Oj|0ej%vI^A2szfCPVENKs=r7rNuVU~`qL=d*xYiaE-cqKysh!X?vmG@i=s1sz zjODM?%kBsMGQqR^rWlZa7EN=T=pEJH+iCH9+J_)3Ztw1mjPELBB!(ag48d}FU9y6* zA23X<8;*L`Udz0Mq#jFIsqtrlciYIsxDWwq=uBA{e>poo=7@o)zgv@FN(PmCqY?(k zhO-FXKNYF-zmUk^Rh9P*|A4)wG1@;YJRhyk2y%TgZ%=xHQ&)lg@uk(#>U}3dq^^b`y%#Y33HmXD)m2Xu963m&37#kq{f#}}pS~0Jup&n( zoWc&=H|0|roX2waLtDcT59QXY+p00zq$4B7W}te{Ij7nd;??9~`_1Jsbz2NTb*obtcRn*+IJvh$eqeStdeTG$kG3DLmhFX(YWcOk_-6pdNg>9QdM)GExzvSZvc6VzC87ZNIC!Cwj2b9(etf>SLxypRw7{=JuFkVft zovK!P#sIhklEJg2!b ztlZn!*>RAW=$%S*tJpe`*)R$01nY7~+b7DXG>IhB1~WT4_VZ;X4XU1$k_(7j%VD+B zSata65P49CmTt&|>^>@euEPo!NFNKPB7AaLWdods7;d+7v4Y1i^v{>4t7N`vU(9Eh zyD`Yu@atR0!C*fLDlqGtW=!}Wn|S>2cVS0y85K{Fdy`O3QwPiIA8y|=~Q?O3o zbD&DUUs`)V;xdBH@SJ4nM#tDkIiZdEX6HyZ+|rj$3Rjx|>f6~|Y+x_#j>eLcioy{_ zUM;jTb##e!Eju(zx9L0cP)gDMUj(9(mmg1=p5S;; zJGOy)aRMGn0<$b+J8Xm~>W-JG6Z6Z>_97B`t+gVFZGGuLT5lo)P<6*LbT|i1dJ!Rw z^&135Pc?ZG9j*qeAa6lIoEUQjNyXTJjBo7)k%IWkJ&?u}YNTiFXIbC+9uHR-ADl2X zi8^}l`iUQBilst>mDBuO7?NOlwW96aVt<18*VzXek`j-qKUjYTq6R^cqJpZM+)~y` zz5ItysY2`CQ*nLMSPzQ>J1R8`E^C)5Ayg=vVSa@HldPNpo+E34J6>YDeararbX zVaj}mb2yFry;1d1zW^hZX&ADU%X=3({7~`i1}31abLZZy1N}oDRMq-7XElx0kNThM z3ajRs5NhwV!M>-;y~qnm;@?wWl7F;P>3K8pkRFt1qaLf|L}ycW2j{>0E0~Nto=kZS zOBfdklooHQyk61bu9a}EbAW?Fy)tSMcHfyVNcoNWty$Z^!NZRw#`Hl(JX0rEF#+R) z$7FLsm6TH6lbN7s^wNsc>aU}S!Eaec)xKtivN|Bw0)C!05FmWwtf4#La0nAVWWK9~ z^;j&}$&)UlDIzlP)|LAAmQLmW?8YyR865sKO3C(k^p}6M?$2OVrfE*W#kA4;TOt;} z3An7i2rzE-OA#p-I_l}V9Mq^^eM8|&1q_`nec6fN2$L_;$s?g0yp73J4IjaNunfQS zEK>?G)WWUv?t&^$XH;r`1bWYT?TrkTWIbQ10aZHu_Zf_M7ZK~KGk7A96sj(C-o_OyxRf3zM5N4yB12MTJ_!%p z=Q>|S@t1)_o=5VUmZ{Jbfh)Qk@#T291QwUbu0NezdprXYPi}srUG1(e7i5oabIuc=J_^0sgzV>f=k5HIhiv?X247+$j;6RvHPw7aPXzeCC^?=GV^Q)x?*j{K1=C zVhjY5Y-z9_5Z2SQVLcanZ6!c&B>a+8hWgErLgV<8AI4>MKACVP7t*cV0$~>0>>tgz();PuX}=C6wlN4{JvlHQqholK8PnL`vR#D z{t#2DvWFbL>>=XN;ioSr8){2u4-+@OHB@}Mnd4DYRe-kDVnP-?oaU@aUpjhHL?G-O z1?bR=ncY@J|y+A=)DG=APJ|g)k&u z8(QWmaH<}Qyu@^4`S@HGO4Cu}#)71t)=Jx@$>i#)KgODTqnmN$FKTlcz8s1_cYw-j zLwcwjzV zyrz@bl=DZxCC8`1ou;N#ty#wj{d<4%f6zj-Z{b11p3_3~z7NNuXiO?8WYuCZH@nO; zFHISE7UN`4awqUlqaw{6=f0g=_W9!4r(@tLILxD2y?TK`HqLE-LxrzA`|#;Ad*4~i z#ft(96Hrm17XQbDbG%jTyoo0J^6%SV4Lg#QNH==MCcsOwzu|%m9yd8vZIke8^d4Ds z)f*ND$Nv$p5#-fPUTjJms&pj&OlvJrJS>c}$l*QvRA&xJJTjaT&e`KFAk}T<-8jij zCaI5prZF@dr{}SDCCC)LLoV6wHWD-bF{XqyFAcX)s-qQ~q5ar>Pl8mES&t1aVI4j( zKumf!Fo*K+O$Z&FnJ86J@<;-X{u(0|T>faOppE#r`-vJ!C1X^$jq623xE~v%7=nUj zzM<2efd6&>1&4?$vm7yLZn*ROmc7RoT5cuQ)o3s2Y81S8s5B_oYerG6?5HusCZxE0 zhIBDvd()TrRo+^?q)y$$veb<(zrx$NHO0KwpDwuA(G{@{eU3q61#6zet$b5rle8aP z+>mRkTtBgKyA-;eg7nQVLt4_EtvrdMuf<(0_jXI zivx$OX{-GOj3)E%gh9-V)RNt=OxEJaBk_yPlwyhz8|W=!oNPK_7=*h%ciHbndgUlb3nj{zddf1Z)n)(mbtQKoqRO#gK!C&)NhW`*AU8{9!&Y>J^xeU1Rx-^ z&clklwwI?tcZ>5>P$=sij$t$~qpN?OH-DOnetPQYsOpnv?M%H1v!nfV2a(Ebw()t$ za4D_d+R0tw1A2b8a;S&+kI~~74;K>`9$+(D>=|K}sgq*E$7wiqqHa*ZPa!q?2Cfhz zx`m;i9{5$;s!i=wa@xrC{#U)knC7b;F*R>XftL;Snt4jy10R!*K{;KqPCA?0kq#@ z$cEn68*|G=3Rc>S1$vFui9Jm9OF0&?OsZa4WmkX{Ip+f6o_N->Ud2dL6Fzk2Ki#+V zix(a(&vsl|LkG94Z=p-1Nm5!caIFsWDqkNc-tE#Xi;d0#R=GOmkNBwtI1bEOV<&=~ z*IW>0d5P;9WqX=xX9teNN$E2y?*g*+#zqMM(j?P(W{+{U+^-X1+4@oN0|I$XEXnfxA$SM+psxQUTM#AWDEB%v(^TDu-Ar>mB@v z_0RN@Ny56Z?xYWy3Fxi$#kY~yF?_(;dc&pi$BsxBTm5gs-YG@%IgY5vrkr=U`TLsdh*2NcY9_=>-$i!Wp~LW&jp>>-D&VLHgvsJaQcsAYUaw$!=_gOs>e- zcN~9WEl&e_V0LbCp5e^D`(ChIXCf%mB1F@kZwT?KZb2rB!UEZy`Kez)Yx(6+9k8rQ z{;CWQh}UDyEuWZqXbP-59*>N26&L0GVOoEhtf|NXX<3cGy0J1KN*1| z>QvTx8hlWCsAT(2L9G+I6b^cju>yC_h|O&EaWrENR}`pDC3-Kyn5sP zjTJeH=Y3F2M3NE*@8w|?jn#;Ce9)}YlQ$F^;#`^H2Qhjk0Wfsx4M9P9Y@Np+{{Hbn zT~cTkw8Tnz53eLf5=?mMf0!Q90nR@BH-Wol=HUABix7%BdXJ!WtdFCDs;m!K%aTuUb;P$a!U&HIqU#%XP_Mjt))_vl1 zP4Rt0$HVd{&Ta90!x7P79!KOvD`+=ZZy%in?_D%Ms8>n*x(jW~6QZy2#eZsI!vKsh z7@B?L0-A>b;y7w-d((W6XZRoFH9J4wIEt3nGBO#B7};(Z5dYN_8Nuq!hAX!f*u1`M z59&%+V)XX2=ROpm*VkPOCPoDa5uW5yMi(0DEWvxG@*kGHlC&JfT$DTQIR{5PjU*et zlunC&pwZw$4*-yoC(6MQCJZ|Alzid_OP|(oY)Om^p0e`mUnhsyxhUB)meVp52m>S@ z2ac*C3m~7Hpikwiug|md*G}{eF>1%>hu>v(%QdSHO)O0&jectJGfj+KO@5)Mt=_TmLGwzKO#{lmBzy~83S?P>F7YljrlcTavhE^T#ZX^gY z^65U%uoca%nvi+5&1gk-H#uj*?x?(ys^IwJCWm-p_;iB)k>H8V&t!QW9*dMIuph#g z7mnr05j{9X-+1X8IoIoZ;sI1TV;i$UnMnsWkQ_G<8Uej0kj4xjz*(|4_PcH_VOB#+ z^;rDPe|53f--U!D6X0HUtRt**MO-#sOndvK{x3fCkjCOK1J;kY$0J`yfBl{2+))iP zZ#@GqA!2oPDP(^UW76)rAk)Qe)Wr_{xIQN*0&*$eOMXe+jV%FsT0@VJ;nRP*;KD#V z(?3@RToxZ?3AXi0mIv+MF#f0nB3KU|Klk#tN#thi<}EDfmE6HCWrn2^jBycQBBIzV z3PbuFlt(%+;Rm#`@*caa(a2C?4qGSlH2qJ}wI=G4jyZ9TL z&PH3`aj$NDw*EEi>XbqF-jEP2#;{rQyP?iOx2clmzJ8Or92 zVcph>To_OJ2NY65_p7RWE?^ta`lsb(o0>6Op*_4EQz|OUx|)jpf1&dC7ixUo(0@L+ z7C8h#WaHnT@00}g|Nb*5IAsCZQvdnf7W=QZ+jbyM`JaD-`u?lW^t-G7wa0(8z5lo2|3LaL)VTFOr1=k#{Qo5j_H%}k|IP*Y*B1Yy$^XC_`X8J7NB;eV z$p0Am|3!@di7LEj^Pdmmf71Wopn#zNU!v+{DCeI=b3t;+$MyO@CF@>`c~ZuU#Q|&e zTfC=rCm7)S%0Ys{>l--+T?D#*vuA%qTI0++ePH5TpTA1aeg>|Y@3BBJmj1gCB3C8l z=t|K3qP=~4cL3|vyj?iY9yPT2N*Eq|xlFRHHLy{P={%TKjt~H~G!WMfF5&(W>E$$> z3?tI`E(nsW*T-j`Aae#g)zL@s@Za#QrDsLHrMvW7b*?W@iYwR;M%!r)qZ__SXV&~y zNIAF2SOdz3UGn#CVFIeVTDp~U624)2^g>g+$VG}5?@~yCSm4#4KP37?S?$fGpL=4) z-O+0C0WZwvOrADd!-w=-`O8*gwAVjd#1L_AJDoOU5%iN3b>l#NG0&Mt9nk7|=->65 zSFL%C%3(1g31_lVik_bK%mdn3A#p=;+C7_;D5ls;~)zDjHw8 ztYG{?S)wBRO5<}0`n(_J&%i&Gym7+?etXuW$rH%SN(Z_nY_f3z*9Sf!4npp86*vRR zLeVDPzc19g=Wn2%7J0$#cXnt+kKJs(6h)c(4Y@jOw5a`!FPZxF8_sU;A}i?DRh<0l zZ*iXk-^c6osEdLICE#>({vaX|tjpi)k(sAAe8g37pGt-ZSwW9;QZPzMCzqI2u3omM z4-Q^BJY(y-rO6!F>tZRlHU}lthXs{H31ZLc-gw#pz;04LSt2fQ4MzY+@cr* z7oUW*MG~}4{i4r1@jcGUHpraB3xa&4@P<7>%k>$>}Q0cWJDAA79RFc)33m ziJ&=@&++)FEUMC^t<%rsMG%)=`Jx5*(0mZVGEYH~&W7f2K^iWR9{AZ*su%$eRelm>6Ud{m9_V-dbJL^!7^!5o8TtYu8qn-zF8 z!9$yn!tN98j|pDbXreB1d5)3->B(&n@m|N1-}{#pul)xKUz6B8b$&MYxDVFRO&XV8 zs$p0(iY9?jzcq3eO4iX5m!JH;+@H9FaUW`JCcpH@TZ{cpUbauH{M4Lg(<|X$Zzzkh zx6P|fwgx0NJMA~V4(bv+gS68K|2>~}GM}bPR8I9~umJAa4(yrruRu0MO^oG-tkHn|2;+!99zhZbJju^po3;tET>3p>%9{2^yUf zV%(`o9i$(kXuRA$$Hbn;R7;ZnYJQ-TE!L@i;$%%Uify9NEhs-jNIw7xcgNj>x&Sc^ z6EzIgbO2XFH71;Q(^$2>JHI@cKXMQ(jfn@L>jsVOn;7%whBv16G($@`3PZC`BOOK| z+8r*XZqaaT6Eb9I~h8S z)lJ>@T)g0PDh@);n>0GJLz8=Zj+e1_n_Pa$6GFH7@Whhu%&mlGvI4i^Dq(gB(yH$2 zw-{}ThT)DF(Dy!FuWNmeD}1s_EBr$zfV6!?`Sa2Awf4S0Fx>U6Rrj% z;T5Tl4OpT@*NI7ZwGsU2E$`? zZi;_Qh-Ig95xhD(yIk@0laP#T!qHap?2(a9zyU}j`;CX=*vCon$?abjfQ&4_2@zj? zo_zML3CV3H7ff^;I_5ZW?8oSrU%1%!UAiVc#omA6t#B^+pyHnFhD?EkRqqieJ_^x3 zO@ZBlwZTihu4CQ>0pKcg3*mBj zi!bVpK!NFEpgZ~owb%JXr2GNl-SjTiH&;Pc6Pxsq)8MswDLE@Y%<~&@FMz}l`G=9~ zl`0L_&va(tHHVm2UVF^6Qtu83o2(MohIu84Xz5zN#FO<_rspMirF%$RCB)ILE|eXD zDo|+K4gbW^oJ>~d*tZ*mtamPhH<3ty4Gx84mJU{XHLn!Do2RB z3o;QPD2@vc(0pso<3FfTpCtVX(9aiSa_aqpKapAmBH-F64GiawF8#*!Hl*cHD#v5Z zefvC5PQ|0uan#wWCVu~a;Fmvti>WT$hc2-VY(5rS8N$e_=xyQs8h-lIk03g?H+lNp z$&xF;OhJmf9jbXBRBp~-(iriARzeAnGXtFq`+EFdw9o#sjQ5~*&z(=drMJWI!IQ3E zAl0LXyr`}IrHe;>tP(!?ixuw|yUi$#L6TMR;48;E!A}wOmNWs?qtY17QF2%SNTMMl zR_~ER_CFoDpu+vq$>X?$L8rdNUt+FPVL2_F zG>gC|G!33A))5ZwYkUuzcmuqd7f3Y6iZR6#!psEmfzB*2$GejRKaeO<{_ zm+WNUh*yHpY50zl1j_<{P8GIdhwZMU438GT@aVq~T60Hda{iR_*jeHPy~iT)KexMg zZ&d~(R~04?VnH}3HKO1}o!(0MX96oxbH}gO`s^iSz<;yBi$oZoJKBgge{08fr;`yp z{8;14yGqG9=E5=Z?}#*IW0&$?e@_b1bEuO0Bd&KG#8T_!G#sd%;P zHMfq=K|O$;~0U+;UUae%M%w(+-* z$6`{t4t?mi@gPi`H0RVBpyM*8Kh}^McvQnUxD}hJh_2+iLwi`+& z&2Yhcck(G90Tz1gGgW zMjsWd*JFrg=VSX%R7|}2x1})~_@^!S3x0JGlT*LB^27og`;wagZzlkku@l4u%y>>8 zhhTS2G``ABiprVcEGz~8fUZrDCmyfA7p36}2MK-Wc7TGSV_^tLvKq7n#0K_C2fJ$! zdxkF~2oDUWwDX$aW#^?aqR*7d}Pb^H7>)3pvT}gG&M9|snOcO`v8_-G_ zEmnS(?HE$U^xlymn#5WFGP&|N>Z>kD2APsGmCqn|1HtC=Bugr+{yP04sf%kzjU=NimOR* zpYcs6W10hC2r9^PTrAcnjJC2HIjR^X^c5&lW$jvsDzfj+pS1TaETTt&j}C-`+C&V{x=nQ7UKWY+<^fi}|ddSv#S)aodl z1?E?VYDa1V`0;kkBBSQQJwL>%w3$uDrnYj?@9|cYN=E@}dSpD1nTYPcGIQ*QNFgowiIb^E18l^L<+J zS*QXB)KQGXpC6d|*P?UlM9}in;jJH9J>>@nR=cNY$+fOXiT)8>C9cYai!Ozu+OWYb zIK%&gkAcEyaIwnseqagao6P}ECJV+@r|Im<8%<4_7Q292{ELe9r#JB9JRpXqwv z>w5oz@AKPS*R!7czSmlx&sz7I`w%Cl9bnG)tn^a3)^WZDD5&tLu-8b`bQ=Lrzpm%D zA1_2Ov@nk8BdULO!6T(5RPbiRd>k2nR#aPGEd#hlRMi9W_+FTPnJ3|wKQ?f*2%1$6X76`df|s=s zR1)vVC2;y2^&@8;sB+|a(oL6C@bL&D%uYC~A2>LkS-$#-Q6>v_B(YPcmOZC5;w*hU z^r-3wQ#H`H3me8gpx4P9wnx2l)s#Z7GuFXnj4B~w!yBi{&jmtVz|%VwqAa{6e59M= z&DG6nSt&j1=#dqh`Fa13oF?*Xqgp5bjZlCN6_nPc&{mI#&E}nmRsXtU*D!Nu)vvmS zRF9#(Ae^{RJ%4jB-f>#@l}Gd+l4**MmM=k-NBK5wP{d=F{bEpNn^?+y`RtsNM%%_u zvX%rgj$AthCLX|uhWGR6-Hv^q$l3k!Mgw<~4LY4V`1vB3a?F$kxJ>!>lp6sfoa@g% zdBBVZ*i@34`U6RZ#`mVHMjAO3ptT=hzftmmG7x`Gg1GoKMhyr(E4v(J@y;DWQK+TJ z(a*J*z6h607~I-!u<_5?*@uz(kJkYVeMkf@aqe^W+sxl(MIfr}c+)_T{BU9FGoAHe z>8}3RE3OPUp$QU-34JDkK7xrQOIiXLYdh=a$RJhxy|zE+GUya5!yxP7KUG31j2QcJ zyaJ~T4ge$JgcCK+2a=iDzoT{Ke1~^{2351i-9p}~Lh@5#J;wNBhTR&d)1`-<+MTf& zsx1*%+)S7?YTOv3Fjv2o__43RbFm2ZM$UTtAY9E@EzKY?opetXMKL^TSYS6P1T70^ z20dal%{ZVAkbjVhW7J+Y_>q-JQaS{VPP z2FQISjz5z%SEr|LBt5}eyo&y7_wxeKN)ZvAER*6iefa&Rvtl>4L2 zkDNGg_a)ai&GbF%6+97pmdbq?X#s6eIGE|58Z_CloI*mMKGG)1DoPI=kG z@n23L@KE?4C~x}))_oGQz6-Q>={Jx%b{~V)@75bBnC6CHW@q4??An(M`W0HlXwd3o zPA=bNUSHB5M2U;-^=)IO^Ju}%6|gO!TOF3O0q$~5a2;!0K*7M^#aD!!Z!Xx2Rg(|rf;FXF{fZ}-yj6y=NHBsojT|ld zTX4~ZDikh^0rHc^Sj?5~%_dF`cReExxMv~QdkXkjmv~_-H{Gx2-IL#wf#BncnGMI& zg*zhldGI}_{}d~WA*&r)KNxb}P0zmwjIr>rP)eCf>N~|Xn38Mm5`yTBU3we?*ukh{ ztj8(PdUBBOd8pzx!QVGLeFPMW3MGY7qEuVNg@M4%@xLTM2XLby6?$Db-W!@sO+s<& zOg&db8Ad~WTLo#-kp&TgndV9HEkOVEoRkTK{eXXd1 zt5O+D-WA~1(QDygDwINULebpg-|?m?%N4t;9ir<#`H7D_4I1f9Dd zAKhOO$IXW(Eb--P$bZo&=1Jw$ADv-W{cDIqO~^RcZ?FLOZ=}F@sFLb zSZ`4gokIU2M_FaqSM%U779j&PJ2{UgEH@4t0;e-2h|^+$*kKzG6dbWihvx*jq?fhM z)1w-rAo&t93^?aJXm7KPBRUx@9aKo?u#p*T$B|F)y-Y8dF=L(&NlZWonMI)iZ%h>& z8%Ss9dvuI|@GW?h&w1izC?{GgP;}iv6rpgEr${kef8@7r;6vB!h7!AU+ERkz`M?cQ z<2QSLd*EcuE%lRKX6BFRA{U5!K&`oOY==5q<6Xo0*Srmp84g*xpyyV2g1@&0aum}v z7;SgIjV8Y!GNgZ$5pK$!&u#wVU}V47Tr$027xz|gWMw_?H8xG&O^`0em-Q5gKoK1< zBh@4eGtoEv!EiY_gog~6V>OHS@5$kjpLHBrLN)||MeYj(s%?ed?KzE(tmhNqE@MlI z7W>XhE(_%3D*MaL@}d`v!thdn{GdV+*fiaoHAQ94fLs$J~cFZdX34jtwUe~I)=)#-KN{9rt}vK@9PNwjp?TfRc47vB3LP#64zr$J zXVkx*v;a_Gx!p+_kv8T^AeAoFT2PGVCN@fO{BpV?!Vs+H56jtf!1OFIq74A&uj~;J z0~oFMUr5jq%Cz5K8m7

T^^<)dm`p5GplJSTFEPf^!|Vdug-cFCmu`ND1U=vfi(! zj@v(*WZ%nY?)J<#bRCQFLDj6djNPK)uWvufXVa$&vrJmonjYyGn7rqc%j~AQ+3tlb z?!GNeaNZeYv@BZ!Iy;*!xeji8lszj6JZX*9U;UJ-Yg}EoBY2p!ainF)D|jq?$~yQl z%dJ|nBTeGiYyLIK+Wf&06Koi9kgtj=Sh>tq^zeFHo``&ir+Ph1Xj=c|QB~Y5x!^Xn z9*SiX?^ucFhcivEn=D^OG_-Jy$IBs?5#~j@kgHXQW9<%SkAokUrK>@mizzdH8mPZS zC;STD9@+@s2|W;&{%20mI0bPTucjm!i}&p-f61|^2$~>msQ>8O%!>R%gsn}A2T$i# zRo|y)6w&in`)*&BU%d0yv{> zKQFJZGjzOtZF4uI@Gl`QA9FB-#Ni5?-GGM_ayhwXjf2I|C!N}p5^-Ga*OuR`+#P== zlua@>*RHg>ABXxyI4zW_uEkGjErGkQ*{QZ}FRWt7H=(> zVLEe*P4%#4PYehsun;zIjJALb{{I6ANyE9qTcD88DcicKeFH)T@2P zKHq{w8%0To)%F1~&zpe7WUAHWK@Q0s4t6~N!ob*T!TBWW_^jSc#jj6?Zq4pg2Q^hz zxo>9RyDN>pSu0?AcJEaek=K%fNwN|=p{jw>Dbxy|Tm=Q@D#vWt(P3z0S0hS%cumy1 zG((D&p!8maSTe*^LlyLn$(gF6w9M6)9EV2E&Gq-8ooFdwShs{gl^}}T)=XRhxz}Jv zqIvk_3kAl{@%F2V*+s1n0pM-v%%6!hrbzZvt z)M_BXXW*X~#Ln;g!0KbD+fe8!>4DfqYBC7r8(CuX0*{rEz#E(OcO+7#K4J-jo5+ zlujU!a00e1cod$HgNt_GwA=98Iid%`m(`nE5 z%BOA3=2Ritd4J4-zoVdqRoH966Y(*Ij7Lrs&sgh%&HnevdV;1g^mR z_mQge_5!nz|2*2eVF&roQ-gy|{og0*e^!4={m*(&ZH51LL8*+SEr}am4OrXi>nd<3 N&zPLY=AXhv{vZCp1fBo@ literal 114641 zcmXtA2|UyP|M%;wQmI^JMP!av?)xT;+?xBAv)nCL?h-XoC1?Xr4vV(Ch-=diINk#!rNX=Jx{{ z8o5*&8rH{|%`gSvH_kZd+=J2_QGdKc7bXGUIqR#Xr+#+s%oRp48ILQqw}HP*qXktl ze)?m1$}iQ)B2f7c#X9AQ=MAeYzlRo1DZH8w;1^W>drqsPN=N(hL5JYen@=n6K0Za8 zVqk)_F}rvm*jIjpCnJuzW`l+MS+!Kvv1NN9Y4`*I;>1#0k(b`P=blLvuCri3gg-bzP zbo)=(yPdh97D#g~lR9LvtE&a7?nPl!OHog&mKlYu|JrYyv48Dj%bOc5&@X9X zQi2q~W!Y9tk^HRw!+Gvyn_bTPs0zISp4~>Dr4FX?zvuGQ&rf{SOa;u0TImHEJbMXwh{UG<=I78M5Gdc2BSRsMHw%uW?;@~ZpWW&*@KjPXzON_v}y$kjL8v)5$t$G*>N zv$^6RdTa37lvzVieMP=OEyTcE=LZwaBsR_as{`)D zIWQ-xLd6(+&%Pv8igrD>i=0i)`9f(eCdo*j%OzdxZ0w+%*(*-g9`KvG^Iq^G^@;T7 z{_Uy#XArlE$!&TyHKV$$SmU)uhbrIFQb^A|*wa=4{+??Eva-ehY1_-F(*4}CRiyvi z;$+dLgIbVp$=b3hb6GF%c<|Vay+;Si@-qN<7ieg<)&9*{>XY^rIdNaL+i!J(+Hv?n zki24|ZgzI>qCS(V?uEfyEb6!W;&MeW->RLGtU_N$GO$G3+dZ~Tc51pF^)uTg@6gJ7 z<^Uryz_y3BCBSzX8R6jCTeu|Q!vL=YYkUMa=JvdozNMyj3 zD^d?yFVNq|rF6vutV%bVc^Tw*AVP;~$r?0)vmgAZEahjbv&_eOHN-x;+fK4R-tBuA z{++UWB~vw9dbxK-W~PFM^jD)!5e0(8z&brv;2f6|CRJj^@AEG@E?UvJJjm~sgTsqF zzwVe|%gb@a0ri$;Ewhkf1{i{Xrfx=j$iK}vj2Z3JcGd!Gp_0-IveNsBL%Idxh3hg( z7N+yel6pfw?;CBa!P$KXlr3?LSNz=ekD$7sz;;}VDsukx5E~u1Hv4$#O#hZH^Tq9H zIV8>$!h*GD$@T;-c28KZSo3M&V;-r(Sagsd1UXa7H*T@|zN2ifhJhUa_7P4qp2MV? z@5rCyk|8PpkvIcqe=?{x82Cx{GVM7o(E>3oQ{LFyNS=~vo+6|`36kgbS(8I?E?RDI zYzz-qWbH0xlv9I;(XlpJ`Kvkkf1Ev4GjMBe%;GM3dUQ&EuP43ys2E2c+e2sHgNBr} zr%=~FLvymFk4GF4uraBk1^NvSKKZoX1^t-WUk-SEg>i`in}{z+kkKP-bo+9EjupC{ zRh1#Zaqx72)*Br}6GGI$LEr(Br3Gwdk~AKgDjI-kD6c2p=6f zd#1!*kT|c!7|+sCGo>_oJ!2<;eK1fLYRjTt=T+!)+i^KOklha5+9<=RVW0FZh+2mp z=%~$HqHf2%vgBu`!+xQ`Rn|&V^<*DeR@QWsUwSTNs}U!SkcpoYp>I)$w}Os1AxDtT zO}tu$STdyqZQC##JpF_rdQ>K!jprkO|C0s<*`+6g>J8Z3u!>usMJ%({C}Aox*6qTR zdJA$^2df3HZ?ZJ2J%sLM`QQ8P|Kr@Cx-BX{H@8?_4;zPaPC*tK!(gKxEb0~5cs)u}e_ufB z#dE7Mzk`U7s;BP@+#WJIwg9E(#+Oj(VZ~~Oh)cD;KVd9^FFGD5#eZ%AC2jp`Zc7oZ zpIoZNA9yv8n_u`dYBWQ2W(oVD?Z77W;G`7 zseICh8_o6}I6uW6P|~BitO36B^Vb|%)M4z=9buU9(J~hj>y-cA%ZM(remm!P#zRYL ztz^H=&`5o+KQVesrVg;ixtf^h<0KBMigXv1kURt0$hXOtR&>OKR2f*oOsd-m(S(>Y z|KV(WGY>r#;=N6b$);F|RksE!vT4om<^50Z^KKg3B_!iA7!wCUHAYKsZ6GKngckFQ z=fR~jvoaR{kfsp?aTP z-JYdKPYZd6r^}%M+m??b5x&lC`*%vLe)BCev9OH~8G021;iD~k>9nB8C5oAM63d_0 zQLn?g4V~{W5EUei=n4fO!TeY_J1Z|HF0S~;^0TVVDAu$3^_z-Acw+M)#o6M}zRs|z zia-)%fIXue@84p?zbQgWMhBV;y!lZ&l)9weS3G<+P9Ths)S|XOM^Dx2o(`OyQ115o z#&gce;g2{k5+$hNv`Xd6m@|#aoR_tbnsi+KaSG1qV^wLoi>bO&0lMrxEweJy`5%7| zCZi-A1)pE;{Ps6=_0H@pF`F1_h^=i|X*{Uc3%xHu-Kb&OlY-?DSd!cy<)C%>)Dgl% z=;(`+SYWurGLIfsEYEhRPtji&`kr_Zb+$bCKgaKW=>;|faxDetUY9RI&kvoS4GZy+ z`zWY4R$UtF&}0on?^D9%!BM{hh5q^gF$_HzdGE$&am*LLERBZIuXEPee%Fv5q?XGH{K z*+wLjeSfqgQ#X9nVP55?sNfeJ?+lW~(T?VM18K#Z8x861<+MYMzHt3!nO<|_)2j9O_sn1M~a40br%Bh}9 zb>t{5{xK(rSBi~!n`pu&uAu;=6uRQB@obrRZ_g1ov!~ND($V&l-#sMuW#VPuukJGb zd`HvP10pdFgB_Q}G!`hMq)oANa^hJ7*(utE28@}j4#-*~Z0-DSu8(Z!s}?Y?>y0aI z5c-}_S6~t}GdCaIKCYcs(OH^rNHV5v=B?pMc8yTe`LoxW;meTVnjSd&(-$2aTwUJ0 zTFnKpim7oA39q=hr<{!NNjpxosS>G5535jaekaF)ciCqaqBJBiV06Vq&tqgA3S-%5 znKFYE@2=pznyy_r#$XwA$Hzf4J~AkOq|m&!#{WTAD#eIp;eSmbKYM}VdW*lWR-pf- zq6drWWAJrg?AE!B@KVU{gv_wjG0VE@FHMhT!>%8GQ?aWSLH5r3x;i+Rfg&kb-vbBv zL>VoIuY8!=&9H0SbP)%8Ta%jt;9Xb)_8P^XT7PG5p49UPMwaKeH=hJLn2y$+O-F6A z;Po>*KsxM$^`Z#TxVhA)>wa{f@HqF zb6|gVMw`rm1)=W}2j<{(W0r0w#KnW3Fi>>LwC{mmf(yb#t@bT-+;QW7xvan;^~_Fo z#r&)88u5wc7gsC-Yh5i0wUEB!L!9R$-u2IIYYgs4z78U%9N4a=_>0NfRhY^$UXqVe ztGV9BU)<-bCmvH}RNb^6YE(258uQCT57(eoEpSkjy_)GWOs-Y_JJP;OBDVfC5$*|Q z0!Dt2)bYLu_@oi>FBwJqe>U}(K)n?7h`^%$BbX;`el@FxHIC*7c4xulVedI+E!ew1#WKf ze$tp_x`#VjCwqfEsL*aa^51&Rv*2SBA6(O6*{L%1=IKvO#gaoJb3e+5nGJ`5RMiKY zhUOZ_$i875J%7yyAenDIgcVZ==$>{sBlbf-vb4UQbtrAZgR=KyLStru_h`dH*E*Ap0$;~}+2 zht3@19wzIzhsPF>(4oOwh~OsbIDgLmTc)NK5~@mfJ82**S@KSFe?OrtDFy=AKH1(3FnqRQMB2#HXrOcyKgs0T@^C-wj36-NLh8D7Z$eo0L_ zJ59SV=iSHOm$Z;0ufxh^;uQyXLRu#FuM+>J1W&D$O?frwK~GVR;V{kP#-HDesne1X zFfE2#@FitwJrqxn(jzq$IFnrvy=({8_8>VpyB&7bubto~)y@?4^Tvygn_$%|Kz9!O zhq(0b?SG8LVtGVS0tWg@;H+LH8|>yDf1HEY#yYLaw@V>MM3tFv_dwUBd(#gpQ|=EO zqc0lA2$UH0A(dRFd$q*#fv;(^>>w;T6>OOQO!W9Y=GW=CW+8FEfm$6tD|4ugwr%P2 z%RJBZ=(yQmoIQn6w>U~jyEVG~a<1Gj{0ALZ_BuA( zq_<7|0(V}iFibw#Y9e;09R5!EHT3Th=kFXhgb!@KPtZ4o-h$mRP>@R2QntapzTjjr zU8zJ?r2`OL1MTypZVmL`GXIjm8$h0IKdxJ!T>fE=F(~XxT%P%DmRE%Z*fdsrY*#0X z$$P5^U^h?7rq$__vunJ^pVn-8CuKEf zV8QMk8%FJlx~P>@Y#NBTt%0BKgoQ+Q4{#Y% zQ) zd9+?yj|xTJ91P6EyM_mdfI=#PB$p-7|3ZYW2fe^OtsOJ?>+a9j8qm1nJ8|}@arWtP z&bQ{FVnrC3Q&V};g-(%v$80{PGmJ&5Z!n-D=m#;3>Cs56=xfn}>i^p9BF~0Fc$hl+ za<~|yRPTQQorZpW$V9qR{eA3Wo^!ej4uGFan|aSknCVZiLkJ0t42+DY`IS$#w@~-y zlgrB!d=@sO4FLd&K3Ph4y~1c|1A9e%(CaQtUL7{SolU{|m+Zuv*6f6KN=)guD6R-{ z!cA?}Uc?y2<$hR>%+lsD0&-RoI5(FVXrvIY69J88)Dew!cCygtFHRqmP(*(hiaEz+ zT7oyT+gCPS3JdVQ^!IG|VR-mM#5pii#5#oTg)JyD3lb-n+2hFtO^K01^5Be3Y`#l) zPApNZro0M?GWtW5)|Ea-cJOCuZtBz@7~MU|DD6f9DMh1?#+i+b473Zyhk#-%poRRP zmSy&sqoq8!X>~8hA~R?245Q#qoAL_T%M~FC#>7N^V^L2VyXZJpzdT_qr)WRn|J=tm zCimkf*&*h<2!a07dRXylfs#4fy&$?lbq3lgNZfVRm@|&0Lj6ySV51r!+B*G~y2(`v z5e;-H^qsO?(3f;%x8s@B{>#j(mamy*<+{lBl@JamC$ffh+%)L%xM(LSfqf{QNvS>W~nBFX(sL25^cq(-7FL2RgQtKHB zcV(E)b(|)GouEpN0yC;IUhVA!zo`t6W4om8dbDjti*czwpHvN5I^>XNsPw zi}fMzMKZJ>`k!eF7h}wFuw3-g!+wYAg2A*THdQ(>->l5mnevufai24cOq9l#?#pPwMjUe?Ke&3={B3YP9-AE^ zVlYsU3P?ax_lI!r_i3Qn_bD0P_5?-aEMuWH78MsPmwI1NB&hqaFWT2gt(Y`4d7YrV zhsvuvT~V4tUW7xSBinSC5{Y+4+%VkqW$)2%$L+=ASKC`G%dBtoz`v0;G3co(tKI=# zJ?z&sPrP9pF(((Yb|BWYf4aEXi#3AP$pQc_JWJ8=t_=%99E*vhv7WpJoty@pewxRi z&ckXyjoOhV-|{5TUVb@SN>FyoR}dQm>~7?r<1RCd^Q3;nGnJ5av=`RAM?ZwM+M#cp9L(Y zr%JXZbg$DBA6Dc#L1cF`37*+AAyC>ZEi4Z;8}Lo>zkXe0H~Z|Pj@``4U+YSXh0c~j z;s(F_9r)_uUOi&;nU9^50X43WyMCSL=t(g{rG(*0TV4tzg!rzRP3UH0%5lwhJn4~U z=*+THKX^4H38MOhzq-^685wWBxumg>37~_=t`+!$1`YJqRLJ`ofv-cHlJW84 z@v~iBt_tzOBYtzwQO;yAW<$+$z(-~*_>W>3JJ3_AmowzvLo_ob1tA3jWQl@>gp!?X z+@;Qs%s|+wJWPW_XQkI7hjyqR|?i6Fx|I}f+F!op(`rGk9wq@*w3FJb+ zT(rH_s&U|||HAL+!dQ@RkM>%M-E^@MV@tJqIQVxsd!g3-Xe|LjEkjGxLTxU@RSzeQ z%7XlAwq?jHbQnzHfg)p&NP$8Y^>u!+S6m5{Y^se_+uW3cAk1PRMa7nKS-taXQL46dRRfgPxtL*ib2+E`M63lS zRsXEz7{pQWlYc%j7<9(7quW!z{iwvhW%HsIG7Rq~b)!?F5gULB4LnX$3^$L(1({Qj zVr@8!R#V7fsYB8J^-c*+zW(a!>77{_f192imps!@E6^F-?`AHyx*v@Vf##+42(5f< zl&(}T)43q)J6U0Ga*MGDQTLIZWjCGF|Mn8}v8K8IY?hO_34qxJc>f{?uo;$BC1<&Vceq%JR z3zOOJc*$!hm61eyPM-cVGd)&DHf1Qs1GET-vkx&i)}$9KTwW-Bp~e*%1F(;F6($7J z5@V&JrJ$MM=|*8LYHXDbHuFHnN2+K z&a({3boeM<@gE>2C%rI>yUq zRsglstRy`wix}8|D@jHJ*r;MABrOKO8zjnETztj8Z_KYJ;N}qCHwL8UHo=Uc)h`Qc zEx8Z{3pzP`Z7Cr8RcX|jVp2WQ7Y708Tw-zu;(1J7> zgbY#C1H_H7F)k|gW!?oF0Vu=yy~7)1jXATbnf4LCgR#EvxoqlH2KUBavfYbIro^WU zvjBy>|2b!7jwatqivB}=R-OW0t@Jm}>NbjWe%#p=KtPK&coW1W^;(KX-QxGCTolbG zxs#W3Top)!{lr*Ne}5snr)pwpA&@e0Kt7QHB~vM+?0)Y!JS;+L#@K`s63t&cWE8!r>& zOiKuUY7bTK4~ihfUoEVmCG?bE#te@5h5B>fAt-wPDat5sKa46akbS6ywFkcJizg4sm#=Rngl*LXC@rd7mII%fVK$J9 z^=cBxTEOssItqy6#W9T?~vgbCu86v`%qJLKK>%5YFn%$7|jc+lg z=K3db41jOD&K3FYmdeBnO9+ybnhUPPXzq40TdisV3Q0RIxXBa0+I;xKJw7HpfjY-~ z+$SL2>eJQ@dDk$nb}2>i^^Z`oO}w+!*Wp_XR6Ydahsb{HJxAo|gyWNvzzYgpp- zXOXw(qdv#RI{p4x;HiieLCjrCdiy$DN&^~^E3)jAHnBneSj z^#K>hV)Hv_p{(Bhe86_i*qOQB^qlxQIGBVIX8AbfCMutp+Bg5i zz<|#v!Ng=!0_d1thY7(yee%o9_$;y?y&9}+V{6@-7IPiWp0H>5>1qdv+X4w$v>tF0 z?{V^p@`?F{go?qdaz6q^_p@xk;uiVfY=5p!`DcmQKWE-LoGdvv{iC_mw3hXJ)MVHENX{+n z5^H(^Je{X^QA3$EVeZ+5s&6F!Fmm&X*|lNkejOb@uxdZZyynHUFqh*p%D*Hu!xK+9 zzrU={^$P~H@k|yd=FC?*myagesPlN-`2I7sHF}VA8>J29iPy=mIZD?q6Lzbh;G=DsJjAS?$Qt!?6R1X& zwq;?wi+}Y1EplbN%4T_@CSWqHb`e9}OhV5089PEeqicWa6nF0Kd-N_!Td*|& z7=aH?cl`Wa9o8x&^nyQ>ldu4Z3S*H4AXmQ(q79G*cN6Di8oZh=P^D-Znv7E?B%a5q zG>>T8o%#msJ;F|Wl6cc(Fo4>+NwPG?bd2%`hm_*v1zf#VnY*tV>+}QnO%EW_n7@eV z7O?Gl00qhvoECyCcI)w+fBsQ5Ce>$p$xmK6K5tvus%&gwNE=tHefo2-pt_Z)q|8ym?G5)5sW~ zqz}xax|H?#uV2xC)FCg>-!}9+-0GDGom@F7Unx97l zd>>)FcRufgO3n0Pr0uxzd^Nn#v@B$Jy|siYuRf-`bG#}K_7i0W#Eh+ui5Um9f>80L zuPyXgg#bnSmeoKVAZ~5|{uoDm{pw?{rkw(~x921NJ?B_xZsq_nCrkff_ItMbd{0`cFI`v^idiyQ*Dnz9(CqZzG(*8Pbw#|egW9=uKkF0 zfT8UM$k|O1dS$?+@c068vI8xAyd-x0lYP_hko3sOPCKa4mD;n_!v$2-R3Bja0HKXk z_q%}?%;BB5C)X+Qg%X15busv|us&2Ruy-xJJmr|fjrsg|=z+*~SdHxw59|I9{gxXH z@BQdco*#B17K*5r2pSi-xNxNQx)7SCE2n_1E$P>(D8;!E8a%Bw_6~r(f>aAI6BQHz zmVjHJKP=lBPZY;|c%3T$=YW?$X`e2|wU0j<5q3sIWv;`$k8=x6Jow-Ic@j057^`}h zmi8(l$s|v1pFqFBrG-sP@aZF%QEB2N*-xIZ zu6Q(e!DlbLh!n&*x_mrwk$+WP<3U|@=o7cy2oEWWl8v;!mHW6*BtskVpt-tr|GNg- z{~F^tA*t}w(vAp_W9(Ae#93aWA~Uvvz+xV)-|q+e1D7wJc~P=AHT|+>YB1n@w_y_Z z|7#2Xc&k)V%tzzwcOrCy+7HE6rFGYRG2`h$aTmD0P|he@SX%EFn$`pkJU^;!>U73{ zrs}pg3UgYp=(^YLnA z`c6DVp#SyP_wvTY{Ne{fRZ0svD5C3=BGCUs@%2LH1#gjU+q&xgIAFLN!;8u^Bh><6 z@J<^sD;(Zt9u(^Zx(srupmb3VP7~JKCO?`e6Wr>;bgX7x9P=(TGC?By5meS+)m zqD>Kho*$>VPw6K}5tNiXy=YlwT+O1Mb^g?mtv@(0$5$@2`DXe}F0r=N&<0pVyF%8$ zauaDwUdr!NDchOTZNkJ0QQ|<-QBFf`YO2G&s--0X3CI3vaLvT_8);BT+r*<A4P8L$SSTQp6v*tswXn-HU`BeiLRG+KMZ%Y5+q|Wht#>M_&?NcROkK~e^ zpRX>km?#1sAjdN=Is%lpSC5pA-u5VmP3r6?v6%2$pk6x^ZEQQ;IS}iw)>j;n%@grx zDPOO1$@}}>B@bR_51L$W)jN3K=~BIxjf{cZ?td~YF`z1ze5atMDOaE$a681oS%^^# zff#cbYN54&blSuuDRccnApGY*=DM^Qe=^*g%9zqT=)ZgU#NP0L7kZUn*$=!s+&5H! z0p%Ir(TfvEdFaxhNT@9(x;NX(bh&rj=xO@SNq^``XhRd6p?Z4YhJngr;q6a z8uydZM>EEotk2BIm^9v7Bk$iTm#C>^iR77MC}2@x7-26wYVxnytOB?-D{vYUTF5e; z;lTD&IVjqmJl@ogn0wl{e&!b7#LxyODl}PVj}JC|q2od#M6FQH$)Xy?#Y~QfOChB` z(ww$4|53e6G|w(RKT%D_5TY7@NPw-Wxm-)`VgnGG04BAS+ULiI5RL-TmVp6ZcaD^1 z&m~Zl*M}3n4|CL4)JNGP7R1s#n#_d^)a{>MC+=GVXih}X9T_8WOqYpj90km;tadig zQpcjXqi8djecd*Y8iuwk~;(uC5ZE=DUKBqkt& zOB|~J8)CF;wuq!6T0W^ii$Q(Zi>Vebf^bYW?rY9~&DlyFKb_%3Rs$J|rR91k-D|f0 zI_QBvtOjUZV+)ixDa+uoPza&DdCCio29Sx4G(F`}$!A+d0bH%XL_HbG5Lu|JXF!n7 z=+DtX+~|*SG0__UMfZXnKN=pt%;WPXq5DbE($fwATATpNL-XhEJ0H zf7k^8ZD?|SK0XElV7N&yv>}Ae)pJXUj;&&%N?hYaf>=vj7`jbNtSwbR5<+h-)XivYqE4uL5<_9rD`i_Yk6J zn_%NDR;@GFfvpbfS)vfowT(}2Gpe@{u2ZgF2HI`FrR3TiwmkCn>uDgRPOHZFNZ2S_ zz~1_Ws~vAPjnu7^vwYlOxFm6|gBb`M;jgUc!z&tzNWOkHiQP--7{4-~}sOa?~=05!RU8vMJsbDilK)ZCa zQ=-pQ=xEJXYR^L*h9so{I04-;g93{8Vo=#`ou|BiP{Y)d^~Q#VpQd}&?&+wB`p_PI zq3stQ_%MX)#4RS6A@Tzu3O7fOH?#U*S-A?G%05j(i~@KKXfY6g7KHkwXw1K_7%2<~f*1ob4>_?!u+k?jD zWXdlLlHlw(4BCadtIx`!J)c+9Pz%N8eDAOY9JEv#i+oZ1)HLd^qROSHW=pt=UR zhOMCE=OzPrrhNLUbstWVJes%q+>JX$^o8|w6*O?K&whz}(p+3TmYQ-aMw7kqaD{_o z9dImXV|_!zX99J~Ol!tgH{IHZINI2&j2GiS;EuENgUSD2|D8IZ&HAs8nfa)AX}76_ zd~d9e(%R%zxLyvp_j>2_W!?wxMC ziJ92vS49A6I34idjNPOwHq{L4G>Yl7R z3=;2{Z=C(~X_a-@t8&tg~&WfOI$?NAFFkRKQksgfPse$9@ ze#%id{*(E;msD&0CzwE*HjKRoa5T+UMH%i~Y%b5K%nqD|oIf)?lQFumAPsZ^r1;3n zfV%E@*K~XUhtG1SiAiXweL5>7&H>?eG1KQ~;ItALo+QxQ0Q}hus{zdGwp9XC4?O8n z>&wa$1H!6W)X8Yt$H&1=USGL`E?>TNkOgeWkfmE`a!4?82FgNj9niiS+-@jI{_bDn=ZH3)>X)rxg4HHh z9Cw(X5-%M)20y_dX}U;akR?2KW5fFWwww*_;h4AqOZ01?ntGSx!#TOf%5fxWn+a^5 zwC|dtoe-)IU?-KtvIdmYOzN1OEtE>nzF(7xr-kv;?JELS)0D39glmq{Lc&5)fCrqJ zu}6`*E}BncC$($_VgzCN;&+2PMOX>Q+-OVOCeV5_NB^AGDBImy$j>*hM3FaxrU0C4 z19J2ovv@d6ZXmRY+X>j@l6J)f@JfI&fTNr^2N*Kw+z?e(d+3z~vdj9}>Rjt3Iep+& zfI=T#Ic6a$ubiMcnK&mO+3StvFoBeuoL;9R3+(21OCkf+6CquD{WVTl=xaFOaxx^eJH?X;3x+rycUPYq}W8M9b?om)6X|X z)D=GCKJ`y@hJw?;T#Z>nthR3lU2Kb8gS^Uo=mxtVh%}bs$Za9^VJl`(7VkPh!Roy4 z)6`l7>3dPLv+v{E*?1TB_N#_6?zubnDZ=HeSz$-=h^p05REoE+^+Q{5+^nGgN#i(U zV1z+a2c?nOe-d>H&SBC0y^B!zeJRB?9c4>mKThHY@9;~lrIr?LY4zqNQjQ3Hr2`3o z`E>y}rlIQPb}gQy%Zbji4NRZCL1A}!{~ToeC|i_H;|XmrEfav+OWag#0Z~VI#(m|V zSY=&h%r|uHSJacGog&}gyrgsZIhn2Ctif=}i~+Oce&#*7EGa;pZ)~V{xv)pn7X%DQ zQ{P^BpkPAYKZAT%~hv2uH(j$5l1d!kG25eJejOwKOaa^$5oRH9uBgK4QL^8Nl8Hbrl zWdx5lfA$|lo0e=AxuCbsaCI40;Mgej(I`zm*O?uS_vQ-9$=XLRvNWv)`ky?>TVz!Q z*vGOqY`et9iy;{I&4vOW#VmQ!2N->&H3){XX!f|DVD^TxyA`EDMGXNYW8K9YKw*`H_zP%X`&iw9$Oz&tF{%e)j7q* zZZ6!57dtCgf~O7GHh=Uy{Te>)CK(E*J$XI<6rNId-&{ThpV|9o?5C*H5hZoQ$eZ{}ncfX=85psQ(JUz3exh+ZYbPbqEa z;AwRzc_1V_RlD%ZH@)AK;Cz6pzJM&+@G()(dRG_P_UDLE6&gQhO$vUIAoY85^=e#q z6gprk>fK2d9y_s@f4U013Yw1-`IB!=19|Pp66NeCI2Xt+4^TO3uP&^6XJ@9bEaO`q zPFn5enHFy)11tkppg+h)EII5AkJjS*ueT#-R2Y_5DM2}_wfLN0wU&EgP3+!Mzvrff zjw8TBMMmNZ@YRD?)gBpV$}>`@+U8aPX%CCLUJvL4{+4Coc9xbQ?qXRh%Y=pi>NvVs zFj$+4=~IpGY>G{Z=-ayEGnHAQRc_Hoa2lidInQ^_r0j%nxizFmR{mSgg_GKMwU(*A zL>ynQ2xPCeyD*ku>SFe?{P(cQeQQ>JHr`Thb#U*cgrHeFg*0EajO^6({T`t0G&V8O zc`3$8%-qWkFab;|=4jJ{A1^p|-z-WW?U6=E{yk`uLcelw(Es0SAu5LC+LB}-g> z!pGv~P(epoBD`>F*P+ZZ^foc1cZt%2&Qh+w2L|7^6UYV_=jli3V=tU7#>V7xsNRQS z;HHH^w922@{O&0ESjgvt6T_#+Tge+Ak3s5O3cymE-^t4Ebt1IJSK4d@qd9A>$Yxnj zFcuk79u3Urz~C|k(Z4ZkUGw4N{Ix|77O( zPw1%1D5q+RS$M0WwCqmMl*piUzd09e;Pi~ylr3?ANLX##Ydb3QejO|yK*htsk=nGMqF*~y|Bi^s`it{#$PC#!pbZ^UJy3_t7ZIMoxoyyZ97)Y|V zQ3bAldAyF)4M-G2yjqsnqW3B@b~v)H?ao&C-Y37Iko`H=8j}EV%p-jKjgeB^L%xE7 zBS02^SPYcB)ezN~ae(?*kUIzv78E-4J~j}sQKXKCnxTv4SfQ@W>hAmdA2jmHy$DUD z)4&UTv0C63P7Lt3p#cc54p>Wod!20)EB`awt*h~s3jP5wpCmnOGZgv3kM$*BpM9Kp zSeU-K`%<2~Wm7Hi3KEAw4+z>X)ZGLlm+n4~SA|v=xW>6!R@sn$YATqf8)_iJp?KcAp24~RfC4DlCVe+lG6@_x3l9Kgq?T#4(x0KoJN z0ess~5RplhjzFn!A8}s=t|pl2;L{HO_7n?DX&E5M(onU4f+sA{RQ zy!a&C1J7i%{%|^0!cl-*>xl;7>Hus#NjxS<9upMsGp`Bi%4<;#ID1cK4_89q7un0Q z#QzZ$V&=ww!Y8k))}DsF6m`=lL9bKas=xf)^x&$+xv+)UqM~~) zViVz29(yC3gIClOiNP$#YtzW(3#Sr<46l zB!LsT7p8nlR$0&x+ep%jv!a{9tViu*W#=`)E_3(i7^qV^d`iEs%nr+6|+Rs6Y zvw%5?QsF7}+xsKHNk2qfjL;hsBR;k~h<=t^Tm*=^t+|k%?dqdUELod64NmJmw2hY!1y^!cWY z0d`|uxBmwQ)T{cY7Uiwx;ipPB2%58J@U_M@#fvV9f&bzc^1J2t(1$kA5sSdd#*|~{ z+C7PUX9wR9sg#zR8U0y; zjWU3;AK?XB$h&RLX$p!4TIrQH&O3|1Rbv~pWzz_t7ew6Lo>Dn;?|1NV|Bg9(QtkL0 zZ!tktSspfcA4vn=e7K;!8v`v_zhv`w)4`sS%dO=~0-pT}0U`Rs?`u_UZKH@H;L1pM zy0b~Ig+$a1a!0;{(6a(*&uWplbx=5y+nw-fZz4Ixx>^vg>HNK0gdT7Y`dpS2Ao+sR zVJy77THm!>Ho3iz*rG)1zn@i#i)7G&vrG+pNrqpi?VvcTH|1B?&NINE|J;{SXHI$y zJ*YJO`4Bron-5XBP<$c2l=)pcwpB?2PW`%9>+8y?*=gs9#6=9c?jqnfRV~uobkh??Y2$%LGK2OY zP%OE*J-3(_liC522k%xUykdxmWO&YyOWfF#-fg4UI4s}N@$m_u>&OsgrJJVau9-Lg zj21km7bb2M7IG#Ju`0b=+WmSx`c+s3WdPXDY|eYbxvP8BN%AnAb3ojX7M0u-?ls5pfq~+1d6(3Z{ z0FG+)3+t;KAY+EPUjt-Bz2t@bhd{dI$DmV85TbXI`{x6v{{k)vD`e3~9>}rJlE|nU zIi*k30m`9X=DHPdO9klWxNy-ikgVQ57>FZfV1WY#XuzL9@;cZ}Eeubzsc7Dn==aR` zh6n6Hwt%4D#!TChUq0u1q5IURyPt6z6?A{P|1b5NLWq8s7)VV`57QCKIg-~xMwg$u z-1%>qt2$eiLcCQBUlY?y3ycX+Z!?)BXrCKUm#08r$Ea?De6 zg7G@Go9W%s?YqfVa@*GDepra5RhLDEA`6xb0RQ&oL?>5M)Rk8t?jKHj^53GPE^tA> zx!dnJJ7Q=>nV<;lQK;&tn3zNc-O|G>O)xkr#tDqP<|yWfkeaio$n+7CsknG%#Ux9g zxZbssa3@(iDduz8{xo$l&xTK&`64a|QMt_x@sF?y8(4bRoqy+OQp zcukh3Oh&#pz)ys7Hm{_YH0TWtwh1QdE88pD17+53)Q3pmDqzR+eHq&T_%q-Iz(w2tISq*G@G?uZN#cSC zA{XB3L=Cjc)BhBt8fztk%=IL`!a`;H^s${z(}VL|P{0W}_IdJnM*4?Bd!B|XVKk7h3@+yv0R^diSptwVT ziw)ojEG?*>M{C!T`1j0n1!T&XnVMa`i@qoHy|_ z(6`1cygB-X>pKp&hd>#d3aczyNPWOzbL;lm@_f~^mLrG{(ie#empcDQ0TL&!6sIit zc*;tNl6-V2=g*gyulK5{`RfzkiMsPZmnoK3HomjolkhhMfWidep3^0HsrX!dz%e+y zKY2K`@I-bPqX3s`zD%4_dt>F}mtCo>K1wS($IXyq^od_YH~Vj9`+M)OP5zetq$Imaa@SI4 z{G7rf*>vxP&)!zso#fsP%h#Ck;0*pa)oOvlhk*11)PvoZeo^G|V4afDkcG9`S!w#t z8Q`LRX|Ux5>ctIpILiVx=>wOEvCOeu>PVpAHAeVjG#?9{B2+NvwaBnGNV08~SobvP zn$%?gx8`p&3JG5|%C)?4q|(gRKt5{8MDp}5#8!{2%3|Y+GgF3GSDekqZY#tG{2y6w z9uM{UhYvfYl4P%@Y*|8O-**RtWJ}rC##plNWG_1nLSz?;>>_)p$dWCIAv@tnOo*|B z=RNrTe$VT9{;F5!%zW;-KllA!uj_hWFO(?a{G8g1dUFw|YQ7VhAKvd7=a26jR`%Bd zC5|z>{is5GoWCNVBs<^%gwtxT{I4ks#dCN1;R7CxhW^!#h?;KPr0iz7Ns{GEdYWXc z^d|0J!Ji^agKDfqI7pvVr$z??nj-Ky`P+P^rOcs^8f={&J5UL05=-lnRuIL=>gfo( ziDe0r1SKt;FTHCqr?;%To(lcddz8e!4``~wE>{HyZOPxrm@wgbt{Hc2+f>c`l75nZ z_q0@ck{e*H8@_w&WEq(n?g*gm0U+|`V3g4Bd(?l#6y!69K%>cx1E{es02iVtNY%aK zX^$XI^l9A0^9Fn>YWh=gNha{u<4gw*C>DE1#^%uLHVx~qY%}`0LVG}Y-W82RuEj+a_A*lh%)&CNGY7`p4V&(Tcy51OsOJp1B;bxc414gnx}{P*>Nwez z-CCr8oW>-ICgEP}=ec#9u$tSh;Q|2e!hl>6Z&lNIORF$1i>2$XLA-?}YnCPnXqz-T)~qv3uFI5*$p#8jop0O25y~w@ zN+*wEM3T#SDoqPElAbF*HWCTmCB>ZI%h7=7{`7U`;{cFcfC$pEF*`vDne6kv$r|m< zt*4fw`K2Cz-+MUO4K48&XeTwRBhh6;OrCv63(Y>qhT)2mOHgkxClFx$$UlhV{Q`N< zuBK@;Y|KK3K|vk6P@h3Qc>`-xX^x4rF$9t%N`Jl)njaK*Y3G`vax(J@f2JBS?*Zq6 z^h99Rz*6A5aYz5Waoc6HJse@_&OeTd2z*fU`%;;8z_K%hZE}_4d45prh-e67Sn{2? z+o0@EBj3727ui8m|qoU}GZcji%P@Rc?Qu zQ0KbaFurrAXylzjJR4BTYikbMvUFs}N2fS!X+W^D50HYmBnxr=ZZT%!x|sEZ?Yg}_ zE$t2P6T(BEhh4pc#vZ4oq^J8-W~j;N#lIBZXx{X9Du6zPD};Z229d}ge|*rRUD5{U z%{kcfH2}5C1aBb$I>HXEWAY?ail`p^Uo$XYyl%aLUtVJyLQdXkx7wI|Z8;L=_#ekB z!4!_s$R9wP9pUb(ct_R895Qth+gLcd{4RIg)_>ufV6QXp?i_D>qX*&i4F7xl2Cl}b zQL}!RZa^Qe>#S@eb#m-2OY(H4X<2YCL!!9i8x< zFZXp2VLciRd!P4w@qY0UK|Ov=i5l;Xw&uXhwa(Ai#szgRENWXm^Tg!y z^8@uxP5OSXYz!%eBN!)K=)J&Hc|i1epZ0WfF?NYT;){;em{Az0z1)gtYt-h!0bwcy z5($+;@C>%U0iT9KbbEYX#$$^HHB*uXAAEyO=V2w9{=`vAAFkD;|577A;d`AMRuTZr zZea|U6yrv1g-j)C0wLPM3@tor{;8P#A~LfgFU>?A&*h zWznNxfVD-BDu|@La;&i#sl6BbN-4_ULtV1j8j3z~-Mj zaZm}A7+$<@q>NT5)8^)>JnUE8OqoaAr;js>aB)4^u2*`g2+ z|JBzSL^SRl9udalod!;z#fYb;x$RHcgwAgY;S86y_L~e#cE&&_BG|~W-o{?eK_Vm1 zvF4_FPq$R=9j?ZETF=G|+axs(zAH8Ej~RmT)E9B4&?Q%T}bkurb1xO->V0$O64mX--YW@AsUmH@w(G|`qJ2|W}IrtNqhf6Bi#$g`h5r^{D(pUO5k@d zXiCHYH5@9414;o#kPfuU2{;~jz?J0FGzu^)PX0K z!RxOeRp{(Hy_-q5TiF(a)>>Qhh1F#}xzYZU%|+w(P4}S=2QdE>a$)p$$-dz@BH32Po^IX)Pt3$&xmdt=AnxMB0p54^iS z>;f#$*}wb#nq)y!c^~fcRd0+|tEaaQ2#$LB0W?55zJyr{llywmvBs>YcYt9$Z~4ZHT&3 zyS{EmUp1DLzjPqU6U%EaCy`zl{+YKugzej}Jy8Hs?tSR9vzmHSWq6Nx~ z#C+{6W0~!D@s=1GdE!RL1=;%X74BKGA+naMllYB{c6zvS8d49qQIfHQp<7YQ7+7x2SBZ9daqR$Z`WGt_aA>JOvPi3v3oW^0GXWmI~FTs!gQ5V zTB5F06^X>~FT54(+Zrna4$4i^S8Jd@v16w`Ftov#U};db+&X(fv2$H4z@xH%>pYr_ zX`ZlFd)KA??_7kx{XIaSwKLOS8p{Oc6xzlrpCo0T+31FB z&Em@Zr-XY0OgAn*q2ORK7zp2QrX?&Gaq{T;(REZi7^Y|GfsJDY4p2f^u@ZDQX^8ig z={9!$Hc9)oRqy*w;sc)b%*VWO*iEc2?JKq{#`$8s8ZxkctG<&a`XyWAge&pA=3RfQ| z&M)lSxuEtJ0T?8RLU>|@FQe5&F@mZz3An8E%z*k*Tc2!w;4B^1;9`%Fndkpl2k!IL zuhi&e+~G{x2kO~)3xh>0ZCa~t^$;sj;qh*u`o~toyYkOZ^(= zBe{4bdglr3WOJeI6$%lRn<;~yVz5mMd0!W6(vm!~*;JM!dISJeyNqwvFB_bgv=uJ9 zCa>vGYhA&Wz|}=a8}8j(>^?`of(GJcyV1 zfc2zuZ?O08{vH!|(qFpuPaliUxA;9`Q?c8xep5;}=N{H*Xs%YKdjnVF0J?$DwmrRq$-eWKX9+Q}q&$Z|h<7Hvd=d5}yh&xqhm)VNn-s6Kx#w0Xz_ z{U7090PbR&_;VBr{`RN_DQUsoDZlLBk2k`WrD9mIE=_OV*8WcK3!FBZ1Z_oUlq2~E z_TsMFWr1??V>$+gJ}Q-_f%gz$Zc8bugKxE25`9#%ArirP*H!jOKOfp%KEz85>mPSf z{{g(kCl|jwOM~Yf6*-jWFMN&yG*?wXvsZKuW}&*9k8I69OI^KBYM8HtqvTbWB7zu{ z^;Tnai@Y6fBwp#-Ie409gG8Or zvSVFDxrl!F`;D%ymy14L0gea0b(A#_;$uN#aGoMmTc>InxrRd|{GoHIomP)$6K-o1 zC7jTIkI-k#147Y1t5Si3$fG5^{EWH9bM5p>(|f#(TbZvJrS{FlH^qBzD|>T{Wn=+s za-an*q4L=fO7p4nGNblFO}bo(5Az2uckNKX(cmK+0aDUQH&`&1u6no0%%;ZB$zJ42 zS>N2bb7el;veCYF&LIZk+QVj`U*gj+=$AQwJ4koy#Y)8HaOOFT_N8T}_=h?oQnYVK zuapq(J^jY9BRkQCQ15fhy<6u8daSW=bJM+7E~F>m&X^e+8oygC?BZooO`~o@m~5m? zK7d+)H$a6Ye;uVH>$aBL!3Ao0dPTa*O`8p)=cwKk6fB;D>(K!I*+qJNt0~YI+N=2x zd^pJ=HX))`ICmLDnGCysbI7cALh)~70i1T3TW=%uMQ%npa!~iBrKbj5Msw+8CjaY8 zU|c-nKV~hE*pKD`l;S#F*fwQXg(f3=x+Nx#iC7fs17(RE?59hYVl0O83GI?)) z?k=AtUO<6ki-pY$6k9-3j0&r>G7|&JDI-n8dLnzV&A_f?1;`SU>jBzDI%Ya$I%O|T zGPt$X^NRUwo%!DNw3O}~V1*h@?Jo_wv+n})4C~GpR9F}ZMMHB&w?LPGY3Zn(hg!72 z!8=?j!x7PkK4__|E){fkTlspjcSGHJam6|}&EC>P-YRZ%SZ5ya$fzGLl@hL8=FhW~ zeaQU}NM$t_58C_v`6JjzDx$y%=m1~w3#xPDkY|s>sc6nDAEzVR&+mVIpipwRE}gQv zC3&k!S&M#2DdMtz6r)!A;2P=ahn-~Nv zwNw3SSX|j2#VbJ@bG7fLoJkW_hC}{C^aRuk`Ir+hMxQ_XOygC-?>|a3bw9?oBK#;BmVy zEGcXNuH61kk#w8A6aVfmPgbA~u!~=VKe-J!Kytv~nn5J@Dc1LE!pghl`83$d;j_#@ z2z**t7`*4Z>6Zh{abZz!ccl=D=X#3o!RaV2kb#WqC%&FJMrD+DTftTR$ zKq{aK2~mFe?9Sdq&1laMH`7C0LtBMo@2P9|7S}-vBf;i8J_v=_uZHA4NB;)E@K*GP zG~B0xW8B#l8Utj(F|Fr-!+#E8i2u}0D!}o^4J`Q=4A?fiySm!;H3$9?DZ12?B!oCq%G|12>Yffj0TkObUSW^Tvl z(0HLS?nK;fmDs%5JNzE6JA_RgSnf{hK|7s>JDf6_gKx7bZbyGCAFvgX8G4N^E7K`r zHN$^c3q9c>$>0Himc9-PLEdMUBZQn++-qmAtje%Qugyiut7QY5UBMu7jhPs-?|lfx zn!YT$n^K+rux7aM#bfpzBo=8r&A+gc6?NINmkwR{{}_|eYF#;_PK}=+-~LdKQX``o zCS?Z4hwE7$^<8%2J?QCBFl|F*c=vh>NelW$qEacWT12HTl`aL84cZ52#kY;lrt>RB z`(ywVmRH4Epe)|}9BC=dV19r(c5)7&D>RC z&Oxoo^Xzt?O^uO~K;o6-EA!x}Ff?>E?$#G|QDa{IoHJMQyu10(A(XANTNT@TyMe9{ zVaC3@ZH)B*aM@jN*ELia%2*1#OvrCzydZ!LQlIpSJG``$L7*{FpQ!6%D!CJS8ll0J zO;KPna%MXdKMPKNZP)bSv;&h5uAyJ)boH}De32+{`}4mqZ%T?U^cuDm6{dF2yB_d~ z3-3W<-p5fzNdex&PylQ>jJCNM}STY5l_0qH~Ejc~YTML*g7LZ9%#o>1KbZ>SY zNC^x3w_p#JZjy|mRH@~^eCsZ*LBuPg;{xfy-5ZI0!s^GF{JEn} zzVK7F$Xj3bAe*op=GQ{3xG*dPrbh4Rf1H3Lsrc1>R?CycWxgCe!|CeRw`&hQ4jZWM z6f=8RdaK+3#=<9!;l4yR6_YOgNxV}T4{vj!R@uSk&q>qJa)#=+@B%nfZWDCBCI@Y5 zWcs}6ODzFl+AuKET_hdI_hjf$%`p7T(ORGc^m=sh_4eIWe$1O}4JKOo)@9Enqee%s z>txtx(GDb_@*a0fEnhIjny>9GGghq$w`U8%livB37h*BWO^!Jyv65N5cR;=svf@TH zt#88DLYi>g!nReSLw18qBT3v~?Q}UpURX71R9g;0Td5fWR@|yEed&7yE8s0^rTDjN z_DuUk`V9{ufi1^G!@D;!@_?fpR=TvH`qjBc3m70OU-XzZYB?}cRaTgOe_SB5CA0z_ zqmRY`9EtAI3Hte(i^Fmlh94phf;iQk|ikDJK66Ni5Xvs zmKd}hTmopx&5wNV(A?+?I^5qqXLLYa<_|vbXC?F-U|sL2P8}7RDSw5iAMDiYX@UX- zkdJ<#+Cosn96U{XSl)*qM(Y^u-dMqPuWZy31cRRg<7KFPHt2ns&%_iOxBo@i#9B>f znjp1{MMIuPQOUJbW?^8eI_Wu0etNQ0J86bf*c0s+@8Azjm}?RaF>} zQ~Y7v^gF6~uZ!aX)`yaxa0&mq9GQs~f+bs)NUFvSd*>7uE>KAF{NC#VZ(sU%CSO+3 zrCYgv;%=Q!{uu$gL@MFoXwyz&Q4)XfC!y~1NLKw=msvz|KxnbvuB_kd*LRP&yroc7TPwg!w6=1eH_vbE zPW(>Qi*awPM}1lQ8vo9rJ?0E#zbkxu8JE#Q2(o$O_U*N^4Vo+CKI_q}ChH%T?&t{f zS32x=k&TP_a-*gD(r|Ajo$RYp^<-D#C|Exz zPIhX&TkkdM9Pt%t!uHXt9EI~^!JUgXuJj!FHajh03@zf#mG$rbCg7W9OWr1(JTLkY zKT(d*@UkF@Nn43Ws?L?*)15v+brln zsvwl8S^;b}2r9OI0H>ft9Wq~tFvk{A_A$Rwq{ZES_q~1$KRTH|Xgwg;^dM`k^<}&A z*iZ;Se@aK8ZC8Nd_kF!V`T>`=C9{x-&J8eOcr(w ztJY!$dZj8ae_GWaI--pJdnCOvrFoY&G=y?gVC0woWwgS$q@v3^PU3^?;tp0bC!VZ) zkOq$f#Jpfz*cF;~mlDuwoZ-d=WQoS;3gn@H`H;JqlJdk}aurjRK7mj~wJb_HfjYhD zr1$PJtJ%@ddjH|*?fpGl=a)&{`6D>ufo%tK&VcQnQ^R2KR;K9JsvA-AJxVPd7ouXH zS$Mk+y8t~%653j+UX62bkZ^^|4W3#8DXG;ooq>0SOT>QFip8`z=I^e8b#F?$#SSX| zkV_I0KO!RCBZIlc3Jo>eS2=TQ+q<7D(&??#=oNVqhD8GdwuR-aL;m4IV@O|71Eso> zR?+(r7lj_g-*S@ktItjUM(NefKHvZl7*O;gE!XR;htKX#5Z>8SoVTo<$WNxOxpNw2 zqYT?ex~fF`N955*vLD}a38<|Tx4ldVTXvnP?;V7n(AI9cMoAic-@;BuClL}cTj-ZQ z&0A_eKYFDN|Bgv7DXDb3V|P*&5*Yi&qOU1r(3z@)!uCB#y;1FoT5pGe(eS*}0%t4o zlhy1n1t)qxeuRp37A3@%{%0UR)O^mi7=k+S>trly(n&b2t7qpw`TLOjs%hMPqn(;) zxgFOMAVvxBtI%mtoLB#+LC;F@ijC5*!qF1T)drALnhd^8fH+<}7KXVjq($%G@widd z+5aSu4vVwb@dZ4uj$NFmD-}K8BBnebyjL@ z1mG=2l_qDU?Jin2@62^5*tH>~rijt3OscdS+jqXt95fuqI?UC^UU^tw2QY09o)ulq@dbQ%YFIjDT%WgTJq)H+wN1U zcRYOHBj009L5hwFwZQ!dWv%QxVw?Yd+L8`mNOzlY@#`rot#j#Je-~G(hjll{WF)J- z;zf9pE%<3R>h9v0{1!%8%N%PQ(h3tvRjpkqG}z*wlSw+xz4*q<%iVpTDUm?6PvZOI zkX1rNcHBc}Dz{IQSznD^e9UCb)>XmZ4MwAA&~^?>(YzJVD$ca%bIl+RlH3O>@oOzo zrX*A~Y0)@f&@1zWefjQT0%B9!NP$&RC=3slhDQJ@AkB90bKsA2pEN*ZYP_rk1?)`YVbGECR=~fFqAqA)+mT>0WOX^XS3w~=M;~XaM!aRW(5!Lkl_q&Jx zz4bkLLDe$eVp|JZ4AQ?4y>&Q=J>Dv#lADnvXI>pq5%Z1-GP1wx4t69?$<;zx6&>#V zZYmwBy)cx>Bu43>{tYz7bz5p~eS251O@rPu9V)JH@Y7<_G8sn<^#CYSV$t!E#s zXD6y1SYaNJ9Nvp!aSJ)3$dnr#U+9x~2?x;x%f)@9#d+~okDWc7SAz-vXFh!`TEI98 zxo&?{EG)bjcDY4-A?V40qi|Y@VUhW_Z_1@pCa@Tm&}UAzxLSE%>|xBCPlc9)$LYuK+8`y_#s?p5R8 zzN%lPCx`gk9`HFkEqXRIr=+J|%ykS*;HCZVlI;E}z(g`%7ykUxSqH_c^2y}@fG0+I zNiN5g9w}|y=RPh`A+a9jNJ+95DXU@9U(ixp`V<rkRIOo|sWL&IT~ClL>W;JBTpZ^wDPArL3(lXDF)=xA1-5k&g2H zQ)mq1-`~o2n)D?U0Pe_#mg*~mF-kGAE;S^|5AXl%?iNYSOyORvcUk=s98&uRxZYhq z*VZ~(mO{71zq&6^03R#})sEDv9Rme(0cpVjcN4FdONVEfNT1>;gShE#lF#cmfA5-s zmIj>E%rksSk8x%VVxl$128LH`BK*60LH z-=&s!R}+mHIcx>swwqt;-8^WJnz18PY@ljvdaOWOZUBnJ6*&(;DTxMw#?!Bn$`uxx zGK72(@Y?Da>I9hwiIN9}o6anE!!NT&dy@?p zdQpHxp|BmamCfkH*k>S-pbC*ACZV7+_=HX6%FmX^Vo_rtfrDLsyPGQV&Aa??*FYTU z_(2^NTz7?q8QNE`E1ahcVl!y!@)#clsgA=f^DI)_mS2@oi~rh!iOlH$4;6l}w&|th z*eqK?2nV8-GH$bCU~4Pk zfY`b7*q6Tj%>ZuF4_2s+)k`2@m`2LVexJR zGZILDrZ65tX-tD%9TE}R-ffMXY>Br|DQ5!HHk29-m`omVt5BOf?EfSrEbW$KlZ{5qnnb=VCq30%m3{`tZHxn9dex1Qh_2rz-fdWQE7= zcqB#R4=QcWBn@31kJJYd!6yFAE#7{gRvWy|a0V0N%+*>SSQ3Uu)-$LcL7ff>Q9~s8@Hzq5X>q4JgU^=_?#!#%{W&8Aw+zI<-gdEUzR)?uqzVt!yh;)JfX~pTcd+2do5@de6R6} zjR$3Lez>?3FxQUm;-&d<&r1FZ5696r2?8U=pjw$B)jfMiIBb%L${FGu?F6Otb+_FT zZ3%x~MJ?(U%&LF09A+Qi?bdsqJ|FJs|MxLEIxv(bl`1jJArP1d+(-aLidJ}-1}v5p zz-$_r(sEaU+yx+(ykk^&1x;%K+R*8<>Fbp+)TUim1j7&FLZVNAL{XjE6Ib1IwEx2o z4r|hna#Qn`EI{Bqd3}s8_EONf@h?sXMa|ozd}PXc;u=V`_+bP22-I#3-oxZzIhe=i zeaA&k6>8}5O${}(VJH%i=Uex_t18n}=uh{q&>5(HYJ#E3%&;E(U1fv>eV6 z6eCk;f0I&)F7|CUX^$wlan|QkVPWT2kALM*!NSCPbFEZ%)eTe3DS1Ih zC0gJi=+c%pt=%?BN(96TZgo|j#2mBiMxPH|1_(M#uqsI}6I!1-I7QszjPkiab?T&( zkpKJz#q2YGM-({Y)Ep~mB5A@eLpt~khc6XdX{EXO+VPN!^@#PKL)$-9o;+TiLA+2| znAfN<@Ya_!%78X>8BE@82&F9J;1wN$8uTwVIrmtd zEhG}kQ#v|zbKP!z7xc_rKHVC6fMECEA2?vv)KH&Pj%Rc0K$Ym`t^%>rS^r2(j-Kl1 zqK2U{{dEgw|CSE$7NvSd5=>V$W7zZwbk`bZu-*WlO56{rv-~Y!hrWnLA1a#*rV3W)I_A6~v;;j&LJ44HD8Vv)#V);58s|;yfWKz^# zXPx|0XLkV{mf%o;a`Y0w&(l>0)@YI%rUoV zXn=_=m|A-2!E2%n4{*Y3oVzu4^%_w*YOPw@jPq~?z6vc{F(ZASF`2$DydAV&8ObU5 z<0;?o;H-`Mj0YA^j!u|Z_wg>@Bd7Pfv7W3+)z3HAOB;&fNbB+xTVOTFeaY!Q=fsnn zybdE8!fh)#REmM;bBkh2NIikN)53sKo$Q`CV`%om_QXC~Q|xih19t<@8;LA1HYy_` z%+?pA$Mr-pUAVy2ll||Gc-S$BLuYlr#U@pW8kjfsuSvb+kT5rtc1upGLYMnY;ct)0 z_3HDIO7TA&X~Pn=PK{vrKU=sx>zN}A$ebLgLJ=e-5_NOmj5$^*RVcBr7{ottLCJMm zxpAn*yT|VBL`I}HxtSD=yq<8Kjb=4EM9C4opFSc8h@{)3KI^rxP}B)4biO3tnkkxG zhP7ig$}NOmd;OH3XL37`hRA|`o@D$p#lxgCN~e;8-`nNrs91)1c_pZ!TbLVrrcT~d zVsK3QAKQV9hiBVxH=oYdO}oa5(M5L{1KKe}Xc_@Dul6w8d365yE%xgPT{pvQ$VXeC z!TCT7Q}`}}+>i6A8oRJcQW)u&_<~l=XiCFgQkt^o{ldaR_fAE8<;lrWar>tw9k;KM zwajU4I@Q>x0l`A7ce|A@b|D>5s*VqP=q7%hVzuu(N_qb8^E&4vsSLtU^9M}6UJM)t zx)bOBiZASN<82wnGd#SK#w}eq{w;qYcS0_R#+drn)qjH;h-*HLU$i#Br!Zt~mhxbi z7WU9SA3vV!ULMIbk{)Pwl1cb+a^ss+etkpUj#r<*MsmAgn;&y47ehJ^P2@usl@xo8 zdpg|OQyR#aK_<2HJN*pFg*I1IjBjrRlwSuYOGz7Xf8T^@$CybeuDoQLT`gRjm1t@i{m5 zWt!3$UynJggk^Mn>}2Vs@fdr-i}~&%bkEsr(8=w)O}MwIJ$tx-QKRed&}%9=8D7gz zg%u`Qc(amrYxtCY`0i%{ow`n`kx?b~@Qo2^9Tj7WR-$&tv!wcXNtj!8+p{T>7$ zn+k2mA$RQXvB11>XU~0WRAPi+-EgM36m*d-vJW{3N(35G+qB=S(7sAqgUAly4f^(! zC|9*7*-LCLnHL@>g95c@QzLE{8u*z{aQ?UnT;SeP$Ij8sk2n&o(f5G6HMgF9(rdKh zXK=t|!rU#{RA@MP^}Lf@#{>s!kau09-guqY?WU50^V_qtcb(1S7rc1RLyu+Qou+)Z zH`VEtNQl2Rci0jo7$VwH;9LvbKs!%}bO|8iXWY z`}L`#P=X%K*Fvx;F{B1s@@H0>aM<1PQk?!~`KYPjx8TbDYb>M}YR@r0_=3~vPF_R~ z=5lrY8DQG~w}RX5=7Q8Op1)xZ2KTCI4APF?d)xQgoY#@suSV~SsJ8`f7g3L|W_pA_2ss4rddo*26DY*4B%4V|60b@X-g zM&*aA(}lrcq@eT7SVQ4ze6B z_1~9#hjJB!mBJ(?nz)PAO7U~-RNKQFf0Zk8?lcU3z82qE&e3_=c&3sTHI=Dh-RVKE zKKRX*aPP2g4SU?+{HT2Q#d|x0V+o(5>QvA(Xd=uNWjrJ~^p*)%k$64dI=c zmiN@{_hobw;6OBehum0}R)4wmvBI$IisDuUp3fKLyIsO!UmPyX+3%whq2f_qD7Mgw zfG^9&y}YMgg&)h8PRWt@wXXjjk$aWWh8bBKY#sWWIuf}KW&0<^?R^1jvli!1&(iMa zJj&(#T$~r)w0(4Brjmo=2n|BQ^1@Hx;a!GO$|ue3e|x+~GKP!cH^+RX73lV~Z&<30 znXPKP)j)=%lyHXV@%e4*ByIKR3gyFvJ?c0*(K;Rv!X>q88CIGW3}TifVrH*8H`6I0 zF{@;uW78{Q8kLjFTNTtk@qLAFJ1^hV>S$nxU|GI-(oL%G|Myj&C>SFO&dFuRoAu$( zY~G)8iBa(i4C0Sx%cN%ZiuKLJ{-W4vx)>sj-pHIaHcwZ*Eb-8PiZ7(x!8d#G0kM_T zSO?+sLd=Lhe^~X>*EtjHW_7ot@A6|Dg?+o{wd>lY?@Bu=(yf?J;@{)bbenO?-dAn7 z7||6h)|}nsUUIZs0gc$DQ&CZeTLiw#?+D9OWGgO)jg;?pw#EcqMbuU=M?Fx^F7}sy znqzy}e45&wIcWZUg}-9-%D-P9NcFw-&mO9Mk_fxRC(1JssH+ z*n1zz7J?8fU5etnr!qvvOl*^y`ts>||0%762*18{)+PQpH30*yuQ&B|f+J2a9Ugn= z9Od(I5vWVL7oLl`MBbeCvN{LCTvthQ&PBzZk|&A3plHoC7D}R2tc(oME@NFt-)YRu zv9T4fhz$}9;B&^WRvnV#AI;JnZ_=-+1833$@s>++lqAey<2$J=#BppY)8QF{^OSKB zKRqlkS`Fh-G;h9CKB{FCj=V)INBMso#Sx{gD9S}C-7WHC_l8UdXhX?Q?OPLfR&DwMbJ0>EcWcWn@ay`=dgn-*+ zeRFu4@&3#1EPe7ZJ=gvq1e%9Rag&9I>0!}R%52|fY@Oo`zL%!$2o8scsQu>gXRG{l z3z0Wdreop+0wdMrok^wdhAB(5WJE*|UpGH>=@grRCk#q=Kg8`55h0J5KVX8y`B@@A zk~49v1rwngaVuZo46%j!Q?X7?_li>)_20TI5%u*2ERIM8DW{#ySuwEeeq&w*BdaXuIk31|(b1YpYtOzp~lw6ZB&~eNtT&EQ?1m!F|M$ z)z`fsxz#Mc?6W^BV{Pxfe=b@7!{e8&oZrQ_y3RC&jcfCUkdSMTQx6}Goq!+9ef(qR z&d5;l$Nu-*XozAte%^Ryn&V3`9V43SkEaI}Nhp6Cn@SXWj|?K!_e|M2dd3A~78agP z0sc11`onYl-sP+$VcOt*ol|oEviz2&rWN5z5?`QR*wT0HSmSYyjrdzG{FsE6#azpz zR-e4vBT#DMo%}9g!rss|BAihOu8HK%E7{&{-*93hnM6QP&l7V2WS zZf2kOsqolW+l!QhIl`qn{_@HX@1|7@hg4GLo(1s=pH!YrO#9608NoJf!w;ue^{LoH zD1nk072yb2sJOqcfSpH~10#G^ZmQf(+TYxzS@)lGHNkUW-W2FoivPkA2v9LJ$H#^H z%nD;Dxp@kg3bpdoem(*X<4kUL-R>Zz+RiRW&4c2h>F~Af%;!MSSJa|({rDyM&G1lM z|C<`Vwwacdx!O+=b)`$>JHde{WR3C$*0%7r9Ho8drKqxR=Vy^SMqX$6+s^Fm%NLCd zw}@w5**p{~Za*qdmlv*hCR>5A$6QZWP3I?G@oGn~PU16y>6{fp{tFU{dKm8eMw@Y~ zY4Z8p9j5CBl*E@=X3|x&mFI|xMSAPlZr&yXmTWaPTC(HG$^4(IEUwvvY2BmRA!9hf4}*m$q!>qdF5A5 zU1EzzvaLE#-8ANY@UM!FV( zWjUNLIc+hBMO0I_d_?A~*vY>0zPW^6-TP_Oq4Z^O;Z>3dD!0htX|Gx)wJ}STq-#9P zA&ru45%i;u)Mv9I$aiP>+P+qBsWN+|l|?z`b0czb_3ozfbS8{2=p^OLtM6 zp?)rQ0x$ak;SC&kx$F~Oz20qnWCmIvd;OXhd>Tu?oX=G`(>xTeJ}9hFeJy62(J!Gdz_-Qbg^&V}&pBF`4==X=|ajid0a^1=|3TO?FIVUi2R zI@&r(R3G=RGk2{2JspbZQ9!b(xVG`Bs|>vDFnr6E<~Ql|#np2|l)ueFk*77mrF5}> zgM>)oDlrw>AL}96bg8HIVjJSqtcw8DWmUdTAIMRG$(5eOpV5Nywp4uEyhwWE|L>afD0uZ)6r3HpLOZv>*h29X=m;0KR#U;z(iZE zpSm7*TXBSyi0mKhVw|@r_MCj9^cWh$U;j4%&%vXzT8_3CoAqa@2#WB5sQ%H$KgZGG zB>p-{5IMU0?D|8Mcx@$GrmV3?@An*&D6$;xb}+0I=Di{lWKToQ7nGT&A%*CwmDRD8 z!KSjzC(;eiI=`EZ2WW}sRJf0CZ96bKCJuZWer%hvxX02TeZ9`O>c2VTeta}kJXpN(|TK}m#qxWiaxA9Ft z^Cg2=BFe_#19IYxnr7U|xKk@#l{3PV>k4O9;<@k<53YV>C?{0(C`ki~pl<(2=K}Eu z*Qs6z^fQ<8E~5$d@)ik;L6So3Gb;IVxxlC1lN>S^3}Ryghl4pU#&UzB{^@v{`4*Kt z#@tkZj0PPdnwrZ+67*tVk<0IQ^Q5925>?ICg+%7zcI)_J&6+sB)XfCoDUPG|1gT$y zNMUM=CFH8kfR8-MP5Wr3EgP2jS~lhleRkx(R$LSJxyH!7SmLGnxSc+~;w&6bO$_y3 zlPU7g>QUO$!|1;}!$?0%{JhqtZN~a@g+2Y|2YLNH zM<-Jx!UDtynif8VP@ZZVMopgapTtXMXp{^rA~!P$nd1NJEPeSA7X8@4z=8FL+-nv} zSdxVbsmGU}K75EjDudrL9VEHc2R<|3W@AZx5p3hhwy2dq&OBN%rk2^43dXQSI+LoP zzSQZd<+Z3yqWzqJX5Vl@JLzyL$AYt6>tipZBmyc>ZA}`;@bhDl9j^9vy|E9{$*2G{ z!sfz=#>}-qW)fstHee7{EC=h-7dV3zN=26Mixd%S+`zU38{~I4xeCVGtgy6Si@O3 zY4`84ZkLMH*Gd#)pV;$+#qJ?cgKa~gPc+;{A&jw=kq;b){poL77_j%PKbW28w!T?G z|Fe{+EqTs+zj!GuRix^M`Ks7<6H~&4I?9zs#Xk;Rh94UUu%BX)qvQM2ev}>Sl7^)H z@*x8oNQ35j#Yy^{m27P9>Qi?EZ$&A_z+seVJt=jJLtrZZri7vv%Sh-X4i7_Nd;n8B z@PTO0NwhQh<>eh@(;bXGwiG>zM2evOoCsx+TRMXR)?Dq^3a;p60aaaFowY4lNI=B% zMyS+DP<5M1SNEmLz`hsHck7kSI(_nHHs@^-?bueI(j{G&X+oT%OLu5G#BNAo9Vp{8 znNN7}tYT2f@j0*KHbnp1;AD(7sz=R35_2vtWN4tKjRuSd=GFFD)|duS}mZ!7A)2d=$g^X4V`bjdYD(GY~E)(apKtfG6ZD z&azx8x?h#LpJ|&sDVA;bIN7&urLfsS)m^|5bW|p_dgQqQC7Sfq#!v)p{g_JE_Lxa zneu*!A zGQ6pl?6Q}>t|pNH_1b~BKO{tWwW5)iAKrha%eySny~!{-(ZA>}-&j+6T1O``;@f*X z$6;$Lb3s_x#OaKj1tE2RFL8u$*B#$nJVh-pblqaAw7?c30Pc)Vdv|kP!?=qt{h;8%=u~Wm?UXqqmXS^EUi#^eRbS z2YU&b^x$n_Lj#Uii?tOl&?@rT3vd##hy+Z7m?EOqDEObMQSNqp<2GL`46#+>5&FJd1eh^9VIxv7{@@pT&YiMXIh&l24PyyYkJ zHwlWAY9S?YFy2${8=ZbXJzpb+s{gEf#GNw=4>Pfm9MpmhE8nRs4_Bmdydu&6@C73e zwn}HA6n;7G<>L2;B56;GmD}HRu1kd@YoEdt7#PL$-@df3zQwGeRBUg{vst@~pjLsN2K-|ahrbfq*JKFXv2*s7s>`4 zmA|sWvWt0-@}@!WGcER6ZZfLiNMP1_YEsFd9WZmZAI|K`H2xVZ^8f}M<>r*sBp!N7 zu|l@lzuYJzQy;~zS2kV72c4BWhW_J6L@wjt)$ zysuoQO9RbBZPL{VR^-3&TuvN0r$(z;mvjb%;xBB!yh`$wfC46QSC|YKqzJsSI7|my zs4shLgw6#$;;G%D{_2iq2LBovMsh+S{w36TB-U3LY2@!z_P?;LGW4Ri7U}N2#j~m= zk--@2YW!ru8;QKoyKOw2v6Z=$@&2;v5>>B@9&M>`#yZ)0D9;@@CsFqxHr_Io7ByTiH$3Pn>|>N81;VMth`K=_eO@ z(va8C?zv=Tae`2rrVHHbGE05N`aMz;`OQ%TLb2tG@*xt_nzCY>RxLDHJ3@D9uf;Pq zjPsmjdG4~Q%0gPzC``$MM$9*Y02>=5iejPWk!>983H6S~w1g%pwfrw8{UH&|A7dbVmHj(<)1|6%I7uP&=+M4`TQf^}%>#uT@0DOoNUf_fqzeypsk z%$9fS0I+j*R;s=e*Ej?#9&ojH$Uedlky{oX?*GP2?_z7V4wv+g{Uf=z0U|+U+4+-( z#yj&K5|`%jQH-C|FVBqPF+!ck1|2t$xV_Yhhd($ISq5GGmPb<@2La{!^`-F>&Kfn} zD<@acsnw-%b<6RRl-2p;G0)p+eO=`ZGOy^vFNI8mm@I?ygHddDvFpy0@XlAhcW%dP zkPJnzKnCMO@w7~bJk7M}%0=;3K6cV67PBwZ61{?vnyd;6$jh^rRIai0DaFWC2(_QNh zop-ycou+q3B`HkNSVFbG#C7zr=c`#{ilVPT|&%dT&x)+;;qCbE}y9o3+B z=6*qzsgdQ$fRtTIh>2kGQVldxs0y}d!k}1s|0U*uZFXy(M@28P6ec8 z-TXqu0C~lU{Oz)bO$+1O5n1^na$e^`xwTHvYW{Gy5e(ysO zV(2$d(UJdsJv`Izqm7=$@Sf&h+4s-CD|m+djoF%~!q{E=LW668pP!#QJi16MhPbB< z*oAL*TFp#*R&ul|2w=HPrnZ5JWADNHOlK%WKT3FqAfsDJ;yzNHJ$HNABnE zlxvS)V?@n$NB#S9a!Q4w%raEvEZ?|HGwgo}AWL?bW(*>Xze;oi+$H;cI`n7Zpp+%l zGtharxVX4-hp{CxOl-%`Ng?y$^nbl`W!=}GfV@JhWaN!(nJa@r?4XIw=^F+-YYap; zQdK2}Yx{7pE$1A}6se~COZ%RbgjU9#f78(`M*}4#x~}}qe|SEolczlFDq#A9)bUVD0Bvd~9x?3#QP?J=>f_l}J ziyObu_sGc4HX#w(i4I4h_hnLBn#S-LG93|JGJbBlAGsp>Ykd23V)ljLw~M`E>`0u* z(b7^zK{;0_O`5YBtkCLkTrqR4Cx5Lg=Q>`?R_1vicbO@Tmx5D$^MTxO{uqRnkg^He zHN1#*J^Df4PsI#2_*&*}%nGI+T7Izcnbt|hyf^bDB(ef<2nIxm3lD!gJ;*SdP2O4x z>YM-bUF})l;*Dre7W-z@_J)OmIKQ3Y_xqYF8P;Kgf0eBnJta)d})i|zoiV@ zC!<)LW0>%h>T4J ztXDvGBskAwPk%g-{$Q+ zD?F>>9a%!>>sIm!ztXDh@1MN!YJcB&BHs*QN2$*kHwjIXORB7Zs@g*~iqnuFGe&br zYf$h|m1!vi-@;##dnQaCJgHktBRQ61pO?yXz&P%p|42wVlB>Jcx6HFo!y-mUj@dix zlF?Hq!RnsYYK$O$47l#x)X7#b3Q za45R@D&6$JfOBSc)88WV^;ns*@(xfHUuiBj0k+3yop9SMj1@;_0{P<)Sex&VgK(PWV4i@kl03+f2FZ zCA^oooQK55VMJYGxsYT_-(=du_}wSJE{rD_NHgeW$jLoE{?+j%Y-RxCdPG(o;?e}U zcu1Kgqkl&0i>Ip9GqpHqLU!dY@Mi_%Hz#(xezuG(Dzo)W%@>+P3~-Cg+_YM+<%BcH zAsB#j1npiiP#h(HyU!C>O*-u;)PD>F`=VB9`0+;}&_7`6Jo1p|Rw18{mvmh>Redl& zh5M#TAMS8SOFJ_AepaBF1)GS&I!Lp*5va;b`i#I}3PVzcT1pZGn)6=LqM*#zGhC`o z2mUXJ5)St{2t@b$`m;q=@Ab0~nNQvx7!?t6tAjgrCaHAzUIc==5nvB8r7AHA(;or? zO7)>FXI(aY*r=ISR%5iR4{k1#B| zN!oW-rv#S6V4W5pg=RSpN%n3OQvHX0%nTd2nDl=OZ(iu_?d4ds+m_T-*D$fM>nON9 z;Fg!_UWXM`eY5fhz6t*0EgMy5S#hiAg&QY%tqHv&)qJ*vE^1AVshobQm}11HN}eo? zwpB8nU;fL}*IeBxS#+GJed+ivi+c4BMqq2ks2u4)g?d5AGwI*4qAZdnAvsdbHCgHP zT4(_m@Izdc)h?~DFq$sqt>oITA=M5ZkLT|n3<(x;@vy))U#q$9B|lHuypbdSM!gvv z#`r*T(7#s)+>MaG&L2&5hsqw?N5q&-iKwbw9~bfaek!=}0UkJh2FeROL;PNqko;Mn zWA=Y9B*>{>pwkq{EtwN620EG#;-d-+M1sZtdqYKZhqj`2I=oXWKQiG%?!?oFHB*Nq z{G)`rOtyvFVW2@;1l3N4EMan5QfAU(f$eGXAZbbMp-rN`31)|n+oXydX;DSS&$nQu zac)4JBRV3Ly>oCb^Ryk4GhN=T2fiyY(E$hVjEE&}*}3h_lsa9BjEc;7cXMgcqy=(? zSvc3-V9$SZKeKNIkG+5F_*+suCaJArsRca5strkWP2aBVh^cQcz~K5Lhd0Nvv8lVd zxVE*QjxxJYQ7on3algJp=0)~@CL=bb_9>9;GgG#52p}?*88`rfTy6eN^Ph?mWj3_) zMXt)|gI~u+!^1qz+wGnZ-)zbjm&O%;pJ|2iNh9CIz}#)D$WO49be(y7v3`H5x+tT+ zzh`=TgW-U2@H#5Qu7hQSp1IzjsHBq8{8jX65WsSU_9>Xo@AphP%%||{p zkV4NG)%fV+0pee-;x0?vBD3#;XWVLO^m@;6Yjf-?d|L%sp8*pR*T3`I=ZL-7M$a71 zad@>wp9;~+z^EftR{Dfy{>=MXex9IrZNX=4YV?pe1Ce20UnVB)5n+hd&0C!=OEW3D z_-P4L$+z+{?l7B~>0i_K(i#`KyXGOe28t0e<|5;Qx7cGwh|0L3`C#8`FtK!of)UA?!z6VpmXyAcH{f~6Ivo?^{yx9 z4$RKfQ!|Sr`FgLk4int@7iOz@uUUUvvZarB-TiazzcZzHhtooa@%n98Le>ZAkVf(+ z(pS0EQxpPbF1X^WhNHqY>6bLwbTc&*DKrW?~BrN0p%X-dl&fR(zkk^|f3U zY6)xyZ;(cmJ#4 z>x)(mIQJP9|28XtIW+A9pjR`KPIGau!o=ny%Us3oboI{%Nm&>4q41TA6%6DfnZh`r zT?`Z%LN1oFLJPNtt5!|U{uA4y8 zD)|E;fgR4Gdts_i;f3&_CE{nOZs&{Oyx-Ao+NL2^E^RoL6HY?=@=n0B;%m-hA6YnK z;Sg%tD0ZX|_f}TQo5|HwlbG42L#I?*1SiL+$z?C@S+B|c9B`=+(37N(uC#iNQis>b zj>p4q$16hl$5bfhFpGK)_x1E%LNBV4u%mNfXd}dt3DMe&VPlah@>_t+* zkLZe5GhBaZ(~0c#fllB*wFv!~YhG4wXJR7w*9|;~(Y`EQXA}&_SnsLZfYDC~KFKR;XnZXaH4gtHiM#SfH;n4c`%b()&FN?ug zjtkGnCuBQEsz}_Wl#j%qOK{}As${n4S}Ac=A}wmcym{XQM|TV=E2qrTUfzI4!x&Qslu;N=uHPfkyUInRe2Sj}sG`e$@3DnqXi^7rcnt z&DdE8RYq|Kr#3ZNYvbMhxqdvm9M> z>#*>}`!gc#`ZkjZ1ok0@tg)V3uaA?XGN0KF#IBLMJ0ZdHN(>&BIOn%hJ z6708(CRr|<%*Dj43G_*`mm855JpKR!Rmt^>=YTw8)bj58b6l8!h1gN8uQdLPI1j!O zn{f=jGLFgfEjq!JKGQyH&8r3MJJpw?NYuMMdPt3&--Ev=M!QV-$<%|LjJ8^fU%d~OG z`j7|TnP=xOQ6z0>k{Cu8sr}(LU<>`xRJkLO&wrV@7_*47(4#%d$M=tP9}?aPG1;lg z$vK9IfPcru`@Ezftn^=~uols&k12}>T%coWg+dG=@jdm}fRNnAvWzS%wac8RYkni9PaYTe96IL8rK%;7 zdt^bA{#{|iuEMyd0u)O3CNMWbtYd|!re__5N`NAonNzJp81oDBuidoeV+;=^MxOfq zz2D$={N$TXiws@`=LOD3=~yHLR{C=%DSD-&?@d-@-K^vj=|F{lX@uol?w%+(6K{NB zn76cCH86M^y?Gjs)O@<}r?N6a&bg+S`EcP_p$Ng9C!q!5Z9lTiQgH88y=#w znh4BbLNPlba>KC78R*i4V&+`Y=#nl|HANu!Wy|rR>tUy1~{s16GOqB^TdlGB=j~^Q=gZp7_0mOD(#f z&|7}I?i21j$fk)QcLdnYYhK8?7Vd_?^t}>0!rGk+^ z-sckhD_vRq=rs%rziH$QF1t$@vt~V%SQkU@f?4B#-o?51{a*Y_c*kSbn^>EIV*BD= zBZyEb#i<39Hy~$vEA?<6mz)#hob7jp&KANBf3V`R%GSd7!MeV~h3A%uEq8Za4%o5+ zEuFc1H6vXd@b(PaXm%b#eb^s~%2Ax_&^&+X$)AnpizkZJus0~t?3-P^2sFMK4g2NE zU-RbLw$8eT_JZ9zb=kDAeJN# zW6%x!to)V+a;sx=lm?S}#9$O$pZN*!TX}8jV|~571dM3&C4G>#SaNL#c}lK*Z`(a< z=X8DtCPX0d7Ne#ds0GZ*&|R-?lUI*|RUIVuJ*gi_j$`)at@pvMdCJ1uqGp=P-U98% zcd$0jAUzk@82FhH$^^V(mrnKvV&LZ+#<)#Ee1aaiDKV2-M30WIe$CXx&3hlOOl?Tg zP*dl47rR$rL@P|(Yn5VIh;OXAAYb?OwqMD-ouz#v=-u@xZ1zObVq>-a@y#BTACloe zM$2~7;K8pC%o}G78y~#~2N2tU4-*Fwn7XP`w^vz~F2OBIm&3n==x_&PpbG2?#7MxwjpsG*`YL=b5?jA8aX>bEPq;vG7>kprw=@7EkMY zyy~`l&E&`$e>~<2j1`SaVOxGuko~{O?4d?6VW7;ur;b0{6?Wnf0>)!j^GQHf~*WW7* z0b^JavnYvy&rh&*w*G36DT%D+#-KTgI<>T=WK#NNN|0ELFQLRUxF^f^cY;k9f9fzD z$@bOKWO>*XEjHU3YdnVD&1{615K9YHKn7kmLbZvNn8cI+CiRPkx8Ssfums1uq2(IJ8IDT1TPgk?bAv_V@N3Aj+xy z##QCu6z#+vR%jd6%Oqw$e9Z0FPrK7}91jkT9VP{EvwU_Zh+WKupm*R@^X+HLv_{EP zJ-;#uI@Q%sCW&7-t1wg8265pA!OBzx*iS5}DTI{@pjn6b7>qcgscL2U%Z zwu#h|p);1j8Ps6w9IDhy{Hlf)C0)ST`j&@%^TrmeF`oA)tJEtVO(x3saA*!(+M2{d zrWEK#f2?{lGTl>`hdSL2?(@}f07KQ;JY@^?_^&#|ZE@+f9vw;lIYoaSgRw@pg7TdL zIVO`@1g#e~Ial4SAj{mP_WXxJcjxgs|KGz2sQ?Ad6PJAmuz~IK0UIZ#g zJVx!&n>D~7=evzI#ABIKC%A*&$wSCTN-_3w%oX@35)^VZNDo8vWSG|t#}X`J;AE}R zD)9Am_ui|67vidH(L`z5!gpIqDYxh8zlW{pO3wx2>Jjy1)d^00LrFcTjkcdxfV^%^ zFClz34Io-$NkgpkZdtUQl2v)hu&dOtCtKFt^EvKK6D#gblC@5#hnKELvR|(B!13sg zZH0o;tiZ$vl1|!#cWW6Sb>PQ-rsIGAzn=U8fKoz8WuwAnpRQwqoQ);kJW0TmvT;6# zmnS)w+PWDR@b&H)g;@W2an<}6;M>9)qdbESJlyQDv0iRFbR7e`M`+wqiIC$YVqeWBg9M8&eA_Ax|zW8;VQ z65M?9hP?VMaP`JkHpfSqo6TMrBG}<-H(lG&1h~*&ZOadd?+KUP>+xxmnVWdz`#1Vz zsDJ2MZwR5f`xd%Q%vv|O2o%a)e|-7!D_5hI&N|;4RTc0~&&@h_40FV0M`E@7%Qw^W zo|pO6f1W)+pw*dT7Dft3NX4RDx)p7N43WS>7!9pd*8CI--GY)xO=Ddo#!Mb7CHQ_kEH3kC*Dpq<2@AFBiO@kUFWYcUdKqd&BM*(-^o>fnO?qt-#n?mFno!oM6U&BY|TPZn>E?-0m(=ulFb zu>`#v{JIc$yY}F<`MvPq;%l=1nN1;+Qj&HRx#&qH9bsAWXE*`t<#5fR+UYA|=u8LV z%d$Jg@`pZAW=MXj&Co#+xav>FC)Pb7(CTkgR8&@K?WQp%U(j^n``3aL7VN_9cqnyC zpm{5hlr8o~?R|b1aDSXJQNVvUuF03$g_4mxVlxS2#)#(jp9c$3UZIn-ythh9omXaMi`elVvX*JM10+o8r4orcCd2xmdO`9uW!W!`Rc7g7mq1F=))nJC*SRk2`)`nmZSbB^6}5DjLeP>l9k zfe?~DNN0jwS31Sx2!4<_K-QsaE`l~X!9w?v{uF$jRa&~!YcD*SU2ZnwTlfQ^KP~W+ zr>Bv50iNvw=OevW(4cQsj%4Y+MNWX*@9B`Cv5vKoxD?-QQLkHaJnc3U%qJAVk2eo$ z(hhuJ(lxyziMESfzcKXBNl zN)dX1W|EiRM@uEv;gDI3Wif0BKuTvfaWV$I%Q#xNU-_~0Hwx_9$&nl9I15CSH&Qif z59ZT69Ap;#Nqxy=Jwy>)0Wz4Jm>9Hq`9z*lY<3X5&47j0))^Hy@h0-RQqIqZl%MOP zlA0${%LXs%WQVtE7xo2ccBI9s{YI8IHzR9ieTN=i^1@&8j{e^du~+pv<7Lx;nxUo} zf95*OUig;)Xz!9)aHyIEC+okOXA(&Ka{QI6Jd$Auy|8j&WS& zHr43^b5IC{4s3Cj_^oYN0_>KKz?hj}B*$h(^2eGqZc_LJ(qB@73w~a8k{o(byI3y= zESH{L$L#~C|F1S#yg<_OwKmgR>uKF-k6r_pU2_JRK?)=))$2CX#0ROyu*Jc&vgP@G zUs`I8A;Zv6&)^^$5YJvk8)~y2zMhWx_24lB+`esW9fH(H>=f<+7X`F~@a29vGq|`( zYpzRgr~vz_AW+#&uT4t&P;%Ug4W+0SXulcP9Rn`4x6Rh>ld0#6tTPfe7?t4C^s2m9 zG;(f3uM5xl(%;LD2i#)4An$C%22wxanvF2Hoqz_Q?)Rr7zk+M2Wi=d7hG0U_`Y>|9 zA3W{UTdUP~?R7N9Rs6PlZOJsd%)y<#-s>VW6E?!LrX=U~A8BwZ#L`7~WW?}ZHEN-P z4`8@7@yxR?dxz5S>hdb)4mm!)=7v$U3H*cun^P+a^t^PZm`AACD^`lvnl&@@{gkiz zwXd>L0+`w0w*_8Ubq*J+@Jl_&X{ILE*4h{nsy_d$Dr9dtVs)cf2faf4v1u8{%E zVUMR>TZqz3LPjF^m$vE}wCKH3vkDUtPe}aVs~;PD7@2m^oVPBEW9#}Li&F2M?ttu{QYxic~o=Bv8HD~3aXV03!d(lVXR3=~h!e&Ju z6Vk2!0bF`S+fT~kO;vbYj?1o-jaT&he!V_a@h)w#1$B8T_(~E%hIXH5JItfM{1Qu5*n;iSD-qDa5jnGkgEb6hoy1 za^G!zeZ8zlAGGmLAGwi=#{mQsVj0qV=c<1Z2YQ2*DT$c3xbp(z}N8d(tal#%AbRqGau0Igdw%jmvZnoU2N!!$x*l_CM;^hHrZ*Rgb^sNh@gtRZL4E^OS|}Ln>~wGaY&o6xJYY*eH^_ z?Uk`xD~7PvGe4wP;~*w>?F**t1y8FncZoD)k)R}m2Ea^#)Sb#LP<{aOD!+R zUKZUsMnlpCvd6pvB*S+N@ki08A1B ze`&&C!3Fo|UWIy|LrHzNQ!2xL6N60y5!zr>aHTWYl)u>omHS{{%IG6PY3yKr%ysUN z{$nFJj(vi+xn61=a;G`JGz;f@5(@6s@9;J8B>gMlR@m<@AEl(vl>8%4d-&}UlLr}%3S@1 z@3RR1suzh)#4iv5a+fLjl5Tr!=dj^r-Io@vv)6-ap$D}nFlPVoVKh(BoO6+g;a!>4gIPk&_|jF6WhVaPwp8wfkX=3vNC#Z`0C`j#g@BUzPq5)exO@1HJGi5)1(Lv^!P0QEQ>g(_Oy)pUlB_ zO$=@dgDXH{k@yH_4!Q541tt+m@NP2*sq`wuUiIqlcs=)BrAJxCuNk5lCvXjuiWzsc zs|M_vezy;P{R*;@+u+w;ns^ptAe_hyoQy~F;au&a-MrtL=RsF|R1EnYGM&KBB1=_! zQ(E_Ixq5m@gz~`v`Bq+vszl%e@9B9c+N$&owT+nsxtBE@4pEtp;h0}5VefCsTe)&zJ5zo za*Li!_Mvd%2Grjs2zogJ)#)Do`bT7W5(5l{GXjXvl14WvLL0esVA&8L;)#Ww9ahK? zxVz^0b1;6@4mN(f%l#WfWpLg|oMj@%>${|QwWhVV&9M$goIfD6w5_A(?tBL`*J#MB zPx+vfIctP3p`!$UI+@a3yV>%1(L@9Ww_g*CCz@Ck#95P6jguAgn6bD*UjHbr?z-Y3 zhhsrI5S|o3F!#8jgnLAr>DpHx>Ga`3?N@E4qnpDoq6L?#j<@}qYvJ9|5`r)WqnKVa z^2wC@4^a4g!9V|=^0@uAWmR#;fF$NJ8MW1=+(U!&|cEWg@rp)Lko#qvS z5(4j8G#A++yW;t^Vhg^VKzrQ`Wce0B&4A8Y6<(0?Jo5zPvhA8)z6eGHLUdC{^5ZlL z3HM*O4f@ekC9^0D_&4b4>1BB|;R5~oH>9!Rs+@KpvBRa0e_Zo7-kpuM4o=be(GN3} zhIW;N%lA+F_^3o*B(``{?5eg3du#zEH0Q{pDdQuX)_b@*%2ny-54ae1iXv5%rN!cU zo9>TARz&^saRi7ux4iUsA#}l*(lOVs-Nrb1z}_fXV++v0dW95&6VmKTrHnxV*XmS- z&)7HKKO|L=TqW*L5uyvR(5>A1VsF%pJf3@p%mB^T`ZFOo1W?Pf;c})aS@|CF6D3$L zfDj7CR*Xt8d!$#j{bb*Y>#CcUbIGiQNBjO(do{OCXLd1jQ0mE)aA)kW!P}HWUZzYd z=iPt=7VCTLnO)^YZ9muYqN1WH-B-ugyqW5P`PqKEy?D<`ArMZG)6T}0k=thv4?&Dr%wE&2OS=xH! zdx&3>eUe|Ah8LENUcEs8!rP(go=sJm-zAs8*k)1}FtZlDVnuZZ`AIv$g=|gL;>m=q zYaLF7CK%JQ@i`D7ceU+$<?`f(7}hf{S)6dgbRQ z#N{qVLb_^#<@?<-W@_HMa^N)9wrjfPhl-2qhrlwbB8nLkbtiTQY`ezU^wJ60`!5Pbg84Z>|3TCBAhmODH`nYTv(R#IC7i#$jd> z(40nmrq*-jmq`4Z^`w^^7{2=Ip@W`H$3Vu9%yx!c^vxcUG2)I+CNH#vT-z%+xVp1s zGshu!(0JQVW|POGm9Kw<AS-lwo7dO5@ zT3?ikesvR!kn0dHPTeH`EPA0%HPt2OA(wQK=^{7Yujbod?O3IBU9clZN`6Z;vkrlR-pB06r+w9_(Fy7>mJeoB|om zpG|j_CEWSV@P0q*v3Fzp_TTsK0JNTfg2YPJB*jI+peL@@1+p`$`=LPV)o_l_(Ra_U z_lI?$*uPu}hYDrnR&N-4Ek{^FV1r>xZ_BU=D-!+73nHi4Gz$`=)Rdb7I<{A=E|Xi7 z*P8H>M)AY22!#ej?gbiNzk+jO21pl^{pr!ZZH`*9g#4xFWb`2d9)iga57z?(ms#oc zZXNDf$#j1~g^$sMIBhF(6yG`SgRD&%eKpZcp{f96DJ4*$r=Fc~p`Vfgra&K|Gz*MM z{PYRciFDg97YxtEvZNJ%9mpU73vmBtq-|9)!-ii8b+u~3T*Za9!7KG?Q4s^IAM$2w z)Vb21sxgTE?vpRx-j1L4dghVp!X2Y5EpE)^Z|dyaiWH)CyCN}jgUkQ7GSQ=Ap0w01 z%Oiof?nYhhkuqj49&&;fnv4FTG6EYvB@qA+ zq|8^jqoZQ&b(L84`tElq;%@Ld;A1;aW}=& z9F6EssSBb zE9TuYls@ZBw?7nx5^OMVEe<5nWUU;FF6bh;OW_zfpbHXmOB8qFBiWc;%4 zlCJ0wEDCz%$cLbMdMH;|rON#AbFXv-eO7O1R%BGVm#H%pMRrnyeYrAgya; z9+iw3d3RbQBJWkYx41(}ircE!=E8XcFL%jw&$O)kE1U%$cKf69?~jbb<+3bEWE*?& zt!$CCU9s;&{QvDJLCqPH_Y= zjyY|M&_;TA)X(rzD9tVPUH3pFkzEZ5hOY+C)>tc1Q4;M+%*(eg5EQ|p?gbM;gPpF@F zQ}IUngC<7$X!bH&@2wFVZKka6RgT_6BTxdofa5$bOE4QFNof|Lr84!l7kvz|o=qjX zC5Ct8Voj)8jo2;{L3B#a<)mD(CX=E0MDy}mHTJm9(Al`s8K=}kU>71cTm&2wExdYz z!T7gsHw1%fbKYeQ540sYY@gdtAF>gW5r#WCbY%-XX>(~$xDQ*SOdXanH#K_d>-&{3 zCXwZ~<0R`x?4+%Zn;J7>pk)@(dem%_;KFV{lu(QXflEIs6}mgrGx*bSRl57X-ti3rHKCmJQR~_X99hlk5;CbdY&WHyWzNp|awx#2w#- zQ?U}@9VXduR)~%A{M1bLl5VQ0%BZB#%in$5r<`TV;Ugw8M*V8AWPcpcqwz z*T9ibpDUgjtBV&mO#;Yg26}p8efCag@kHJO%?cxAEUckneHxz%>2G4O2iO^bp`qhR zyJ6%n(Y}@#Y4~*@bnFI1*ZAA{{uF>-{LGc`>`toIe?E59&XtrE(Y7aalF%MEg7is2 zfFj_x6w%Zfq(|M#HqLfrNnqZ}s`;LrEsq`gGCNGzT0Al=^uUs^;!|eKrX*}fay;fY zf*0F@nUDV1b?d~PY~Du^6$GAtmo8Ily+AReGkk`&Jvz(E zbyg`FL1t4U{>{f=H+R?!0-CAtuWeSVsP0VSTWfMzsh#um;MJ1;fwo=D1Z%!)E7|{{ zCb_p?2vb!7pBWV6!6?ixIYVmkO?RXhBbyIJdNJ&mh*Szf(HI9 zu}q(QKcZ}vQ?RixB?9K$#%J%4*(6G!CDWDj(k-au*9rUE8}7qKOPco{brWjbnEv9P zNJueA#re(3pkItMK6qm#of0yz?+x&!ccbddAPHgq-70{o(c5)1j^{te^tu_hYpHN% z4=z&9UkL7Zn62Bo26DD94mecDdcRo_JbF|31@A5@&o|=Re)ye&$sl^X36j|N&g^eD z&AO)wQCD9fZ(Oc&d;l=DiYH!9$D&h3^zGH;#}LW)kHI?eZj zb|S}PWry({Asz)#NTj2+(P+zz`*OzmdIk}`i0Y!7zkKMYN}Yx(G!{2~%VswcolO#X7owW_=+zwxN*WUr5AppbBv6A!k|F|! zM0RJT_NdG%y)cj9NDE<6i0-=fs^p>e7FXY{)NJzVz7Z@qA0m(#zsjkV!@3bWEh3a) z6j7=Yi`IC9fO)et(H+MzO0ng!d*IvWXW_Kw#r)oE4Cyq*O*jR&_x4>QD~Hi9P>7mY96;Ajd^ zV;lc8V48f6uCCcj~2{WF76$sK)D2n+6wWi1J&qW-)MPv zLALAxI7)*U*C(!;;Dtp^p^$(2;MJ|22?YQQRG@*JtjsJY)#2hK=R*rKL zS2ssu7juR(OC0GX{W0sB67kXitPCjZ6#WP#9wZ8gyKE#BAIC$AWq5EZj*j33{27^2 ztFgYZo392v=-8onfR&d0cxepmbK>6un8usI(1H7dQ0R(G0=A)eb*c# z34}JgG_eW6-+nWZ7pSs_u-f^kz~IQ|o;Cv%UIn{rtFDYp>yjmoB%PbOY=L9-KG#$er`>h5fw1z% zn%R{rq*L9o{}T@ z$r3DPv`Zct>we&Atb{w|TXtiJV(K1ts2Y|n+bjaXS0R)ZSwh%R_OmhZKY~}yUj9!~ z2o@%OYP0(4Y;bmTfzD-W#K7E>QnpW#~!D!Y^u)&RE$HKy3`rvzDV8-~gM*lH)Uw^Y; zT4zs>vKq<{FHasl`v>-U)&p4l_>L&ijr0WGgd_cgxrg;UfuFEFy*<(u(M0;}L4M$^CHj&0b`vGI?yI;g)*CqYLkvP!htFp z$cDzcfY)S)MgbmV1TsKTHv=9~-@ehH+w#u`aPxZ_oj15Bpg0$!6u$5RWOg?>74uzg zv|M=kslpyp2l=@JK)#fKHq8N)mgC(rMIdVd43Z~0O8Qm???FnTbsT2_B`{(`yI%Iz zi{QY4R4?FSvcs<#xShbEbZ~%yIZs83u;XqPb+im)50A$U0uZb)EKgKz+>#{_8jCzC zRfMEgXhj93+`j(8~HYWl>n;6GC7{Kg73D zvTGLf&sO>EKa}mB`&VhA(xSULXK*pm`L8z4(%pNBTCVc_#8bIh2|5-h)fZ%viT#dz zz2jFjlX?Wqb!U6TjJE`0eUTnPWW@O3A?R1mXb%PG>KAft?;lj$PTH_!EOfBmI+>+&9p4Vh)#VcFc*9V+WV^&{sFQ zXlVd4R9kz?eu^GXvp=Gz_Oi>=*(=Q|oG5ieptNYW zCY#|K4^U5F<&PK;{hcSM0$BHE%)kIAD*Tt`#a7RJy7m3F2hjZi*ez}98b|oWek7-h z8&(h=^>5@py}sfrn}H%9d3E58_DO#RDf3VU<3&nXB)CJ+vhE zI48VpNzRFYSRvhg?hL)_)L8SuS(?#%XLd9Tv&a%X%Ou6!3$kwZhqa*|KQMSTFfhKZ zD))topJ`pH-$SaTODx0PZXe-Y>>Y^_75Ng|SufuEsCmYrR_@o8>k<-(<8^1!KFUPV zM5Xud3+*SEUtlxhAF%Pl2xdieLzu6xpf8VW{OH(dP^z zE4D;^s1Oi1w$pz^lCd}%b@#k$u0T=|0`oX~FbVy%&cBI8A?ba5Ju;2#1>tG_ClOmP zOt|S4PeH)eouRFimyDvNl^@3!ar=f$O9M2sL;(wKEKG(8Ii75Z(K#9gEl-}LsWOR5 zP^hJvwVTo^gi(>V?Qk&o?u~)$v<^{UKVxG!H@Ot;}`$UarQ!Jg*a)j=Y# z{k0S*3sFr_gh%5fvB~Zqgx<`GS#4$q__7_Yv&(qdv8DKAWZj%AtpZzFn#etU(&Z_f zDw8h@K15VMDWo}KgAD;X6!GWZg;^~syoWO!+a zc||iE8W!h&ejOj5E6kOW)2upgTW6FVDDg2AV23fM)SQ3A?)B*y#%7BrX4j2idBNlS zUUzvRz(v0OSb`Twa@oqW>i2&(l;jtJw!A@0oSDn^UszNnB)IiTxjYNlc0s=<&9GRr z?32zD^nkDZvO(f`$^{0>KZGY`= zzeCoK;sPDHxwZW#9fTbC;0ax5;}1kqyzDnIh8yx!^_MC%JT|b=89;eg6Lod3ELy-@tu~~=|)?2_qPZWaIg?rSd8}ZtrNWM%z-}O2gE(* zRiP?hyR5Ofu6?M#*6NWTYQKr_bO0j(302J92(gH-CaDt_G>3hrTr|7==cE}{NHCr1WGS}sQyeHX&t%nj& z0ccc}oN4Ba4XKYc)Rt4W=T5BK9DKJ69S1m#cN$)=w+)VIXBn4Kr?YLA-a``XT`@E}Bq5?w8C)_3jy0NFXOsL{B>QOz$&~?=wbhH9raJ*>niLi%=`301UsY%Q({ix;SK!ac;lH@iX%bFTfk5+23W(Tu7k z{S(a;paKb$?)Alv(+#^@a4s5ycF$7M2QlR+NW+^hU3z>a8F7B}3E!Kep+&(eJ#I5+ zRQs6a?TN<^%8NpZNlpiR%NH>c5fIukLgFNS+a-kGT1K1;lrAXLdyq4P>zpHge7k)$ z$7WJNLoW0=!UHzi)5(O@9l@AbP@CNq+NhB%p&j$$DcAz7|IS3d}^X{ti667`a+u;ZLXK<_@sZc zhZ!`kWwbSR6CNvAf00U|tKF>5c2*6N;(PxLMM#;lCcU-S6&T6Mp>&w={wWfGOEIPw zx%0!j?4U{*ls5{szCUDdd>^YKNi~fhh7yT z`s1`o_xRG;VK}6{6*$s%J;3X-m;KVqPan9s8~yy<=X=w!r1q);W)XlEX5VQJC;`Ug zePM3e|KR{Xc46!rn|0sl?a+Sq(TFR6RB6pqGKH6d{rXfb6GgPtcto2TYt}`yfdoZI z)kS?Wf+n&ol-H`khlz${^8HMVXbm?Hk5&-bnJg6NQwS)cwn|gk-(C%eMwXpDt{`B9 z#0(W9nTXwQgwEl|(%@jge`J7YiY(9JQI#UyKLpbEk7jS#!WpTM4O>BKm=Gsq>5pu5 ztpKr$OF!Yu?|Dk`UElU(1Z`{K(MQN;?(l#Bm9qfrR*yt*@iaX3_5JzDzGl|hAUF)u znTgeJf6ztwDg^D#j>%nn4iW9V@|D3(!ibxN08EbU^wW8(_`++}uWuT0o$BIV&9H4% z#)H)3+^NN3?(X%4@8pE74!Hcrb0H>nRM#^+UjU_fU;WLm7|CetelJYIpLc5~YS6FS zwx@e~N)z#0$fda_%YdlCoi7Al>A0Qsg@sU71=Y|3h|H^*+8qT;vh=+CC0|GowK=PXb?(LZ2r%M-aGpN8G(P^%+c?k2M4yV<}`fzdFZmdCBd(ZCnZO|B8l%JYSyaQfu`HS;wI ztZ5zC@!*zpB-ftx?UJXR|Gp0@t&(OR%cW2I7l-VCTmU`|uK!8z-|jYN@GBu`B+LQa zd&-gKZ!mu5v>y^%qhCA*wD`VXVeW3V1xZc-bVSa3)ZiUa4;fE>;AtoGjCBj7F(6V( z0hPp2XxOu`B`3(XJI!P`R9QAqR;IwyY2}&j(}Y;GqRFj&;e;TM>7gQa^ZZ?ADJF&s z|LS%dq!2-1FJoTyWGgYWAgUsJ1t$b=a3XNt{74UH(Wz)JMl#7Cb%U)oHI!11hlldLA1-BMTIs%r*6!(1ge#uYZh6R=D1II z=LJ^cWqt=0hUkVK!2Sq8-_9iNM20wk)?U}n102A}Cn_&BBR7Ii!yb@@1+1Fx zTl$qSg!Vy1E8DzdjIVbFqOiQ$p+v)ukY=KiaAeSGX2 zO!{hEWtp=-;0j_z#KU-uK#=YaX@Y0Fv1=d0OHFj*2XzVGPw4!b?k>sL9!qAra3K#Q zmVBVOKa%D-eltUz;XHlFt|p9#u%4GME8#!f1%-u4Rk0{s@0*wd#c*pyOpng*0P6Bx zhY7vfqRcZi%A}T!`?n|H0kNkp1xaC-RAYJhWL-zMTdak45G_VOd^@f&l+uS33MYJ+ zR$9xnsNPW;+dTFAwF%bDnuKPIw?uK^E4wb)#HI%&BGvf4R^}Q8CWFY*#!}e)1noaPQNB{ z;o4S%N~`oC1DMmZ|X`jvhvUcK0!u=QB z{EzQpI;W~qDn{nC6}EoX1+A229`_I1U&|u@x0d7h!g$rtE}!csn?bI|qP z^@j>|UX2*NibflzX}a6lA%BoJ*e$O4dsF2uCv^u)or{YtR zFaPV+Rb$Q3G7jpIv(gmmM+#H=K(XhXd6UZsTW8rV^DZ=2Ih&0otM z%;^T7*p{ggJcga594$DPx0H70?BsU$82jq0PDeM{cQ2T!B9gggnLLLS>9$?qvT!&NCy6TnqlSWCzcy#?2F{sGV55d0MoOmSe&E}v2qll?OF;>C+icUs2TpAe5e`u9Gpdg@r&)=66tbEhgG z-yXJ#6ssL-`0=JOklog!hH17o=y=aR*S*Q3qb~={ugc3W#ra$nlS}WqHFW5;Irl#! zaryd+88@#A#&s%aCQkP8&U|E2;X{C44G4tYoE0Nv;fRQ)LFvvjMuV@DXlLqsUk)f; zbF5a8;PRqy(Ly9pBXRQnXSuN@zfRjF3&0JwzM+IBD^fcxi$icYAp0$(iYF?*D3~2Q zsqm0CpiGBFlR0f`7o>vvGn46$Y|kHE@ftEogV_0YU{GJv91{PJx2-;}d%kAjE-=)~ zUC7j85s?nophjBziI>~2Jg>!0hO59RZn0-E%=^XVuL*XH(55Rn#bb)5jjY0ba-^^pHgx8#QixacX%3oD1ChRI0hZ4}t)a;Mu6sy8U$f|3j?@MO!#JtNiYFwejx;7TxlRE-1KQ=@d9tMJ7(kug(uIQA>HR z0Nmk!1-$O;B{<%<^7C87wAlhd5$(*ka*Y9OT$X?|wQLIWc1L_mSFMB_SYb-PRfCOj|m+ z6R<1YI9=i2FuDd)vO4;PQ7}enqiGOcC(-16uf+};eyn&x*MH1!fBg8o&JTLP5CdI6 zKby=7L=@M4E{Rp|w2tj9q%csro4z7ODm-sovJly^11uGs)Z5XsFkm+hIV0aWC~Rw+ z8?20ai!owz0*(yE^*Uj7aOVFo9O>JsuyzfkRhNJTOT{kOw;65$#AY1c6D}aqhy!wd^*PnsD;z0$49MF z5fYg0(N3sV94*cInhFt12|HZ7qWJNC;O<9M5N7!S?-NbQJxY4lEdYPlo7ej{ijF56 zg;1ur8V*g&~D;NJ?b4j9#}V%7sbZ~!Yzt(5rIS|({v9Q;?{ z;E8GTWB}Ss8ocWBHnhf&7vU!Q%0<-pxFMgJtj5^dR-67vv6$%bI#G^ClhnVV7+QrF zWE9M8#_1+^gdnHmVtHo@SJnsFwd%pVU!I~dr*k50Cpx5Pv z3DkDt39SHc7+Ffnm*18?G=vof%M8Pg&aMFb;3tMeYayuPZXyY!J(rZJ3#X^EhVJ7) z7s9!+S!kP=*QkQ(!Wfe=cfj%1%5LiS2D?DGhgB72W1v^phKa@4Cw-8qg~OrN9OhMN ztu@PFFAx-Ltn<52S}qg^Y0Pid8vX*vUwz(d>w2eOVB+8>f7+U(<0^NolA=9qt~ua> z*hnTj+F0%ew_91|rRMsc(y0yrz42YxlKy6yuUY;r97N(UIU%nFu46ktlbXnT)i;#3 zZ-4lWyZdbFx`D^}hd7v5Yr@2f8}*`FOFK~I_HD9znx(kQ4`3!>$ugkD|4nlzN?Wpf zS>Sa;CUeU@$9(U!)lW_pofID;UVG2mJ0#bI0z<2l;n|9)zH(upWEZWDP0DFeO6kXd z3zlhIpdTbmDy=&;x^Haqb?@nZs1aQ-$XCZtoY?yh3LKA`u8=d>0M$Z#xs$s3p1x4@ z&#|ECc_+kuKoeSb*F2X~4C|Ns1K`+CkvLoZt^+cst`4PxW#+CY5NYCSOuGsU3Y*PG zZb4Qke*A^D;(R$1(9(Sn;M@2Z3@2Kg|m49cEO(k2Dym^z-Gyo24&aRed`lyo=|+mv`CoEI#D-Y z)eTXNp63f)DJpEy@YHj+p3rYuPXOXDN;dLH%T0vbBQk22zJ+5WW4bP*u8_Q7db@Z? z5xnqLL04jwsPHq1b|rMz-Z9dW?H(wBeL562|8GwYgO+jEY@qyzW}o&^lkO|DVM$V? zw#H9ilKkl6e1&B9&Zk;lcdaqfkv-O@DX3;2;hvBh{Nz+Rak!>d;rXd6OXyw;%tfv-}@B5q| zl_su@JPBHR|LVm549|Rg2?0?@SJe-_jhy!P9!yLOVp)GH&ZjbJW^Ba4aNZPwIl=CP zH+&ida_MKB+PtM1(`IQJdFRq@@^&A2bSETR;B?o9&Q`h_!#8=n0u9Ul{<$j&SUU^6 z*@}%*w1?Fyc2H}B|Dp+5dR1Fm%+pDe7Lc=imWFFXKh8wMwS9_7Vq;s))F2p4Zp2|v zs`LH6>UK4i)FcXclX5Jt4WS#JHmLi|3q%@=N~_ncjAKpLkYfp{Xu?a1D+xFe#bOCJ zMn6LA^W}QTaKyd2co)p|%5ui2d)ICcSa{1*C@@})WzG)io?rVyQN5m@>o5hAMZRuq z_g$1BuWtU)lPcVN*&Iy1@KVPZx_$X~yNY{GMNYXtm znS6gDzp^}Dm@R@D#UHC}+V;is{Npj#3PpJ!nm55nu6j_>-^_1#^8OaF3j9ajHGNQ4fJxPZd zif1)eoBE$pw;HX;bzDOmY8AR0*>kl+E460P49Yak)SJaW_m2s0EJ09Ne^l&6{$E?# zP>aqD9vdGO&S!$kSWc!6*Evm-^);PL5~Y9g?X-<(eW{Fc9B{mp&{eOPp`oakXak52 zsbn4v7{rh7-{1M$7@I?j-D-n-26oi3lZTzZly4kOTQX$}&ZGL`$B|``OFNMz4Mf#I z|H6UVPR|DU*qMoUz2EOL9|{gAiEbU*xwmlYRhhF`tLcz*V7I)oY@}XU&9-2uL&lGq zg;Q#YRRsl{(WSEIAH%A1TMXPg15W69FtxC4dB%O{?Q07e+JiE(*$15IuHAvnMRDnh zA4S+=_bZS@gEaeOi(iZ`)f?mu_>meL{1yMxApE4I%kk}mUCX+u%sc^J9))@{%bwun zm;Dzau)7Rq%R?ZZ7#nevp}q*|(+zE?znwsu3{&48&aoPIn~2r_o<`EyZg_fp46F{Q z{-=%vh_;^~j|qhG0~fTsT9Vw{?&i2%py zn~|@+3&U`YspvfI$w>CU&P%2(#q+9dfBLyC0Ha6dL+JqPFFhaI`+4V6Q*CXzlqRZc zadm}utq+tA&R5L6S$~~^v07#liG4Iz01c||N|)O({1LXz%~Q;5o7(mx%F!;ZyK0c#1AW@CrHW? zkXNtQXjE^3h^ZH!-Zn4DjiQM1o)tR(_#QW;Gpq)ke_zh477<=x@aT;NEbsyIJiQ8f zg8`49DGZM|Syt>BmcCI}{Z2=gyvi21qB-Ol>M+F`W<41B!J~2dq**sN%fn~!Cw+B? zqCPH&F*JLck=)Z$RhYN^@^v>HatyYjPDensA9eSBO4}Cbwy_86*Wke=Rl7|8v-9LS z?`(asCM76}cM09_v|NpzWd=9qIt3f0WmFo z($UY=Z_}(z-><;j1kvjLwBdcuqF>B=UoX(XGT!c^3Jd?faJOV#4fW!+^nZ^*h?XwTss5r-Qy86WWoKE8RWCDt@H7LaG9)rHGiv4!4mm3HQ^&iY?yf@ z5gd%q?!39U`G>QWM9-lUX*l}GONc8J4vA-Ers{A39*34F?bQCj>P394@VOn1jm0QgQ^hONJKsR2^Pd$(6|9H+fT-pT zF2rtR?3T-!i~n9NjYizn=}ucoP#O=>L--eZ#M^I{ikmr zV{j$iQU@KT+n$=1ks--A&LXI^Qhr~?zed;bokV0m{m0SZ%C|~}eWp&La%$y+a=nNw z916|LMnJHr#ot7r9azBcL6}7p%~!Z50;cQlKVgJfE*;+~Gr&ZgM}*qDIIyT6Z*V5W z6XGQe*C^fPn$|0OGO#J%C1S1MopF>olWEw#9_?u3t6fZX3cFd_(@27=Mpo=ELVSoW zx=U&A&wK;n=+l{L+pjaxX7@zqoQPN;L_Gcd{oNVy#);kGD8(VkT zXa&Ec`fDZYMbI^?=Q{YcmWdK87S{Z#yzA1}xIS0yEur%r+0xA~P?+QqQU>EE;}G~IcYw5i5*Bi(iS#9=0`_2#?z6*F{Nw|IPWH$sLssGG_}-2Ni)*XjYMn4Cj~ySY23hwfawfQh1>wOPjl$VWw5A zH%FdjWW*#)mR4X}jm6uhm#F2=^1&i=t?pdlo)az7(cPpXc-uibHD{rh;-R1&|8c#) zqeC5#SSJw@r~If3pF7v_M{k)5g@vi+#^#M9WBDod<3pAUaqKD0ePwLh~JBf1sDa&18Xb^+#WYUR5%YanCCdgYA-l$zVX|C z*jf*C(cy$xDaVTbF3;}3>oQ5f4VE1FR>P`nDmz+rD~6=W$tn;MiHnOy)tY$ErTM4x z`!9T%bQ`Xm&#y7v1t7?qJ!~Vrl$^0c$@%w%q!kq} z4N{pFsMTFL;U9WWwoBM1e0=6$yr7!GyL{i>C-b6O8n1irEp!4@L~eisOhPRK^iH>M z!|X?tWhNrcI8z;NYZ}M?OL+obN_`=|w|69fzBS!=A(gZfs@r}g(FJAs*#-1_uM7-E z)5Y0LASvrKwrU}fn)hOin%|b6e|Y-n2c-^c$)@LwKkBA7{~J32@|}K_{+8&^ec8+x7b3JIYK>i z9Txt1^tMx&L>dC%pSmR&?3QC5ku9Jobz68yjrL9*-|vdAf3GRx$gQy=4Z2Xfr<&cn-vN68t?ow=*#;Ktz8KW~ zSYAsoA7sDL(^(0505=xrNs|N$I5C6AdpqLYi#+%o|@r^hBdoLuQG;V`Eo!`(>WyZ(V zY=PNj{|0eGLxWNF$KTe(>b8Tv$u_MHTvqg9-xy>0g^2B(@*sre=Z7J~#c?@5b~C6H z+4Qb7n`gGFPV+ciPJC(Ci#DS;-W~)i?&kCOf52YpZXKmo*(tDrn&;{)ede%XVv>^% z+iexziOV$Knz(&N?j4+Neti9cW)uIpow+7I`x5<4;cjg+k5_N)m=6v3Rcv;BcoGtv z&}Hqvf^q4m)ZVbN8tEOm zV4zAN`ooLiEXI${-|Faa_05^~*S@StQiySJB<29IdjRqU3_W3@{z0Nsi%TVEVK&rj zB8r<_d5pO7cpPcx+t_p=uFbh^>S$c3Wn`<4)T!3RXSm2Sp_gpswc1KwjTbcsOY*A4 zK34t|{@q@sTt6X8DA(b(X5Xt-{|1i+gVZ^%k*yG(&+M&>Z;^Qar$dvQG!8`$>MJ;| z++%$enmJX;Egy6xQ@no6o#N738+Av*=#{>~sDZIquqo>AkhgdGDVVY*jFVs@TJOo- zMHL_%5g=9MN>-Gks3n_dd1_~Hfq`%^&|9f&ES(#3CGv>KDivP0WP`Wb8ygxjsom`A zfA>kXH1mkGxTk5yRzI&0!@aD}((jV!tal+p-d9 zP|hV7&$x4e@ZZ5v6wBhkftEhj=lr?S>@s7{7uO2MPTQQGd9O2X?|k}%kyUwdq2Cnf z?r-Q-_pdD0C=m*^3EAuCdIE4*6v^(k(bzLjRcj5$ZWHwtzazDZ&Bv-IZBQtWnzYB3 zKL9wq5gnzy-8fgvB&pFS7vpl#or_-iSB@jW<2KuqJvSTQ8o_rrr!21^B4t(H$6n8> zpZ{Dr>6bCT)tJz3J+CihGmN*w4cc;qYQaBTty;0~y<&N_VtMiQI_`;YST`lYKGjF^VkmN$X+*+G{N8+Uv=ZX?>$SHWC#=NS&Txzz6NOohdWunb_l4yTy^9kt7cwb@4Q!^NtIi$Dr`^{ z(=}^4?a0d0)>Ku384VIiONsW^DeYeZNjE7NsmvolkKN ztTiBRn-!0lq&!ROg*_=}K@x7-gUin@&C-5Z+L7`>Noj>Xh1YJ>8;%L>neW|Al?Git zSH^Wt{Vq;U$=JM3u2d&`r(vrIS7lg<70`QH_(E;u4xYm0j7_}Oh+hk#cmX8F$RJ2Xi8>+=3l^IrHy5c(01fD5@~{208N z3Aqlrcr3g!e^a#9PAnas9_6He`|gee2et~IqKg(GXN=Th$(QT(XR89onvD3rV&>p} z(W#-7^^Z9iZQl8$#QdZuI5FweUe_EvF-{0|AhD$v2I=VY2?W$b; z1A!j7v8eH)paKuSC|E>Pq@DogN_RLy@#8-IX7WO4LEp}~QGv|OiPpYQ8%3I>$^ew+ zAt_Be4)PENYRPTj%QmT6t_L%nMcxasF-hlPxIw|veqo;A!7tQ7t6hwX(W*-yYxJBJ zHgu{@!dvOpl4nfoNY=_~j$8zcB7>Jl6s zP%Wnc<(zJxBv2R~lG-`a15&OpZ*ubb~8@3rlhW#kuOV|=2ujD~i+9&l_d)HUA) zBTZ{>>Zn4h*fTw}noLq^JNrM{;7!vs@4L$vYWcZ&Bq)~GJ(iaQ;>Z!$+42R#n<`38 zi^6V}53ioo5`P-9sxOz`Ho3G`Dl!M|CyQ#i4)aos7XV`~8o_SO2mh#b1y|wd+8TH& z)dv$u+8+hhky5i*Z!*3thzO$e&dT|5p+eRtmO0>MeP`j#L#3vP(ydq9U+aeOwf?R3 z;w>#L@7+ZPW|qB9wYCH+#I|qr^EFL?LjDvmYmj}FwiGB^MaQg!17R0 zSI)8bQkrV9?7Q$1<4BI>Em@TN^0~e5NdPTa*JNfusr#u}qH^Yu%I+f|`>rybZv$vhkQZ+NtE{FO!5)DjhI=H0sJ ze1l)@lVe3=wW+z^Qh&$KPS341bY8>8pK^rw7rhQgLX>SC{Z`RKOXg{vHs_o;a+Q9r zg^we{$9)U|O;oKY{e6X0+E`{P=8fW=sz2R)&qvDtVk%aIq$nTPxs6t|@OfmJ!cMMC zH*wpsEnBRxZCE4)2@QOy+v?KsrWtZ6h0vmU?)(LHIzD02#&fQ6Ub|y*DR|0n)c0vf ztyNY9o=hC90NOJXyg6_?dWP8lIvSp^xbn`gCh8H?e||en(z@ zzDs^>ei%H2dcVAyet;IdvR3b}*3_5i*ihpV5U`yL`64rw^It#+lXF}&`pKZ&!kWKl z$nIBC_R7G~rNhP46~C>=I#lF8g(ncv+M3;_pm#V|5WlS}lwQ*zrKyd=Z-`;wbPIZj z9}8x6=3*MlM`3F8ZGXpfz5^w$Uwr$~m*w$uV@gTl^$Kvl`o8#h0fB(xmKxP^BZ-|| z@jr34Q;CU*)@67vC6B!qeKY==THV{R<8s}<750Kc9Y*-)cHT+Y->_V6=3#8CsMp{1 z0LY~4R>6tK4{;K|x%aksLmiC4jGbLmOH*M)n{X~SzV_WpJ+XD^MSJ%@AzyPTbqhXt z+;%m^HM*7rj~2NPUcb5coYv!dFHH0=r+RK|Urx|%l}?ezk3+0fZSH`5eT}Jktr{w} zGf1(T^A09XuTS2zJ5X0HZs%C{QkPPqBzNmNp0!mcp0_Q4O{GfT(4aB#$HXiz-rLZ? zp!VI%@ylJ`m?>DZVksGOhMZsLHv)DY^6yXmfzEe<-7;SHdfoXGDm~8!?6-F(mOE~b zZFN;u(<}^LKRmd5f1(9zph$e2ucF9-^=2iF44;&en4pm1GQ-;w^7d;ehPavdB;;@t z0@2X-E$x;dU#J6yaMz(_WoLTg=!V@$rDusl3csL_l2o>tlLGXcCY>#ND4p$d2#@*i z+iwGbzsMw7y0Io2H0t=VDE_AFT|dW*>0PF5Dm_*ZQjm}_?ZVFIK!`kXt}BR%N^z*# z8?Q`t+a&7CDRc|aFs-PAcO>o>8tMUSsO2tAP))oqwBy%`<&XCES7z=QaH?PeA!8HN z+^7#vo@grR8VK?YJ8NNxxoCp!v_@yg)#jCLelR?(v5^;yi5pd-P}hkw2} zYTDR{A@0Ia!RCB`lISb?`5Jhm-%fON5YYX99lNgZS(`w$;b>74w!8mq5Cgr>4oDQs zpd_u4D+6C+htmADT$+K$h9;FtdT_APnP*_+A z_wLu>%JB~1mEfU$_|AEkFomT@4Irz5UBNp#6{F;4Up8p)}^ z12bb@2j+FalJ|3PU!)&?e}aeBXBO@E&oWtyi|!6GbE*!`-xojhewGKFP~ar;`UJ1m z_qWg2DkeQP=4nWQUk3Y%UxSXfyS+h(-i6HWXgkl1tzrC*69{2-LM=5oLM_uLyxCbq z-MRQNb1Axx1d8J*97Gx|hgYj|1V&8EO`V;H{)oKpPJHJq?mtS~RB7^JSlhL#zJ?Bo z$iwXD4~JnPRkEIz)$G#?b?*%}$2g_)syTh4j`g}$>?(%mI6=d_X6`k%b=C$WY>uIq4+moca%bdwqZU>ri51!>y>z%(pQWdKF%VlV# zap>ic7rbzZ*#ekTF}pM6RN2yj|0w#QoWiHnF9R@04!LtriElO>Fwt}5$_T{W2%Im9 zCs@*iS1v40B7CZuXFUjZ3vsoyZMzDLgFVqoksYq!%$b8FBdZ`U4CjySVNsK@uN$Lf zq9iSDYGt;B^V-%Uy+o;mhAIb5hq||g2V&1$}bgCh}nunoThg#Y9&MYonNU*x7s?10z-B2XT zjH7k&31ahF_fq#IZJp$2nS?lA(D+rgs(D~-YPJcWQ0H!z!050=`O(h!UjG(Oj1Ri@H`DZmN#c^Cex>AghWF#|<6h(=FM!4r#}MRM`2V%Rfdv z>HYlB(T2}?V6Nm;m<{&g=f1^h&w4yZm}_pILz$G!Liq?0VCRK--_Zsz>2EOW9y{B* z7|)tq;!^j5@p`;&UVxG#@dObI4Gx95wWkS7PA?V}6&(e?&`lbyQpXC9q7_HmiN8we zh@9dJzX0IQRU7D)nYf1-qN?m^hC^8jg4Vi--ACmBwu*i+}aDO zz7u+SZi}W=cYfWo*PXb59$viW->}v(KenfNrPC?moO|%QkCRKreNyKD{@g&dV$WHp zwEUfDdGT>D<{L{-H01|t9;u%Em z?%05A^o1a?N*tRrSquVP?uuoKPkC(UaTr-x~*2K|b-o57duJJI#BP zL=wAsDrqu^QaZoA=&J1`YRR$SBF!1xfDHa+1*d(2sTh!*0X<(6rIe}xinjdw4FXL*Vfj0Y=HuI>PoZ3?@-GL zjlK?(%JeE1`DtJC^GV&>#)%3iReO9`TgS7l-$@aVw7PqQT0YAeopw4B@?4r@xrsk} z*Qus{c^=UH2C6@}IBI{Sou5+<<_DTKWyWD~ycR-H3RM90UL;jkWq$m33>l7r6LE@P z!|p{I@ca*;wQ1^GIP6md(Ca2D*g&pIdDs>OTAz7v@Bw_nqKQVTU( zjccv^2Oc*oNT4q)ej^d7%+*RUFD5f=hWIgut_UzXVfeX;EB`uiw`XPg^JHIR;SPU! zEB+9gmstl>?uB|kh`{5j(dDA(E9iJ(^e{RsC*A`f2~kpeU54ybUN2v(dntzBJl0;@ zY2J}r!U?{k#(dTij`PN#0ag=q%p<7@aMWx;!F-#5h#n#l{_spZ1GspPkRGxvC zlOKQZa(ekZUhVk#GhyS}A~z%|jY%-h`BddqB=RsUIQKgREB;{Gb*QN?7f5}LY6~-> z07Q4BPG}4-ZVs!Wq3q2s$5Bjb;e(TUNI1@MO=GBTcNoZXz88E5bGu1Bb$MB zQi{8uoMqMyCp)jQparK7h2+C612ou{GayD{EbSjZdYGlp@dCrD>hHdIu+v-HeTK1EVbJR&PFSc zCnkzubuZe`BiKcnicPQQ>tEtHv<4GGP`E~{>7ZTIVy$~iU&T74Bpo#Y#VU5R8mRlMsieLNo}DXel8=u&9)m7T9Dl( z^PbHT^+^sX)3q70HXNZ>X1y{N-bws`ivK`&_IR^|YyNFvSy+*&^bNZ%xi%H=Bqo;N zeDoma0Pdx~%&1qcrC%cDwfK4cv+$1o=5VEp9iW9e9D|47er+;rCk3bTE(U|)??Z+a z;!r8)8=w;;XFN*-e=!gFM?BR=D2u5)UG|zH+4G30SrW1*^@3gaK({FZQG!E3_Ap^+ zZZx-|alpO71j|Y_HWm|?J`=Tp)JlB9e;FRjy+04u<2^WP{P-U60`9X2$#)Qz_?$CY zaSyd*O02+V+vigpcTIrBcN6?`+#7G1zOA2^OdM~UMlo4lTM*kg zy#NCq89$~?WE;{MMXt7wJq(m zj#Q?fez%bg(>Cwp^gGeTBI3c7!}ed!zq4Pns@PnD4w&OZ@3Wa|2;-`#6e4uFD^Sw{ z6oa+o;wTyK-7jgyrrD?Kp(i!_I+7D@#!h}0=0hK!?mx3__j+Wo4pY0CtoGgLsZM{d znl3wGHrKMBvF{bQuX&W|D1Dk+naUOzu}hiap3$)NwQ&&SJfw^OtbS=27T6oLeYxa= zIst<9^st?}uY-f*UB}rW=;GaKio8c9+LL(ISXcZgP7r6bm!6rrHKc#BtoPN>5v8YJ zap$57<2kEb>LzMk1ryNGc1s(VloB|jv+X7E*&u&vNr+YJlWNrk^&f1oHeUx@pMd_@g_nL@$_$7*;Agx=ok^YHKo1#j16F3o5tJX*20_|^Vz`m4g@a_XH=3jV?9zd5kmU+`!vHH=YN?LZ3mU$H0_cYSg zgJTi27J;r+MUZbJzvTJVhy+YY=dGoCQG zS7ix9K84)_|<=uij79M=Kx$)6F-A96I1F|6hR^KWEory_Kxr=?&0N%eTy zQa7kpqf@*$^jvAZDdhQH^DLTh5piU?g7zJ%QTtbM-4kgd&K7}(7!mOP3kVypjV^WZ z52&WTz_O{p9=O!WtF{Y`&N@-6uECIF5jJ1CJCFAtfW&>YU~*bYYeFawE(75r_5p6Af>cNg^96kpVYWOxM~Bf&7w=QJa~w`ukb#GA9Ni+ zJ-KHyrriJl$O0jrbL4%&(+@iR+OgIU9$iwEhdbY6EQ%AXWbF=M`2Q znh+K>Q|h)t>7z4SyPl8?Ta2j;Y;;Ju&NK>@ISwfXMjdV{I?Ktfd7frAHa5zr&9p7r z2nU&b@Fi%jBC4XIV$o*E+lE&Diy7&_hrUbhQc1KK=Kof&&#%S`0?9Kfb9=x+A2TvF ztyWZvEx<8MzolJC=)sN5`{KCndQzPb5l-lh<8BSaXQC-4f;MT7WlyB@%5gAGReWSh zSs59E{J4Rz!8)3q;trv>`&Z5*yF08)yWP#a^CTm)l2WdSglFRi z{etU;x4r5po3AW6l#DQ@&fz!T*U<7VADq}93q6RDGj+U}N-|EgNssHC%!K|s1I&;% zavh8j{L=xqow(iVTb*R21hK80q|gX7ScEaSMmFllnmF=2L(SI(FvYl7AiJ;*uOA&%Ke z`&1qM@U8)EHEsxU#X^7(ltXn#&8~mf?%jff=cmdN#f;-%LcY5Ls<7KO97CWR_G%i^ zMlpP)6^Abh`&Hc8sBpN}SR_hwQ*iHXzW(gr09ru^9RNV?y^q$Kzax*UypZHrrosu< zLWXgC)-|uJ4nveuc_DsqTfYV$l&5BsW23hnoJ9x~SM6cKH(WHW@UHR|oF<3)chU@; zdJxd*!n`KXD)v33D{dWDk2qR)CaNWfB|ic;^@S7uAY|FWH|dp#sDDR#{qyAA&c)o^ zvu@xa4d+UWW{D2HVZ1;%Jve*mky(~LKe7yj={Fx)E( z@hvS~UF_k}5}HfNa7^3{b+85OfH%Mp9X5!8lj*pCxo)WY^P%}sU@{aBV1mg@Ujo68 z4=CU<5`WS>h>`RE_jU57(}8zAgxol0bz8BSIs%Dj3GpMYDYkUJ zK~u)u)3`$&gid$XxMf%HS|VRUgJXi~*Tm0__B%>>L633{NTi(m}cxcdT6C+IUu+YXOtr%Uv`mzYSSL_jvhzivtOt4)@GqN+a)-29b`~11|6z| zLxP%EAV)0xohsJ{*ac?8v{DeguSE)Bk)Q9hx{=JQRf?I@WxGLDT&rJF+8~GrKo53$MH@P1IyToHxpy#EXijFX!L$icz*Ol@?r6jM^rxPmq^;|6PorrvKowE>U z9(GgU>Fk@Q;3Gk}hW&9e>?SiKJyBoiHbi2i|KRNpJ6^8!ClUL+;`j;TUp=hhKW>#j z#(-JrLmV&SZn%KnaWki9h`Tsey)chsga8|kMoUhR9R`vlK>?5_+K1NG(zLsnm+L~T zAXHSUIH^Z`MvR=&!RxkPVr+)df+Z5Mn#Do|ulS=+zP}8nL4pr(`{w~VZ)0x33;_Zs z#0)y&K5~Ok&EA)nLv|?ANf_0hhtq8@il2O}`HLgD(%a{I-?3@Ckr(l-eNqXy&xOVQ z6Mh-UBLAVp!Hp%my)}&4=5|*9$fsgvtCSnEN`nela=<1^k4gL zF#k z;m~yVBJm7k{^)!%wSF8=R+(t(OJ2TlKf4vkd<1m<;fdcHq#gZP5h7L@^&9xIXh9Z2 zP|*aOHR&F7M(=M_$Ukm8rpDm<6LhgG!!9PP?D3Y*fNha`j3CxE;lU1d&_s=8^e(#Qtk^GzO}(*Z$k_hM7qJ3xoPTFcicxTpYg{4Vh2sg3<|{w%u?by-EtJ z_kUvP^H6toG=oZg?IK@RdwTX0{5W0eK7*C+-aoJC7l9_k788QbcMHe4aHwV(2}MOk zX|sW8? z8^?H7LZnU=t)F3L*?%f`t|PPAG^;mb2mF3*sZ2N(%@w@8^Bk-wo;h%mU0Rc|3T~3= zZ5p&&BEzO&dtMb@7yZBeS<>V1OGkfxgQ); z-&%SO~lMw(@6v<|=qFRKo1@s4Z9YG5QcVbF@?>*5kT_34lya zflVFErpuh=3CE9}u;4yhoUl71_uJdBRdt8DN1+4{ddt2s2jgOU)*`YCavk(V$mU+od2&D2QUHED9I#ow9iHFD}m%hqv^D0Az=I0zY+?D5E2q3PoOop@G5S$dy!3)@& z0X#8`NITVC3AKFHs9_Q>iJC*I#Tq$rI}ojiSOlguOzRPt-~pIYKBz#%8kR3a+|)*4 zjY`bKay>K`9HYO zywQAt5*-j`$=NO?QX--Ur8?Ip%ps+{RJ26IBsmet94~pbfHld=UjiIQY#MGb45jlT zgy%mAM(E5jd(h!;OQ=$4ANK#Jb$EZN?|)`Iu%+AoeEq;! zhW7al^FigIeU>=LUZQ=Z``>^5zdQ54Mex7ZL)d+X38x|7{2VpKS*ZrDy5W z7zpt=oFL+FmNt&iZIj?iK1aQN2D~pS0c--s3*{ z_0X%c5h5(^sQ2c94lGBaeN+$#E~f`pIWoVKrf?@%5;~_CVcu)Wk!F)J)eFf83{aIGqQB5~FuVETA~ zs}|GK;MH8o$gq6D9P-?$SfpaNM_PK(91Kuq+U{SJw@k5>Q)4x8a&aQMu=JqwZwa2{ z3}q1{yhGx*<_!va9jcPR_fVHj#U`CM0;p!g_&)QC^76$0E;F`iaP1e@$zAG+a+{?$Dp)hdF$!kn%=_fWcRY6lPIA6o1bnz%n%s3 zjUF)RoSFw~JbInkr!)GqQxK`{m`9nx-K=L>JB^Q`Nf^U~*dpXjhvb9%=dYYahZ%%k zlF%%(GhThO@+HGce#fiuc#>fvNlAwB z0uG4woui-Pbs=V}3Z{}vDhpF|FHy0uNOwlLG1hKiH-(LJ59d}ikHE<)UWr-U>F;QD~{Oy&Xywr z3FuyXsqOrknR)?iqgJdigkJB!tbZ6YS3f9s0Rf8MAuxBfe>ZT!^Rj5K9(pA~H;@H% zo>68LuPs%UnoH?zqmc6`G|-Oze5fl!C-!O-`_vypU#Vq&+qi@4_g9-VsJ7(#GRCkkLonD?0XN^NKBRiSYrmlN%Wsp&s%zbGTu+9*sC(*wHFV@C zKmYu(@nBPF!Ynb_VMYVFB43|jrIk6Edc`@74npj4(D4-g$H>$x{B?tAwK;y>Acnks z=jW`|=~AJBvfMX@q?o+l<1l2XiJ$cvbgXDunU?(bdT!byiEmHVx2X^ke(k5LvIRmI zWJn52w(B+>63UVb(la9{-mq7OB8@(t0Xu!>@3uIHefS`hs7DXs&;L04+lN_fd)KnQ z5SzFdTZ|6tYauZ9zTAaJ3ImQkC6$!1!Ih1rQl^h+M?p`iJof zjrp~{>7skQwS3AFwK-U?woyBkJ|CjGS)oq>nPzrx;`)^msZ!^*jr-Qi=mi0P@b=Td z;pjIbR4<*>9)jw3Ac^p^!YhI>Ex|w2J|1cHGFO{p&wFR$GCi1EUDd%k2(+Y*}BlC5qSTd zNXmoiMlnm#-R_bQT1|*zg%3q5e7UXA@Iq3@8X|-e&x3a7CR;gXw;jt9GN1RAr;{VZ z{oA|vLP)fcVcopsqGSZI|6my<=ivpePy^_%TkP$~JnZrF=0S)SB;$7isjmCjn?Jux zF=~4ugxhT@`kbr!pgVs6TGA#LB3J(%_CbGgR`8i#aSw7yyq({#+2&J|YVKDuw9^ji z3+3RIPMMv?{b8)?)`@}v6hb(-bav{KgYcDU;ey>j^M8`r3p%Ywh3>7m=cIPcUC+tM z_J5(@DqdR_7_lTyt{1jd5kkJH8#%aiT@S z`l}P&5-fU%^pZA~vXq2uc2+xq=U9D2$a+nP!Tziy{qgLvi2LA{_QKRHUQWJw9eU+n zaLtKh(1a67858DL$QKG21J8CNBt-9-p!BzkqNCfnKvjF_oiVTU#s11HP3gcgb~%$u zb^>On*gF6{)Q;LfY$yOfTE(Rehr%?RIhJe1-~_`1Fyy`{*xtr_ag#%!13L=+A%Fh4 z`pI*3&dVtfO&e@oZs>UW7f&|$OP7oZBN!h_zhru+*NNr_lFmAb0zd@|#nwvD-NKh- z*~=)C_y?kmvyCf3G&jot5`p6$k@wMMNtP?f*p4~RE8-~u(?dLVN?PYzgCVWc7MWVr z8{dc!u9APVBo{yPH{p2_n0{rb($XOL%&xspMAs8{p01r6(Y%iB37$~h+};o>)iDc)G3 zp3GTU2krSZJ>e_ke$E^O%%XV66g@lb8e2{pft+h&y6Fpez0T)T_775Lqrcf0zk8|& zkrt3%x0|sfo4e>eMlwN2-IaCt((3t>+*|FUb7vV(4&}e+CBrtRHKcjuji9bmfdxSg0m~KLv#8vSrw= zq3)qk)Htu?FRGi1RAwk-Cg9#C%fHbs*mzeg_^h8Ge7x?I%0i!WbvLPcrnIO&hqeob zCLH(2cUXt>kyhs;%L`_=w=V@UjDNR-DBH<@iS$Tbv20++=~E3SP3FCO{!2cIPg$xvkFG{Q&?8g;tzqu?6L6 zj9-2TeK!fKf7=RsC?j@)9A!pfiP2*%CH(Nq#n=NM41Y8SXnRLxa%tHvl6gt~0 z`(Y$dhEV-hzJtD5`rXx`&Fj1BMSaCR*Tuzx5yC!6Hl`Y&+xc+*^Qs;~n1I35sZFId zNdenNhZQxB150lz$X((H-0WHQ)&+Sn*jsZxS%#Bbjn?5SRGy;~#a@!>xaLRyG z?rHNR(GS<;LtOjo>y(ie7_Yt(!%qXZh`*I!W^mrkp&Yx5F-^V|y<3DZFE3KSMy!Q^ zVs`k9jj8cF`26oxPAd8R_>4D8y~5}wo8cuWlYQ(HO>dow1FR#!$FG_F{sb{SLXv+LUy`A{ydKYJ%z{Ej*`I;KRz zK7~zp1J<~ssW#`p?t*mcMZ%l+e5js8@#O$HOSVShqO|7BTZcDV{g|<87eD8=`IvtN z__aA1ffW+M-DZ*a75*C`pi#{kSx5BAM&WWZq{Oa?A;*zlAENIq$Ojw4G^Ns+<`<;0 zu?3R<*APx8Twplk&i5>?yLzd?#_=lZxVH&-TS?wj2WDAr;{3Gya9ben17L&9~i_`{fe@dk@E-YP?@|E5B! zjUP|jyhy>3@~^%UoKKo0G}}C~5Yw{2A~9~3=-v#XbE~9)71$r?WFl-+GLyv=vTMnQCCN->$H~wbxQ!j&4})3cXdkz!TajB`U!WJ_vFk=_)8;C&#N-wr=-Ob6rhS zLlwt?24l?sT<9F5sxD=t{i{l{1TpkG0< z;?~ruG~iMsS}XKiPetIZ6*e1_Z^kbXJ|zDV=+$GBO3^1+aW0~U9Z4see=CeSFAvGa zWDp4VtyU!39)NVoUJ#qp8%5TmR8%XuKTT5uab!Km3#}b%SKRGacTA+n|bqEEfchMVFJmH-kzpydw1BP^I82IOwg?HK2iM&4y0V$BU<}0Pm2dp;??YzN1xDoB_Uv)b%Hk)rNJ$e3ir2W{KV|{DrZqAOM(dNjk{mL zht~adppqwCwT$ST+TKjmF4`+j zpl@4-+_|&-?TKVPF|YNey9f_%m1?&VLf*5jcJ@zODGHf-aA;XJ{&u#2jaWdL1B^m;q$%!1swcZ-wd@is|Ri}21m&f~+;4v4a`eP@VC7D5wUwHWulj27BF zOza_xulLVq%WJgWDLzWTG|b4MRgx7(3?kH~Y7|MKpU6d%B#Ms;I{9O?guM^j*ivD* z9w$;&_uP>WJg0ctJOY0`r%i=5xyTTMzKm>baqW38oQJ_XkR?30+u#DzQ9)IM`SGO-=tz_e8p6JhO_O9=#B?@fI#t0?~K&XjzhX-+WCfKuCf~6V0 zbk4JLmOctgc#G?4D!a$=Tj3oaXs2GQo`z7-`-Isw8YsnTxhY2Hl3!MaUHo+?c~9Q8 zBk4v28G(ewm}TtYYS~y!q6uDTnBwsQ|vj z8<=h>Bfz}CT?zb{(ve^=Z!JG~aOi!qK3H?3kyp{9UgYf1(qu=EFR_xUf|)5oF)@-A z75LYPB1b^OeGk5J2vO8-qYuggp7M`5u3t zWiUGC<>IO$eZjY4RzM@j6|A*EL64^|!B}4*-V5h2I(Z|9U!=`L&;`47VI0HzM!RUz z!`*cmpRCW?cHqarZ$+IucR)xNrPZjxuK^`!RwL2eS)p4l)rMzXpsYiJ zg+vvv5~bYU3t2(%T;=;X>_nH$BP2 z-IKEW{LlnyoUu}S`NOayeX-uvDPKiD`0I(4Wc}7!a^TFinib}OX!g0tFD?9@Btva;=$6(0ofT+`dP^T*a+-q45ftgs!UektgquL@6g|vDO6)xO_<$(>Md~G}8PH z{f&(&wP(&#$IOipl!|+5(rJP7C>hcpV?jGb@7>AzU@W8R@Ap6)&qNeU_4Go!44b`q zRV1Z@+$Jda2T`ZEaQ(+EYtBgULs@zcLH}_AYe#M4Zi^1P$mvt@EJ;oHinX zaGNQfQlu{q?VATHPZlItE;PEXQ22KiW(x{dq%Xu}vNSV;gGrd&sp7?>aQby7OMxrW z^g7)@IvBUAgT-wYuKGGMtflj(kxO2V-M}3g=?d?RBmkcWj6)S5!p>=4EnfSBK1pXJ0o0I2|o;eCKxK!+?Y^sr;qUDosS zhqo32Yd|rBHZD==ob{w<5y)tFrIov|AFv|M*IE0&Z>!EOwHXy3!MM=mQfAl8l-g*m zBO_1si%VaXCdi6J@s7)uuRSUH%1TNrd%4K*dJiFNnw4w9pV-Z@1_t`c^Wk6eCDRwh zp|U=VDDLdlzV2+An%4a!#0feGEiGZ|q25z193%}nW(NMK_}AcXDHV! zTE3`Cm0@Y_m|Ms9Qhd-@Y6M5fvZivXP{Dgc5si}G+DE>W>S54s)lJGno5N`^rNc5l zLC2eY?o@pJaapbOR3oq!xn-pjF?RbuCengQX^?%jV0+*;u+FY~{`wMst=e^ba|qro z&VuCN%D?bD?zTbjEL*}?=?1n(t^lIN-FvsFdY-?O4iyZXKp9i+k*M^7TgoBPlmL8s z`x9O}T$MjHYjt$5&e zylta^#*sz~YNT()#utdR8$_b&`HOyYR_-W6GsCCr-rkP4;NG^r!!CcbEHkbf)FEIZry#`4+DM zv~1o{>JmPQV%=G21kIxU1c`wGbr4M|0MupQe>|Qi`~Oi}vRbH+kSgwa{{hzlE*jwL ze8ow7;N0PrgJ=Y(HF+P8ZZ7s_LCemns6X9K%Pn2%B=4KRz016NZw~EFA37cR?!CUl z{6_t7k>os8K7JjyA&BtfwhIXIT<{BB%jYBBym7;y@_{BH((+g%qsur193S|;jRq!k zO%R?$GAS-?K;KgKB?BQrc7OUkAk`KD6IQME&i(gY^lo-0lrxXsB>(LW-oW}$lE9pc zHGp@q?PiA{OS7j0XHW_79?S1sC4Dd!;W^)D-*?t$>%u?6Ri3{;Kc|Ble(P^0$q4B3 z-JoN^Ou!T-RF@PwupckzD`Dv$0XOST7&yAejZ^(G$2hC|wrVTKQGJ^{3X?wr_s>4b zRxL$3Md#a>_kN(e05moBUL)?}<@!;-S|$EOp#o$1rS4(4t5x8nLPHozELd2QT-xMl z500SZ;}r~q#@wW}C`~%SyZNEAQcAboBeiD2i*k%2FVU#W?dR@WqkCr8@qVIKffAgH zZUdB+(HdGexr-0#WB5fMs)n+)?FMMGt}Py-NGAvB3te!^se4#M+N7kUq?q_YYRlI) z>9Zf#42rz~r(|SSv-EU(Vt;SbBX#&lJjj15ht5P=8Je1!4r#2VkGs}wZv%l(8~|du z(M_NHZ;k6A{&sLp1dEF3znF$C6f7W%%vOq_sLr+KGLC!|$bQ?y0Bt;_f!SZV*H+DE zD8y!oYcTJg^=vaNU#k2MQSjclB*UQJK!+Mcmur+3UN9{2e8UUHO4 zTT_evMO}GoUpUFjI7`r2lF!T6m(YJKV%i8!+)eo>#%KPA8yW^*AR4!nnrZp#>2j!{ zvGLf>e|mmPMWs1(O3JLKO!S6S4Jm-&R+>yeFZ#-xw0S7XjxE8Y4l-se|Awhcp74R5 z&BJQp9EKy(vCu#pOgZNSz`nXNvWi#ZS|`$p2pFDH;}Y~(ja?7Wr#Dqm8{e8Xa~(46 zQ3d_3Ou#xWB>F7}H1B??BmJr#=R1BR%sK$kD#6m@k;Mcp2dhzarGI%j>(0tsYZvuT zkNCQR$PV4}L=s))tl)Kvaz%q1VxrK7*HTE6*gz__Nn)&u_2jWO{uq9+?*+gci8q7o zvI~wybE~!SM6<_2;SJLrIfq5Vi=Q!$z}&IfSaP4HzNG zI$ApTQi~F~LWlTz1qSJ7uIOvqK{!2A)9v3tFMeL?C3{1&|J##_p7Hu%nt>TA)uT{r zf166*@dvhO!!3x;C=338TUP2rQj9CMBj6de^^EyTCkj zTD*w>5?H}}OLNapfQIws%Qt3zi%;)K=LVv|#Kzqf5Ot)C@%{#KNeMVgq%0L#Y65?s z{L>$w0RU?Faqt}L>+a*0e=t3%X{i=4g4vhlWI4&Z^zb0)+ksjd9#rl<*f-sGS7$%P zPGg6K)_5XI6lH55D0p?nM2OwedfeCdZ!Zpdd%;*^RD-uG9oO^nUlo?-{GcKOr;Xod zb}SaS0+$=sr3MkR1)%n(Xe4qEz8$>C{1K32M7XXUiyDQ6Wd`-7+P~+`PS;Tp5DwOW zDK!#){{;djVL`@)?e1*HT1TMcV8?OtsqVd^mw%YT;*?ltmE;tWZ;6geWAF@(;H~U& z1&(XnOl{+2J#52{DIHPdlZ*6`p96;8U%xVb7A~ktZHYKM?-NM)i~Y;1$E;=DYutC! zNGzqnfwN!Bt^%(lDM=f^Z+|68b{u~8^5p=R$^RC` z0Tl*ccNH8(&|N$u^fJ&ulkai&hOq7Z=hwJIy}}X}yza%c?`-40EeH4YK9Z7uVF|jF zuVMdx2jqZlDsE%re$MtHIiddk=fa}oGd|JmcAdj-SL zpgTeTnm>e`o7=p9`pD9Dn3v@Tlad~EsVE*!p#@cAyloz6h-dlzW8!(}^|-hzU|7=g zJ1pzicCHrCvm#5j{khQBa)H+4MsN5M(&_vkT8*)Zv4z(oI?gZB>Z!YA&f5uK4BmB8 z`ZsZl2?%oHWo4xemswr}axcLTANer2A5z!wbZ}(k0roFj?>a+X70~MP1bSrvP1cw< z`hl*MSQ@(i&4-u{z0d`jhGipa4zWJvI}bdyh97CUqOr%=feva1Tm+uXO zI^PmZcA*2vHYc%V+3u(CZS`+`{dt+zhy(2I)$OW6qy^Pt`nCXLjDf5OQzkCo}fYiN{ZVDRd0)wqjXyGu@&}|Gdxob8FAezhf0h z9*Bbo$QSUHi4ZXHg3daSM<4_JHNqTxGgn#X!LO@F4gS?}|2{y`oIsl%7;0lPdj){G z83Gz13r!#?cn@=yK$LM{QEo@6==JNaTiDmKUW}?j_wOG+b9ZWYl8A-KjA0dUb-Fcf z0Cwn+bW-r-?nIWK;LxKZzt=@l&W+Z)1b%m@Q3mKJzH)K}uvo7NvpJQpu91OoBH!bZ zmz=1sv{{a^p$uIEk5_D$Pj>-yp+VMM1Wc%Px9XW+Uw(YJzkE;~Xl{co+uMGBH`~&h zPb)>;0J(VTh0~Q?F{P7^-y{0|_#j;H#MajsRxiGsE;4C3U~(wm6u1E5)feJwmL{tx zR7i1LE@-*yP&3Svgb@x`6*|7Y4%c>S8UAqzoY+)&26|eE56Ow%^6M{Qq&4@JG_Eg_ za*xRK$Y4!TXYN#Y9C-*w-^RPL63u!QoB z{fLyczE~hg!Mpsk?Civ#-Y)3@^1;&ta^0+Ng@$XS7Wqw?ZHoR{S;?gM%-I=yvN$`b z)&iyX`nF#|M%)fZNlHpu%rCS9YNmfX78B5ReQ~4SvKRnmV-R@1>Hes=D%Ao_&A!*T zs-9}IWMk{+Y-q(9kdvUMn3C*M{1*@=Ig z#9)ymj8f&@-dU7boC7~iX$=?#M*;Yafl+_d!>6lPie}GBB7{dVE}7=^y%jfT@C=Vu zH~JDEiT!<`W~Qe5x`Ig#M_>kaJ~kEI)!uBbPv~ZD+XvFC zu78BDm{q%`SkwfnmfzZBC+R#4x<&E95+6eH*&x*4A?|Ia3fGF9&g-J8G&Ntz5Mqz> z6&o8{OfGrvlkJCqQP~L`VXoYa5SNP4jyN67oK!sac@h{lE6i#-QeDP*ADa%{9=LEw z+dJ_Nd`JB-r_L1@u9`n&kE+_;YUL`>Lz8aSgpx8ZY>X-7OO!gI3P>xYN&5lPgrhVJ zcFeBs+kR%|_W4nkoEW9DpyxS=CHb^`9T><|>QQiN^no7>=ZSTw+|Wc=STj?5-u4Ms zIU02LB4VDo~Qr(Rl=;Ko#i91W6iqNt|YyONMw)>aLAeh z@ZVj=bKp!nZ25c9(nGfQ$VJazcXsMmf=$4voN7b}+#2 zG@}!{h7saCG-ErVgJR;1eMq7fljGx{u}PJuPeRJMt)QLlK9KblckDxIys_D43xgd_ ze>c}xOCw*F75w7ruU#GN>q`vRV-vqFx=VwEDBxnPz>pBg;>mQ9gbEz1_bI4+pEFXKUE+X; zcKc&cOr(1ePYEzflV`5C-F6a#u(GPh8MZzv%fyuulM?htQE_@ViVnoL_r!e5 zXg-vppV<8*2c`yry|B(HNhv8UTxS_XD^mP#D$8w$n_s6sw&5H?67J~@piN3bakZa* zS1EFE%N}+f*EqRIqV|Bw1wC|4*v>RHw~NC<9&1C8g#1niv!Pzx33r56Pj|XxQP)D{Ft(!@-wFF6KM& zR+lDlX`BCab|&?WE`GosaJ~Q{fSd4JjQel$RSf}C2zn|ib(n?*8Xmtht0xoqp>oKx zZK)>KDq{~S(IV>d=z3|(c9^C6Lve=zO1>+v`$W8mJ0BNcniAGeuGo74nx-nM?PFvi zB<206eTV~Ko@j{nvcK3gdM#n~f!L+XNXq_xa3I~o!(*xhNvVbCTLI}$m+VoqZ7TJu z>>M1pzcDhrclGR0vnL9wUnS`5I_CGwE!`_PC>x^3*6!A@INJqpSdV=6=BZ(`NeLE( z?Dhr$=;JO=-(T?>eMX(5En3ox7@4PUj^{_+iv&V@I2b5M0VfYc8vONig0tFcS6n9vmq5A&6SB%SQWAo$~6b*FabFFqaKX!+Eck_mxC9@>E=L8MJ?H`D?$H!SwIkgS(=(! zxP2y4j5y|`wF{6R#v*dX@2iF8)30SrNXncykyUO ziJ%bTOTH8; zaP4*W*TO=j7xoWuzEG9;5B_T1ho;-0)x!>9I&?Yyst%sbkDA`AW~jZ7A5QX?N1f{K z+EYgl(=r7#hES4Z`Q>IP9xQ?Hax>lAcHp6`YYqjJd^e%Bwa+rVo>P*169$be&G+DQ z{ITY_J*I?R`Pp==Xo5`NkX);x;QXA5`uFpJ^IhRy^*^b?Yq0p8%0%63pNUkEehD`` zEox zV1(evDsGg`B^@WJ%zGj&s|>YQ>(o@il4#!MvvS$9$3`Ge=vb1#_SCG2c`r8$lp@m4 z@+)nBERR%Ij*Eo`d9FcUP3dW4++Dp&*zib7Dl$|b0_LZ8@W5f&vk&*5T@%pwBL!6Q z6(nIa-k|fRXWB~Lx;6nb9PG&P`TTpL>wUqb`K}(GtxRa^rEI)-(tJxxB|Bs?6$SX? zd0&>mv%Cf@&Ht%{keHspaUVAtv|klJ!#0GpaLNW!nGU$*Lm%vsVJvI+HUxk5R4p~) zCS1dYF?OTKgWF^X312#pu~eLFeJQa_dpH2hf51MI%$ku0Eyyde@oJ@(b%UOpEY@8V z3)IG2C{AeQ0odkf8oZ4F3#DgY} zhk6Y>WRNaxZx_}m=quI~tXSve&`0D+m_HCs^IIZT#jdM8I$PIv_EbT#`O|qDjLrCF zRH0-#85BEn>0aDzst|DYbH6c=t`U954vA9u;q6CWs%iK1FP?CfMyE;%>gad;C&Vm% zgGH*H@e4zUamnBrmF!8t|LxymdC^D_TY&=xL~#(|8$XQyGf>oSdwfllkXW;~&vgvO z!^1ROXm0=kYFsBM{-`Q{SWSFuKQsy5jq0Aw-wWK_y$!vu2Z;hsCrc#7t|h^?Tkb=P zw}k3qTk~x^YyEIzcN(mJE~CzyFz|YXswy2q)?{>{xfR`i90E&QUHqN{(h0acQ?MP9 zs?ECaW^S%btgJm$@$NZK@$EmP;HJ4~lOM|uJxPRueg`*6F-i{K%m7SF0WcVtQ^)We z2w;b(<*Ocb8-=-Siamk2CE4*I>@O}LB%_T*_c zbk)P~xvZa3tnqyp`mn!{p^7y;>3>y{|cXi-Cby&cAcUJcTLRF1Kl zgW4Y@SbnbRgdpmOj*U?9hK4rIDv|IKX+4cFbjg}sf6sOAGc_3S(H!TFwQz8PB<2OL zx?T~{HPqh0YKjTJ_37IC9_BtQv{%gBaHhDe6#Cd8B!P1s`LZid{jUX6DrP-1gEuW1 zT-y{3ls_SRuKPkytbO}8`GTAiw@=)8pC&+2Hb402P~EtKL!{Ne*VDv7MW1F`oo(rK z2voUn zx*UH7UhNYB(7Sbc*vCn8Ez$tmNpRuW#QLSXL-K8t0vhkfmqI-DKR*xsX5(d*KME2Y znM#RcEf|;R{9hLc)ynCFOth3%e`C>XivD!KzI6>~Bv;cWscWHQ-|#ih^C7&nN=Bui796C2%vXhq%o6J0aQ%Ks<98WLq7yyR0|BB zafw%9l)dg#VeZ(MBQO^wwjRjRgVK&BR`V~k3|a$Fn_nbY(uU32JSGCkm^u@5GC>la z8b(jOo+I`yD6#(lGtF(gctE^#xciYrZG~RRUi)GyYJmJT(py#_GdB}kXp9QFc&vHn ze=Ewm^^4X(Aq-jD{jP_q3-btL!TX7t6a_7FpDi4se^g<`5$KpK38~# z^}F+uIttM2V%XY6zr&FZIw3!c)6+Siqn!nEAHBvN$nO~(SR6tn5IADRrL?@VHOTqK z6}?Y;U~8vUf%sjEY5DaKQna51UQgvoXKCg0ZL1kAPXNRPDV(HiB4#6+sI6|}RhJ)p z?MLlM{AFk-guvmJtTH55EM9iILJS|r2z?09eaY$7yE-Jp$BTGOyX zOGwYjZlo(r2By4WjQp(A-*@)4lvB$u0gd#+bRafLr{(Un^75XOfFl0#iRK1#lt+aY zKq^n~KJwWALFV;o2|hahT=Lo98N+J_Q%a8cH9cWg=s+vRh#itOa6rvA#fmQvmkgeQ zgc`T9ng%OQSNZIaSvc0F3?gg>y6AHA-bhgM`-7x_3bIm5r%@mo+vac2x3p~cu-`9u zZ$Z{jb#}I5Yqv=w;SJD(ll>5-7u>iW3X&O6UDmM0w9uq8x&~kP0$sQk(Jf%@R55g(mo$N;jmW777n> zMZzEQug;Lax4F|2n9HZyJsx>&7k?(ME6T~rq_zL_OsH@P^hBMj8d`$xeer60doa<} zZ(t9s`*6U}&zxPEdGMp2nC zB{IeRZSnf8D(ch|U0oe*=Zr!`eCYYiLAY^OX%$&zWmB|K35&(&LU$q+e+|E0C?jSl za?NdpN*hMi1j#4WIfJ~eE8Q@Fc5eqa{RfVRPllIjM&oA`C)c5Q_P>_^GMZp(ta%7M zl(_o&%)Uv5m1Gd8z^H?6bDEJdDc1eOD*<`|)A+5etLjAWN6k;EG!+3valO6>t}WtZ z_We0Ul6alwos-TYepjpj(3F#&GM}D)T&p=~F(9D?iYva2fX2|+{HH{j1MUIek@xd0 zIBYo8*IS00{#<8>SL2L?3wz&C`DX);iewKqRG>l6`d(B|XE&~tv_hLaQp*4p*paa3 zW5C)kD$<{~On5+(o2@b(AiW7jVb+$R+3_gb z$WSCDqzQz27Celq(&`T9vlt=NuS`=*M`t@^LCz6{%|>Vd5WS8>3ATb&<4)X>s__JM z&PaVBb{p7a6abQvv5{IM>ZF*0P@>l1cb|CWcjFIcIa)UE+@Ic_RAsFrpK(FP+KgA6 zO)>yYh{sT5HlF!&5B8c7HOO*vdDMj#vQVD0lG`{Gkqd};-!b}w5@RPVZT)AGk@|?7 z^<54G_gzYn8PabCvSY$CJsF08#~_f|75O(e4I6@|x&>r2j)BOGY9RiGh?y1M3kiMC zaSAt{f@&N7HrTh_8~ETo>v9_Ej^Bd zQ;)l7$jms_`|cg!HM5x=VR&s@AzW&A0#Z zb;L5npB>z89mXL=Qd>i0QnW2GlWQOuSg@_w=18*$@&9)utV@LD@(q^DBI4IW08SO6 z@6HzKm8#&1y?b(*MBR{$$A_|&IA2R`<&{&uapUiLp@u@f2F(ea21w;Yz?F`k z`GxV8SITaGqE2*XP@gaR98Ahl%DeLrW~AcgZUqu7_@^+}n1pVIqzJG^OSPXZz;NJ! zo9UI0SNJu~NH+0&?kyRn=%a^2q0*#_#^?Finf?i)$7o8gXK}`;>7~OXs1c!@p zsrOcIq)Lf7Y2Rsrkr?qh1Ghtfud#Sq+CIcO20d=9H$(`hw9n?IgM%Q@-L+dbB_H(L z7;Cb2I!uKOaSxuRJD57<+>Wpsajr4r69KI@?QT!7bQrrka;syIE}XF6Vma|waL@?m z8#o06)AW&Jz?@j4t6ib4P<;LN$WM@ZC@EYn(4T+Je-lpc9*KsK3TToLm*981TPI4* zNvwwGSpoCi9w*drRu7amtf-YFpuF_VaTXkB+1aDx8)@-rr60~Pg?w}+a?2N`&2>pU z&q{j6&&(--eLUndyitTL%X?8KB!bXqy>WHmVROb^R=qoSRRtuUa0)i=T9CP2OG$i^ zJv=G%A(EY%cz0axDZWEwUy}_Au4cK;sOU$$dXBq*DXxYrazpRdVT9#+`6=^91%2}& zGCY?m8Q2*9dCS(R`;A4N-|n`=o$}*li{>B7Ufk@d99iA-@k&V9w?lR z25i;r>j(VXyr#w{7uX4MFx=SGDZDC(EBg4+ZTvw8gV?DouiB}4%G>`4#L*AK;$F^y z)nL0{y)J4#E# z6?ZjGcj^9`a2N1hUhHI9&Wibd=AQ!$hCphRwP0&8BEC38BIl5mKg;DVc+2m(DyaQp zIKy~Anma(~&P@5MkHt)?X^d~I$FE@f+f{Zy-(&t133ug`N4J%u=NXHwzO=tKjNDB{ zH_Y&jSJ6?CO;hV7DF_j^V@p)&NVQAf$X<@JXZ&MDHS9KG+@vzO$c1)gsZR>}9IM#Z z*qO!7mr)L0Vl2FR740T{A@{_KwpVt=qWv{H6{&NFL#g&QGg-GU zrA5_^j%svo^98gVPey`5_H_K6_>=1H5u9qVJXga1xy2r)D;so-;VbqqP4zzl+0*Y1 zKdWZmrOKvn7?#le8L>_u;@P`;V@uw*)R-ZxMovb?Of)5C&sAE@K6*NhI%ut5^K{rJ zW+Py!12T6WlngHRUyb>`-y+A<`bJ4fX`>2ME%?T?w)?&Rif-b(ZGZgn}Pn_@kk|^qz&2o@|2TQCgH!hx@Q=@(P62;ppd~VsL207FC_~@m!w&~S3J`B9^ zmn%nnP@!Ie8`Bu%TZ{JN>$^KWs#;O(w8?=>YkU2}# z@d%JdtcY=qQsUGjd`a`q@Zih3agnc=f5dNIrEt>M!Tz0S5=Ps{#c zRyqN1B;yz1pX-+3%EC`6IT9dJ?R?>CnYW;qV}37#OWQGAaJ=rZckVwgLiYSyp_pRV za@EtdFn78pX<#68FHf(uB`Q^_XZ^>I+o#0RVj>8XsxiL6lrYH0(-OGQc#A!O?@aWx zvr?tq9laM2Gp}(Xh%WI?Jvh;~MD99bx{-29xt7#rkyCktP3Au6R~0 z_Dsr?^B?|Ee{qp>e$!i&`JhFKF`vGX*a}Vd2E)6Qxi708rx~Xh`!U+T*vbAme7}E8 z+2#1#9!gu}56`&{f5Z-ng#2JslBQ6-cL)7cBT-$GQ2%d#<)uKCWc=l1wS0@3yz-Gi zHY24nGf^^kMqF!Gg!wXM^-kWy>nS^18vK=XkM617DBc%#+5VfGw)v}i%!#InjLZ-o%Ie(zllXsJe`utkDbokmATBN}dv-A37-RsOR|FvEzF zc>g>&*24)xm^r<_@3mp#`v}}&HG(mg82RTPL9^>AA-}dm>P%o^N>AO;N&oW2DY1A! zL-7ZrUH#?CE!}2`i`?<0b6KZuQ~8RC_P3VNh8>N9Z!U$Wo>yZQ;7n?s`o<+xFy&ef zK``yz-IMfhtxTW(u&LSS%2NLrTujTx;`OhGwl0-Vq@F$)X{GG+$o=<{>gjK<$`9l2 zyS=)>(B1yAcMvThMo~mK40HHB^t+$0hZlLRoxri?KjF-aV$LCd5f9z8ev_TPe?Q+C zJF(v2T=Nt>u9}o9fUhKRZPb^o6r~8;`(FzGhd=v8=Z{B*#wpE#Es}zhrx;u&Zd=oT z2lMTdDVERgHC7Xsy$i9Tk%xa|ow?X%fVdm1k{Wv3zW7I0^F$|0a!dplw2HKjYu4&D z-^%5?FMyM7aQu^d;IppO2}X0N7vJ+#qfFw|_|whBVy6G8nY|W%I#VCB+S@MIV0Op; zFkFD`qtki4Bk3Otm5Rn^yt?Inf5zjDQLd$fB73g#YWC^ByyZ_Hi`cCjP3QBGU*g-$ zP*N94G13ZM|NP@eot+ZZpY|SiSnF-=3>?H8>sK7B9EY$Y)}?tTL;A6ysIlg5-Q-Q+Am*Kz!%2-t2J=t z_0e~f!>!@2&*NP|1?z}&cMsXM!I`ig1ygLl8ND~+_WuwfV3Er+W_6F%?Ln%df5 z)uw(Q{#eK}DwgWi4Jdw}S^d?_)jLhiPZW^RvSf*RTdkr8LP0plQG9a1MsPaPAy^=# zJ9`V#;!=Pb#;myGBEG`nHnb7`cCCYx%d`%bUFRoHeol9O z{&6Gxv}xjOh~Lq7=i&}NoAsa6MSlh*)W5#I)hXG{^?uAKwnzuH0{z!#ivMsy>@(J> zDaH%l46aPnkk%}sfTX3)EOxuf@myc}^S0RS-6HO`?#&nzsikChft~o#VqvAE^CJ}M zmGIABH0}gNuywBiOz(7tz|zF1^Wd}CL+8R%@!PTPBH7B9F2q`jXy^|gxIyM#s2W>=G@Gul=H^;sj!TuK z&aTeS-+p~C5dDe2E-}T~UuiM1)T+wXqAU8k;j>3p)FG9T+M*SXlj@&c{UW2()x~w$ zY_w_~kf=oClI^AR`QqGbA3Hn}52`7&GAo4UhYExTiSX(KsU^QBvbzd~GuK;X$=s|D zAXJNGs_?|$E1zTBVKNqC1j$veccW9??QS{dS2mWulO;>J^sT5p*GesM9J`cn$-j^3b=>giIL0QcN~ z-DzH>U#F8goB2j)|E}Jk9Jb$q;h$#()u+c)>}4-VT`|?To$v~qCuBg{p6?0HDvtQR zCY@W0usaeT+d6GRi1E}!KOOdH1-*lvj>6unrp^IFJoedXWGk!;H>8i;zTMov;kY4! z?e~WQHcyC`H}>jvNGJ5@zs0d@QTX@EG(I~&fY-nT8Ka+K`?sxqU6+r4EUS?ijsH$h zC*6_C?FvC7Q6YoW#xlvLjH=&nJyZyFf4X%pML+spe(&E^_vVX>|5WK~AAj-ICw5)2 z2l`*zOe=Vf0O!lkHV?G;wK-tUq(=0q9fI&NOnh#-~+zbZ_pFZb1UjSYGSx_=X3fB z^OBk7TQxPdmNLKG9J0@ci%-z?f2?J7RqfB8z01n*tnlW%-QCB%2?UI%BlIJe_kqBrZ>= z#HabGPmRw~qCgv{>mMmx;5l`dKXloT);rxK$3$AcCrh4Q#@}N+NJ0-e4JryIo@61d zf2QtbU1Wafr(78R%qk;2N_tX9xS(;<@Sc53I^X>>Y8ij8=sYL)nDd*t(D}&KPFJqG zeiiE(*V>riTH_IJoIn*Ht8HsPH25F@=oh*2wTp_KGEK zME^$F<a}y&uzpSIB8I-0! zwdF3mdqm9-FP$Bo=YV|Y$HH=wNFDNPp!8rwZ`X8I?$Zh;&1qp5Kj}CS`i0MY_nqsG z-Yf7^c%6jUTLZB)73T*-ofFUxz+$H1q!#az(0V4iM2jGw;}tK3-)HrCNQIGz#Yu+R z%$1wXa#1Gu<+v2m-sZ50NQ`IrM~61wqenCnhaBsDdyB;BBbiW7==%D-3qSofdEs(? zK8H|Dz+<#Dv=DP`$#b}~_XQdrD?@ba;dghPLVP;7NNcI;A?pN73w9j={M!!;s>FCb zqYXKznyEV4n!6^q*spD1PuY9?VEE@~FT-0CLE>sKKCJ!S|1tFyUQvBtyhF(l!bo?C z(j`dOjD&PZw-ORk(p>{cw=@U{NOwyp0wOSgfV7~9LwDypet+++_5J`^-nsYev-hVq zR+t+REs+=*-F!7c=$OaEO0e5K2pIzUaN*v@uN%J|Ow@VGuct@7ciV2}!SLr~sHbin zYp8MBgsvGWWL<~UQb2xeM7U;^Y}T+Kg-izq@ltYwuju zyZ6tcdmLM?et{M=04wirSg!SOer{fS{j9CODOq3XFfdDZur1(0Tu_dqZk@&TWX>-o zSnu$=9ga(Fo1rYP!3@rz&A;r=(S zy1JK(X=$pg$oEj@%+g!!AyQ^5{I@@vAlo74S6c&P>+ZrF<-RzieSB{UGv-XWnXw5c z#3wvDTbzBb_J{D8QA_3yUh&Ldm&f*e^w_V;&Cp*wJDTcr*iA_B!w+WL#B%n-G>JP> zkr!30gZg-}rX0~PY`yl8+Hk$e>4(XKj^OC$gKFzphV=2mmSrFJPC!av?1lEUxRSXn zx5i`1K2@1&e>)wSyBeHYoNOukA^-0{`jm3pU5JPXO&qZJ_`0%E1l_gV`rS z$UCfHUM}TFyhD-q5N5l6X4#tUv-Op6$=otyuO>w*%Ef=KyFbKu7qYUv`W%h*EDiPu z+nez^)l=1z)pV#q5Yc{X|0KYhBa z)LctPCYo+qeV+5!EHJB~cQE?VL1k&`Wq%}9Gg&E8%}arQx_u!IE!Yu7GeHrWU(sDW zTnF|O_?_9>?eoQrh3p$8YE_9Y%OHd_hPI|*UcZRy@z*fcRFEq|F`Pir1Q z>evY?ExkjH$puAStn=x$43uYq*Yd{;kYJ)$Y|_P%OYNPIvx>9G-+~`nTRinj($?s2uIIqduNh;uEfPT!HjVDfORttJdfI+) zy>Y7zm_7{Xr#Q$8V1r^}%O*z`ehk)be{WBO1DAa_)Pr5nDPS)AkS@+Pnf{vThTGi+4~+rHKfm(TZ4MlNU0m{89T4%W}MoV3S-&>zD=*cHZKDs20f7{ zCNS(;o9*@=f4+Qq$wB^us^nZ_F|ehcyL4r6vM+Bl?y}2EG}_T!vug4_l@ptE2fAHnO0p|xIo}eXqMJsW4D5!oUwulf^X^B# zAPN3@>4q~HKXss-10zA_K>;B<92>2Tl7@-LeEzGFiefgYpyIo-RL zpXniVe0u?|cH0bHsX-$uZQHi@GWen(kgRIj{jeX^Dn4Cagv@{1^w`~#Wy7hM<$k8j zN_Xvg8O8PQa!!52J(%4p3bsywA!44k>4bVq3gnGi%Op`#neYuBY%KPXAY`YHCP)V- z=lffnZ(X?aY_$}gCR7-Dty>Cpr+u5?TsAxNw$;Z=h zv;4#c|9rtZ_4{+RX^oAybcw9%Z{#?S$F~-?x(8OG>H<$Oj)^fKoKXD4ya(3)4A>0u zhQv8Nry$#DGry4i7I#(ql zE3@HH{Lc60F|{Q=B=&W`!n4fb22u2_R*l}SaMc)}NI%*YGt^!Blq^74~&TggCb z%U3P5sxalUa=Y7{rw?~?0n`EK&RgD>`z_QfG+LVKxtQ^}ZoAH=$W^|~Ajd+*>X;D` zGk&#uLSExDg5|Z~Id82>*3C3@@O9_67pg=;f+WgJRPga}fvu1pFF-AK?ren7b39z` zEa7m4D6?BZhWlqZPm?oaLz!71UwX&a2t?7NjxEN?H>@_;tv^im zZfFmow*_WoA`{eAE1A&n?Q`^x0l#DE9Jg+;t!vS#r82t>}L%zSVlXZ7@-9w!~wW{N9$8CcwO6%D)!C?yl-Fx)6wTost|}M?tTqOEYso4fg@-mFV^7=W^@R&o$YGn(*$B`u?IzqUkg8A2C&a?+^paqeqmb*zjwtRM|JEz#N)M^r z^pdz?V8(vKbhZ8TZ6f{pakr1rNA#d419sPns3pLgB|u2j{HpeI3F#2CxlpD(ecQWC zG-qAi8G0YyT|2yZB|#TBIbJ-wzCH>Kb@@=TIp7(SPQLoaiZei~CrnIj0<|IR{X6H- zv*NhIU-(kZbUOFWPdcVX4HwjN7w<3GxtZs}%tMHPQiM)BW1cn%;!RNyR@m=XUAf4E zfO_YlFY{WO7M+$%!0@cZ?o+G7e&L-`|K}Wp!d%8LX3pg|P*U6{k_~0bSkAHR4+zi5 z=kXipO<1`7=4QS}t(7bdsHd zHs-x+A=uNHLfd=wmLyjb0j-^GIqFoFu3Tik;U$~E#J90jqw6qDf?z1XJPsJ$1-}`^ zhY6>Isq!gvx8)|Y>P4puRlD0+G@*}syU zsN3=-&tRz>^q!wo%xn5mZB7aqUEVYXumWYtRL*ubGswX6OiNLX{B>J`O0wj8_HT8I z!rtjt=j>c$U7`{qm({l1!e*Q=q)yY2xbW;FgKvWvtZ)nb0xnMCG5us#49JJh-%w^= zh{b360_j;F4Jt@*!(l$?UQQ_qa1b1E?9uhSWKpl)$XRY;EtxZ7fATeaOHA@$(A&uQ zBPlaBm^S_)P>I&7WNH&#j|8QzpCF#z-PKQrAbMQ4M%)?%(;eESJ5@ODH!WPZ1xv&C((X;W0a zVCvNZg5z43Ie*EZN~aksIF7P)H4=+0RF+c5fv{i|Xu94Ekd6QbYg8L9`a@`B;yGXU ztt2$mv*SAVb=g^i+#~8g^|OIq#0A!N>ApLs_?R834@k@{V()J80;wY5gm>5OgXVb0 zC0`|0k}_RRa{t{&%iK^yQ_AOo9hSH1sb4yx z!>?2;X3Klc5BH$VjgpP?jl9AM zUi^Hbo+ReaTbJ3Q)X?2aEeO;rh9DFIH2n*6$F!j%*?DVT4fhZobt;%$vQUmmhvP_$ zWv^HPDJgzfxz0Dmn8LGWDFWIwPJV zinMl52ZG1Uoj+r>ZbmBm*iu_Hp*zF+wbx zl2WHMtM$VI{>wK^(7C*i5tj4Mz)druCwleg%M2B&5xxeQsf*gEHRhn~ei;3GPE+)X z0$hWBq%6=->#QHRkFc;TajRs``az-E1__gitUj+_8YVBkC}gKCNi%8keGCnSbW}7% zpWN-I(o{}?FGqU5r^%y1FW3ohkhUt)Ayfurv{6YWQss?-XBk)lZv{xBXJh1zUA1-sS z_Jnv?!LlySU^KwTjUHEZ=$lWTKBc@sTZbqDiVaV^m>R7~!GYIaF7B+VCtEE`KHUpG zo!k22O82sG$V~`2#?msh<;4i8M<$xv0QW+| z{KtOzN(!VAG{5pB8u(>9_#A*z&olHWpoRpdT|ICZpnok3-{5&Q7B*&$@Qm14-iNem zT=wPhqTnLKy+Wok<@z632P-1<G2hT9%8f2=?;Wji|p{)>GXA} zJ*NxmnJm*Jz&n3qcgb)p6M7-v#+j1rrGzqFC2IS+`MT^u;kG$1ss6^WD$y_@xz7}9 z)-U#R4pjg*bt_hHKUHL<$Wa&QMOuJkS*2G2ht!X)#BlL9|KL{xYfcxG=&IO3xf2$X zzJV*-#U^3G)gt36!E?rG$mkFC!5Z|{8R!-vvuRZES%!@49NZ`}PbUEam6yi#kKag}O$M8Cw?B}|6@ zKu+s3@-k2k8nU7xP7SiCpq4MDwMnpho)?Pp4z@N?BZiW8FF`d?i%VFt5AXGAqKT_1 z%epB6M-jh&<}2c4mh~SJI{G&!$i>O?uPIhon9s+OqGBY5tf|GTcKvtHsUiVC*DK_3 z?IeW2CBvYE&?K`y1}REG*$5~ZLAWt)WQ5EhRfj_Ad+!!+EwU#O&&`0MMFj2EmaVHB z=GiedEzN|~lyN~Z=Tbvynl3z|D?hT(By`srOJck>1wi=C(!!of<#~)I2tEDjQR=z&ORAEQ9@n4z zc~85%ADvg&3S9{6PUTHIJ~=XlsZEyG$XZ~s&?=K{ zJyM#u_D!FkCN%~jb^UQ5Ton+Dh?w4iAs#4*Yc^?BKljjf6(Y|7;7fHhj`X|sZ)onFHj_4R$GT$PD`~ducK?zIo=Iu zsdw@-^Xi9+|9ez%$lS<77nBspwYfg}@+Aletbjx@)97nmC=+{xUFUt0xV(3EzTF+6 zW1-_R*Ee389O?Zg103%2qbY8@mw7>xL!&-K@do!c?xVzFD`}eCX1Bni@;MKGj0txg z-2er9rb7$}gCLI^vvU{>F*J=i6!u_ZJsb(hS3&SE9Ov=tybE(iSEZ+%ngW+LspNI1 zStrV3Xpb*`t%qQ!w(|*g?e-d*pW5%4cvVg~jh;lGnw*M4#&mQyy(ZGDTv+i3-Ni?+ zo4Yo*@t85tS5Bjc3kpR)cWv$?iQXAi-5Js25@`;Yr{paDK0jaeV}-!bgLUX&!$9)J z`5EcTBeT(QZFoi6qtxiW?VLk1jdWJE=>%al)gR20&c?#dq3#b;s!~m;4&JgMb2A0uf5=)qFiQOWj(^xyepFm|47QEXm}hcrsD`po1yp zU+?_zZG6u+}Yp08PR{lHYH$Ph7({W*By4x4betFY+ zWXBggVns0d(@`4#`@il7u?2+@L1(Y73B#Q>5LVnr{ zEhW~J>mAIw$hj(t)_CI=vB#>d4q46OdtpT)&c22J#4&`u!IXLD+`Y})6G{ne#sD30 zYcfGe10G?lqLK$;>r<}B3D#9f2)cpH*N(5QTWo&xy;QXE3YO@<4TgrFP3{VUL&%JWZCQit3ln zc=|A5;p|H@AjX)HFobOas4jy1UkT1XC(w-aqr;eLJNg9stpM=ILl@U2oL7pE*@fP<-w^Ri073`SK|GIBdBK!E9cx$MsL1 z^&#Q!X=!#|&c`;RYLo5Dz$)X9Oi&26dIO@sLysL<@nft|Q4GEJ6^pjOfPDch8EA75 zVqQ032|QTK3fmis8)NAai!_kj`SaJN+l(VUkO~_C|4e{cC4L&9qKEy=*ic(|@+1eT| zs@{~G-QHD(767nchbWN*yI@Jp+>^m)5B_5QgrmNY&@<*xYLxtg%Vh-!)iNqw-1*mI z2J{1on1LqupW7B7XuxkzU0luyEBv5X@;$R?$!|O|_;(u}&ucQsyK&oK$N3g4^sLjT zSOKkxI7{%CL-=?0;>Uh#@}^nzGDqst9`~;T>&+-ZSy0J(zgyA%j32OyF-IG)fcY4P zP{Bph*_1r|^r*^&IsH-&EQzj~K2s#?JFfHoeSc!&8SR}rk>CWWPL}I_(5pze$3%Q$ zRHX)`{vot|q$#?vYr_XLF#u2vt={B=K-!FRRzwpA@%fIPw{s5>1P~xELNOt&)dc0`YCkrQFMV3ZIhkQ+H%a3L zTZvCuzwb8RM?!#Q%G+fnV6TWas0r|0fq=pv>5K=vHHpIS-%0`r4Cm+}4p3MAzvJWP z)&PrEV5pcXPZw|QYyv_|Y%9aSx7Oj(U?1N~lod(J&QS1XJHM#VLZxnn*G1RT289Yo zTt6u7Dt(2~DFY{9*Ljb};&Fss?qpS<9}HU->hsR5M(Up*X7Lqh@P3IB<#>OEYYw9s zoqlY#oJNB_9BIJq6w#ZJA{Rr8Gb3Ozg02s2m~F*_cy{Xo%$@7ooGo{tGH-fO>@QiI zg1%rkqL+Ctn8T_Xw{<3*W-IMZ#Xw+L*J@|9J48s7_j>c1IHbHBpn3la-B>8lWBShv zXJlu#73)=){=EzYPeqPxpY@lkH)(C2pe=_^gY{w&r;(WKK#ZN7AP6%!)5$fIDY$1w z(6a8#wa$Q!v2_az37c_QD}Y5Qm@9M8uTyOLnH2#fPk>)^#*^-4fpZAV2xFs(W~SNH zhGjF;1?(waHek6&O-;WIzRZni)NMMcy6+u*vQ@t76|!~)CMXhiQ23NJOKF*jyg=R( zU2^|sVR$$QIACt^{6Pe1EbGwb-Nmz+Lv<;iV}XJEF;FVOcL&|RhZ19b#t~#=e-N3b zy&e;?>$NDSYoQv`|6-SpiYCy9Ie$P+Cmr;dAyL0A!593?DW*vb&7|^u&Q{V>U08zc zH}`3&#)P}~Q9-0WZN#|=9M=BB3o4q=o)#U%Nr6ug;Da2)|K-C_IbZw9iw=EnzL{(B z1y28@UWM3e^fsWP!Sig?;GObhi+nozW7Q1Yj9r`ea>7dN*g#{xwY5cPvB-*~NMM34 zzkjCgsLPe6(KNrkbP~-5S~A1YShkc~5Ab*5m(|$*yNI$(gb9*tD|NZaq|JevodFv@ z9lC>Qx$naI+V!EJ%f{Dot(^6bUtCcIdR4wt_N#0;ht(3UBmjAwQJKgbhCk`;J!=V~ zfimx1QFdZSL_}&(Qb{xe&ENt^NDKM{(U@!Q9BTpn3M|L%D{AD^!q#vGy3JJN)8CwD z)2{lYh&6_fI0)PY^X_*|$~e4TSKq|ZSCrM8!X5Oi{3ZCR-c98A9ODL+O98Ub?caPY zi}>BG=Lr+VFZRC!gRy3fH{y+j(GLd&{Td%Z$QzO$Zi@fDI+D*~kqBv^{t(iy(dBE9 z$d&MOEaV(KV2-dhHL1~?F44AA{mAQz%jipm&bcj^vOl4_KeE2f&XCY z^jf{f(n_9MnCI}fEw|?%hoz%Y?}?~?W$ppcMNeNZXCNAhk<$nIqNyj?0Kt6g`wN(&qdjx%us;Tx4(VZQu zsUMW$g3jsnTe|TCdd;@k(=fJn`lnE4poe6W67~MU^rQQU?fAO8IN%#!I@w&rROxN{ zLe|;>pNR~wkVgHHm$~@ql>%sy4uXF#2;m1BA0X@FBPUq;7yPg%HM&lr!J(@*;jh7& z;uE#FzAQCD(kB)Pj@r42Qv>?4`yim(L9#g2P;YIu&R~n$fW>1}>SFK77yejK6kPpl zX4E^52f$&L;*(x+Upw}KgMJ?l>uErFt3x1hX2qpY=E5F!v)b{(6XI;bNr%Tk7?c14 zr;J0H)_moyVy(F+e2+nS80K%6o>71vhk%x7ozGt^J3G6x67Uq=!B5_lZ1SlQ6MigO zbmB5Fy7S+)s>Ylj>B2e(u9kf8^dd*?u9OczH2;st7yD-%tx12sTh9xF^4FowX}a6K zQ)0G{X<1RU|D_wW!qA^Xyg7D;;4D4|M7aXOZrYl;dL?zP>V#Ov|2(Z>6?h^42?k%} zxUr{4!>~herK;yKi09&0en-G;wJsx(5@7VSx_*1L%3cZSe~*EOrUR5Ge5!FB zA?;P>IDdL1t}xYj-*W$pe3OymF;MbmxSJQgp5-PxIF|rpg9iB3n%XgR)cj`4rz&pC zW?yNmf$Q>0epE=!c5+kC*J7C-;0pg_oJ7@|H_u*oc0At$+%UBvA1 zK3*zh)Iv0O#YH8r@D24)MU8$6!-pSd0fgl!O2XkGF4dBPfL6JrYPa5$$~=cJpZZ=5 zilHAH$PStyFV;Eul7SdEUg`#Wv@Z8{yKz3@#P^=5Nc@|=mED`!gg^^$9>T#SRjb}{ zH&)=K|K*AEFQ3M}uRimc9G9_^ zg1I$F3)n;c?Y)6NN)vxXhM&);r2XDl5-n*fydlzPye$J1mH;4OZp3~gf$F|DeVi5 zyFbGT=&2Mf_bEFsuW!REuHJrl>@a<2+w-v9rYLY8^K(>*9bYsM9=n<9CtJ5IjhMSv zYC;3|8}h%XaUBI3YQ?XSFRi;b0|tbzbDzg~+k%4{>6rk-w8DK}Z0>9&k0Gy{9I{J% za>nhi`%L7v+bb`Djk58>wx@Wz<2)=%?s{Qi!2{&PoObf2s**hcFCx_H(J>uLj7a^S z5z>D&%(to;3<&01qNrxG{Z#x=>+qi$PfKoaATA}8|1}F_C^0MaUs&It4Q3LqVY3N!ktAq`h{MM#Sg|(O{`f zAmtt%=jezZDr=GH2825;t3pGDdm!&8GIa~ttGC|{NFthp%jffm~%tAe;nr>9u zOhRqB#ld(av)isd8WLT}jysS%NX+)E?7rD$iO9+_S%G|sSxs0WJGfs1j6034-=lq` zroDIkGdypA)ZOq@@=EmozS8$#8c!Sz;Z|A!gvXH4$PcW}_$2bxRs$BF@uSHC}(nUb>YSbzDEMa*6g!zd%{+=wfYZ%Vpo{9BP`Y zX`q#+fLoZB-r~X`alR|16Dy=LkE#;&Yo}PjFj?9((1{pE-f>FdD+_j~N~;&Hb@^!;HL9?^wJeuiF{5U$+bViO!c@ONU-SvqJ+2 ztu>sNxq*A*1N69Y*79DMF!kN9OETDcq&6+`G&wb1j)k)C_dc-* zZJdGRctz~_0UR2l^AKy$ic=nf+9ub)xj=hX=vGZ{68QKaFG|psekd_I&oB4X1AUb2iXjM+|*GDmx}{^Ay_abIu|zUMrflk4?jc0gryAJB^uZ9hMZpCPwKe*Y{Um9x zTUA4yzsL0|dBXlNbEdk+zplKsTB148(#lYbId{;6K87tGH<-LlhME~$JeLT}QJtbR zF{XguaH+AB9IZ%IDITSGJ$ng6E{LCZ3dkd2n7#M!FN>q#gYJKe+MOgVZM$A?|hrKqt^@T#n@{HPa*=46^DD{1qFa648-ZP+D*9C02vmwPm<~H>DJ_1VT`A18$Oh+5&%81t^ zTz8i8O{grRpJzBLmrUe$|1H#I|U|HQW1q^Za(fDF*q9 zmaU<8czg+zTfM~T6It;}N*~^uROwY8N!Glq0~BuZbE6s{3D%#qZz^cW588=VZ6`%6 zSE8jU8GI~Oeu0{53b8ouP=k(01TM1waclEa3IDtrzw*ZyfX-7cq6hKdWKjP4`}Myc z#~vIbZVEujzn0GKY@f9~;(p8${k!}r>qUVarw5q}^kNaW@g?W#BP4=3$kX>gBJK71 zP#(I;m%gFseWI_jWagE-WRfU7NM;Ehfn@moNqxV@<94(k)6i=$oR~hV&_O!`k7oujT)+`x?8f8$x9c<298dpxs^lpvwiWbR%$4#(0(<#+W(C zf&5p%oekXpJN~v|I6&Q zZP`o_QlcmR;1Qe5VdIM`y=&Ws*|QNu@(xn7@WX~+a@mpoBdjO42{8NI{hWr&#nWrV zga;GSHtb0+U+k9`OYv+Zlre>(wTW~=`t{1{~i6c!Jk~2Cof--UP5X#&mfNIn1!PF{BQwS{zg$F)Y#nbgDidmAHM=|lM(f7}?|O}#D=#D%Hf zBJ8?E^Hc+51o_YMEsdLrGFAMWM%>JgSg081g%fGM`WuMEy7{gS(GB?28~S^C_afBSPE#BsnYW&YLNnckp3qDl{|Mc2*wTcW3 zx^wvjm5Cuo(pNNHY3gUkN^>3kJnJQoRT&H-yL_n*wwmos0`2JC3HN>0P@+cPPNIL~ z7(zOzY;k?~2>gt1fO+U~l4@s(0s9zOV4?8uH~gkmr31!vcW`-41D+>TCGK5u3=Fdm zaZ>`bZaF{?Ouw51dZP(VE0?7z9lxIqe8w2y^4%)t^)Ajk~66&VXyw zRWqg~imdrccsFPkU(rkzszqkKE_Ie-O?~5jI8t#ZB0{>Hw%@^1e<&~ytfvCWeMZG5 zb4EO;3#T*yAFNS;9%esa@cojMKuHjO`Wl6`$Zz(PV>`2l^1yI9D)9oAkgc7V@9gV zgQu)1=k~>~i&=*%banlN)maU?{_a}u`Wy|$u`&9r`GHrgTV9?g&%S-G$c6+&q{dsT za|=VQJX3Cp>gOzee{y$&y1kBz(~mnGq(*{j)P_jpmBc+PY}Xd+D|4nChP%1un;8dR zqJO3j*#r?l;2l$L4kE}g_4pMC^OxMr%o}peM-}TA19y8R9ST+>%b3{PpMTWUOSODp zcwq=QmMrV=ybse3yb$gUKUXfRPh)%bnq;eEM?K4mz-+_8{QhM(=sNf|kLQRZ^{Wop z1_mw{?;`tR0(uWLVJs90<^n>JS4*o` z3$sYs8KKw*&xnChAZ@s($7rJdrxd@?(V;E(4Thl>k-2Sst{V!3AC&x)s<#<@RGoHL zZ7%8paR310%K^e0=YPSK`#6;iy1I@}B$GaV(BZB&Ztz@8KEHeaAM`r{?DtIkCsuWu ztur1uY?q4+jX?n07P=Ra^eZVc`uwT`Sa#I>>f1vED1f-#BQqp~@#UR}pQqQ(*Qer$ zH;owspMZfwM-$j3dyDF3iZeq#IXh(Cd=7s&@0BXk#P}5iB1oi<{KSSB%wZIC_K4x4 ze1KTC6F{A}y5EYyG-__R1{8cSc~@|nx&mCh|6Dxf_LaA>*z-2jJL>Z#^4*CsgXYFp zO_vv^TiuDgF&2qUCq;ZQ8)!1BQdI8yJheV7>-pNB&du6Z$!E@C8JHO*H!IPvx_40> zDB{p}_8EVNs4WTRfJ3a@uwaiscSK58E0tC}7o{QI9Iz?I=M7)|YkuoHew_hj<`?CM zOb814il>OFiwrkVTk=h~2lOKHhPS^Rer&d!7eW8Esj1ehXc0)lDb}t7x;f~-M&|Rc z?_hR(`N+y8*NIB%rB7Lwr;TLhMZAzhIpgUWmwvA?B2=a(zlgGz z3kx(m&ig6qRke@uS9yJle*G1($@@$hM=4ohCF+kKFzoqcRo_<5elXX7&VI!x9(K)`3$ z-{2-l>23DHjh*gXLyPPgLBL%tvimRCukOg#jS8q9zQx_?xb>CSx=B@jY2!94Ml{x4 zEKvWnXCKUP1?44oCAw}a!-yrWxRnPRtdz`}5{n~)Mw_?yL5^FRa`BZ+-)kQ|R%}V) zQziMB-YaLGBvmOe4D*r7yXxqr0(~(I@u9@7h5(4EQL5@DPoSTu`C`UUvt-v!|G1k* z_9=(QK==vwbUI-Jy6U^(_bDIszcmXnX;efYWhIklvhuV2YA8KgkSs}FTZ5fo(Xd^6 zU~1*pNY3(;ZwB>;*$ClFTBT%>*T20aUk-dZ$9jBc{;@vWQ2jmpNDWoi&4;O*tk?E|8IO3J0fICIleK`uJHl&3=9cmHxf#1?G@Zy7Hb zZ3#Gn^>4)_Ur3{Xy7(-Vo6Eu7G-&&$YAsx4;HoJfrd>I`nNLl4#rEXa*9Z07&NC@~ z(r}By@_Nz-O5#8GWB-9;mt3m{9);{bfz-7enJBz9khv?7&1qX+0$y(G?&WCAmqNZI z)^n(`or1w~#D|VR-mcx3V78e8A?ijEQs({@l~OZy$PbqB zuV(4o=G7k%A%t3A3iG+01yUfkI*3RgYO8Kc#%;r2q7=_y?zcCeUvH>NN?Z_3}4s-QgEmNRJTV{Uj9Od&wo4&!-p{^i0eBI0Lg<6uY1^;4$GZfc`lCVOp3Y+Bbo9$jdLU;{h4IZg!kPFL9{& zR^Pd8p!t&!d=O1^&$J`3mveq6hjr*%W`rGsI%HUCq`;@z*lBW8UrjwW2zbgLH#;wW z-<83e;~^?9XUIhn`b#ataSsV^ZSx;4U_cJe>0k)&hVk|m6V7fAU~xV!FYhv(YJBos zQQPkmv{)7L2HZP>kY(VMFi~F5unT8MvOeEuf|lHgj5vt%EgD;I#E)O0z<7rvkvG$} zmoP|r2l5E=6$yK$mHOU^YOrZj8O65|c*T(OFX zoXRvAZQp}iU_elWvN4QkIzS%A^=QpK5`hT5mIy!^KO!$yIhxF(Z?ZFISlrj7>|rAosOw2 z71oqlo1#n)`i@_?@JKhO-uO#HT+fAsZxE(u2rEt~07sdhh$PbzNwYps)&}X_&l#{I zzXD2>Rmm?g!_OX=41oJ@X=G%??6NDt-+S}H?J)*-5RjzS4%yRcXr&t4H*EmqZ6ggR zbw`s~>G`0DQ8k5I24*A)LIsgvYDQ|}#JgN!LNRzYcKkVGvE7yHI zdQ3O!<~VxjxO579Q}lo+OpOj@dYW8G6=4^VAiA;kX49uPZ?m#M$Dq`H&Yp`b`Ly{K zEZiyw-SdlA^FN%U3TJY%bGJ|Pv5&#Xsgu0=>~b-_&pw}R0psScToV0!^KlmF1dK&V zu7k=;IuT^2f7Tb43R9!opI2f9dqDOcEuH$X(o{sSj6cF)e+CEUV{xQrB>o%wV_z!yg;h9=HqK?8}>$P-`58R29iJ5y=49|A;=RQ zR+4`Tsu*w~Xv5EttV#wcjyQW^^lr^i=JPs7W0~})51oOD;YSjG*5SF<}bOaU3{5 zm1Q!!66BrK;>{fZi&y)0ddl-=cj7_l23#-B*<@|=XZY|=eI!ym0zt1N0X=)zHh$*F zPIp5LXpe$a8VxVu0w$;&49O28xr5S|(T!!@^#+k&vvq&Mwa+%Q-kzT>dAJ-1-Qkpk zwlZS(*>navR4m>A@pupi#er^*>B2aPaK1ZkutXV?N#0Xd88&{3ZBIf=)hId3+a153 zq=FL@GEB&=7T+}R4q%8&u(~r8$g4(C!&fzx>=o3cKcAG3GNnl4M`v5ew_B86$wEv4L*@K5lcFT!*d^qD1(p})^eYY}mvI3M7*uv)kPpS(8hO$4g;M%OK%@CKpw;`eMJMYxla>r9)m(w5oXj)Wm-et4orikj3{)79;6Ln61y@T~1Dv}43Du4xZ^L_oB;C@lXG$1IH zzgKiI7zumk+TmNDJqM=R+;Tg@fAn0;~ z9?HDj?lkYV*l~EikZv+?t=neev~zY_=TB}Ved6~y;3uyJ8lNryXxQO)FEZPSii%EB zUn@0TDf)Fgd$dMS?dxD1_%h&L)!?uNkbdGcY~28yy<2|}$bRYC zeZ{&ty7o6|3WNh+<7wML6<75Q&EfQ!U7fJwFEVSjUwC{5hd zw^b4|)&G!(_mlPjW|MrsaiK_UX`V)I-MZw6!2QW9_>--_+3~v2I;%UjRC@pizJ~x7 z2?}`*c?cDEy|E#x4c+GSZ#`p_rf)!-=EqVKUPoLA<-jVGho?glvS3i5%P63>c?r1h z+Md%Malo0!LCLnz1p5eh+zBowsm=4MUW) zI4(ZAAN`v#dHrarIMl1%E{ktU?T{T6#$Fr>b^u-43r^t7p9ki+?FDqpLpd(b&Q~R%YkK;!! zi8tE2&!3$*nnyh#X~p{1C66J>>!@g}u_an_3WBLF7PXOidGsRlpPg=xZ?AF96e+;i zzSowSnQd*@W@53W+&}Xyt^fVls-WUfFE3tAol&QBHEq9I^L8xe9;Mvpr1Uq*jnPOKTUfep`Gnsy1gIYFDtKrv;Y zq2eym`c*nk4fL0#U1-N)^y@wY$q2DVd36{zWH?01F+i;q>*|>G6UIAvD0NY4Y>V*- z22+UJ4C5p234VOQ-q*aH@L`)@zKJb{kS~m=7gnAdukQ%dSn)24u1T!yXR+ zG(r@L0{M!M1p1NoWd``3b`nPIn5ZzeP^L41tw3y5EYvOrq-812l>2YWPITdwcJivK z5Q85DbK~Y<28^kmJHenJv6$1oU@5?W_bmRxcZz9Q`EFM+O~+qgTr3oqEv9*Uks7x za-_qjJ)He7n;9!*&R|a_j#GX)*K{IrLx#kHDwiDPar=2s>+eFm<=(Ci0D-=~Pfx-l zp2M@JLY_j9%GDlymE@fFhsRW>Q&#n+W^B+ZO3QJ?#T0&crhL2GCJ`bf&96A`=No`{43#S9D-Efsubpl_583FU8OyD>J(D&80p)rR>Fm$=n*?gG?E<9~{Sb2d9zJeM8qH>4T?|9hP2y{YSI!Fg;VXnn=Y@DMmauu1gI1?yw>T&X2+Fj{wVa91ROnsfqg97_CgE)o|g750USIsg6@KQ@b3B`Haf) zTXik%7Fo+_`u{USst_}ka%yO-1iF=iNUNWa*$XfP23AJU5b4i2>= zQKm`7SL-);M%GuqA{zdpK+|Ee+++0Aq1Mt9^P$=Q8Mti-By4kcs~Ds(YzPV6>NK%K zlF$86-Gk*e*EcsEFmF=0VENptz`&xQmBE5xiKj+pkkjiBfmc2$rD_|1o2m4Gd&Z)6 zUtLw$V8u|v@IlegX~pjSvn|p&dL(x(18z;wTBKs=DKc}>3ZF@-Vl0i1D%YK10d7w& zjk*5O`fXqI`s=sOR_(o+xBa%Gz?tV4KR6mY?f&t9&)3B-w))-eV_;xVEpd$~Nl7e8 zwMs5Z1yT$~28Ncp24=cOh9QQgR;C74re@j(Mpgy}!28#BplHa=PsvQH#I3=oa}f(r O1B0ilpUXO@geCxUa!>{U From 859d7d2a829bd9735104b85b06aea403b67e19bd Mon Sep 17 00:00:00 2001 From: Brad Chiappetta Date: Mon, 9 Aug 2021 16:46:33 -0400 Subject: [PATCH 024/132] update greynoise.json --- documentation/website/expansion/greynoise.json | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/documentation/website/expansion/greynoise.json b/documentation/website/expansion/greynoise.json index 4c61727..4988537 100644 --- a/documentation/website/expansion/greynoise.json +++ b/documentation/website/expansion/greynoise.json @@ -1,14 +1,15 @@ { - "description": "Module to access GreyNoise.io API", + "description": "Module to query IP and CVE information from GreyNoise", "logo": "greynoise.png", "requirements": [ - "A Greynoise API key." + "A Greynoise API key. Both Enterprise (Paid) and Community (Free) API keys are supported, however Community API users will only be able to perform IP lookups." ], - "input": "An IP address.", - "output": "Additional information about the IP fetched from Greynoise API.", + "input": "An IP address or CVE ID", + "output": "IP Lookup information or CVE scanning profile for past 7 days", "references": [ "https://greynoise.io/", - "https://github.com/GreyNoise-Intelligence/api.greynoise.io" + "https://docs.greyniose.io/", + "https://www.greynoise.io/viz/account/" ], - "features": "The module takes an IP address as input and queries Greynoise for some additional information about it: basically it checks whether a given IP address is \u201cInternet background noise\u201d, or has been observed scanning or attacking devices across the Internet. The result is returned as text." + "features": "This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days." } \ No newline at end of file From f5fdf343b838f9eee0cbbf346f64ca64d5de08cf Mon Sep 17 00:00:00 2001 From: Jason Zhang Date: Thu, 12 Aug 2021 11:08:09 +0100 Subject: [PATCH 025/132] Sanity checks --- misp_modules/modules/expansion/vmware_nsx.py | 34 ++++++++++++-------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/misp_modules/modules/expansion/vmware_nsx.py b/misp_modules/modules/expansion/vmware_nsx.py index d694c5d..4496268 100644 --- a/misp_modules/modules/expansion/vmware_nsx.py +++ b/misp_modules/modules/expansion/vmware_nsx.py @@ -44,7 +44,7 @@ mispattributes = { moduleinfo = { "version": "0.2", - "author": "Jason Zhang", + "author": "Jason Zhang, Stefano Ortolani", "description": "Enrich a file or URL with VMware NSX Defender", "module-type": ["expansion", "hover"], } @@ -111,12 +111,16 @@ class ResultParser: # Add HTTP requests from url analyses network_dict = result.get("report", {}).get("analysis", {}).get("network", {}) for request in network_dict.get("requests", []): - parsed_uri = parse.urlparse(request["url"]) + if not request["url"] and not request["ip"]: + continue o = pymisp.MISPObject(name="http-request") - o.add_attribute("host", parsed_uri.netloc) o.add_attribute("method", "GET") - o.add_attribute("uri", request["url"]) - o.add_attribute("ip-dst", request["ip"]) + if request["url"]: + parsed_uri = parse.urlparse(request["url"]) + o.add_attribute("host", parsed_uri.netloc) + o.add_attribute("uri", request["url"]) + if request["ip"]: + o.add_attribute("ip-dst", request["ip"]) misp_event.add_object(o) # Add network behaviors from files @@ -129,8 +133,8 @@ class ResultParser: try: if hostname == "wpad" or hostname == "localhost": continue - # Invalid hostname, e.g., hostname: '2.2.0.10.in-addr.arpa. - if hostname[-1] == ".": + # Invalid hostname, e.g., hostname: ZLKKJRPY or 2.2.0.10.in-addr.arpa. + if "." not in hostname or hostname[-1] == ".": continue _ = ipaddress.ip_address(hostname) continue @@ -183,13 +187,15 @@ class ResultParser: misp_event.add_object(o) # Add behaviors - o = pymisp.MISPObject(name="sb-signature") - o.add_attribute("software", "VMware NSX Defender") - for activity in result.get("malicious_activity", []): - a = pymisp.MISPAttribute() - a.from_dict(type="text", value=activity) - o.add_attribute("signature", **a) - misp_event.add_object(o) + # Check if its not empty first, as at least one attribute has to be set for sb-signature object + if result.get("malicious_activity", []): + o = pymisp.MISPObject(name="sb-signature") + o.add_attribute("software", "VMware NSX Defender") + for activity in result.get("malicious_activity", []): + a = pymisp.MISPAttribute() + a.from_dict(type="text", value=activity) + o.add_attribute("signature", **a) + misp_event.add_object(o) # Add mitre techniques for techniques in result.get("activity_to_mitre_techniques", {}).values(): From e36e3ea117b2b6562eaad2008f23a98c5b69f9e5 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 13 Aug 2021 14:11:12 +0200 Subject: [PATCH 026/132] fix: [greynoise] typo fixed --- documentation/website/expansion/greynoise.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/website/expansion/greynoise.json b/documentation/website/expansion/greynoise.json index 4988537..b01c9ad 100644 --- a/documentation/website/expansion/greynoise.json +++ b/documentation/website/expansion/greynoise.json @@ -8,8 +8,8 @@ "output": "IP Lookup information or CVE scanning profile for past 7 days", "references": [ "https://greynoise.io/", - "https://docs.greyniose.io/", + "https://docs.greynoise.io/", "https://www.greynoise.io/viz/account/" ], "features": "This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days." -} \ No newline at end of file +} From d2ed09d081ddef167b2e0095fc5660cdff94d187 Mon Sep 17 00:00:00 2001 From: Martin Ohl Date: Fri, 13 Aug 2021 14:55:08 +0200 Subject: [PATCH 027/132] Create mcafee_insights_enrich.py Module to expand IOC information with McAfee MVISION Insights --- .../expansion/mcafee_insights_enrich.py | 239 ++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100644 misp_modules/modules/expansion/mcafee_insights_enrich.py diff --git a/misp_modules/modules/expansion/mcafee_insights_enrich.py b/misp_modules/modules/expansion/mcafee_insights_enrich.py new file mode 100644 index 0000000..8026d7f --- /dev/null +++ b/misp_modules/modules/expansion/mcafee_insights_enrich.py @@ -0,0 +1,239 @@ +# Written by mohlcyber 13.08.2021 +# MISP Module for McAfee MVISION Insights to query campaign details + +import json +import logging +import requests +import sys + +from . import check_input_attribute, standard_error_message +from pymisp import MISPAttribute, MISPEvent, MISPObject + +misperrors = {'error': 'Error'} +mispattributes = {'input': ["md5", "sha1", "sha256"], + 'format': 'misp_standard'} + +# possible module-types: 'expansion', 'hover' or both +moduleinfo = {'version': '1', 'author': 'Martin Ohl', + 'description': 'Lookup McAfee MVISION Insights Details', + 'module-type': ['hover']} + +# config fields that your code expects from the site admin +moduleconfig = ['api_key', 'client_id', 'client_secret'] + + +class MVAPI(): + def __init__(self, attribute, api_key, client_id, client_secret): + self.misp_event = MISPEvent() + self.attribute = MISPAttribute() + self.attribute.from_dict(**attribute) + self.misp_event.add_attribute(**self.attribute) + + self.base_url = 'https://api.mvision.mcafee.com' + self.session = requests.Session() + + self.api_key = api_key + auth = (client_id, client_secret) + + self.logging() + self.auth(auth) + + def logging(self): + self.logger = logging.getLogger('logs') + self.logger.setLevel('INFO') + handler = logging.StreamHandler() + formatter = logging.Formatter("%(asctime)s;%(levelname)s;%(message)s") + handler.setFormatter(formatter) + self.logger.addHandler(handler) + + def auth(self, auth): + iam_url = "https://iam.mcafee-cloud.com/iam/v1.1/token" + + headers = { + 'x-api-key': self.api_key, + 'Content-Type': 'application/vnd.api+json' + } + + payload = { + "grant_type": "client_credentials", + "scope": "ins.user ins.suser ins.ms.r" + } + + res = self.session.post(iam_url, headers=headers, auth=auth, data=payload) + + if res.status_code != 200: + self.logger.error('Could not authenticate to get the IAM token: {0} - {1}'.format(res.status_code, res.text)) + sys.exit() + else: + self.logger.info('Successful authenticated.') + access_token = res.json()['access_token'] + headers['Authorization'] = 'Bearer ' + access_token + self.session.headers = headers + + def search_ioc(self): + filters = { + 'filter[type][eq]': self.attribute.type, + 'filter[value]': self.attribute.value, + 'fields': 'id, type, value, coverage, uid, is_coat, is_sdb_dirty, category, comment, campaigns, threat, prevalence' + } + res = self.session.get(self.base_url + '/insights/v2/iocs', params=filters) + + if res.ok: + if len(res.json()['data']) == 0: + self.logger.info('No Hash details in MVISION Insights found.') + else: + self.logger.info('Successfully retrieved MVISION Insights details.') + self.logger.debug(res.text) + return res.json() + else: + self.logger.error('Error in search_ioc. HTTP {0} - {1}'.format(str(res.status_code), res.text)) + sys.exit() + + def prep_result(self, ioc): + res = ioc['data'][0] + results = [] + + # Parse out Attribute Category + category_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Attribute Category: {0}'.format(res['attributes']['category']) + } + results.append(category_attr) + + # Parse out Attribute Comment + comment_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Attribute Comment: {0}'.format(res['attributes']['comment']) + } + results.append(comment_attr) + + # Parse out Attribute Dat Coverage + cover_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Dat Version Coverage: {0}'.format(res['attributes']['coverage']['dat_version']['min']) + } + results.append(cover_attr) + + # Parse out if Dirty + cover_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Is Dirty: {0}'.format(res['attributes']['is-sdb-dirty']) + } + results.append(cover_attr) + + # Parse our targeted countries + countries_dict = [] + countries = res['attributes']['prevalence']['countries'] + + for country in countries: + countries_dict.append(country['iso_code']) + + country_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Targeted Countries: {0}'.format(countries_dict) + } + results.append(country_attr) + + # Parse out targeted sectors + sectors_dict = [] + sectors = res['attributes']['prevalence']['sectors'] + + for sector in sectors: + sectors_dict.append(sector['sector']) + + sector_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Targeted Sectors: {0}'.format(sectors_dict) + } + results.append(sector_attr) + + # Parse out Threat Classification + threat_class_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Threat Classification: {0}'.format(res['attributes']['threat']['classification']) + } + results.append(threat_class_attr) + + # Parse out Threat Name + threat_name_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Threat Name: {0}'.format(res['attributes']['threat']['name']) + } + results.append(threat_name_attr) + + # Parse out Threat Severity + threat_sev_attr = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Threat Severity: {0}'.format(res['attributes']['threat']['severity']) + } + results.append(threat_sev_attr) + + # Parse out Attribute ID + attr_id = { + 'type': 'text', + 'object_relation': 'text', + 'value': 'Attribute ID: {0}'.format(res['id']) + } + results.append(attr_id) + + # Parse out Campaign Relationships + campaigns = ioc['included'] + + for campaign in campaigns: + campaign_attr = { + 'type': 'campaign-name', + 'object_relation': 'campaign-name', + 'value': campaign['attributes']['name'] + } + results.append(campaign_attr) + + mv_insights_obj = MISPObject(name='MVISION Insights Details') + for mvi_res in results: + mv_insights_obj.add_attribute(**mvi_res) + mv_insights_obj.add_reference(self.attribute.uuid, 'mvision-insights-details') + + self.misp_event.add_object(mv_insights_obj) + + event = json.loads(self.misp_event.to_json()) + results_mvi = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} + + return {'results': results_mvi} + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + + if not request.get('config') or not request['config'].get('api_key') or not request['config'].get('client_id') or not request['config'].get('client_secret'): + misperrors['error'] = "Please provide MVISION API Key, Client ID and Client Secret." + return misperrors + if request['attribute']['type'] not in mispattributes['input']: + return {'error': 'Unsupported attribute type. Please use {0}'.format(mispattributes['input'])} + + api_key = request['config']['api_key'] + client_id = request['config']['client_id'] + client_secret = request['config']['client_secret'] + attribute = request['attribute'] + + mvi = MVAPI(attribute, api_key, client_id, client_secret) + res = mvi.search_ioc() + return mvi.prep_result(res) + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 209411c6fcd6af9127d744edd1b481ddae86e153 Mon Sep 17 00:00:00 2001 From: Martin Ohl Date: Fri, 13 Aug 2021 14:56:30 +0200 Subject: [PATCH 028/132] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 777fd8d..c2316c8 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [macaddress.io](misp_modules/modules/expansion/macaddress_io.py) - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from [MAC address Vendor Lookup](https://macaddress.io). See [integration tutorial here](https://macaddress.io/integrations/MISP-module). * [macvendors](misp_modules/modules/expansion/macvendors.py) - a hover module to retrieve mac vendor information. * [MALWAREbazaar](misp_modules/modules/expansion/malwarebazaar.py) - an expansion module to query MALWAREbazaar with some payload. +* [McAfee MVISION Insights] (misp_modules/modules/expansion/mcafee_insights_enrich.py) - an expansion module enrich IOCs with McAfee MVISION Insights. * [ocr-enrich](misp_modules/modules/expansion/ocr_enrich.py) - an enrichment module to get OCRized data from images into MISP. * [ods-enrich](misp_modules/modules/expansion/ods_enrich.py) - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser). * [odt-enrich](misp_modules/modules/expansion/odt_enrich.py) - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser). From 431d0812275188ed6a1601241b45e16c87103387 Mon Sep 17 00:00:00 2001 From: Martin Ohl Date: Fri, 13 Aug 2021 14:57:15 +0200 Subject: [PATCH 029/132] Added McAfee MVISION Insights --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2316c8..66caa42 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [macaddress.io](misp_modules/modules/expansion/macaddress_io.py) - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from [MAC address Vendor Lookup](https://macaddress.io). See [integration tutorial here](https://macaddress.io/integrations/MISP-module). * [macvendors](misp_modules/modules/expansion/macvendors.py) - a hover module to retrieve mac vendor information. * [MALWAREbazaar](misp_modules/modules/expansion/malwarebazaar.py) - an expansion module to query MALWAREbazaar with some payload. -* [McAfee MVISION Insights] (misp_modules/modules/expansion/mcafee_insights_enrich.py) - an expansion module enrich IOCs with McAfee MVISION Insights. +* [McAfee MVISION Insights](misp_modules/modules/expansion/mcafee_insights_enrich.py) - an expansion module enrich IOCs with McAfee MVISION Insights. * [ocr-enrich](misp_modules/modules/expansion/ocr_enrich.py) - an enrichment module to get OCRized data from images into MISP. * [ods-enrich](misp_modules/modules/expansion/ods_enrich.py) - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser). * [odt-enrich](misp_modules/modules/expansion/odt_enrich.py) - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser). From 05578b6a0dea60f2e904dff4d2806591fb976083 Mon Sep 17 00:00:00 2001 From: Jason Zhang Date: Tue, 24 Aug 2021 12:31:23 +0100 Subject: [PATCH 030/132] Update dependency files --- Pipfile.lock | 693 +++++++++++++++++++++++++++++-------------------- REQUIREMENTS | 161 ++++++------ pyproject.toml | 3 + 3 files changed, 496 insertions(+), 361 deletions(-) create mode 100644 pyproject.toml diff --git a/Pipfile.lock b/Pipfile.lock index 94f7879..fce2898 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "f466a54a3a73ee9c0475f4955d374184cac4e3b799fea8ca4ead77f2e526cb9a" + "sha256": "53f7c8111e3655205f3816245250a528453b48cf0ea99e2e6b7ae83902949d0c" }, "pipfile-spec": 6, "requires": { @@ -82,10 +82,10 @@ }, "assemblyline-client": { "hashes": [ - "sha256:3403d532f9ce08ac19374ceaecba543baeb297257ab1ae56b23f2fe1b651d3e0" + "sha256:fd434694ecdfb58f86118ccbbdecf37bc753935c7ae43ef7a74bc5a22fa48d21" ], "index": "pypi", - "version": "==4.0.5" + "version": "==4.1.0" }, "async-timeout": { "hashes": [ @@ -103,6 +103,28 @@ "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==21.2.0" }, + "backports.zoneinfo": { + "hashes": [ + "sha256:17746bd546106fa389c51dbea67c8b7c8f0d14b5526a579ca6ccf5ed72c526cf", + "sha256:1b13e654a55cd45672cb54ed12148cd33628f672548f373963b0bff67b217328", + "sha256:1c5742112073a563c81f786e77514969acb58649bcdf6cdf0b4ed31a348d4546", + "sha256:4a0f800587060bf8880f954dbef70de6c11bbe59c673c3d818921f042f9954a6", + "sha256:5c144945a7752ca544b4b78c8c41544cdfaf9786f25fe5ffb10e838e19a27570", + "sha256:7b0a64cda4145548fed9efc10322770f929b944ce5cee6c0dfe0c87bf4c0c8c9", + "sha256:8439c030a11780786a2002261569bdf362264f605dfa4d65090b64b05c9f79a7", + "sha256:8961c0f32cd0336fb8e8ead11a1f8cd99ec07145ec2931122faaac1c8f7fd987", + "sha256:89a48c0d158a3cc3f654da4c2de1ceba85263fafb861b98b59040a5086259722", + "sha256:a76b38c52400b762e48131494ba26be363491ac4f9a04c1b7e92483d169f6582", + "sha256:da6013fd84a690242c310d77ddb8441a559e9cb3d3d59ebac9aca1a57b2e18bc", + "sha256:e55b384612d93be96506932a786bbcde5a2db7a9e6a4bb4bffe8b733f5b9036b", + "sha256:e81b76cace8eda1fca50e345242ba977f9be6ae3945af8d46326d776b4cf78d1", + "sha256:e8236383a20872c0cdf5a62b554b27538db7fa1bbec52429d8d106effbaeca08", + "sha256:f04e857b59d9d1ccc39ce2da1021d196e47234873820cbeaad210724b1ee28ac", + "sha256:fadbfe37f74051d024037f223b8e001611eac868b5c5b06144ef4d8b799862f2" + ], + "markers": "python_version < '3.9'", + "version": "==0.2.1" + }, "backscatter": { "hashes": [ "sha256:7a0d1aa3661635de81e2a09b15d53e35cbe399a111cc58a70925f80e6874abd3", @@ -120,6 +142,14 @@ "index": "pypi", "version": "==4.9.3" }, + "bidict": { + "hashes": [ + "sha256:4fa46f7ff96dc244abfc437383d987404ae861df797e2fd5b190e233c302be09", + "sha256:929d056e8d0d9b17ceda20ba5b24ac388e2a4d39802b87f9f4d3f45ecba070bf" + ], + "markers": "python_version >= '3.6'", + "version": "==0.21.2" + }, "blockchain": { "hashes": [ "sha256:dbaa3eebb6f81b4245005739da802c571b09f98d97eb66520afd95d9ccafebe2" @@ -136,57 +166,53 @@ }, "cffi": { "hashes": [ - "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813", - "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373", - "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69", - "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f", - "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06", - "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05", - "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea", - "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee", - "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0", - "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396", - "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7", - "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f", - "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73", - "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315", - "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76", - "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1", - "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49", - "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed", - "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892", - "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482", - "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058", - "sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5", - "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53", - "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045", - "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3", - "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55", - "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5", - "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e", - "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c", - "sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369", - "sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827", - "sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053", - "sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa", - "sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4", - "sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322", - "sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132", - "sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62", - "sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa", - "sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0", - "sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396", - "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e", - "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991", - "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6", - "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc", - "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1", - "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406", - "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333", - "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d", - "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c" + "sha256:06c54a68935738d206570b20da5ef2b6b6d92b38ef3ec45c5422c0ebaf338d4d", + "sha256:0c0591bee64e438883b0c92a7bed78f6290d40bf02e54c5bf0978eaf36061771", + "sha256:19ca0dbdeda3b2615421d54bef8985f72af6e0c47082a8d26122adac81a95872", + "sha256:22b9c3c320171c108e903d61a3723b51e37aaa8c81255b5e7ce102775bd01e2c", + "sha256:26bb2549b72708c833f5abe62b756176022a7b9a7f689b571e74c8478ead51dc", + "sha256:33791e8a2dc2953f28b8d8d300dde42dd929ac28f974c4b4c6272cb2955cb762", + "sha256:3c8d896becff2fa653dc4438b54a5a25a971d1f4110b32bd3068db3722c80202", + "sha256:4373612d59c404baeb7cbd788a18b2b2a8331abcc84c3ba40051fcd18b17a4d5", + "sha256:487d63e1454627c8e47dd230025780e91869cfba4c753a74fda196a1f6ad6548", + "sha256:48916e459c54c4a70e52745639f1db524542140433599e13911b2f329834276a", + "sha256:4922cd707b25e623b902c86188aca466d3620892db76c0bdd7b99a3d5e61d35f", + "sha256:55af55e32ae468e9946f741a5d51f9896da6b9bf0bbdd326843fec05c730eb20", + "sha256:57e555a9feb4a8460415f1aac331a2dc833b1115284f7ded7278b54afc5bd218", + "sha256:5d4b68e216fc65e9fe4f524c177b54964af043dde734807586cf5435af84045c", + "sha256:64fda793737bc4037521d4899be780534b9aea552eb673b9833b01f945904c2e", + "sha256:6d6169cb3c6c2ad50db5b868db6491a790300ade1ed5d1da29289d73bbe40b56", + "sha256:7bcac9a2b4fdbed2c16fa5681356d7121ecabf041f18d97ed5b8e0dd38a80224", + "sha256:80b06212075346b5546b0417b9f2bf467fea3bfe7352f781ffc05a8ab24ba14a", + "sha256:818014c754cd3dba7229c0f5884396264d51ffb87ec86e927ef0be140bfdb0d2", + "sha256:8eb687582ed7cd8c4bdbff3df6c0da443eb89c3c72e6e5dcdd9c81729712791a", + "sha256:99f27fefe34c37ba9875f224a8f36e31d744d8083e00f520f133cab79ad5e819", + "sha256:9f3e33c28cd39d1b655ed1ba7247133b6f7fc16fa16887b120c0c670e35ce346", + "sha256:a8661b2ce9694ca01c529bfa204dbb144b275a31685a075ce123f12331be790b", + "sha256:a9da7010cec5a12193d1af9872a00888f396aba3dc79186604a09ea3ee7c029e", + "sha256:aedb15f0a5a5949ecb129a82b72b19df97bbbca024081ed2ef88bd5c0a610534", + "sha256:b315d709717a99f4b27b59b021e6207c64620790ca3e0bde636a6c7f14618abb", + "sha256:ba6f2b3f452e150945d58f4badd92310449876c4c954836cfb1803bdd7b422f0", + "sha256:c33d18eb6e6bc36f09d793c0dc58b0211fccc6ae5149b808da4a62660678b156", + "sha256:c9a875ce9d7fe32887784274dd533c57909b7b1dcadcc128a2ac21331a9765dd", + "sha256:c9e005e9bd57bc987764c32a1bee4364c44fdc11a3cc20a40b93b444984f2b87", + "sha256:d2ad4d668a5c0645d281dcd17aff2be3212bc109b33814bbb15c4939f44181cc", + "sha256:d950695ae4381ecd856bcaf2b1e866720e4ab9a1498cba61c602e56630ca7195", + "sha256:e22dcb48709fc51a7b58a927391b23ab37eb3737a98ac4338e2448bef8559b33", + "sha256:e8c6a99be100371dbb046880e7a282152aa5d6127ae01783e37662ef73850d8f", + "sha256:e9dc245e3ac69c92ee4c167fbdd7428ec1956d4e754223124991ef29eb57a09d", + "sha256:eb687a11f0a7a1839719edd80f41e459cc5366857ecbed383ff376c4e3cc6afd", + "sha256:eb9e2a346c5238a30a746893f23a9535e700f8192a68c07c0258e7ece6ff3728", + "sha256:ed38b924ce794e505647f7c331b22a693bee1538fdf46b0222c4717b42f744e7", + "sha256:f0010c6f9d1a4011e429109fda55a225921e3206e7f62a0c22a35344bfd13cca", + "sha256:f0c5d1acbfca6ebdd6b1e3eded8d261affb6ddcf2186205518f1428b8569bb99", + "sha256:f10afb1004f102c7868ebfe91c28f4a712227fe4cb24974350ace1f90e1febbf", + "sha256:f174135f5609428cc6e1b9090f9268f5c8935fddb1b25ccb8255a2d50de6789e", + "sha256:f3ebe6e73c319340830a9b2825d32eb6d8475c1dac020b4f0aa774ee3b898d1c", + "sha256:f627688813d0a4140153ff532537fbe4afea5a3dffce1f9deb7f91f848a832b5", + "sha256:fd4305f86f53dfd8cd3522269ed7fc34856a8ee3709a5e28b2836b2db9d4cd69" ], - "version": "==1.14.5" + "version": "==1.14.6" }, "chardet": { "hashes": [ @@ -196,6 +222,14 @@ "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==4.0.0" }, + "charset-normalizer": { + "hashes": [ + "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b", + "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3" + ], + "markers": "python_version >= '3'", + "version": "==2.0.4" + }, "clamd": { "hashes": [ "sha256:5c32546b7d1eb00fd6be00a889d79e00fbf980ed082826ccfa369bce3dcff5e7", @@ -258,10 +292,13 @@ "sha256:3d8427734c781ea5f1b41d6589c293089704d4759e34597dce91014ac125aad1", "sha256:7ec5d3b029f5fa2b179325908b9cd93db28ab7b85bb6c1db56b10e0b54235177", "sha256:8e56e16617872b0957d1c9742a3f94b43533447fd78321514abbe7db216aa250", + "sha256:b01fd6f2737816cb1e08ed4807ae194404790eac7ad030b34f2ce72b332f5586", + "sha256:bf40af59ca2465b24e54f671b2de2c59257ddc4f7e5706dbd6930e26823668d3", "sha256:de4e5f7f68220d92b7637fc99847475b59154b7a1b3868fb7385337af54ac9ca", "sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d", "sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9" ], + "markers": "python_version >= '3.6'", "version": "==3.4.7" }, "decorator": { @@ -382,11 +419,11 @@ }, "idna": { "hashes": [ - "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6", - "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" + "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a", + "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.10" + "markers": "python_version >= '3'", + "version": "==3.2" }, "idna-ssl": { "hashes": [ @@ -419,16 +456,17 @@ }, "jbxapi": { "hashes": [ - "sha256:2cdb8e935cb35c3af83209b847cedb3911b5f0b4d905ed89f76fa0e34d62ea26" + "sha256:5a1016282bf8a79032346dbe2abb9f597b7e7b811e0964f5bccce9da80eab1b0", + "sha256:99d748c9f48f410d858313d6e53663668231384f895d8ed574a02eada1244bc9" ], "index": "pypi", - "version": "==3.16.0" + "version": "==3.17.2" }, "json-log-formatter": { "hashes": [ - "sha256:03029bddba697d2f6c81419a80f1c58d3a89ae715336c6a88b370e7d2c983198" + "sha256:3644f30233f22746fd181d1340cc8096520a4f464d18877270b8664554e61f81" ], - "version": "==0.3.1" + "version": "==0.4.0" }, "jsonschema": { "hashes": [ @@ -495,6 +533,7 @@ "sha256:542d454665a3e277f76954418124d67516c5f88e51a900365ed54a9806122b83", "sha256:5a0a14e264069c03e46f926be0d8919f4105c1623d620e7ec0e612a2e9bf1c04", "sha256:5c8c163396cc0df3fd151b927e74f6e4acd67160d6c33304e805b84293351d16", + "sha256:64812391546a18896adaa86c77c59a4998f33c24788cadc35789e55b727a37f4", "sha256:66e575c62792c3f9ca47cb8b6fab9e35bab91360c783d1606f758761810c9791", "sha256:6f12e1427285008fd32a6025e38e977d44d6382cf28e7201ed10d6c1698d2a9a", "sha256:74f7d8d439b18fa4c385f3f5dfd11144bb87c1da034a466c5b5577d23a1d9b51", @@ -509,6 +548,7 @@ "sha256:b007cbb845b28db4fb8b6a5cdcbf65bacb16a8bd328b53cbc0698688a68e1caa", "sha256:bc4313cbeb0e7a416a488d72f9680fffffc645f8a838bd2193809881c67dd106", "sha256:bccbfc27563652de7dc9bdc595cb25e90b59c5f8e23e806ed0fd623755b6565d", + "sha256:c1a40c06fd5ba37ad39caa0b3144eb3772e813b5fb5b084198a985431c2f1e8d", "sha256:c47ff7e0a36d4efac9fd692cfa33fbd0636674c102e9e8d9b26e1b93a94e7617", "sha256:c4f05c5a7c49d2fb70223d0d5bcfbe474cf928310ac9fa6a7c6dddc831d0b1d4", "sha256:cdaf11d2bd275bf391b5308f86731e5194a21af45fbaaaf1d9e8147b9160ea92", @@ -553,6 +593,14 @@ "editable": true, "path": "." }, + "more-itertools": { + "hashes": [ + "sha256:2cf89ec599962f2ddc4d568a05defc40e0a587fbc10d5989713638864c36be4d", + "sha256:83f0308e05477c68f56ea3a888172c78ed5d5b3c282addb67508e7ba6c8f813a" + ], + "markers": "python_version >= '3.5'", + "version": "==8.8.0" + }, "msoffcrypto-tool": { "hashes": [ "sha256:234f85ef59945fa1ebb618ca029f31f0cb43a637344dbda5c1bb8578b2d96a68", @@ -613,33 +661,39 @@ }, "numpy": { "hashes": [ - "sha256:1676b0a292dd3c99e49305a16d7a9f42a4ab60ec522eac0d3dd20cdf362ac010", - "sha256:16f221035e8bd19b9dc9a57159e38d2dd060b48e93e1d843c49cb370b0f415fd", - "sha256:43909c8bb289c382170e0282158a38cf306a8ad2ff6dfadc447e90f9961bef43", - "sha256:4e465afc3b96dbc80cf4a5273e5e2b1e3451286361b4af70ce1adb2984d392f9", - "sha256:55b745fca0a5ab738647d0e4db099bd0a23279c32b31a783ad2ccea729e632df", - "sha256:5d050e1e4bc9ddb8656d7b4f414557720ddcca23a5b88dd7cff65e847864c400", - "sha256:637d827248f447e63585ca3f4a7d2dfaa882e094df6cfa177cc9cf9cd6cdf6d2", - "sha256:6690080810f77485667bfbff4f69d717c3be25e5b11bb2073e76bb3f578d99b4", - "sha256:66fbc6fed94a13b9801fb70b96ff30605ab0a123e775a5e7a26938b717c5d71a", - "sha256:67d44acb72c31a97a3d5d33d103ab06d8ac20770e1c5ad81bdb3f0c086a56cf6", - "sha256:6ca2b85a5997dabc38301a22ee43c82adcb53ff660b89ee88dded6b33687e1d8", - "sha256:6e51534e78d14b4a009a062641f465cfaba4fdcb046c3ac0b1f61dd97c861b1b", - "sha256:70eb5808127284c4e5c9e836208e09d685a7978b6a216db85960b1a112eeace8", - "sha256:830b044f4e64a76ba71448fce6e604c0fc47a0e54d8f6467be23749ac2cbd2fb", - "sha256:8b7bb4b9280da3b2856cb1fc425932f46fba609819ee1c62256f61799e6a51d2", - "sha256:a9c65473ebc342715cb2d7926ff1e202c26376c0dcaaee85a1fd4b8d8c1d3b2f", - "sha256:c1c09247ccea742525bdb5f4b5ceeacb34f95731647fe55774aa36557dbb5fa4", - "sha256:c5bf0e132acf7557fc9bb8ded8b53bbbbea8892f3c9a1738205878ca9434206a", - "sha256:db250fd3e90117e0312b611574cd1b3f78bec046783195075cbd7ba9c3d73f16", - "sha256:e515c9a93aebe27166ec9593411c58494fa98e5fcc219e47260d9ab8a1cc7f9f", - "sha256:e55185e51b18d788e49fe8305fd73ef4470596b33fc2c1ceb304566b99c71a69", - "sha256:ea9cff01e75a956dbee133fa8e5b68f2f92175233de2f88de3a682dd94deda65", - "sha256:f1452578d0516283c87608a5a5548b0cdde15b99650efdfd85182102ef7a7c17", - "sha256:f39a995e47cb8649673cfa0579fbdd1cdd33ea497d1728a6cb194d6252268e48" + "sha256:09858463db6dd9f78b2a1a05c93f3b33d4f65975771e90d2cf7aadb7c2f66edf", + "sha256:209666ce9d4a817e8a4597cd475b71b4878a85fa4b8db41d79fdb4fdee01dde2", + "sha256:298156f4d3d46815eaf0fcf0a03f9625fc7631692bd1ad851517ab93c3168fc6", + "sha256:30fc68307c0155d2a75ad19844224be0f2c6f06572d958db4e2053f816b859ad", + "sha256:423216d8afc5923b15df86037c6053bf030d15cc9e3224206ef868c2d63dd6dc", + "sha256:426a00b68b0d21f2deb2ace3c6d677e611ad5a612d2c76494e24a562a930c254", + "sha256:466e682264b14982012887e90346d33435c984b7fead7b85e634903795c8fdb0", + "sha256:51a7b9db0a2941434cd930dacaafe0fc9da8f3d6157f9d12f761bbde93f46218", + "sha256:52a664323273c08f3b473548bf87c8145b7513afd63e4ebba8496ecd3853df13", + "sha256:550564024dc5ceee9421a86fc0fb378aa9d222d4d0f858f6669eff7410c89bef", + "sha256:5de64950137f3a50b76ce93556db392e8f1f954c2d8207f78a92d1f79aa9f737", + "sha256:640c1ccfd56724f2955c237b6ccce2e5b8607c3bc1cc51d3933b8c48d1da3723", + "sha256:7fdc7689daf3b845934d67cb221ba8d250fdca20ac0334fea32f7091b93f00d3", + "sha256:805459ad8baaf815883d0d6f86e45b3b0b67d823a8f3fa39b1ed9c45eaf5edf1", + "sha256:92a0ab128b07799dd5b9077a9af075a63467d03ebac6f8a93e6440abfea4120d", + "sha256:9f2dc79c093f6c5113718d3d90c283f11463d77daa4e83aeeac088ec6a0bda52", + "sha256:a5109345f5ce7ddb3840f5970de71c34a0ff7fceb133c9441283bb8250f532a3", + "sha256:a55e4d81c4260386f71d22294795c87609164e22b28ba0d435850fbdf82fc0c5", + "sha256:a9da45b748caad72ea4a4ed57e9cd382089f33c5ec330a804eb420a496fa760f", + "sha256:b160b9a99ecc6559d9e6d461b95c8eec21461b332f80267ad2c10394b9503496", + "sha256:b342064e647d099ca765f19672696ad50c953cac95b566af1492fd142283580f", + "sha256:b5e8590b9245803c849e09bae070a8e1ff444f45e3f0bed558dd722119eea724", + "sha256:bf75d5825ef47aa51d669b03ce635ecb84d69311e05eccea083f31c7570c9931", + "sha256:c01b59b33c7c3ba90744f2c695be571a3bd40ab2ba7f3d169ffa6db3cfba614f", + "sha256:d96a6a7d74af56feb11e9a443150216578ea07b7450f7c05df40eec90af7f4a7", + "sha256:dd0e3651d210068d13e18503d75aaa45656eef51ef0b261f891788589db2cc38", + "sha256:e167b9805de54367dcb2043519382be541117503ce99e3291cc9b41ca0a83557", + "sha256:e42029e184008a5fd3d819323345e25e2337b0ac7f5c135b7623308530209d57", + "sha256:f545c082eeb09ae678dd451a1b1dbf17babd8a0d7adea02897a76e639afca310", + "sha256:fde50062d67d805bc96f1a9ecc0d37bfc2a8f02b937d2c50824d186aa91f2419" ], - "markers": "python_version >= '3.7'", - "version": "==1.20.3" + "markers": "python_version < '3.11' and python_version >= '3.7'", + "version": "==1.21.2" }, "oauth2": { "hashes": [ @@ -670,67 +724,73 @@ }, "opencv-python": { "hashes": [ - "sha256:0118a086fad8d77acdf46ac68df49d4167fbb85420f8bcf2615d7b74fc03aae0", - "sha256:050227e5728ea8316ec114aca8f43d56253cbb1c50983e3b136a988254a83118", - "sha256:08327a38564786bf73e387736f080e8ad4c110b394ca4af2ecec8277b305bf44", - "sha256:0a3aef70b7c53bbd22ade86a4318b8a2ad98d3c3ed3d0c315f18bf1a2d868709", - "sha256:10325c3fd571e33a11eb5f0e5d265d73baef22dbb34c977f28df7e22de47b0bc", - "sha256:2436b71346d1eed423577fac8cd3aa9c0832ea97452444dc7f856b2f09600dba", - "sha256:4b8814d3f0cf01e8b8624125f7dcfb095893abcc04083cb4968fa1629bc81161", - "sha256:4e6c2d8320168a4f76822fbb76df3b18688ac5e068d49ac38a4ce39af0f8e1a6", - "sha256:6b2573c6367ec0052b37e375d18638a885dd7a10a5ef8dd726b391969c227f23", - "sha256:6e2070e35f2aaca3d1259093c786d4e373004b36d89a94e81943247c6ed3d4e1", - "sha256:89a2b45429bf945988a17b0404431d9d8fdc9e04fb2450b56fa01f6f9477101d", - "sha256:8cf81f53ac5ad900ca443a8252c4e0bc1256f1c2cb2d8459df2ba1ac014dfa36", - "sha256:9680ab256ab31bdafd74f6cf55eb570e5629b5604d50fd69dd1bd2a8124f0611", - "sha256:a8020cc6145c6934192189058743a55189750df6dff894396edb8b35a380cc48", - "sha256:b3bef3f2a2ab3c201784d12ec6b5c9e61c920c15b6854d8d2f62fd019e3df846", - "sha256:b724a96eeb88842bd2371b1ffe2da73b6295063ba5c029aa34139d25b8315a3f", - "sha256:c446555cbbc4f5e809f9c15ac1b6200024032d9859f5ac5a2ca7669d09e4c91c", - "sha256:d9004e2cc90bb2862cdc1d062fac5163d3def55b200081d4520d3e90b4c7197b", - "sha256:ef3102b70aa59ab3fed69df30465c1b7587d681e963dfff5146de233c75df7ba", - "sha256:f12f39c1e5001e1c00df5873e3eee6f0232b7723a60b7ef438b1e23f1341df0e" + "sha256:05c5139d620e8d02f7ce0921796d55736fa19fa15e2ec00a388db2eb1ae1e9a1", + "sha256:085232718f28bddd265da480874c37db5c7354cb08f23f4a68a8639b16276a89", + "sha256:18a4a14015eee30d9cd514db8cdefbf594b1d5c234762d27abe512d62a333bc3", + "sha256:205a73adb29c37e42475645519e612e843a985475da993d10b4d5daa6afec36a", + "sha256:3c001d3feec7f3140f1fb78dfc52ca28122db8240826882d175a208a89d2731b", + "sha256:437f30e300725e1d1b3744dbfbc66a523a4744792b58f3dbe1e9140c8f4dfba5", + "sha256:5366fcd6eae4243add3c8c92142045850f1db8e464bcf0b75313e1596b2e3671", + "sha256:54c64e86a087841869901fd34462bb6bec01cd4652800fdf5d92fe7b0596c82f", + "sha256:6763729fcfee2a08e069aa1982c9a8c1abf55b9cdf2fb9640eda1d85bdece19a", + "sha256:68813b720b88e4951e84399b9a8a7b532d45a07a96ea8f539636242f862e32e0", + "sha256:7f41b97d84ac66bdf13cb4d9f4dad3e159525ba1e3f421e670c787ce536eb70a", + "sha256:831b92fe63ce18dd628f71104da7e60596658b75e2fa16b83aefa3eb10c115e2", + "sha256:881f3d85269500e0c7d72b140a6ebb5c14a089f8140fb9da7ce01f12a245858e", + "sha256:8852be06c0749fef0d9c58f532bbcb0570968c59e41cf56b90f5c92593c6e108", + "sha256:8b5bc61be7fc8565140b746288b370a4bfdb4edb9d680b66bb914e7690485db1", + "sha256:8d3282138f3a8646941089aae142684910ebe40776266448eab5f4bb609fc63f", + "sha256:9a78558b5ae848386edbb843c761e5fed5a8480be9af16274a5a78838529edeb", + "sha256:b42bbba9f5421865377c7960bd4f3dd881003b322a6bf46ed2302b89224d102b", + "sha256:c360cb76ad1ddbd5d2d3e730b42f2ff6e4be08ea6f4a6eefacca175d27467e8f", + "sha256:cdc3363c2911d7cfc6c9f55308c51c2841a7aecbf0bf5e791499d220ce89d880", + "sha256:e1f54736272830a1e895cedf7a4ee67737e31e966d380c82a81ef22515d043a3", + "sha256:e42c644a70d5c54f53a4b114dbd88b4eb83f42a9ca998f07bd5682f3f404efcc", + "sha256:f1bda4d144f5204e077ca4571453ebb2015e5748d5e0043386c92c2bbf7f52eb", + "sha256:f3ac2355217114a683f3f72a9c40a5890914a59c4a2df62e4083c66ff65c9cf9" ], "index": "pypi", - "version": "==4.5.2.54" + "version": "==4.5.3.56" }, "pandas": { "hashes": [ - "sha256:167693a80abc8eb28051fbd184c1b7afd13ce2c727a5af47b048f1ea3afefff4", - "sha256:2111c25e69fa9365ba80bbf4f959400054b2771ac5d041ed19415a8b488dc70a", - "sha256:298f0553fd3ba8e002c4070a723a59cdb28eda579f3e243bc2ee397773f5398b", - "sha256:2b063d41803b6a19703b845609c0b700913593de067b552a8b24dd8eeb8c9895", - "sha256:2cb7e8f4f152f27dc93f30b5c7a98f6c748601ea65da359af734dd0cf3fa733f", - "sha256:52d2472acbb8a56819a87aafdb8b5b6d2b3386e15c95bde56b281882529a7ded", - "sha256:612add929bf3ba9d27b436cc8853f5acc337242d6b584203f207e364bb46cb12", - "sha256:649ecab692fade3cbfcf967ff936496b0cfba0af00a55dfaacd82bdda5cb2279", - "sha256:68d7baa80c74aaacbed597265ca2308f017859123231542ff8a5266d489e1858", - "sha256:8d4c74177c26aadcfb4fd1de6c1c43c2bf822b3e0fc7a9b409eeaf84b3e92aaa", - "sha256:971e2a414fce20cc5331fe791153513d076814d30a60cd7348466943e6e909e4", - "sha256:9db70ffa8b280bb4de83f9739d514cd0735825e79eef3a61d312420b9f16b758", - "sha256:b730add5267f873b3383c18cac4df2527ac4f0f0eed1c6cf37fcb437e25cf558", - "sha256:bd659c11a4578af740782288cac141a322057a2e36920016e0fc7b25c5a4b686", - "sha256:c601c6fdebc729df4438ec1f62275d6136a0dd14d332fc0e8ce3f7d2aadb4dd6", - "sha256:d0877407359811f7b853b548a614aacd7dea83b0c0c84620a9a643f180060950" + "sha256:0cd5776be891331a3e6b425b5abeab9596abea18435c5982191356f9b24ae731", + "sha256:1099e2a0cd3a01ec62cca183fc1555833a2d43764950ef8cb5948c8abfc51014", + "sha256:132def05e73d292c949b02e7ef873debb77acc44a8b119d215921046f0c3a91d", + "sha256:1738154049062156429a5cf2fd79a69c9f3fa4f231346a7ec6fd156cd1a9a621", + "sha256:34ced9ce5d5b17b556486da7256961b55b471d64a8990b56e67a84ebeb259416", + "sha256:53b17e4debba26b7446b1e4795c19f94f0c715e288e08145e44bdd2865e819b3", + "sha256:59a78d7066d1c921a77e3306aa0ebf6e55396c097d5dfcc4df8defe3dcecb735", + "sha256:66a95361b81b4ba04b699ecd2416b0591f40cd1e24c60a8bfe0d19009cfa575a", + "sha256:69e1b2f5811f46827722fd641fdaeedb26002bd1e504eacc7a8ec36bdc25393e", + "sha256:7996d311413379136baf0f3cf2a10e331697657c87ced3f17ac7c77f77fe34a3", + "sha256:89f40e5d21814192802421df809f948247d39ffe171e45fe2ab4abf7bd4279d8", + "sha256:9cce01f6d655b4add966fcd36c32c5d1fe84628e200626b3f5e2f40db2d16a0f", + "sha256:a56246de744baf646d1f3e050c4653d632bc9cd2e0605f41051fea59980e880a", + "sha256:ba7ceb8abc6dbdb1e34612d1173d61e4941f1a1eb7e6f703b2633134ae6a6c89", + "sha256:c9e8e0ce5284ebebe110efd652c164ed6eab77f5de4c3533abc756302ee77765", + "sha256:cbcb84d63867af3411fa063af3de64902665bb5b3d40b25b2059e40603594e87", + "sha256:f07a9745ca075ae73a5ce116f5e58f691c0dc9de0bff163527858459df5c176f", + "sha256:fa54dc1d3e5d004a09ab0b1751473698011ddf03e14f1f59b84ad9a6ac630975", + "sha256:fcb71b1935249de80e3a808227189eee381d4d74a31760ced2df21eedc92a8e3" ], "index": "pypi", - "version": "==1.2.4" + "version": "==1.3.2" }, "pandas-ods-reader": { "hashes": [ - "sha256:d2d6e4f9cd2850da32808bbc68d433a337911058387992026d3987ead1f4a7c8", - "sha256:d4d6781cc46e782e265b48681416f636e7659343dec948c6fccc4236af6fa1e6" + "sha256:bea2dd630416cd73cbf6e3e8a6d5b291ae7780f3fa2989e5583df12620c3963f" ], "index": "pypi", - "version": "==0.0.7" + "version": "==0.1.2" }, "passivetotal": { "hashes": [ - "sha256:32740c5b5a1f950320c0350aa002b0b35cda5941db7e441b22b01419f4923eec", - "sha256:3c2c7be55764930d7db83ad53baa42e69228d1534195451cc3a519f866a856c8" + "sha256:246b5a331e39f862dc195c650ede1f6968cea923cd2512cfd51d5e0d6746b912", + "sha256:7896269acfcddb5ee649a06878b1e237ae771ab2063ebdaca3bf46f60e333a3c" ], "index": "pypi", - "version": "==2.4.2" + "version": "==2.5.4" }, "pcodedmp": { "hashes": [ @@ -741,50 +801,55 @@ }, "pdftotext": { "hashes": [ - "sha256:caf8ddbaeaf0a5897f07655a71747242addab2e695e84c5d47f2ea92dfe2a594" + "sha256:efbbfb14cf37ed7ab2c71936bae44707dfed6bb3be7ea5214e9c44c8c258c7af" ], "index": "pypi", - "version": "==2.1.6" + "version": "==2.2.0" }, "pillow": { "hashes": [ - "sha256:01425106e4e8cee195a411f729cff2a7d61813b0b11737c12bd5991f5f14bcd5", - "sha256:031a6c88c77d08aab84fecc05c3cde8414cd6f8406f4d2b16fed1e97634cc8a4", - "sha256:083781abd261bdabf090ad07bb69f8f5599943ddb539d64497ed021b2a67e5a9", - "sha256:0d19d70ee7c2ba97631bae1e7d4725cdb2ecf238178096e8c82ee481e189168a", - "sha256:0e04d61f0064b545b989126197930807c86bcbd4534d39168f4aa5fda39bb8f9", - "sha256:12e5e7471f9b637762453da74e390e56cc43e486a88289995c1f4c1dc0bfe727", - "sha256:22fd0f42ad15dfdde6c581347eaa4adb9a6fc4b865f90b23378aa7914895e120", - "sha256:238c197fc275b475e87c1453b05b467d2d02c2915fdfdd4af126145ff2e4610c", - "sha256:3b570f84a6161cf8865c4e08adf629441f56e32f180f7aa4ccbd2e0a5a02cba2", - "sha256:463822e2f0d81459e113372a168f2ff59723e78528f91f0bd25680ac185cf797", - "sha256:4d98abdd6b1e3bf1a1cbb14c3895226816e666749ac040c4e2554231068c639b", - "sha256:5afe6b237a0b81bd54b53f835a153770802f164c5570bab5e005aad693dab87f", - "sha256:5b70110acb39f3aff6b74cf09bb4169b167e2660dabc304c1e25b6555fa781ef", - "sha256:5cbf3e3b1014dddc45496e8cf38b9f099c95a326275885199f427825c6522232", - "sha256:624b977355cde8b065f6d51b98497d6cd5fbdd4f36405f7a8790e3376125e2bb", - "sha256:63728564c1410d99e6d1ae8e3b810fe012bc440952168af0a2877e8ff5ab96b9", - "sha256:66cc56579fd91f517290ab02c51e3a80f581aba45fd924fcdee01fa06e635812", - "sha256:6c32cc3145928c4305d142ebec682419a6c0a8ce9e33db900027ddca1ec39178", - "sha256:8b56553c0345ad6dcb2e9b433ae47d67f95fc23fe28a0bde15a120f25257e291", - "sha256:8bb1e155a74e1bfbacd84555ea62fa21c58e0b4e7e6b20e4447b8d07990ac78b", - "sha256:95d5ef984eff897850f3a83883363da64aae1000e79cb3c321915468e8c6add5", - "sha256:a013cbe25d20c2e0c4e85a9daf438f85121a4d0344ddc76e33fd7e3965d9af4b", - "sha256:a787ab10d7bb5494e5f76536ac460741788f1fbce851068d73a87ca7c35fc3e1", - "sha256:a7d5e9fad90eff8f6f6106d3b98b553a88b6f976e51fce287192a5d2d5363713", - "sha256:aac00e4bc94d1b7813fe882c28990c1bc2f9d0e1aa765a5f2b516e8a6a16a9e4", - "sha256:b91c36492a4bbb1ee855b7d16fe51379e5f96b85692dc8210831fbb24c43e484", - "sha256:c03c07ed32c5324939b19e36ae5f75c660c81461e312a41aea30acdd46f93a7c", - "sha256:c5236606e8570542ed424849f7852a0ff0bce2c4c8d0ba05cc202a5a9c97dee9", - "sha256:c6b39294464b03457f9064e98c124e09008b35a62e3189d3513e5148611c9388", - "sha256:cb7a09e173903541fa888ba010c345893cd9fc1b5891aaf060f6ca77b6a3722d", - "sha256:d68cb92c408261f806b15923834203f024110a2e2872ecb0bd2a110f89d3c602", - "sha256:dc38f57d8f20f06dd7c3161c59ca2c86893632623f33a42d592f097b00f720a9", - "sha256:e98eca29a05913e82177b3ba3d198b1728e164869c613d76d0de4bde6768a50e", - "sha256:f217c3954ce5fd88303fc0c317af55d5e0204106d86dea17eb8205700d47dec2" + "sha256:0b2efa07f69dc395d95bb9ef3299f4ca29bcb2157dc615bae0b42c3c20668ffc", + "sha256:114f816e4f73f9ec06997b2fde81a92cbf0777c9e8f462005550eed6bae57e63", + "sha256:147bd9e71fb9dcf08357b4d530b5167941e222a6fd21f869c7911bac40b9994d", + "sha256:15a2808e269a1cf2131930183dcc0419bc77bb73eb54285dde2706ac9939fa8e", + "sha256:196560dba4da7a72c5e7085fccc5938ab4075fd37fe8b5468869724109812edd", + "sha256:1c03e24be975e2afe70dfc5da6f187eea0b49a68bb2b69db0f30a61b7031cee4", + "sha256:1fd5066cd343b5db88c048d971994e56b296868766e461b82fa4e22498f34d77", + "sha256:29c9569049d04aaacd690573a0398dbd8e0bf0255684fee512b413c2142ab723", + "sha256:2b6dfa068a8b6137da34a4936f5a816aba0ecc967af2feeb32c4393ddd671cba", + "sha256:2cac53839bfc5cece8fdbe7f084d5e3ee61e1303cccc86511d351adcb9e2c792", + "sha256:2ee77c14a0299d0541d26f3d8500bb57e081233e3fa915fa35abd02c51fa7fae", + "sha256:37730f6e68bdc6a3f02d2079c34c532330d206429f3cee651aab6b66839a9f0e", + "sha256:3f08bd8d785204149b5b33e3b5f0ebbfe2190ea58d1a051c578e29e39bfd2367", + "sha256:479ab11cbd69612acefa8286481f65c5dece2002ffaa4f9db62682379ca3bb77", + "sha256:4bc3c7ef940eeb200ca65bd83005eb3aae8083d47e8fcbf5f0943baa50726856", + "sha256:660a87085925c61a0dcc80efb967512ac34dbb256ff7dd2b9b4ee8dbdab58cf4", + "sha256:67b3666b544b953a2777cb3f5a922e991be73ab32635666ee72e05876b8a92de", + "sha256:70af7d222df0ff81a2da601fab42decb009dc721545ed78549cb96e3a1c5f0c8", + "sha256:75e09042a3b39e0ea61ce37e941221313d51a9c26b8e54e12b3ececccb71718a", + "sha256:8960a8a9f4598974e4c2aeb1bff9bdd5db03ee65fd1fce8adf3223721aa2a636", + "sha256:9364c81b252d8348e9cc0cb63e856b8f7c1b340caba6ee7a7a65c968312f7dab", + "sha256:969cc558cca859cadf24f890fc009e1bce7d7d0386ba7c0478641a60199adf79", + "sha256:9a211b663cf2314edbdb4cf897beeb5c9ee3810d1d53f0e423f06d6ebbf9cd5d", + "sha256:a17ca41f45cf78c2216ebfab03add7cc350c305c38ff34ef4eef66b7d76c5229", + "sha256:a2f381932dca2cf775811a008aa3027671ace723b7a38838045b1aee8669fdcf", + "sha256:a4eef1ff2d62676deabf076f963eda4da34b51bc0517c70239fafed1d5b51500", + "sha256:c088a000dfdd88c184cc7271bfac8c5b82d9efa8637cd2b68183771e3cf56f04", + "sha256:c0e0550a404c69aab1e04ae89cca3e2a042b56ab043f7f729d984bf73ed2a093", + "sha256:c11003197f908878164f0e6da15fce22373ac3fc320cda8c9d16e6bba105b844", + "sha256:c2a5ff58751670292b406b9f06e07ed1446a4b13ffced6b6cab75b857485cbc8", + "sha256:c35d09db702f4185ba22bb33ef1751ad49c266534339a5cebeb5159d364f6f82", + "sha256:c379425c2707078dfb6bfad2430728831d399dc95a7deeb92015eb4c92345eaf", + "sha256:cc866706d56bd3a7dbf8bac8660c6f6462f2f2b8a49add2ba617bc0c54473d83", + "sha256:d0da39795049a9afcaadec532e7b669b5ebbb2a9134576ebcc15dd5bdae33cc0", + "sha256:f156d6ecfc747ee111c167f8faf5f4953761b5e66e91a4e6767e548d0f80129c", + "sha256:f4ebde71785f8bceb39dcd1e7f06bcc5d5c3cf48b9f69ab52636309387b097c8", + "sha256:fc214a6b75d2e0ea7745488da7da3c381f41790812988c7a92345978414fad37", + "sha256:fd7eef578f5b2200d066db1b50c4aa66410786201669fb76d5238b007918fb24", + "sha256:ff04c373477723430dce2e9d024c708a047d44cf17166bf16e604b379bf0ca14" ], "index": "pypi", - "version": "==8.2.0" + "version": "==8.3.1" }, "progressbar2": { "hashes": [ @@ -948,7 +1013,7 @@ "pyipasnhistory": { "editable": true, "git": "https://github.com/D4-project/IPASN-History.git/", - "ref": "1f020c44c440988899a6798903fd6941e06f8930", + "ref": "a2853c39265cecdd0c0d16850bd34621c0551b87", "subdirectory": "client" }, "pymisp": { @@ -959,24 +1024,17 @@ "pdfexport" ], "hashes": [ - "sha256:81be4569199c117513d35d06f3cd46d5b412c1e8509ec1cfa0e6bfd19751ef4f", - "sha256:cf04fe19391fed4251cef1f267d80a19e37ed4b88602fb5f9790a3cd814d9d00" + "sha256:5971eba9a4d3b7f5ee47035417c7692fc0ec45d581afcaa63e3f7e2d6a400923", + "sha256:641e3db1af1010cff3a652df6eb51ac4f4e540b1801b811d5e009c59114bf26a" ], "index": "pypi", - "version": "==2.4.144" + "version": "==2.4.148" }, "pyonyphe": { "editable": true, "git": "https://github.com/sebdraven/pyonyphe", "ref": "1ce15581beebb13e841193a08a2eb6f967855fcb" }, - "pyopenssl": { - "hashes": [ - "sha256:4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51", - "sha256:818ae18e06922c066f777a33f1fca45786d85edfe71cd043de6379337a7f274b" - ], - "version": "==20.0.1" - }, "pyparsing": { "hashes": [ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", @@ -1003,17 +1061,37 @@ }, "pyrsistent": { "hashes": [ - "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e" + "sha256:097b96f129dd36a8c9e33594e7ebb151b1515eb52cceb08474c10a5479e799f2", + "sha256:2aaf19dc8ce517a8653746d98e962ef480ff34b6bc563fc067be6401ffb457c7", + "sha256:404e1f1d254d314d55adb8d87f4f465c8693d6f902f67eb6ef5b4526dc58e6ea", + "sha256:48578680353f41dca1ca3dc48629fb77dfc745128b56fc01096b2530c13fd426", + "sha256:4916c10896721e472ee12c95cdc2891ce5890898d2f9907b1b4ae0f53588b710", + "sha256:527be2bfa8dc80f6f8ddd65242ba476a6c4fb4e3aedbf281dfbac1b1ed4165b1", + "sha256:58a70d93fb79dc585b21f9d72487b929a6fe58da0754fa4cb9f279bb92369396", + "sha256:5e4395bbf841693eaebaa5bb5c8f5cdbb1d139e07c975c682ec4e4f8126e03d2", + "sha256:6b5eed00e597b5b5773b4ca30bd48a5774ef1e96f2a45d105db5b4ebb4bca680", + "sha256:73ff61b1411e3fb0ba144b8f08d6749749775fe89688093e1efef9839d2dcc35", + "sha256:772e94c2c6864f2cd2ffbe58bb3bdefbe2a32afa0acb1a77e472aac831f83427", + "sha256:773c781216f8c2900b42a7b638d5b517bb134ae1acbebe4d1e8f1f41ea60eb4b", + "sha256:a0c772d791c38bbc77be659af29bb14c38ced151433592e326361610250c605b", + "sha256:b29b869cf58412ca5738d23691e96d8aff535e17390128a1a52717c9a109da4f", + "sha256:c1a9ff320fa699337e05edcaae79ef8c2880b52720bc031b219e5b5008ebbdef", + "sha256:cd3caef37a415fd0dae6148a1b6957a8c5f275a62cca02e18474608cb263640c", + "sha256:d5ec194c9c573aafaceebf05fc400656722793dac57f254cd4741f3c27ae57b4", + "sha256:da6e5e818d18459fa46fac0a4a4e543507fe1110e808101277c5a2b5bab0cd2d", + "sha256:e79d94ca58fcafef6395f6352383fa1a76922268fa02caa2272fff501c2fdc78", + "sha256:f3ef98d7b76da5eb19c37fda834d50262ff9167c65658d1d8f974d2e4d90676b", + "sha256:f4c8cabb46ff8e5d61f56a037974228e978f26bfefce4f61a4b1ac0ba7a2ab72" ], - "markers": "python_version >= '3.5'", - "version": "==0.17.3" + "markers": "python_version >= '3.6'", + "version": "==0.18.0" }, "pytesseract": { "hashes": [ - "sha256:4ecfc898d00a70fcc38d2bce729de1597c67e7bc5d2fa26094714c9f5b573645" + "sha256:6148a01e4375760862e8f56ea718e22b5d13b281454df46ea8dac9807793fc5a" ], "index": "pypi", - "version": "==0.3.7" + "version": "==0.3.8" }, "python-baseconv": { "hashes": [ @@ -1023,11 +1101,11 @@ }, "python-dateutil": { "hashes": [ - "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", - "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" + "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86", + "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.8.1" + "version": "==2.8.2" }, "python-docx": { "hashes": [ @@ -1038,10 +1116,11 @@ }, "python-engineio": { "hashes": [ - "sha256:5a9e6086d192463b04a1428ff1f85b6ba631bbb19d453b144ffc04f530542b84", - "sha256:eab4553f2804c1ce97054c8b22cf0d5a9ab23128075248b97e1a5b2f29553085" + "sha256:d510329b6d8ed5662547862f58bc73659ae62defa66b66d745ba021de112fa62", + "sha256:f3ef9a2c048d08990f294c5f8991f6f162c3b12ecbd368baa0d90441de907d1c" ], - "version": "==3.14.2" + "markers": "python_version >= '3.6'", + "version": "==4.2.1" }, "python-magic": { "hashes": [ @@ -1062,10 +1141,11 @@ "client" ], "hashes": [ - "sha256:5a21da53fdbdc6bb6c8071f40e13d100e0b279ad997681c2492478e06f370523", - "sha256:cd1f5aa492c1eb2be77838e837a495f117e17f686029ebc03d62c09e33f4fa10" + "sha256:7ed57f6c024abdfeb9b25c74c0c00ffc18da47d903e8d72deecb87584370d1fc", + "sha256:ca807c9e1f168e96dea412d64dd834fb47c470d27fd83da0504aa4b248ba2544" ], - "version": "==4.6.1" + "markers": "python_version >= '3.6'", + "version": "==5.4.0" }, "python-utils": { "hashes": [ @@ -1135,10 +1215,11 @@ }, "rdflib": { "hashes": [ - "sha256:78149dd49d385efec3b3adfbd61c87afaf1281c30d3fcaf1b323b34f603fb155", - "sha256:88208ea971a87886d60ae2b1a4b2cdc263527af0454c422118d43fe64b357877" + "sha256:7ce4d757eb26f4dd43205ec340d8c097f29e5adfe45d6ea20238c731dc679879", + "sha256:bb24f0058070d5843503e15b37c597bc3858d328d11acd9476efad3aa62f555d" ], - "version": "==5.0.0" + "markers": "python_version >= '3.7'", + "version": "==6.0.0" }, "redis": { "hashes": [ @@ -1150,49 +1231,43 @@ }, "reportlab": { "hashes": [ - "sha256:0cf2206c73fbca752c8bd39e12bb9ad7f2d01e6fcb2b25b9eaf94ea042fe86c9", - "sha256:0d670e119d7f7a68a1136de024464999e8e3d5d1491f23cdd39d5d72481af88f", - "sha256:1656722530b3bbce012b093abf6290ab76dcba39d21f9e703310b008ddc7ffe9", - "sha256:1e41b441542881e007420530bbc028f08c0f546ecaaebdf9f065f901acdac106", - "sha256:34d827c771d6b4d7b45f7fc49a638c97fbd8a0fab6c9d3838ff04d307420b739", - "sha256:370c5225f0c395a9f1482ac8d4f974d2073548f186eaf49ceb91414f534ad4d8", - "sha256:42b90b0cb3556f4d1cc1c538345abc249b6ff58939d3af5e37f5fa8421d9ae07", - "sha256:492bd47aabeaa3215cde7a8d3c0d88c909bf7e6b63f0b511a645f1ffc1e948f6", - "sha256:4c5785b018ed6f48e762737deaa6b7528b0ba43ad67fca566bf10d0337a76dcd", - "sha256:519ef25d49fe807c6c0402abb5fe4d14b47a8e2358050d8d7673beecfbe116b2", - "sha256:51a2d5de2c605117cd25dfb3f51d1d14caf1cbed4ef6db582f085eeb0a0c922f", - "sha256:55ef4476b2cdecfa643ae4d7591aa157568f903c378c83ea544650b33b2d856d", - "sha256:5b4acfb15ca028bbc652a6c8d63073dec2a3c8c0db7585d68b96b52940f65899", - "sha256:5c483c96d4cbeb4919ad9fcf2f262e8e08e34dcbcf8d2bda16263ef002c890d4", - "sha256:5c931032aa955431c808e469eb0780ca7d12b39228a02ae7ea09f63d47b1e260", - "sha256:6a3119d0e985e5c7dadfcf29fb79bbab19806b08ad901622b23f5868c0221fce", - "sha256:72bb5417f198eb059f01d5a9e1ef80f2fbaf3eaa4cd63e9a681bbbd0ed9fcdf9", - "sha256:8cd355f8a4c7c126a246f4b4a9803c80498939709bb37d3db4f8dbee1eb7d8f0", - "sha256:9517f26a512a62d49fc4800222b306e21a14ceec8bd82c93182313ef1eefaa7a", - "sha256:9945e80a0a6e370f90a23907cc70a0811e808f79420fb9051e26d9c79eb8e26b", - "sha256:9989737a409235a734ec783b0545f2966247b26ff555e847f3d0f945e5a11493", - "sha256:9c0d71aef4fb5d30dc6ebd08a2bce317a7eaf37d468f85320947eb580daea90a", - "sha256:9d48fd4a1c2d98ec6686511717f0980d36f5590e038d5afe4e5241f328f06e38", - "sha256:af12fbff15a9652ef117456d1d6a4d6fade8fdc02670d6fd31212402e9d03559", - "sha256:b2b72a0742a493979c348dc3c9a329bd5b87e4243ffecf837b1c8739d58410ba", - "sha256:bda784ebb116d56d3e7133c8e0942cf68cb7fd58bdccf57231dbe56b6430eb01", - "sha256:df2784a474028b15a723f6b347625f1f91740de418bed4a0a2694c954de34dd7", - "sha256:e2b47a8e0126ec0a3820a2e299a94a6fc29ba132249957dd32c447d380eaae5f", - "sha256:e4b9b443e88735be4927529d66d9e1164b4fbd6a882e90114967eedc6ad608e7" + "sha256:00e9ffb955972a8f6a3a0d61a12231fcaf5e23ee238c98421d65fecc29bd88a1", + "sha256:115177b3fc51209b5f50371735311c9a6cd9d260ffedbdce5fbc965645b7567c", + "sha256:17130f034dae50aaf22fce2292e0077a0c2093ba4363211bcafb54418fb8dc09", + "sha256:200bdfc327d5b06cb400ae86c972b579efe03a1fd8a2e8cb7a5d9aaa744e5adb", + "sha256:496b28ef414d9a7734e07221c4386bb00f416a3aa276b9f349ed9a328c73ec23", + "sha256:4bc378039f70141176f3d511d84bc1a172820d4d2edee4f9fcff52cde753dc08", + "sha256:4f357b4c39b0fa0071de47e8be7af44e07f375d2e59e395daccb7fd13b275668", + "sha256:57b39303e6dbe3de91e60a14269543ac058ac98a0ea6cf900f5403d9c226022f", + "sha256:6472478e597ef4a8f5c621d811d08b7ef09fc5af5bc85c2cf4a4505a7164f8b8", + "sha256:68f9324000cfc5570b5a59a92306691b5d655078a399f20bc72c2581fe903261", + "sha256:69870e2bbf39b60ebe9a31b31324e249bf314bdc2798e46efc58c67db74b56cb", + "sha256:6adb17ba89829d5e77fd81baac396f1af99241d7dfc121a065217334131662e7", + "sha256:7c360aee2bdaa05c24cadddc2f10924961dc7cad125d8876b4d307c879b3b4e8", + "sha256:7c4c8e87ef29714ccc7fa9764efe30d849cd38f8a9a1742ab7aedf8b5e23494d", + "sha256:8a07672e86bf288ea3e55959d2e06d6c01320318662241f9b7a71c583e15e5b5", + "sha256:9f583295f7dd523bf6e5619720677279dc7b9db22671573888f0591fc46b90b2", + "sha256:b668433f32ac955a94633e58ed7800c06c00f9c46d3b99e2189b3d88dc3184c8", + "sha256:b7a92564198c5a5ff4efdb83ace215c73343afb80d9379183bc736fea76edd6d", + "sha256:bd52e1715c70a96a116a61c8477e586b3a46047c85581195bc74162b19b46286", + "sha256:c7ddc9a6234267bbb52059b017ca22f59ffd7d41d545524cb85f68086a2cbb43", + "sha256:c8586d72932b8e3bd50a5230d6f1cfbb85c2605bad34253c6d6fe757211b2bf7", + "sha256:ce3d8e782e3776f19d3accc706aab85ff06caedb70a52016532bebacf5537567", + "sha256:f3fd26f63c4a9033115707a8718154538a1cebfd6ec992f214e6423524450e3e" ], "index": "pypi", - "version": "==3.5.67" + "version": "==3.6.1" }, "requests": { "extras": [ "security" ], "hashes": [ - "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804", - "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e" + "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", + "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" ], "index": "pypi", - "version": "==2.25.1" + "version": "==2.26.0" }, "requests-cache": { "hashes": [ @@ -1216,6 +1291,41 @@ ], "version": "==0.0.2" }, + "ruamel.yaml": { + "hashes": [ + "sha256:02f0ed93e98ea32498d25a2952635bbd9fabd553599b8ad67724b4ac88dd8f6c", + "sha256:aa1a5b8041bab0d0e8c514949fa8e11b02653061dcbc68365c820b263f8c6ec7" + ], + "markers": "python_version >= '3'", + "version": "==0.17.13" + }, + "ruamel.yaml.clib": { + "hashes": [ + "sha256:0847201b767447fc33b9c235780d3aa90357d20dd6108b92be544427bea197dd", + "sha256:1866cf2c284a03b9524a5cc00daca56d80057c5ce3cdc86a52020f4c720856f0", + "sha256:31ea73e564a7b5fbbe8188ab8b334393e06d997914a4e184975348f204790277", + "sha256:3fb9575a5acd13031c57a62cc7823e5d2ff8bc3835ba4d94b921b4e6ee664104", + "sha256:4ff604ce439abb20794f05613c374759ce10e3595d1867764dd1ae675b85acbd", + "sha256:72a2b8b2ff0a627496aad76f37a652bcef400fd861721744201ef1b45199ab78", + "sha256:78988ed190206672da0f5d50c61afef8f67daa718d614377dcd5e3ed85ab4a99", + "sha256:7b2927e92feb51d830f531de4ccb11b320255ee95e791022555971c466af4527", + "sha256:7f7ecb53ae6848f959db6ae93bdff1740e651809780822270eab111500842a84", + "sha256:825d5fccef6da42f3c8eccd4281af399f21c02b32d98e113dbc631ea6a6ecbc7", + "sha256:846fc8336443106fe23f9b6d6b8c14a53d38cef9a375149d61f99d78782ea468", + "sha256:89221ec6d6026f8ae859c09b9718799fea22c0e8da8b766b0b2c9a9ba2db326b", + "sha256:9efef4aab5353387b07f6b22ace0867032b900d8e91674b5d8ea9150db5cae94", + "sha256:a32f8d81ea0c6173ab1b3da956869114cae53ba1e9f72374032e33ba3118c233", + "sha256:a49e0161897901d1ac9c4a79984b8410f450565bbad64dbfcbf76152743a0cdb", + "sha256:ada3f400d9923a190ea8b59c8f60680c4ef8a4b0dfae134d2f2ff68429adfab5", + "sha256:bf75d28fa071645c529b5474a550a44686821decebdd00e21127ef1fd566eabe", + "sha256:cfdb9389d888c5b74af297e51ce357b800dd844898af9d4a547ffc143fa56751", + "sha256:d67f273097c368265a7b81e152e07fb90ed395df6e552b9fa858c6d2c9f42502", + "sha256:dc6a613d6c74eef5a14a214d433d06291526145431c3b964f5e16529b1842bed", + "sha256:de9c6b8a1ba52919ae919f3ae96abb72b994dd0350226e28f3686cb4f142165c" + ], + "markers": "python_version < '3.10' and platform_python_implementation == 'CPython'", + "version": "==0.2.6" + }, "shodan": { "hashes": [ "sha256:7e2bddbc1b60bf620042d0010f4b762a80b43111dbea9c041d72d4325e260c23" @@ -1225,11 +1335,11 @@ }, "sigmatools": { "hashes": [ - "sha256:0c30884589dc4b3fd30ae7f4e335a0d1dc284ddf0998983c4736176bc9087447", - "sha256:841136694829069c92a21b6b9d6d9cef4bd53b4d25e50d35da863a2e5601f71d" + "sha256:55a528916c28f3d20ee6f034364053e281773959b7ad2b19335cbe1424f76839", + "sha256:f64302990e7329327dd916b0bd45760bdbd50edeb498679de9f5fa1bb8bf44e1" ], "index": "pypi", - "version": "==0.19.1" + "version": "==0.20" }, "six": { "hashes": [ @@ -1241,11 +1351,11 @@ }, "socialscan": { "hashes": [ - "sha256:3d0ca2b27d53fa4552312e07f60d3a3f513f7791a5f2bce16d3e0e3f295cd037", - "sha256:871cbc50f577b29f5f55d9c3ec5798d3abef31663f7cbe4d5c47bd5c380f6bae" + "sha256:47f042bb2ab1afb77c2cf2f31e6ab43afa91ff87849a79307cf753dfc7b84f20", + "sha256:d03eb63177c516b1b8eb1fbca3d25753bb6d68b56e7325a96414b8b319c5daad" ], "index": "pypi", - "version": "==1.4.1" + "version": "==1.4.2" }, "socketio-client": { "hashes": [ @@ -1287,6 +1397,14 @@ ], "version": "==0.8.9" }, + "tau-clients": { + "hashes": [ + "sha256:4a8e2a3ee27dcc48b6468343d898cd0d72d6b8c10d7f9e563053cca8c023513b", + "sha256:f57b433663f3fd7741c1975c3e0ad4f7b7977c35ee5e359650784371d4a996a0" + ], + "index": "pypi", + "version": "==0.1.3" + }, "tldextract": { "hashes": [ "sha256:cfae9bc8bda37c3e8c7c8639711ad20e95dc85b207a256b60b0b23d7ff5540ea", @@ -1344,11 +1462,11 @@ }, "tqdm": { "hashes": [ - "sha256:736524215c690621b06fc89d0310a49822d75e599fcd0feb7cc742b98d692493", - "sha256:cd5791b5d7c3f2f1819efc81d36eb719a38e0906a7380365c556779f585ea042" + "sha256:80aead664e6c1672c4ae20dc50e1cdc5e20eeff9b14aa23ecd426375b28be588", + "sha256:a4d6d112e507ef98513ac119ead1159d286deab17dffedd96921412c2d236ff5" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==4.61.0" + "version": "==4.62.2" }, "trustar": { "hashes": [ @@ -1367,10 +1485,11 @@ }, "tzlocal": { "hashes": [ - "sha256:643c97c5294aedc737780a49d9df30889321cbe1204eac2c2ec6134035a92e44", - "sha256:e2cb6c6b5b604af38597403e9852872d7f534962ae2954c7f35efcb1ccacf4a4" + "sha256:c736f2540713deb5938d789ca7c3fc25391e9a20803f05b60ec64987cf086559", + "sha256:f4e6e36db50499e0d92f79b67361041f048e2609d166e93456b50746dc4aef12" ], - "version": "==2.1" + "markers": "python_version >= '3.6'", + "version": "==3.0" }, "unicodecsv": { "hashes": [ @@ -1395,11 +1514,11 @@ }, "urllib3": { "hashes": [ - "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c", - "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098" + "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", + "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4.0'", - "version": "==1.26.5" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", + "version": "==1.26.6" }, "validators": { "hashes": [ @@ -1415,29 +1534,36 @@ "index": "pypi", "version": "==1.1.2" }, - "vulners": { + "vt-py": { "hashes": [ - "sha256:146305b799a991961dde97735d00605b9c335c15e0168050a5953ff9d69bdc28", - "sha256:d09b360549550abe669d70f962f60c696eae889c4ad7d5e8b9b47e71f1b81fb3", - "sha256:fa5a85d969734a58d9bedfba459002c272c6414196ab54207a05ef394af064c3" + "sha256:e1adfcb54b4ff3e86456b8a551827702650e25469e9d99bf030b71d564358b1d" ], "index": "pypi", - "version": "==1.5.11" + "version": "==0.7.2" + }, + "vulners": { + "hashes": [ + "sha256:94a26ee69989d4a863408d4d5765ef4e3279d8f3ccc1f34bfb9c76c862cea138", + "sha256:ba5ffa05a9995995b307beb6faecbe627207269982b0e6d9081212269f8a2903", + "sha256:de508bc6dd8031eb6f8b00f74f3d6197eb8cb86fe0353957284c17bc17b65f1a" + ], + "index": "pypi", + "version": "==1.5.12" }, "wand": { "hashes": [ - "sha256:540a2da5fb3ada1f0abf6968e0fa01ca7de6cd517f3be5c52d03a4fc8d54d75e", - "sha256:b752b2c2ee6ce04210da4b2e591013a4d9303fbed3fcbd3fb450930777dcb117" + "sha256:5ba497e90741a05ebce4603b04ee843150c566482a753554da54dc57d8503bba", + "sha256:ebc01bccc25dba68414ab55b482341f9ad2b197d7f49d5e724f339bbf63fb6db" ], "index": "pypi", - "version": "==0.6.6" + "version": "==0.6.7" }, "websocket-client": { "hashes": [ - "sha256:3e2bf58191d4619b161389a95bdce84ce9e0b24eb8107e7e590db682c2d0ca81", - "sha256:abf306dc6351dcef07f4d40453037e51cc5d9da2ef60d0fc5d0fe3bcda255372" + "sha256:0133d2f784858e59959ce82ddac316634229da55b498aac311f1620567a710ec", + "sha256:8dfb715d8a992f5712fff8c843adae94e22b22a99b2c5e6b0ec4a1a981cc4e0d" ], - "version": "==1.0.1" + "version": "==1.2.1" }, "wrapt": { "hashes": [ @@ -1455,10 +1581,11 @@ }, "xlsxwriter": { "hashes": [ - "sha256:1a7fac99687020e76aa7dd0d7de4b9b576547ed748e5cd91a99d52a6df54ca16", - "sha256:641db6e7b4f4982fd407a3f372f45b878766098250d26963e95e50121168cbe2" + "sha256:2f2af944d2b4b5f21cd3ac8e01b2417ec74c60e2ca11cae90b4f32ee172c99d6", + "sha256:3f39bf581c55f3ad1438bc170d7f4c4649cee8b6b7a80d21f79508118eeea52a" ], - "version": "==1.4.3" + "markers": "python_version >= '3.4'", + "version": "==3.0.1" }, "yara-python": { "hashes": [ @@ -1537,22 +1664,22 @@ ], "version": "==2021.5.30" }, - "chardet": { + "charset-normalizer": { "hashes": [ - "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa", - "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5" + "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b", + "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==4.0.0" + "markers": "python_version >= '3'", + "version": "==2.0.4" }, "codecov": { "hashes": [ - "sha256:6cde272454009d27355f9434f4e49f238c0273b216beda8472a65dc4957f473b", - "sha256:ba8553a82942ce37d4da92b70ffd6d54cf635fc1793ab0a7dc3fecd6ebfb3df8", - "sha256:e95901d4350e99fc39c8353efa450050d2446c55bac91d90fcfd2354e19a6aef" + "sha256:585dc217dc3d8185198ceb402f85d5cb5dbfa0c5f350a5abcdf9e347776a5b47", + "sha256:782a8e5352f22593cbc5427a35320b99490eb24d9dcfa2155fd99d2b75cfb635", + "sha256:a0da46bb5025426da895af90938def8ee12d37fcbcbbbc15b6dc64cf7ebc51c1" ], "index": "pypi", - "version": "==2.1.11" + "version": "==2.1.12" }, "coverage": { "hashes": [ @@ -1622,11 +1749,11 @@ }, "idna": { "hashes": [ - "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6", - "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0" + "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a", + "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.10" + "markers": "python_version >= '3'", + "version": "==3.2" }, "iniconfig": { "hashes": [ @@ -1653,11 +1780,11 @@ }, "packaging": { "hashes": [ - "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5", - "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a" + "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7", + "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==20.9" + "markers": "python_version >= '3.6'", + "version": "==21.0" }, "pluggy": { "hashes": [ @@ -1712,11 +1839,11 @@ "security" ], "hashes": [ - "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804", - "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e" + "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", + "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" ], "index": "pypi", - "version": "==2.25.1" + "version": "==2.26.0" }, "toml": { "hashes": [ @@ -1728,11 +1855,11 @@ }, "urllib3": { "hashes": [ - "sha256:753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c", - "sha256:a7acd0977125325f516bda9735fa7142b909a8d01e8b2e4c8108d0984e6e0098" + "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", + "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4.0'", - "version": "==1.26.5" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", + "version": "==1.26.6" } } } diff --git a/REQUIREMENTS b/REQUIREMENTS index 120d7c1..6bd74c7 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -5,141 +5,146 @@ # pipenv lock --requirements # +-i https://pypi.org/simple -e . --e git+https://github.com/D4-project/BGP-Ranking.git/@fd9c0e03af9b61d4bf0b67ac73c7208a55178a54#egg=pybgpranking&subdirectory=client --e git+https://github.com/D4-project/IPASN-History.git/@fc5e48608afc113e101ca6421bf693b7b9753f9e#egg=pyipasnhistory&subdirectory=client --e git+https://github.com/MISP/PyIntel471.git@0df8d51f1c1425de66714b3a5a45edb69b8cc2fc#egg=pyintel471 --e git+https://github.com/Rafiot/uwhoisd.git@783bba09b5a6964f25566089826a1be4b13f2a22#egg=uwhois&subdirectory=client +-e git+https://github.com/D4-project/BGP-Ranking.git/@68de39f6c5196f796055c1ac34504054d688aa59#egg=pybgpranking&subdirectory=client +-e git+https://github.com/D4-project/IPASN-History.git/@a2853c39265cecdd0c0d16850bd34621c0551b87#egg=pyipasnhistory&subdirectory=client +-e git+https://github.com/MISP/PyIntel471.git@917272fafa8e12102329faca52173e90c5256968#egg=pyintel471 -e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader -e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails -e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe -aiohttp==3.7.3; python_version >= '3.6' +aiohttp==3.7.4.post0 antlr4-python3-runtime==4.8; python_version >= '3' apiosintds==1.8.3 argparse==1.4.0 -assemblyline-client==4.0.1 +assemblyline-client==4.1.0 async-timeout==3.0.1; python_full_version >= '3.5.3' -attrs==20.3.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +attrs==21.2.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +backports.zoneinfo==0.2.1; python_version < '3.9' backscatter==0.2.4 beautifulsoup4==4.9.3 bidict==0.21.2; python_version >= '3.6' blockchain==1.4.4 -censys==1.1.1 -certifi==2020.12.5 -cffi==1.14.4 -chardet==3.0.4 +certifi==2021.5.30 +cffi==1.14.6 +chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +charset-normalizer==2.0.4; python_version >= '3' clamd==1.0.2 click-plugins==1.1.1 -click==7.1.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +click==8.0.1; python_version >= '3.6' colorama==0.4.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' colorclass==2.2.0 compressed-rtf==1.0.6 -configparser==5.0.1; python_version >= '3.6' -cryptography==3.3.1 -decorator==4.4.2 -deprecated==1.2.11; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -dnsdb2==1.1.2 -dnspython3==1.15.0 -domaintools-api==0.5.2 -easygui==0.98.1 +configparser==5.0.2; python_version >= '3.6' +cryptography==3.4.7; python_version >= '3.6' +decorator==5.0.9; python_version >= '3.5' +deprecated==1.2.12; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +dnsdb2==1.1.3 +dnspython==2.1.0 +domaintools-api==0.5.4 +easygui==0.98.2 ebcdic==1.1.1 enum-compat==0.0.3 -extract-msg==0.28.1 +extract-msg==0.28.7 ez-setup==0.9 ezodf==0.3.2 +filelock==3.0.12 future==0.18.2; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' futures==3.1.1 -geoip2==4.1.0 -httplib2==0.18.1 +geoip2==4.2.0 +httplib2==0.19.1 idna-ssl==1.1.0; python_version < '3.7' -idna==2.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +idna==3.2; python_version >= '3' imapclient==2.1.0 isodate==0.6.0 -jbxapi==3.14.0 -json-log-formatter==0.3.0 +itsdangerous==2.0.1; python_version >= '3.6' +jbxapi==3.17.2 +json-log-formatter==0.4.0 jsonschema==3.2.0 -ndjson==0.3.1 -lark-parser==0.11.1 -lief==0.11.0 -lxml==4.6.2 +lark-parser==0.11.3 +lief==0.11.5 +lxml==4.6.3 maclookup==1.0.3 markdownify==0.5.3 maxminddb==2.0.3; python_version >= '3.6' -msoffcrypto-tool==4.11.0 +more-itertools==8.8.0; python_version >= '3.5' +msoffcrypto-tool==4.12.0; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin') multidict==5.1.0; python_version >= '3.6' np==1.0.2 -numpy==1.19.5; python_version >= '3.6' +numpy==1.21.2; python_version < '3.11' and python_version >= '3.7' oauth2==1.9.0.post1 olefile==0.46; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -oletools==0.56 -opencv-python==4.5.1.48 -openpyxl -pandas-ods-reader==0.0.7 -pandas==1.1.5 -passivetotal==1.0.31 +oletools==0.56.2 +opencv-python==4.5.3.56 +pandas-ods-reader==0.1.2 +pandas==1.3.2 +passivetotal==2.5.4 pcodedmp==1.2.6 -pdftotext==2.1.5 -pillow==8.1.0 +pdftotext==2.2.0 +pillow==8.3.1 progressbar2==3.53.1 psutil==5.8.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pycparser==2.20; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -pycryptodome==3.9.9; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -pycryptodomex==3.9.9; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' +pycryptodome==3.10.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pycryptodomex==3.10.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' pydeep==0.4 pyeupi==1.1 -pyfaup==1.2 pygeoip==0.3.2 -pymisp[email,fileobjects,openioc,pdfexport]==2.4.137.1 -pyopenssl==20.0.1 +pymisp[email,fileobjects,openioc,pdfexport]==2.4.148 pyparsing==2.4.7; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -pypdns==1.5.1 -pypssl==2.1 -pyrsistent==0.17.3; python_version >= '3.5' -pytesseract==0.3.7 +pypdns==1.5.2 +pypssl==2.2 +pyrsistent==0.18.0; python_version >= '3.6' +pytesseract==0.3.8 python-baseconv==1.2.2 -python-dateutil==2.8.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -python-docx==0.8.10 -python-engineio==4.0.0 -python-magic==0.4.18 -python-pptx==0.6.18 -python-socketio[client]==5.0.4 -python-utils==2.5.2 +python-dateutil==2.8.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +python-docx==0.8.11 +python-engineio==4.2.1; python_version >= '3.6' +python-magic==0.4.24 +python-pptx==0.6.19 +python-socketio[client]==5.4.0; python_version >= '3.6' +python-utils==2.5.6 pytz==2019.3 pyyaml==5.4.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' -pyeti-python3==1.0.0 pyzbar==0.1.8 -pyzipper==0.3.4; python_version >= '3.5' -rdflib==5.0.0 +pyzipper==0.3.5; python_version >= '3.5' +rdflib==6.0.0; python_version >= '3.7' redis==3.5.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -reportlab==3.5.59 -requests-cache==0.5.2 -requests[security]==2.25.1 +reportlab==3.6.1 +requests-cache==0.6.4; python_version >= '3.6' +requests-file==1.5.1 +requests[security]==2.26.0 rtfde==0.0.2 -shodan==1.24.0 -sigmatools==0.18.1 -six==1.15.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -socialscan==1.4.1 +ruamel.yaml.clib==0.2.6; python_version < '3.10' and platform_python_implementation == 'CPython' +ruamel.yaml==0.17.13; python_version >= '3' +shodan==1.25.0 +sigmatools==0.20 +six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +socialscan==1.4.2 socketio-client==0.5.7.4 -soupsieve==2.1; python_version >= '3' +soupsieve==2.2.1; python_version >= '3' sparqlwrapper==1.8.5 stix2-patterns==1.3.2 -tabulate==0.8.7 +tabulate==0.8.9 +tau-clients==0.1.3 +tldextract==3.1.0; python_version >= '3.5' tornado==6.1; python_version >= '3.5' -tqdm==4.56.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -trustar==0.3.34 -typing-extensions==3.7.4.3; python_version < '3.8' -tzlocal==2.1 +tqdm==4.62.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +trustar==0.3.35 +typing-extensions==3.10.0.0 +tzlocal==3.0; python_version >= '3.6' unicodecsv==0.14.1 url-normalize==1.4.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' urlarchiver==0.2 -urllib3==1.26.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4.0' +urllib3==1.26.6; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' validators==0.14.0 -vt-graph-api==1.0.1 -vulners==1.5.9 -wand==0.6.5 -websocket-client==0.57.0 +vt-graph-api==1.1.2 +vt-py==0.7.2 +vulners==1.5.12 +wand==0.6.7 +websocket-client==1.2.1 wrapt==1.12.1 xlrd==2.0.1 -xlsxwriter==1.3.7 +xlsxwriter==3.0.1; python_version >= '3.4' yara-python==3.8.1 yarl==1.6.3; python_version >= '3.6' diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..b0471b7 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["setuptools", "wheel"] +build-backend = "setuptools.build_meta:__legacy__" \ No newline at end of file From f40fc7ebc4a0afba3d86126776e6e54f62a26d38 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 25 Aug 2021 18:38:09 +0200 Subject: [PATCH 031/132] new: [hashlookup] new hashlookup module added --- misp_modules/modules/expansion/hashlookup.py | 93 ++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 misp_modules/modules/expansion/hashlookup.py diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py new file mode 100644 index 0000000..1a770e7 --- /dev/null +++ b/misp_modules/modules/expansion/hashlookup.py @@ -0,0 +1,93 @@ +import json +import requests +from . import check_input_attribute, standard_error_message +from collections import defaultdict +from pymisp import MISPEvent, MISPObject + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['md5', 'sha1'], 'format': 'misp_standard'} +moduleinfo = {'version': '1', 'author': 'Alexandre Dulaunoy', + 'description': 'An expansion module to enrich a file hash with hashlookup.circl.lu services (NSRL and other sources)', + 'module-type': ['expansion', 'hover']} +moduleconfig = ["custom_API"] +hashlookup_url = 'https://hashlookup.circl.lu/' + + +class HashlookupParser(): + def __init__(self, attribute, hashlookupresult, api_url): + self.attribute = attribute + self.hashlookupresult = hashlookupresult + self.api_url = api_url + self.misp_event = MISPEvent() + self.misp_event.add_attribute(**attribute) + self.references = defaultdict(list) + + def get_result(self): + if self.references: + self.__build_references() + event = json.loads(self.misp_event.to_json()) + results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} + return {'results': results} + + def parse_hashlookup_information(self): + hashlookup_object = MISPObject('hashlookup') + hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) + hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) + hashlookup_object.add_attribute('FileName', **{'type': 'text', 'value': self.hashlookupresult['FileName']}) + hashlookup_object.add_attribute('FileSize', **{'type': 'text', 'value': self.hashlookupresult['FileSize']}) + hashlookup_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(hashlookup_object) + + def __build_references(self): + for object_uuid, references in self.references.items(): + for misp_object in self.misp_event.objects: + if misp_object.uuid == object_uuid: + for reference in references: + misp_object.add_reference(**reference) + break + +def check_url(url): + return "{}/".format(url) if not url.endswith('/') else url + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + attribute = request['attribute'] + if attribute.get('type') == 'md5': + pass + elif attribute.get('type') == 'sha1': + pass + else: + misperrors['error'] = 'md5 or sha1 is missing.' + return misperrors + api_url = check_url(request['config']['custom_API']) if request['config'].get('custom_API') else hashlookup_url + r = requests.get("{}/lookup/{}/{}".format(api_url, attribute.get('type'), attribute['value'])) + if r.status_code == 200: + hashlookupresult = r.json() + if not hashlookupresult: + misperrors['error'] = 'Empty result' + return misperrors['error'] + elif r.status_code == 404: + misperrors['error'] = 'Non existing hash' + return misperrors['error'] + else: + misperrors['error'] = 'API not accessible' + return misperrors['error'] + parser = HashlookupParser(attribute, hashlookupresult, api_url) + parser.parse_hashlookup_information() + result = parser.get_result() + print(result) + return result + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From da6092f9e109329a1e17739fe2f50ec42c75b3f6 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 25 Aug 2021 18:41:08 +0200 Subject: [PATCH 032/132] Revert "fix: [greynoise] typo fixed" This reverts commit e36e3ea117b2b6562eaad2008f23a98c5b69f9e5. --- documentation/website/expansion/greynoise.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/website/expansion/greynoise.json b/documentation/website/expansion/greynoise.json index b01c9ad..4988537 100644 --- a/documentation/website/expansion/greynoise.json +++ b/documentation/website/expansion/greynoise.json @@ -8,8 +8,8 @@ "output": "IP Lookup information or CVE scanning profile for past 7 days", "references": [ "https://greynoise.io/", - "https://docs.greynoise.io/", + "https://docs.greyniose.io/", "https://www.greynoise.io/viz/account/" ], "features": "This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days." -} +} \ No newline at end of file From 73e78463d0644995c5d18ac893510d0e8f2d63ba Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 25 Aug 2021 18:42:16 +0200 Subject: [PATCH 033/132] new: [hashlookup] new hashlookup module added https://www.circl.lu/services/hashlookup/ --- misp_modules/modules/expansion/hashlookup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index 1a770e7..d71597b 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -16,7 +16,7 @@ hashlookup_url = 'https://hashlookup.circl.lu/' class HashlookupParser(): def __init__(self, attribute, hashlookupresult, api_url): self.attribute = attribute - self.hashlookupresult = hashlookupresult + self.hashlookupresult = hashlookupresult self.api_url = api_url self.misp_event = MISPEvent() self.misp_event.add_attribute(**attribute) From 1a90237a211578dce682aca565476d16caf1843b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 25 Aug 2021 21:41:08 +0200 Subject: [PATCH 034/132] chg: [logo] CIRCL logo added for hashlookup service --- documentation/logos/circl.png | Bin 0 -> 19207 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 documentation/logos/circl.png diff --git a/documentation/logos/circl.png b/documentation/logos/circl.png new file mode 100644 index 0000000000000000000000000000000000000000..516678deaa5e34795300c98a9c2b49bdbd80528c GIT binary patch literal 19207 zcmV)hK%>8jP)mUKoTGm$w_kN^PN7!-s}GHJ%M(?@DUY?7lS^!h3n z)=4=Dtdnw5P6F$fM4&2Q5e%~42-t_e6R}yUJCRs8FA^>;%av!w2mwNf5U*b^!KO`O z*CS>o`4=+vr1Yo`e2nFFI6Z z<4}bD(miT3zaOvRhEUlN&x|Ed#SAG1)gDx1Rf4^HDP5(M(JSJaxrHa{bCDB0^1fbH z2J5)Z!%D+7n=K#3Ukm0I;36;^MOhE&kP-r3Wxa64knFq}&gA)#zVeHnuh3f`OU{@g zUYZas39$6V^_VPpy^EDcR z0-J#qPC+-xYP*V!UKH3$z;Y~5019~66vB4|`kl%;4}>V`328}AbYKbRMY?&rXQdi| zmEbokqCx?Lq6pw-{q@e=0ox$vnC2A>_`o?WLXPvg2$@)!ycoL3x*Hzk6)0UtnN zzWd-b(5~;eY#<&rW==S)>W%eP=69w$3m``()A1B&8tR3=qprc)A5lCl=$lpO66(e z1kJx>{@7P|dNx^mo)TUn~;JJZtiE#@k2`_M*y@$viD*c;BcAzuS3tH^W{e&!yg zbDNbSI>*2=qYSlA0_#}FwbI2$X$oqAkS`+o0_uPTv0TI}?%l>Sv#j^33R!=Z5J%R| zXtl(uD?&m8P6`SwaE>7GMAi_9U@4QzQ5%Ja7V8Mec9W$QLeoQFYZxP_w8;H5t)gv_ zs*48_qM}X^OcT_532r@={3ce6{9w~a=JfGjqxb9lRo%Buph~N2MT~=K}^o#~V2JH|xB^b%jL~+jIrfZbT zU_?P2#(InaD;9AEe2ZqG|BuEx8e|2rE;sTlruitTa5Hd)SI7}$?HUPgxIy!iz&bYJh8PIomO{I)tZbVK zUp57Q*oV7tF5XNAjD{ZXJrvkbF-1&JKoAz#Qck^T5K+7eUJZ&^j0jdi(jv}})>OZ= zqXy}P5Y#)=JG{?PJl+@50pXxllY*?MlaYlOiBM7E+*6hUb{BKEoQ3@B659WZ+a~tO z3bky->%}vEp>op4nhm)NsaznMuLieCN#ND)0&cQ*p>C<5J9ST4KX7VTzn;~*M)~6; z0_#^A;l-iovIzdMtpf5XLVYy~n?>}4M&$=j-AexY2JS@*D1u(H z@eIuiA~D3`Y0L3Ey+$>or8sQ_g9B6Tyu(YW{4%;m( zbFzGc(JgE8lfe2_2Ds-dz53#->Z~DTt>$zbBGuoL>h!I=Zk)dLIYm&SXm%k@4<^F~ zDOT$cmT9z(=lM;N`F=tl5=fhZ7N{o5t3qu)wI? zqwpaQc$AaC`W1bsE)}MMGHeY*mlxZY$-v~@_OIp=y*Q#3S?qWV*Ukw_CE_q45|7V? zVmc)+9nbSyL~k@s8jaITg?z$bOLc-d4jHQktvj{{{LxkID-Ob|6;`>KxEw0DA=Z|L z^oHh1VEu~Dxe9J3##4NEP+kxmlJ$#-&TrYY$RZ9WEsP=Q0#gJO;~5z$bX8SMMpzur z^XsF(cZ{jgl%}g~&G~FnznuwZqqZe;40)%_4Q%I;PRVhRUt1EuM=u zj>mZ&|4Hbr8#*c<{7)IYX7Et;Qwz{1q~)|Y#hHE5vWcM-brVc=VcG>|jzhX_Kt5Gg zcf3#U0MjF2;+U}1HbtwjxWSeU=D5JOB|9*{@RA?6+GnCgmDg_@5-&=$L~aUn!`fzZ zg7D<7@K+w;O$pmx9c()(@?>;^63;QXuQF~A_ zd|05OARY-L#FdezN41WxaDs~=OnQi{;9QL$>~~B(ILc-B^~A4J`QfR@@3@Z#YXBjv z3*cf8RlgKGylDI!`gYx4=I#ls4Se;Cev(>5I(Cq0KTaC;I;H|7OQ0PhIfzljdenF@ z7V;AxSY|rL+7`|lTy6w+PCIH3Q-13%9(c-0=lzkx2^nBvwO)C}rr?g>AQ)ar#>K!E z%DXO3UT-O1?HOBW6H*bTrdnbk))-AJ4<%~7LA;_?K?02TCuXYcA(fwdI7~FWt>x$R9PrJ$P zKXIhbJxmKnI2j>D71PdqkEEOJ6?tN{`mgYPCV6S>57;&OobI-lTH;rBUS z_w>iX+q|h*y9NWd1fB70GOXM@!>C-B>*h0@=mSl7dd_Oq1(W)<`?gHJ+|OyhDWrFo zM;V9yDYVPZP>2}W|A3*P0M1JuN9^^I+fe6S|R;O&)Wcrs=8kO*G??;~7!1weK))>bzlKr zaV4cs->glZ^_nMf!DS8pdd0MMEl9Ra_kO5~KF2T}$N13}DhW{q9%RQ#bvuMI{WK;Csdx4p@)^@ zG*@^cMBXjnKQ$!rtA;25FN-f&Mtk}#l)9#t@9{s_x~l(+x^Z*B#jM!2Ro+@6zNADz zO6!o1UEG_RMw_HM2|*dAB9N4#Qjil7rVrmsbmpFVEWviPG@{H5WF~Wz=6dpX&R>&# zL~hU+ZfWZGuQWXU_$2xr|2wABULCS&wRzPL+1j;;^j_G-)Pa{_f=LP*Tl?%v?r6VB zRy=*>>Mh)M-naE7%xS-4Kl$Am@nCO3H^#>;($pfZL{bhgC4$V`o=%ve1EP+WFyK2H zGjkPD(VCTtPStrOqh_p0n)*`O`<09;Y#y~pp)h8%f%Z)Zde1)o^v%p zw2W%+9xyRszhmU!0?-zVyZ3N$@;&{)w|>T@4BoyYyk-%>A5W3{GBoBA78x3i)Arut z5=F$vz7v{IBcKNH(kbRMkB7!OVgipYEjyw)0jeft)Q1DIB>%(HAKe$}hwB}64Z5hD&d9EigzDJMNP)7jfkHNY;46KJi9Z0+NAYf|4b3j>6Z+ z`lf4?nlL$D(2!k3a}Us4dI2kc_k%q1XIF4=+jkfK_4przr>3v1Q2u$CMqLwx$zfb- zsPwo_HL@J-TY1zxp8nO*Ch%xbIk0u+6g^MP-vdnXyuX^i;-NpmFWauiZHE2$H-#%D zkj?7pUh;OL@+rh!2N7{J$114LX^&>~_m!x03)7i$u+@qRlV??1rbiaBWbS?@8n@`j ze*7agG4R00lRs?H{g#}`-gemDJCH{`7F>W7M+58s-Kou{DeM3lF%PArkQ@yi*n@+RXZ;ge-{jiK z30^Tll!lPSNNT}(Fn%TtWDxHkhm_FK8uQ3Ka|jCv=WWXtcAa-sTQ1!934Xe}!B5_C zJr|A)!#CQnrBIH~;QQ>G!Yd^f_VfxrnKRRustmApt8|YcT}Snl`gcF_79F5($qPyP z4w1Gq8WWDZKI5=PF%LG|}V{`yF;qwCL>?p7YO7XY>17Dq9Ne ztdX7R&lMsV;rf!WzPfg;gb1O)fN*e7I55CzlCVfhn~?xn9|-iGuo`RUEfSx3#gKz_ zP6aFA=+w!1MG7`Oa=ucoS^7#^Q@??jaYWjn;Y0alksQ@W=6#p)5*lQfIHjF+k>=f| z(HQB$eQT7H1DZVJ@rsDoi5BN_G{cfNo~(l-Z8RV?)trMez5tCnA#z{R&aSt>7tM7 zfzR!ksai_lcDVkfg?@aWXXh$~OqH`ZP-}UkjpU>F7D)Y{oq(}|k3Em4XGjz>K zNt^Z&|Gsw0G$Z%+Vh4rV*)6g<+?;F@Z)`?Z#O zSYVoE!h8=t4KP6s;}T3%hC=b#Fs-;L&d<^4QTbpA(mX&K%^|3yQBgRLWJPaxFRfS2 z*XMnPz8|eY-Pr`?5yU#O<^qcF``Xy?&zrz}XNOdtxs-eu{3YP;-;S)>M8S}1$0FU8 zzy)4*e!(%Ld(mebm5;0Fc`{oJ)L94CS|q$d)OK!mmsOq!uVs+)Y4SwU_kH}4 zeT28apOhsJ@ryeQnT{L*)FW2neCW-D*L{doP+=btV_!8~@OSxj-``}rw-B!D171!` zzVn^|p83v0Do=XKZie4A#pud7$V#UdU5EG43UiaUB5%SfQ4$g{Laq(6i5_hE(X7t_ za?T`)P1qXC3c3zy(j(Nq{S7_*+-onr_Dt^l%$rE64?s{ON$Rw-m~^^}%F++(!Efzi zp(OkfDz5^TsG-9Q$pN_q!YlQO!FcaoVej}o4$jV1n5lYNt)jKEa^v&~2`u63-73$i zU&5m3d)Mp>cYmz%;fUlagXV1_U#0PgeqM&x2=W#r0vbTkadOcVBEuu^ib`1HFq&h; zq1xGb6;8=bhL#Re{vRWK<2PT~b@q#y=o#nle{l2O7fEyBAXnXYxcYWW{Ye0>2-+ zSQLbPZAKDmVT-6MW%^MSjE++jODV-|+VM2j8v4zmvkxqndvuqPv)|y8sUD(oN?dAU zqZr9Tn)N;~o0+)(^C}yRu*RW8fLDRT5Dj*UEGqg{sqDPmUbu9J`>G7wR?^-T?as?6 zPV|aUxp`I?5|0C|1j(%S^c;0(uWtirQJ{og0B2TlRz!cFV`yfaLKJx^zAz7e3**lf;{;VNUeL^ebwU(c@D2v_g25+`y>W`MR|NF+y^wdEbM~UOr~jKC{{1hV z!TQg&7V_So9pZU$n`MizEf=`Sk%*ejnmPyDezZ@ek0hv*xe#fTs0~b#-6Z#1wUaZS zewig-=q1<-T7dwxC_&UB2Aqo^X4}hjV(D zEIo5_1zOu7N{-+=(SDh=P{rc_tdBW(S-eW#;-<73eit`g7EyfiH}a%Cg(HBVL73N&ScroR2}|VdK7R7aWw7QaIt6% z8OtVq$Sd~{U3;2qdtur_em-1$4>xJZrMHKhZojm-YBS1;6Exhg90Z>3H?mEB)Eu}t zrWA(A=tyo&Okb>I=8-OgGXV~vu!;)}&V)FHA_#C8oOz^6BvU1&pkwEay*A3atK{CG-XnRNFcbnDLC_{oJTfY{;PlJ*TlvG=7tGr|@pOvDL29|Bn#9zSlxopMsZpUKj;{DrO7r}= z!Txqg7%4mu&PH&VhzjPN?IyNvE+Ag8W zkUN1*Aqwco8|YW^ngv&Q+>!Lj@t&(>s@Opz>nF-z$iFPVR4%#voBGXL|AF7;YrFSF zubi&e-sWg!Wm02JUJ*kkq%AFM7SJ^)XaQbY1d++KP|zG}0eXr2bk-m9s- zHm`Zh>fvSc!eIM@(}hGO=Grm`()xnKrIGz5)6XK#V)wzD*R&t};s$+jpd#n}gyi*O z@bbB|g9W0aZBrC=r=~)T2lc47&@TRhZeBs173i~<0c_I~R%0Cj);-^4(KuPJ^^&W@ zcUT4f_y<z6TlPD0NYl%D>wkCNViBC*sm z=*?+2GrZ{3K`YhUe|4@3Lyp=KiqHdNyVrBfa zdbs+)WaZ_fq!-SmC|p1*h4f${CLuBr#>W)eqKFkER$T7X*CvNKU4?Ip;x@DDsQ&UN zBCu3sBWNF`Qzys?5Dzv`tT$xpvB$U866qx{UQU;o~w__YwdbwJaFgQ`;jK`GTDOi7D|q-m;{Uc{F$HL#Ti!3X(U zelBP9Tu!+*kIJ08%ftJ7+9mDf%z-Y>KKp0<-H$(^|GdqxOrCf6?s)Ae=JHWe7Eo@E z$<#<(#6d)8b0`i`WI1`*g#-(T!%2K$#N`nXQ$3yA#I9M3Y`Ec?SzY(Xg^#rgtRSZv zilWnyI8=iOfgb1T3TPCQpIKfsi2?(MtY#yL#9q$B01x*kaQ(8<5`@-`vaMi3TmB*{@&MLtv)~a}i39*^SsR83T z&THV)c8bjs2IH8xmLWh8Rq%llhK?vo8O^4VbP@M`{f+$AmLLE8*6VIu#gE?gAV2!d z)*%1$#YOdrT_khzR@20gddlG#j4cSJJ}8rFh?hN&Q?oft=bmO`m?zJ_HQT*%D{pYg z-hrKeI`y;O*H>uHPw>-0KvpQlIH{=+lzXx17;Q4Lw2TyG!Z;`DZ<6OZeyW5`3NjM{ zLO74T*efohfJjbsU>SfM?GuBj6KfH7!klPlS{15ElPD=uNQE@0GaO9Qv^JuaXG^O! z`WwpV_<>-{j=Tu{*{e_4`R6RW;QRa_`>Gk;4C<9G#MLf$yI)gW0d=4U5?KBHlDdb_L5ds(!50U zZTBJHemAF7?&H>Xe0k1!mki(YEG`}Sj=bJbdOr~)j)oDq6C!r?|8II8^#LZBMty|O`Vf<1;{*7-XYok- zx;?#%@0EZ0;5X5q{!gv`)BovhEO{1OdYC^OKb0$!f95Oi+NmFYsvA9j@O^dc8xlsz zOmqBj7wyW#qdx#)hW6|nYUeMTNr63kc3qIit+zo2Q3+ge)VVYQ`fGr!4(~}_X+~pB zgA_BGths0TQW$QZ!|H!nKpfpIfBF7zam`yl17uviX?Wr*ADMHo@8;Kzj1Ru1VB(A# zkyo1?Y8pzWPM?GNW8&m?);>53l+6#l+_UzQKW>hW18X?Jn^pb0u+o5sbA|>*@UDt? zWlT`#{>EYAz5|q#Id)?5DZJ-@p9`N(zxOVw?*Gi{i}qFdtQ}9*3nOP(^2TJfet0CL zoad7C6iNLt)2lPJk^tO01E{UY39qs2!)EXZBjMM>BpTa7eLNFvRL}rpn}Fi;9&nYO z`*-?@(A?oZ{hA-}dn5Pif>)f$f%tXX2w$^^7E=_hdgu=(IksF6tBP+emiCN4`_v}rs z&B)JI8XA$0#GY^poAeU87Hu~k7e2@dm-uSz2!dhSY56hGR5QQ|6G*?c9m6u*_rFfS z8nP1`SQAJYX^%h<{(3m&W&kXu z0x@cuI9VVS!YcTk0Z?9c=^6IA&btp$qO~%_}~B+rB&gRrfq)?t>Ni zz|Xnk_8vx`5h0T~c1&Cx4-h9c3Y44%Q*FpinShMIIKo_9M4*x61drNPm?UXNwpm`9 z8T(V34}A0rybAiKA+65F{KVB*4n~Ry8Et216p@t(gMvam$G!|ZIO5Q%4>}8dq$h5N z$9&)vTjr3AFd;Du2M0Mc)jE5Z-&?0qeem@1Ag5R7^I-FCPCe@@-2LJ0`d3TyVKJ}# z5y_v#xW!epX~5f=K;+S#WfYzDkV}VTNZ!U!K}Xo`WX8{$?R9-TocF%8M)ANTfwjKK zx(T8>ss-L3YyZ6f!vO^SrGc0kr#xT!VA0ySq<1cra?ITm2l{=F`9-C@fY9{^_a7cE z&YSZczWu5#d(VB#p@s5q&)&h{|A6!vi%8QfNZYoE(}x$L1FDC+_|3jsAh;m*WD|J$ z@DIHCR_uqM;Muc_uE!&e<>87VB;Sz};61jC4F&Ix2aT0N!2E|y-%Mp$CoBTucP=e; znO$S`Q?{iefe(YxF0+8Xq=$3o{j_Lr_(%QwyEf}pZy6ky?ti(TzFYdqo*_(5x8n9x z$&)?|sE3=29BKYxX0b}_C8E%_O47tMDYJ_!ZUI*F(w!KV zt~kMWgA|EBzl$;G^K2aDbvGdzDD&Sf^Mw*u($w4>DKDWx#LHa%JJ%Ruh5M(T77 zMC>djfsaUt*9@Bk$bBs004x=NolBo?RG2km{P@sj4wG;_b-OaXBfwl-r=3S6kw<5a zIyr`6sE4$M3S!)hBVWS%1Y|lSUpRPgd-LLF{Ooi8^G3qxa-RL8Z?LwHuFHElEDm?L zpeRBYl;$|2!xYh;z%j3AAByQ(?2w6nukGaHRZL>VNv;9&u)pBhOw6oz4o~A@lYe3Y zOL%}-R%mNaS$5lI#FTLwdlMt1$2zK&9$5o14on7x1z*Pd7%_*_Ke+yrdvE%koqMFx zclY0y-j`rsR$(&mGBG_?!3Fi$hr|_ybO-IIgfx~Gu^T}b<&2NUg!cdYrgfUD$>ZQ- zcJ5>RLfFR(aX<`*1)g)lQ<_lI@eOX@!!l(+m4`C*yX@6RQZ7&B35rtyY$;$l>#@|2NrFr~UJQI5a6?dK?@{GC(uw-9d>bpL!7s2E(Z< z&-*UBMn0+IH~w%1=f3!k(+4+K4iCO_0r8?Lwl&4{;bGfq)g@~t_~~Ok{sIjgYFlW@ zqb8ck2Oja^(k7)cl^x+y_OoJL)`_recd~xviOqQzJuHCkko9mgt*P?l7s}1r`K2NX z3dtOLY)>SaWK=^akn-*P&E{JeluVz@vTeKM9eddM8&9HAs}d2SjVX%OxN)|v*lvx2 z3YBo0M)O#XzY}~F*G7{g@v$5Y4a}I^kTMfr;Q35*gn=RFHPGAaY&!3cgU0$(%ck`# zMHP!{JeylulnIE#z#MyiR-GE}0H?R!{Lgyjl?%6B9K3zYF8lQYeZdpa_Jo-n9^>%A z38vZ^MG$+DK5z3HK|b3%y8qe(6mP+WkXyv%Xz0O&$js4tJ>H+;Z|Aw>4DAX;@yaSQ z+oAWz0aztjwP^@|i{FXfcr!m!!mTZAj2!!lic?rte)H5&N%a2O4(@t!jJ*8}Ty;T- z2YcwQ6cx&OOj4l6fQAH;gG`XRVWyhLdi)+W*->i011fS0E`_9ly+@wU&(|*{XJ|S<;=-9xt5Lf>5)WE;Rw6maxQ_z@W$c#pnR3<7as=2E0RU3P~?! z{M7D4{{o~#g5_HnKpC1z=A6*G!f6zi8JHieg%S|Gj725l_YEjfzQRh^D? ztNupotkGO&aq}_jz`6|t#19?ei>y<*rM6|!#NUBs_aMGXYkwCoI&sKz8>4!a9|ov!G z{45)TW0ZEg2br8?LOsrBO}s(A!;1YsK87ZGmSrof*N0+eGwF@1gH3YWtbx@GQ!I(yPt#hN#)TxQ_M293`T=gE_3I0)f4~f}E&{9y zP6f-zliRCNVd&70OLqF7Qlh~a(m+ToE}W#DR*8Z(Hk<9?jTjQx<)}61(AU*QSi&Ft z(dC=I?1RAoO($sEkRYiLqyfc<)nmV_ zt+mi5?Q|g~r$wp49JlM#y>ExJSuW~+eSyUm2g|hstX&VCEU~czGWXU`vhzan^$*f2 zwUEF{G2KO2o~G^G<3KA}NG}&J2O@82OgO5>_INWVzWaZ@NVX_XigainA#Efog|uC# zjj@@As8Gts8d!;|1xnjbnCW)rsrAr&%ky{XK@}SCvGCUzSTltKf`=u!==EWzx4|t6 zJM9PlkA}Rw`RSDKd*hf&RgFv0B*NP0aUcO^l#{JoV`w)6_6?6SK9NlXtw1tyMtfH#q{xa2^Ufq?njj;NjI<*A7-Lh>?0#|zYxX~9;=QT8+@~r&bV0{xaH={k)Pn_^LXe>jJ!?fV?=G?Zg zvG>p5{i1*6yV5bw!m^(?Zj;;ib=FvqC~G>03AH~e*Rts510NWp@r7<* zjq6^jT^QeFVse~%K21||2bh01@9Q29pA@jeD1T?ufyR>vI>Q%_?!_{H&`Ip*j}i8atwa+(rqs4q_?~hGRGJ zihcjgm&jF^08&<8T@n4b{;1L5qmV0xnos&-cJ&VO@6M;E8wzPhX~{>a zQ|k(Yn2ew|A};k{rkkX}W3FETRBZ=fwn4@9RM@j}(+k++qRIEiL^Okzae*@-$*hyf zCUO2WN(~Psi_3c*-W#-pKj`qMG$?)Zytnc}`KL7#tknY0SIMqeH~me6`|q#*w*^*t z1r|0MKvdR6^1R*dsqaYF{*-*&5%w%7(18NUm7WO66QtR|MdmR|M?6%pdZeDPQ@9$S zYC#Ix?UClv{?)5jf7dU24>umh?Tw0{OCYXcW9@m^y>)F6vH^X8+Fcq|10FJ z9A0`#>)lEe%qik@l)P)U*Cz(XXcalmCeW@!(I%YN&7Ah!#p8ectnIh&Lxx0UW6ay0 zQ_wT>!VL}iFC9Z7;xPx-CD7u`r7=nq;07Uj(~ETKNgw6Ar*uuMnW8pv7kO_$C>4YW zn{^d7Z+pCp9s}q7mwhY%<7PVab-uS+wf;PKfQfxi=Y`jt-oJwXeIMor4eZ>Q_V8@4 z&t9heJY>9Sy%#SU`EY)N?)nnOU&C&`%+9TCSeI|_1fZP?ZMZ&>bvK7>_;rrF|0l9l zG=v>ZVP&EsjkQW9pq#cbTsp~@&aO>g_WE^0{;7A7?o1QYBy zuxRD$=0A<}#^H8#>>r|R_8G7}-WY?M3JT_x3DU|%qklF~@P&eQG|fR*jz4T&l@Z@=E`yhi%4ZKK*?8{vFGn_M80K{hT^hBkpQT z7DOh?Yed%26Qxx0NxTFmvjxh`rHZJ|)Bzs3QUX(=BuX5#kTmPG9Ex(JXyckb_Q4eK zDSH{*oshq1%^m!$+^Ene_t%9)lqU z2xSz{N|tWlJn)fj+_OR&lW8d{S~=bnVoSufizq7)MktaLS45=aRcsGfpQ6@aJ#_jR z7;>2u-yi5He|CmG_WOsoo9V7 zeV-Zq@IJzq)Le3UOrDO>&Q(ySfp!zxras&QOAs@2U(tugU}S{)_yFa(xu2Y9R$6sU zDVah90{SU;rO1sJyp+Fs+COpViO{-16qbH0=H(lKSG(i&u^smZ+Q_Sxw3VSIuYS|C zD3Rz-S_9V~T)!l&UmY;mnl~Qwc#^&m8dFn@4p(T_7h-)6)}(lOxOET@wGKMEtKIP7K6cvAV(T+so}^6Un5QG$>dn0L@CIqM1`~=?k?yJq&oQ*y&szRQ+|)V zKM?907OV^9R$^X$O%o_YKb4*Y*01V<$pblp@Tm^X1}NlB%bMla@R_sdduElsZ)cQ? z2z%N*{JgS^+hH@3?4ceP&^XEr`CkUtk;@rMc(!hx*&J%YS;!4+GO$%H23P^F9{N@x zo#3efqK%>+K2?@q@V|wwAJmEFB+f(?@F6PuO*;*|eaN@#fJ)S09`f@HB55U~wu+TVMTm^h?b8V>A;rWPMc$}j}D+C zIz~5gbh|}QZ9=yf=uOM4k45(~v^cfx$`_|_$l~S7_|+D?Oa%gPLqWyVhdz;|VNt9Y zOm-1}J}`DQY+75T;qAAYCVy|o$*Iq@oaO(>Kl`)rkPMGQhrb_!lrIh0ySD*)Nx`*3 zJ%Z|rKG2yqMYGC3Z$SH9t-b8mUfG0d1NvMm+U{wQtuGn={p++|8lh3olhw{T)kW1p)lx8=K9DJ)wxU)ZwHfMjii*+Y zM-iiF2BqQkEPr|yZ}AG=%q5y8-y%DDiKg)p-0>0I@e5?eF5-=k;7yL;%?#tspT#R5 zrzw1m)~hez{_+3%9q!C4wvx9KAvpCE&B2{5$-N%(+8(00-VUD1uH1fG;lR=fn$g|O zsOA*43#f~#t*B@R4ybgXIZ#o>oVkw=z0|;eI*wc}WAqI6;yK)zv$&HZWUrkkJ9ZIw zd=xW&$`D^<;}=!QqMAX~=4s6;DyU}i39y8^i9_Pp%!UIi_My7S$U{>=!pg`;l1be|AZz~*B4PU z#od4O4!P(`3wn7Sv%@ZvV~xy?=2*O9sEp$3DVlYNjb~nELs4n`&@KP`f6Q@$L>EZv#um5H48~P8fxpZBkWnhFg6Bpxb>uhMP^`WVPGD>VG zQ#hN$bbc^R;REH38<-Lq#Ak4DuBb>W&cUlvKDID}X2)|)uHUp~a=tM)SI&Bsc%wvQ zk2srV_gG)Jx_g&i`x4#r@A7`N_kqWf)b$Fg){Y{s=CL)8tzdIno73SXtE|0eu#qRe zWAWc!MvlKqw(>Pv{*8W$b!cBMmCep1@m9%G#d*)`7jTvDHl;&xW^g_GzfHr`yKJ0) zjoZ&1W9>KI!g)gP;8*pVG-)@EQnb@Hd+%3|^?tYkp`aFEYM&Jq!;$S74z+tJSS+RJ zDp)#%qr1r{cW+TX{IRoaeng)nQ%elec*;imT~+M&zCO01HmIQAZPG)uUWLynt)1FN zvpz$sDjBroq1uFMHcb>V=vSLofwfX^py!Z>CSGfq_p<6Sm*!i$m0ZnJ^e4b^lF4SZ zmEFx+#Ac|^NzY*t?^m#r?C-rE;O84q%}~-tR9zjy(cfXs`fD_zW1G=GU7KWj>MH7T zQXA2i*P@?qP$jzxtd)BMRt;FtZvhV79rbJ~83y|;`U@61ltaJOg7&3Adn&8+*TiQX z!1PnFisbEL5xaN;z)Ca79I8ze)Y3e5a&7fcwN$auCo|}YhNL}xjyDs47UobUtI9cj*~7!>Y!>-P^(DEPN{=htYnmaR~d5B zzssatm_fCb0||drDBvDALPl$X|Jv`~Q1Xx{6lWFe66+gPF(t(wQk>MACA?b?-i4>h zrW{lT)!ZtuZe@?Qqv)pF_PDB;QW0BA*jmKZBCeLOi-qKOK;ro}Kc1_5znj^8UJMo%g>>GtHAnkH&{r#*z!(zyn|e=qe{i3)Ar=?(m2bi534(h z?$0f&y$&QPh-x59+X=XU`H^9N1s=CRq2JF~c2lcq7s;sVb^B3^h?7ux8vfAd9;)e< za5uMZTtMi;Xg`sNSZVQPC?Y9wi>M~5F(P8s|G(^etJMv^5M)V)q{9LL+1cw#FGfHp zXpCwkyAC?ig(XW`5g{Uye(xq%W}^($YyV=38mDcmk#Z{O)~|H*nG|56peq$rw@7L7 z&wPtU1XWd)u5{rh6#@;pL+LSNdSD_1deZQ@z4^(U4z4>+Hl2iezM$3R* z6H=*F(c0`GpbHoq6b3s*RfC^T`&NPVV>@pDV>kznXf^FP!|feAS(x~BB7YN#h2>nK zq3uO3zWxTuRw26oG07a*OGx1+i_-SHzs=(0Z&I0koa)>^rZTmgx1aw2N0+Tp7(nuy zS8k!-`yW`3CW|RVBvFRRw#3B2CX5?nx#L*Q6n1uwIBF%V);db-V7%G3d{OD;!;4tX zBw|hCG>&396IkvjmRDx&wi$L4(S;EabMV`kU*v++TOL@oz;!A95Hr{-HofA~E3SzA z#Cwo@l9#J$RdRAYwURfSLs$@ZE1`iha{b#;}_Pi>up7F`%R2d!j?(m3BkOb;PFgsRsE zuOebZ#9G#&!p`1gDSjbA7?$?}ndVc}HbT!dzl(8SQq^*IUz%y<^D#%UMX)Gn^z}g^ z3L1$ZpmFIbc6s(wN8%raoFkwI=|k&OoBYg=0rqlZNBcMI98`cVvq=t znuf$JX)AwSVJROaX?ea*Daq0zf*3{UML3DjPmHS4g)lZ~Nf$~#aI&Yy5!tF#@uyGl zect9Q4kzDn*m_TuClXC`5o{0(RUe4x=u5n1G0ocYC6UfSn^Ha^0f=7&?V(qWaoFl$ zD4b$Z4)*2^J*9v>B=kWq!j7U%cC$)tgY#lKk`?-6zI@cCV|Ro|NUZ|n7PgfStiPhzhJy4ErB>YXTS zhyq_&`*J^bS32mG0Zs<=VE8%?U)$fr#n;*>Pqm_vjjFKmnFz0GmbKfaczI}oBd2|y z+#OQWYDFDX4aQVZGONJ483bZKB3+1xSnMcTY81ItQPjl#l4b zaOTC|B#s^-4#z+nv7C1)wtoc>+S)%sb^ZY~+Ju$02+Ia9I$K!$!N|bCfKcdB9{&Bc zocg;@;7@Ny<3?0dA>4G`>f&^n>B}>`dF3*#+3)bVuZ&XMlTrtgc&=NxbbRG|tU_8u zfX0$caTq@P*Ex>D02DCHyW+V67uKuC+JAaRv!>jH6TW6XL!f2@`7eCamg;L|vskL`{U z+8)M++cs2txdH{0ja%=d>O4lQcj4x)A+iWEw~X{uz(Qk>1??n=PVlKc7gNt{0TD<6 zs|r;0jK&$n#H+x%2{ybJxBU?Qb&28y-Gzq$01A9bL_t*F{80zhnTN46tz>hfNhhd< z#w~y#c7RBP0%4{?w)Is`JUg*0VTm!BDwZ=#6f|NS5K{&WTR)uy%$cT;U?ITR4wgGj z6t?ge|Dub?Z^rUwvD|S~ZH#MU*;n|_Lz6|ignJL)&V2cCoTja~>&}qz-4rA?$rf-i zVgfX_h~q4V?{P=#J9H59bsRLdsFga4__xH%e=BB%?Z2A@y6J>5JpB7@%w2hiDBgzK z_*SC8host8so1P2ag-yfZbIV*?*FGR)-y~1+e^f2qp%^#z7U*-01!&~h(GwgOMO+m zRY?G3%@dTj5(Vq9+;QTt5sey9;}S+|*iF>IfU&Mt9wrXAVRGlulsnTXi$*zAljj{r zIig@4k-q`koZ!uCi4?#_6w6&m7HX@VWQeOn;Z3o9ogLDrLvgwrsNwCueGse<;$%+~ zMXf|(L|AU5GCM(K=J_348J?@)U6@r$~fG83d)F?Qf~f96xyh4(`L+cWU4o7oQzw z>xC?Z{#Zn8RSh}Wo9rwaM_IU`ZPx^`7s0oQ{EZlUf~@;0O}W$Daqkp^e-)GL919nQ zcA#-H$XH4n2x0X$a&0ei|8M`j9_g7)NKYoDYvKR0ljqO&2xVt#VZaPwIskmKy5V6VrQ8 zAne;^Qo#C}u>A&&GfO;LDuX5B)3hm~IBeJ2m+v8Fs5>N|kLw<*mRQu1i9}@AtODz% zS&!D=T)Qzs#80O?($6Izj%)0+J=lxs?jz#%u7r?G811EDC7B|+@z^B}lI$>wl`xE1 zxT^FL^Tt)Xe?Uw+H)(ivuT!6nk-AR2m25$9-lo_dkkr((>3t-8+(0_7*@J#+ zSGqOb=>z^UayLdKLT>(+D!;VA+Q+V?&My@fG4@P-m{7G5Yk|n$%JIMagos$(eMEaZ z(?GrP&J8rR{uXau%h!3ZSNA%IsU*95-GJv(wF!NYC`hJ=Mm*@1&h#2-!9sFwR zpu{P7EyPrr8hLE z`(2XNb5teQ>f)@)(%2RfSxQ`m@~o)z$49q|%V|Q^Z*lR1EVf%E3IqIEi|Rrn?GIO= zM@yxi3Ik$k3G>-!@V*Lj;%_}peCi=8i>;XEQ9{-tIzd?dAk!E3%9i`iU_DSKthD04 zu$6|U4^{&ED*y7?zvdY{o+2XC6yeV`qTvjxF)eFylw)OUyCq#%+K)1bQHqc+#))M8 zs>k~Ow`WOf!c+UhcV5Hx-XU06mtoG>VB9UBb|+#WSybgk-CeN}xo65`_^_5G-*_%dCL%EY?@Q$%2SD-2Hdc zIJtL-qc$pw>#*Eej2B>MXAwI~b^bvXCO?V4ct2ugv9lA1nPYoC;vd#l+|>9hHE8S+ zR1+3AtXT9f#ax3g!2ZWrv86RDA6So23%&!oFg%4%w)O8(9j8389bzZlTW}F$&mq=4 zV$EZ$IV@+I^7MMDWtT1tJ%poE2&hZ7>JU^Mf?$Ry3<$yypl3h>AR?|t1oKKT@1wp_ zS%A=wnK~=!5NHN_F<+Rjd;N$ZLYj7dA9Y?Ks;*&Sb}ezxjEIlrOk%m$u-r>n?pQM1 zNk|lU{P(U#b`SwE)j31x3!xtqg^NUfND%tWjmApCd+}_Nh(^>%)!Ki8| zor41Th|4EVaNGUL%%zVL1$TiYq^GgwG1dYaXNbc!gw-a(>NF;}R9m}O96<2Y#h+_s zUgrsQGu3$y;;~Nd$dou&W!FKQxvL(+TFhd?CxyO89854VoC7A4Do`PxviGVfdw${Y zW!m>0X6#!LQTbjpmmyLYkpQt45fc)J&BS3Vs3GuQ;QUBZCsrJ`2`ddmK?70H1}Np} zHi#CO8_fdb9|iIRc|dzKUIo@qY3Z84#A^+9)~ZNj9zOm9{^q`6S{fh3UueTGZzT4c zL2QgQjq9DqIAtbAhuF67f}ZS&(^BAoAb11E8%Ioq*o26aL&DKP_Jklkd?m-Q{9s zPW!BQ?S*{FP6a*elyxw$B>zLdE-B3{9SM~%q|S9>8p{PglJi=MN&&TYaME4U*h;QP zQj(l#CA9DHSkuu`zb?xJI+KrSMD3>gaE|W7xl}*Pq+%p){e10v zyqfeSsy6@VPZH(7685=0c&Uzq;ecjVML~WRU=`I+)EYSIov|l>1FFU)?C%xG)|F&- z6kQ5Sx>vh-GP4W>l7iSu)n{zdMZMRxX_+i#QfmAg4axWVt(vsab{=Z3DGa_>`?Mdc zCQed+d6raYQo#^RU42ID!XWl4uznVqpCz49sdd2N$H{34Tl;XdFVQ})|6G$ND&k)5 zCa1+zqNwKm>K+i2inB=v>ag|cY|Z)Q&%FOB`ShZDPt=cNER&5nn itF~&Zz*@Ci!~P#4a^MMU?du}|0000$oZa literal 0 HcmV?d00001 From 525678eab6a1963bb5f6bf2029500687a5d356a3 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 25 Aug 2021 21:42:30 +0200 Subject: [PATCH 035/132] new: [hashlookup] documentation added --- documentation/website/expansion/hashlookup.json | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 documentation/website/expansion/hashlookup.json diff --git a/documentation/website/expansion/hashlookup.json b/documentation/website/expansion/hashlookup.json new file mode 100644 index 0000000..cb6da61 --- /dev/null +++ b/documentation/website/expansion/hashlookup.json @@ -0,0 +1,10 @@ +{ + "description": "An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL.", + "logo": "cve.png", + "input": "File hashes (MD5, SHA1)", + "output": "Object with the filename associated hashes if the hash is part of a known set.", + "references": [ + "https://www.circl.lu/services/hashlookup/" + ], + "features": "The module takes file hashes as input such as a MD5 or SHA1.\n It queries the public CIRCL.lu hashlookup service and return all the hits if the hashes are known in an existing dataset. The module can be configured with a custom hashlookup url if required.\n The module can be used an hover module but also an expansion model to add related MISP objects.\n" +} From 7645b97bf775accf66036e744e0624b28b18a513 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 25 Aug 2021 21:44:20 +0200 Subject: [PATCH 036/132] chg: [hashlookup] logo updated --- documentation/website/expansion/hashlookup.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/website/expansion/hashlookup.json b/documentation/website/expansion/hashlookup.json index cb6da61..713be83 100644 --- a/documentation/website/expansion/hashlookup.json +++ b/documentation/website/expansion/hashlookup.json @@ -1,6 +1,6 @@ { "description": "An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL.", - "logo": "cve.png", + "logo": "circl.png", "input": "File hashes (MD5, SHA1)", "output": "Object with the filename associated hashes if the hash is part of a known set.", "references": [ From 1d7f0ee1f0cadee76684039a61e7ec397f904493 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 26 Aug 2021 15:02:32 +0200 Subject: [PATCH 037/132] fix: [hashlookup] Fixed the errors handling - Since the modules system is waiting for a dict, we return `misperrors` instead of the actual value of the 'error' key, and the module will no longer fail when there is no result to parse --- misp_modules/modules/expansion/hashlookup.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index d71597b..82872a0 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -70,17 +70,16 @@ def handler(q=False): hashlookupresult = r.json() if not hashlookupresult: misperrors['error'] = 'Empty result' - return misperrors['error'] + return misperrors elif r.status_code == 404: misperrors['error'] = 'Non existing hash' - return misperrors['error'] + return misperrors else: misperrors['error'] = 'API not accessible' - return misperrors['error'] + return misperrors parser = HashlookupParser(attribute, hashlookupresult, api_url) parser.parse_hashlookup_information() result = parser.get_result() - print(result) return result From 82e0628fe7af522e538ec8aa5fab55966b624c1e Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 26 Aug 2021 15:19:36 +0200 Subject: [PATCH 038/132] chg: [hashlookup] Using the actual attribute types for FileName & FileSize - Following the recent changes on the obejct template to use `filename` as attribute type for the FileName object relation instead of `text` https://github.com/MISP/misp-objects/commit/d2b93f5aa69e0d9bfc549915b8f691cc5f62bf6c --- misp_modules/modules/expansion/hashlookup.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index 82872a0..728c312 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -33,8 +33,8 @@ class HashlookupParser(): hashlookup_object = MISPObject('hashlookup') hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) - hashlookup_object.add_attribute('FileName', **{'type': 'text', 'value': self.hashlookupresult['FileName']}) - hashlookup_object.add_attribute('FileSize', **{'type': 'text', 'value': self.hashlookupresult['FileSize']}) + hashlookup_object.add_attribute('FileName', **{'type': 'filename', 'value': self.hashlookupresult['FileName']}) + hashlookup_object.add_attribute('FileSize', **{'type': 'size-in-bytes', 'value': self.hashlookupresult['FileSize']}) hashlookup_object.add_reference(self.attribute['uuid'], 'related-to') self.misp_event.add_object(hashlookup_object) From 327ee8e5c3fc2631f395974e8c217eca29a159a0 Mon Sep 17 00:00:00 2001 From: aaronkaplan Date: Thu, 26 Aug 2021 14:29:23 +0000 Subject: [PATCH 039/132] Fix github's security alert: fix * CVE-2021-28676 * CVE-2021-25287 * CVE-2021-28675 * CVE-2021-28678 * CVE-2021-25288 * CVE-2021-28677 --- Pipfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Pipfile b/Pipfile index 4057e4f..a54bdf3 100644 --- a/Pipfile +++ b/Pipfile @@ -33,7 +33,7 @@ blockchain = "*" reportlab = "*" pyintel471 = { editable = true, git = "https://github.com/MISP/PyIntel471.git" } shodan = "*" -Pillow = "*" +Pillow ">=8.2.0" Wand = "*" SPARQLWrapper = "*" domaintools_api = "*" From 4115b7607ed44ea6c0edfecef95efa41cabe7f86 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Thu, 9 Sep 2021 13:57:29 +0200 Subject: [PATCH 040/132] fix: added note about the Domaintools module being deprecated - as requested by Domaintools, including a link to their own, up to date module --- misp_modules/modules/expansion/domaintools.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/misp_modules/modules/expansion/domaintools.py b/misp_modules/modules/expansion/domaintools.py index d952fdf..353b456 100755 --- a/misp_modules/modules/expansion/domaintools.py +++ b/misp_modules/modules/expansion/domaintools.py @@ -1,3 +1,7 @@ +# This module does not appear to be actively maintained. +# Please see https://github.com/DomainTools/domaintools_misp +# for the official DomainTools-supported MISP app + import json import logging import sys From e7488791d3fcfc4eb8565281560fa6b549c57843 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Mon, 20 Sep 2021 15:17:12 +0200 Subject: [PATCH 041/132] fix: add missing dependency (ndjson) of cof2misp1 --- REQUIREMENTS | 1 + 1 file changed, 1 insertion(+) diff --git a/REQUIREMENTS b/REQUIREMENTS index 6bd74c7..010527d 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -148,3 +148,4 @@ xlrd==2.0.1 xlsxwriter==3.0.1; python_version >= '3.4' yara-python==3.8.1 yarl==1.6.3; python_version >= '3.6' +ndjson==0.3.1 From 9783113a1e476b386520655b75a8c3c4d46f4098 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 24 Sep 2021 15:09:07 +0200 Subject: [PATCH 042/132] fix: [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record --- misp_modules/modules/expansion/hashlookup.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index 728c312..7155fb7 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -33,8 +33,10 @@ class HashlookupParser(): hashlookup_object = MISPObject('hashlookup') hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) - hashlookup_object.add_attribute('FileName', **{'type': 'filename', 'value': self.hashlookupresult['FileName']}) - hashlookup_object.add_attribute('FileSize', **{'type': 'size-in-bytes', 'value': self.hashlookupresult['FileSize']}) + if 'FileName' in self.hashlookupresult: + hashlookup_object.add_attribute('FileName', **{'type': 'filename', 'value': self.hashlookupresult['FileName']}) + if 'FileSize' in self.hashlookupresult: + hashlookup_object.add_attribute('FileSize', **{'type': 'size-in-bytes', 'value': self.hashlookupresult['FileSize']}) hashlookup_object.add_reference(self.attribute['uuid'], 'related-to') self.misp_event.add_object(hashlookup_object) From b6e0c4ce5370ee5d7d1d6f420f1b9f45745cee1d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 24 Sep 2021 15:29:23 +0200 Subject: [PATCH 043/132] chg: [hashlookup] add new fields such as source, SSDEEP and TLSH --- misp_modules/modules/expansion/hashlookup.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index 7155fb7..984d7b4 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -31,8 +31,14 @@ class HashlookupParser(): def parse_hashlookup_information(self): hashlookup_object = MISPObject('hashlookup') + if 'source' in self.hashlookupresult: + hashlookup_object.add_attribute('source', **{'type': 'text', 'value': self.hashlookupresult['source']}) hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) + if 'SSDEEP' in self.hashlookupresult: + hashlookup_object.add_attribute('SSDEEP', **{'type': 'ssdeep', 'value': self.hashlookupresult['SSDEEP']}) + if 'TLSH' in self.hashlookupresult: + hashlookup_object.add_attribute('TLSH', **{'type': 'tlsh', 'value': self.hashlookupresult['TLSH']}) if 'FileName' in self.hashlookupresult: hashlookup_object.add_attribute('FileName', **{'type': 'filename', 'value': self.hashlookupresult['FileName']}) if 'FileSize' in self.hashlookupresult: From 4162ccb52887963261f86215dfddc598e0b2ff4f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 24 Sep 2021 15:35:14 +0200 Subject: [PATCH 044/132] chg: [hashlookup] KnownMalicious field added --- misp_modules/modules/expansion/hashlookup.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index 984d7b4..a88de8a 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -16,7 +16,7 @@ hashlookup_url = 'https://hashlookup.circl.lu/' class HashlookupParser(): def __init__(self, attribute, hashlookupresult, api_url): self.attribute = attribute - self.hashlookupresult = hashlookupresult + self.hashlookupresult = hashlookupresult self.api_url = api_url self.misp_event = MISPEvent() self.misp_event.add_attribute(**attribute) @@ -33,6 +33,8 @@ class HashlookupParser(): hashlookup_object = MISPObject('hashlookup') if 'source' in self.hashlookupresult: hashlookup_object.add_attribute('source', **{'type': 'text', 'value': self.hashlookupresult['source']}) + if 'KnownMalicious' in self.hashlookupresult: + hashlookup_object.add_attribute('KnownMalicious', **{'type': 'text', 'value': self.hashlookupresult['KnownMalicious']}) hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) if 'SSDEEP' in self.hashlookupresult: From be5635b0a4e5bb306bb596681180d0b96a751c26 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Fri, 15 Oct 2021 17:18:29 +0200 Subject: [PATCH 045/132] fix: [yara_query] Fixed module input parsing - The module used to work properly when called from a single attribute enrichment, but was broken when called from the hover enrichment feature, because of the additional `persistent` field used to define which type of hover enrichment is queried --- misp_modules/modules/expansion/yara_query.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/expansion/yara_query.py b/misp_modules/modules/expansion/yara_query.py index 3a75acc..e905de5 100644 --- a/misp_modules/modules/expansion/yara_query.py +++ b/misp_modules/modules/expansion/yara_query.py @@ -14,6 +14,12 @@ moduleconfig = [] mispattributes = {'input': ['md5', 'sha1', 'sha256', 'filename|md5', 'filename|sha1', 'filename|sha256', 'imphash'], 'output': ['yara']} +def extract_input_attribute(request): + for input_type in mispattributes['input']: + if input_type in request: + return input_type, request[input_type] + + def get_hash_condition(hashtype, hashvalue): hashvalue = hashvalue.lower() required_module, params = ('pe', '()') if hashtype == 'imphash' else ('hash', '(0, filesize)') @@ -24,11 +30,11 @@ def handler(q=False): if q is False: return False request = json.loads(q) - del request['module'] - if 'event_id' in request: - del request['event_id'] + attribute = extract_input_attribute(request) + if attribute is None: + return {'error': f'Wrong input type, please choose in the following: {", ".join(mispattributes["input"])}'} uuid = request.pop('attribute_uuid') if 'attribute_uuid' in request else None - attribute_type, value = list(request.items())[0] + attribute_type, value = attribute if 'filename' in attribute_type: _, attribute_type = attribute_type.split('|') _, value = value.split('|') From 58e4080b4f7d780856776cf1f030c786a9bce52a Mon Sep 17 00:00:00 2001 From: Kory Kyzar Date: Thu, 21 Oct 2021 09:14:13 -0400 Subject: [PATCH 046/132] Add libcaca-dev to apt packages required I needed to add libcaca-dev to make gtcaca. ## Before ``` misp@server:/usr/local/src/gtcaca/build$ cmake .. && make -- The C compiler identification is GNU 7.5.0 -- The CXX compiler identification is GNU 7.5.0 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Detecting CXX compile features -- Detecting CXX compile features - done CMake system name: Linux -- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") pkg config path: -- Check if the system is big endian -- Searching 16 bit integer -- Looking for sys/types.h -- Looking for sys/types.h - found -- Looking for stdint.h -- Looking for stdint.h - found -- Looking for stddef.h -- Looking for stddef.h - found -- Check size of unsigned short -- Check size of unsigned short - done -- Using unsigned short -- Check if the system is big endian - little endian -- Checking for module 'caca' -- No package 'caca' found CMake Error at /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:415 (message): A required package was not found Call Stack (most recent call first): /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:593 (_pkg_check_modules_internal) CMakeLists.txt:69 (pkg_check_modules) -- Configuring incomplete, errors occurred! See also "/usr/local/src/gtcaca/build/CMakeFiles/CMakeOutput.log". ``` ## After ``` misp@server:/usr/local/src/gtcaca/build$ cmake .. && make CMake system name: Linux pkg config path: -- Checking for module 'caca' -- Found caca, version 0.99.beta19 libcaca link library: -lcaca CMake system: Linux -- Configuring done -- Generating done -- Build files have been written to: /usr/local/src/gtcaca/build ``` --- documentation/mkdocs/install.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/documentation/mkdocs/install.md b/documentation/mkdocs/install.md index 662e675..3eed0f4 100644 --- a/documentation/mkdocs/install.md +++ b/documentation/mkdocs/install.md @@ -14,7 +14,8 @@ sudo apt-get install -y \ zbar-tools \ libzbar0 \ libzbar-dev \ - libfuzzy-dev + libfuzzy-dev \ + libcaca-dev # BEGIN with virtualenv: $SUDO_WWW virtualenv -p python3 /var/www/MISP/venv From 4fd3323220fc503bb57dcd64a3266faf7b6c412e Mon Sep 17 00:00:00 2001 From: rderkach Date: Mon, 25 Oct 2021 18:01:05 +0300 Subject: [PATCH 047/132] Update Recorded future expansion module with the new data In this release, we added new data that we have called Links. It represents better and more filtered related data. Also did some code formatting. --- .../modules/expansion/recordedfuture.py | 495 +++++++++++------- 1 file changed, 316 insertions(+), 179 deletions(-) diff --git a/misp_modules/modules/expansion/recordedfuture.py b/misp_modules/modules/expansion/recordedfuture.py index ccea31b..9894968 100644 --- a/misp_modules/modules/expansion/recordedfuture.py +++ b/misp_modules/modules/expansion/recordedfuture.py @@ -1,8 +1,14 @@ import json import logging import requests -from requests.exceptions import HTTPError, ProxyError,\ - InvalidURL, ConnectTimeout, ConnectionError +from requests.exceptions import ( + HTTPError, + ProxyError, + InvalidURL, + ConnectTimeout, + ConnectionError, +) +from typing import Optional, List, Tuple, Dict from . import check_input_attribute, checking_error, standard_error_message import platform import os @@ -10,47 +16,63 @@ from urllib.parse import quote, urlparse from pymisp import MISPAttribute, MISPEvent, MISPTag, MISPObject moduleinfo = { - 'version': '1.0.1', - 'author': 'Recorded Future', - 'description': 'Module to retrieve data from Recorded Future', - 'module-type': ['expansion', 'hover'] + "version": "2.0.0", + "author": "Recorded Future", + "description": "Module to retrieve data from Recorded Future", + "module-type": ["expansion", "hover"], } -moduleconfig = ['token', 'proxy_host', 'proxy_port', 'proxy_username', 'proxy_password'] +moduleconfig = ["token", "proxy_host", "proxy_port", "proxy_username", "proxy_password"] -misperrors = {'error': 'Error'} +misperrors = {"error": "Error"} -ATTRIBUTES = [ - 'ip', - 'ip-src', - 'ip-dst', - 'domain', - 'hostname', - 'md5', - 'sha1', - 'sha256', - 'uri', - 'url', - 'vulnerability', - 'weakness' +GALAXY_FILE_PATH = "https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/" + +ATTRIBUTESTYPES = [ + "ip", + "ip-src", + "ip-dst", + "ip-src|port", + "ip-dst|port", + "domain", + "hostname", + "md5", + "sha1", + "sha256", + "uri", + "url", + "vulnerability", + "weakness", +] + +OUTPUTATTRIBUTESTYPES = ATTRIBUTESTYPES + [ + "email-src", + "malware-sample", + "text", + "target-org", + "threat-actor", + "target-user", ] mispattributes = { - 'input': ATTRIBUTES, - 'output': ATTRIBUTES + ['email-src', 'text'], - 'format': 'misp_standard' + "input": ATTRIBUTESTYPES, + "output": OUTPUTATTRIBUTESTYPES, + "format": "misp_standard", } -LOGGER = logging.getLogger('recorded_future') +LOGGER = logging.getLogger("recorded_future") LOGGER.setLevel(logging.INFO) class RequestHandler: """A class for handling any outbound requests from this module.""" + def __init__(self): self.session = requests.Session() - self.app_id = f'{os.path.basename(__file__)}/{moduleinfo["version"]} ({platform.platform()}) ' \ - f'misp_enrichment/{moduleinfo["version"]} python-requests/{requests.__version__}' + self.app_id = ( + f'{os.path.basename(__file__)}/{moduleinfo["version"]} ({platform.platform()}) ' + f'misp_enrichment/{moduleinfo["version"]} python-requests/{requests.__version__}' + ) self.proxies = None self.rf_token = None @@ -58,27 +80,28 @@ class RequestHandler: """General get method with proxy error handling.""" try: timeout = 7 if self.proxies else None - response = self.session.get(url, headers=headers, proxies=self.proxies, timeout=timeout) + response = self.session.get( + url, headers=headers, proxies=self.proxies, timeout=timeout + ) response.raise_for_status() return response except (ConnectTimeout, ProxyError, InvalidURL) as error: - msg = 'Error connecting with proxy, please check the Recorded Future app proxy settings.' - LOGGER.error(f'{msg} Error: {error}') - misperrors['error'] = msg + msg = "Error connecting with proxy, please check the Recorded Future app proxy settings." + LOGGER.error(f"{msg} Error: {error}") + misperrors["error"] = msg raise def rf_lookup(self, category: str, ioc: str) -> requests.Response: """Do a lookup call using Recorded Future's ConnectAPI.""" - parsed_ioc = quote(ioc, safe='') - url = f'https://api.recordedfuture.com/v2/{category}/{parsed_ioc}?fields=risk%2CrelatedEntities' - headers = {'X-RFToken': self.rf_token, - 'User-Agent': self.app_id} + parsed_ioc = quote(ioc, safe="") + url = f"https://api.recordedfuture.com/gw/misp/lookup/{category}/{parsed_ioc}" + headers = {"X-RFToken": self.rf_token, "User-Agent": self.app_id} try: response = self.get(url, headers) except HTTPError as error: - msg = f'Error when requesting data from Recorded Future. {error.response}: {error.response.reason}' + msg = f"Error when requesting data from Recorded Future. {error.response}: {error.response.reason}" LOGGER.error(msg) - misperrors['error'] = msg + misperrors["error"] = msg raise return response @@ -88,20 +111,49 @@ GLOBAL_REQUEST_HANDLER = RequestHandler() class GalaxyFinder: """A class for finding MISP galaxy matches to Recorded Future data.""" + def __init__(self): self.session = requests.Session() + # There are duplicates values for different keys because Links entities and Related entities + # have have different naming for the same types self.sources = { - 'RelatedThreatActor': [ - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/threat-actor.json' + "RelatedThreatActor": [f"{GALAXY_FILE_PATH}threat-actor.json"], + "Threat Actor": [f"{GALAXY_FILE_PATH}threat-actor.json"], + "RelatedMalware": [ + f"{GALAXY_FILE_PATH}banker.json", + f"{GALAXY_FILE_PATH}botnet.json", + f"{GALAXY_FILE_PATH}exploit-kit.json", + f"{GALAXY_FILE_PATH}rat.json", + f"{GALAXY_FILE_PATH}ransomware.json", + f"{GALAXY_FILE_PATH}malpedia.json", + ], + "Malware": [ + f"{GALAXY_FILE_PATH}banker.json", + f"{GALAXY_FILE_PATH}botnet.json", + f"{GALAXY_FILE_PATH}exploit-kit.json", + f"{GALAXY_FILE_PATH}rat.json", + f"{GALAXY_FILE_PATH}ransomware.json", + f"{GALAXY_FILE_PATH}malpedia.json", + ], + "MitreAttackIdentifier": [ + f"{GALAXY_FILE_PATH}mitre-attack-pattern.json", + f"{GALAXY_FILE_PATH}mitre-course-of-action.json", + f"{GALAXY_FILE_PATH}mitre-enterprise-attack-attack-pattern.json", + f"{GALAXY_FILE_PATH}mitre-enterprise-attack-course-of-action.json", + f"{GALAXY_FILE_PATH}mitre-enterprise-attack-intrusion-set.json", + f"{GALAXY_FILE_PATH}mitre-enterprise-attack-malware.json", + f"{GALAXY_FILE_PATH}mitre-enterprise-attack-tool.json", + f"{GALAXY_FILE_PATH}mitre-intrusion-set.json", + f"{GALAXY_FILE_PATH}mitre-malware.json", + f"{GALAXY_FILE_PATH}mitre-mobile-attack-attack-pattern.json", + f"{GALAXY_FILE_PATH}mitre-mobile-attack-course-of-action.json", + f"{GALAXY_FILE_PATH}mitre-mobile-attack-intrusion-set.json", + f"{GALAXY_FILE_PATH}mitre-mobile-attack-malware.json", + f"{GALAXY_FILE_PATH}mitre-mobile-attack-tool.json", + f"{GALAXY_FILE_PATH}mitre-pre-attack-attack-pattern.json", + f"{GALAXY_FILE_PATH}mitre-pre-attack-intrusion-set.json", + f"{GALAXY_FILE_PATH}mitre-tool.json", ], - 'RelatedMalware': [ - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/banker.json', - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/botnet.json', - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/exploit-kit.json', - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/rat.json', - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/ransomware.json', - 'https://raw.githubusercontent.com/MISP/misp-galaxy/main/clusters/malpedia.json' - ] } self.galaxy_clusters = {} @@ -112,33 +164,38 @@ class GalaxyFinder: for source in self.sources.get(related_type): try: response = GLOBAL_REQUEST_HANDLER.get(source) - name = source.split('/')[-1].split('.')[0] - self.galaxy_clusters[related_type] = {name: response.json()} + name = source.split("/")[-1].split(".")[0] + self.galaxy_clusters.setdefault(related_type, {}).update( + {name: response.json()} + ) except ConnectionError as error: - LOGGER.warning(f'pull_galaxy_cluster failed for source: {source}, with error: {error}.') + LOGGER.warning( + f"pull_galaxy_cluster failed for source: {source}, with error: {error}." + ) def find_galaxy_match(self, indicator: str, related_type: str) -> str: """Searches the clusters of the related_type for a match with the indicator. - :returns the first matching galaxy string or an empty string if no galaxy match is found. + :returns the first matching galaxy string or an empty string if no galaxy match is found. """ self.pull_galaxy_cluster(related_type) for cluster_name, cluster in self.galaxy_clusters.get(related_type, {}).items(): - for value in cluster['values']: - try: - if indicator in value['meta']['synonyms'] or indicator in value['value']: - value = value['value'] - return f'misp-galaxy:{cluster_name}="{value}"' - except KeyError: - pass - return '' + for value in cluster["values"]: + if indicator in value.get("meta", {}).get( + "synonyms", "" + ) or indicator in value.get("value", ""): + value = value["value"] + return f'misp-galaxy:{cluster_name}="{value}"' + return "" class RFColors: """Class for setting signature RF-colors.""" + def __init__(self): - self.rf_white = '#CCCCCC' - self.rf_yellow = '#FFCE00' - self.rf_red = '#CF0A2C' + self.rf_white = "#CCCCCC" + self.rf_grey = " #CDCDCD" + self.rf_yellow = "#FFCF00" + self.rf_red = "#D10028" def riskscore_color(self, risk_score: int) -> str: """Returns appropriate hex-colors according to risk score.""" @@ -160,194 +217,272 @@ class RFColors: else: # risk_rule_criticality == 3 or 4 return self.rf_red + def criticality_color(self, criticality) -> str: + mapper = { + "None": self.rf_grey, + "Low": self.rf_grey, + "Unusual": self.rf_grey, + "Informational": self.rf_grey, + "Medium": self.rf_yellow, + "Suspicious": self.rf_yellow, + "High": self.rf_red, + "Critical": self.rf_red, + "Very Critical": self.rf_red, + "Malicious": self.rf_red, + "Very Malicious": self.rf_red, + } + return mapper.get(criticality, self.rf_white) + class RFEnricher: """Class for enriching an attribute with data from Recorded Future. - The enrichment data is returned as a custom MISP object. + The enrichment data is returned as a custom MISP object. """ + def __init__(self, attribute_props: dict): self.event = MISPEvent() - self.enrichment_object = MISPObject('Recorded Future Enrichment') + self.enrichment_object = MISPObject("Recorded Future Enrichment") description = ( - 'An object containing the enriched attribute and ' - 'related entities from Recorded Future.' + "An object containing the enriched attribute and " + "related entities from Recorded Future." + ) + self.enrichment_object.from_dict( + **{"meta-category": "misc", "description": description, "distribution": 0} ) - self.enrichment_object.from_dict(**{ - 'meta-category': 'misc', - 'description': description, - 'distribution': 0 - }) # Create a copy of enriched attribute to add tags to temp_attr = MISPAttribute() temp_attr.from_dict(**attribute_props) self.enriched_attribute = MISPAttribute() - self.enriched_attribute.from_dict(**{ - 'value': temp_attr.value, - 'type': temp_attr.type, - 'distribution': 0 - }) + self.enriched_attribute.from_dict( + **{"value": temp_attr.value, "type": temp_attr.type, "distribution": 0} + ) - self.related_attributes = [] + self.related_attributes: List[Tuple[str, MISPAttribute]] = [] self.color_picker = RFColors() self.galaxy_finder = GalaxyFinder() # Mapping from MISP-type to RF-type self.type_to_rf_category = { - 'ip': 'ip', - 'ip-src': 'ip', - 'ip-dst': 'ip', - 'domain': 'domain', - 'hostname': 'domain', - 'md5': 'hash', - 'sha1': 'hash', - 'sha256': 'hash', - 'uri': 'url', - 'url': 'url', - 'vulnerability': 'vulnerability', - 'weakness': 'vulnerability' + "ip": "ip", + "ip-src": "ip", + "ip-dst": "ip", + "ip-src|port": "ip", + "ip-dst|port": "ip", + "domain": "domain", + "hostname": "domain", + "md5": "hash", + "sha1": "hash", + "sha256": "hash", + "uri": "url", + "url": "url", + "vulnerability": "vulnerability", + "weakness": "vulnerability", } - # Related entities from RF portrayed as related attributes in MISP + # Related entities have 'Related' as part of the word and Links entities from RF + # portrayed as related attributes in MISP self.related_attribute_types = [ - 'RelatedIpAddress', 'RelatedInternetDomainName', 'RelatedHash', - 'RelatedEmailAddress', 'RelatedCyberVulnerability' + "RelatedIpAddress", + "RelatedInternetDomainName", + "RelatedHash", + "RelatedEmailAddress", + "RelatedCyberVulnerability", + "IpAddress", + "InternetDomainName", + "Hash", + "EmailAddress", + "CyberVulnerability", + ] + # Related entities have 'Related' as part of the word and and Links entities from RF portrayed as tags in MISP + self.galaxy_tag_types = [ + "RelatedMalware", + "RelatedThreatActor", + "Threat Actor", + "MitreAttackIdentifier", + "Malware", ] - # Related entities from RF portrayed as tags in MISP - self.galaxy_tag_types = ['RelatedMalware', 'RelatedThreatActor'] def enrich(self) -> None: """Run the enrichment.""" - category = self.type_to_rf_category.get(self.enriched_attribute.type) - json_response = GLOBAL_REQUEST_HANDLER.rf_lookup(category, self.enriched_attribute.value) + category = self.type_to_rf_category.get(self.enriched_attribute.type, "") + enriched_attribute_value = self.enriched_attribute.value + # If enriched attribute has a port we need to remove that port + # since RF do not support enriching ip addresses with port + if self.enriched_attribute.type in ["ip-src|port", "ip-dst|port"]: + enriched_attribute_value = enriched_attribute_value.split("|")[0] + json_response = GLOBAL_REQUEST_HANDLER.rf_lookup( + category, enriched_attribute_value + ) response = json.loads(json_response.content) try: # Add risk score and risk rules as tags to the enriched attribute - risk_score = response['data']['risk']['score'] + risk_score = response["data"]["risk"]["score"] hex_color = self.color_picker.riskscore_color(risk_score) tag_name = f'recorded-future:risk-score="{risk_score}"' self.add_tag(tag_name, hex_color) - for evidence in response['data']['risk']['evidenceDetails']: - risk_rule = evidence['rule'] - criticality = evidence['criticality'] + risk_criticality = response["data"]["risk"]["criticalityLabel"] + hex_color = self.color_picker.criticality_color(risk_criticality) + tag_name = f'recorded-future:criticality="{risk_criticality}"' + self.add_tag(tag_name, hex_color) + + for evidence in response["data"]["risk"]["evidenceDetails"]: + risk_rule = evidence["rule"] + criticality = evidence["criticality"] hex_color = self.color_picker.riskrule_color(criticality) tag_name = f'recorded-future:risk-rule="{risk_rule}"' self.add_tag(tag_name, hex_color) - # Retrieve related entities - for related_entity in response['data']['relatedEntities']: - related_type = related_entity['type'] - if related_type in self.related_attribute_types: - # Related entities returned as additional attributes - for related in related_entity['entities']: - if int(related["count"]) > 4: - indicator = related['entity']['name'] - self.add_related_attribute(indicator, related_type) - elif related_type in self.galaxy_tag_types: - # Related entities added as galaxy-tags to the enriched attribute - galaxy_tags = [] - for related in related_entity['entities']: - if int(related["count"]) > 4: - indicator = related['entity']['name'] - galaxy = self.galaxy_finder.find_galaxy_match(indicator, related_type) - # Handle deduplication of galaxy tags - if galaxy and galaxy not in galaxy_tags: - galaxy_tags.append(galaxy) - for galaxy in galaxy_tags: - self.add_tag(galaxy) + links_data = response["data"].get("links", {}).get("hits") + # Check if we have error in links response. If yes, then user do not have right module enabled in token + links_access_error = response["data"].get("links", {}).get("error") + galaxy_tags = [] + if not links_access_error: + for hit in links_data: + for section in hit["sections"]: + for sec_list in section["lists"]: + entity_type = sec_list["type"]["name"] + for entity in sec_list["entities"]: + if entity_type in self.galaxy_tag_types: + galaxy = self.galaxy_finder.find_galaxy_match( + entity["name"], entity_type + ) + if galaxy and galaxy not in galaxy_tags: + galaxy_tags.append(galaxy) + else: + self.add_attribute(entity["name"], entity_type) + + else: + # Retrieve related entities + for related_entity in response["data"]["relatedEntities"]: + related_type = related_entity["type"] + if related_type in self.related_attribute_types: + # Related entities returned as additional attributes + for related in related_entity["entities"]: + # filter those entities that have count bigger than 4, to reduce noise + # because there can be a huge list of related entities + if int(related["count"]) > 4: + indicator = related["entity"]["name"] + self.add_attribute(indicator, related_type) + elif related_type in self.galaxy_tag_types: + # Related entities added as galaxy-tags to the enriched attribute + galaxy_tags = [] + for related in related_entity["entities"]: + # filter those entities that have count bigger than 4, to reduce noise + # because there can be a huge list of related entities + if int(related["count"]) > 4: + indicator = related["entity"]["name"] + galaxy = self.galaxy_finder.find_galaxy_match( + indicator, related_type + ) + # Handle deduplication of galaxy tags + if galaxy and galaxy not in galaxy_tags: + galaxy_tags.append(galaxy) + for galaxy in galaxy_tags: + self.add_tag(galaxy) + except KeyError: - misperrors['error'] = 'Unexpected format in Recorded Future api response.' + misperrors["error"] = "Unexpected format in Recorded Future api response." raise - def add_related_attribute(self, indicator: str, related_type: str) -> None: - """Helper method for adding an indicator to the related attribute list.""" - out_type = self.get_output_type(related_type, indicator) + def add_attribute(self, indicator: str, indicator_type: str) -> None: + """Helper method for adding an indicator to the attribute list.""" + out_type = self.get_output_type(indicator_type, indicator) attribute = MISPAttribute() - attribute.from_dict(**{'value': indicator, 'type': out_type, 'distribution': 0}) - self.related_attributes.append((related_type, attribute)) + attribute.from_dict(**{"value": indicator, "type": out_type, "distribution": 0}) + self.related_attributes.append((indicator_type, attribute)) def add_tag(self, tag_name: str, hex_color: str = None) -> None: """Helper method for adding a tag to the enriched attribute.""" tag = MISPTag() - tag_properties = {'name': tag_name} + tag_properties = {"name": tag_name} if hex_color: - tag_properties['colour'] = hex_color + tag_properties["colour"] = hex_color tag.from_dict(**tag_properties) self.enriched_attribute.add_tag(tag) def get_output_type(self, related_type: str, indicator: str) -> str: """Helper method for translating a Recorded Future related type to a MISP output type.""" - output_type = 'text' - if related_type == 'RelatedIpAddress': - output_type = 'ip-dst' - elif related_type == 'RelatedInternetDomainName': - output_type = 'domain' - elif related_type == 'RelatedHash': + output_type = "text" + if related_type in ["RelatedIpAddress", "IpAddress"]: + output_type = "ip-dst" + elif related_type in ["RelatedInternetDomainName", "InternetDomainName"]: + output_type = "domain" + elif related_type in ["RelatedHash", "Hash"]: hash_len = len(indicator) if hash_len == 64: - output_type = 'sha256' + output_type = "sha256" elif hash_len == 40: - output_type = 'sha1' + output_type = "sha1" elif hash_len == 32: - output_type = 'md5' - elif related_type == 'RelatedEmailAddress': - output_type = 'email-src' - elif related_type == 'RelatedCyberVulnerability': - signature = indicator.split('-')[0] - if signature == 'CVE': - output_type = 'vulnerability' - elif signature == 'CWE': - output_type = 'weakness' + output_type = "md5" + elif related_type in ["RelatedEmailAddress", "EmailAddress"]: + output_type = "email-src" + elif related_type in ["RelatedCyberVulnerability", "CyberVulnerability"]: + signature = indicator.split("-")[0] + if signature == "CVE": + output_type = "vulnerability" + elif signature == "CWE": + output_type = "weakness" + elif related_type == "MalwareSignature": + output_type = "malware-sample" + elif related_type == "Organization": + output_type = "target-org" + elif related_type == "Username": + output_type = "target-user" return output_type def get_results(self) -> dict: """Build and return the enrichment results.""" - self.enrichment_object.add_attribute('Enriched attribute', **self.enriched_attribute) + self.enrichment_object.add_attribute( + "Enriched attribute", **self.enriched_attribute + ) for related_type, attribute in self.related_attributes: self.enrichment_object.add_attribute(related_type, **attribute) self.event.add_object(**self.enrichment_object) event = json.loads(self.event.to_json()) - result = {key: event[key] for key in ['Object'] if key in event} - return {'results': result} + result = {key: event[key] for key in ["Object"] if key in event} + return {"results": result} -def get_proxy_settings(config: dict) -> dict: +def get_proxy_settings(config: dict) -> Optional[Dict[str, str]]: """Returns proxy settings in the requests format. - If no proxy settings are set, return None.""" + If no proxy settings are set, return None.""" proxies = None - host = config.get('proxy_host') - port = config.get('proxy_port') - username = config.get('proxy_username') - password = config.get('proxy_password') + host = config.get("proxy_host") + port = config.get("proxy_port") + username = config.get("proxy_username") + password = config.get("proxy_password") if host: if not port: - misperrors['error'] = 'The recordedfuture_proxy_host config is set, ' \ - 'please also set the recordedfuture_proxy_port.' + misperrors["error"] = ( + "The recordedfuture_proxy_host config is set, " + "please also set the recordedfuture_proxy_port." + ) raise KeyError parsed = urlparse(host) - if 'http' in parsed.scheme: - scheme = 'http' + if "http" in parsed.scheme: + scheme = "http" else: scheme = parsed.scheme netloc = parsed.netloc - host = f'{netloc}:{port}' + host = f"{netloc}:{port}" if username: if not password: - misperrors['error'] = 'The recordedfuture_proxy_username config is set, ' \ - 'please also set the recordedfuture_proxy_password.' + misperrors["error"] = ( + "The recordedfuture_proxy_username config is set, " + "please also set the recordedfuture_proxy_password." + ) raise KeyError - auth = f'{username}:{password}' - host = auth + '@' + host + auth = f"{username}:{password}" + host = auth + "@" + host - proxies = { - 'http': f'{scheme}://{host}', - 'https': f'{scheme}://{host}' - } + proxies = {"http": f"{scheme}://{host}", "https": f"{scheme}://{host}"} - LOGGER.info(f'Proxy settings: {proxies}') + LOGGER.info(f"Proxy settings: {proxies}") return proxies @@ -357,23 +492,25 @@ def handler(q=False): return False request = json.loads(q) - config = request.get('config') - if config and config.get('token'): - GLOBAL_REQUEST_HANDLER.rf_token = config.get('token') + config = request.get("config") + if config and config.get("token"): + GLOBAL_REQUEST_HANDLER.rf_token = config.get("token") else: - misperrors['error'] = 'Missing Recorded Future token.' + misperrors["error"] = "Missing Recorded Future token." return misperrors - if not request.get('attribute') or not check_input_attribute(request['attribute'], requirements=('type', 'value')): - return {'error': f'{standard_error_message}, {checking_error}.'} - if request['attribute']['type'] not in mispattributes['input']: - return {'error': 'Unsupported attribute type.'} + if not request.get("attribute") or not check_input_attribute( + request["attribute"], requirements=("type", "value") + ): + return {"error": f"{standard_error_message}, {checking_error}."} + if request["attribute"]["type"] not in mispattributes["input"]: + return {"error": "Unsupported attribute type."} try: GLOBAL_REQUEST_HANDLER.proxies = get_proxy_settings(config) except KeyError: return misperrors - input_attribute = request.get('attribute') + input_attribute = request.get("attribute") rf_enricher = RFEnricher(input_attribute) try: @@ -392,5 +529,5 @@ def introspection(): def version(): """Returns a dict with the version and the associated meta-data including potential configurations required of the module.""" - moduleinfo['config'] = moduleconfig + moduleinfo["config"] = moduleconfig return moduleinfo From 7967542be67a1773b008e99bd123ea91a22dff53 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Tue, 26 Oct 2021 15:11:20 +0200 Subject: [PATCH 048/132] add: [passive-ssh] initial commit --- misp_modules/modules/expansion/__init__.py | 4 +- misp_modules/modules/expansion/passive-ssh.py | 140 ++++++++++++++++++ 2 files changed, 142 insertions(+), 2 deletions(-) create mode 100644 misp_modules/modules/expansion/passive-ssh.py diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 2723736..a817c2a 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -17,7 +17,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid', 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', - 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan'] + 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh'] minimum_required_fields = ('type', 'uuid', 'value') @@ -27,4 +27,4 @@ standard_error_message = 'This module requires an "attribute" field as input' def check_input_attribute(attribute, requirements=minimum_required_fields): - return all(feature in attribute for feature in requirements) + return all(feature in attribute for feature in requirements) \ No newline at end of file diff --git a/misp_modules/modules/expansion/passive-ssh.py b/misp_modules/modules/expansion/passive-ssh.py new file mode 100644 index 0000000..bf70ec9 --- /dev/null +++ b/misp_modules/modules/expansion/passive-ssh.py @@ -0,0 +1,140 @@ +import json +import requests +from . import check_input_attribute, standard_error_message +from collections import defaultdict +from pymisp import MISPEvent, MISPObject + +misperrors = {'error': 'Error'} + +mispattributes = {'input': ['ip-src', 'ip-dst', 'ssh-fingerprint'], + 'format': 'misp_standard'} + +moduleinfo = {'version': '1', 'author': 'Jean-Louis Huynen', + 'description': 'An expansion module to enrich, SSH key fingerprints and IP addresses with information collected by passive-ssh', + 'module-type': ['expansion', 'hover']} + +moduleconfig = ["custom_api_url", "api_user", "api_key"] + +passivessh_url = 'https://passivessh.circl.lu/' + +host_query = '/host/ssh' +fingerprint_query = '/fingerprint/all' + + +class PassivesshParser(): + def __init__(self, attribute, passivesshresult): + self.attribute = attribute + self.passivesshresult = passivesshresult + self.misp_event = MISPEvent() + self.misp_event.add_attribute(**attribute) + self.references = defaultdict(list) + + def get_result(self): + if self.references: + self.__build_references() + event = json.loads(self.misp_event.to_json()) + results = {key: event[key] for key in ( + 'Attribute', 'Object') if (key in event and event[key])} + return {'results': results} + + def parse_passivessh_information(self): + passivessh_object = MISPObject('passive-ssh') + if 'first_seen' in self.passivesshresult: + passivessh_object.add_attribute( + 'first_seen', **{'type': 'datetime', 'value': self.passivesshresult['first_seen']}) + if 'last_seen' in self.passivesshresult: + passivessh_object.add_attribute( + 'last_seen', **{'type': 'datetime', 'value': self.passivesshresult['last_seen']}) + if 'base64' in self.passivesshresult: + passivessh_object.add_attribute( + 'base64', **{'type': 'text', 'value': self.passivesshresult['base64']}) + if 'keys' in self.passivesshresult: + for key in self.passivesshresult['keys']: + passivessh_object.add_attribute( + 'fingerprint', **{'type': 'ssh-fingerprint', 'value': key['fingerprint']}) + if 'hosts' in self.passivesshresult: + for host in self.passivesshresult['hosts']: + passivessh_object.add_attribute( + 'host', **{'type': 'ip-dst', 'value': host}) + + passivessh_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(passivessh_object) + + def __build_references(self): + for object_uuid, references in self.references.items(): + for misp_object in self.misp_event.objects: + if misp_object.uuid == object_uuid: + for reference in references: + misp_object.add_reference(**reference) + break + + +def check_url(url): + return "{}/".format(url) if not url.endswith('/') else url + + +def handler(q=False): + + if q is False: + return False + request = json.loads(q) + + api_url = check_url(request['config']['custom_api_url']) if request['config'].get( + 'custom_api_url') else passivessh_url + + if request['config'].get('api_user'): + api_user = request['config'].get('api_user') + else: + misperrors['error'] = 'passive-ssh user required' + return misperrors + if request['config'].get('api_key'): + api_key = request['config'].get('api_key') + else: + misperrors['error'] = 'passive-ssh password required' + return misperrors + + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + attribute = request['attribute'] + if attribute.get('type') == 'ip-src': + type = host_query + pass + elif attribute.get('type') == 'ip-dst': + type = host_query + pass + elif attribute.get('type') == 'ssh-fingerprint': + type = fingerprint_query + pass + else: + misperrors['error'] = 'ip is missing.' + return misperrors + + r = requests.get("{}{}/{}".format(api_url, type, + attribute['value']), auth=(api_user, api_key)) + + if r.status_code == 200: + passivesshresult = r.json() + if not passivesshresult: + misperrors['error'] = 'Empty result' + return misperrors + elif r.status_code == 404: + misperrors['error'] = 'Non existing hash' + return misperrors + else: + misperrors['error'] = 'API not accessible' + return misperrors + + parser = PassivesshParser(attribute, passivesshresult) + parser.parse_passivessh_information() + result = parser.get_result() + + return result + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From eeb321fae789da5bf146cbda6ac419c1247b8e04 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 27 Oct 2021 22:01:46 +0200 Subject: [PATCH 049/132] new: [doc] Passive SSH documentation --- documentation/logos/passivessh.png | Bin 0 -> 58594 bytes documentation/website/expansion/passivessh.json | 10 ++++++++++ 2 files changed, 10 insertions(+) create mode 100644 documentation/logos/passivessh.png create mode 100644 documentation/website/expansion/passivessh.json diff --git a/documentation/logos/passivessh.png b/documentation/logos/passivessh.png new file mode 100644 index 0000000000000000000000000000000000000000..42c81906d60af82a6899dc5b3cb4eb7dcc175ff9 GIT binary patch literal 58594 zcmXtf1yohr_cbUW-QAs%SERc`y1TnmLK>u{;YvvhNP~oQBORi2NOwucw|T$+_r~x! zu3YXpcki|5nscssqEwV*(2$9dVPIg;EFCCqOx-EnEzLdMEGgYRoZU>VEh%lCDBYZ$9p#id z&cJVAJpYE6r-zNR8;p#lo2i3^u?!#C=Q;2r@8=&$TDqIN*}8bxIy?Q}N6MKyJGrw_ zD!bWQ+d7##IQURnI6GNVS~no_!1x_Vl=d%ULfu(5rCGg3{Z@*29w0%hJsqTnK!+Pjur7xCN@`Taa+GG=084 zrG~AeB@7n_CkHFX8&)oe1}7i?8!moMo-vFBCGcj$=Qpc6d%Brh!q|9txVZDPvpc(3 zI+;7zx|q6oJTDWwg{6n7tphtZ2RAPdyUp_wvD$*~!wS}k^?&Qc`hV-hYU{-MyiTlU zKCIUNTNrE1o*e~nA)Wv3%Gt#SEP;&&jD!RSrHZGSgRMEGq_d+bSYJs?3tRL5-ShK} zfcr52?>l%|nmao>K7YaIdvW>icP#$<6?R`sH)nQEHV*dwzil@#FqANIl42U~vkuz4 zgJ`vVjvmU#ruh`FJgzpfdX)ZTg}O;2hDl<|{b~PWQhoa1&$-T@=#U(X)qeCS z%*!Z(CqayvQO@gL^ofcCW`PF3@ZjvrKpG38qGLo$mttkjj^xyK>r6X1J zNyp=UJGY1rkCInviuP&c+Bt@n-8(x2u??l>NJHF6nO^jK990)269V`}%HH6wK2_Uy zY&0Q^{%0a0hG*Bue)-S0xDv(wSS>+TaQ-L64H_=nOE>63^V1-*NeVW`V$J0xKJD5_>e-zm?6gCkpaI*wTEbPlh})6PD`vkMzIY7bhV`$$IOSYi=i zbp>y5^;03DV@wchFQL#lvm|uBjOZWMMLq%3v@vg-#PCj&=z=PW?Fgq-`c+a z#|9;Im9YrfbWD{|rKOI9s%nPE>_rLWMN)=H+L=4O+^sl2lo5g-|>(rxU!bD_Y(DVtAhy2Aap`yS12qJih| z^X%lJrO{NJjaez(?*=!fl%1j!@@)pPXUGDGbG_poDIWAUkT?AV|BBEc_Evc9{80MY z;k(iLj;?GNE|DA2EP^uH6$|cT&<;XZ*NZ&`N&Pi8WNqj_rylHdNvk=wG7RCaUQq#7 zYvYoO&wegN1TPYFTawqt_~~!wzY5%<7WoNZ3XE?XXGm14ZdCtmVo$ROIK0xv5jZ}rDJcA#rJI4fO=DWTHd zo2uCnIPBFN0>Nrzq0G`(cZ^7qek-FZf-{(n zyYY7vuAtlQ&I zh#}7^z4>Z>@tV~a+>52vw@>x!tccz6wmwY-_^Pocv7R*2-3I>uOz)TZ3~b?t?W1@w z(cuGG-SP)0vp-*}Rh#>JW89~5eJPj{k#;MkZsUByWgVWM1*2e=xVlAc0(z*k zp0xW_P;&CSfQ?WGg;)YsW}o!QMxSgZ6{~rP(qslXj&jqbAvQXOpdKI|9%axI){$7@B6$??7M(R<*#q_ zzE#dNwi(Ajp#3<0NbvW(NwwNH6%Sos`0v(3pT2(%2K%lZpsPvWN!9s%-rb<@2Zk7Z z57;CK-KU(0=~yqGRoNja`}%yyfLZOpH24nQv1}d-1u&w>k3c&~X6;<-@4qZk`ZIi3Fs2!#~Q>yGj;k zSE(fB^KQfGPv;j3BIpLYotjI1zsbM73Ew<3mz{g9eflcQ+bS!*OhOUeBVVOd3v<<* zs^6rmgLiyHmf~dvfohp~HNW}<)QnRndxq3E`hK+Wd3OwU!!r(?Za#B zWc$mQ$9OMB@v$YkaL7K?SeGtdF-B6mGBx8mK4JbF$YCgQ!Pz$QMGXBV7rU(JJM^~2 z{u9m#`!`-~GcTfk9iGSumjgbvm_~4ntNThIe~cdbgF{69w}@f(J_#w%VjH=VizS$P z7MXb#aZRZC%w>(bM#02hzNx%kTvs%!u858bj>pTj_mCcmr!9^MsA^dkL9__**OcCm zX5CzQ$fs8i``Gl^=29kjG+WwkjXuqve5?NzxbecqwKvRh_zDJYGveVd0*I9lEUVj) z+xmj_>_zF5L7`ZD`A1!IN)+qC{frL+1%$~$u+8Ff!%%IP;?3!RHA)0~(&b&w*ta}g zbQD@wnX{fDLCn(QD*D_p=jyZ;sazs_;%<+=^JB*}4KC^)Y{*5Qb8giosj)ohN$CB$ zqy5elW5XivGxl{H=JCC~RsSv1@{Q^3=kaM@QxO>G z<`3DQ`olKbH1UNF5dwBl!kx}+UGcv|ZLe=yS+){03?pV~f(8w@e3L&Up{ak`=#VaejBe-sZ5G9%YG!ZxCCc?p-HfyE7%3-?fN z^bT+GxMjuZ(sY=Fp$$beZ%z^JpNqXP`Gji^;lGOJ4f&cS*CfiDCp7QTUt6oZW_>)8 z&+W}}^IAOTHbcdS0Y`%Gw%7aAZyQE-kj?x&J5Yj`aAT%UBtB;x+=R#Yz>Yn?%x;dK zjbKfBjnOWAyVdx>1k@a>50NRHMD;6oZ_x%eGTR!I+>j4ejFK-u?l5U9bgKnmPF=xNt;T@9}Ki8A;%3rHZ;p72apcup~FllkOTy zc`qU5JS-cZ9C#mXZ&C!NCXe4!-gdU(#l9sFIDR1ZjUj{6$;eyvM+XPVnXs(-;OIvQnLtuOd54-Y$3z~)2xIAv6&pmXr&)L@x`J)v# zlv5poo1T!>LC%RyU*|wTruk8&%sh=%OL+$Sh0anboWBw3EH9`A*bMSr)30rx2}7ab z%}k0lr+~02T>On@^5|)d+c%dgF^zc_B`Jy8wgu>SfauN+L^YEPLRk z6*!_;$k!`37-yAco;Ow6lJY*Xs`Z~^4Emg9)Qilv0oj$pvSeWi06qth6xb#WBz`V68weMya?}N54m3og*FTDjO@-@-1eP60p zQ%EmDIZlT+dMG#B9s)~>9cZ4awjQ7c6fduLPCvw1=RZ|x*mLUq)yc|@4tOiT8L3!F zDeX+XYAlIK%fgt+l=rKbHS5qZBdZx zZDMo#DH~IZfUA{DE&8~_pjd?G4^G{mhoL8lqka;Y;I(-Ec%f6nc)>?jgoQG#*3Hp) zIQgpP^v|KnYEA#Vz)`nD7nJMl2of*NKbZd%3Zr>PVd>=$lQ3vd|DaTcAt(nZZ{hC6 zFzRG01=X)J9vb9ke-8tr6xm7+?;nS^2uX6gTx8JVHw<9tUkSLu9AtT?f8I>5w}5C zlQ2L#JIpi2%GC^!wl;GOAg-8<7#H|qRw;b^8lgNnt*#1oY8U|F#=&xK``^b5*P&+A z#@|y5F1KW4Pg{A~{4kXXDItm%?GLKjr&=dIR=ihJ5?TIRuVzU7qbHA~sn;g-$yt(z zhF1Jp1cWcWcSdSp0Pedyrsmc?Jw4z&uoC2BXs9jgC7sOzfJd5LzOe1ique%rDv(6e8D#q4&>+HIj96ErRmv%DUOtSOy&9=FeK z?&Ti@hz@8>SSNB<$DqxE3eAatwBi7c*qyg(xgGGzg*sZBl)sf)EqZX-`fN5A9ZoC) z5R5-zih|PxS-wXyt@kT|GMnu(yJdX%coNH~`u_ZW!v8$6-G`ArhHf~wKnw5DG>!wa zXq5dw&biv6>DK@48N@{KH(Up8yg zw+)SJ`5^C!3X?}ip~fH#n=1Wr91=5{P5fa;N>wsXt$=0_5I5QCxPFN zk94Rx>_x!X!2`uv(Xk^P=a2iiJuER% z)Q_r+zeZxwzRVJ^`v22)i}R z$R!r5)R11B`OR6Hems;~NXT0#~;qcVZRCHtQVS%w_bwg6w!zWd*rGYt@{RhzUT>u0E zG9b&kEN=W)w>aX5uJ^RH4c`@UfzUhNB=?%;Y0d$^pf+~d zv^%fAK>BJqct8>L?dP11^dZsAERxE*2gs=7fN;><(D3o5e)Fo!p^Q zGjdBWk@1_bK?}kiz_qBw>z>hZ#)0YAA+W0mo~sGoSy4onvmoAe@?BVQ1xGZbqOo9h zZ{<o&GaE`>FhxqaApQF+=eotvN~z z4vK1RC%pOlL&%}`6PaBFY#mMTVjRz;p+IN)7_0NeX>m_*(Alui;Q=o} z3=!qUHEFF12O|D`@jyZNubA^`#ZQ-NE!#OepYSJk4v1SwT7W(?P_Z(P&@4+*YZMZK@4QDlo51~rZM?Cp}`P~|6= zzXa`4lVcb-$gd{@PANZW= z+h4#Sxrq;cXC5B3UQtYBn)99gX*?N=t$8@==sA#G?S-r`aF)D~%*Z6|CQX+V_aYj| zxy5+V4zK7{8r_|(+TH%KeXRZI%Jca$7wl8NJ<_IxC?qO1)_*dJmnOdc^ZnB!Ys1ID zxG~aUK)2YNvtRJ4xd9H`v!_G@)M>Lgm1cS&9tZcIJ{@HobD>d0E+YQqIB*ox@VBBS zGXa22-M~|o(Z6~b@WvN%o-8q#$_xNL(3IRy9N#x4bT{$HCOj4(kPAm=_q|67V?JS2 zWt7l#!RwKCoC0ryx`;nY+gsR9D$rg;R2NSYarU>YynVyPJr(*3+P%1OV%bn|4A;#} zY*P`E(*4VG(>auJ{d}yJLtv=;U?W-)8)!JK8>h;r#f}86TD*!bap_%jX}{0!Pd^%O zU8_Hd1rAGn_rI2B|y?{rK#*{BvR^jBB#$BrS%K$6iCW2$n0o-#tANVSOgF^7`! zOJ08W*FKp}R&LceKt6p5#A@qP0@MvKohX*Jgem(Y_(FoQ`x!AP{2U`1jHm zhQib!5dqpfv7>17t_A=V2j5J%K^|q(hJ<}JTc9O2lSCI?y)+8M{NY-#4ldn)BpxFn zrGs2Dv1S>cX_+Y+?%v45Nc80{eUgM3KC+;rNl+kb8jd zI_61XcHaKahLDs*k> z6CFBPi~@bf`zQ#$(GIKEXQd9wp~@dk*Yh+$El}3^^L(VZ^TyvQ9;|GND9vMw5ZHrZ zYGeH{>NU?!YVoZxd?x=L*sUqIOKuHf+e4;ktRY8(i!Xro&e0LH-gf@&wH`42&VUJ2 z;`s=$!n#j9e;u4#YFmuc-;!@HBP?8@D+gpuoUryq<{rk`3aJx zzLI15LzzvFEiNf(Uyr48A)oq2PYC=RG&2>(Uo2*=A&S9@m9$OugP`%sUd{_mHto{^ zEli_b78TYrS(eEXULF1UFH8H+{)OWeM2FTX*Fd%m;ytqfw+zBi%f3&v+FvJ#SwZ^) z1gcjyOvMFBGOxiw>VX%!E&EFAW3TgE7RZ2nQ}x~;f`i5`M?gTk&mcN9cl(+=Qfmm9JCR+LnOk*e z>pPz5_ipUZ$e#7@w`qOzSD|}*(B8Wskcgnz>sYfEyZAirc>q+dMFgCXS>?_S(dDho z#G#Ea359xXa@qb61Z0YoOzwt*yDqs{0uz@A)T7-uk6}J10FM{bUdBd#e*zG>yzN46RE$94_q*k93 zoLJ{^c3&e$jMLoIB~Nxi<0&e=pP*g=9w+wN{V;}V>v<30KVqmKm9wDhpGFHtP)qJD=?~>jzH@%>%&pdJkk<5B{id1Oa?Iebn;ZQ{tLk z2ph@~b?`@^mwAC)6s@9yY{$+zGQHxTbG9!sG@>IiT4H1cI&d_}vH5^d;5aCgPUv=^ zxcr**&&uX>pk)F33Lb}qg70Rn2MYu*sn5a6oX5bE*|4E;zTJxX!QG7rRXU3gKsa${ z*95>3FYsT*FZ%6h8X@r5$$S1Jutd7 z&k1yAg|68Ja6Z1y=+#S;kT^e~pbMR`({5KWfY1Mk1xl9oka?A!F1azDIEf>_>x>pLz|`Ej-$VF-Y24+&S9P$u071UwEub z<}tiLIUqfnM7R&ge(4{Q2T_k+_bBJ!bmws!*L&hYe@lx^1Ue7f&2Qy$6RJh1opMY`S1 zf}!5<#OX^iK4s(+nRltD7$0UcpRGpL(~>DXdLfHJDQ~yy7NKS!PmY}W+5YGbVR_D# z9$~)FbEDQ?xAvS3uo%GUfS9I=rZ$s|^|CeAyP($o>OyM?nVpt&8Tx2YN{_2!=JhT2 zBFPa@+%+J|zzbR0SRmcx3+Ql93Lp!o>|^F$vZK#a0l>|PD>y$7VxHXP+xq311QCWx zF_+;>0SmS0W~6+>u_;)P-kbuA6)Nct5K4ogZ2yFvFA$cAG?aGRTk$ zaUCqY{1b|k{dS$(0Hf+PiIT|kr*SqG6?OIm6QM{+>fxzC7|BGHiBGd8eK{%NbBU45 zq%o9(HXSZ7z)8IEq+n>;F#lTc8B`jW5a3&LfrSLkW&o-u3WQdc?aiBk3R|1EebcpZk8-8G9_4{TrE&2)^5}iQ^T}tQvPh zKabmZ<3I|8P`zgp8@w>UXvbXW-G);WYyxu99q~92^a#1$X*1pL2+a){Q^P z{xnnon*p0kkj;dDd_e13>H}DRPJLhGZPSnvJaEijEi0Z+1vw> zhc3v6{4Wc@y*S!yA|Rca zDa#u_#sQH*mJra6(;d#9isB}jbt|!vr`iW3@5f}Q=O6g zHyP#^%FFb>{@f8*)wHO|u`J7L|5KIZ?Cvstgt-3=Wz?{H!*BlPYW6r=hRj^FQiXF- zQwEGgfg^0=Aq|kMcc&=dwT%hCSxwHsjXYaZ##2j-v7k^fP;JSo$`_#a^s@3%qA6R-}#_QC|702iXPU*u_kPCmi1Zc+#?wpu-ybZUJOE^q8AmPDW z_}h;g2oazs)aW*3ia86*-a^e*tNq6<-weH`LEnMqGvGG9o zzWk3aUhvcrG}9`Fj=OS;wBsZ;`e=_|IbXIWlA9pWbFSmRf$Rf3B6w{~510^4b2nH_ znvR7ezzVKGf*M>k2U?kWVS_PDu64v*4Xgo?6hM-?yW}UCz1a5EJc}!twD5BLpOtOi zeW7~pJ93JbaB2QV2Dafg9`s-*rM3FVG2!lGa(Hg*kY6B&V~@`ay3w%Xt$j&3q|yFL zcH2JSDalyFcUf!p*}l zdkL;+?FfG|nq(qitISTc~*wBlD?{pz!K&lR3@ ziSjBkOv1qbA-$Jw8#7l^{;@a{N_>>pu_>77l2FGkEbBYub;h%#_^*p$w@gU-vSnYT z?2RI-mx)_%0i+K*Gox>)BoI^*pXKl6p3h4Z&&55~b^(zi!&`Pqv*7ZnS1$MV3W+c4 zY2u0|JhY{*upr44xsZCEz20`>09gaz??2}9dC5CDgNA!Zd5{h0b93d9loz+)Jkd71 zkHNh*zF=cui=;$+Z_NMz>}x~B<~XfAiMdK55WT<`nw@5(n{aM>DdWcW>lJy4Zy*oa zfN^956WCZK={Y6fxl^yHya{Z4+;Io;mn;F-qHS&rkWt?{vLgP7xzm8y;VVIbN2Yl5~qjm zHbjb6BO$=JfSPTZj;Zdm=2-sSy}pPG3F$_Jr;{cSN9%5dJ`;{v0)`id=Ec!_X*9Hz!|Hl=THXTJtiF3QfewcG976WGsl_Eoy4 zf&dUXr_d2kl-qyzXB~!q6trzJF!MiXZ>f;X1XEB@2<8eAhzOsg-6Z}6z5o}1`xHUY$N_K+%X$l)>e_>mb~tx? zq)l9;87==fj|8R#K!z{edZi$5!~{f+865}t z8j0-&@Ri+Ck-p1M0r08P10eFG-edS@ahDgn&IV*mAm%Rt8iRSNWpzao2yFnX=-C(p z(UT!~5=8iy&(-5?h4dKCr-s5a`P&5{d$M12Sn48;7s!FirmDPn;^GK??F3ICzk$sR zf(fzhGZu)R*2exPs{$XsYf1fl*BEF@;L<$$7$jDyvaUGFKxL11o=kI%Zv|R@w6|64 zd`|~pv&6aqN_lpe4hdlR!HmL^MvUN3|T6kM|&H(Z`nxfJ8AW@qbEwx}ef=m&fI zW*yD{b+|cM`Jz%zdwMA;1EdS znEOj))6B>nhF|nEK|$yP!UD70AhWq$;VW%Ds+b%ipnX701N4w!N{$($cYyQjjUUno z+oPGcz0=7ano?k=`v_DIpcS7u-wHEN@ui0sdKx&nJ5s36P* zERbnc&kPX!i1nC-a8ASn-7m`+sb^2yZ$e*W@)Bfq(jZl4G0F@LHjuv`SV0e>ESkT; zPhj~)Yn48^@IIoRd!djclrllDDY0_i+~apnr%7DFeTy>o3HwBVsR*zKfpG{VcK)fd z80LiT0T5O@tmyQw=D`{=3IU_T8b3KfGg_c6QpF}}vJ#=izQ}hhC@|QCQC4~m{g!zA zIo$%OpqzJXE7(IE8g|-n?#|XF)r@Bs!-NA_G+=N|EVx7f54a~WO95yIDEVPus!_e! zG+Bcdd&Q;(u^A3T)jke@W!@yQifugz;Z6R2kM1Xq02BzA)hDX9ybPBQ?b@QnMyE+0 z0{(AUNPrqLkE-7e)9ms!(^$tX2XGhw8ktu2C$?J&0P}Hj*=oZL-Z$oDxZ3E3$}2n` z|7gNCXn!(0cCK#7m_-3#Nw`i=m<=)ktQ8d%N`Som%_d?Hc1J_VJg;R=T#MJUlDQkw z4HSa0zI?>c3&pD#lD3+w+;R2%n2Rs%N1Pe#UEkPUCfj`a{SGB~Ukh@njK=*j$Lvc3 zcCK|=^C>KF=K#c6+PdaErlGva_66=KJs@zL3q>$q3pXEtd6wL1#HzQ5C}8LXsOb-{ESuwgOpLnN+YZ&fhL7Kar9nTrhaBQU3lw`(rk z`<3e-cl}KbgoLagDsmZsBW6Y`4i*^%lt8RNLd^+Y7tb#;PFV(*=7J|jqT(08*{)Po z$-rqaX5-VKcptKe_B%PNHgBfL97$1Md>(?gPxdR7y;TL5HWysc6cfXh$T=Z z4+B>f>?*#{bYvo;x!PtI7{3EasZ+OyFytiPHIP^5fz zUQ-K(eyvzveHq3V_g-&0UX>ssdRJN zM|_K30zMl(U*JpN)o?Xu0UtDq5AT`4XzRfO$OY^INEfR~$UBosg}`Ya(2_SQJA#3I ziDO>>T;@UJG2*3qY3ouKRxgGJW>24?-^ID6I)YhL+u52 z2h1uvK_bl}?a%^@ZTDV&!a+u;ZdL;`30EKsbibp-K;WSU!D>ZROpRtfqk6acL)S`_ zh+JDG5w;yJLAz^Cz9dQo5V<>3BR7RWl9W9{;N62*9J42Csgyp9s$S-2hpeSL_1GFV zz<>3|+QrqDTkw8}>Km3mM+U)|Ag^kd6o|bT2ofiD7lb>6k4t^{67Ywc_p2D*p1yO7VN?S?)GrWqp;}!RxDnQFSZXFUy?9u}c~0d#hnDna%4T|D zUI6XIDD6VKotU8?FHis%epc~U(HTCQFKy(^5a<*TAo+56GEM5Y=Vwzd4bUShZk)2f zfq}m+JL>Um#C$oCP1~T3G6aujSw`~Twfka0n7)4s!EW&A1X z%w8lOh|{CngY0PJcQ!9|7PtMb@pCqo>VRhwIKQGXqo?C~= z4l)hccus2i`TH!D`z#z^R3Lv`QQYw43B(VV?*Y^`l4E%#VtE}52I0l%t!*b`fUOJU zEJ(6^r1=yWQ@Dr>js)*XjB`?gp)}xs@xnJ`m;QVE7lj*cCy9YpJ&wjOV*M`GLO+Bb zJAkC<@8FPe5Jy;3!SswZV*Z{sr1EuU68)8P|9aMpucY&L8f`|-zLtXZF*;y_*KqKZ zCJt*t)?DgyreO$!dAt|AUi=lc&@4n9qA{;MxvPUe0E3BbqkAI2{^*3uam~N6?D<9| zB6bB~fK3Ku2+V8o!K4;MU`<_%4JJJ`h{^1oTR+v>ADdd$JL`5k=Yv@o<1bE-HXEFC zc`3DUTzI$+J0|#qcTTRzoi+4+A)|&~+Ls9|prq*U+w>V^6rl7zH2)z4zHsfVkp!^a029n#IWLOM zY80m>)vKX8Tv)@dkr3MrHp<9Ocog7yXCRLb=6a@wak*Py;2R1Yib8y+;?rKEw~LqX z*tI_kXDRa|=Mo21{8*m@62RllD8^yOM!sfj+cE<3Q%U5?yq5Wra&SX!s)f>Xo@Cz< zgvs6KS^-jm8Qq`c+NgJf7S$D>L4f|ua-cz*TwD}$N}dP9(?IZr8rC3B&~f{2_4Q_8 zV92i|H5%=Bgzn?<``@<(<0|zJ66tLoNII| zzZak(fV5+bm)@Nt(D&+K8A01ou}1^qCna-Q+5h_B5q z09v#OqLI|3$SR-_jl@fO1)foq3ZKx@ETJ)S>#ak6W9sP90!|O5Lvc?+W{I90wLch| z+o8r%y1%`1R+J4QY=f^Dik>xz!@f>3!74bm_AO*D!)_-7mskC2u43!)^-aspRz*6< za)5C=@P`s}TGZc=2f{)P#MUkav=B)rnuW zIaNz^bN|!o7^8Fn1UU9!+mmMl6#|eO0}(R?&_HVeli{08Co0^Ff@sbJFmVQXA7H7C z3*b~3;%>N+%JBhZmZ;T=SIzlkyEC{T|13Ls*eze|y z<1VIj5qD1`k!>^b(he9+`D2IR}n?nPPvc6~V+HCMnx zR)=|l5k#+tC6d)rM5zNSgd zhVPEKEv{rp*N+uRw`hjK5B>OzMAN>WlZTVBAsAN*P)~FBl6K1%wekfL*55%OnjSP& z;5Q`75{}Oxf)R@ z4FZEndi79na+;=Mp4E**MIm@5C&|*aq}J+6W~l6s1X!ODS2+-|l5Qcf{ZajCcMbS( zVB{V(w`oz;mIlboGmAcoHH)n|vMKMS%T3=+BnQKp)S0zec`!z*UHi_y3MI|kolyW> z9S}<0#H;4|oxFdG`)^1CbHK9$U?}oDFaW3IeOeo0Hs57!#WbG$F5L!r1cObRV^LGt zch@ToUl2U^LayyQX=(P8?oH17;JzDMFkV?#bK}%09BDY3PYw%F;8j1fX{*L)7Jmm0 z1BjFqOcK}dCW9P^t0gYhi4U+#>6o0!%y<-nj-vf3D;T~#Aa+=%fnbtx@jF!S87|1YOy_pq{jD-LU*vTO|G##Q)NSuYQXmbqEsR8Pmgfd%|aH>g623(!V zUc#o6y&eEQKP&Hefh7N|)Gn*`=!@LA96^~3TCCJ#nm!+hY7TCkt&~#!+;Gz%W(BSv zcm`od3(hwt8$3t_TtP68w&8!kZbP#Mv+qcSA*lk0s^_XJu!JE5? zYmov;7Lx`sCY-o}@Ls%N=&#g}uD!yWdX1sn4E1<{y0F-(LjdUg7U}%;aUQ>>{cq{! z*~m@uJJ7(?iLfoPDa8Ohg9B3RYoP2v$=W^}-R4Yx+(>}rY5OGxNCvh$GoXFXq8$`O z%J9BGxLO>@hdx`JMH`$`zeM+Men%+`(NUGB0P|yBqJz3=qX(Mg4gFHct>;>dXQDj# zWotFrBK1((*;NHdHh=(ZIFX>y0ZK;gch~?xAFo4(u_;WgBF+~}g6tRQrrp@-z2Vw{ zN?-;DCnj1tg=t<7mRc7G1MnEfgnr=Xku%_fc>uyKEiXtQ1yTmBaXg%hx(dKj2Ghl5 zsH>9T!v`=h01H1BW!3s3p}`f8^Ju>d#keW2H86g~0S^;hk6_0O-a6NUDLA(Z z#s+L=!r)DM=d|cy(J6SKsDI(8gDC9aSNxO2+SB$?YtKSUrNfhiGh7!!P}`MKnOYmc zm64f%kgK2^y*d}2vmX8Q_9!n@F-gvwbiuW8le+whO_jE9+3%Iu#qu%*L70?6iiN=8 z=&i7SzUb<53`&msJOBS)n zg{|&hJ^qe!##de?O5gpJZqaZJl)lOB0%}o0g8o-|(F&ApUp}K8Kc*!8`hoOO!XtaZZ#0a5%7;8kV=!z_ zZ3;hpX1;JHV+@@dD^y!4$?*G&aQYmU0VAnWEG>mK|CS69s}L%b#-0!#yM+1>JJdNk z3+-?DUjiWJOX-aEO>w1NUhCNZVm-39r~Eo7JG@@@v3R-c{d($l$|(-GGgrJc)J-vQ z*RkSl+?JVfeu6t>xT-#jA2%aD%)2_v`|`o53}^7A60FF}M`Ws(cYn)|hX-_-cwSP- z$?fo-u|_pTbsTKxKhQ?VN?t*pH!(#xSL-`DM9n z7Tyn$A(wq3uIRlT;f_x=mC_e;eKU@Ja8Z)-E1NVPxhpb^gtSboS6g zUOWvaYx=qKQ%1{Su1S6gQl>36J`;>b_J{PWp9u86nX>Ff5jsGUoP6>Z;di=Q}T<8WrU#P)G@jgE5?3W^1J?Fe@ zPHn^zF6%9O5<#Rz)4ybo`&OJl+DDt@&9qRM8q9pRJyrM-%3U)61Mm?^1>GZ#49m|uSnk2MB`2mt+hO&PlwK6CEY7Sw z;dS6paIjos#8RF^A8(Z6;#4} zaVZxs#yZY%lBV3E6y9K-v_OgWXdCU&+=?Q0pAX^1^&3i&;q|^{c_yvErtKuuqd1OO#$8QG54%Jg^x;Q`+g~MVq_7DT8DWr9WkK;U%00i zs)Q1fP&zsn*y%j4JkPJb=P!5Erffz2;m_030Kl^qy5vWWON(9SXFL25aeMe_D!>iH z{`f<59!m+B;T2jS=WXeD)4Y3SEJ~f4WL%dsIfhb*H>0A{fm9q(maAWn42 zSnlsBB>2@UE}!}qtK)Z{=&;f$q0d*8y!`nn)ibkh7 zc5#7c{^0Q!EAY!^NFlc}NBt8}wfOCQy7Ug(8<9G*Ggx0wB9lFbZ$Choq+{FdKP97O#tSkWl5AR7b z#HJt4FO1}vAN*}<^S$9)gsLn_>eQOsBL*ge@9-b2urRxva=Q72e!f4p9Ki{#8950d zE#xeT?Y7KhGWwnhwqnDM72F+klI@m_EdOCR zYR4YVxSzsA^*f;QS)v;94PBVXe8Y1vov=%eeM8|B)mqk2a~PwBqipn#|6ogw7Ml+w z-Q(5$bo^G*6XiE!uihkn)(*Dx%{b%sUcGAKeVWAxS3GiIc=>LCQLjDjm-h#(cOm4t z14B2B0fb;~#f5lJu^LhPoP_M#}*^^6@uUofJdr8!RpHm9FY_^p*xH0*dRl>gVZ-PX1;=; zE*6Ged%;*qdWMqPU{DC^IvwF7>%O3O(Gu28(C(<(d4R`6=x_CQz**8W_57wqeB!q& z+=21`Xu8U%D!V2s0!oQ+0Tm=KA<`|~-J!H}$qPt#2-4l%h=8bsDBUd}2q;~GG}2w) z@Z(#{gBlyD5B z_pA4&2l~7%W^+WyI5r6NgsgMYYwI(FW#h`~p5%x$oDh%n-Pyha1Hm5cG1`w`3UI12 z^C4aa9cJ93+C?J5z^z-nnDBY6w1MRPPx7S?yl_6*o(bdW$^DuHF>*_)B<#uRF_qQ_ zz+rEHaBd^xzT2g;5kv%~Zvc#lds#u!H;R{l`e~IjLRPV_FxM5;vG6R|>;^Ja{8NC8 z!#V7bU0Wd>KeFG$V%Tfu$M}}{iQJH7yv9U}=su=82e!l1@}uon;T8#uY$`ahFPj)X zWG$K4HBh*CBOn?Q+XyKIP!aU?7q?`5O|#-Z3D~KQHE5}=_LYU#K@XcRPP^Y~r87vV z&}OWtsj2?&iQX(Nt8jQszxdS`%k&8GA+LR{tAFehenIagn%lM=0KLV#``qD_$byx; zNu`h@$gR7#4=E85+8$GuH<_&b=!%t-dq}x^t$O@oJcnA#I+bh21d$_}I3+8yhYdtJ_z3^Hj>F1w7 z-sN3 z7-Z|3`LU9Smx)t+fWMTtYq*vKb)dVqR7a&{WnqUEjrpZ*e4IUR{|5o#?gQ1k&;&t0 z>d+tUTp%|z;&vKJ**D>?9m3P`P6B*B|&%+7H%E+P^wM4)7ETk#; zr)uiqwqY@G^TOSE(~pT8|IQXgwFxh}WPGk)6962-TIWG(VHhVeD9d!7)w7#DGR%mtbxiCG(?_wK7o??fEa*xB*-!((@w$1oxbO73--!D9Fy|bpNt39$RM}jG?OJ0m3P&voH+b(avUtrXxDd%D`DzpPhHLNN{PVqzZ5K|?X)#Dh zkU)rR_L2AjVibL@!pZ?^Y}qf}uC-Q$ugQI568;cPt?_;h`E6Q8^#EI~yG!OO@ZG4s zc%Y%+^-+x7CVfY@_EVIrr8J8t_KWogUcvVCJ#hNjhaJdG?f9hnzM1qew{vhudRSwW zjRb2mQGIbHUYWbXJpHxNQ)1I%&N(vX9=bbgA+NRdF4vAA-zueb)QEAP;4S?k0>C_8 zO0GTydab(A*Q@;ks@m2wDCQY345$nG zaopHuebPEcN#!-Sk+c#$B>ep&`g})NkTpBA>xnYG{|eBoa+b_q+#>K9=vTRyV4xbM zPu6`ZB$98}{Y3Q@;(?pCBvM<6K-Sz*?4cVbAZO)<11`I6K|P9Vh35*1V#2r(Ree%o z{s0_snz%X3nI4OGtr8-izpkSQF%MSo@)PT<6EM}>#`>CklIUz9Q)eY~b!UU(LISE~ zzWuIaS*~SCA9bFD7j>DOuf21)j|FLqpWKp^bQ8Xum~?yX`jWz<5X}lcI0x1D(rx1z zMx3^yv>F*a0@zg`+TFIBB6SFpe#gOwQuf%k5`RRS)dODYCtYf;g~^py0;hC!#Xo+y zs}TH7V|PAtu4L2%1a1eA9D}PeQyr=RdhXqdcj1FuE&QDDxBkI}I)Dy{XOFCeqp9lA z($uBIX5M!;dRAjl#hKD@H^=Ayo!apv)t^3hqVr^-PU>Y}N?tgwGhI5<>$F;t>Of$2 zO*_61ncS7;`$pV(s3wwF4L{L&XKq?jMB-CXS`Mjrfr1!WPSsLHr-|4K{ro!BDSU_(#bVOXs?S9`9-#>YQ zM^#7rB`1cPo_goHaUzCaIPCDg@4b!9M^We5g=_O=+FsWw#M^d~3|fGfAMAHflDxz! z@gU+|wygLO{ihO(;Xv8K^pgfuUC(#rimNbz(?yIp!k1I~Z7;x4NK&gFrC(wUNlYuc z3GvuH6fNmc(v%0YiwWomNayby%}0ZOP%Ms0Bk^ww-(Rqo9s00~oxH?Sikab;sY?H5 zZli76_0K-!ou%*Al09<#9;z@(fO`j?+yS^C@thZm z1IZ!u{VYU1SP$>Vy{Kf8H-EnPO%IB$DpKFHy{~Q^pD)`4L^^FBx(}anZxF9Fv;?{N zNdqGS;B0>qyGg3_FlNk?*5b@B!p|mvDkA)=o5OO{Hnm3aO^CtaqOg3oc>7nzzitkp zNO)vfUPa9bd36pfz@axpOqfbjVb{!?!GW}AzAewMlcWX}{xSfo_oYB6;CqH5KK3^7 zXpS#PA@9Hjlsd3XQ;$-l!Z|1mU&FT7wMfe$muAqw&@EAZyxc1mfa3Sj=8uE6$brxZ zaivLVP4_EvyM~yFIC6-Rz4V{EV_(V}bLj~_n^ieXzAMLNMisr@iU^xOt~D)ffIOV> zDxhHSnh}UHIIvUqw*T{%CxI6$$)KV7vg zm_zJ%@LrxBW1wGt1UA4VuJtZexTG)kTMop3qZfw$OU2wLfU++P9=6+BmT3Du1Bz}w zH7EKWBB$>Mpju=c^aG^k;NzI!xBWp6!->=0YkIG2KasK_XqHGEkXj6ul2j1~3ZD-V95bclQged;uU$rrXe%u~f8CG+b%@j6-)+^VBjtVqRMLynXHN}k-&S3G*r4+? z!{Sa4B(#w6g7!9ETe=H!8O4tq!(M}Izh`9Ig$#8i1K|~gb|A!_vWX3z-EI2bdF(5; zpZ8G5Wo5-7wdkiM5&Lf+%vyP`DE0P!`zKH#PMqveaE^MWf8IX_+>`Vn>Uh?k;xYbA zdg*>Qjv+N?eoRWsWuq7`=^xnKZ$phrKaF;LIjs-@Wfdy$qM^cfhR-7Sxrd~I=#`IZ zdB0n?1tiXGgZm3R=T%)$GDGBrg^yOw`D(U;hPN?UW3W5B?O>dd(ZMbfG{O;K>U$@} z7B{EQe}*e;#`!X`UOq!s*OJvpmYI^&6eNG40Zv}|m z75$Nwy9**Zi4`tW1B9ct2pp>?cUAvOkR2#P3hVH$Y+Bv-;NB=RrX%y)71j1yB88;~Yi7FjmtQ6A&%z`bs0nd~ zUH%C{;1CeGJ|-M}ZStWRP%|(-?{|fPtTD}g)FR0D$W*-ZNm0d?hMyFqN#4tKV4^Q5 z|ND1|nts1o5;#g7r$LR1eU zc}7^CfRZrRIX7^aOZ^c+FepS@P#5xjT;-?THywCvAu9l%VZH1fQU3p@Zq^SAf# z4|JrsrY~tHqno2&eN2hi7HSWl$qC12OKy2B>>Y)deI;u#)GPsooByG4dW(5h`-(q_5LpP}~Q@isb`$MfX9uq0Z2TQ=GQ``dMK=%5*Y&(n@2ZJM+*u`F<0#kE%k+Q*#~+#mcd zmK=|x{%v&YJ*6E^vtK>dv2kRV=KnELv#le>uSP@THjMQF5TJNM@k2B8!aeP8oP-#7 zVHihNT8!Uc-Zv<^H#JSevcaTWikaeqTl6b%aFJ$pA1^F0j&ae1csvMC#p=0cf=*rL z8CeXbFL4~k{s?tM+t_I@RhL(guQU{Br)$Rg-}r7DESx8OCk&-QfK@0R&Bx}K!6;fJ zn|;dm)o9sY-{9L<#UkOPD;IcB2rTU4g_ZC@vNAJoRe&m`u4SWZqe|_|-^;7e z+Fb*#-EBX+vXL(ToNKbvua9pQ4hT`Us6zy1kd^R($!O7+MEK9rR$u2i|FT2e(>W

!lFlbQ;9W+kwD2P&4zy>EjJDkL>n*0mkC zaOPHvRE?xiyX^{?9wSf3EeXfi zg+?Ksf}lqAXs0Xl4beJpB1ztzr-+EBI$sHLru;oj-qePnK=L@522wrBiXf_kmKZ{u zIMEXt{pXW`_q9+7!yd>PfRd)rT~b|kt{x<B{)=Wk`|dhomWFdq1WsCovmgDVP;*~`kv-YIGUWU|*mUeCmO~}m zfWBX*y9;rLhPD)=dIpI{pMU<-s3oF%t(7<_`hs$FH|*WR-$q%)g;o=q5IO-4UJi8M zq)PbKt4{LeKcc${?-;ed+Pvo6niGbS;3dYLNiwd0i;@nf;-he^*7j@u?YWEYz)0X{@e)FY|@|oi8wRg&Qct1I3`ew8bUQt`yBKRfV51DE=;?~L& z?3?181Wvr@=~rG%&7pg=(`g-rl5-b{hkF-4tfP1l{W^>{E8Cto)Yc9-=wK?Dp~r`{ zWTQ4dp(jgRgw|Uxj+VrzE?l)8bd|;x3C0x{d6~cTyhx{?VI?wEemc3t_0G|_d~$^j z6oF8vj%Eaj3ABH&#{XR73{#PlNr|WWSgy6@uLZza>X?%dXWjuLphFT_l`|A;P7oz!&9MLx%JnknR&^hG&8T5Fd>nTI zk`Vq04&JcmCO6i`GtNl||D}TlZD)YRkwD_dto5HwAB~@{JPG-HI#r_!V}uke0A2>v zDOIdM(B*7@$)5J3^vSJTS;7Pvub}w8c*7iXiEep(5zATT7c&rZd73Zy7GqZ_L5PAh z@kPrV5~tFq<=GpDK(SZ1zM`zz4}=)*C6+Z(U%j1VZcYi6d}JdewXypQ<4n-z za_L!(_q+$7`WFGd6d;>-d6DP-Yj>M*W&&g#AjBa zUv#e63*=xS50a12W|+2%la2K8#R4)=IOQd!Zt0?Zs-=Cu3Z{7XIia#de0+Kdwx+ zO^K*H2rg_6p;56{?Y6~V<$6A^f8knA0#h71XJPui;>DEr_dhHq$kxi22odfWetDv( zJZLEC4xt9wn)-Fsh2Mv+TIh7}*2nS7r??jv89+VY=#iiAk1su_MZewp%kqcl5H>rC zA679QVMdlHtvG!>rE#uQ&ra$9!DZRz`A<{&;8bcxnLPQyW5;*n%VIHp!* z>jF#o?@0Wc@Eaft~?H>8_$36%>lE?&^ z?F4!r586kS4pRf5|H7k$`6m;ALIm7LPxRoG5EMW|4$HQ|y2|XcQ-m)tapKkVWpvuN zDu^th4E~it-oo=N42%!98SSsKsM&sl^m@lXm_AM&gof7SgrzYX%EodM;CWiSnCnY? zR~9RN@sZ*hXOR^lf64;C-TO)3>1E&Tlo_VtZB{Y6A-bacL6$DA;dZMr+E&7cqJ*`7 zlhgw#5dtXQWZFHrm%m;#m!W-=@)JRAxTQV3$0%bauk;)A$V(-e-V&=^tIluZ6i3?# z-!g1SZU;sJwnayHVZkZD7C?&0dvhNMF6B-JhTpTq8ll)B5?mC%_$i%|Ge;`1sp(O& zG)-MOI|Y;o%te>Upx|s+~*E36f{9o`_eZ=jwS$h_=puNKuJ)|A+SjTz5RV` zCQO{x>XhbDWlyO=pP3=}?b{7Q9*fa8w|iop2*W_TBUFNp;CFp-4JBurAf zwnzp9dL$wOT_|syJte_FTWK)pEwHiYOmnAbQ^JR1z`aHMV1A$=+xJlR(OEyTj&&23 zv_td!-~KrUbnl4!k6VuKbr=pi?NTNe`&j^MV%i-M*zTM?qhR+-w}Is`h?A_}S6L`Q zPQWrJg&m?0R2+%;zZU@aJMD#~Tj8!dAwkd0_-Wb`P z(gqS$-lAG_y1zqMe)ojPo}_1;cmKyRR2$-}!!G!cQ}f=$G%17tfEcy)IeEs_+Jp(Zxl4#kz?y&Dk%b;0;m>H)P{Zclx86=$H6KY40wVa z<^7$>of@0sKM2+0uf;CCc=$&fLJx6c^}a5XNTER035$UyG~wne-acbkM}_@;+v%-r zN3T{>`|l@Bt@cxVchaM=t9q|A5m6I2#U`8C%Y<@W(eAYBU4GjeWp-}mz4sQ`*o-(v zscq=jV_}!90t_p@J;z9Q)}&t3!c4t2LY+s6cjhGzEb-fJIaATN*S$%}kCC5On@?$} z_Ag1S%KQvu+3YVDUkYnmB(g#>m6m5_P|^?k;n7v*-}>wm`!6RUqK=-z0?j+j0m88Q z`02P!EoQH=!SV)tDx}o~SquRAG~$YCqJeP2Y2L+xA!6V&$b7)M09rL}Hp%H;tOEX+ z5|j@802JUdB^f{~qSByO>!i((BoO~$QmkRzJl+2V9UDdAFl~s^3*r& z#E5HG?>oG|D^NZV4O}hc0oFu1Bz{-jV`3}eAJgt4V3mSDptVr~7BE#N4xX;0EffOE z%JgN_yN8^4FD4+W$oSelwG3vco#374P1 z3-!Ew-)XXD=ST(fq;XpyN2(1rC&$EGxMH5kyG6ljzcs^@hMQ^=SPqkhB6hlbZ=oB( zpPv_uT;BG_1=sX40fVeh+?|qttWb5 zocEYwocI52N%6M}qI;DK-axR5{JGE*kes47BN+xFH0keYkjt40o3K$ThSkPZ&;+ki&tiPe9T|JI}@y%pyc~&;C_lgmu zQK0oZ?2~lsc%Hr(ACy9lFVm%wSV_?!zy^>8QY#SlEfyq2=WQs8)H49eA0_el_ck#) zXL{TP4d^MgzpmeL$Gx7eVW_L3&w`H%(BCVY@YMq>DsMYN-Y7K`Uvz;rP5 z0D=1qndJC)ycEsH0CZSlEB-Fo74-0w*VL=W3oa9(V6QRfR;&1D_k2_LyLg`%E+ zru>;2C0s9Aj2|vJYU7Jn?L$7bc@qB?f!2qW@#^-}G#acF2`Y29ocsV)wWHGL=Gr;v zuRz7dW@g9CZHOo27M)KETS)WkfDeOxDRH4PO~>`c-ikHo|Lol3(Q}P8KlsKSk&_QB zjCQ_11%uezu~!nrMW!1Bb2Xl7b+1ks#4+TyMYYLLTYOq9avvEFdA_kg8-7D>j7K3l zZaP~eH|n>SEpqY0_FJu7Tk9$VH# z!s;jn*cYMaF|@ zH>U$`^0p0Eb=7)*kWfwpl|g-jcnIPycn83Nq-gC+1k7qApE)$n#9^?U3z8QFE&S%h zsm_ur8q9S*wBwLpuTYKwFL@8BosbTI?JDY&^i;dYok1SS&BV%Oz?!=;ZNNYH&;0bW z3QTGbWDsWmebM*^Rpea2)%PglR#lE?1VncrVs01e_JyTnckv7S_%V1bG>L|K?sxW# z_Y>Wo_3tk>-HR2bQ0lHWI)}m`75Bd-w|2_@<@Z5AdNHyk>WMR~dUJP}aA~S4eM=L? zHFwg+cGzyHgqR3a6=|FG0p^~8_Pl}W1=Nkj!GHcv*_AlnxLL(Z!Ylz)gb6(}~$O@Wo9H)ZHfFwA7PIW+gMpvdfheC?X z`JIHgr-6^jcRVofqMiuiHn7|U?#6CP|6^3IZH8f@q#T>Yf)jRt6nKK;V8?n`;{nFe zk4J&CTgXpdqVF$BC&NH+l_dMFhtL`%PL3cFIM9=-q%B~4Gv{8Y>Nm;BvG}-wkKWR)9uLnsM}mz^w$Kq6KB{I5A@y1Wh{Ivoba24Rp<-K3?hcG@ z7xQoak2}gVgD4Si(@En^xqM#|2~Zy>%`!Xvu{qiL!yUy(pVbPz~ramQ(E1@||5Y+Z$E`j7bZ@o z(pgu(#(zwX2@q4k%P@|`MPzlqnS5)2t1wK@kH&UBU44F`I@l7R8 z@9D?qV0{4_5Sv+wzME)(>iHq>$D0CkBF=77rBMp14)C96L4@SJ`r`)zt z;qCm6?7^+vl|Lxf)xwd_KhJ~q0?r~Cd(Y204+{h*6$z@c+)*W5dztSYfD;3#*@yRf z!2JYyJv1}?PV%;A02D5p=e>rDE)yj)dqXZS7CMn~4EF6}d}vFkD|l^MjP|7dim@Rr zdlTX1W6nsLH%F3w&762Uo#+<^+uu|!zgip9?RjN>Y`kV1S0adXec86{@)OPyfRt&T zR#VlIpHwgCdrR~sCej5S0sW+$b7Q{&`WJ$E@0te~a&O2^lQ2SP4?u>MpRIoh2R9p- z?4JM;o7{aZ&RabeWa=BNI)ACSDvs!0EFW?^r3aUrnLKxJraCy%K!${KHdJ$+Vsk!f z=x3!9sV7ChS_GmXG#b!7WsbRb-zVxM5eGcve5ZSEfk)+Vk5ml}D&`r}pF?8kKU|Xc zXQz$p1*y!P^a0QYn?OZ+S1)}@vxP_!WT}_H8=m}!;v2)6{P$i+JD8M0d*xWPJJ7w!`IVbH z?Wc6a^C%0l9@Z?D_|^YILtvei%uy+-gR2x&r(xjHp(4?4+DJ(JRGXESryStRYLJrE zm${DYgJyxgxD?=_)K#lrRa}J8d$*g#V4QHN zhU~1UhLs~H@sHwJ&`=R>2Mb}sn;59PX!PF%j~>qbqAPmOYLAXi%Z?8M0yxXXQ7AOt z+TM;)D-i=A1J~CyR1+(Cb1c}0&PLpYwV|%IW=>u+UZ%Sv+slMxZbocu@?r)@J}PrC z?%d$7PI)t^pzBL}wz*NiS8HPd7UR^-<^ag(%+2AW0rIfE&{XgU`We8t5`aSS3jNoO z86uqx{ES^#^Vk^ZfhadR&50n?PB?tD3W&j?Grd>Bdk6;G+bQ~A%J!kr$rydqiXevBW0|0^jgJ~fqqc{^dXZ^bt)Ev1A4K6{df3N zc%5s#=yM}z%F=XgR4#rSTyzpB?~mkg{!0ipK{(E2aTwzMqBiDV6z_A+PBES2_76g3 z9QS>RUHCJ5S?2TyXrZVw?q`ho?rC6LwSk2CWV8V*&(8fVz4SPvLe0S}E4`tU004e~ z{-8B5>K}RV`286)ojVnGTn6wQEm!zP^^E^;(hWF}UG2t`)&1*m_G7imSjpcBH1!7Kjb11Qi4DYZ&ziWGveg?NY3Z;EA=r(@%i#A!$7o{hg4|^0kO35 zVOMjvXsBsCxPErGRTF{lSEF_zPlSUdbxt3w8W2m z^ffh@9=Pc$fxRR6b0)H&CVE+dwGw{uPltlamxVYH=|Fl{eQ0X|WtEdUi=A21G}|cl z!%te!8IAJGf_j@Cc-!4AIeqbNS&K61DNv{tiuV^Q)6jp19S7UK9-CFH0N5R;6yqzD zY<%y`hl}ith@dg0WcJ_|ydiMThK`vRS!{sup3nqzv4j8SXi0GkR6FyO{?%q|8F$ogJSfuvTmT<`6>I!Z*&< zFY>(gD}FbTqu_c^4UkG$x?2ZG=X6KiIrJB2pPU1`pb*m9`n z(=uWO5yWQ>ykS>t;qq}m|G%bh!Nzt^~ck@lE{GzCiTT^F_51^IeIgWJLNK0W`s{~jTT0_gH9kogc9fIvi`g~Rs0_C&5wa`)i`Ez= zqYZ(y#&Pq-cM>~O2nNupC7lA6TdDRL6@z`@BJ<=MW#>?UJZ4v$ESVVYC));_VQTl? zTi}?|0zC+mgPtO_<3<&O_KbSOe`$wP$=?xf?@NlxNF~iZXS9 zd&RA-*VuOFg8Ld0xAkObq={1A(5c1nwBlvZKOjT{dHv3v4m3+Jw2<;2rejPsVQb9biDuQwz97Zq`0!yY9{XWOrWz ztLbZnKN`ai!zJAm4_7@VT zfj1Dx*7#uMHd>6(eYQmx?U#^_d$v`j6v%R%C5XN8tkt_RD~o5`u=0$I)*i~x^4Yw{ z1OgM7H*k4@TP;qflIiG#5~3TNyZfzgV)BWmz!oqk^WZ&6gCinH*Xw0Y&m19uk@1}! z3R9Ae!uv@ji<#^lKJfCW3CO*oJ4Xg z(gzI=Z`rlV32S}@(Eyzl#2?+tSajnbf_M&YcYK9+718Om_+f0nU0xZhc#dptpvRHhp1x7N%i!2;*(@`-=a{B7Hwoirf;fk#K&tu3`_9({+&=WkLE2@*6F`Y&>!gxJyr|JQeTBbLBWwU#8$eSQ{>yd*g?Av z1xH+Bc6G7DRW(d=VY#EH3}lD2ryBFO2?r?O*Mfi!oFluN^G5j7=AT_s2gE!_*Xsf1k!~{&=l+M;+nX0a2xK^$v0s413<*DimnT8w!jbkg{*c;>B1uh{9vqeyIR ztH#G0b%7%s)LcP>k?M_d-3LZqk)2#HglB)jP_4>)Lp)e-H>KHH;Y6!kf4fFKP{;() z#&Al3@l}Slt!1CuIn4Ri_H7>w##b2rYl~>s=X%j|%PteUUNcLYJo@ctJ06*v*S&M) z>(PTZ316IsXR$hGTH(e1MFOsFd)7-F(DzTByC)_BJd~rNk0m}? z!qqK+ShDZkzhsB*95A7e_^vb4ou@nKD$-ak?O*qJZSU|5Zd_cyl?tH5#I@gU>`;;$ z%{@BOWa>*c7x+eCDIk~i?sEce5w+43jS}Z{*KYK2EVEAXC+0ZaX|L^jxUsiT@E)IB z?Z(F%#m8^TDxaUvj1_Jm#2RkN!rjB!PCtD934F4`R(pj$)~GkYn3WO5nHm)!`^7_( z{t+fi3yFm#ox^ybY1K6AoB1BJJ)Uh^2JS(hk-JhI)W_J+VaPtN8}@uz>2-T8tq%J$ zR0BuDKO9;J(zKo@gICPLzG4c?JuF2UJDlu~E7C11(kz4WC#HvL%{61h1fqX&MMyFb zNv~QQ(mb>~z;RBA*o!eRDlfc^M@aN1a1sju##IenuX| zR=+Bnf64!(rjU4TVK`4jy=pP9Zyoi`fc3o<60x-4as}VVRF-H|l*|$OPAENS|D;rr zv4hGg`V8ZqIh=x23JuzFb5q?hQ%#4j-(XxOrtjU)F>Ut|5&c&x$vGW0Vk`rH|1!ht zSxlg|TDCG5TWG^u8?~Z9$x}NRO^U1Y&db<6Y_Z8SHYtDGo5uoIZ?XMQ#3xA*w~@x5 z*w_|-CM>Hp@QQ`};_Xxfo1G53T1dI0wa$ub4LQyvrXpubk!&Vz{drehug~%l z4Z4n8Awzt5prZGRqp_4|&kMKg(;3t3++C?VOG!J}IED7zsPq!ZnV47IcZt_NTACE2 zwvY1CwR5Sbky7{>_xE*+SlNB2%`C6MA^e^jgw7-8`(rULFIxA#j90IAW5j$`Z|9;^p(F#Zq&b+zi)H87ej2-)KMAV_u{XI1LHAk*Wdi3CA|}dw`sprIE9D0 z`j;>`UQ=A$Zr{Pi>Qwj_qV}w{%JbGk7O@@qg%}R5^wm*s@x|d}K_rO_3CSS25lkH| zYG)ZQI=@4iaNa*reAn~Q1k+G3ihq#lzW(vYD=4(>?zzx=gG1`vg4*ACE-INPCkz z>aEQKf)_arZE!PNj>Vyz83*Bayo=isv9gWjI!ZN}%A~lDaWh<$saozzB54p$XR-VO zkO)DBKk&K;Q5fKtVT=uo{-`|rQN}9&&VKw;|9X+bxJ{(=7bjSl* zAH3*dl3dJ3qCM2iTKdgcF@=k3-ir-gAZDA|gN~OY!=T<)N=w zp7Va4YTS+|zYzCM{V*gJ&}mn?jMmzK%-tj?m- zBCXSegF~R8wK&TR&SO*8{v(%!9v@W9@X+pOqO=%l=OR0#yqwL9&y4e+DYP<9Mzi@IT zHx0sIANdzFY5&=^_H{oDnfaFMLlx(lw{t)L>YzUI@SA@1==ZO=IqC)fZ0kPc&%^S& z6wP*VaVptAN3y>PiWufD3rsD1u_ftr?Hk1Q{t!byB|(!kV06hfumpibRPMDCq@drG z?!c5$PD#iPcH&*${4H*x(Yn@VGnz+6VFI(sd-?w33sVe!ZA34sL^+4w_WhM) z*ni+kTTfK#p{c4eq{3O617EcBqc6!9v5=Iu`*XL5u&#}kn&iDNZpWRY*L;n7$MKqp zPKc+JO?kz!w!D8mjr5-doT>U>;?J$gYaeen83*yD^!38UkEqNksvq)0+ia>6HZSJ!cZJlt%vg5@E~F*$U#Nh?6#n{p{cuJPd3C6D z|KWxE?rY4@J6EBqJ*QN+bto~6pDP5EbDklWvZXKr`bRJ_wNdSl7_WWJUW-~S30b_2 zJ{x&`GaBA=S2;Opy27lp&zgth_t<)JMe4Iih%~0Dh~Ial-h`K*;2;w!)js6!+{2P$ zN}hM-e`H-|z=rNO!nV@tF4UcR%_bpg`F}3}fqgC8W6MC|UyK1RuF~zB{akdHRcvV# zxroHM7x=~b@t7(-gwa_n4`Fp62qPs^BPT`bbNFZH)|ZRAEX%r#zrYlk?Cdl3{$S#K z_5IKRZGR3LtO40)A9`p2IezUnltJ#(`TWI&C@zLFBN#Ej5%F3SH`Sw%3OTH*D+jQ9d$miIn?zFY&L2;hp zJtRKs)!ssY%)`rBqU*V!++*E47udIT<_!XU3(50{hC}Tm4@bpsHJyvB_)U!1Uxg)O zQ&1&&RP6nhIdQ5f7bldKGzk{?56I3j;lA;?I71=z@*xDyU@n>%%B2hj z>A0Uo+`Qf&?r%YzmKXY;RUZU)T9)s9E1M?V8urj0ke+0W{;B4G18%+%W6Oy;fv^GX zf8?bVQy&jTv#DzB3o;OeIph*dXQPqR`b|&bzCQ@}8sNM4Ha6nNI{HiUnG?LTr`)Cg zPDm!hs1iTO{%AZGh~FP0ctjpCV1nq`W_ie>AE9S^ot8@exP^-|2q_v=9W(dv+uIGg z;G02P_5VJyMOXPgLou#+PUaETwskJD&!ynDMGRj{t=yKPNuKD_LlJQSVM&u&egJPQ z9uzJwa`OL;>OpSC&!`RPXo#2k8l0tkH{mT=z@J9h4#>Thvlp~(-YY3@T6RhV_mCOn z?ufpR*?^<=@%DzJ@2h$Jaan3YA+(tZX}2plI{B~PYSfHyJGZ%zG-N<}y3!=QPngoL zPx$`UMB&1R(_hp<5m=b4-x8T5FcjHuvwjOe|H@5+!M7?OXl<)4YUOO-I}@`~R5pDT zbQtko8m;IF>;~$W_Y|X!APw|Y#tQ^uy0&v&Dm|3z(TQji3GH35vsP)S5IyKYMN)~b zc!g-mFJS+@6csle3G37CwQ@sMuFv{c_r?A6q;l=5*|luBF3kA*?B%__-?PdlcD?zp ze|hePvUUD*1kfhv7{?ePpA&3Q@W3%!kNkbXpGRw@t{k&t($B4%awnOS=gak8rw34C zNM(N8Q&}zMl{Rz4^~l)1RP<;bS<5|3&>D)qAJ_Pg3Z2%&XroV1}e#mtfLxAGk^4RI|Ah{^#^gx%7$kHmd zi23F0wukO2Ulv!Efb44@;-D!CNo^PpB-pmCWxx9j_at zzSh4@-R$|!=%=kqNzOEO4OtDkza(3@X!X8$Y6*@QM!zwj|sx0c&~ZgoFxkr z>#CTpVN@9JPLNR>|M6>eZQnMe>IR<+fF&^gKcDO|UMdHH#G|hXPDk!Y#J)UQFCwV9 z-jgBj`*O$ohH0^9e4}z3oiSD_USzEKG$9eYYtkvQbqR zlfL-6{BLW~>g&4I&(GhNO^X?hpfi0rLl^icCLpHr@~M!EWv{N60Nh&nROCSBcAJUA zq%FNfJ{qlE?!lI!M$MvshH_s9$y(vX&VFELp+?ny>qgV(^~DsmW1hvb@RnEAarJB2 z=vAF?N0oFP2}ISaG;jWeO8%<`gw#xL_4whq2)jILt<)d1$lrr&Xlf;1JzD(P_W*=MUja|BZ!CxR0mDqHcvr2bIuAkX>Wt1&0bU^&{@%F5!22k5hso{V42YXCe?C0#c$DNg8ZWjRP!d;U`n zYJ$vD|2=4TY%h>9;#sv~5^6aSeXN;)Z|A6bM~1fYw6!^}u!g5=O<^cg5 zYFRB*+>CoaiGq69Rjwp|PflTk$-xNpkd|`oR?WNvAIE3^@-BubCNAdZ%Kv3=v;Q6w z?+a?z4n7zq^|}`}8gXJ?`rx{SE>VD6%-zqH`L0I)=3W@%3v`(&*fkh3L1qn8 z{83oc6dC>96xcY+lRLo(k_>rCbzJtfpa9wAUdnR&gAsSe#FM)r1cb!RRvvR^L+WmO z%ocPqa(Wf_UO033L_Op^YZIBTnv!D~Z<(xbZlqz95h;9Mu*Z9;l!6g0Z`SUkQd8>R zSuGMQi8QY&3ahNX#)dM*TdqtB9u#T@XIB zlzw+rj&dd-Oq+KVMa`3?t}5nW_0rcJAoW@(`gl29ol=D#D#w^xdW56))Fbs^5`FIY zo@!p!BSg)V7U@gQvFYIFbWhmbmKPTWA#-ZS+SbH(Y-UzdgI7(zwiUG=PcH6HCQIVi}AaV6Zb===GPDe{|7 z5r0E++F4h-JIp^5KHtg=;M_CvBGRB1GW*mxu;_9yV(OeoA;CE;A^+0?Q8~so1XG$Q zgk_AZU}TybBBRzst@9R~z`E+R*)tBeTQ=jzs4=GLGuFm61;Mjj`@EYx@O@S3-vVZx zf1HbC6C{trz!@P}EgFSs!ubHr$tc9jh^3g4sP^|9IK!~2x1X?laqpGOnhoBs%Dj$+ z-FkB>v<^0&IatfYC&Ktq?5d01aY z5<9RWV&+(!!F*o`9f_}*5Lc)18t&W^b#LQ{IqF-ArNmizOo=DD?9_X*`RiZMQ#L_m zRrlljW|~D}&)7HBp1Sa5rCJ2?3?<22`6oM?aD+p>QV1|Dy7@o_r|JbFr8Yh;mtUHH zgLvb=M!_puMD4?^$;H>IyFalv-4E8JHc)XZsBhvZ~7K@wrBU-kc zG2zs*-|Y006yOmx(vI|!I=H8bPns0!E5CL1cjD6nD2{WB@^GN}gM%hKcw`&=$6?CM zMk7rW%+@(keVqr|B5)%lPL<|7#Up9&BWumsv*Pow_eK_rz0y^WdDz*<{o5_5*^tq> zq3)YJoEq!GAHUr3Z?Ma3T`OOpAPs9~2zV1q-$sxO7v-#RW}HD~tLnCQ4;%ui5Nt3f z{=*1U>NFcgJR<3XUm{y&+(_#KEtNF`%pq{FH z9!{4@W~&8veT*ag#;~T1-k#IZXv(mfM`V0Gh1(RZKL5$x{E>*7Exl_8kGpQQs~`B3 zAf5c4*%xZ?_D=gBO;;5a)Yh#%s0f0zbeAB~ARyh{N=QkkbSSAH-Hmh#2uMqVNOzZ% zbT`s*CwGkhfBagdr9U(7B#$ZcS5SK1D4NE7< zU!$J8U=0!Fcl9Xwg&tnaC#}m-tp&-~7IT?n(p6?Zdc^+?sVklS?8R(rQ*soS-WreSzf5&H@+`k z?M-U>rC$z*t#TFrF%mpD6pU^(s3Tv0N+@sD{@5a{p?kZx;<7g6O&y)v8W)_LTMqvc zm=^(z8{>Ex`>jlr+Nk(#ng6V^lXu*aKYh)m9jGfX9#GLnl%Qbus`gR7RN z)R()L6aZEGn@)LwpTzCC2mA`)4#zC%k#u|n`rvQua=tlrF4iw25L$Mt>{x=sOraIA)5w9+;snH{W+n2W zCqu3WNc6r$v&q_ZVd)bOvD~NCE(8TrQhG}d zYb^(WEI!CsoN<~+_NmmA%e#EbXRRx&J5p{>_%$YUD&46k{efSb?c$1;FacIgo=98$ zv%JB?v;X2W`PTrD>e~@m)!$0)`r1mc%b5O?rhQZwAlKh+^3v{5@is_=Ku+X@FmvQF zt~`wuu0HuM-(a9H;SZ;b2HALKLMesBTayVtk6AtV;vH#HO%y-!8E7IN8ehvr!+h>y z79LDRXmS+Nebg#j{c3(N9VZa~QdY*h*HCxfF|Q#JFo=*Cw5QrGeI^oj++0zNQ40Z= z0L>J{Psg#mW&$oq(ZZ4jyKm8*g8=0>ol~k(HNeoGze{9N8rq0()c?a^J{um_P(qMc zfht0a_I9?qXG7)%SOP})MVFj~h!+hCck)*n-p_M`Gja2UiV0{~y+{@u>H@6|5@h{v zq;}iuW>d*%8=MseW!JvZ5LRGAo4fM!PL{_k4;d7Tmr zg39RE#2-Hc92wued5JgYCDHlbhYDG?Gjny)vUigM5KD!j4+5qj#eF!j@bz1Pk4dMx zsyhY}S?$vkX+yh+i)DNanScj=tzdCDtqLT~T1d=}h^gEliW#tOo!&gvKOndR85OZ! zA@CBSTXZI}cXgih(^wr?n<>@)Wv*3KKyw<_al>`8VgH=L`aq%;F0T9gG+9>G#RJdJ z8DH9S*m)*l2eZBe)tL>T0VG}_MQjxt9=KM&&TQg4qRnRWu=aogs83+eg3vDBr+Dqp zo-%!-X3X-&dxl>*F^Ipezs#0r{3Bv(^!qn?@=_9^BR1Tdh`zBwK>m;}XpeWlsP&t2 z#nFEvnW`)sxf^+}gh9;KMtd|SdHV%)h8F7%C^$`@lwv59ANX}(=|%*CHUS^Rm{DsU zHmv{*LdqZ_GjO%K*OadG8zu}e&k37ZZJN^JO%~xgVvFvoic5|m*IFu+FEo->`xulI z1$__K%QWi{6`>hj$t=3UcHNYj`f!Vm_h9**B@O=*<7KNeti%lK=K`*&*;h|Uzk5Y? z@xa$cd5ZGx{0B2YsOzt9@IYt=ffe7X$lwV0oS-!)5lBk(3Cp^yUka7J2lTvcJ3sa8 zXnp7JCSx>4qPH|^DG1YPP2kj{tK&}A@#i8|*dQ-<3n^$fBq5<^~-evE|TI~?qy zRDJDfH1`Aw1Gn5FJK>W49CMW99V~p0b$b1-20X$78Q8qc78*tFu1U1)#|VU zVMvP^HSv)oEe1YeF!avBYK|)e5ol9}>`5$}wBUZ+QNqnRTu_wvqZmMmD}{Yg*}C2< zKJmmy+oYx2pma`F@A>aKx4hGODvWsmQ2Fl?UT262PHu|=Q0^8I&ceo{t>e*n zthk84+T1DrTrOY*(6P5pJj2UeJbgSZLY5JlW9j(>9Gagv&?GDP|0S6k`}N^AQ*;I9 z@b)5-Sonm&cTn$s74fkPGf-S=&0B&t8apyUzTdBI_NhpG&xUhw>OlBvsAM+VUd>m9 zHm8TFBl?db1Ny&Xw`MapF}cos@FJ@1!UULfS7=3r%us>OAw+6~Kvz3lif7%ZwEDPD z4?_Q|=iwvv3sfNdPF@Tu&LnHpjmfo4-9P3`?${`yij#uQqd(o^<G zWs&^=1ncB=D%PglU_$#8kFQw+bxvl@;@tLB-Z&Y(X(a+i0v9$uJ0$+7ET~8dopxC4amY zocwSbt|b1fbfFQZfw=^9Q!$rb59QAKmLxmX5$xHdWgXs zXKkynp``Z{|9o*!RZm7Lw0)C*AsRrA|S5U1yva4AEaMt<{1{jKR#*QLrF5wE3z-eg>c|i1@ z^J5FL@e29cg;|9;YyfaV7&HC1(O^{Ns+!T9J%UK)zPk9Z{ldQYnwH7G*TkNmGgHv- zK6WFU$sOG*zdx4ig#yCOKQEye?RPnN`Nz-110Dz*(5zxXxFB^DjurgAW+%FB`yg)s`-7+8r{0A3^L5vCKQ@yjuK0QLr(MZ}B z9AI==@T{ z=bv-oy<(6x3Bl)B?tEH>znMqDClEa@D+#kOHc9L3K<7ep$|BfpHySkq;g7ay-*R8=$Cbk})<^BVAGAzh+e2GK@?LXUnet!TX{*9bu8!IJ@z3$Tp17-Ix3l9iVYlmQG3c7CizpH;>)D69M zjsOo5=4O8z^|-@(*|_gbF4a9g zTfcGG<^*Cjbv~9>+jWdq7wWKgjpoY+69m~ZRqVUy<^ucJdfL!$KFylwuN3J~&}OYW ztaZK&M&3C~f28U5c2?15=_6udPpMWPIo38E_=o{|YW07=sJLvt2Lf03x012kHQX_M zcR2|xfzmrge_E@zX&hQH@B(X!pEq&#r|y=Ht`vX~5Q1e@q`>eC6SzIy<$!bK%L|v$ zEW(=nW-ZR$`|mLwc>nC|+t*P&dWe`~?T(T2{Be?T+-6oWCh=FHlUiPAJ$zGJE+Z3; zk=a*HlZ>?P_eDxH<;?u*G#ih4Vj3=q4A|8MT@R>aPF}ngbm$@1{hYqf{c`5?L5|IB zV*ZeT!7$3h6!nJm)9({`U~W-GcJ8C2b?7~nUft9}4wKv0XmG-Afdva{8KrZ9Z+)Lz zpj5wpc6k`w1Uy72*Tx;{o zx*SsNms>)(tv>p+z1)sh@Kd9q6}VV?yVN};RBm3?FN@T*az0BnP9SX2 zF9$E!+tUJ7{L>&dYWM&-k5@wy-EPTrNg`@O=qnSBEXZWsIrH{;*!jIlKpnB{$0=h! zvI-0;K)D5k9@zI523^he%7wAa=u$;c{5F)Y1e<8o)z7F=+Ml5he+%P#&SeY4uIJ7eW+5)}OC_Sdl)8SqJXBN(6) zn9g6(fGg59TVdLjGL$!xzK{O4EP;)6QhGzH$>0bE=IPeoxABFa*ceUy-~;TqOWT9t zYXM$t;ek+JsX9p4%bo)x#kU9`vsLO{ykzpfAKdjz$dX6d{2c#VhdH0yr`Rg~+Oz$8 z@7Uz9U48$FnaMqW`|lpT!(L=e6=}KhdX@FZJ5jeNyJkDRH49QdoCBpCX?EP(wh`akCwfjpK%)FQAZCnj!JzQ+!$7T*vd?r>MR z@0dy%m5HYjf$g9qhH#N@2T>qsumd?h1GSv7KU%kYN2A_jfy`oN^&DW{(IZbuk(1|? zQT8)N|HgyK04jt%e}3mF1V{1DA8=o6aaz18P*kb*5PaG5qWvpl0E8@v$oX*w2!C)maof!bwPfptq5fq+kI&vL9B{JdD<{Hbj02{BFV~%Th5(szh zi|uB`Po-zwENcO~BI@*r1%+JdChl^*@RhL40xc~fuhQA0g#y%eZmyXZSkh8o%Mtd^ z=vxhd0nss7f5ea04W2cz+saKm9!Us!^`g97%6JYq>G1T2R49zX_nx!hKp4lrPsU|d z^HqU@!OL~rMt?DH*d?KrA;$41SWl_?oiQn{ypTqrn|h+!DGHYVP*;U6w+Jv=qP@#z zZz5Na#(HYdSqUn$i!qXa)NS<}jLKt0tF^{GN_#tc248@F@$q5` z>3_)H?&h$jYm#<_XGcO*o(9HiFEBl*!8_eJ=#eyy40u|__d8$kn!!%94Pt&ns4gEh z)>mvA<1@k%A2v-}Hm_WWILk~-;^9Q&SWS1F3GqVo4LCbTENQw~hfn7<0!YU+950{r zY@;gVV&}&v!>TqaZ1kOLM|mJgqvEzG&lcpO`{uJeHCCPadmA#rZ8a2fN|qP6fL&FX z$pCce$8XtW?T${LJ^W(8N|Zpjf%%{sif4>4Fbwcmk&pu0^_~i!X9ya69V_2iXmZiw zs!%6&I6c!=c=mpU?2gESL^RhZ6XYyV{ma0{B0IjHP&jHxkQ)J#jVIlPU)sM#mM`pn z%+00IFHeL~i(Jw*G!xsg7tejxvY+|S3U7eDa4yN5o`l~H;s6xCrt@KAder#f?r=R? z3ezW#a~_uqOZFX1z~nq;5dFa%C&!hI{MZwyM;pNu^6H6w(>-(=|2PzX>2AI7k&Sl- zCDGti&MqDOOuoc;^BRlaDd*0|i;a?<&Ix}gxl*$hNP{J2fNT&5c}M#wl$QoCH|Yeg z5Hu~VsrV?c-#B7{DN0%^)cD`?sKbd7P+dHQ7a+&*Vbn!DQ~X+{_~8&`_HmN3#~bFN z4kyD5f(_wff}EYJmXFKC?R|*YTq=$%x8^EmCnSE!0D+6mREaw( z@HqULLto`l!bi|7hE>)5Mtg`F+N0fygK&F|v)M8bo<%csYFDE8sz9h?B{Fz})8c#h z4Kiq&<8#*}E@KM2ctRgUaOHFM;I1TFzTWp{lKVj1BeP4+#`DO3)^92g`>b*nh8T~g zlVHmng3uzCi;Iy|I8;BI#vrkUPk<5RG{GOa%fBIE|4-}8@1p@DP z#YM+SUuB+L9|(3(anSZLX75x?;}cmp6%24Ce+A~=>!D$5w*HLZHRYE#M|i9Z3O zFPoSTv{LZ+aen0w5fdZ(Y$9JT3|)anj%1JU-mxl{!MFbfu*fNvz^c8Jqq#me_|mfi zyP+wwX8++k5x$_kUmJ)C{}s3q{?Ow)=HY%L5-C-JfTW~f1uEHxFNIOlT^cnl4c@%l zYOMzJU|^t*EWyb#c%a&sx}I_cD0I09+Sum>g95ahB$DyE)M_>bwAu{RFr1KR>r9&* zSc@{VlDo9}D%lN-FumGTv+DG6mt;!5$f3sUl}p5rO;x~VIuNSJ<37Zan5DLCbga1^ znYNwVp&fVMB?pb8aQa9mT)PIe#;7B%cU78DEYN(XcO}6^0eAw$8t|zK=#2gKHz+DW zFCij;Z&tK#hRH+X47eXcJ-wR9KU%n0Lg<~ysyvV8ZFxwDy$;C000Y)8-gDkU%7_P| z3BZ>@O{YZ%6h&t5^bW6)jqB;XZ?!3@)*qB!>7Z2xB-xm3+9Q(&fRHhm@cLAqcUaS3 z?;XB8!$(}DO3eK9o$IF5HY z0b3)=k*sTAq|pg=am_z1mOW)CqwR6EZ`U%ru4~L=FJfl~1^-#bK|ao5S(}lMzy_q~Cp!b< zZ@)s4F&h{O{IqYI<_rCEMs!t|MR{NX_Z8}|nC~L*7$3u=nKR1|AN(NV;(ifz{pHf+B6HHiOtj~g!nGN0I@Da-F`{lWW%kKkXF~le|(* z1{gh>#)3+TJwGXCx8p@5DFm>`p+d2i+sIKGeepe zk5(%36g1vYQ}hz6S(3Y))A1R3mFKly>GXRD5&`;Rv3RyImO{m9LjsPGu@sJKmPh;} zoK0ECXwYPRh#!ng#HS>`YgxojirDnNNi%zRKrE!>9s@CeAhQ3rVe~s3Jv*;1PP@3X zb*s6J`~x|@2e-cuwcE6@p?AMExKaW)&9qv-M2qp5Q|H~0r||2E6~|$<1LX6hQ?^Mp z8nchI#;PuxjBIKXWr z-O0Ikp7K{>abO@zQ};#MCep<>X(XSfE1b8@3r`(LX`&jf(Y>#cUa?wfkwp8?$CZ0jRcK zxTU2xZ6JWjd#8m5|KyOUBZS)759Rf@d6mN*&cTZA-sEjs=uca7=;_S15;0KW0ZBo* zE&GK=1Z4gmx7V@RxNi0@t}OXWy)enEc?@AXlBZPUSl`obzDpq{GGhYa8tY(=j;Tt8 zhk7SiQN|8IR20&4N-kWO(M)oQkPM-W=65nKpO|e6RQGI$RC;>V0bgQdYR|L(A_KOa z>WXE9Ph2TrQ^8?(QuF$M%?dUPA6F3#(pRuPFW6b@Q^HGxu-#{8s|aW#AY45Mr{_+m z)336-sPyV!<_>vsDo~o|*JCQ~vZG0;(1e0iBO#=L3QQJa9<^KjgW4zmy(~aBmf}#! z#{*=KW8IVn{?I3uz5LgZPTGX-N<~hcxS8ceX;c30vC-GD5#^7`Vc)T#2@cw>>cCzW z znT1|^*p3san0`rQXGy-+y+}Jr08mg_^`RC&Ke;JK765VM>jp*JjluF|n<+`RHsyPWZy6qF;xXF@tFad(+@br(gg%I5 zUytHvl$t}Y`i;$&&wGx0zb{^@S4UR;pENL!Ax$T&ru4ywb*ZDW{biL^st`}I=i13Q zncOODIxU`=ZxSeu*z%X%J~j)UDNKLu!0t1=l39L%liyQSOZHf?7d~Et@uuDn}jcn6>; zjHO*6UmtUCF#H6o={LwO-xF}GUOo9s>C~nMcLjFBbJ*SBO@%$HJr&vS+TVB}tIhNb zDoWtU#@{p9+b_M-{)^LORBSx{=1ydHhUR2%Y{?OMWiv;g04@`<6XYHS43F_Cnkj;hnM+)|3%=USIChvFfk3nUM+y3XG&q?GPSxkcd zVqNp6Hg||Jmvr;EM@++!UaM&_t!ayO_=ICkGE}L@tOPyz{5P+rwsyrp5bxl+S8j(m z+lm2!e;QVoqPhjaKeKm1G&3gt&N3$#Zz(a6enQCPtmiX`Q%3^nb`IYf+UCKn3kWS^P3Pu)Yutb>i8o$|;scubY+v_Hkc5FD}`eW0s+l7{}0xrR9&?K%nWw?`JMTT;AU-YdB zI3~rd7S4w%^9tKs^Zdpx<8w6wH33ZgfHtgC$37s;u>ARnBObkd4pmBCW(c<%T~Kj6 zaT-@{cfb&o=Q5X@;DibhNLX>CdZgV+1nH9;bMxJ{l8jLCzW{2?vYoyT4s&o)OS|)B zW?RWYI>QDXRk6XA5`Q<30>^_P;p_5RK%t53%2(l&f}boc*a$l4}{2aJpq zs$WtR6;;<%{)re(#Cq0s0ZE55_a44gF)iJTxFYmxqh|cCQ+ZjCL!f?YwLF|*I{W2V zajgt-=Ruz_8FWs*!WE7deu$k6>fRvNq#fRDzvu2Kt8`KF+9ZLT6%rJXmj!{4v4K4f z6cz3DPr)IMbiGX9HHVN(O7qWdnp!UH({Ux1XhpNF+$ zFKDP2K|7$#JrA$%1;j!w*VejLXabVi0rZ(TO-K}0E7E!!mLb1!d~C1hWiT9sOM0Zu zw5iY_uBbzxkn0n6m{kbzda%XW0RcK&eFA-ng3P(b?D_SlYU6@VjhZ9-cXiq!|Ei*5 zm@!)4LL2g)2xgQXL(^2*$m8q(KHUWI9s2Pd z`u4mOFRxlH1iu`yJ>g$03o0HExGrBn>7=(Q`xFO@iqpm82xeJy zNpU zXt+cB>8cwNFzcQTT$2pZpW|57s1NR)FF(EaxN2U}rsZS((;L_giHRE@)@P9kmMZuz zQ&+#D@4>DC*L`(7ACrps-CC7<2E&g*nDn0_ctY~D11Ts#a&?DFBQq)FONVL6=1DPA z`lb0ZzXNns!|a08FUe#0j?u?lI@EN0VVc(*%Jk=`F0ac$&tHWjMub4U0SF`}CHLH* z6bJBwe(47FY8*ynj648Z7J`Z|ZMi@m%)8QYWU~vaSM={h{V~2CGZ(5-2WKBH3_UnW z^40?)3#%us5N-KNxC2|q{@TAP)dGyA0O1!v(cl-D`PBk3ig#~lY)7G9DK^}Szl|$x z#D)Ew_kpWGR^g2mZZ!EI2VM*)wZUXpT#%zJtl3I}U=qBY*Ph1+5W|7qRwMMX6bN6# z6JuyeOu$I*Wcs_uF<*}d0P>n~1*Ak@2!ukTW62`0+bTrx=AV6+J1w>53IfRDkG*Tc zU$a4=Kea)SAHLL2gZOCIyT~thyzHfScVK}JZTMEG6B{4hJi9Y!YKTt%W}&YB{ycB^ zvL6E?o?_2MS9e-$O&Q^O;L3le+dHz|XIv?)RgKWO)9G!N9{ye|2bWp*-x10WQ(w4o zP-buDQDq`KdD`)QZJy6RAiE{cELK9RN(|9pEKe}`HmI0y_lks@%If#==R4KT&sokE z9~Cv6s^;Atg+{HKPy#m#N=drWfD2$^VYq@)yxYi`Cw2dQu6zxK&Eu+BMKP6^&IMn= z42OMA{S8X)wd6y08=h*}AUlW&d+hMgZ_uHn?;1!0Vk+28D7Ub!G2`({@P2<Q2(iP&_5zP+vRPXe?>5c48>9^s57?_CS*QMYXlSJn@b-Ic&ZCoZ-zn;w~&ZJJJfM z1jhB`B-d+wmW2{LVJbjP(;QF?`0aC`eSDiwButwNa8ms!kP!OXxK`Jg8Vw)TJz zH4M;9j1qpyK@`IswuEJJ*Ql!s6KbPvKm;>?bt$kAc*h@XAi4z76W_?D=lISwslBft z;~F~q;9CW46IR&$kt^<`cbUY*Hu<*sj%{tO^yQ%6N=eCWM)j-DI+-Ge;c%D>k^68# zJk|aNvFbthRbI5Q+JKT9Cs=jWg>NQ{R<{i5Kn7BQDAT<^&jl!oK0GqXLIcL{@)uVA zb2LH4xm7nfGvSz1m)dYlVOxzoiYFx%3@6x6b^se}xma*=M<~{r9{N*Z$s&b?IwVZ<}ZJcJq=kmANDwZMGfo?hONxK?F3NC^Kl?v}3tZpippGs%e7!INTI=#n!dS$uvtqYY_wZcw5}SjvlbZH*mez+xWW#^|Fzw zf`S5>qHEk_Dvps^*~-)|nLBJJTYh@-{U45o_ak$T(wnsAQSDWBv)P)3t#O80b4He> zCpt*~i6CL{va{Sr?PY1%Uc0dyyoZ(alKL6nEqU|Tz20P=z4N)1k7;-{BI2_DD1K*< zUzo9v2ak0w+h0s;**aD!pEnn49Q+zd7&(;g(vjLuBzC^tyEPt(_8Lepx-S;lTKMr; zD{)A?Eko%$jnik=x+K<@m>367>P)oj6qt1-mNptD-)`AdEBlEyCt1eKyV|Fmo~NY{ zJg~OX-#7e{klibt``8BuyZdRk9m%dCoX2qRQTu_r?q*oM=!CBfY?7YseyRkw}>sGKE!`+L>-mwFi-lMCp@JLPWYnA*RbPXNXsL-lLj%oRDIn@P$R;V zFC4UB+nQtjLqN)NO5(Rc!lp-);gp9WWi*3^>*>+qL*B#4@n&IR4qFS?d2CDXS+Kqwib-MqNTM9osh#xwI zTeB#_ye%P8PX79(n!Jo0*TFOjL^)tJz`7z>wje13A}ott-|_OImB=VN+exi4#Z z>Q3KidknKo*VAluYPvr%;FkL(*xUG?`L6@7bno+w;~$D6Bd%dzcm;%Icl0;In-uBr z-z}}(`sv5}+~2zn8NE^obmtf5d+oJ&zYwoL^LDD~_tN&#;0al@+H2gQ{YXb!qE6lF zS5a0LKmLT%Q}}#*s`c%~_vt_VOPf`ZTCQ*kbnsjlt&AiN1)Gf8pshVu+sdgyh-_x% z2~vX&^ygkdaT)Xm9eJ~33Ea6`aa301?TabFOs+PnPNRxZ;%`;u^ijsUJ7(|ZzF%%s z{gfaLibj5G9?GgxNS0WmRx0pn_q)>v69hZd&wot_jk#ESoc(!1?heJkFKj(8WL>T*B9yk(Rw}W`zJMZt%PSX0thPD4!`ftpHj%7%V)w^NF zFTeWc>BWWDzcT(;6ix&qFm%HmjF5KdUEgj|Gm`yE)(mjz3~V=}WZBNJJ)dpOS$-$e zEkqkVqT&&7Bsp*RZ@hSM-8|Rg)TT?b!f%A^3Qp`(Ih2`DxgK)nkic&KBq$*RFXr=sW!!#(ALef4zAIuHZy z=00p!+($i8zWG~@8SCAT5{o+dO5^-*ym=A7h>A0^0eA0t)?Sn{+otD9#kgeI&(Pdc zjA&}7NhEL7@B*?>3PMRmqUV*?B5(g{m_4Dr(hVQIbuGX&!8PdC#2LJ(&Nw(G4QyUK zA}7a4Q~NY-CPGHS{G?7^E_`%`sabG)wKsMCFX_7R)GD*>O{bfqF833uGCD#J9MS8S z&evDBD%FdmuPtUf@$G2-b+}-Wq;>mZlc_lD%g0zSdJbT$9wT&a`z!C~k4W>+SvVc)wod4q!pm(vd$Y^%gsM%?t5k|BT`tWd2A0-@ zNQT!H6DdMAY|#y7PriNOKrId2cHg*t7Xs6*wZ0Gdc@LLlJNVCkE5G4DnRqXb({ikt zs2O>Tv*Xl3U_WVI!2i2G=yD(J31yJJ9P-8_FCoGD26>jz!){Dp-s0&%k(}mX$GFz* zk0YMwwRsxw5qbK*4G~e;x$+fDz-R6JQfQ!ZgjfDPE&29;Spb`9 z6wHO0UJ%O|`W zvObS`(@?Lx5Xv7fIq$g*nZr@M3=j)!$ifuc_>WSZ&hDR+!*VDdD@}GLXSh?2GJNlcCp;YZKL5U3L?cq*W*HG=lFn zP`*3!dWMy4l`$6Y>Iz~4b#HS9;AOzuqjsp=k4Z$HU>F|Mdg_omS8s<=JywXe6QLj4gNJZ~7S{?;-KEzsqoDxlHmrY$NA%Fwts&nn8;iXH zxQ6Pb(lze=={=Wp5Xy-l9zXxu?)z&Y$s{JNj-gyCH?=XI z^+nJmqC1Ck9k+8v`0nTYC+DY6nm?tjvR`t$oV|xBE1xeV+%T`_DAWYbLPkHh6TIqA z%eJ2=M*iS`x6sjfI&~`&#kWYCm$uhBlbE5LduQdQEKoe6u_R4@H>Gn2YXKvwI)hJ^pKHycf%f zw{G8cw${Q6H)EnwRxL+c@{K!{v(3Z+Rdp|Wp+w3p%|CdYBJAby0)C=K#(`?V2)#_K zhNk?iXnl3LdAAdD$FuGcjRbmSm4=(YvcKx#3BRgzmw2lAl{^9`i-KOFWs{Qq(bjgo z!ygg4tIM=n{>vdtSUlk|qA`Swo2(UeAs<&beA`chFZr0hpIrHc9p&Dm?}}C~iz+-{ zS5-b3%EHTDMFpe#p^A7>`FAj~hCD zc*faH6!=c#_3u986PIrcOxb4vrDn#FAI_mpX*wn|Z$M{)fx zZ(cImDo4i3M{})1BkjMP(w6tPZl#sa`HdL08IcLSR=1LQ>+gs5OYJW5+MT?uwq3k` zhs@FZ^LXJ5!g!y=>n5rqTY8;P(?R@9a{;$|zB2M}h3QYiB$$Z3(gv@PX%C zc0w_)>aCaiv-g!9N_nHLIjdz>M{87nxZ=K*b6*w~ULWh(ZeHvC-7YUXY&NAjyo87K z3nTiIO3}h{o!}kAjY`y$S@RtkCG$#4Xq7{2I1w$wEi|}E^apUF!zQZ+KRW!@;R_6d zsXFr@4Qsf@T6h<6RTipU_-9~$@ZQk`pVYYbV?u@9FeE3Z(UcI>x%``TPJ7(>E}tG% zDntUb;QD>N;*wh{20VrB)kfx96te9Pv4@O`4nGVd97ueCe>^FY=!(*2*E>ICr*dp! z_*nSV_h1S2aJ0=+SMX1uAh&SuB+Ye1*MrAVp|5e;up8|x)>RG0L+yjOeh;B|aQh+f zc}$q89rR-zk$q9_e{gP0)X6-}vciftu$}9CO9a3)Ztl9qZuS7`<@ed9jP1E++&BF_ z$IdU64+hmKyB!(F{7ZEUg>%Ln00(D7-Q#S+0p6s#cZ(oq9&)|-FZ`~V01y7@&{2I< zx;AyWwWs7ffZZ8uf!26(f9Ae3WYzUUr2h_D3R2r_xCV9a!CaOh6^{t$zZp9-tnPDn z-1*&}*{_w7(uHWn@(QEZ1pB`}^6ruFiJD%Uv#l1T!#@K?*pdGT@xHFBD`WlapMYm8 z{n7=C#vik2&}DB~n)qjgKP2wc5##3X*{jU2Bv)FvojJ31%jWIb56>*oK2!d~$=2sO zDl?T$z~ZY-KAtX76oZKtjCv`GT77@w-)mKRqgKM#bWhp5Ggz$kkgB*oj2#roVFa+! z4Smn<**bZ6aOTb4y{dzfopSsJmDNN|;5e2cF=W8=_&FQdJuQ|Vrv&Iqo~4fJ_RuMNch?KuexPx{pm z1hn_Jtbl+~>k#RFREPVix&d8?DU6DF^40=PKSUk~%0MKSrwD9}phRLLRB)GCIF!$u zCFyL(m{!ztOdrQb`oNzsas&{!A%JO+=B%Lw^~q!)S-!NwF=Ll8LcU#A=zMHnnE8`K z`(8Etr?@ukSr4iwcY^S9v}rMlRP~8sv~{7-MyA@r&Dd?gz< zW_Z>E)Q6!Yb0f<-Xq3>U5GCJmmC-HB6HcvuI1 zQftP9XY1i*Q-DYgE%D=FTLV1VJtqEw_|HlFP|{X*Lp|dI;1Cd$#>DHfgjyW8&(*Sp z9(w0rPI5fwIbzTJnugg|>L=joQs~gF)1UX|@K}c@yIq$)gB5qkl_vO@_OWUxHen9= zuV-r6%E}xdR=lOBVxAJxE&Cj%JMaZPteVb=`i9jacIoEjHu}PoFP(~U0plAY&+rOP zN^P&Ha9+&XiqrqvB3(Z2*Fz{VITwk05$7zaM=qB%`$VWIhag9y!<)Ct{&%ILbDHz0id$`}7~j*<_ylO~UcA=VRP_k zxe}D-SNxRQcr3SU^QH*xs+k4;ScygGW;hh6Nw%#pf!FD%4t2e%vb=nTbW`Nlb%whQ8v?@xzpF7WWS03v&;SQ<01P+c83U3=eU$yO zJ`;*jaQ(&D7pQ;BL-b=|I^F+}EkIv6knV9+tg^2Cw2;ibC)JWun4&Gha|IRln+AeD zyMdb6&wWEKdsH+y4af_E`;sj-bIbR-J!`hb?oUzuuxG(pZE~p^G)vLG86wUx(VUCr zY67fiePc%JsOW^wJK(5DIBoI9zWdO??()aZw>)#A*7DwPg{a z`f=GtWbS#L;5o;}fve+N#@q9~+g`le&4)ofdpQ=TFF{fZu8^-BC#I!$6Yx1fV9LjRtl$_la0r*x zY*IH*aem^((z_Stl&RW9-xml``Jly*|7<&+cIdK6ed=EQO#cMy*Y2_W87WrgSR~0D zC-L$%yV|#I&L@|m#D(RGmzuObg81LQ&9(($syDu1K6#u~$a{qb@B?GnKJNVu0=m^4 zeqgLyiojbp>WRvN1&;PfBR~g>;i;FFk4Lh-8w4?yn@%f+rq=$;p546~a&NvNb8d*79BU7tU*XT91@o7TR>H8$$dZpt*0kHrRi^&WFw-~bEmcN z#vUav^oKoMk-D$_km{W>gL7Y+NX}W>>60?w{MAG96}RYTHWdoV$Qlq$n)Na49M~-K zV#{wI(%8=bSxVOsVTl^o~6(3%GdY9?o^t;y+2ndd*nHcS6?I8&`YE-F-yvcku7xP`ISX6 zRWiKVZ=OneXg(6nnT1=bb~q8w`Vy4|R3bgarGY*~;1>x~kdYatm~H3&Xz8k493D}i zMFO~C_U4d*Ek)GOAm||ht#jJWR~DjIB<&zQNpSK6A||?-#GM0a|1&e0BG9XBVdO2O zY5l_OyIYA1$KYGHgu;hUK^Dd!6y^A8;?YX;R6Kw5o>GGiZ^oyznc>P_z1pDU80Cp8 zBUQcS`Sxn+mwX3($n%o#|1U=mxbXX6#3=JK%tXg0j!G|zA{UPDWN4t5%#sz6`6AW( zw$pi`l1)$k-GnnaDw`cN_YARNK_W|XV$i52c1>dpD()yTvwB`UCmQ>C>qOVYWPlNL zJG}h+jtf*2#j~m?p4dsauNsw{#n~nnXPaoXx!HE8onEJJ(sge%LWr|xl$qw~r(T6c zk$tsxcAlBqRZWf6lAUNE$)rK2mZMS1rxdK#sTEfkTz!|5` z+dfFoRgmI)oj!VAYp&}wtv6b`S5wBud!E-o2mTuKfPeeH+i zCRmk?*(DpTE*x$@ofj%;KX;tilx!Alc$BO$uKch+gl%wUH=$$5htKCntyZB?t5~^V zR5{(+T+5Kdj>c$W@rK7DzmGPjk-ccmltXd`+yP!c*2!BZEjX*+WMN?zcdXk;ZhGPs zMk*5o$_wI1jn(qv2TfDfg8jiT`)Y0MueFgLuOl}}$}6PC>M-e*R~(;}pyzA%7x3cF zCc65k*YWA-^|1YD=d{O-#n=)UfDGZ*yRX4e7)!sGrfwI<8~dkxDixcsYE&m(|5mQYcERWb=|_HZMtL&=a7!dx!?Bi@FXcL*B{VTM>BU_-HJo zkV`j7c|jb$K$upWo2Kp|>N*B*Xa~%xi~ZbFnuJUcNQhRGY1T)|9G9Sw%P7qr@4C7N z`#Al1>s8pk`&B~uo=g7_5RJj+8(ZuSl ze}YmyN^#39DWCCY42HrSIC6sbckZNWC>f*4Mslo{;CqIYMMWO+T9us7ugm7UZ=NR@n)(6j3x*?Z|4eat=p+iv zo>9KEs~Nj<^rj4kM7)8}j9D)0<|lA}S<1NI1w$epUl5N!#IP?!U`$_TUa}#QFqmu? zee*;o18zTeElP@z;z9a?N^@c;&51!2C3kU8O%LZgCw8gpyPW*=!)CUwOv5}TW>G6; z6s8&}Of_=f(q#HvevZ`la;V-u?H4>92HgP~twR*1NHO!Wyx1#@a(?<~iOA~@QQhL; z_}ecL@C~!(kv~H>(s8dFL%bG*@$vSQxa>I9$TbXyLu4&jMRLvp6sqg13$FUaSJB6q zk;&wda+sxmn7!3KtSE?M>&mpq_q;4OmR(gnINVp?(J|-=aJ-?9;|+ae#Oru+Lv|!F z6lYYiBqxRwjs4TCa{Uls_T1M&kDor*wY9%wn04H@bkrd0yPWK;u}$e7e&=%wk;$j7 z2Z|zmRBPkNgvZ+5}l#8=Xym_K)T*LUX{LwhEs&#;x zBk$2~X<^=~EhJ`*3QLJ&vQvZZ0H-G?v0RR>3#SxjUyhCX5qDmE-k967H*VXBd14Sf^7W~ONG_3+DmZT#`QqoWDtrA5z*QHH~_ zXq4B3JBrPb-R^v+lb3flPsvAA$Ym(xGnXIo1;SLf4N%=C$wHW;)D)x`nU@|#VQN&w zu=roGq0nMrP1QItwKEjBmroU)+TD9BGTP>^C|adu2(H%^b&v9&ynUma+h@q3&I zwQYk8`$K3|a3UfR{n_jg@G=u+ z!YG}R&)zY9jA2#ltjSRNJ{F0ds+NIBJ5y;+3?6@o530IxkGK>9kd>(C{<0LZ%zB)| z0rYAG@+rD8RushZxwQsr+6Fn>IzWrf9a--Z;-l28E{>i@3b$|<9F8W=*adEFkC1*)a%s49HxoPU3SA$a*9o)MlS#pV^HN+W4Z@#ha?NsO< z@Ur8ig@;y14bnxaQ9Qq;kUcd$oa=CoyEXz+i&<`xfrXjT6sAP6>ufj8J?=?XpBbWb zN*-LE%6&_dsq1udq02>^-9!J7FH$-)XcVNy=~$W@Luq!*IB)#DO6!EI9)(=S>S8mi zip{jy+|;%Yj(8Y8Jl-H8QY@MjqhWq}G^>i@$B`6j+XrXdpL@L!MXEj)MtQitm$Ka0 zNIbWyD4vRrfAObE=fMI_Kr9y^5qqw07mCK=!%UGCc zibyYl)HNiNO+E-?U#*QJ^}SQBDX}3?$s<1kS$xYIuQI0+lqjbs%;}3r@ z%-$Lsd#bOTS>$m0aSZv#>4;t`QA~vD)&br)-gVWYz0=`jV}HabFX2qH7kec3)AgXu?q=s1D+@AB6NUqm8BOHCCM9-+!y>O8 z>0n`|iM(XP73&BB$R|jCxxGO?s>&Z_sk{+)`uTh{;$_a+T zxQ2t+27Pq&dT6w|ZfM36B-QYoMCn?Zqt!&|lq2UB@dYFmb4&j)jn<*7qP3|MGBVA2 zGR!&>qt(P1RH&75WP*SxmxOSVWP^ zFRagAIxEGO=YLlDG6-LsjdRUm4j)s5!ZLBq4?e%-=&WR4#kmPwbC|<45MTJg=a(FX zn>Y$@ECfO9nf|Cb%;66d0`CM|#=pPx-`S~ChGla`Ifpq+1d%tQbgHdC`qTVKvSF6o z*YKSCI)^!ohX;gjM71yeAc$5`6dVF!i-2Gi!6JkOYgmpWsPK0D=<)JvSAAnv71G5X zAamNo<}ioZgAeEj9D;x)EDF|$p$Vcx3}Zniv#OOc%fEhh;q-D0Hwd$4lp=Hsb4EFb z*?|MFMhs2Ffq(@eY`tV?%23$x-7l6}5ro@rHu0<(r6AHXd(QG4eh=XQtRp`yh=Mg@ z(yz~^0006(Nklj?`oivq7*-?q&5t#1i8XSnBWh*>mB>Sk^F<{WMz1TTmd zz>0uF3}X=ltO7V92@yeNaR>YzKYh0B_L;788)5d`*O07Il+9V?#}hNlJSsz)_U}Gb zbbUQsbC^A&3>!VC1-I4#Os?lKhuOq1&?AUgMFE>+U}BF5HW^q%5u1p-+a2(C|Mc0i ztCRhn!*yX+gS_W{e&&0E$aAxK&Ob2tfj-8j_&;Wu$2rXQBK%QBA>rTFJEk8`+z zxMkJ+=UzRc72LY-fcVv0@IHotZY0;yj(`Ob8=}}FB3J~l%M>zeNaODQ{-YJMCXGFZ zIlyf|v3dS~tJVmq+sHR8B>(^b07*qoM6N<$f{v)+_y7O^ literal 0 HcmV?d00001 diff --git a/documentation/website/expansion/passivessh.json b/documentation/website/expansion/passivessh.json new file mode 100644 index 0000000..68f7eb7 --- /dev/null +++ b/documentation/website/expansion/passivessh.json @@ -0,0 +1,10 @@ +{ + "description": "An expansion module to query the CIRCL Passive SSH.", + "logo": "passivessh.png", + "input": "IP addresses or SSH fingerprints", + "output": "SSH key materials, complementary IP addresses with similar SSH key materials", + "references": [ + "https://github.com/D4-project/passive-ssh" + ], + "features": "The module queries the Passive SSH service from CIRCL.\n \n The module can be used an hover module but also an expansion model to add related MISP objects.\n" +} From aa21c8619c15758c0608c4b96d223c4c620da07c Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 27 Oct 2021 22:23:50 +0200 Subject: [PATCH 050/132] fix: [mkdocs] updated configuration for version 5 of mkdocs --- mkdocs.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index bafd3d6..c799d20 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -23,12 +23,11 @@ extra: search: languages: "en" social: - - type: globe - link: https://www.misp-project.org/ - - type: github-alt - link: https://github.com/MISP - - type: twitter - link: https://twitter.com/MISPProject + - icon: fontawesome/brands/twitter + link: https://twitter.com/MISPProject + - icon: fontawesome/brands/github-alt + link: https://github.com/MISP + theme: name: material From 04a6e89813380b446ceb979b57ff99b2b2d15aa9 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 27 Oct 2021 22:24:38 +0200 Subject: [PATCH 051/132] chg: [doc] updated --- docs/index.md | 122 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 119 insertions(+), 3 deletions(-) diff --git a/docs/index.md b/docs/index.md index 53b3e77..1297a3b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,4 +1,120 @@ +# Home -- [expansion](./expansion) -- [export](./export_mod) -- [import](./import_mod) +[![Build Status](https://travis-ci.org/MISP/misp-modules.svg?branch=master)](https://travis-ci.org/MISP/misp-modules) +[![Coverage Status](https://coveralls.io/repos/github/MISP/misp-modules/badge.svg?branch=master)](https://coveralls.io/github/MISP/misp-modules?branch=master) +[![codecov](https://codecov.io/gh/MISP/misp-modules/branch/master/graph/badge.svg)](https://codecov.io/gh/MISP/misp-modules) +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%MISP%2Fmisp-modules.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2FMISP%2Fmisp-modules?ref=badge_shield) + +MISP modules are autonomous modules that can be used for expansion and other services in [MISP](https://github.com/MISP/MISP). + +The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities +without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration. + +MISP modules support is included in MISP starting from version `2.4.28`. + +For more information: [Extending MISP with Python modules](https://www.circl.lu/assets/files/misp-training/switch2016/2-misp-modules.pdf) slides from MISP training. + + +## Existing MISP modules + +### Expansion modules + +* [Backscatter.io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. +* [BGP Ranking](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. +* [BTC scam check](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. +* [BTC transactions](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/btc_steroids.py) - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. +* [CIRCL Passive DNS](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. +* [CIRCL Passive SSL](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/circl_passivessl.py) - a hover and expansion module to expand IP addresses with the X.509 certificate seen. +* [countrycode](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/countrycode.py) - a hover module to tell you what country a URL belongs to. +* [CrowdStrike Falcon](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/crowdstrike_falcon.py) - an expansion module to expand using CrowdStrike Falcon Intel Indicator API. +* [CVE](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cve.py) - a hover module to give more information about a vulnerability (CVE). +* [CVE advanced](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cve_advanced.py) - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE). +* [Cuckoo submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cuckoo_submit.py) - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox. +* [DBL Spamhaus](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dbl_spamhaus.py) - a hover module to check Spamhaus DBL for a domain name. +* [DNS](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/dns.py) - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes. +* [docx-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/docx-enrich.py) - an enrichment module to get text out of Word document into MISP (using free-text parser). +* [DomainTools](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/domaintools.py) - a hover and expansion module to get information from [DomainTools](http://www.domaintools.com/) whois. +* [EUPI](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eupi.py) - a hover and expansion module to get information about an URL from the [Phishing Initiative project](https://phishing-initiative.eu/?lang=en). +* [EQL](misp_modules/modules/expansion/eql.py) - an expansion module to generate event query language (EQL) from an attribute. [Event Query Language](https://eql.readthedocs.io/en/latest/) +* [Farsight DNSDB Passive DNS](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/farsight_passivedns.py) - a hover and expansion module to expand hostname and IP addresses with passive DNS information. +* [GeoIP](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/geoip_country.py) - a hover and expansion module to get GeoIP information from geolite/maxmind. +* [Greynoise](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/greynoise.py) - a hover to get information from greynoise. +* [hashdd](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset. +* [hibp](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/hibp.py) - a hover module to lookup against Have I Been Pwned? +* [intel471](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/intel471.py) - an expansion module to get info from [Intel471](https://intel471.com). +* [IPASN](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ipasn.py) - a hover and expansion to get the BGP ASN of an IP address. +* [iprep](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/iprep.py) - an expansion module to get IP reputation from packetmail.net. +* [Joe Sandbox submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py) - Submit files and URLs to Joe Sandbox. +* [Joe Sandbox query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) - Query Joe Sandbox with the link of an analysis and get the parsed data. +* [macaddress.io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macaddress_io.py) - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from [MAC address Vendor Lookup](https://macaddress.io). See [integration tutorial here](https://macaddress.io/integrations/MISP-module). +* [macvendors](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macvendors.py) - a hover module to retrieve mac vendor information. +* [ocr-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ocr-enrich.py) - an enrichment module to get OCRized data from images into MISP. +* [ods-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ods-enrich.py) - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser). +* [odt-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/odt-enrich.py) - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser). +* [onyphe](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/onyphe.py) - a modules to process queries on Onyphe. +* [onyphe_full](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/onyphe_full.py) - a modules to process full queries on Onyphe. +* [OTX](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/otx.py) - an expansion module for [OTX](https://otx.alienvault.com/). +* [passivetotal](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/passivetotal.py) - a [passivetotal](https://www.passivetotal.org/) module that queries a number of different PassiveTotal datasets. +* [pdf-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/pdf-enrich.py) - an enrichment module to extract text from PDF into MISP (using free-text parser). +* [pptx-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/pptx-enrich.py) - an enrichment module to get text out of PowerPoint document into MISP (using free-text parser). +* [qrcode](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/qrcode.py) - a module decode QR code, barcode and similar codes from an image and enrich with the decoded values. +* [rbl](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/rbl.py) - a module to get RBL (Real-Time Blackhost List) values from an attribute. +* [reversedns](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/reversedns.py) - Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes. +* [securitytrails](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/securitytrails.py) - an expansion module for [securitytrails](https://securitytrails.com/). +* [shodan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/shodan.py) - a minimal [shodan](https://www.shodan.io/) expansion module. +* [Sigma queries](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sigma_queries.py) - Experimental expansion module querying a sigma rule to convert it into all the available SIEM signatures. +* [Sigma syntax validator](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sigma_syntax_validator.py) - Sigma syntax validator. +* [sourcecache](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/sourcecache.py) - a module to cache a specific link from a MISP instance. +* [STIX2 pattern syntax validator](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py) - a module to check a STIX2 pattern syntax. +* [ThreatCrowd](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/threatcrowd.py) - an expansion module for [ThreatCrowd](https://www.threatcrowd.org/). +* [threatminer](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/threatminer.py) - an expansion module to expand from [ThreatMiner](https://www.threatminer.org/). +* [urlhaus](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py) - Query urlhaus to get additional data about a domain, hash, hostname, ip or url. +* [urlscan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlscan.py) - an expansion module to query [urlscan.io](https://urlscan.io). +* [virustotal](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/virustotal.py) - an expansion module to query the [VirusTotal](https://www.virustotal.com/gui/home) API with a high request rate limit required. (More details about the API: [here](https://developers.virustotal.com/reference)) +* [virustotal_public](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/virustotal_public.py) - an expansion module to query the [VirusTotal](https://www.virustotal.com/gui/home) API with a public key and a low request rate limit. (More details about the API: [here](https://developers.virustotal.com/reference)) +* [VMray](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray. +* [VulnDB](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/). +* [Vulners](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API. +* [whois](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd). +* [wikidata](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module. +* [xforce](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module. +* [xlsx-enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/xlsx-enrich.py) - an enrichment module to get text out of an Excel document into MISP (using free-text parser). +* [YARA query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/yara_query.py) - a module to create YARA rules from single hash attributes. +* [YARA syntax validator](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/yara_syntax_validator.py) - YARA syntax validator. + +### Export modules + +* [CEF](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/cef_export.py) module to export Common Event Format (CEF). +* [Cisco FireSight Manager ACL rule](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/cisco_firesight_manager_ACL_rule_export.py) module to export as rule for the Cisco FireSight manager ACL. +* [GoAML export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/goamlexport.py) module to export in [GoAML format](http://goaml.unodc.org/goaml/en/index.html). +* [Lite Export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/liteexport.py) module to export a lite event. +* [Mass EQL Export](misp_modules/modules/export_mod/mass_eql_export.py) module to export applicable attributes from an event to a mass EQL query. +* [PDF export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/pdfexport.py) module to export an event in PDF. +* [Nexthink query format](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py) module to export in Nexthink query format. +* [osquery](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/osqueryexport.py) module to export in [osquery](https://osquery.io/) query format. +* [ThreatConnect](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/threat_connect_export.py) module to export in ThreatConnect CSV format. +* [ThreatStream](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/threatStream_misp_export.py) module to export in ThreatStream format. + +### Import modules + +* [CSV import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/csvimport.py) Customizable CSV import module. +* [Cuckoo JSON](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/cuckooimport.py) Cuckoo JSON import. +* [Email Import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/email_import.py) Email import module for MISP to import basic metadata. +* [GoAML import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/goamlimport.py) Module to import [GoAML](http://goaml.unodc.org/goaml/en/index.html) XML format. +* [Joe Sandbox import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joe_import.py) Parse data from a Joe Sandbox json report. +* [OCR](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/ocr.py) Optical Character Recognition (OCR) module for MISP to import attributes from images, scan or faxes. +* [OpenIOC](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/openiocimport.py) OpenIOC import based on PyMISP library. +* [ThreatAnalyzer](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/threatanalyzer_import.py) - An import module to process ThreatAnalyzer archive.zip/analysis.json sandbox exports. +* [VMRay](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/vmray_import.py) - An import module to process VMRay export. + + +## How to contribute your own module? + +Fork the project, add your module, test it and make a pull-request. Modules can be also private as you can add a module in your own MISP installation. +For further information please see [Contribute](contribute/). + + +## Licenses +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%MISP%2Fmisp-modules.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2FMISP%2Fmisp-modules?ref=badge_large) + +For further Information see also the [license file](license/). \ No newline at end of file From 7cb7a9bd52a0920949e544716bb3a7cebfe3e82d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 27 Oct 2021 22:25:41 +0200 Subject: [PATCH 052/132] chg: [documentation] updated --- documentation/README.md | 115 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 105 insertions(+), 10 deletions(-) diff --git a/documentation/README.md b/documentation/README.md index 6eefef5..4dea631 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -606,24 +606,19 @@ Module to query a local copy of Maxmind's Geolite database. -Module to access GreyNoise.io API +Module to query IP and CVE information from GreyNoise - **features**: -> - Query an IP from GreyNoise to see if it is internet background noise or a common business service -> - Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days -> - Supports Enterprise (Paid) and Community API for IP lookup -> - CVE Lookup is only supported with an Enterprise API Key +>This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days. - **input**: ->An IP address or CVE ID. +>An IP address or CVE ID - **output**: -> - For IPs: IP Lookup Details -> - FOR CVEs: Scanner Count for last 7 days +>IP Lookup information or CVE scanning profile for past 7 days - **references**: > - https://greynoise.io/ > - https://docs.greyniose.io/ > - https://www.greynoise.io/viz/account/ - **requirements**: -> - A Greynoise API key. -> - Selection of API Key type: `enterprise` (for Paid users) or `community` (for Free users) +>A Greynoise API key. Both Enterprise (Paid) and Community (Free) API keys are supported, however Community API users will only be able to perform IP lookups. ----- @@ -641,6 +636,25 @@ A hover module to check hashes against hashdd.com including NSLR dataset. ----- +#### [hashlookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashlookup.py) + + + +An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL. +- **features**: +>The module takes file hashes as input such as a MD5 or SHA1. +> It queries the public CIRCL.lu hashlookup service and return all the hits if the hashes are known in an existing dataset. The module can be configured with a custom hashlookup url if required. +> The module can be used an hover module but also an expansion model to add related MISP objects. +> +- **input**: +>File hashes (MD5, SHA1) +- **output**: +>Object with the filename associated hashes if the hash is part of a known set. +- **references**: +>https://www.circl.lu/services/hashlookup/ + +----- + #### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) @@ -808,6 +822,8 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re +Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module. + Query Lastline with an analysis link and parse the report into MISP attributes and objects. The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module. - **features**: @@ -827,6 +843,8 @@ The analysis link can also be retrieved from the output of the [lastline_submit] +Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module. + Module to submit a file or URL to Lastline. - **features**: >The module requires a Lastline Analysis `api_token` and `key`. @@ -1022,6 +1040,25 @@ Module to get information from AlienVault OTX. ----- +#### [passivessh](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivessh.py) + + + +An expansion module to query the CIRCL Passive SSH. +- **features**: +>The module queries the Passive SSH service from CIRCL. +> +> The module can be used an hover module but also an expansion model to add related MISP objects. +> +- **input**: +>IP addresses or SSH fingerprints +- **output**: +>SSH key materials, complementary IP addresses with similar SSH key materials +- **references**: +>https://github.com/D4-project/passive-ssh + +----- + #### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py) @@ -1573,6 +1610,26 @@ Module to submit a sample to VMRay. ----- +#### [vmware_nsx](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmware_nsx.py) + + + +Module to enrich a file or URL with VMware NSX Defender. +- **features**: +>This module takes an IoC such as file hash, file attachment, malware-sample or url as input to query VMware NSX Defender. +> +>The IoC is then enriched with data from VMware NSX Defender. +- **input**: +>File hash, attachment or URL to be enriched with VMware NSX Defender. +- **output**: +>Objects and tags generated by VMware NSX Defender. +- **references**: +>https://www.vmware.com +- **requirements**: +>The module requires a VMware NSX Defender Analysis `api_token` and `key`. + +----- + #### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) @@ -1726,6 +1783,26 @@ An expansion hover module to perform a syntax check on if yara rules are valid o ----- +#### [yeti](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yeti.py) + + + +Module to process a query on Yeti. +- **features**: +>This module add context and links between observables using yeti +- **input**: +>A domain, hostname,IP, sha256,sha1, md5, url of MISP attribute. +- **output**: +>MISP attributes and objects fetched from the Yeti instances. +- **references**: +> - https://github.com/yeti-platform/yeti +> - https://github.com/sebdraven/pyeti +- **requirements**: +> - pyeti +> - API key + +----- + ## Export Modules #### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py) @@ -1958,6 +2035,22 @@ This module is used to create a VirusTotal Graph from a MISP event. ## Import Modules +#### [cof2misp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cof2misp.py) + +Passive DNS Common Output Format (COF) MISP importer +- **features**: +>Takes as input a valid COF file or the output of the dnsdbflex utility and creates MISP objects for the input. +- **input**: +>Passive DNS output in Common Output Format (COF) +- **output**: +>MISP objects +- **references**: +>https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html +- **requirements**: +>PyMISP + +----- + #### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py) Module to import MISP attributes from a csv file. @@ -2050,6 +2143,8 @@ A module to import data from a Joe Sandbox analysis json report. +Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module. + Module to import and parse reports from Lastline analysis links. - **features**: >The module requires a Lastline Portal `username` and `password`. From 5bad98cf4788b58b3436df27aea83b21b352e66f Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Tue, 9 Nov 2021 14:59:57 +0100 Subject: [PATCH 053/132] chg: [py] Pandas requirements update --- REQUIREMENTS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index 010527d..a5a32bf 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -63,7 +63,7 @@ json-log-formatter==0.4.0 jsonschema==3.2.0 lark-parser==0.11.3 lief==0.11.5 -lxml==4.6.3 +lxml==4.6.4 maclookup==1.0.3 markdownify==0.5.3 maxminddb==2.0.3; python_version >= '3.6' @@ -76,8 +76,8 @@ oauth2==1.9.0.post1 olefile==0.46; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' oletools==0.56.2 opencv-python==4.5.3.56 -pandas-ods-reader==0.1.2 -pandas==1.3.2 +pandas-ods-reader==0.1.4 +pandas==1.3.4 passivetotal==2.5.4 pcodedmp==1.2.6 pdftotext==2.2.0 @@ -104,7 +104,7 @@ python-magic==0.4.24 python-pptx==0.6.19 python-socketio[client]==5.4.0; python_version >= '3.6' python-utils==2.5.6 -pytz==2019.3 +pytz==2021.3 pyyaml==5.4.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' pyzbar==0.1.8 pyzipper==0.3.5; python_version >= '3.5' From e34b019f299094916c195f3d661976b82fb7f6fc Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Tue, 9 Nov 2021 15:37:56 +0100 Subject: [PATCH 054/132] chg: [py] Dependency bump. Works on buuntu 18.04.x --- Pipfile | 6 +++--- REQUIREMENTS | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Pipfile b/Pipfile index a54bdf3..f6759bd 100644 --- a/Pipfile +++ b/Pipfile @@ -33,7 +33,7 @@ blockchain = "*" reportlab = "*" pyintel471 = { editable = true, git = "https://github.com/MISP/PyIntel471.git" } shodan = "*" -Pillow ">=8.2.0" +Pillow = ">=8.2.0" Wand = "*" SPARQLWrapper = "*" domaintools_api = "*" @@ -49,7 +49,7 @@ python-pptx = "*" python-docx = "*" ezodf = "*" pandas = "*" -pandas_ods_reader = "*" +pandas_ods_reader = "==0.1.2" pdftotext = "*" lxml = "*" xlrd = "*" @@ -69,4 +69,4 @@ tau-clients = "*" vt-py = ">=0.7.1" [requires] -python_version = "3" +python_version = "3.6" diff --git a/REQUIREMENTS b/REQUIREMENTS index a5a32bf..f95a924 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -13,6 +13,7 @@ -e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader -e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails -e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe +https://github.com/SteveClement/trustar-python.git aiohttp==3.7.4.post0 antlr4-python3-runtime==4.8; python_version >= '3' apiosintds==1.8.3 @@ -76,8 +77,8 @@ oauth2==1.9.0.post1 olefile==0.46; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' oletools==0.56.2 opencv-python==4.5.3.56 -pandas-ods-reader==0.1.4 -pandas==1.3.4 +pandas-ods-reader==0.1.2 +pandas==1.1.5 passivetotal==2.5.4 pcodedmp==1.2.6 pdftotext==2.2.0 @@ -104,7 +105,7 @@ python-magic==0.4.24 python-pptx==0.6.19 python-socketio[client]==5.4.0; python_version >= '3.6' python-utils==2.5.6 -pytz==2021.3 +pytz==2019.3 pyyaml==5.4.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' pyzbar==0.1.8 pyzipper==0.3.5; python_version >= '3.5' @@ -118,7 +119,7 @@ rtfde==0.0.2 ruamel.yaml.clib==0.2.6; python_version < '3.10' and platform_python_implementation == 'CPython' ruamel.yaml==0.17.13; python_version >= '3' shodan==1.25.0 -sigmatools==0.20 +sigmatools==0.19.1 six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' socialscan==1.4.2 socketio-client==0.5.7.4 @@ -130,7 +131,6 @@ tau-clients==0.1.3 tldextract==3.1.0; python_version >= '3.5' tornado==6.1; python_version >= '3.5' tqdm==4.62.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -trustar==0.3.35 typing-extensions==3.10.0.0 tzlocal==3.0; python_version >= '3.6' unicodecsv==0.14.1 From 800135f4e256c3d52ab79044349ab1067aac4ec7 Mon Sep 17 00:00:00 2001 From: Steve Clement Date: Tue, 9 Nov 2021 15:48:34 +0100 Subject: [PATCH 055/132] fix: [py] Dependency fix --- Pipfile | 2 +- REQUIREMENTS | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index f6759bd..e8f6929 100644 --- a/Pipfile +++ b/Pipfile @@ -59,7 +59,7 @@ geoip2 = "*" apiosintDS = "*" assemblyline_client = "*" vt-graph-api = "*" -trustar = "*" +trustar = { editable = true, git = "https://github.com/SteveClement/trustar-python.git" } markdownify = "==0.5.3" socialscan = "*" dnsdb2 = "*" diff --git a/REQUIREMENTS b/REQUIREMENTS index f95a924..21e24d9 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -13,7 +13,7 @@ -e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader -e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails -e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe -https://github.com/SteveClement/trustar-python.git +git+https://github.com/SteveClement/trustar-python.git aiohttp==3.7.4.post0 antlr4-python3-runtime==4.8; python_version >= '3' apiosintds==1.8.3 From dc0660acd0df74e874be4cf81c9b5d4381fb594f Mon Sep 17 00:00:00 2001 From: Calvin Krzywiec Date: Mon, 22 Nov 2021 15:46:46 -0500 Subject: [PATCH 056/132] feature: add qintel qsentry expansion module --- misp_modules/lib/__init__.py | 2 +- misp_modules/lib/qintel_helper.py | 263 ++++++++++++++++++ misp_modules/modules/expansion/__init__.py | 3 +- .../modules/expansion/qintel_qsentry.py | 221 +++++++++++++++ 4 files changed, 487 insertions(+), 2 deletions(-) create mode 100644 misp_modules/lib/qintel_helper.py create mode 100644 misp_modules/modules/expansion/qintel_qsentry.py diff --git a/misp_modules/lib/__init__.py b/misp_modules/lib/__init__.py index d92e989..2939e75 100644 --- a/misp_modules/lib/__init__.py +++ b/misp_modules/lib/__init__.py @@ -1,3 +1,3 @@ from .vt_graph_parser import * # noqa -all = ['joe_parser', 'lastline_api', 'cof2misp'] +all = ['joe_parser', 'lastline_api', 'cof2misp', 'qintel_helper'] diff --git a/misp_modules/lib/qintel_helper.py b/misp_modules/lib/qintel_helper.py new file mode 100644 index 0000000..47106f7 --- /dev/null +++ b/misp_modules/lib/qintel_helper.py @@ -0,0 +1,263 @@ +# Copyright (c) 2009-2021 Qintel, LLC +# Licensed under Apache 2.0 (https://www.apache.org/licenses/LICENSE-2.0.txt) + +from urllib.request import Request, urlopen +from urllib.parse import urlencode +from urllib.error import HTTPError +from time import sleep +from json import loads +import os +from copy import deepcopy +from datetime import datetime, timedelta +from gzip import GzipFile + +VERSION = '1.0.1' +USER_AGENT = 'integrations-helper' +MAX_RETRY_ATTEMPTS = 5 + +DEFAULT_HEADERS = { + 'User-Agent': f'{USER_AGENT}/{VERSION}' +} + +REMOTE_MAP = { + 'pmi': 'https://api.pmi.qintel.com', + 'qwatch': 'https://api.qwatch.qintel.com', + 'qauth': 'https://api.qauth.qintel.com', + 'qsentry_feed': 'https://qsentry.qintel.com', + 'qsentry': 'https://api.qsentry.qintel.com' +} + +ENDPOINT_MAP = { + 'pmi': { + 'ping': '/users/me', + 'cve': 'cves' + }, + 'qsentry_feed': { + 'anon': '/files/anonymization', + 'mal_hosting': '/files/malicious_hosting' + }, + 'qsentry': {}, + 'qwatch': { + 'ping': '/users/me', + 'exposures': 'exposures' + }, + 'qauth': {} +} + + +def _get_request_wait_time(attempts): + """ Use Fibonacci numbers for determining the time to wait when rate limits + have been encountered. + """ + + n = attempts + 3 + a, b = 1, 0 + for _ in range(n): + a, b = a + b, a + + return a + + +def _search(**kwargs): + remote = kwargs.get('remote') + max_retries = int(kwargs.get('max_retries', MAX_RETRY_ATTEMPTS)) + params = kwargs.get('params', {}) + headers = _set_headers(**kwargs) + + logger = kwargs.get('logger') + + params = urlencode(params) + url = remote + "?" + params + req = Request(url, headers=headers) + + request_attempts = 1 + while request_attempts < max_retries: + try: + return urlopen(req) + + except HTTPError as e: + response = e + + except Exception as e: + raise Exception('API connection error') from e + + if response.code not in [429, 504]: + raise Exception(f'API connection error: {response}') + + if request_attempts < max_retries: + wait_time = _get_request_wait_time(request_attempts) + + if response.code == 429: + msg = 'rate limit reached on attempt {request_attempts}, ' \ + 'waiting {wait_time} seconds' + + if logger: + logger(msg) + + else: + msg = f'connection timed out, retrying in {wait_time} seconds' + if logger: + logger(msg) + + sleep(wait_time) + + else: + raise Exception('Max API retries exceeded') + + request_attempts += 1 + + +def _set_headers(**kwargs): + headers = deepcopy(DEFAULT_HEADERS) + + if kwargs.get('user_agent'): + headers['User-Agent'] = \ + f"{kwargs['user_agent']}/{USER_AGENT}/{VERSION}" + + # TODO: deprecate + if kwargs.get('client_id') or kwargs.get('client_secret'): + try: + headers['Cf-Access-Client-Id'] = kwargs['client_id'] + headers['Cf-Access-Client-Secret'] = kwargs['client_secret'] + except KeyError: + raise Exception('missing client_id or client_secret') + + if kwargs.get('token'): + headers['x-api-key'] = kwargs['token'] + + return headers + + +def _set_remote(product, query_type, **kwargs): + remote = kwargs.get('remote') + endpoint = kwargs.get('endpoint', ENDPOINT_MAP[product].get(query_type)) + + if not remote: + remote = REMOTE_MAP[product] + + if not endpoint: + raise Exception('invalid search type') + + remote = remote.rstrip('/') + endpoint = endpoint.lstrip('/') + + return f'{remote}/{endpoint}' + + +def _process_qsentry(resp): + if resp.getheader('Content-Encoding', '') == 'gzip': + with GzipFile(fileobj=resp) as file: + for line in file.readlines(): + yield loads(line) + + +def search_pmi(search_term, query_type, **kwargs): + """ + Search PMI + + :param str search_term: Search term + :param str query_type: Query type [cve|ping] + :param dict kwargs: extra client args [remote|token|params] + :return: API JSON response object + :rtype: dict + """ + + kwargs['remote'] = _set_remote('pmi', query_type, **kwargs) + kwargs['token'] = kwargs.get('token', os.getenv('PMI_TOKEN')) + + params = kwargs.get('params', {}) + params.update({'identifier': search_term}) + kwargs['params'] = params + + return loads(_search(**kwargs).read()) + + +def search_qwatch(search_term, search_type, query_type, **kwargs): + """ + Search QWatch for exposed credentials + + :param str search_term: Search term + :param str search_type: Search term type [domain|email] + :param str query_type: Query type [exposures] + :param dict kwargs: extra client args [remote|token|params] + :return: API JSON response object + :rtype: dict + """ + + kwargs['remote'] = _set_remote('qwatch', query_type, **kwargs) + kwargs['token'] = kwargs.get('token', os.getenv('QWATCH_TOKEN')) + + params = kwargs.get('params', {}) + if search_type: + params.update({search_type: search_term}) + kwargs['params'] = params + + return loads(_search(**kwargs).read()) + + +def search_qauth(search_term, **kwargs): + """ + Search QAuth + + :param str search_term: Search term + :param dict kwargs: extra client args [remote|token|params] + :return: API JSON response object + :rtype: dict + """ + + if not kwargs.get('endpoint'): + kwargs['endpoint'] = '/' + + kwargs['remote'] = _set_remote('qauth', None, **kwargs) + kwargs['token'] = kwargs.get('token', os.getenv('QAUTH_TOKEN')) + + params = kwargs.get('params', {}) + params.update({'q': search_term}) + kwargs['params'] = params + + return loads(_search(**kwargs).read()) + + +def search_qsentry(search_term, **kwargs): + """ + Search QSentry + + :param str search_term: Search term + :param dict kwargs: extra client args [remote|token|params] + :return: API JSON response object + :rtype: dict + """ + + if not kwargs.get('endpoint'): + kwargs['endpoint'] = '/' + + kwargs['remote'] = _set_remote('qsentry', None, **kwargs) + kwargs['token'] = kwargs.get('token', os.getenv('QSENTRY_TOKEN')) + + params = kwargs.get('params', {}) + params.update({'q': search_term}) + kwargs['params'] = params + + return loads(_search(**kwargs).read()) + + +def qsentry_feed(query_type='anon', feed_date=datetime.today(), **kwargs): + """ + Fetch the most recent QSentry Feed + + :param str query_type: Feed type [anon|mal_hosting] + :param dict kwargs: extra client args [remote|token|params] + :param datetime feed_date: feed date to fetch + :return: API JSON response object + :rtype: Iterator[dict] + """ + + remote = _set_remote('qsentry_feed', query_type, **kwargs) + kwargs['token'] = kwargs.get('token', os.getenv('QSENTRY_TOKEN')) + + feed_date = (feed_date - timedelta(days=1)).strftime('%Y%m%d') + kwargs['remote'] = f'{remote}/{feed_date}' + + resp = _search(**kwargs) + for r in _process_qsentry(resp): + yield r diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index a817c2a..1666ffe 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -17,7 +17,8 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid', 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', - 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh'] + 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', + 'qintel_qsentry'] minimum_required_fields = ('type', 'uuid', 'value') diff --git a/misp_modules/modules/expansion/qintel_qsentry.py b/misp_modules/modules/expansion/qintel_qsentry.py new file mode 100644 index 0000000..6733b93 --- /dev/null +++ b/misp_modules/modules/expansion/qintel_qsentry.py @@ -0,0 +1,221 @@ +import logging +import json + +from pymisp import MISPAttribute, MISPEvent, MISPTag, MISPObject +from . import check_input_attribute, checking_error, standard_error_message + +from qintel_helper import search_qsentry + +logger = logging.getLogger('qintel_qsentry') +logger.setLevel(logging.DEBUG) + +moduleinfo = { + 'version': '1.0', + 'author': 'Qintel, LLC', + 'description': 'Query Qintel QSentry for ip intelligence', + 'module-type': ['hover', 'expansion'] +} + +moduleconfig = ['token', 'remote'] + +misperrors = {'error': 'Error'} + +mispattributes = { + 'input': ['ip-src', 'ip-dst'], + 'output': ['ip-src', 'ip-dst', 'AS', 'freetext'], + 'format': 'misp_standard' +} + +TAG_COLOR = { + 'benign': '#27ae60', + 'suspicious': '#e6a902', + 'malicious': '#c0392b' +} + +CLIENT_HEADERS = { + 'User-Agent': f"MISP/{moduleinfo['version']}", +} + + +def _return_error(message): + misperrors['error'] = message + return misperrors + + +def _make_tags(enriched_attr, result): + + for tag in result['tags']: + color = TAG_COLOR['suspicious'] + if tag == 'criminal': + color = TAG_COLOR['malicious'] + + t = MISPTag() + t.from_dict(**{ + 'name': f'qintel:tag="{tag}"', + 'colour': color + }) + enriched_attr.add_tag(**t) + + return enriched_attr + + +def _make_enriched_attr(event, result, orig_attr): + + enriched_object = MISPObject('Qintel Threat Enrichment') + enriched_object.add_reference(orig_attr.uuid, 'related-to') + + enriched_attr = MISPAttribute() + enriched_attr.from_dict(**{ + 'value': orig_attr.value, + 'type': orig_attr.type, + 'distribution': 0, + 'object_relation': 'enriched-attr', + 'to_ids': orig_attr.to_ids + }) + + enriched_attr = _make_tags(enriched_attr, result) + enriched_object.add_attribute(**enriched_attr) + + comment_attr = MISPAttribute() + comment_attr.from_dict(**{ + 'value': '\n'.join(result.get('descriptions', [])), + 'type': 'text', + 'object_relation': 'descriptions', + 'distribution': 0 + }) + enriched_object.add_attribute(**comment_attr) + + last_seen = MISPAttribute() + last_seen.from_dict(**{ + 'value': result.get('last_seen'), + 'type': 'datetime', + 'object_relation': 'last-seen', + 'distribution': 0 + }) + enriched_object.add_attribute(**last_seen) + + event.add_attribute(**orig_attr) + event.add_object(**enriched_object) + + return event + + +def _make_asn_attr(event, result, orig_attr): + + asn_object = MISPObject('asn') + asn_object.add_reference(orig_attr.uuid, 'related-to') + + asn_attr = MISPAttribute() + asn_attr.from_dict(**{ + 'type': 'AS', + 'value': result.get('asn'), + 'object_relation': 'asn', + 'distribution': 0 + }) + asn_object.add_attribute(**asn_attr) + + org_attr = MISPAttribute() + org_attr.from_dict(**{ + 'type': 'text', + 'value': result.get('asn_name', 'unknown').title(), + 'object_relation': 'description', + 'distribution': 0 + }) + asn_object.add_attribute(**org_attr) + + event.add_object(**asn_object) + + return event + + +def _format_hover(event, result): + + enriched_object = event.get_objects_by_name('Qintel Threat Enrichment')[0] + + tags = ', '.join(result.get('tags')) + enriched_object.add_attribute('Tags', type='text', value=tags) + + return event + + +def _format_result(attribute, result): + + event = MISPEvent() + + orig_attr = MISPAttribute() + orig_attr.from_dict(**attribute) + + event = _make_enriched_attr(event, result, orig_attr) + event = _make_asn_attr(event, result, orig_attr) + + return event + + +def _check_config(config): + if not config: + return False + + if not isinstance(config, dict): + return False + + if config.get('token', '') == '': + return False + + return True + + +def _check_request(request): + if not request.get('attribute'): + return f'{standard_error_message}, {checking_error}' + + check_reqs = ('type', 'value') + if not check_input_attribute(request['attribute'], + requirements=check_reqs): + return f'{standard_error_message}, {checking_error}' + + if request['attribute']['type'] not in mispattributes['input']: + return 'Unsupported attribute type' + + +def handler(q=False): + if not q: + return False + + request = json.loads(q) + config = request.get('config') + + if not _check_config(config): + return _return_error('Missing Qintel token') + + check_request_error = _check_request(request) + if check_request_error: + return _return_error(check_request_error) + + search_args = { + 'token': config['token'], + 'remote': config.get('remote') + } + + try: + result = search_qsentry(request['attribute']['value'], **search_args) + except Exception as e: + return _return_error(str(e)) + + event = _format_result(request['attribute'], result) + if not request.get('event_id'): + event = _format_hover(event, result) + + event = json.loads(event.to_json()) + + ret_result = {key: event[key] for key in ('Attribute', 'Object') if key + in event} + return {'results': ret_result} + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 897164c5edaa653108a4b67e187318365464d4e4 Mon Sep 17 00:00:00 2001 From: Calvin Krzywiec Date: Mon, 22 Nov 2021 15:52:58 -0500 Subject: [PATCH 057/132] feature: add qintel qsentry module documentation --- documentation/logos/qintel.png | Bin 0 -> 47612 bytes .../website/expansion/qintel_qsentry.json | 13 +++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 documentation/logos/qintel.png create mode 100644 documentation/website/expansion/qintel_qsentry.json diff --git a/documentation/logos/qintel.png b/documentation/logos/qintel.png new file mode 100644 index 0000000000000000000000000000000000000000..fa3af768d7234d51238fd8d8d5df80b058017703 GIT binary patch literal 47612 zcmeFYc{o+;`!K$?Z3-Del(3^TD5OFXn+y#^k$KpnB84)942u#aL#HFjm@zX&X0{Mf zh)5+i4aN*1ncw@_&iQ;lzxVq6_5Sx>*SoLltk!vk`?=@oS?=ha(pt~9nGM6R^~aB? zpTRIzZVY3*$;u2PO`(>b;GcEQ$4p!>OiCR6NAO5hamO$cc3fT6z$13-i|&~%MrD)z z0$Q!sENzmc8;J#zZ0gb^@u}NVKW~&@YUFJh1nV;`WWb4$jkjlhhuwC`9)^fk!Gb4U|seK8b%9cK@ ziX!S(-q&0!bybA7K0SlCCmEd|t|UlTUte8vrVd_D5W5-Fw|wbynYUMMH5aU*s?&|h za#!Y$vCcaD`GMm!kGhL9-_IJi>BxB4jsCL6LXG+^^ zsKuo58{a|mGS`r$QZ}@+1w1#Z!Hp?yR_%WWNJ*4DXF#@0F-PW0-I;opQM$Uf{CiG` zA3t9Y8}e1yFFI(={_DKV$|aqZ9_!f3h8c@_mzL1RXY|Qu1_p0W-(_m)m@wSH(K^V- z=i0GOB+XY4Z9lq$gw~xlc>6lbj{3KMMTPc`68q6-aSPUHn&UnWPr*XI^{zEk4fWWv zoYNj-X&Zvqp~>4CWO#C%GSzLlhMrUlQGwo)_1>(5)Kv_<+P!K{i{}7$K z4tFz$CDxm3)D`GoV7KfNa@|++fQY=iaX5}(JWaY3W|^~#n=_xiHBT*oWd|pWwyn(t z8}*atM%yx;?QoNyRXYX~SiU0t%#HmRar-tjU`*%LkcI+T;uhW8I&CAtu%Xx%lDf8!%NMr^R=Cm?(;XF^m>YCs3aMtV_H|g~;K(nu+Y|q&}Bb zT#ZK4t6NF%TroI(P=k%7_waVjA>}~E>rzO;$YgkUYn(o)wQI}MST5elLxGH3QbI8J z=-EV%GKNi>o<11GGer`is41(fn;E=~JjnvHX>S+-Cz@Z18`GClfAn{}ymdsgF0cqO zh03=M!VG1gy)0n-?WkzF@5afdLB0)2hxlNUvKwJ4V~zNoL2Rhvq;bWI4?F{gYawxH z`{VGG*r_92a=g6Hzxwxf9dQrmQ!qw-e@KHdXB5V;+i%!_ z-HqCy5$c5lghtI`%Wt_)AF~@F0dhp+@Ra>aguL=tnxd3`oKXzn zPRXlsSpw?zXms)o5FY(qJAOmiX9BGr3tb0tlOg2|_#d5Pcwn;uA)Id{fw)Z$W}*Bl zn^;C7dbFSl6WHQb5(3W6h2<@YiJ_6-s$_WHkPyMD)aa;<#o}oAm=dBw!gPBu)ZI zdv|C45EJ{+BG?^}`E>Kz`hAEzdj^cUk?*X&tIey9mTUNx`6pnX>4?hglVo_BMYumu z0mOvot8$tT2dzgFwMe15^ZB?QDPd#nR~~yI+S+1pc*^B{KJGhW?k_wNkQ&2>h`?sV zNPxh4KtNV(_eHibRRO6l3LY?#NO%92kDWevk!Roac&docPS8BWL(FH(o~V;7p!g23 zZJXGq1DabXeN|4QzgqU9=`0z<7rC#7N*G7u6}A{O)~ij1Ct9!gQ-nqEZY`f2I=zCf z;9bBhPxYlC4u688jz2GqQ)AE(JK(e6eVVg?8 z92zwcs6IL&B6l-O?*`Aca5jJHD@=2_~^WM5LGAH-Q*dlk;d~$sdPj)!Udd zs^Bt!y%U4jYl#e$CY>Vhnj?k1Izd8XO9?l>UmHFEumB zfaMaE&s^ZF%eORyEBz=4CIUQDy&o}N=WY!~Ddh3;5uUy~D(@^th-4D9>*uam^p;+M zu}4zKGtxfiFi&9rKBu5{LOuBSRY@n}&@zGP!PY}rFVM<1aZpu!c&dk~$&zgQk zDyAKQ!}G7COD$ppmD8BSn1Yy;55k3d0EHo%N^Tqz**win3JulKiS$e7GFPw5c#Z|v zI!5~2zyv(&1DI1l~A{chM4>!V2N)H|H`#}^e zD+}E1RYw?gEwh1q4zs z2V7x$@D=REVEf1a8QouAN_f%QYKk`BK}s)0zy#wUtrHul{<4R9%Db=Ydt5U3aJ+)f zabr*Mjg;$Bu?JzpH(fG7H~#o~eg5Gjgm(J{3Zkf)9#wqqn0Bq`1M1qQsb;1vvDvO7q?&C5y^4BetCHvuro1}%B@ z<4q{TSZG2GEQu&UD6hcDf&ZW^LA9hi6@Hi{`_h$CyJDU#-%ns1MzCLW32Be@GIy)& zLt1Kkf($e~0uKG2D17>ucMh$ZM@AvT24R-x>X00PxrVN+jmY5eg2{X~io%jMVhIPr zT#y}Pb-T9J7B>E~#A8B&!2DGv=OG}C$s$Kdx}ni27`a|X$yW{>A^8GQ)qDOy23YOa zi~C`bttJ`J5cD|4^#5H_bEBA5Mj;3=$wd znM?+{AA()FxL_aYZ4@#y;=;G4+MT#}Y>6ZQ7gR<{QTj|*h$NaM4Fioh4#3PI;f&xy zQZZeTNVw%%{kJ zK-j$+=EiUw{{PwK zLv^MT`1Yv!QiN~#3#o}0vr`ax{t5_)YNO3gq*q--pz(c&jHRNa_%O_CXJ*e2kiE7GCYMK@-_b*@O);pa+>Lniq)qwB^N*dlhH;@>wb11Bk=~s zU1}#LfjEX?L>esN@jY*T zghX-Ewr@~4DLVK1p~zzucU9H99G{G;ixZTq7JWQq1l1TwM0x~Ff?X63L>WiZI;Qf(1E!YtyeF?1oMt!h zyK=o6|9vDQ@#$l!S3_z63BTvBVoPDL4%GDo8E8C}x{f%Qm*l@M{8P0bKX1?Y=uHrI z$bnq(f!Zo%X50uNfywA0(qA~rS@G@KtkCNHl3J#$r7p0cXWT{+@^p**tNVZ15!b8@ zTf-yg*gLAmU1p{HmE_8LMvYE$69;VUq*)XTCu;K0HHZ2NSn`06!(7|Dotjzph;|{$ zf%9(Wu6EO#bL9(%32J~KhTTN!Lb>vMeqj6Nd>g+bt@icQ+4S%U5%(zp$lo^cd{Gam zwOI1O{!2QQ0600gM7tm7XNsBI9>{2xZ~}!_({#!u#(cN`S}A$lfvrrwOL9jsZ}@P9 zlZub`T;bd5{HKq{C+6)H5)@@L|7)?6Y>aeEdm*8p>gzhXKDWalASVz=i%mVqmUaR& z+X{$+r$Qy^WYigjw#w+0-s9_Eb{!3XSaL>va%=Th!tFI1sND{0X<6-=0Yd#$%1^Ov zCHI2o6~fpBgBM>&u}2}#R67%QgMiVBq_#YID`258=`=-66xOWM{nA_kyf`N$YG)Q@ zkvQpdmmia}c92BT8lR*YMbOsfQ`uOr;JC=2PJIPd|EJjZWhX zW_gt!BepN$t-$r?^GV&`E`I1bFTlMdGfQOlx^WHVt1{-mYy8e|8mBAQ!*Z54UHtbf z1%j3oW2AHC=I^|4`>2!iM_ES^R{oR1$ZSpH)b7#+a5|Eba!EPOQfh~Ic`(UK!gRkG zg#!)@7pCj)XAmD;|8%4z=BnK^}0$Tb1#_;OEIE*zPZ#FF6cL;ewkA#wW=D}C)NTQQ+)sGfJUdQ>Pw5q zuGr++D;6ROn_#&hauih7)Z%6*9buYKStl_H488ngo$4J{+-c3l3?``Mj1Hc$V;U$#BO6vzFxz`jzTE z;-kAwTNo=yaP==!d&o?XOA zXbhM|xfeYZqGE48=>Smq~ z4!%!~c&3J4S{KqC^BN31MZVOjBj!s)$R#-|^VwzNj@>t1iq|L4^mL`-2ogOF6MQ&2 zqbdLGM|z=Ga?}hyW#uTWsilObHz6i*)LpJB8SDM#E^0d_mqQyG{j{4X7tGw{Ad8z)-|XPdCFF?OI9)wz%E23J>4JE z^9o)_-hVM5_rssRKSWcov0fXqs2mrhr%OnU-5uhBo<=OKZKKvWqc6 zcn8N{YnqK}F{-<#+2*S8Wx#yYQ|?0xAM@)O6xSMKaWIdQ+M>8q*^rAm^e;5(lD`Jl ztO5Rk0Drbwz?O=32g>>USqZQ%pd+J6CPVjw2~26HSWDbqZ~Z>*#2X#+AE#bY9w`G@ zOq@glY{Qy^6Qtt2r^v@0$-iao0n&M80Sm}0bl6vi&HLX|c@xX3CK7pLoAXRcl_i{j$BI`PKZNgdgq zj2KeIw~E)}+syi~h84H&@YY=eh)-*WZnY0ud@_BjcY#@<7r(unzs3tq1oaT$;}r%_ zoBFi61gVxvFQ9ia1Y6gxs)S@>q@n1(`TSPV?E0(O`|vNaYs4Hwn>WGc3&u8B?cAPE zum!(LSB2X+wEdhz4>E_3W9|cKIn6t?P`LPt%+2`0EK~l~G;V6Xi4}}t;@i<+!Z0!4 z#HTuayoY$%B2L1WK7(pv;{lGSF`I~lzMLcEWP#uW@Q`^uVz6;pRYnv5azY? znt`F46M8*BGXrBGPY4v-Yu^GeV%R7TH}&_-{K};-ESCeJ*8}?r^!*jree(}WvM^q; zP}Zocl=Kf>3}1rH3YaL;OGyLrs%4AE&0wOyx?=_Bd~b5%g0<%62|Ek zttiPsX@HC?dVf$(DVS=_6r6x^dAxHSD~U@a_+{}IaPHq@VRY@zBoRyXKSt=G? z%}lD1L8HoEM%T1NFA-u8={YVaywcmShS!JQV2wRC>c$o@ge~31;VGC3C2!B3rHl}` z-`RpBJoy-nH`YX(1%%FhkSoC`OXHu*3d`UP`*RX#fisH-gB7kfz#FxAZAlN@DtbHr_ejOa3n`}_ zX;?G4acxujqT>Qyjt=TQL53&xbsDa|KygdW;D2a2$f0G~#|c0m{qktL-*XtmBN2GR z$>Fbuovty+xVo7|$vdut31fP(+vqQ!(SHT7t8g}iL9!@1h{PhPy9&1hb#G<&wenp3 z(T+Sq6&?5u_X`nB1cJUxS6AxU!)S*ST{fFiIm-v1>|82>mhw#B4w#_qT?6GKa!;hx zL}FkNh%raOG@qUakBG!>vVG#LqfP$O^*uENg-JP8GR(pi?pXZ9;XlcX!Ek>BKl+u5 zah%0iz76EdqrBX)B|9{;Ls(kSN!wrn#fFaB=<^Wap^1XQ>RlvCHe7wG(Q}#0NR$*e z&5T;d+2wd%ZW+y1`(OAY{f>5!xjD=g?y1b`pu@%R2um}Ug?QxgKN|WExU?=`$K1PUu8Jo=|PT#b-6>93q0DT7y^(|%0%wwQw z(iX@JWen&DnAl)3v-41u`t-IaU+3cJ=7LyV0!L$%#%vkD01+wDuIxbBzmO}<%`Kze z$}`19XHEpVed8<`9;+~m{uh}pM!f#FpW z{dQ8cXD7@>u%qqF5LbnOIX07^L13-F?^wee_FEHeJoKSuL)Wj0R|^4LVey1NtMJX* zwaY$E;2%;*hT)ELJG2nAigFQ@K5 zSQ@LVWi}Tko%Q|nX+EcW`}Uf?PmiBO%eW&EHU6ogZ7097wYtCfs+XZmHXF$#t`=L~ z8*L(*1<@V-f*KB}Zz^{Te%WT;nw}hfc%=n0g#Hf(Ze$q_fWxYb77*-@x>{fEFL!7A z{CDRwPOb{siUUt`6($nuvqe`8Nc~v6M#c$T$ySR^-~~V*yaP#Ik}KCSk1Re5dxl>R_(bvu)66K z=eJx(`Q!nF7d4>}G}$iR^5j-0?^{dyk!EZ3#U{yq>;*2|v9_Tm|tt1)_PZN(a8I!GFIe1UyLEX}QUT zc|S?d+!cd zfu5_QObMgO(77*o0>e4AFJyVujusW{C>i!vRP6h1v?uGl319uhDQ>x*6usBqz4rAM zZAXfa>9)ND(I4I+r?qa}>%%1ZS*u@^@rWFg0Kjd!iUPM?*hW|>9IdP6ki)@xIj@W9 ze36pW-GNYE+qRKQ#Ezt$E7kAQ$aEYMtr1bK+LFY8h3a`%*V55EL&N59jnfs^u5p|a zRw_N#$=r2R6zMPi!XBJTTjhezs8{k>pp7bbh|f#n@#RVd9lr&~I>R95k?HT(Dg`HQ z^dda-Sr8j!WukLNblUs2uroYuZmEvb)k@%;%}Q}+Zg|Pq@7>MHxn;~7v=5_PX8>tO zKLQzj9B-ORY#2Y|kyy|^{gScrw^6Ep($3slbn1VJlfmcRe|`C^Q$>}#_E3iCV8=TR zGttWIhv!f8?QpZJnUgRp7COtEds`U@gPRy$5?Fep?F+@-chCKNd&$dgUqaZavW0Ho z$qChf;!IxG%v@RLqSNPTU-1UI`?-!(S$01lzP@c$QEH~~t+(QCmxYoH#hTBdqW%FF zdRUlq&rlKze$%z)0J3Y+(FY$heIG1V+8pJ2FVv_tJ-l<&_qULLz@m!P`N@KXA-O=N zE(YWru_^S0vF#;Uv(CzIk_|!kI{W>Lr-z?jk7+z#} zghc~w>kbDuM1Cdl{OlL4r8pb)v=t|1VGGSe3PMi;76$FU<|P-alze7o^R8HRutqG! z`*}z}dbjNhujt+-pPvf%qY<;}xjCCO^Jzo(6RHgMmgw~3K`H@=Y-~vb2RdBT7;T55 zKofpYm+ZwUdMPSaY1LI+Tlj?h{GL*4d`Pt3hS2K1B?kyQ@Qc@hO^GaLf+;y#hc_9& zNl)fwp+g&(Pq$&iB0#4Ms#U#Xy&{hq-J+W<32Gt?j|cm6V+tr%V{~0J1}p#xYKUhm zgQ6HctHOvRGN{{rHO4}1x~gK#bPpSJCYbhg=Ut(OaOQRN9D#}>hR(eAR$TadHxDaM z+pP?`OTsup5XZu=++xiY*5Vv$0HPep2y2S*n%nyZmswzVAxS%TH~e*^hhO8WQbJfR zhZrouIKq+pQBAovt>5rK_)Ayko;CC-B?ct$l^}^9F&uH72bPy_-^4c8WZ^>6*-I2C$$}0o$oTuyW&_QXs1bLji_^nH-v3}TrisIL>691DZV|N5`@^AD`X1zRI)f+| zkqb})!$6#^e!J4ddfwrF08unZ8PEaNt{}VolLoN=+P#5w!?&Z(Xc$va0ENQhH6lpt z0d)MyHfUk@3APRIRh;gbOOD@7D&a%X0K*<5TB)ZHGx)YWy+;vu3`v3@G~lf)?8EkF zkS?})%ng@wa^;*Yi+8uB zp(C)NyP$R$i+psBWg1C!dAfyFC6jZ#dD zZJ_Q?kc)LC6DJ5q@NX@-CDE1T(+eLBR;NF-{GDU2@=Mz4$e%?ww%tqf@*z{Tew-X+ zFAu*M-zMzC=S3>nC$t>YGWQAqjPUhPYMJgTuJ9b*2x_H+EQ@) zTvn`%zqgSwTl?fQ)C(H;Vm^7f)l%WwwmIvYZ(pz{)G|RUzrprJ85i&0LUXs1H=2@q zj+DIUv2y4F_3602QV!UWC4lKWMw|Ng{OGv9DG>)}r= zQxk$}0!9~C24}wr3rc^F($(Q{;E z9#OFp-1}$CPLJIN&XH!T9?`BXSN9brQwQs#A2#S5U?6IOVW2HW6Qx-<`j{--OQ(cxIYoX7-=#TsI<9Q}4CU@^Bbf5E&=M zk3NAYpj1<_LxR9y7l9FG3@)8?j`f|%y`?aMwdu}=qi+`1PjPGt|1ac^@f*?Cs%Oeh zx{Du3+)Jq2p$(ovRp)|a$k0CUf7GvUdy1Bc#PBP|>Rfip!e~7a9LBNoz6hYxnt?GQns4({B5_C42?pJ#qTUx~bxroFq+~Ki zF|%X%MQ&2?pw|$XzOKx~o#QyR8Qjt)?#+hWFki4Ig&Q-YP(e!6M_6oYdBEo z+`b9_jjY^c_A?;?9q*H9f%{lY&lIbBS{XJ!S3DMxxxriZ57gHGyCxNqfs|+Ol4$DT z#}jSbK6x4P)ti{?ZPh=^pb9a+f9mq){|Mna)GkNB0OeS@ss0&qm~D2I#Im_nG9xsO zZl9MmGf@wJjR%JtCUya{n6diSlA~Inz ztU&a$2u_R(%rz=QY)8SPIr2#Z5`H8_j%luwS^F4Xm2s1CqWO}ip;a?fqp9Mo823Za zWqD+8`>;QcJ#|4@+cppwx>Yaf>p7JOXC1&8^;i;pC9}S}v2ECSlMUl;6>2!JC1eOx znh@YI4qoWsNxM53;qsI0hfexM{!JwWLT5-*byVlI`vHu-7Z@;B3Y``ZGA43yoHyK) zt8gfRS*R+HlN0K{D%E8p4@?kWP@F5sez=2E4kQ0J9c4c!9lmY|gFVNX82;QgxJuK` z(4ycYzxPb&2h(gT1^rw%K5fX2pM}@ zi>8d#K|9uQ*SW|igh6`GX!n4PF<-TwfNOPjvR;7H*f12#(n{iaq{hr6h)uMsKa{6{ zq0PY1YDrG>3B68d)}mrPdfv~G+XU}2W_(atb!?u3J?Sp6(&{s33yz^ z$xhZi$B5Xsw`yKW8{ZKCi6ex!>EbS;cF`E&Cb9v*^yGG@-CCj)>AaEplY7_0_hl&e zGElv1yeElB{mRHXP%5&3kp&o81@9R+mUD70T_!NmDC1_EV};IO_!!_$mknsXbV!oN z74w&%`*R*zkJv>@{3+}9`NiJWz8ZPes4ATSC5X& z5OAqw%FJ-`Gt;gkp;AmNm{&3`nbjZO`nybZ5x@DBH!5<(~`@#FrwIaRqsuHlaKy(XsEmH1b3nam;!)|4- z5)>*R#Y6rN8dM7kGpZOK1je%FLH6;pHvaXH3A?G6x_du{Z8>GXr?w!N6AR}hu|lwj zUL-d#vNoPF*&E(bTL9~(-Zottw&ucU7-To6F9~Suq2t;0_dw|;P+d+~d;+{E z?{3s6fG$FjI6=na;w}SbjQS9Y(Ieqr=X+lMLtgOU1xTbfFOU$@L)zf3+iy;?YY}i) zl@b|9;tv-Di$KPKDUF9-UDr^-BDmGJmF%%l)#kV z+&H&^1RrQ}x0O9JwM>D9N}7_;rTJ-cEc_y99ft3CG*<_iLNqri@$4=oy-jXd)sx&) zE{@=F<3UY3`u&`Z97iwUv%c}ek$OeIo)-T?Q?JvQpgX1`#X?c7P#C)*8 z%|$#S9#>Kb-R+~#OydO)VEDuaQZPM)w?K;GBH9>?5kh%HK-eu%Xi__n$WQa-ahz88 zS2@AGB#RMNYGqRHQGca!X8+f<=sVGPI`aKvm864w(i&&gYtzqTD+DKQRNTsI% zZp}L&^!%GML6D?7kZZ6|6)ns+0>#|cy9LLwj_hM--l{eZG_vr<{Q&JKB{_*c3hY1u3{60dDU$%A$vK0 z$>sQ-T%(As1cu+>l)Uz*%l-wx+)Va1&z=JbU^HF2iwZgdp?-06pf+^n?dW;Y&(#%+ zuT&Q2`~4seiL7YJ?+SKynl^pj`{$xVYTfHcV4Odc=|CZJxbzb+Qv;)|ZB1}dRsml0 z%yw$To}^lFxlG2(hU_JM+B1f~=8jZYRd|k67w{;TobvP4R`ENlrq_>$u|nWH3~Iy) zYNQ1{&ONh9E3a7@+LFMLrH|Hk3-MsyTO$utN*`RxADh%aADm#WLc`+joz z_))Cj@-4>kLHW5D_S4PJoo;hg4cW(T>~U(3b*bdplb_KD9vni-j(de4uU8vRz4+QD z`lTdc!kdR1qY*e(*2Fj5MW!n)^zon@lo7(4)vYt0>e0Kc!fe%9cxYxk1 ztCfOt<3ICeg!jrftwjE{#5kL$?5jn%J+7)pg9g|UE2Y-iSLYTZFEQ0dR-IgR8v4rJ z=Bg|l$K}I4lwfc+vFFd7%~*j%)BPtm4%OFzht*nV`7NkdqvyQ zq(>Z&ah3A(B|)>3JcIGj&VGFMjsLe>y83qN^bLEyPr9Ff5J(`KM zcCi~CP%-^_vA6WNHMLl1?m9oG{pZ@rZ$EENrj)i|U>4%i2XEW<5;t|c#4qm3I{(GV z>q6nsozIIJ9dOSuoakegDfLT^i7ia0arpk&XF=GZ_-#_3Su_yUVXJmGlsaN8SKYSU zm_V(-jo+h=4}M<`UmvK{8CfiK+cb_8XzJTaOUC-%)i2%6OVufRyI3wmD&^fNh(l|( zTK$(V;(fLE#jRGmxhE~4u_>uU=2|LJ*qpIlRp`v;n~HWw?qPv~Hy*@|Jxn&8hOgN9KRk;~PiJ4?hug+>-9d%E3*|djE@7 z^|Qw3bNk7&7Ha#_Lk0~!;IE>|RQXid!Csn#QL+8>r0iUA#G+W>I%VlS=@YB=Y`jlT zki&X^Y#|-{u3WToCp}AJC%Xh;<_gb#i-s_HHR2EAvY~YTs`+Y4{p@sM$;z(DiLp=X zmMIVNG@!ck5SO8O2HIJsCnSgzy5ChEywegZB{JvR7>g15TYfJgAn;*8lyaGPTG9NDkCdcOQnj2dx=y-UqNPku#- z^x|Q-?9q=PsWX+iTE;wAQ|VS$$Uoqx+s0>YlCMvOf0f)F?*<641arT`y%u6tvI+w z35ny7Gn#OKQ4dmq)cdE%tVRVDt-w8NIE^)t`oS=J%N zsMwRw@`Rue+-e;FErh79(v~ZZ7wYK(8X^!FL|lfS+~i!xIis$q>C}A5#7RB2)UoZp zIdPAOv(3oJRwKQvRmB_SvP_RpwTDx9KbLTA@OHHB)L@S~QYvs17}Wh&8+PD_MrPxp z{-vL;Jc(lZd8t?-%|+?si#g&7D4qaxcrIAq4`bz=dGEDP8Ez8Kvx%1aqP(T*ZT{Ok zIw5#jx6;XFhvDknmbeG+`$T@9Zk3um{ev;lb zbJJNOQYz^Kyq+ zqSVH~cC+s@eKoCdphjYtw#0>9jn`sNZu(W&eR*ZwvdkYH#!lwM4jnxo?ZD zzb&-Xw4JucvvNj6drf&;I0c+P)AXT;ci~9^+mX_fb2B#9WY%O(tny^e`WD7@oUg!M z4(F&Os;mqfua6Jnf9!4smjQt+w|89`>f&7~2VsOBZn6uG+z_6gb*qBuf#7dNzY(3= z;E!9AM*K>#Fvh(vAY9zx1P}pUVhY3 z5B2*@Fjj-xTaejDzFj%x#MI&Mx}+O=WPNke`$gLqzi=VQ2~67*TbO$9k(x|j|O zH_V1F;;ZAHes0YwDHRrTWciB-{pL0gg=U`TzHJZ7^ zxH0C5(Mu<>6z8dEw(~N_X1%`^!{XxF!|%E%4ki`bUe-W~6aJJeqj$cjkaS#s{7f@L zKcOn(ld-qVZfITNY3A1tJZni6d|^t;klzf6xT%Q^!_)T9FRmc|bZ4pQj<+vY#1ogG zMZ=s|#k?e4wC(FWC@o5|Gx?4p*yLV@G*$UoMyE=_APZKC(~bgz9zz>%&XB&dA9F)Z?3kJcupV-YbGa8Z1JD0 zQUvXjlKxf9BkcoJw7HvWiXp*?vd<3Iz%egPoI(NjG-iF9c@Nm{ok^^LYcS% zHkO#H=^QE7H2=6L5*6qd8CjWApp??LH&93s9i7B^&Yw(on~=Qu%6}cVvz^84pqo_v zn$=`xF$`iUtfM$&m%RNSjfp$`yKO;*$Nz+)+}LYD_H5V^KrUC%ABYwx&dk4EU`W3 z^fz2Fi`@3oEYkHTj$8Q5x}P@{T(amSFlSqCtG+z>;X0_r(02*7OZ7>!+-%D>G9E#XMz4}jMZ^^8uNU%&uZ|Lm)X?rD+<)M z%2Rulfc0{ESGX3Q7{##8_U!r6&{y7qt@kpr6786#MSx3z7KGO^oPvQXG_*g+dCUVp zn%SpTzCVePwpBhp20A4fH~X4O`DzE5{wl;ux&|1lCiUS@DNs19%4~a(#fK^BcHZo1 z@RzIDC?=C00^Nt4AZ6w@C|YW1>#aD??^dF2g^x45T*hfmPgGgK=}k_R^OIL`YtMqIJ^R#uxUTh5@)%hIPIj_fzU0gr z0ySE4lmu(4^Uk4|wVfqVwdc(wpt)F#nfoID6$sG~>B#@O+4GL#Gegla$ z8``XAZfv2x_3z^hXfWT*@Ac-WBkBPU>9bTvx~vm?e6;X0vi}mev=Vh$Oc6TEav>m= zeET*ZaFCte>?i9&>(o8CUhwwM-1v%A<=M7v1cn6!$KnVr^8$fGCo(f{tQNF;Yx#P{ zvn+VL;E7=BrxQvaj*4PK`w0PwXJ!fKw|s=pbaIXjM$0kJg#9&b?N&s+Qo|^i*g6AO)L8rnHl;WLxW z%-JVCP;*Q!-?n@`;ORuaNS!*}Nk|OpO?NO>?=n31tc(4K1erTxgt&!zu2L{T=$L6* zD8c93nmWDLm=zw}AY)t3OtV0#HtNIVstiLq_u-JQz8f}F5JD{UYr22P0-WAu5Ng@c1mE zo>94>QUR|37YR17QUjgu`4N>9L^3W6ZPZ!#RcFj)wO!a`?^CzP|-Rrwvk0P@+ zfz)r&(g8jeInx>=b)CcN#|g7&4+Bv=o)@|-F<-~NMuGYfqofY44)Mlp+*jl)e8MT5 z6=yhF-1+>n>4D;{tjle$B?2BYktwrVcB(Iae0}-+mF;kKG<1j%Kn6qWVqm*b0uJGm zRolS_Cl~6FP?7&4@YRp*ZJsIv$@CN*sm>&7LPc<*nSoRS7uFgc(QUC(iExP$D&Pez z+>J5SV_)lr?)yv0jZ=&uM}Aj@C7OLM+~*A3uygZ`{B$oTvX+_o+{4@(J{L|2(C_2K zxJj(gkV*{_|DEVYFo7>WptX=(G`-_UqGaG^`1*rf44s_#t{+BlvcmGJ{dy*j*BY08 zzBl@PVBj?TF(TY5iK~^0m0itpBShanbKd9*v)*OXy7vo59e01Ya$kt1>lFVSi(e7` zxtJ(w8f^vfp)7O2Nv(>CRgOEHANZFQtZ=P{LmQX9wX?0kKhE9)%Rj6N5$Ng;+9VX>BMTp(#Bu1G=Hc}V zRN&?(0qmP9jt$tk`kplsKi*G}?!;!ENBTqP+uf|j&A_m0olF>oBn0&I*f&N_M(+0+}SIa`lOR zf6184FZJE(#Q*tG`CVyKI54uSCNlW4W@j0{J`lU?N7!MfcAYZ1Vb=I1LPb z;T+QvIlHWzAYXW9d-&`RpM6DBJ3Ed{%#TzMs)mPzR@)F;C^8W+W_qF0>r8d_4+E zB%2WS%=^xsxV$=XG94uJL3EWA3W%L7_)|x-g-WGwuUtN#9zHX;f!ZOmp4<5H?cS1; zPC64h9=KLdYVp+Q^uU?YF_qM7v$L%xnXyKF`*kb6AF-P~Xr_28SbUx~37OarNh1j9#&+;3Eb+bqGsTf_<-B<0`y z``9uR^7~Mv+gLZdovAy%{sMseVPv1{dcNv_vD=L@E4Uc=03Qu*6j6vRdt2kJn3>?P zdX}$VtZAZNzOp5U$>5UCQOLNt@3Ap1ZzEG*jLVLDGC8we`TICH%|WTk`yFz?(udc~ zmYCxWTJzjF=h(P7Oog{7G#B=G?Ht}T1f|NCxkiDuke>&hzqN2FgPe~f$j|DP2Hxt| z>oFQcl2KK4D~||@z;5n*_MhySY@{j673BK6ulu@5Dak0Hob;lyu<$yr!Ys}WDR&uH zj}ti0dCfIeWS)d10$r)y;NrfAsjkLy`e5C6elw9>LzSPV1YIFi(K)%Dj4c=H&iZ>z zmt5;%N$$;GDd?ra`WiN%>*lpvNrZrvL;s7bw+x6f>ehy5 z$U#s_LXlJfrBzB=L6DNTX@*V#K@pS&1!*Zs=@gKVkdzJu>F#$8KF>Ml`{tK2 zu;<=uue{c^_CVjSpoDm-xjb~^J0cH!y4+KSHE$Z_CE|)K_WZI%L}^CVt*yonC; zOv2pMj`5vYFR}N5IO+J<&nxEvi4r9ezy#H&Pd#7PKb$InZNtKJH*)3*Y1oAn(B3s| zS-F>wds?Ogp~vRFz3|J=fk6Lp)Np$VxtrlT{q79e`t_O0h~M_$fw#96@DZE;Im@je41)5L=G7mo{>QES zRh5f%Z60^+bKM!XZ+Ye9JrZcWq;1m)x+pzJggKQ1=p0(zz{Mw$_()R^q{Is)RrbsQ zU{XEwpA&nCwL0^aEHVfO_!__F-(?W)xedh>r@I*KfdI}2ETr7p1{2P8@gDLKs)DPK z(>(IhDjj%%i$z@iPX*ibh@W{NcS>Bn_{HFGoje^4tS^oO#!BlhR8p(-HAF8^^nygy z@1k&tYyl&$t8_>#l#F+Zm5J}G={jaIb82>F! z41Et%8zz7vfo(G`_}O59gYYDgFZoXe6!^d-Xs{zn?GV8OnN_N5AvGDqd+4!nEFV7? za04`&j(KRrjmP@#^4}^SzwiL~XOD;csjsa;nF3#_5|iAdu*-UPYtFWpWqPZwj8aOAr7Eo+2iS$C0S*c6c{UFZ2Vo zdDf0;XMXR|h?|r){mTymKZ+P~XI|))KKZ4Wzew`#rN@=v9bA(42nn$SBGBX!Fb;S1 zj}bBt!#Q}5dzO&=pMKKY_Ze2u)grn#pNiW8vF!d8Ak3xbItx37ruC%~H{8}n{SGX7 zWRpd%LQ4b?`8LlftuZ}AB(iE3K2B};$gK~>9(bCY@SRv9wWd8 zm`~}Wd1VFt!$O+UrgSdUJYodj2j6# zhx=C?7wcetgw$QTlKv=R#?*+bY`eq~RQy(0VgdC{c@3+z^OiJ!!M$|77|6?EUxycS?gdi;E$ z!js!c4WBw906%l#BWz({{&K>0jf=H%`d!S?R%uw8V8mql+0`aPM2lGWK9`K078L)IYU1WlN(xkGg$ zbSyUMsJ*@Je$&8+-+Fv2HsE?Gz+CZF^A-55{R8OU?Qop|V*@W3q~KcUQ(UE5TH>dG z5<&v&vtFJTSCtI7ZTute32{?b_j+2ROg9cc9C^Rd*WK>x{Oq4a6e;gPGqIPc= z`!)D11O@7rs@h{4(W1Ps+lK7OCtT156}(+Ku*DS6eC%DRK4xR27#O+Oxm}!T%-Cn> zp!0f?NmZ>N^V_H2a|*wx&WInvQ`#l5w${oNj6*Ms&wnj@rMWkG*8HwRWQs@T&j8gz ztFOjebW^;(G|p4q?nz7Ez;um6h*f{Rj~5`=QH)z}WmA*x-rr;Ni;xs;2>ej;=v)WW z0rm}X4dd-p0sp9rSpIScDZB3g4lAc^D88A3CDApeJ&dsgV8E0P4DohPd#daFV(I+j z@~VddzvjBt{VN&fIDGM}zG8#rEKRc-M-~eeXoj7g95q^D3Eut_b0b|tpbEJoiGaIN zgIO$|A3Yz}S{kRFW-HnPvfhx}@-gOe6pB$M+(`DrfpB#%*n5(ObeM*+HDCoftr$yUP2z zF5iJ)3YeBAGM$P)Ge$4CX?^l)#g&EIp)l{{{Fxt*AJUdoz6M#=521-9~}(tY(jM1 z(|XzYQ(X23;(wRjzztr0ppTF7DKv(oBGfmLzQPq1MI6U1zi$r;gBb5wxmmPNdkX7t ztbDCmSI}{s%#(VTk;jVtBqe@1^F^7=kQtIb;dstmCkFmsbbTtTe?WV1f91nb32R_M2bjxfK;%rq=(P+rov5?g&Y8|~y9giFV-~B6s*?0U-YWEy zg8pl+VP_l?ZU!uz*c&ces&F+@4=WaGvAd~uDjulD6$ppIUPqplk`YY_j?K7)Z8BjDpBm|Vqz?Y% zjn|fv28Z5AuCW%B5Jg!M#pU#BPl+qKG7Jvw;0%e-Bs;248KKmI*yu92I^l2nvWoRj z5=rFvnpa`ll_&)iw3pf4jkhp7E1w??3}TodE-iQPMso!1r?}54aM14 z*xO*8@@X_@7kHrd;oW`S*5HS1^{(63FTWofcq3H^F1WiaCFR zD4=+HQBuCDeVG$hAZMTs{7v{K+q&6^^jJPa&;x~Va_X<^aix33;x%Yhiiy}`J zZYRdbA&#yGbm-E&w*Bs|?+sSO1o;urXV@U354_k$h92^i)cgVXO(yh@Uop&0m`c+7 z2gYu;P*z{d7JMMgpLMsrr(zem7Wq#c;#fGYqzwAtqJ^_^V@!dj(PriUg-idTT@JIV|@+x zFNal+-Z+<9%s>&8@`BN-YM5LVU_($z_LWvZ4CTJ&M3j{&Xc>eV5q`atBc-J7M@)k1 zMy}zU5r6elR2aV9*Wmc2Jq$^j6ZQh(AI**RdXwLW-*1vWdrIN+mv^M54!k55&Yfj- z7sLgojoabw_hkJ%FF=3i;mvmBS`UCwdS-4``VEDraPzWwWW+~s-37^&#uADbPthNC zooJZ^R^5W36*enpteEB5uRhUBB!qf{u8g1mo%Q%Kg6;cqm! z@AZi^A-t8T()2EZ4*GK#c5eTR$BGQfH%Vr97>iQ>%LQmWPdTIs{jxHhK`r(tYQ`m1 zzirbv_`skWu_2B{e&I@yUNN>6FyJ?W&|>j>nQ(FQKoyT3*Sm4grOxioZpcGhGCV-q z=%Kda_*3h{mScRpGqWnhKKX)-33?`l&CLJZFUW6>%0|CV;<=vq1QD81C-?$Gj2{jP z{Gbl)c8SB)E8R8R`kK_U&}tmL>^9L{FT+8&h^YH2(vot4w7))m2G|`xE1ngGSUuOP z`>d%q2J&~5dQbIA-K~df=qR zZ%SNP)1l!Y+#w(y%jqc9OBcWQQAvG@BstdL`A4)5rsT$ig=S~NnatbSCCx8rk9HmO zf=yxXuL7fP;v3(hm=1+h zKhD-_Jxv*4qk!WlSu*55dseZti4kiTyBpW<6CYwtFp5Xw^Q$|h;{Oouk3Tdn$(?9Q z;@zU*zs&UL^ebijKO5b;`_D$>Y|T}KuG`Wo&vvTs`a_+I2sT-De1~CK=5dg9^el*Q zy8sk*NyxUt*CvbQfS$%Y%icUHh88fZ&(J|h1a$kX&Q8(Oes_s0as#61jSh&0mOAo3^X>1O{nmMWL`?kNO+-$6hLit9h%1{4gA~*P~ zTq;?_N#wWQWUdgd6QN0UwvmV=!*TLRN>6V91x=JXd|^Ik+Dwm0Uzz^Dz{^0(W)`S6tOzN*`h!m=s_tFVV5L+(lAMZg)_XyfHzi~=M~-7^tFcbI7zhcNv~H~-VR}t9ZQJPZ2PdINN_GzojJ5J+LA}@0gKoO;bv_SfM!$n>PcSYaH@*VPSEcy-L)OJ z8}P}f!pvLfhLyQp^_X$?wbFqifREA)lce|kfCTOa=We0!-m7ME@R1IDNvT{PgfftZ zcbgKvi!h~3!gga-7=9j2H7thUx-FMQGIIg(8_Aa^;@{Uo|0lL$h8t+xa*gYE`x$-v7LG!*4(f_ebX+D)s;T*F z2rTWya=~c;XCduC98YP&YWmO3wE?^ZOIgVaZ=dTSNCp|_pEcC1qk6HE2}oYZ6Jk51 zyGh9p(EJ58)xxS;9cG?qN3X0377KQ~g5X5|&!2q+TA!dfqt!rVP)oUP>qS?^UO^gp zo!9d--dAmi{RL$0EbYDVi5O`4`OSAOv^cXT#ZOLfEm#Um>fLvKg56ZID$*sw#E^I7?GC%< z0JXKdN&It{?#;wGQr7+NpGSn9VHpSpL9kiTxA((Y{`#g-N*kPaBGpO1j;LvbsDkN# zOxi&6S1aGBxrDBAP3!31cycP)zKMR#Y6jw=m= zLzZ#9)LL1hUPjy8LmS89Aij=(udDx&6Eo7+1GMXmOp1GQES%hY8!QSV`$JL5_?*@+ zfIT6+`Wg@iOU)+xE*oS8#`R@YK=;M>2Sa zxyyHnNXBa@Q2yVi3tJH$61Z5u`LE;N2J%7Kje0g=M7P6N-LO%1Dr?3&7!0EN`Q?}$ z+#aN6H1{X|#)VgMNL*&MgkMqmo4cJUMh~NFkf1if8 z`AUmw=g)-bk_`ybboZ~7PYtqS5bZ%Vu#8)i#d7^3LdYWdKs zQ;-M~?NS{^^Kq9j&Z!-Uv?FE2tU*`P$mNG{rB$CdTs~l`T;dkjE^|LIfr21}ZU@&X z1q-<~n$z!)d?76cmp%YrpCwO?zMz~w27wH^wH5xs5(;`HsSHdwwF&gpTMHv38LX*) zz8mZkD7uQIV+1Lh)@NgDQr1D5H>vQ?S3Azd4!+VCpp@O1a-#)81G*RT0`{~?4uswE z6->VXN<~*XyqXUI$Spk)I}7)#)&*bKz5UEe4#WW?`Ik!ZXmGa$t*Q(Ec>Lk6>C7d! z$28zshjv_dcz`{<$-PEFfl4`jMce3Prh&l!A+_z(AZh(*gz8MU&3?yA39i$I{?}H} zq}AUiZzFmV&`IdAtJ7yY2c+P57aBwNaL)G?AufE{Uc{!{ZCo^O9Go{1mYiU1Z-M!N z&XRk*HQqIs4$xD^c*#g_ld+Ww4a*hsZU|X*De@}mcDmU2OE;@zhxpmM8|yy8)CYC;mmi(T=z$_xoAPtS zbp~H_(F}#C%kob{54+Oev%jBh1doB9uHh)_%LLM+bmo8;`uNuh?EVD5kwA`ZkdybVLVCbf5)3gb*hFn&Iq{Vm~PLTEG zM`(#5&JW!dUWVu{QD%izBM*rr$ z%Z^%j0N>>s8o39-K6vQ^=Z}f?(OL~@4noctN$1K0F7YyNd9+rGA=$jMJ8iPJp zGkTeOn&-5u36LfwGTv)Ys)4~W6-(p%{ReVQe#K-$=k4N@(!)3F&(5p}F6bDazVl@o znuNtffg{+~vN|HOH6fw}*w5;({hxT^t0qwEqXUiAUN`ecNkKk9{{Q9|A}r^YEVE1e zg;NQe@X<8=+YjFDsJtweZY4-pek>ENd~ znT-te+{4kN6lW2Ij-9rfh1<9Aj2wLJ1tn<2e*?qyXq_fFJcbm79Zb(9p~CH~fP-$= zY&~xLr)p}YV3?j+fCZLd82Z}>gQ>)pa`GjT7lx2DOX{{YL<7*}aImL8YO= z4h=v!5#0c|M2td}mPdU*SihQj&_;p_>Pzm6f+d`+pmQ)=r0FFDP_N)S!y^4R#9;hT z;X8JjwudYUvlOVq^196Pzf07mkn>dr^e@eme z29!b{h4-V2OhCY4`z(TD!x;o2kXG4}IJJ-jv2SD&l8Upvx^1qbZzuNoUw$?t*C(6y zCNm$p7f313&yMoJZJI=q4C08t4QKO*lf$4BQ`2%(o}57I)Zl20DJEy~esEj~G{3K2 zt{8If=3l_%Xc=gvFcI~}hC`kMAMCO~{-_jEeksLS_2#B&b#a}y2~co>KmA^@3HpGUF#$+eSFvT6t>r3a8LiJWn1F;? zhKnDPsk;sny$qJTSd3T#nO|W@-`-rOpdLe6h)#g|3Zt7fM(h5^p3gBZl{#>``B~|? z!(LPm3S?uA%i?1N8q(~`tn)ShLF9~9vpa0cPY}GqaJ7LMCV8EINGUsA0Sz%hykxwG z|4B8*$ZI~OOKM}`)bU|vWOs2aK~K0ir)Pl{w&nm?9YekJm#a+o5$;-`t)a3(KQQ*v z88LpJeh7JMuq$ZEQTBDM5hhMuW-+7EjK&&7OkDd*6BEf$Kmh=XdjB<+?fdKKCI%SB z`kTwS=@z%XHXL~lxHl!DVlcgg5m3p01%!c@5{w^N(=Hd-d&XdI7{C<4f`L98fI`yM zX;FN`E;&*)Mxz#FISO1Srl&6ncqEz6zsg@2Qho? zjBFA_xBh2341m^y0O(5_nv&ntXs_*6u)aKfs@4%&q`6b$l|+KHoO@ACy>L=sU?&Fj zwbYF#T^ z##UFYW4vaY?LMM=W66!D=9_CK`%2KjfaGUx8R37aiSq2~dj~$w-NV)_aT2Y$VFH(z z1vcv7U-F=Z0JVl!zs)PUES9%ou%bH*8vlCA{97v?n-Od86Q=)3Tz!kf7x&EGzLlh0 zj)DD}@st0nD1BheZZIt$)}07Y!>c2Qd8-X!BFklb$(ZzxFEqcAOue^+xw;}v%H3r8z1$PJ)oO?FKx|fM9@OEMrfh!=O6;PVxk3P%;X|}34xT!AP;j{IBR#0Jw)FD zmJ>hzY;TFBOaT-qQ_*AS42TxpcR>+Umo@ zYx%w1Uk@j4Sp6JaILHWZ`+l6f#L3609GtRs>^E(N7F%rORv#mN?CmXCh;do@@0q+> z6N=ZXAK4hv6QddE)ZzPw{D+^F9)Pqt14T&`(@NQ&{uya0I4ZKCwgyI4dWn|dx-ijS z*s9+4EShgiLZ4)X>iWtA-O2vRyC+D$X^Bfq^7y~o_BJF!%*mha^+uoxh_6xZVrO?O zlpbrPPO#mTFaJN<`>pMU7>QW5FJ)C2>fZ|Esbz-$& zm6LxFwN(HPg2E(%!9!tqvQuzpU&shMeBT&mYOL131*!-S(jGtf-&F25)P8?$RsM8# zkS`O7I;>uyWb~zbJouT=>KJcnMLdu2+-6cFra-|v?wg#y5p8|Sy=8|;Q3d*+M{vK} zDEr%{z5yWCL}92Wic1`?_cRwKIkn>q*s6=S`_?_^72{HD$nyj1RbxT{D4m#r^)vr%^a7{(i zYsWp79DdDyvWUy6I%=u4f9pxNxlu2O-U(Y>O-Ix-4764y0CFZ2ahhCx`1I9`z%JgH zz2G|+YjNQ%TomV}AC&DcC@A7DWLgrc++!5Fcg-ZIJrnf;?*?gEWNdw^Ve#VC&;XPg zx`VJlbRF;2H@3;AlDq94s$2z#d3pI=pq1>YzX@sn`+e)huFd$<;U%JF+Jrl**tOiw zS>qj)T2wgQi_N#_@i+lD^y-wHaxS6ALEPOmoF$iv8rvXJwI8ogVJ4i|w+)Y8(3q-C zc8F1>Z>jxRvrglOXJl(qvDA3H-0F_cl5eG?mPOEYG*Rsrm49KktaWJm^CP*;tDni; ze}v7Cdlb*P7B3`iREb{1!RDOezo5HA*BXR{FdH3RtMlNab#RrrPSXLHfR*d8p_l?E z6sv~OCl6rQ{OzLf%#4w##6a94jf2%p;J}qr_=t>k+}l&gdzQC*cUlUTs(=fPcn4WT zMS0d{%FYZzeCYu_T|uNO223}^;tOGvcz;1k=& zGMamPULa&*ReuY4a9weua@H(~MCu-L_sAO6`t>?=RRn)%q1zVFePGFNTkUO(ge9 zO|N(LsQ6a=n&LGP)lTYdtPv;1K|S~|{C9Xn#GLNi>DL`2WL>~T3cBFy3pXG-St+6c zD9OJ?KvE}=csOE(g%3~K?eDBH^Kq}`$Qk}K(fX1?K7gRtAFte-S=hEZr>rdi9cnB} zq#cK-5B_f2=dShjVOew`)?|WAjxdSkBZ{0|X=|d7nQJO^m?%-p*)w(G^k?vW3R8OJ z?~+3pjz51SctTC;C;|gsLz5ZG!AU z1iCGz#Tn`N=L`j0*}8a2tA;zTqn*lYj|*n}%tW?JppHg+rtXA%>VV0XfKC?>^&8hiH zalX;}^h@$_rlrX(rNb0{SfPtpPXlm&i_^mcTctnZ^+)^Ap-94%i!W`RVz!fzJ+$Wi zX0!RS`Hvo7Y1b;N*90_$&GzB-0y>K$R(wUEgDYA0#0keEkd1ox0^t-oy{f`|e3`Y^ z%t<*>BDHc~H;#(-PN{r+ay}#7)>Pqxh72Xw(uI=-eAM8RdOY}!pIhwy&LL^=8uVmG zJQ_*v{zQCE^bTKId;j4z=hew3Ed5waIe%O!PVx4>YHXlViQRJcJ@I#p0|D)h^sp9*T;AzUj+Me83|9G zWVu6D2mWi|eX0b&7J2Jz{?{;+C8hg`Z|xEF1U!z2$R>#lA(j`!4?t2EGYj{aUYG7( z#LZ^-OSm=5e_<;#dSvjj_ohVy_8=RI7$<6s30fUmx^ycx`R-T4Pc)jiB5>d_FDSrkG7Ijxo9)`RT-7;AQNT`e^$98?rQFphlua~~r=T{CxmX%meTVBXUD zGk-$eT1!e6r1$g1XJTqP)O@29*$%Geb#aB@eaiy@|Fyx92yAiOIH}4!mx=uL@%lD3 z)D)V<)eZ+`7Fxz}EA^Urp|%nC6CK^JnwJm>-J#TU)OX+C_^UbI@eC>&SxIh=sl?oat|Be7ZAKNw3apLq-@ z{>>h<94A(AUsvofk|1lz%3m+k2y**#1^H;Cn^l_-Z61aVX zx-1{GTdkRc(6i9lwus`Mi&#{Iq&r4Not?6*A)4%i)M3h8gVwnU_I-CR)(OSAPbbI8 zaKzG58cb|J{+~zAz^Xz-I{VfVN8h1yRLCo?`_n%fig{uCjJN*?gMf_N~WUuf(T zbn0w1w`E|~+yQ}{G223&`$m*IIDVr!SJDYiyq1hXjJ&=+|GE>siIX{|N4#5>Z+dVv zd*)%qm*6O=+)d!3k69Z<$H~xrOY_$!gR=H#k^E0i?d^C)vJ&AEjz?}6K2l4DMS!u% zQIy0MqcVFyv|R)0--9}?{v~_?Y-6l@IEZ0o$H|K_T~v@YmzF!5+=C=wz$u*In&L}S z$zwYBQ;@cg@d*8~x=Bg7@prYrd1bv`j5--V(SP zbi$6{I9#;#a<@p)Kaz4)cY&JU;?19|>FcKsgY(*=?Qf5|D+7F&m$ooiGNsl(|G zR0+`~{xUiJKZdC6Ag!`X*}~c3AP|V!xeX+Og&$uGD%>EZ>Nh>?EOv_(F2+hEWysVf zXL{fLiP;vh@2VF($pNm;4BU4dcl+3n?}3=p;CfV9#%&HdF|1o_hrM#!ir0tK<G)*6agK)`?=Ik}T=T`x zZ~xXFSS4j(>kRzv936;~we9#99cTSW8XiVpnTT_d6u>yL?BmOaqJWE0@w_}Ape|+B zart6oY%OKa=Sf;{@^D$lUHYD!^#5`JU~wVC$9^WrHMWO%3~aoCD9cCDrkQUx|5qQm zz!bf*kEn&A4^Sr+X5wKf!$rShqveNX-{T*9vI)l%iq+BJuErI$&)staiS-5(YDpSa z<8|-8A`$0{Baz^_v3LIcYz*|qHI)?ve~>}yseHUmF-mQ=-ugSt&O>-?qK0bJ-26FW zE05s9Q5L~%iYrN5xw=VIxOh6=-+}7z(}ORu6+f)@t_)&$FCXIg^h7X($mg1i9`EZP zrs}}eDN+?P7+;sWh>fEtS1;GjJ+jV&M<2&y98=$lY~Qtq>CXd)h<#gE;T-Hla)wEj z!t{D79)i!8k>YetY$($AlQCJl(kl>S@EQFhZVJ}${zokoF5iqJIHZJI$a(~kSbPv~lDka%@`m1ZUAv&~A{RXQ=jX}~`~XiX zNM|+=!1P4_Z=SJPG)Y#oK=!zCv9s&_MIO->N~Wi(O*oogu3TZQ$(|wWUNpXJXoZ^@ zhCnXB(yPsH?Au$gh*l#ynG8}Hee(cRUxqHr&;GU2o?wvb%z@h=Hlth1hqQGbwW|uG zP z)Qa(@kA5{%Yb*0byYkv!Vf=>;!gYe|zL4n<)5jCPYlTe{BC$BxOL@!9$?&<$O^VSq zCGINiT8GT##*64TY+*|5{}Ssc3(IDZ7WUNj2PwZT_;rIiFZZ+iMPSe7R6IP&nDj2N zsfS~!hQaGzcrrt>-Dn16oxW&TG)e|VIuv=c8&m%=x@|oVP&@;4!lMEE+qRBdeN!=g z$kSOWG1pAxR`fjGl*T;OPqlVP0JrXWd#gdve!4llrAtJ1G@yt} z-EkNOuu^0JQQK72nDpXSxlTee+M#pa(UOdQrgwM{JZvhJe#b1F{6pkk{52ZH8$ zHE*QsGJ_Obkq*~>zbW0@pO4E(BkU)dzE^3JEoPPCe1 z(}QF7n&SA|2UWOba|vVnvo^FZ03r zQLs1BCHhm^YvmOx6y(%p@9ab>viNM_J~@Z=TwUfFksjz!xRLtd5W`~*l=po2az$J$ zj-=j?l-A;(3$=&~M?Snw197Olri;tN@m3#G)Z z75gXIWAVE6d!-NdVg(ZcgKiThi$k{6WJ7{_AXO zV*arI)-A$k%Z}PtPdb!BeN*ROr*qSDMnL`oY&{~Vw7M3cz#1B#ydBDkNF1S+2(H5^ zla-XSKUF{Q$&17k(0cFMc%6`Telucbh(_PAT`<7tk#Z-Odn;*m&pTQ5~G>(>g-7)l%%{ zs(bDb3r)_z0MT#D&ZCY9Q)0`_A~ZJ@tr>kG{t;K@Jxxoc{KE16?L)7Hvuuzv`w4mBHo{IW!g3#-#Evj7c2;6#@5? zdEa&%M4lPn(n6;QubS7TI0Ea~z_{6y!Yynq#{c@7Tw^=QqO5ziHlQU=L}aMPy?le# z9Y6gEK5O~;DvN0Ou90_kBXk5jjNPHk=OFF+rBlxcUtZ9d_6*n@! z%W}NFCRde=MMfqMmZ1$^BQn3vF|m|Qt`H&>;Nwbk-YoGA7r1lRJPH&y4if7nl(O+Y zTM|bWii!H`@03~)OC0xb%8a7lF&-)D1R4^Rr2G;l_L#eKvz;yUt%j@mA(A!n{5ND1 zKi`DtVN+QgRea>Q`8<1Q_%%YJQt>fejUd>k0+Nx9}skhCTR71aT1D-a`)Pjl$4F$ow@j|TALU@NBkREz^$Ai+1fmOw2tOd9Y`em%mDaUjcTW(Y zgW9)Q7BZtjBsC6!DswsemTvhweh5Tl4mG>FKcT4lzPu{o$hLjD|C&AZr0UUX?a}Q# z+@bqSDhyZdYb9~yuapzp)^27F)KYgO9k zP^fbVL>^3j6Aq1tXeNE*sNJ68Ahus)_Y9nitiwF+pWgR8_t)wwbSW6I5Z>qVa7eoB zlf0aVS=!4bNg7)}sGA|p)Wt06{iyH{UMVNJZV3}py&|v>kScN-l zsn=f0J7C}>Az$qz5n}n5Z0V119J)~mk_L^>WiA)_-4tga*ZRT*U#a;5 zE`)cn0EFpF+laZslrUc+yS4eg+zH&Dq=S(3%xz^G9X(`=d@w z;SEp_th0AyFz;BvJKKqHlOyI8HsNkFUbW7P)l&&J5X9)O^RV=$9%N9436r7sK2edXnalfvG~~^ z)Tw8}CodRY_szfZC;JGv{Fn#!8zKJphhYKda1dK27Q2}QWF8B_Pv@jiQi-{_Z`V1y2V;tFQW>A1nR$$GfUbXHVc=1@{nh z2V)9VkK2iNq5f;Fu{e9@8|KnQzmU1V`Glk@Qm`+~>)Tt*56PG^yZT1p3T4b|7L?Ju zo&bKw`|SUi3*Zpqlt4Y=^0?aUMq6uo_G1RP&kgZRGC0Kr0D8->~ zU?2E*uJBdo@LLaqQ`9kELvr?81R$6{M^bx#>RsgMFf{G#oe6>n21Dm{s7(y~Qs$(vEK7u7G zF@nuy^ytBn#nj2OqQ0Zri0LLf6~Z{XdoFB+Lq7rz*G>6OhuJIdgf2vIR&wJ}s5{qc zuvg}+NwCP!&BRY!<&>Qmp46+&WP5Bh&ToW%kSU$FAl2NxNtB-{NYUir?Dz!Dc5+-; z9*rVC8ZvUx&oxro6s&zQ;TyUiK7%KI1GGcfzsDb?d#JS8gCk@vhKF4d^?NU|4amM$j#+4!F4V+uT-G+e`!ZG0A&NM+lG1BOEWV7_FcLZRJ>2E^&S2MR%aUsp z<<)|$>6X3u@WQrd8Lmcu>1l1qGT6ng_8;ZGrCkVEa4otWCrFX|NHwN{l)t%k`oXlr zjs}nEccWhPCQmuc03%ps$e9#E7-%pGjx8fMyCTahq{mixyfZWwC+n2d)N4C@ZN6K> zcV$W4n%`3C1_S3B2Xp6OS0Tx%-3LAHg4kx7yv`4*n}L0U<5$vgo5R-acy><$346pi zIo{fgcRrs#;DS$k=mFAJ^0_O_u*H*Ri zyGcxk)MXn&d6wdNG5b2Eg*_*%o)?xSmIgJq89Esyu zZCiBwGxm3ax+_%l?Tfs=ub1alu8V$*Vc1~6qcz?2_FfB^nEb(h+UiTRlY9=| znqxw)V-Z}k=Tk$&@{(VTvd2q!$x1Y{Gwyt*MQCK*rM!of629F!TH4~IMjpxs2VoO) zD^l1F85))ID=iCtT91(o@ru|Ex>X zM@>0r$XZf~IJx(E5J$CjJr_a8H&>p5`xzgNZwI%K+?2eltDSaQkHu^Gsp3hzem!hY ztm&}x*X@&_i95TAueWuL#jl60KQ@}EoR}FE*m2aoz%NSgLDn(MXEYJT=|#6B$TdFa znsjCEZicUeOyXCK-SuQyC($SVQC=%-;tG@Rx5@xt2@8avBt_0d{XNv>@1McM==*5% z*N%PTyHX+X?s9D<@`klzs+~={p7ga2+BkcMab<7g0~W=a!jJ0R2srufMdJr-YMmpm za()mwY32HeM#9pp-^fF_doUa=)>OEE(TA(ZRTKDENwhTcEZSk8IV-An+ zXrNPC?d-saB0{IgdEh{1p$oNxEX5NC<>rlhi*g})`=y9dWcsKTDh9@xpTeK?%gEw}_Gl3j3-X>Xi=9Bz|KYL;GI9MuwQ zs*TZ!m31oO>>Df@BAblj{j+aVd9V(juhO<5AD@j~O^cJl-$`??@b7Adh37mkBi57K z^E{$4H9BR|9{jpADlM+B=UtO{E}1{UeRn6056@0kotDMxZ%*|Sq)~4)_52fBu3gq4 zm?%LE0008f%migHueA!__He31UTQNa8=2!}af8z(o$qfvKZ&N8s9oxjO~{&f@#Iex z+TWWTSo(<2$RXIpfmLOExT+znXSZeW4 z^*T{+NoyYISO`h!JD*21X$itsF%^v;r)2uwAF96YlhoAtM=v@i)Ta6*;r+FVwNFc< zxcN4NX+OTIi>vR({9-{@OCX52VrF!oZtNPN{WN%CzntGcwe;r);4jWqJ=zrRR^JxR z@O>PT`fgy8cktX3zY;Fi=dv#+To?DJAJ4ERJb`rQCIRUSnQfnwU(!{>C(k-hYxN}- z^pwcgXzUusUY0YKYaVblmEyXIN*Z^u?jNQX_2*L0QPWdBQ}%h!qPf%G;c9oYdoxU9 z!QrOa59(}^u}9$qc62|2$Xe3$L{H3~IlCmnXQ8CNuMEpcJuKa*^p#g-w0pbtBptWx}G)h1{Ytky=~b+yywjr58_d zIUXnGm)&wdq02p}yCLRfY1F&8n-z^rz~p$Up^U!Z^Dl6aGyMMXtjOW&y3^rDb+wf| z-s|(9n@_C3(VnU8~XCGI% zWbgzxPs2g%e1))A{&V_*mD|qio1s^tU`v~ja;3O|nxv9QSmtm3LHcd#QZ^G=&GUG08~DOiaRlNXj+GKR<)Ou!KVo!{Ukr@Wudn8DF3zfbvSHQX zaLTjL>3KSFPydRjyhl45U%(>YPae_01tlZ1<>Td?`6~79O<`P^hP?B0OkV622P%k9 z{m@sYAJAs~fzb&8%d8Tyw}+gjgA?D_01!@+dsY75GCFVUGpkBQDS!XWa|+qXS{7Mz=jR&il=2*`$RVv7G|;F-A0g{Vv0%ImtKAp87UsWkX;lTwv6uViG8$f+HCCCc0?` z2?jq|+m`a-baUGFBF?JjQL&k{a1vzbG+N47cb@f!M$?76gvlr7%fE_9KJA$?Wf1EM za75CBBh~B$?Lv$L=1#G@djuI5RxXuFJd3xwSfa} zeT#;xB$W7vixsw!lSEnWd*`e3a_;=(@hp(CDf%b$^uAC2W5y0*I-5)l#3Fbr*_WdX z_ol3;>7N@TUW2CQGTyhf#=;Q^iI>hHFA6`HrllA2x;PQ2=ajQ?KD&R_Gqv-CcS5c} z;esWDBXMofr?)o(E-z8jcl2j?zFN;W>y)CO)nvm7`1v%z% z@n6%UQd#cZ<~J1EF)BpyVqaoA@joa1d?Z0xf@|94OQrP0;qlg6D$)aUKlRP`ThFIg zd6B^?xYsi=-}#il7>N4JCvrlYQ*veyv7V)5I()H72hJ8rS4t{|qDOu&S@aTz=`EhH ziz~bWv5x|m#o`G77>~dn~Kjd&kqG+V)GOicWca&>u2MgqUoMa9w~+TW8p+o z?^7oqY+7BJs(J)@S}JBEHb37^*8bR>UyocS%%;cK@*RjdLy;u)Szow*%WIK$Tv6Kb z3nd@vPum&ez&9M0AT+HrPFoRqT6L@xuJ~#_W2<7YCIe1D8LXGpsw+#MAuHRbdQ5)s z3)h|?9?gNi>;V-R0bHkoNbn=6*Mws>b2W^OW0(jL`^cQtHYxQO_Y-BOr>ML=edc)O zVE{s6>VaqrONZK$gPzEOl<$J;xq?+?&icQu}(5#?`PY@P(5*fpbV zz8iTg9^E+sS%CQ}-hHnuv5Lo8FQ$HoWz_o>mUjj>U5AV5n_9Zv_UCpuQlbB?I7;3z z(vdVSFB_A5g;tdxh-37EezeoSz$pQh{qw_L=ha zB|hWSD`t|}WBCY)`g7DX%3hy}1_Zd&T#_>G&~|3&v$l~P(R#(yXA@IL^}^y_7|}c? zgG=OoOFuPc40?Z!_$G6!^7Y>}HP3p*O6pCqaRs=Lz6W9GF#eO*(^Y%C-J2IbHVRS@ z8R`(6Km_XG|E;{cSTo{99rY7##Xp%VdxeeA)+J{G=*;{i;aB^Gg$}5smGP24nnkre z$+j8m=J|!zh#-qf5lXM&y#*C$?b5ptul{SxaKH59kI56qdx=C-n=>;DZpEJ$zFvZF zrKGs=EX>*S&2*Lev}@9v7s45LLrwdIqc^IBWyW%B92F@T)DY@Ak}enhh!SrxTg`5g zG>EC4G?(QOjp1iv0F<6LfQ-}@&14;ji>+LvG|-AIXxgyMIll4r$?)#yeKd&AE2*ew zTl!(LG$D4%dA{j()kSKXqpRujn+==7ANeN}&K+!AQ{-4s8?&_;)n6tIlQs>FR{2?S zi<|%BIdB&}A7GOV{%aaitt#Fr^g7WoT94$ELe*_85A2^X3(1)u*;w4f5jM9=eT<8R z=*scu8Q**Oa&uZIY2i{{(t-;2dtNJ|dk?Sgea%MLzD}kMldg4=`G4(Q`9GA~AD_ss z5*5>QQA)@*y0(fDBC-n+!yU;Mt}O;*P?BsFLp2x`F|u66)wK-5D6&+8>>A0wOk+33 z_dM18{t4e7zOT+tkD2kD=lPt^d4IO|Ip@R;zks!fE>&;>V2&FA>_4u#FFJ9x*hb~J zmK6=PoIs5mnFLq5Sz>%O&kg0ymR7I=PjyEO=NU~EH~C+-(dTRZgfE}rn@s_(IKG$B z2`jjR6rUb-a5wP+f!BS*_~}JgY`_n@2{dchx#j zLkqIJvnVv>{BMbm@-dVQFqq~*#u9dgK7$@uX84;GE^2O|hXWkMmm#i_m_Bt7J&4R0 zr3K=xw*5ikgPAOil}^^N8+7Kk z{v@_AchxFW6j(m%-axrGXQ#!7jQQBAW3Ts=O+@A=8i_t7?5Kbaz}Vd^)Ud3pw-YQZ ztNv(bUoGuMx-?mPplu+@{-o#D63AGDx966QohzY{ino>iM3Xmfacz7{)21S}&yyK7 z015dv021!58f2MmY2s`ol%<^pC*rrqi$5iE+yRGd!GZwkp#u;{N?LZUt_qwQ20hJG z7Y$X$zqr=ElW9b%3u-GN3}+}(6uPE!@hW}Tk6%eVj*ntNFTYbyqm2B~tb_@yu>~uW zKV7w$|IxQ4)0vpO9eZyU!C>$JBmJ`%>$a{lPx~f18+dWnK3L&8aR&~dIL81|!5bWU zJC#5^%p4w(jA_2O(sH71BsICMU(49!)+7C8g1EF^#{5GKFymTgBu?Nr$3VWu%<$N{ zZSjhcV0;j&-u|MbjAJxFJG>w3=?3%3YY;Npz0TwhV91p9;b&BcBVd>+nn-<#0$G(? zNNFc@AUn3g#6i{JZsjqc+7VZgBA_&$YyNI7nby-#dmblyTi+&=< zb}WF{GbQXnj%}UAZpep<$V+07&-sl>bO-={*n%4jU^9jpj-B;Vt6MH)Z0UP z8A&>>YwLFzUO?0Jj2uI7MX>?m3cUtYv*tH@HqYGXv?!8Js=XSZo`zfwswRH&@J^n{ z&|=NfbpH|Ws>kNdBeLoU`Y3+j9w$svQH9z{XF5*?=yi}K1&~MosyZCuW-1V4TFf12 zg?buH&0T4_vx~ggsLs&PLxOZ+j(geC_VT?rUa%VbsIYKOTKiVGc_R7 z=|wb$W2@{cS@A-`hf?8|&@l7bEe%65B4=0y^1QuuCI9<{B_E`1`MR`#LR}GHJKgfswwYwt}4c*fbJ8(CQM^ z$&s~I+{h1W1VI{<3LG0?NhD2rTi|l^kg>H@uQs6EUS~KrO){zPZVlM@NKwhd;!-&BHqG_dABu3kZ)#As{oZfYM9+DosFFm@@AvV@I@D zb_1d;F;0E}$iYvs=^zNDm}MeXLE7y&)xj7n%Y_MgkcAsw?!|$#v4)KE2%E-vb-`e2 zw=~_d@zr9Q?LST@kFB`b;lOV17fgi-30!J~D(6p83WoQ9$17=Co9D%PerX))_>MB@ zSS4smjhj)t)b0JOR45rqmhyIhJ6e-tt$-_9U;jM`?4!H$<-G{7QslSz1m))<1!$`& zJ~H397e+fIM1-{9&{AhOU2R2$YgixRv|0sWG{;3{YA?DZyL=kb&V3%YHTPeUvTe8j zt@DvMdjj6c-Pfcpy?ms*bu`(QJ52`|Y86oC^GlJ`Ukn34aB}TX-a!=tW!jSNv%xgG z&$Hipp3GIcS#}dGY9%l}T)$K8p2L+5Yz~)pzum@ndqain%{jP-8P`Am{JB3ymAGb3 zujp2FwQ9lCAMNg-Q;Zc7vw(wi<;u>(9Nj!s1Y_q_2M6E7=~=ZwWXfaU4R42;t`GX1 z+VCJJQBIUCNY;B=t=fH#4gfHg&#pP4CimQK4Eq_IO&3(oj~UEW8&b!GN51iIctGPU z7Lr?g4^#8j{JDP#k_fu z8}f_qOAb=k)~a)Bke$7(wXi)nD+S7z`6)}x>JKQ0tHvxqjz!2(G*$65HkO<(x zGE-HH5oVOtJ`&wLiAJ1Vtx+GKIEM-{xs8e6F%S3$F6bURxh;7z z8n2GIANf1xMYz+!n(mQf>>}EL=7FB5w9R;=q=&Obq8AkciTzoS;X;!D?$M^VmWo8V zY#Rem)XK%`t0o7{>MWFdX&INb6ur6lR>bl4==x&`SO>g?^N z!v}!WA42VxkSe;S2N9YIuJWga@_9IC*O9$U`(=URX(blr^;?3)5lWsHmy>-75fDSol<4$N}G<; zWLH>bHb>SiXJVevw5cObAEh=C#Sw+JbgboOg;`!0NPMZ$w{R64EnbKlkJT7SMp*ma zR-LXpmQWvi4@yGgl{9;yO`&LNS=0a>J8E}~*`NKUIesJGo6Q)B<;_uK6xRfg<4|+t zBH68iu*8&!fWn{|f(9GQEYyw72C7H4R|2Zn)ekaz@|UwFRx9HDOj_SSFXQMS@S!UC z8Wh}|2m9xsgSHS&q;mZ`c)6v3DSC#!np0EyzN6zfSSna zA<9*R08Irzgfd1emN#3|@YKCW`^JY?HwK!%eC@v^8iyezkSj(_n?f3D({ zeUY$vEHx6mc1!!GPgTQTFW$Y^9X>_SxL%yRYo-V0;A+x3;8`pvJg0aGQzH)cr-1Ft z8G~?m)AyKKYIb7oYVeERkxOktElJh1g(Wx9IzV1$cA8@aMhzU5w+-yw#Y(T9byewG zH?+R9na1__>o7AeTW$|ap^P_V(SHDXI zNSGKho`xRJ0JYJGuvXIhLv7nW{Rfwv?&Yjw`(^9bo4e`<)TQXPW98nfzRa&a5&~fi z@fV6sF7NXY)U_qjR$#3L|rWZlU~8NJ6GdaMsOc>(y^^8V5D!EgE9`umbKSWQ(~dC9fQC069A_vsSJ z#87e}ETn3>Ry16a{fFt)aIBK+xfndP{jHhy1?#Iw_WJe!>x>BUk`nravmy_7x-O@? zLV)UO$4E1}0jH_(=FesWpXx-0`)R1+;dsVr!fa5P9d74$Kp`m{pVF(ui5P&MSj*Lw z=N3o}aCcNKglGeBr2>+o#vC>-1YXLsGEj&Qhsn@D)wQ-FoW=^M&S34bk??RY$gHJUbrEfm7qkl^xZRRN6i>CQrz#1WlCfdICN)(5zW z?avU5M_X8|wO6XYQhKcuTf2n!&A88%iCAx~_CTlcut(NdgE^`jK3}eM`|Ct=nYYvV zXDRoWskwVS(bA9$SDZJ!XG|L4X{?tlgg#GRc|0_>Op%30_8(pEk;PqW8TFkl{k!O4 z`LHIa0`)ba6w4K)?-J#!YM8gqwg{-E(CLi@9hTtCNk;$F%YGQA3YD}uA+H-0Lg$|M z^b@MJ=D7SkDNtxgT0LM2Umd%0UzWO9zXq86nHuTJ~Ur92kGkO{ps#qiXx4c(I*&B-UAzR_i;`Qwau%-3eD-t;2-gUJV4}7Vtto#`m zVl!;2e_c=dbM(jgW2o>8FKwu60v>9qP?l5i=Hhz2s|5Tl3p_>&sjN&7#0f5vDHxkf z8{E66Nk&q+ga&G2FDH~ec@3gUJJB@-lBT*thMc8ZPo=U|>X+cDRpj~^hJERh{XB}B z?~yQRd+%|AlhT<81is_A{}?mS&$Q72MV)bD^yV|FJlR#mfeMk4uTGUwlc)SLkZfW4 zE&r1%TP1OlLwnkK{o+t@7h0E~$H^=!6TQ(%&QbC|85-Qd4m3X-;riixGgHqd-CC?P zZgrTb?gxs=FpF5gTaiA$IHVcb3oSj-a_9MS_fyFf-dl5x{aotDotF1X!eGO94#zypYS1(ML7tgr zLUM|jgZ>3H3r$e|{@H%^52zDS|9(^m4g&sp9VMyr@27y)_w!N`$l+%LhZOv5yugb6 zXgWVBAmFbU0PH`S(63wmk|hlGONn5=W)BSZ3pQZC@DlbvH58-UmEJ$-uQ4n6=v%m;Coi_`kMq=YI{}ub)BEiTWjw?@IFjsUbODu^9$}fF~ghy`<4OGyM`> Hmze(mT4uy9 literal 0 HcmV?d00001 diff --git a/documentation/website/expansion/qintel_qsentry.json b/documentation/website/expansion/qintel_qsentry.json new file mode 100644 index 0000000..4994a62 --- /dev/null +++ b/documentation/website/expansion/qintel_qsentry.json @@ -0,0 +1,13 @@ +{ + "description": "A hover and expansion module which queries Qintel QSentry for ip reputation data", + "logo": "qintel.png", + "requirements": [ + "A Qintel API token" + ], + "input": "ip address attribute", + "ouput": "Objects containing the enriched IP, threat tags, last seen attributes and associated Autonomous System information", + "features": "This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the Qintel QSentry API to retrieve ip reputation data", + "references": [ + "https://www.qintel.com/products/qsentry/" + ] +} \ No newline at end of file From eaff5700de16a2a24c4a8f6f4a7e06f903223eba Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 24 Nov 2021 11:05:00 +0100 Subject: [PATCH 058/132] chg: [doc] updated --- documentation/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/documentation/README.md b/documentation/README.md index 4dea631..8936fbf 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -1142,6 +1142,24 @@ Module to extract freetext from a .pptx document. ----- +#### [qintel_qsentry](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/qintel_qsentry.py) + + + +A hover and expansion module which queries Qintel QSentry for ip reputation data +- **features**: +>This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the Qintel QSentry API to retrieve ip reputation data +- **input**: +>ip address attribute +- **ouput**: +>Objects containing the enriched IP, threat tags, last seen attributes and associated Autonomous System information +- **references**: +>https://www.qintel.com/products/qsentry/ +- **requirements**: +>A Qintel API token + +----- + #### [qrcode](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/qrcode.py) Module to decode QR codes. From ffe3f0680abb6c03091c70a88b91b4ce2f5b7b34 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 17 Dec 2021 13:49:14 +0100 Subject: [PATCH 059/132] chg: [requirements] lxml updated --- REQUIREMENTS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index 21e24d9..eaa495a 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -64,7 +64,7 @@ json-log-formatter==0.4.0 jsonschema==3.2.0 lark-parser==0.11.3 lief==0.11.5 -lxml==4.6.4 +lxml==4.7.1 maclookup==1.0.3 markdownify==0.5.3 maxminddb==2.0.3; python_version >= '3.6' From 578187a9f9d173ac9a86e1b161225f02f1705f90 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 17 Dec 2021 13:50:11 +0100 Subject: [PATCH 060/132] chg: [requirements] pillow updated to the latest version --- REQUIREMENTS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index eaa495a..a71ffea 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -82,7 +82,7 @@ pandas==1.1.5 passivetotal==2.5.4 pcodedmp==1.2.6 pdftotext==2.2.0 -pillow==8.3.1 +pillow==8.3.2 progressbar2==3.53.1 psutil==5.8.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pycparser==2.20; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' From f7b35ee7eb60d5bf2145fe8cefc51150ff5027a8 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 17 Dec 2021 13:50:50 +0100 Subject: [PATCH 061/132] chg: [REQUIREMENTS] aiohttp --- REQUIREMENTS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index a71ffea..d35bc49 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -14,7 +14,7 @@ -e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails -e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe git+https://github.com/SteveClement/trustar-python.git -aiohttp==3.7.4.post0 +aiohttp==3.7.4 antlr4-python3-runtime==4.8; python_version >= '3' apiosintds==1.8.3 argparse==1.4.0 From 2dbaba7053bc787ec39ba03b31bd67aa9bf1c362 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 17 Dec 2021 13:56:20 +0100 Subject: [PATCH 062/132] chg: [REQUIREMENTS] chardet issue - let installer decide --- REQUIREMENTS | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index d35bc49..187722e 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -28,7 +28,9 @@ bidict==0.21.2; python_version >= '3.6' blockchain==1.4.4 certifi==2021.5.30 cffi==1.14.6 -chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' + +#chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +chardet charset-normalizer==2.0.4; python_version >= '3' clamd==1.0.2 click-plugins==1.1.1 From eb5190049cacca80d130a1634e530d928e30230d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 17 Dec 2021 14:07:40 +0100 Subject: [PATCH 063/132] chg: [Pipefile.lock] removed --- Pipfile.lock | 1865 -------------------------------------------------- 1 file changed, 1865 deletions(-) delete mode 100644 Pipfile.lock diff --git a/Pipfile.lock b/Pipfile.lock deleted file mode 100644 index fce2898..0000000 --- a/Pipfile.lock +++ /dev/null @@ -1,1865 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "53f7c8111e3655205f3816245250a528453b48cf0ea99e2e6b7ae83902949d0c" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "aiohttp": { - "hashes": [ - "sha256:02f46fc0e3c5ac58b80d4d56eb0a7c7d97fcef69ace9326289fb9f1955e65cfe", - "sha256:0563c1b3826945eecd62186f3f5c7d31abb7391fedc893b7e2b26303b5a9f3fe", - "sha256:114b281e4d68302a324dd33abb04778e8557d88947875cbf4e842c2c01a030c5", - "sha256:14762875b22d0055f05d12abc7f7d61d5fd4fe4642ce1a249abdf8c700bf1fd8", - "sha256:15492a6368d985b76a2a5fdd2166cddfea5d24e69eefed4630cbaae5c81d89bd", - "sha256:17c073de315745a1510393a96e680d20af8e67e324f70b42accbd4cb3315c9fb", - "sha256:209b4a8ee987eccc91e2bd3ac36adee0e53a5970b8ac52c273f7f8fd4872c94c", - "sha256:230a8f7e24298dea47659251abc0fd8b3c4e38a664c59d4b89cca7f6c09c9e87", - "sha256:2e19413bf84934d651344783c9f5e22dee452e251cfd220ebadbed2d9931dbf0", - "sha256:393f389841e8f2dfc86f774ad22f00923fdee66d238af89b70ea314c4aefd290", - "sha256:3cf75f7cdc2397ed4442594b935a11ed5569961333d49b7539ea741be2cc79d5", - "sha256:3d78619672183be860b96ed96f533046ec97ca067fd46ac1f6a09cd9b7484287", - "sha256:40eced07f07a9e60e825554a31f923e8d3997cfc7fb31dbc1328c70826e04cde", - "sha256:493d3299ebe5f5a7c66b9819eacdcfbbaaf1a8e84911ddffcdc48888497afecf", - "sha256:4b302b45040890cea949ad092479e01ba25911a15e648429c7c5aae9650c67a8", - "sha256:515dfef7f869a0feb2afee66b957cc7bbe9ad0cdee45aec7fdc623f4ecd4fb16", - "sha256:547da6cacac20666422d4882cfcd51298d45f7ccb60a04ec27424d2f36ba3eaf", - "sha256:5df68496d19f849921f05f14f31bd6ef53ad4b00245da3195048c69934521809", - "sha256:64322071e046020e8797117b3658b9c2f80e3267daec409b350b6a7a05041213", - "sha256:7615dab56bb07bff74bc865307aeb89a8bfd9941d2ef9d817b9436da3a0ea54f", - "sha256:79ebfc238612123a713a457d92afb4096e2148be17df6c50fb9bf7a81c2f8013", - "sha256:7b18b97cf8ee5452fa5f4e3af95d01d84d86d32c5e2bfa260cf041749d66360b", - "sha256:932bb1ea39a54e9ea27fc9232163059a0b8855256f4052e776357ad9add6f1c9", - "sha256:a00bb73540af068ca7390e636c01cbc4f644961896fa9363154ff43fd37af2f5", - "sha256:a5ca29ee66f8343ed336816c553e82d6cade48a3ad702b9ffa6125d187e2dedb", - "sha256:af9aa9ef5ba1fd5b8c948bb11f44891968ab30356d65fd0cc6707d989cd521df", - "sha256:bb437315738aa441251214dad17428cafda9cdc9729499f1d6001748e1d432f4", - "sha256:bdb230b4943891321e06fc7def63c7aace16095be7d9cf3b1e01be2f10fba439", - "sha256:c6e9dcb4cb338d91a73f178d866d051efe7c62a7166653a91e7d9fb18274058f", - "sha256:cffe3ab27871bc3ea47df5d8f7013945712c46a3cc5a95b6bee15887f1675c22", - "sha256:d012ad7911653a906425d8473a1465caa9f8dea7fcf07b6d870397b774ea7c0f", - "sha256:d9e13b33afd39ddeb377eff2c1c4f00544e191e1d1dee5b6c51ddee8ea6f0cf5", - "sha256:e4b2b334e68b18ac9817d828ba44d8fcb391f6acb398bcc5062b14b2cbeac970", - "sha256:e54962802d4b8b18b6207d4a927032826af39395a3bd9196a5af43fc4e60b009", - "sha256:f705e12750171c0ab4ef2a3c76b9a4024a62c4103e3a55dd6f99265b9bc6fcfc", - "sha256:f881853d2643a29e643609da57b96d5f9c9b93f62429dcc1cbb413c7d07f0e1a", - "sha256:fe60131d21b31fd1a14bd43e6bb88256f69dfc3188b3a89d736d6c71ed43ec95" - ], - "index": "pypi", - "version": "==3.7.4.post0" - }, - "antlr4-python3-runtime": { - "hashes": [ - "sha256:15793f5d0512a372b4e7d2284058ad32ce7dd27126b105fb0b2245130445db33" - ], - "markers": "python_version >= '3'", - "version": "==4.8" - }, - "apiosintds": { - "hashes": [ - "sha256:d8ab4dcf75a9989572cd6808773b56fdf535b6080d6041d98e911e6c5eb31f3c" - ], - "index": "pypi", - "version": "==1.8.3" - }, - "argparse": { - "hashes": [ - "sha256:62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4", - "sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314" - ], - "version": "==1.4.0" - }, - "assemblyline-client": { - "hashes": [ - "sha256:fd434694ecdfb58f86118ccbbdecf37bc753935c7ae43ef7a74bc5a22fa48d21" - ], - "index": "pypi", - "version": "==4.1.0" - }, - "async-timeout": { - "hashes": [ - "sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f", - "sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3" - ], - "markers": "python_full_version >= '3.5.3'", - "version": "==3.0.1" - }, - "attrs": { - "hashes": [ - "sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1", - "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==21.2.0" - }, - "backports.zoneinfo": { - "hashes": [ - "sha256:17746bd546106fa389c51dbea67c8b7c8f0d14b5526a579ca6ccf5ed72c526cf", - "sha256:1b13e654a55cd45672cb54ed12148cd33628f672548f373963b0bff67b217328", - "sha256:1c5742112073a563c81f786e77514969acb58649bcdf6cdf0b4ed31a348d4546", - "sha256:4a0f800587060bf8880f954dbef70de6c11bbe59c673c3d818921f042f9954a6", - "sha256:5c144945a7752ca544b4b78c8c41544cdfaf9786f25fe5ffb10e838e19a27570", - "sha256:7b0a64cda4145548fed9efc10322770f929b944ce5cee6c0dfe0c87bf4c0c8c9", - "sha256:8439c030a11780786a2002261569bdf362264f605dfa4d65090b64b05c9f79a7", - "sha256:8961c0f32cd0336fb8e8ead11a1f8cd99ec07145ec2931122faaac1c8f7fd987", - "sha256:89a48c0d158a3cc3f654da4c2de1ceba85263fafb861b98b59040a5086259722", - "sha256:a76b38c52400b762e48131494ba26be363491ac4f9a04c1b7e92483d169f6582", - "sha256:da6013fd84a690242c310d77ddb8441a559e9cb3d3d59ebac9aca1a57b2e18bc", - "sha256:e55b384612d93be96506932a786bbcde5a2db7a9e6a4bb4bffe8b733f5b9036b", - "sha256:e81b76cace8eda1fca50e345242ba977f9be6ae3945af8d46326d776b4cf78d1", - "sha256:e8236383a20872c0cdf5a62b554b27538db7fa1bbec52429d8d106effbaeca08", - "sha256:f04e857b59d9d1ccc39ce2da1021d196e47234873820cbeaad210724b1ee28ac", - "sha256:fadbfe37f74051d024037f223b8e001611eac868b5c5b06144ef4d8b799862f2" - ], - "markers": "python_version < '3.9'", - "version": "==0.2.1" - }, - "backscatter": { - "hashes": [ - "sha256:7a0d1aa3661635de81e2a09b15d53e35cbe399a111cc58a70925f80e6874abd3", - "sha256:afb0efcf5d2551dac953ec4c38fb710b274b8e811775650e02c1ef42cafb14c8" - ], - "index": "pypi", - "version": "==0.2.4" - }, - "beautifulsoup4": { - "hashes": [ - "sha256:4c98143716ef1cb40bf7f39a8e3eec8f8b009509e74904ba3a7b315431577e35", - "sha256:84729e322ad1d5b4d25f805bfa05b902dd96450f43842c4e99067d5e1369eb25", - "sha256:fff47e031e34ec82bf17e00da8f592fe7de69aeea38be00523c04623c04fb666" - ], - "index": "pypi", - "version": "==4.9.3" - }, - "bidict": { - "hashes": [ - "sha256:4fa46f7ff96dc244abfc437383d987404ae861df797e2fd5b190e233c302be09", - "sha256:929d056e8d0d9b17ceda20ba5b24ac388e2a4d39802b87f9f4d3f45ecba070bf" - ], - "markers": "python_version >= '3.6'", - "version": "==0.21.2" - }, - "blockchain": { - "hashes": [ - "sha256:dbaa3eebb6f81b4245005739da802c571b09f98d97eb66520afd95d9ccafebe2" - ], - "index": "pypi", - "version": "==1.4.4" - }, - "certifi": { - "hashes": [ - "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", - "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" - ], - "version": "==2021.5.30" - }, - "cffi": { - "hashes": [ - "sha256:06c54a68935738d206570b20da5ef2b6b6d92b38ef3ec45c5422c0ebaf338d4d", - "sha256:0c0591bee64e438883b0c92a7bed78f6290d40bf02e54c5bf0978eaf36061771", - "sha256:19ca0dbdeda3b2615421d54bef8985f72af6e0c47082a8d26122adac81a95872", - "sha256:22b9c3c320171c108e903d61a3723b51e37aaa8c81255b5e7ce102775bd01e2c", - "sha256:26bb2549b72708c833f5abe62b756176022a7b9a7f689b571e74c8478ead51dc", - "sha256:33791e8a2dc2953f28b8d8d300dde42dd929ac28f974c4b4c6272cb2955cb762", - "sha256:3c8d896becff2fa653dc4438b54a5a25a971d1f4110b32bd3068db3722c80202", - "sha256:4373612d59c404baeb7cbd788a18b2b2a8331abcc84c3ba40051fcd18b17a4d5", - "sha256:487d63e1454627c8e47dd230025780e91869cfba4c753a74fda196a1f6ad6548", - "sha256:48916e459c54c4a70e52745639f1db524542140433599e13911b2f329834276a", - "sha256:4922cd707b25e623b902c86188aca466d3620892db76c0bdd7b99a3d5e61d35f", - "sha256:55af55e32ae468e9946f741a5d51f9896da6b9bf0bbdd326843fec05c730eb20", - "sha256:57e555a9feb4a8460415f1aac331a2dc833b1115284f7ded7278b54afc5bd218", - "sha256:5d4b68e216fc65e9fe4f524c177b54964af043dde734807586cf5435af84045c", - "sha256:64fda793737bc4037521d4899be780534b9aea552eb673b9833b01f945904c2e", - "sha256:6d6169cb3c6c2ad50db5b868db6491a790300ade1ed5d1da29289d73bbe40b56", - "sha256:7bcac9a2b4fdbed2c16fa5681356d7121ecabf041f18d97ed5b8e0dd38a80224", - "sha256:80b06212075346b5546b0417b9f2bf467fea3bfe7352f781ffc05a8ab24ba14a", - "sha256:818014c754cd3dba7229c0f5884396264d51ffb87ec86e927ef0be140bfdb0d2", - "sha256:8eb687582ed7cd8c4bdbff3df6c0da443eb89c3c72e6e5dcdd9c81729712791a", - "sha256:99f27fefe34c37ba9875f224a8f36e31d744d8083e00f520f133cab79ad5e819", - "sha256:9f3e33c28cd39d1b655ed1ba7247133b6f7fc16fa16887b120c0c670e35ce346", - "sha256:a8661b2ce9694ca01c529bfa204dbb144b275a31685a075ce123f12331be790b", - "sha256:a9da7010cec5a12193d1af9872a00888f396aba3dc79186604a09ea3ee7c029e", - "sha256:aedb15f0a5a5949ecb129a82b72b19df97bbbca024081ed2ef88bd5c0a610534", - "sha256:b315d709717a99f4b27b59b021e6207c64620790ca3e0bde636a6c7f14618abb", - "sha256:ba6f2b3f452e150945d58f4badd92310449876c4c954836cfb1803bdd7b422f0", - "sha256:c33d18eb6e6bc36f09d793c0dc58b0211fccc6ae5149b808da4a62660678b156", - "sha256:c9a875ce9d7fe32887784274dd533c57909b7b1dcadcc128a2ac21331a9765dd", - "sha256:c9e005e9bd57bc987764c32a1bee4364c44fdc11a3cc20a40b93b444984f2b87", - "sha256:d2ad4d668a5c0645d281dcd17aff2be3212bc109b33814bbb15c4939f44181cc", - "sha256:d950695ae4381ecd856bcaf2b1e866720e4ab9a1498cba61c602e56630ca7195", - "sha256:e22dcb48709fc51a7b58a927391b23ab37eb3737a98ac4338e2448bef8559b33", - "sha256:e8c6a99be100371dbb046880e7a282152aa5d6127ae01783e37662ef73850d8f", - "sha256:e9dc245e3ac69c92ee4c167fbdd7428ec1956d4e754223124991ef29eb57a09d", - "sha256:eb687a11f0a7a1839719edd80f41e459cc5366857ecbed383ff376c4e3cc6afd", - "sha256:eb9e2a346c5238a30a746893f23a9535e700f8192a68c07c0258e7ece6ff3728", - "sha256:ed38b924ce794e505647f7c331b22a693bee1538fdf46b0222c4717b42f744e7", - "sha256:f0010c6f9d1a4011e429109fda55a225921e3206e7f62a0c22a35344bfd13cca", - "sha256:f0c5d1acbfca6ebdd6b1e3eded8d261affb6ddcf2186205518f1428b8569bb99", - "sha256:f10afb1004f102c7868ebfe91c28f4a712227fe4cb24974350ace1f90e1febbf", - "sha256:f174135f5609428cc6e1b9090f9268f5c8935fddb1b25ccb8255a2d50de6789e", - "sha256:f3ebe6e73c319340830a9b2825d32eb6d8475c1dac020b4f0aa774ee3b898d1c", - "sha256:f627688813d0a4140153ff532537fbe4afea5a3dffce1f9deb7f91f848a832b5", - "sha256:fd4305f86f53dfd8cd3522269ed7fc34856a8ee3709a5e28b2836b2db9d4cd69" - ], - "version": "==1.14.6" - }, - "chardet": { - "hashes": [ - "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa", - "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==4.0.0" - }, - "charset-normalizer": { - "hashes": [ - "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b", - "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3" - ], - "markers": "python_version >= '3'", - "version": "==2.0.4" - }, - "clamd": { - "hashes": [ - "sha256:5c32546b7d1eb00fd6be00a889d79e00fbf980ed082826ccfa369bce3dcff5e7", - "sha256:d82a2fd814684a35a1b31feadafb2e69c8ebde9403613f6bdaa5d877c0f29560" - ], - "index": "pypi", - "version": "==1.0.2" - }, - "click": { - "hashes": [ - "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", - "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" - ], - "markers": "python_version >= '3.6'", - "version": "==8.0.1" - }, - "click-plugins": { - "hashes": [ - "sha256:46ab999744a9d831159c3411bb0c79346d94a444df9a3a3742e9ed63645f264b", - "sha256:5d262006d3222f5057fd81e1623d4443e41dcda5dc815c06b442aa3c02889fc8" - ], - "version": "==1.1.1" - }, - "colorama": { - "hashes": [ - "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b", - "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==0.4.4" - }, - "colorclass": { - "hashes": [ - "sha256:b05c2a348dfc1aff2d502527d78a5b7b7e2f85da94a96c5081210d8e9ee8e18b" - ], - "version": "==2.2.0" - }, - "compressed-rtf": { - "hashes": [ - "sha256:c1c827f1d124d24608981a56e8b8691eb1f2a69a78ccad6440e7d92fde1781dd" - ], - "version": "==1.0.6" - }, - "configparser": { - "hashes": [ - "sha256:85d5de102cfe6d14a5172676f09d19c465ce63d6019cf0a4ef13385fc535e828", - "sha256:af59f2cdd7efbdd5d111c1976ecd0b82db9066653362f0962d7bf1d3ab89a1fa" - ], - "markers": "python_version >= '3.6'", - "version": "==5.0.2" - }, - "cryptography": { - "hashes": [ - "sha256:0f1212a66329c80d68aeeb39b8a16d54ef57071bf22ff4e521657b27372e327d", - "sha256:1e056c28420c072c5e3cb36e2b23ee55e260cb04eee08f702e0edfec3fb51959", - "sha256:240f5c21aef0b73f40bb9f78d2caff73186700bf1bc6b94285699aff98cc16c6", - "sha256:26965837447f9c82f1855e0bc8bc4fb910240b6e0d16a664bb722df3b5b06873", - "sha256:37340614f8a5d2fb9aeea67fd159bfe4f5f4ed535b1090ce8ec428b2f15a11f2", - "sha256:3d10de8116d25649631977cb37da6cbdd2d6fa0e0281d014a5b7d337255ca713", - "sha256:3d8427734c781ea5f1b41d6589c293089704d4759e34597dce91014ac125aad1", - "sha256:7ec5d3b029f5fa2b179325908b9cd93db28ab7b85bb6c1db56b10e0b54235177", - "sha256:8e56e16617872b0957d1c9742a3f94b43533447fd78321514abbe7db216aa250", - "sha256:b01fd6f2737816cb1e08ed4807ae194404790eac7ad030b34f2ce72b332f5586", - "sha256:bf40af59ca2465b24e54f671b2de2c59257ddc4f7e5706dbd6930e26823668d3", - "sha256:de4e5f7f68220d92b7637fc99847475b59154b7a1b3868fb7385337af54ac9ca", - "sha256:eb8cc2afe8b05acbd84a43905832ec78e7b3873fb124ca190f574dca7389a87d", - "sha256:ee77aa129f481be46f8d92a1a7db57269a2f23052d5f2433b4621bb457081cc9" - ], - "markers": "python_version >= '3.6'", - "version": "==3.4.7" - }, - "decorator": { - "hashes": [ - "sha256:6e5c199c16f7a9f0e3a61a4a54b3d27e7dad0dbdde92b944426cb20914376323", - "sha256:72ecfba4320a893c53f9706bebb2d55c270c1e51a28789361aa93e4a21319ed5" - ], - "markers": "python_version >= '3.5'", - "version": "==5.0.9" - }, - "deprecated": { - "hashes": [ - "sha256:08452d69b6b5bc66e8330adde0a4f8642e969b9e1702904d137eeb29c8ffc771", - "sha256:6d2de2de7931a968874481ef30208fd4e08da39177d61d3d4ebdf4366e7dbca1" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.2.12" - }, - "dnsdb2": { - "hashes": [ - "sha256:e7ed25c8ca1e456c77deaf67f440ae0c2ff94c714dab4d67df14ccc82f501faf" - ], - "index": "pypi", - "version": "==1.1.3" - }, - "dnspython": { - "hashes": [ - "sha256:95d12f6ef0317118d2a1a6fc49aac65ffec7eb8087474158f42f26a639135216", - "sha256:e4a87f0b573201a0f3727fa18a516b055fd1107e0e5477cded4a2de497df1dd4" - ], - "index": "pypi", - "version": "==2.1.0" - }, - "domaintools-api": { - "hashes": [ - "sha256:10fd899b2fe063a23edbcf15daf516fe14fb4a67ef1bf72af630a183161cb003", - "sha256:fde92d0f1fb0cfc324548eca85c3bab7774ffa93581fd92ced954ce11d5891e1" - ], - "index": "pypi", - "version": "==0.5.4" - }, - "easygui": { - "hashes": [ - "sha256:073f728ca88a77b74f404446fb8ec3004945427677c5618bd00f70c1b999fef2", - "sha256:8d38764803c27bbccab2771e6c021cb20647049b36617f765fac79f01af07a27" - ], - "version": "==0.98.2" - }, - "ebcdic": { - "hashes": [ - "sha256:33b4cb729bc2d0bf46cc1847b0e5946897cb8d3f53520c5b9aa5fa98d7e735f1" - ], - "version": "==1.1.1" - }, - "enum-compat": { - "hashes": [ - "sha256:3677daabed56a6f724451d585662253d8fb4e5569845aafa8bb0da36b1a8751e", - "sha256:88091b617c7fc3bbbceae50db5958023c48dc40b50520005aa3bf27f8f7ea157" - ], - "version": "==0.0.3" - }, - "extract-msg": { - "hashes": [ - "sha256:6ad2702bef86e6c1b8505e2993c7f3d37a1f3d140903138ee2df4a299dd2a29c", - "sha256:7ebdbd7863a3699080a69f71ec0cd30ed9bfee70bad9acc6a8e6abe9523c78c0" - ], - "version": "==0.28.7" - }, - "ez-setup": { - "hashes": [ - "sha256:303c5b17d552d1e3fb0505d80549f8579f557e13d8dc90e5ecef3c07d7f58642" - ], - "version": "==0.9" - }, - "ezodf": { - "hashes": [ - "sha256:000da534f689c6d55297a08f9e2ed7eada9810d194d31d164388162fb391122d" - ], - "index": "pypi", - "version": "==0.3.2" - }, - "filelock": { - "hashes": [ - "sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59", - "sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836" - ], - "version": "==3.0.12" - }, - "future": { - "hashes": [ - "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d" - ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.18.2" - }, - "futures": { - "hashes": [ - "sha256:3a44f286998ae64f0cc083682fcfec16c406134a81a589a5de445d7bb7c2751b", - "sha256:51ecb45f0add83c806c68e4b06106f90db260585b25ef2abfcda0bd95c0132fd", - "sha256:c4884a65654a7c45435063e14ae85280eb1f111d94e542396717ba9828c4337f" - ], - "version": "==3.1.1" - }, - "geoip2": { - "hashes": [ - "sha256:906a1dbf15a179a1af3522970e8420ab15bb3e0afc526942cc179e12146d9c1d", - "sha256:b97b44031fdc463e84eb1316b4f19edd978cb1d78703465fcb1e36dc5a822ba6" - ], - "index": "pypi", - "version": "==4.2.0" - }, - "httplib2": { - "hashes": [ - "sha256:0b12617eeca7433d4c396a100eaecfa4b08ee99aa881e6df6e257a7aad5d533d", - "sha256:2ad195faf9faf079723f6714926e9a9061f694d07724b846658ce08d40f522b4" - ], - "version": "==0.19.1" - }, - "idna": { - "hashes": [ - "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a", - "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3" - ], - "markers": "python_version >= '3'", - "version": "==3.2" - }, - "idna-ssl": { - "hashes": [ - "sha256:a933e3bb13da54383f9e8f35dc4f9cb9eb9b3b78c6b36f311254d6d0d92c6c7c" - ], - "markers": "python_version < '3.7'", - "version": "==1.1.0" - }, - "imapclient": { - "hashes": [ - "sha256:3eeb97b9aa8faab0caa5024d74bfde59408fbd542781246f6960873c7bf0dd01", - "sha256:60ba79758cc9f13ec910d7a3df9acaaf2bb6c458720d9a02ec33a41352fd1b99" - ], - "version": "==2.1.0" - }, - "isodate": { - "hashes": [ - "sha256:2e364a3d5759479cdb2d37cce6b9376ea504db2ff90252a2e5b7cc89cc9ff2d8", - "sha256:aa4d33c06640f5352aca96e4b81afd8ab3b47337cc12089822d6f322ac772c81" - ], - "version": "==0.6.0" - }, - "itsdangerous": { - "hashes": [ - "sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c", - "sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0" - ], - "markers": "python_version >= '3.6'", - "version": "==2.0.1" - }, - "jbxapi": { - "hashes": [ - "sha256:5a1016282bf8a79032346dbe2abb9f597b7e7b811e0964f5bccce9da80eab1b0", - "sha256:99d748c9f48f410d858313d6e53663668231384f895d8ed574a02eada1244bc9" - ], - "index": "pypi", - "version": "==3.17.2" - }, - "json-log-formatter": { - "hashes": [ - "sha256:3644f30233f22746fd181d1340cc8096520a4f464d18877270b8664554e61f81" - ], - "version": "==0.4.0" - }, - "jsonschema": { - "hashes": [ - "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163", - "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a" - ], - "version": "==3.2.0" - }, - "lark-parser": { - "hashes": [ - "sha256:e29ca814a98bb0f81674617d878e5f611cb993c19ea47f22c80da3569425f9bd" - ], - "version": "==0.11.3" - }, - "lief": { - "hashes": [ - "sha256:17314177c0124ccd450554bbcb203b8cd2660c94e36bdc05a6eba04bb0af3954", - "sha256:1cca100e77382f4137a3b1283769efa0e68a965fa4f3e21e64e3f67b6e22fdc8", - "sha256:208294f208354f57ded772efc4c3b2ea61fae35325a048d38c21571cb35e4bfc", - "sha256:3f510836d19cee407015ee565ea566e444471f0ecb3028a5c5e2219a7583f3c4", - "sha256:44bd7804a39837ff46cd543154f6e4a28e2d4fafa312752ca6deea1c849995ce", - "sha256:5122e4e70fecc32e7fdf2e9cd9b580ddd63fb4509eae373be78b3c11d67175b8", - "sha256:544b0f8a587bc5f6fd39cf47d9785af2714f982682efcd1dd3291604e7cb6351", - "sha256:5a0da170943aaf7019b27b9a7199b860298426c0455f88add392f472605c39ee", - "sha256:5f5fb42461b5d5d5b2ccf7fe17e8f26bd632afcbaedf29a9d30819eeea5dab29", - "sha256:621ad19f77884a008d61e05b92aed8309a8460e93916f4722439beaa529ca37d", - "sha256:710112ebc642bf5287a7b25c54c8a4e1079cbb403d4e844a364e1c3cbed52486", - "sha256:8b219ce4a41b0734fe9a7fbfde7d23a92bc005c8684882662808fc438568c1b5", - "sha256:8fd1ecdb3001e8e19df7278b77df5d6394ad6071354e177d11ad08b0a727d390", - "sha256:932ba495388fb52b4ba056a0b00abe0bda3567ad3ebc6d726be1e87b8be08b3f", - "sha256:9c6cc9da3e3a56ad29fc4e77e7109e960bd0cae3e3ba5307e3ae5c65d85fbdc4", - "sha256:a1f7792f1d811a898d3d676c32731d6b055573a2c3e67988ab1b32917db3de96", - "sha256:a4bb649a2f5404b8e2e4b8beb3772466430e7382fc5f7f014f3f778137133987", - "sha256:b275a542b5ef173ec9602d2f511a895c4228db63bbbc58699859da4afe8bfd58", - "sha256:bfc0246af63361e22a952f8babd542477d64288d993c5a053a72f9e3f59da795", - "sha256:c672dcd78dbbe2c0746721cdb1593b237a8b983d039e73713b055449e4a58207", - "sha256:c773eaee900f398cc98a9c8501d9ab7465af9729979841bb78f4aaa8b821fd9a", - "sha256:e6d9621c1db852ca4de37efe98151838edf0a976fe03cace471b3a761861f95e", - "sha256:e743345290649f54efcf2c1ea530f3520a7b22583fb8b0772df48b1901ecb1ea", - "sha256:eb8c2ae617ff54c4ea73dbd055544681b3cfeafbdbf0fe4535fac494515ab65b", - "sha256:f4e8a878615a46ef4ae016261a59152b8c019a35adb865e26a37c8ef25200d7e", - "sha256:fd41077526e30bfcafa3d03bff8466a4a9ae4bbe21cadd6a09168a62ce18710c" - ], - "version": "==0.11.5" - }, - "lxml": { - "hashes": [ - "sha256:079f3ae844f38982d156efce585bc540c16a926d4436712cf4baee0cce487a3d", - "sha256:0fbcf5565ac01dff87cbfc0ff323515c823081c5777a9fc7703ff58388c258c3", - "sha256:122fba10466c7bd4178b07dba427aa516286b846b2cbd6f6169141917283aae2", - "sha256:1b38116b6e628118dea5b2186ee6820ab138dbb1e24a13e478490c7db2f326ae", - "sha256:1b7584d421d254ab86d4f0b13ec662a9014397678a7c4265a02a6d7c2b18a75f", - "sha256:26e761ab5b07adf5f555ee82fb4bfc35bf93750499c6c7614bd64d12aaa67927", - "sha256:289e9ca1a9287f08daaf796d96e06cb2bc2958891d7911ac7cae1c5f9e1e0ee3", - "sha256:2a9d50e69aac3ebee695424f7dbd7b8c6d6eb7de2a2eb6b0f6c7db6aa41e02b7", - "sha256:3082c518be8e97324390614dacd041bb1358c882d77108ca1957ba47738d9d59", - "sha256:33bb934a044cf32157c12bfcfbb6649807da20aa92c062ef51903415c704704f", - "sha256:3439c71103ef0e904ea0a1901611863e51f50b5cd5e8654a151740fde5e1cade", - "sha256:36108c73739985979bf302006527cf8a20515ce444ba916281d1c43938b8bb96", - "sha256:39b78571b3b30645ac77b95f7c69d1bffc4cf8c3b157c435a34da72e78c82468", - "sha256:4289728b5e2000a4ad4ab8da6e1db2e093c63c08bdc0414799ee776a3f78da4b", - "sha256:4bff24dfeea62f2e56f5bab929b4428ae6caba2d1eea0c2d6eb618e30a71e6d4", - "sha256:4c61b3a0db43a1607d6264166b230438f85bfed02e8cff20c22e564d0faff354", - "sha256:542d454665a3e277f76954418124d67516c5f88e51a900365ed54a9806122b83", - "sha256:5a0a14e264069c03e46f926be0d8919f4105c1623d620e7ec0e612a2e9bf1c04", - "sha256:5c8c163396cc0df3fd151b927e74f6e4acd67160d6c33304e805b84293351d16", - "sha256:64812391546a18896adaa86c77c59a4998f33c24788cadc35789e55b727a37f4", - "sha256:66e575c62792c3f9ca47cb8b6fab9e35bab91360c783d1606f758761810c9791", - "sha256:6f12e1427285008fd32a6025e38e977d44d6382cf28e7201ed10d6c1698d2a9a", - "sha256:74f7d8d439b18fa4c385f3f5dfd11144bb87c1da034a466c5b5577d23a1d9b51", - "sha256:7610b8c31688f0b1be0ef882889817939490a36d0ee880ea562a4e1399c447a1", - "sha256:76fa7b1362d19f8fbd3e75fe2fb7c79359b0af8747e6f7141c338f0bee2f871a", - "sha256:7728e05c35412ba36d3e9795ae8995e3c86958179c9770e65558ec3fdfd3724f", - "sha256:8157dadbb09a34a6bd95a50690595e1fa0af1a99445e2744110e3dca7831c4ee", - "sha256:820628b7b3135403540202e60551e741f9b6d3304371712521be939470b454ec", - "sha256:884ab9b29feaca361f7f88d811b1eea9bfca36cf3da27768d28ad45c3ee6f969", - "sha256:89b8b22a5ff72d89d48d0e62abb14340d9e99fd637d046c27b8b257a01ffbe28", - "sha256:92e821e43ad382332eade6812e298dc9701c75fe289f2a2d39c7960b43d1e92a", - "sha256:b007cbb845b28db4fb8b6a5cdcbf65bacb16a8bd328b53cbc0698688a68e1caa", - "sha256:bc4313cbeb0e7a416a488d72f9680fffffc645f8a838bd2193809881c67dd106", - "sha256:bccbfc27563652de7dc9bdc595cb25e90b59c5f8e23e806ed0fd623755b6565d", - "sha256:c1a40c06fd5ba37ad39caa0b3144eb3772e813b5fb5b084198a985431c2f1e8d", - "sha256:c47ff7e0a36d4efac9fd692cfa33fbd0636674c102e9e8d9b26e1b93a94e7617", - "sha256:c4f05c5a7c49d2fb70223d0d5bcfbe474cf928310ac9fa6a7c6dddc831d0b1d4", - "sha256:cdaf11d2bd275bf391b5308f86731e5194a21af45fbaaaf1d9e8147b9160ea92", - "sha256:ce256aaa50f6cc9a649c51be3cd4ff142d67295bfc4f490c9134d0f9f6d58ef0", - "sha256:d2e35d7bf1c1ac8c538f88d26b396e73dd81440d59c1ef8522e1ea77b345ede4", - "sha256:d916d31fd85b2f78c76400d625076d9124de3e4bda8b016d25a050cc7d603f24", - "sha256:df7c53783a46febb0e70f6b05df2ba104610f2fb0d27023409734a3ecbb78fb2", - "sha256:e1cbd3f19a61e27e011e02f9600837b921ac661f0c40560eefb366e4e4fb275e", - "sha256:efac139c3f0bf4f0939f9375af4b02c5ad83a622de52d6dfa8e438e8e01d0eb0", - "sha256:efd7a09678fd8b53117f6bae4fa3825e0a22b03ef0a932e070c0bdbb3a35e654", - "sha256:f2380a6376dfa090227b663f9678150ef27543483055cc327555fb592c5967e2", - "sha256:f8380c03e45cf09f8557bdaa41e1fa7c81f3ae22828e1db470ab2a6c96d8bc23", - "sha256:f90ba11136bfdd25cae3951af8da2e95121c9b9b93727b1b896e3fa105b2f586" - ], - "index": "pypi", - "version": "==4.6.3" - }, - "maclookup": { - "hashes": [ - "sha256:33bf8eaebe3b1e4ab4ae9277dd93c78024e0ebf6b3c42f76c37695bc26ce287a", - "sha256:795e792cd3e03c9bdad77e52904d43ff71d3ac03b360443f99d4bae08a6bffef" - ], - "index": "pypi", - "version": "==1.0.3" - }, - "markdownify": { - "hashes": [ - "sha256:30be8340724e706c9e811c27fe8c1542cf74a15b46827924fff5c54b40dd9b0d", - "sha256:a69588194fd76634f0139d6801b820fd652dc5eeba9530e90d323dfdc0155252" - ], - "index": "pypi", - "version": "==0.5.3" - }, - "maxminddb": { - "hashes": [ - "sha256:47e86a084dd814fac88c99ea34ba3278a74bc9de5a25f4b815b608798747c7dc" - ], - "markers": "python_version >= '3.6'", - "version": "==2.0.3" - }, - "misp-modules": { - "editable": true, - "path": "." - }, - "more-itertools": { - "hashes": [ - "sha256:2cf89ec599962f2ddc4d568a05defc40e0a587fbc10d5989713638864c36be4d", - "sha256:83f0308e05477c68f56ea3a888172c78ed5d5b3c282addb67508e7ba6c8f813a" - ], - "markers": "python_version >= '3.5'", - "version": "==8.8.0" - }, - "msoffcrypto-tool": { - "hashes": [ - "sha256:234f85ef59945fa1ebb618ca029f31f0cb43a637344dbda5c1bb8578b2d96a68", - "sha256:7f04b621365e3753f8cef8ba40536acc23d0d201c0ad2dcb1b3d82c83056b7ff" - ], - "markers": "python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin')", - "version": "==4.12.0" - }, - "multidict": { - "hashes": [ - "sha256:018132dbd8688c7a69ad89c4a3f39ea2f9f33302ebe567a879da8f4ca73f0d0a", - "sha256:051012ccee979b2b06be928a6150d237aec75dd6bf2d1eeeb190baf2b05abc93", - "sha256:05c20b68e512166fddba59a918773ba002fdd77800cad9f55b59790030bab632", - "sha256:07b42215124aedecc6083f1ce6b7e5ec5b50047afa701f3442054373a6deb656", - "sha256:0e3c84e6c67eba89c2dbcee08504ba8644ab4284863452450520dad8f1e89b79", - "sha256:0e929169f9c090dae0646a011c8b058e5e5fb391466016b39d21745b48817fd7", - "sha256:1ab820665e67373de5802acae069a6a05567ae234ddb129f31d290fc3d1aa56d", - "sha256:25b4e5f22d3a37ddf3effc0710ba692cfc792c2b9edfb9c05aefe823256e84d5", - "sha256:2e68965192c4ea61fff1b81c14ff712fc7dc15d2bd120602e4a3494ea6584224", - "sha256:2f1a132f1c88724674271d636e6b7351477c27722f2ed789f719f9e3545a3d26", - "sha256:37e5438e1c78931df5d3c0c78ae049092877e5e9c02dd1ff5abb9cf27a5914ea", - "sha256:3a041b76d13706b7fff23b9fc83117c7b8fe8d5fe9e6be45eee72b9baa75f348", - "sha256:3a4f32116f8f72ecf2a29dabfb27b23ab7cdc0ba807e8459e59a93a9be9506f6", - "sha256:46c73e09ad374a6d876c599f2328161bcd95e280f84d2060cf57991dec5cfe76", - "sha256:46dd362c2f045095c920162e9307de5ffd0a1bfbba0a6e990b344366f55a30c1", - "sha256:4b186eb7d6ae7c06eb4392411189469e6a820da81447f46c0072a41c748ab73f", - "sha256:54fd1e83a184e19c598d5e70ba508196fd0bbdd676ce159feb412a4a6664f952", - "sha256:585fd452dd7782130d112f7ddf3473ffdd521414674c33876187e101b588738a", - "sha256:5cf3443199b83ed9e955f511b5b241fd3ae004e3cb81c58ec10f4fe47c7dce37", - "sha256:6a4d5ce640e37b0efcc8441caeea8f43a06addace2335bd11151bc02d2ee31f9", - "sha256:7df80d07818b385f3129180369079bd6934cf70469f99daaebfac89dca288359", - "sha256:806068d4f86cb06af37cd65821554f98240a19ce646d3cd24e1c33587f313eb8", - "sha256:830f57206cc96ed0ccf68304141fec9481a096c4d2e2831f311bde1c404401da", - "sha256:929006d3c2d923788ba153ad0de8ed2e5ed39fdbe8e7be21e2f22ed06c6783d3", - "sha256:9436dc58c123f07b230383083855593550c4d301d2532045a17ccf6eca505f6d", - "sha256:9dd6e9b1a913d096ac95d0399bd737e00f2af1e1594a787e00f7975778c8b2bf", - "sha256:ace010325c787c378afd7f7c1ac66b26313b3344628652eacd149bdd23c68841", - "sha256:b47a43177a5e65b771b80db71e7be76c0ba23cc8aa73eeeb089ed5219cdbe27d", - "sha256:b797515be8743b771aa868f83563f789bbd4b236659ba52243b735d80b29ed93", - "sha256:b7993704f1a4b204e71debe6095150d43b2ee6150fa4f44d6d966ec356a8d61f", - "sha256:d5c65bdf4484872c4af3150aeebe101ba560dcfb34488d9a8ff8dbcd21079647", - "sha256:d81eddcb12d608cc08081fa88d046c78afb1bf8107e6feab5d43503fea74a635", - "sha256:dc862056f76443a0db4509116c5cd480fe1b6a2d45512a653f9a855cc0517456", - "sha256:ecc771ab628ea281517e24fd2c52e8f31c41e66652d07599ad8818abaad38cda", - "sha256:f200755768dc19c6f4e2b672421e0ebb3dd54c38d5a4f262b872d8cfcc9e93b5", - "sha256:f21756997ad8ef815d8ef3d34edd98804ab5ea337feedcd62fb52d22bf531281", - "sha256:fc13a9524bc18b6fb6e0dbec3533ba0496bbed167c56d0aabefd965584557d80" - ], - "markers": "python_version >= '3.6'", - "version": "==5.1.0" - }, - "np": { - "hashes": [ - "sha256:781265283f3823663ad8fb48741aae62abcf4c78bc19f908f8aa7c1d3eb132f8" - ], - "index": "pypi", - "version": "==1.0.2" - }, - "numpy": { - "hashes": [ - "sha256:09858463db6dd9f78b2a1a05c93f3b33d4f65975771e90d2cf7aadb7c2f66edf", - "sha256:209666ce9d4a817e8a4597cd475b71b4878a85fa4b8db41d79fdb4fdee01dde2", - "sha256:298156f4d3d46815eaf0fcf0a03f9625fc7631692bd1ad851517ab93c3168fc6", - "sha256:30fc68307c0155d2a75ad19844224be0f2c6f06572d958db4e2053f816b859ad", - "sha256:423216d8afc5923b15df86037c6053bf030d15cc9e3224206ef868c2d63dd6dc", - "sha256:426a00b68b0d21f2deb2ace3c6d677e611ad5a612d2c76494e24a562a930c254", - "sha256:466e682264b14982012887e90346d33435c984b7fead7b85e634903795c8fdb0", - "sha256:51a7b9db0a2941434cd930dacaafe0fc9da8f3d6157f9d12f761bbde93f46218", - "sha256:52a664323273c08f3b473548bf87c8145b7513afd63e4ebba8496ecd3853df13", - "sha256:550564024dc5ceee9421a86fc0fb378aa9d222d4d0f858f6669eff7410c89bef", - "sha256:5de64950137f3a50b76ce93556db392e8f1f954c2d8207f78a92d1f79aa9f737", - "sha256:640c1ccfd56724f2955c237b6ccce2e5b8607c3bc1cc51d3933b8c48d1da3723", - "sha256:7fdc7689daf3b845934d67cb221ba8d250fdca20ac0334fea32f7091b93f00d3", - "sha256:805459ad8baaf815883d0d6f86e45b3b0b67d823a8f3fa39b1ed9c45eaf5edf1", - "sha256:92a0ab128b07799dd5b9077a9af075a63467d03ebac6f8a93e6440abfea4120d", - "sha256:9f2dc79c093f6c5113718d3d90c283f11463d77daa4e83aeeac088ec6a0bda52", - "sha256:a5109345f5ce7ddb3840f5970de71c34a0ff7fceb133c9441283bb8250f532a3", - "sha256:a55e4d81c4260386f71d22294795c87609164e22b28ba0d435850fbdf82fc0c5", - "sha256:a9da45b748caad72ea4a4ed57e9cd382089f33c5ec330a804eb420a496fa760f", - "sha256:b160b9a99ecc6559d9e6d461b95c8eec21461b332f80267ad2c10394b9503496", - "sha256:b342064e647d099ca765f19672696ad50c953cac95b566af1492fd142283580f", - "sha256:b5e8590b9245803c849e09bae070a8e1ff444f45e3f0bed558dd722119eea724", - "sha256:bf75d5825ef47aa51d669b03ce635ecb84d69311e05eccea083f31c7570c9931", - "sha256:c01b59b33c7c3ba90744f2c695be571a3bd40ab2ba7f3d169ffa6db3cfba614f", - "sha256:d96a6a7d74af56feb11e9a443150216578ea07b7450f7c05df40eec90af7f4a7", - "sha256:dd0e3651d210068d13e18503d75aaa45656eef51ef0b261f891788589db2cc38", - "sha256:e167b9805de54367dcb2043519382be541117503ce99e3291cc9b41ca0a83557", - "sha256:e42029e184008a5fd3d819323345e25e2337b0ac7f5c135b7623308530209d57", - "sha256:f545c082eeb09ae678dd451a1b1dbf17babd8a0d7adea02897a76e639afca310", - "sha256:fde50062d67d805bc96f1a9ecc0d37bfc2a8f02b937d2c50824d186aa91f2419" - ], - "markers": "python_version < '3.11' and python_version >= '3.7'", - "version": "==1.21.2" - }, - "oauth2": { - "hashes": [ - "sha256:15b5c42301f46dd63113f1214b0d81a8b16254f65a86d3c32a1b52297f3266e6", - "sha256:c006a85e7c60107c7cc6da1b184b5c719f6dd7202098196dfa6e55df669b59bf" - ], - "index": "pypi", - "version": "==1.9.0.post1" - }, - "odtreader": { - "editable": true, - "git": "https://github.com/cartertemm/ODTReader.git/", - "ref": "49d6938693f6faa3ff09998f86dba551ae3a996b" - }, - "olefile": { - "hashes": [ - "sha256:133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.46" - }, - "oletools": { - "hashes": [ - "sha256:e2a6d3e3c860822d8539d47cfd89bb681a9663ae4d1ea9ec99e88b14d85b6c4e", - "sha256:eb5310d15e79201f4d33d8107209dd8795a7ea0178030ecbc45c4cc915a166e2" - ], - "version": "==0.56.2" - }, - "opencv-python": { - "hashes": [ - "sha256:05c5139d620e8d02f7ce0921796d55736fa19fa15e2ec00a388db2eb1ae1e9a1", - "sha256:085232718f28bddd265da480874c37db5c7354cb08f23f4a68a8639b16276a89", - "sha256:18a4a14015eee30d9cd514db8cdefbf594b1d5c234762d27abe512d62a333bc3", - "sha256:205a73adb29c37e42475645519e612e843a985475da993d10b4d5daa6afec36a", - "sha256:3c001d3feec7f3140f1fb78dfc52ca28122db8240826882d175a208a89d2731b", - "sha256:437f30e300725e1d1b3744dbfbc66a523a4744792b58f3dbe1e9140c8f4dfba5", - "sha256:5366fcd6eae4243add3c8c92142045850f1db8e464bcf0b75313e1596b2e3671", - "sha256:54c64e86a087841869901fd34462bb6bec01cd4652800fdf5d92fe7b0596c82f", - "sha256:6763729fcfee2a08e069aa1982c9a8c1abf55b9cdf2fb9640eda1d85bdece19a", - "sha256:68813b720b88e4951e84399b9a8a7b532d45a07a96ea8f539636242f862e32e0", - "sha256:7f41b97d84ac66bdf13cb4d9f4dad3e159525ba1e3f421e670c787ce536eb70a", - "sha256:831b92fe63ce18dd628f71104da7e60596658b75e2fa16b83aefa3eb10c115e2", - "sha256:881f3d85269500e0c7d72b140a6ebb5c14a089f8140fb9da7ce01f12a245858e", - "sha256:8852be06c0749fef0d9c58f532bbcb0570968c59e41cf56b90f5c92593c6e108", - "sha256:8b5bc61be7fc8565140b746288b370a4bfdb4edb9d680b66bb914e7690485db1", - "sha256:8d3282138f3a8646941089aae142684910ebe40776266448eab5f4bb609fc63f", - "sha256:9a78558b5ae848386edbb843c761e5fed5a8480be9af16274a5a78838529edeb", - "sha256:b42bbba9f5421865377c7960bd4f3dd881003b322a6bf46ed2302b89224d102b", - "sha256:c360cb76ad1ddbd5d2d3e730b42f2ff6e4be08ea6f4a6eefacca175d27467e8f", - "sha256:cdc3363c2911d7cfc6c9f55308c51c2841a7aecbf0bf5e791499d220ce89d880", - "sha256:e1f54736272830a1e895cedf7a4ee67737e31e966d380c82a81ef22515d043a3", - "sha256:e42c644a70d5c54f53a4b114dbd88b4eb83f42a9ca998f07bd5682f3f404efcc", - "sha256:f1bda4d144f5204e077ca4571453ebb2015e5748d5e0043386c92c2bbf7f52eb", - "sha256:f3ac2355217114a683f3f72a9c40a5890914a59c4a2df62e4083c66ff65c9cf9" - ], - "index": "pypi", - "version": "==4.5.3.56" - }, - "pandas": { - "hashes": [ - "sha256:0cd5776be891331a3e6b425b5abeab9596abea18435c5982191356f9b24ae731", - "sha256:1099e2a0cd3a01ec62cca183fc1555833a2d43764950ef8cb5948c8abfc51014", - "sha256:132def05e73d292c949b02e7ef873debb77acc44a8b119d215921046f0c3a91d", - "sha256:1738154049062156429a5cf2fd79a69c9f3fa4f231346a7ec6fd156cd1a9a621", - "sha256:34ced9ce5d5b17b556486da7256961b55b471d64a8990b56e67a84ebeb259416", - "sha256:53b17e4debba26b7446b1e4795c19f94f0c715e288e08145e44bdd2865e819b3", - "sha256:59a78d7066d1c921a77e3306aa0ebf6e55396c097d5dfcc4df8defe3dcecb735", - "sha256:66a95361b81b4ba04b699ecd2416b0591f40cd1e24c60a8bfe0d19009cfa575a", - "sha256:69e1b2f5811f46827722fd641fdaeedb26002bd1e504eacc7a8ec36bdc25393e", - "sha256:7996d311413379136baf0f3cf2a10e331697657c87ced3f17ac7c77f77fe34a3", - "sha256:89f40e5d21814192802421df809f948247d39ffe171e45fe2ab4abf7bd4279d8", - "sha256:9cce01f6d655b4add966fcd36c32c5d1fe84628e200626b3f5e2f40db2d16a0f", - "sha256:a56246de744baf646d1f3e050c4653d632bc9cd2e0605f41051fea59980e880a", - "sha256:ba7ceb8abc6dbdb1e34612d1173d61e4941f1a1eb7e6f703b2633134ae6a6c89", - "sha256:c9e8e0ce5284ebebe110efd652c164ed6eab77f5de4c3533abc756302ee77765", - "sha256:cbcb84d63867af3411fa063af3de64902665bb5b3d40b25b2059e40603594e87", - "sha256:f07a9745ca075ae73a5ce116f5e58f691c0dc9de0bff163527858459df5c176f", - "sha256:fa54dc1d3e5d004a09ab0b1751473698011ddf03e14f1f59b84ad9a6ac630975", - "sha256:fcb71b1935249de80e3a808227189eee381d4d74a31760ced2df21eedc92a8e3" - ], - "index": "pypi", - "version": "==1.3.2" - }, - "pandas-ods-reader": { - "hashes": [ - "sha256:bea2dd630416cd73cbf6e3e8a6d5b291ae7780f3fa2989e5583df12620c3963f" - ], - "index": "pypi", - "version": "==0.1.2" - }, - "passivetotal": { - "hashes": [ - "sha256:246b5a331e39f862dc195c650ede1f6968cea923cd2512cfd51d5e0d6746b912", - "sha256:7896269acfcddb5ee649a06878b1e237ae771ab2063ebdaca3bf46f60e333a3c" - ], - "index": "pypi", - "version": "==2.5.4" - }, - "pcodedmp": { - "hashes": [ - "sha256:025f8c809a126f45a082ffa820893e6a8d990d9d7ddb68694b5a9f0a6dbcd955", - "sha256:4441f7c0ab4cbda27bd4668db3b14f36261d86e5059ce06c0828602cbe1c4278" - ], - "version": "==1.2.6" - }, - "pdftotext": { - "hashes": [ - "sha256:efbbfb14cf37ed7ab2c71936bae44707dfed6bb3be7ea5214e9c44c8c258c7af" - ], - "index": "pypi", - "version": "==2.2.0" - }, - "pillow": { - "hashes": [ - "sha256:0b2efa07f69dc395d95bb9ef3299f4ca29bcb2157dc615bae0b42c3c20668ffc", - "sha256:114f816e4f73f9ec06997b2fde81a92cbf0777c9e8f462005550eed6bae57e63", - "sha256:147bd9e71fb9dcf08357b4d530b5167941e222a6fd21f869c7911bac40b9994d", - "sha256:15a2808e269a1cf2131930183dcc0419bc77bb73eb54285dde2706ac9939fa8e", - "sha256:196560dba4da7a72c5e7085fccc5938ab4075fd37fe8b5468869724109812edd", - "sha256:1c03e24be975e2afe70dfc5da6f187eea0b49a68bb2b69db0f30a61b7031cee4", - "sha256:1fd5066cd343b5db88c048d971994e56b296868766e461b82fa4e22498f34d77", - "sha256:29c9569049d04aaacd690573a0398dbd8e0bf0255684fee512b413c2142ab723", - "sha256:2b6dfa068a8b6137da34a4936f5a816aba0ecc967af2feeb32c4393ddd671cba", - "sha256:2cac53839bfc5cece8fdbe7f084d5e3ee61e1303cccc86511d351adcb9e2c792", - "sha256:2ee77c14a0299d0541d26f3d8500bb57e081233e3fa915fa35abd02c51fa7fae", - "sha256:37730f6e68bdc6a3f02d2079c34c532330d206429f3cee651aab6b66839a9f0e", - "sha256:3f08bd8d785204149b5b33e3b5f0ebbfe2190ea58d1a051c578e29e39bfd2367", - "sha256:479ab11cbd69612acefa8286481f65c5dece2002ffaa4f9db62682379ca3bb77", - "sha256:4bc3c7ef940eeb200ca65bd83005eb3aae8083d47e8fcbf5f0943baa50726856", - "sha256:660a87085925c61a0dcc80efb967512ac34dbb256ff7dd2b9b4ee8dbdab58cf4", - "sha256:67b3666b544b953a2777cb3f5a922e991be73ab32635666ee72e05876b8a92de", - "sha256:70af7d222df0ff81a2da601fab42decb009dc721545ed78549cb96e3a1c5f0c8", - "sha256:75e09042a3b39e0ea61ce37e941221313d51a9c26b8e54e12b3ececccb71718a", - "sha256:8960a8a9f4598974e4c2aeb1bff9bdd5db03ee65fd1fce8adf3223721aa2a636", - "sha256:9364c81b252d8348e9cc0cb63e856b8f7c1b340caba6ee7a7a65c968312f7dab", - "sha256:969cc558cca859cadf24f890fc009e1bce7d7d0386ba7c0478641a60199adf79", - "sha256:9a211b663cf2314edbdb4cf897beeb5c9ee3810d1d53f0e423f06d6ebbf9cd5d", - "sha256:a17ca41f45cf78c2216ebfab03add7cc350c305c38ff34ef4eef66b7d76c5229", - "sha256:a2f381932dca2cf775811a008aa3027671ace723b7a38838045b1aee8669fdcf", - "sha256:a4eef1ff2d62676deabf076f963eda4da34b51bc0517c70239fafed1d5b51500", - "sha256:c088a000dfdd88c184cc7271bfac8c5b82d9efa8637cd2b68183771e3cf56f04", - "sha256:c0e0550a404c69aab1e04ae89cca3e2a042b56ab043f7f729d984bf73ed2a093", - "sha256:c11003197f908878164f0e6da15fce22373ac3fc320cda8c9d16e6bba105b844", - "sha256:c2a5ff58751670292b406b9f06e07ed1446a4b13ffced6b6cab75b857485cbc8", - "sha256:c35d09db702f4185ba22bb33ef1751ad49c266534339a5cebeb5159d364f6f82", - "sha256:c379425c2707078dfb6bfad2430728831d399dc95a7deeb92015eb4c92345eaf", - "sha256:cc866706d56bd3a7dbf8bac8660c6f6462f2f2b8a49add2ba617bc0c54473d83", - "sha256:d0da39795049a9afcaadec532e7b669b5ebbb2a9134576ebcc15dd5bdae33cc0", - "sha256:f156d6ecfc747ee111c167f8faf5f4953761b5e66e91a4e6767e548d0f80129c", - "sha256:f4ebde71785f8bceb39dcd1e7f06bcc5d5c3cf48b9f69ab52636309387b097c8", - "sha256:fc214a6b75d2e0ea7745488da7da3c381f41790812988c7a92345978414fad37", - "sha256:fd7eef578f5b2200d066db1b50c4aa66410786201669fb76d5238b007918fb24", - "sha256:ff04c373477723430dce2e9d024c708a047d44cf17166bf16e604b379bf0ca14" - ], - "index": "pypi", - "version": "==8.3.1" - }, - "progressbar2": { - "hashes": [ - "sha256:ef72be284e7f2b61ac0894b44165926f13f5d995b2bf3cd8a8dedc6224b255a7", - "sha256:fe2738e7ecb7df52ad76307fe610c460c52b50f5335fd26c3ab80ff7655ba1e0" - ], - "version": "==3.53.1" - }, - "psutil": { - "hashes": [ - "sha256:0066a82f7b1b37d334e68697faba68e5ad5e858279fd6351c8ca6024e8d6ba64", - "sha256:02b8292609b1f7fcb34173b25e48d0da8667bc85f81d7476584d889c6e0f2131", - "sha256:0ae6f386d8d297177fd288be6e8d1afc05966878704dad9847719650e44fc49c", - "sha256:0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6", - "sha256:0dd4465a039d343925cdc29023bb6960ccf4e74a65ad53e768403746a9207023", - "sha256:12d844996d6c2b1d3881cfa6fa201fd635971869a9da945cf6756105af73d2df", - "sha256:1bff0d07e76114ec24ee32e7f7f8d0c4b0514b3fae93e3d2aaafd65d22502394", - "sha256:245b5509968ac0bd179287d91210cd3f37add77dad385ef238b275bad35fa1c4", - "sha256:28ff7c95293ae74bf1ca1a79e8805fcde005c18a122ca983abf676ea3466362b", - "sha256:36b3b6c9e2a34b7d7fbae330a85bf72c30b1c827a4366a07443fc4b6270449e2", - "sha256:52de075468cd394ac98c66f9ca33b2f54ae1d9bff1ef6b67a212ee8f639ec06d", - "sha256:5da29e394bdedd9144c7331192e20c1f79283fb03b06e6abd3a8ae45ffecee65", - "sha256:61f05864b42fedc0771d6d8e49c35f07efd209ade09a5afe6a5059e7bb7bf83d", - "sha256:6223d07a1ae93f86451d0198a0c361032c4c93ebd4bf6d25e2fb3edfad9571ef", - "sha256:6323d5d845c2785efb20aded4726636546b26d3b577aded22492908f7c1bdda7", - "sha256:6ffe81843131ee0ffa02c317186ed1e759a145267d54fdef1bc4ea5f5931ab60", - "sha256:74f2d0be88db96ada78756cb3a3e1b107ce8ab79f65aa885f76d7664e56928f6", - "sha256:74fb2557d1430fff18ff0d72613c5ca30c45cdbfcddd6a5773e9fc1fe9364be8", - "sha256:90d4091c2d30ddd0a03e0b97e6a33a48628469b99585e2ad6bf21f17423b112b", - "sha256:90f31c34d25b1b3ed6c40cdd34ff122b1887a825297c017e4cbd6796dd8b672d", - "sha256:99de3e8739258b3c3e8669cb9757c9a861b2a25ad0955f8e53ac662d66de61ac", - "sha256:c6a5fd10ce6b6344e616cf01cc5b849fa8103fbb5ba507b6b2dee4c11e84c935", - "sha256:ce8b867423291cb65cfc6d9c4955ee9bfc1e21fe03bb50e177f2b957f1c2469d", - "sha256:d225cd8319aa1d3c85bf195c4e07d17d3cd68636b8fc97e6cf198f782f99af28", - "sha256:ea313bb02e5e25224e518e4352af4bf5e062755160f77e4b1767dd5ccb65f876", - "sha256:ea372bcc129394485824ae3e3ddabe67dc0b118d262c568b4d2602a7070afdb0", - "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3", - "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563" - ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==5.8.0" - }, - "pybgpranking": { - "editable": true, - "git": "https://github.com/D4-project/BGP-Ranking.git/", - "ref": "68de39f6c5196f796055c1ac34504054d688aa59", - "subdirectory": "client" - }, - "pycparser": { - "hashes": [ - "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0", - "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.20" - }, - "pycryptodome": { - "hashes": [ - "sha256:09c1555a3fa450e7eaca41ea11cd00afe7c91fef52353488e65663777d8524e0", - "sha256:12222a5edc9ca4a29de15fbd5339099c4c26c56e13c2ceddf0b920794f26165d", - "sha256:1723ebee5561628ce96748501cdaa7afaa67329d753933296321f0be55358dce", - "sha256:1c5e1ca507de2ad93474be5cfe2bfa76b7cf039a1a32fc196f40935944871a06", - "sha256:2603c98ae04aac675fefcf71a6c87dc4bb74a75e9071ae3923bbc91a59f08d35", - "sha256:2dea65df54349cdfa43d6b2e8edb83f5f8d6861e5cf7b1fbc3e34c5694c85e27", - "sha256:31c1df17b3dc5f39600a4057d7db53ac372f492c955b9b75dd439f5d8b460129", - "sha256:38661348ecb71476037f1e1f553159b80d256c00f6c0b00502acac891f7116d9", - "sha256:3e2e3a06580c5f190df843cdb90ea28d61099cf4924334d5297a995de68e4673", - "sha256:3f840c49d38986f6e17dbc0673d37947c88bc9d2d9dba1c01b979b36f8447db1", - "sha256:501ab36aae360e31d0ec370cf5ce8ace6cb4112060d099b993bc02b36ac83fb6", - "sha256:60386d1d4cfaad299803b45a5bc2089696eaf6cdd56f9fc17479a6f89595cfc8", - "sha256:6260e24d41149268122dd39d4ebd5941e9d107f49463f7e071fd397e29923b0c", - "sha256:6bbf7fee7b7948b29d7e71fcacf48bac0c57fb41332007061a933f2d996f9713", - "sha256:6d2df5223b12437e644ce0a3be7809471ffa71de44ccd28b02180401982594a6", - "sha256:758949ca62690b1540dfb24ad773c6da9cd0e425189e83e39c038bbd52b8e438", - "sha256:77997519d8eb8a4adcd9a47b9cec18f9b323e296986528186c0e9a7a15d6a07e", - "sha256:7fd519b89585abf57bf47d90166903ec7b43af4fe23c92273ea09e6336af5c07", - "sha256:98213ac2b18dc1969a47bc65a79a8fca02a414249d0c8635abb081c7f38c91b6", - "sha256:99b2f3fc51d308286071d0953f92055504a6ffe829a832a9fc7a04318a7683dd", - "sha256:9b6f711b25e01931f1c61ce0115245a23cdc8b80bf8539ac0363bdcf27d649b6", - "sha256:a3105a0eb63eacf98c2ecb0eb4aa03f77f40fbac2bdde22020bb8a536b226bb8", - "sha256:a8eb8b6ea09ec1c2535bf39914377bc8abcab2c7d30fa9225eb4fe412024e427", - "sha256:a92d5c414e8ee1249e850789052608f582416e82422502dc0ac8c577808a9067", - "sha256:d3d6958d53ad307df5e8469cc44474a75393a434addf20ecd451f38a72fe29b8", - "sha256:e0a4d5933a88a2c98bbe19c0c722f5483dc628d7a38338ac2cb64a7dbd34064b", - "sha256:e3bf558c6aeb49afa9f0c06cee7fb5947ee5a1ff3bd794b653d39926b49077fa", - "sha256:e61e363d9a5d7916f3a4ce984a929514c0df3daf3b1b2eb5e6edbb131ee771cf", - "sha256:f977cdf725b20f6b8229b0c87acb98c7717e742ef9f46b113985303ae12a99da", - "sha256:fc7489a50323a0df02378bc2fff86eb69d94cc5639914346c736be981c6a02e7" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==3.10.1" - }, - "pycryptodomex": { - "hashes": [ - "sha256:00a584ee52bf5e27d540129ca9bf7c4a7e7447f24ff4a220faa1304ad0c09bcd", - "sha256:04265a7a84ae002001249bd1de2823bcf46832bd4b58f6965567cb8a07cf4f00", - "sha256:0bd35af6a18b724c689e56f2dbbdd8e409288be71952d271ba3d9614b31d188c", - "sha256:20c45a30f3389148f94edb77f3b216c677a277942f62a2b81a1cc0b6b2dde7fc", - "sha256:2959304d1ce31ab303d9fb5db2b294814278b35154d9b30bf7facc52d6088d0a", - "sha256:36dab7f506948056ceba2d57c1ade74e898401960de697cefc02f3519bd26c1b", - "sha256:37ec1b407ec032c7a0c1fdd2da12813f560bad38ae61ad9c7ce3c0573b3e5e30", - "sha256:3b8eb85b3cc7f083d87978c264d10ff9de3b4bfc46f1c6fdc2792e7d7ebc87bb", - "sha256:3dfce70c4e425607ae87b8eae67c9c7dbba59a33b62d70f79417aef0bc5c735b", - "sha256:418f51c61eab52d9920f4ef468d22c89dab1be5ac796f71cf3802f6a6e667df0", - "sha256:4195604f75cdc1db9bccdb9e44d783add3c817319c30aaff011670c9ed167690", - "sha256:4344ab16faf6c2d9df2b6772995623698fb2d5f114dace4ab2ff335550cf71d5", - "sha256:541cd3e3e252fb19a7b48f420b798b53483302b7fe4d9954c947605d0a263d62", - "sha256:564063e3782474c92cbb333effd06e6eb718471783c6e67f28c63f0fc3ac7b23", - "sha256:72f44b5be46faef2a1bf2a85902511b31f4dd7b01ce0c3978e92edb2cc812a82", - "sha256:8a98e02cbf8f624add45deff444539bf26345b479fc04fa0937b23cd84078d91", - "sha256:940db96449d7b2ebb2c7bf190be1514f3d67914bd37e54e8d30a182bd375a1a9", - "sha256:961333e7ee896651f02d4692242aa36b787b8e8e0baa2256717b2b9d55ae0a3c", - "sha256:9f713ffb4e27b5575bd917c70bbc3f7b348241a351015dbbc514c01b7061ff7e", - "sha256:a6584ae58001d17bb4dc0faa8a426919c2c028ef4d90ceb4191802ca6edb8204", - "sha256:c2b680987f418858e89dbb4f09c8c919ece62811780a27051ace72b2f69fb1be", - "sha256:d8fae5ba3d34c868ae43614e0bd6fb61114b2687ac3255798791ce075d95aece", - "sha256:dbd2c361db939a4252589baa94da4404d45e3fc70da1a31e541644cdf354336e", - "sha256:e090a8609e2095aa86978559b140cf8968af99ee54b8791b29ff804838f29f10", - "sha256:e4a1245e7b846e88ba63e7543483bda61b9acbaee61eadbead5a1ce479d94740", - "sha256:ec9901d19cadb80d9235ee41cc58983f18660314a0eb3fc7b11b0522ac3b6c4a", - "sha256:f2abeb4c4ce7584912f4d637b2c57f23720d35dd2892bfeb1b2c84b6fb7a8c88", - "sha256:f3bb267df679f70a9f40f17d62d22fe12e8b75e490f41807e7560de4d3e6bf9f", - "sha256:f933ecf4cb736c7af60a6a533db2bf569717f2318b265f92907acff1db43bc34", - "sha256:fc9c55dc1ed57db76595f2d19a479fc1c3a1be2c9da8de798a93d286c5f65f38" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==3.10.1" - }, - "pydeep": { - "hashes": [ - "sha256:22866eb422d1d5907f8076ee792da65caecb172425d27576274e2a8eacf6afc1" - ], - "version": "==0.4" - }, - "pydnstrails": { - "editable": true, - "git": "https://github.com/sebdraven/pydnstrails", - "ref": "48c1f740025c51289f43a24863d1845ff12fd21a" - }, - "pyeupi": { - "hashes": [ - "sha256:2309c61ac2ef0eafabd6e9f32a0078069ffbba0e113ebc6b51cffc1869094472", - "sha256:a0798a4a52601b0840339449a1bbf2aa2bc180d8f82a979022954e05fcb5bfba" - ], - "index": "pypi", - "version": "==1.1" - }, - "pygeoip": { - "hashes": [ - "sha256:1938b9dac7b00d77f94d040b9465ea52c938f3fcdcd318b5537994f3c16aef96", - "sha256:f22c4e00ddf1213e0fae36dc60b46ee7c25a6339941ec1a975539014c1f9a96d" - ], - "index": "pypi", - "version": "==0.3.2" - }, - "pyintel471": { - "editable": true, - "git": "https://github.com/MISP/PyIntel471.git", - "ref": "917272fafa8e12102329faca52173e90c5256968" - }, - "pyipasnhistory": { - "editable": true, - "git": "https://github.com/D4-project/IPASN-History.git/", - "ref": "a2853c39265cecdd0c0d16850bd34621c0551b87", - "subdirectory": "client" - }, - "pymisp": { - "extras": [ - "email", - "fileobjects", - "openioc", - "pdfexport" - ], - "hashes": [ - "sha256:5971eba9a4d3b7f5ee47035417c7692fc0ec45d581afcaa63e3f7e2d6a400923", - "sha256:641e3db1af1010cff3a652df6eb51ac4f4e540b1801b811d5e009c59114bf26a" - ], - "index": "pypi", - "version": "==2.4.148" - }, - "pyonyphe": { - "editable": true, - "git": "https://github.com/sebdraven/pyonyphe", - "ref": "1ce15581beebb13e841193a08a2eb6f967855fcb" - }, - "pyparsing": { - "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" - ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.4.7" - }, - "pypdns": { - "hashes": [ - "sha256:1cef645d6534a86670070762dcb9af62ce1456b018fc818302cb8a2a4bf5a8ec", - "sha256:b54ded94416e8770f1e26f91988798018cfab0e637908aab6086b0d2fc54f57d" - ], - "index": "pypi", - "version": "==1.5.2" - }, - "pypssl": { - "hashes": [ - "sha256:249ea2152827c10e746fe94c2957c0a525f8ed7ca9db2cd972690a3a136d7bb7", - "sha256:88cedaa4191b50154951fce98396521ad6c1d7e3eb914343e7a12ec0df1882a8" - ], - "index": "pypi", - "version": "==2.2" - }, - "pyrsistent": { - "hashes": [ - "sha256:097b96f129dd36a8c9e33594e7ebb151b1515eb52cceb08474c10a5479e799f2", - "sha256:2aaf19dc8ce517a8653746d98e962ef480ff34b6bc563fc067be6401ffb457c7", - "sha256:404e1f1d254d314d55adb8d87f4f465c8693d6f902f67eb6ef5b4526dc58e6ea", - "sha256:48578680353f41dca1ca3dc48629fb77dfc745128b56fc01096b2530c13fd426", - "sha256:4916c10896721e472ee12c95cdc2891ce5890898d2f9907b1b4ae0f53588b710", - "sha256:527be2bfa8dc80f6f8ddd65242ba476a6c4fb4e3aedbf281dfbac1b1ed4165b1", - "sha256:58a70d93fb79dc585b21f9d72487b929a6fe58da0754fa4cb9f279bb92369396", - "sha256:5e4395bbf841693eaebaa5bb5c8f5cdbb1d139e07c975c682ec4e4f8126e03d2", - "sha256:6b5eed00e597b5b5773b4ca30bd48a5774ef1e96f2a45d105db5b4ebb4bca680", - "sha256:73ff61b1411e3fb0ba144b8f08d6749749775fe89688093e1efef9839d2dcc35", - "sha256:772e94c2c6864f2cd2ffbe58bb3bdefbe2a32afa0acb1a77e472aac831f83427", - "sha256:773c781216f8c2900b42a7b638d5b517bb134ae1acbebe4d1e8f1f41ea60eb4b", - "sha256:a0c772d791c38bbc77be659af29bb14c38ced151433592e326361610250c605b", - "sha256:b29b869cf58412ca5738d23691e96d8aff535e17390128a1a52717c9a109da4f", - "sha256:c1a9ff320fa699337e05edcaae79ef8c2880b52720bc031b219e5b5008ebbdef", - "sha256:cd3caef37a415fd0dae6148a1b6957a8c5f275a62cca02e18474608cb263640c", - "sha256:d5ec194c9c573aafaceebf05fc400656722793dac57f254cd4741f3c27ae57b4", - "sha256:da6e5e818d18459fa46fac0a4a4e543507fe1110e808101277c5a2b5bab0cd2d", - "sha256:e79d94ca58fcafef6395f6352383fa1a76922268fa02caa2272fff501c2fdc78", - "sha256:f3ef98d7b76da5eb19c37fda834d50262ff9167c65658d1d8f974d2e4d90676b", - "sha256:f4c8cabb46ff8e5d61f56a037974228e978f26bfefce4f61a4b1ac0ba7a2ab72" - ], - "markers": "python_version >= '3.6'", - "version": "==0.18.0" - }, - "pytesseract": { - "hashes": [ - "sha256:6148a01e4375760862e8f56ea718e22b5d13b281454df46ea8dac9807793fc5a" - ], - "index": "pypi", - "version": "==0.3.8" - }, - "python-baseconv": { - "hashes": [ - "sha256:0539f8bd0464013b05ad62e0a1673f0ac9086c76b43ebf9f833053527cd9931b" - ], - "version": "==1.2.2" - }, - "python-dateutil": { - "hashes": [ - "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86", - "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.8.2" - }, - "python-docx": { - "hashes": [ - "sha256:1105d233a0956dd8dd1e710d20b159e2d72ac3c301041b95f4d4ceb3e0ebebc4" - ], - "index": "pypi", - "version": "==0.8.11" - }, - "python-engineio": { - "hashes": [ - "sha256:d510329b6d8ed5662547862f58bc73659ae62defa66b66d745ba021de112fa62", - "sha256:f3ef9a2c048d08990f294c5f8991f6f162c3b12ecbd368baa0d90441de907d1c" - ], - "markers": "python_version >= '3.6'", - "version": "==4.2.1" - }, - "python-magic": { - "hashes": [ - "sha256:4fec8ee805fea30c07afccd1592c0f17977089895bdfaae5fec870a84e997626", - "sha256:de800df9fb50f8ec5974761054a708af6e4246b03b4bdaee993f948947b0ebcf" - ], - "version": "==0.4.24" - }, - "python-pptx": { - "hashes": [ - "sha256:cbac6cdf28bde418acab332b62f961225f69993579f4662faf9f7a878150d2b5" - ], - "index": "pypi", - "version": "==0.6.19" - }, - "python-socketio": { - "extras": [ - "client" - ], - "hashes": [ - "sha256:7ed57f6c024abdfeb9b25c74c0c00ffc18da47d903e8d72deecb87584370d1fc", - "sha256:ca807c9e1f168e96dea412d64dd834fb47c470d27fd83da0504aa4b248ba2544" - ], - "markers": "python_version >= '3.6'", - "version": "==5.4.0" - }, - "python-utils": { - "hashes": [ - "sha256:18fbc1a1df9a9061e3059a48ebe5c8a66b654d688b0e3ecca8b339a7f168f208", - "sha256:352d5b1febeebf9b3cdb9f3c87a3b26ef22d3c9e274a8ec1e7048ecd2fac4349" - ], - "version": "==2.5.6" - }, - "pytz": { - "hashes": [ - "sha256:1c557d7d0e871de1f5ccd5833f60fb2550652da6be2693c1e02300743d21500d", - "sha256:b02c06db6cf09c12dd25137e563b31700d3b80fcc4ad23abb7a315f2789819be" - ], - "version": "==2019.3" - }, - "pyyaml": { - "hashes": [ - "sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf", - "sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696", - "sha256:129def1b7c1bf22faffd67b8f3724645203b79d8f4cc81f674654d9902cb4393", - "sha256:294db365efa064d00b8d1ef65d8ea2c3426ac366c0c4368d930bf1c5fb497f77", - "sha256:3b2b1824fe7112845700f815ff6a489360226a5609b96ec2190a45e62a9fc922", - "sha256:3bd0e463264cf257d1ffd2e40223b197271046d09dadf73a0fe82b9c1fc385a5", - "sha256:4465124ef1b18d9ace298060f4eccc64b0850899ac4ac53294547536533800c8", - "sha256:49d4cdd9065b9b6e206d0595fee27a96b5dd22618e7520c33204a4a3239d5b10", - "sha256:4e0583d24c881e14342eaf4ec5fbc97f934b999a6828693a99157fde912540cc", - "sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018", - "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e", - "sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253", - "sha256:72a01f726a9c7851ca9bfad6fd09ca4e090a023c00945ea05ba1638c09dc3347", - "sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183", - "sha256:895f61ef02e8fed38159bb70f7e100e00f471eae2bc838cd0f4ebb21e28f8541", - "sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb", - "sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185", - "sha256:bfb51918d4ff3d77c1c856a9699f8492c612cde32fd3bcd344af9be34999bfdc", - "sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db", - "sha256:cb333c16912324fd5f769fff6bc5de372e9e7a202247b48870bc251ed40239aa", - "sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46", - "sha256:d483ad4e639292c90170eb6f7783ad19490e7a8defb3e46f97dfe4bacae89122", - "sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b", - "sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63", - "sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df", - "sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc", - "sha256:fd7f6999a8070df521b6384004ef42833b9bd62cfee11a09bda1079b4b704247", - "sha256:fdc842473cd33f45ff6bce46aea678a54e3d21f1b61a7750ce3c498eedfe25d6", - "sha256:fe69978f3f768926cfa37b867e3843918e012cf83f680806599ddce33c2c68b0" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==5.4.1" - }, - "pyzbar": { - "hashes": [ - "sha256:0e204b904e093e5e75aa85e0203bb0e02888105732a509b51f31cff400f34265", - "sha256:496249b546be70ec98c0ff0ad9151e73daaffff129266df86150a15dcd8dac4c", - "sha256:7d6c01d2c0a352fa994aa91b5540d1caeaeaac466656eb41468ca5df33be9f2e" - ], - "index": "pypi", - "version": "==0.1.8" - }, - "pyzipper": { - "hashes": [ - "sha256:6040069654dad040cf8708d4db78ce5829238e2091ad8006a47d97d6ffe275d6", - "sha256:e696e9d306427400e23e13a766c7614b64d9fc3316bdc71bbcc8f0070a14f150" - ], - "markers": "python_version >= '3.5'", - "version": "==0.3.5" - }, - "rdflib": { - "hashes": [ - "sha256:7ce4d757eb26f4dd43205ec340d8c097f29e5adfe45d6ea20238c731dc679879", - "sha256:bb24f0058070d5843503e15b37c597bc3858d328d11acd9476efad3aa62f555d" - ], - "markers": "python_version >= '3.7'", - "version": "==6.0.0" - }, - "redis": { - "hashes": [ - "sha256:0e7e0cfca8660dea8b7d5cd8c4f6c5e29e11f31158c0b0ae91a397f00e5a05a2", - "sha256:432b788c4530cfe16d8d943a09d40ca6c16149727e4afe8c2c9d5580c59d9f24" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==3.5.3" - }, - "reportlab": { - "hashes": [ - "sha256:00e9ffb955972a8f6a3a0d61a12231fcaf5e23ee238c98421d65fecc29bd88a1", - "sha256:115177b3fc51209b5f50371735311c9a6cd9d260ffedbdce5fbc965645b7567c", - "sha256:17130f034dae50aaf22fce2292e0077a0c2093ba4363211bcafb54418fb8dc09", - "sha256:200bdfc327d5b06cb400ae86c972b579efe03a1fd8a2e8cb7a5d9aaa744e5adb", - "sha256:496b28ef414d9a7734e07221c4386bb00f416a3aa276b9f349ed9a328c73ec23", - "sha256:4bc378039f70141176f3d511d84bc1a172820d4d2edee4f9fcff52cde753dc08", - "sha256:4f357b4c39b0fa0071de47e8be7af44e07f375d2e59e395daccb7fd13b275668", - "sha256:57b39303e6dbe3de91e60a14269543ac058ac98a0ea6cf900f5403d9c226022f", - "sha256:6472478e597ef4a8f5c621d811d08b7ef09fc5af5bc85c2cf4a4505a7164f8b8", - "sha256:68f9324000cfc5570b5a59a92306691b5d655078a399f20bc72c2581fe903261", - "sha256:69870e2bbf39b60ebe9a31b31324e249bf314bdc2798e46efc58c67db74b56cb", - "sha256:6adb17ba89829d5e77fd81baac396f1af99241d7dfc121a065217334131662e7", - "sha256:7c360aee2bdaa05c24cadddc2f10924961dc7cad125d8876b4d307c879b3b4e8", - "sha256:7c4c8e87ef29714ccc7fa9764efe30d849cd38f8a9a1742ab7aedf8b5e23494d", - "sha256:8a07672e86bf288ea3e55959d2e06d6c01320318662241f9b7a71c583e15e5b5", - "sha256:9f583295f7dd523bf6e5619720677279dc7b9db22671573888f0591fc46b90b2", - "sha256:b668433f32ac955a94633e58ed7800c06c00f9c46d3b99e2189b3d88dc3184c8", - "sha256:b7a92564198c5a5ff4efdb83ace215c73343afb80d9379183bc736fea76edd6d", - "sha256:bd52e1715c70a96a116a61c8477e586b3a46047c85581195bc74162b19b46286", - "sha256:c7ddc9a6234267bbb52059b017ca22f59ffd7d41d545524cb85f68086a2cbb43", - "sha256:c8586d72932b8e3bd50a5230d6f1cfbb85c2605bad34253c6d6fe757211b2bf7", - "sha256:ce3d8e782e3776f19d3accc706aab85ff06caedb70a52016532bebacf5537567", - "sha256:f3fd26f63c4a9033115707a8718154538a1cebfd6ec992f214e6423524450e3e" - ], - "index": "pypi", - "version": "==3.6.1" - }, - "requests": { - "extras": [ - "security" - ], - "hashes": [ - "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", - "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" - ], - "index": "pypi", - "version": "==2.26.0" - }, - "requests-cache": { - "hashes": [ - "sha256:1102daa13a804abe23fad62d694e7dee58d6063a35d94bf6e8c9821e22e5a78b", - "sha256:dd9120a4ab7b8128cba9b6b120d8b5560d566a3cd0f828cced3d3fd60a42ec40" - ], - "markers": "python_version >= '3.6'", - "version": "==0.6.4" - }, - "requests-file": { - "hashes": [ - "sha256:07d74208d3389d01c38ab89ef403af0cfec63957d53a0081d8eca738d0247d8e", - "sha256:dfe5dae75c12481f68ba353183c53a65e6044c923e64c24b2209f6c7570ca953" - ], - "version": "==1.5.1" - }, - "rtfde": { - "hashes": [ - "sha256:18386e4f060cee12a2a8035b0acf0cc99689f5dff1bf347bab7e92351860a21d", - "sha256:b86b5d734950fe8745a5b89133f50554252dbd67c6d1b9265e23ee140e7ea8a2" - ], - "version": "==0.0.2" - }, - "ruamel.yaml": { - "hashes": [ - "sha256:02f0ed93e98ea32498d25a2952635bbd9fabd553599b8ad67724b4ac88dd8f6c", - "sha256:aa1a5b8041bab0d0e8c514949fa8e11b02653061dcbc68365c820b263f8c6ec7" - ], - "markers": "python_version >= '3'", - "version": "==0.17.13" - }, - "ruamel.yaml.clib": { - "hashes": [ - "sha256:0847201b767447fc33b9c235780d3aa90357d20dd6108b92be544427bea197dd", - "sha256:1866cf2c284a03b9524a5cc00daca56d80057c5ce3cdc86a52020f4c720856f0", - "sha256:31ea73e564a7b5fbbe8188ab8b334393e06d997914a4e184975348f204790277", - "sha256:3fb9575a5acd13031c57a62cc7823e5d2ff8bc3835ba4d94b921b4e6ee664104", - "sha256:4ff604ce439abb20794f05613c374759ce10e3595d1867764dd1ae675b85acbd", - "sha256:72a2b8b2ff0a627496aad76f37a652bcef400fd861721744201ef1b45199ab78", - "sha256:78988ed190206672da0f5d50c61afef8f67daa718d614377dcd5e3ed85ab4a99", - "sha256:7b2927e92feb51d830f531de4ccb11b320255ee95e791022555971c466af4527", - "sha256:7f7ecb53ae6848f959db6ae93bdff1740e651809780822270eab111500842a84", - "sha256:825d5fccef6da42f3c8eccd4281af399f21c02b32d98e113dbc631ea6a6ecbc7", - "sha256:846fc8336443106fe23f9b6d6b8c14a53d38cef9a375149d61f99d78782ea468", - "sha256:89221ec6d6026f8ae859c09b9718799fea22c0e8da8b766b0b2c9a9ba2db326b", - "sha256:9efef4aab5353387b07f6b22ace0867032b900d8e91674b5d8ea9150db5cae94", - "sha256:a32f8d81ea0c6173ab1b3da956869114cae53ba1e9f72374032e33ba3118c233", - "sha256:a49e0161897901d1ac9c4a79984b8410f450565bbad64dbfcbf76152743a0cdb", - "sha256:ada3f400d9923a190ea8b59c8f60680c4ef8a4b0dfae134d2f2ff68429adfab5", - "sha256:bf75d28fa071645c529b5474a550a44686821decebdd00e21127ef1fd566eabe", - "sha256:cfdb9389d888c5b74af297e51ce357b800dd844898af9d4a547ffc143fa56751", - "sha256:d67f273097c368265a7b81e152e07fb90ed395df6e552b9fa858c6d2c9f42502", - "sha256:dc6a613d6c74eef5a14a214d433d06291526145431c3b964f5e16529b1842bed", - "sha256:de9c6b8a1ba52919ae919f3ae96abb72b994dd0350226e28f3686cb4f142165c" - ], - "markers": "python_version < '3.10' and platform_python_implementation == 'CPython'", - "version": "==0.2.6" - }, - "shodan": { - "hashes": [ - "sha256:7e2bddbc1b60bf620042d0010f4b762a80b43111dbea9c041d72d4325e260c23" - ], - "index": "pypi", - "version": "==1.25.0" - }, - "sigmatools": { - "hashes": [ - "sha256:55a528916c28f3d20ee6f034364053e281773959b7ad2b19335cbe1424f76839", - "sha256:f64302990e7329327dd916b0bd45760bdbd50edeb498679de9f5fa1bb8bf44e1" - ], - "index": "pypi", - "version": "==0.20" - }, - "six": { - "hashes": [ - "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926", - "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.16.0" - }, - "socialscan": { - "hashes": [ - "sha256:47f042bb2ab1afb77c2cf2f31e6ab43afa91ff87849a79307cf753dfc7b84f20", - "sha256:d03eb63177c516b1b8eb1fbca3d25753bb6d68b56e7325a96414b8b319c5daad" - ], - "index": "pypi", - "version": "==1.4.2" - }, - "socketio-client": { - "hashes": [ - "sha256:ef2e362a85ef2816fb224d727319c4b743d63b4dd9e1da99c622c9643fc4e2a0" - ], - "version": "==0.5.7.4" - }, - "soupsieve": { - "hashes": [ - "sha256:052774848f448cf19c7e959adf5566904d525f33a3f8b6ba6f6f8f26ec7de0cc", - "sha256:c2c1c2d44f158cdbddab7824a9af8c4f83c76b1e23e049479aa432feb6c4c23b" - ], - "markers": "python_version >= '3'", - "version": "==2.2.1" - }, - "sparqlwrapper": { - "hashes": [ - "sha256:17ec44b08b8ae2888c801066249f74fe328eec25d90203ce7eadaf82e64484c7", - "sha256:357ee8a27bc910ea13d77836dbddd0b914991495b8cc1bf70676578155e962a8", - "sha256:8cf6c21126ed76edc85c5c232fd6f77b9f61f8ad1db90a7147cdde2104aff145", - "sha256:c7f9c9d8ebb13428771bc3b6dee54197422507dcc3dea34e30d5dcfc53478dec", - "sha256:d6a66b5b8cda141660e07aeb00472db077a98d22cb588c973209c7336850fb3c" - ], - "index": "pypi", - "version": "==1.8.5" - }, - "stix2-patterns": { - "hashes": [ - "sha256:174fe5302d2c3223205033af987754132a9ea45a9f8e08aefafbe0549c889ea4", - "sha256:bc46cc4eba44b76a17eab7a3ff67f35203543cdb918ab24c1ebd58403fa27992" - ], - "index": "pypi", - "version": "==1.3.2" - }, - "tabulate": { - "hashes": [ - "sha256:d7c013fe7abbc5e491394e10fa845f8f32fe54f8dc60c6622c6cf482d25d47e4", - "sha256:eb1d13f25760052e8931f2ef80aaf6045a6cceb47514db8beab24cded16f13a7" - ], - "version": "==0.8.9" - }, - "tau-clients": { - "hashes": [ - "sha256:4a8e2a3ee27dcc48b6468343d898cd0d72d6b8c10d7f9e563053cca8c023513b", - "sha256:f57b433663f3fd7741c1975c3e0ad4f7b7977c35ee5e359650784371d4a996a0" - ], - "index": "pypi", - "version": "==0.1.3" - }, - "tldextract": { - "hashes": [ - "sha256:cfae9bc8bda37c3e8c7c8639711ad20e95dc85b207a256b60b0b23d7ff5540ea", - "sha256:e57f22b6d00a28c21673d2048112f1bdcb6a14d4711568305f6bb96cf5bb53a1" - ], - "markers": "python_version >= '3.5'", - "version": "==3.1.0" - }, - "tornado": { - "hashes": [ - "sha256:0a00ff4561e2929a2c37ce706cb8233b7907e0cdc22eab98888aca5dd3775feb", - "sha256:0d321a39c36e5f2c4ff12b4ed58d41390460f798422c4504e09eb5678e09998c", - "sha256:1e8225a1070cd8eec59a996c43229fe8f95689cb16e552d130b9793cb570a288", - "sha256:20241b3cb4f425e971cb0a8e4ffc9b0a861530ae3c52f2b0434e6c1b57e9fd95", - "sha256:25ad220258349a12ae87ede08a7b04aca51237721f63b1808d39bdb4b2164558", - "sha256:33892118b165401f291070100d6d09359ca74addda679b60390b09f8ef325ffe", - "sha256:33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791", - "sha256:3447475585bae2e77ecb832fc0300c3695516a47d46cefa0528181a34c5b9d3d", - "sha256:34ca2dac9e4d7afb0bed4677512e36a52f09caa6fded70b4e3e1c89dbd92c326", - "sha256:3e63498f680547ed24d2c71e6497f24bca791aca2fe116dbc2bd0ac7f191691b", - "sha256:548430be2740e327b3fe0201abe471f314741efcb0067ec4f2d7dcfb4825f3e4", - "sha256:6196a5c39286cc37c024cd78834fb9345e464525d8991c21e908cc046d1cc02c", - "sha256:61b32d06ae8a036a6607805e6720ef00a3c98207038444ba7fd3d169cd998910", - "sha256:6286efab1ed6e74b7028327365cf7346b1d777d63ab30e21a0f4d5b275fc17d5", - "sha256:65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c", - "sha256:66324e4e1beede9ac79e60f88de548da58b1f8ab4b2f1354d8375774f997e6c0", - "sha256:6c77c9937962577a6a76917845d06af6ab9197702a42e1346d8ae2e76b5e3675", - "sha256:70dec29e8ac485dbf57481baee40781c63e381bebea080991893cd297742b8fd", - "sha256:7250a3fa399f08ec9cb3f7b1b987955d17e044f1ade821b32e5f435130250d7f", - "sha256:748290bf9112b581c525e6e6d3820621ff020ed95af6f17fedef416b27ed564c", - "sha256:7da13da6f985aab7f6f28debab00c67ff9cbacd588e8477034c0652ac141feea", - "sha256:8f959b26f2634a091bb42241c3ed8d3cedb506e7c27b8dd5c7b9f745318ddbb6", - "sha256:9de9e5188a782be6b1ce866e8a51bc76a0fbaa0e16613823fc38e4fc2556ad05", - "sha256:a48900ecea1cbb71b8c71c620dee15b62f85f7c14189bdeee54966fbd9a0c5bd", - "sha256:b87936fd2c317b6ee08a5741ea06b9d11a6074ef4cc42e031bc6403f82a32575", - "sha256:c77da1263aa361938476f04c4b6c8916001b90b2c2fdd92d8d535e1af48fba5a", - "sha256:cb5ec8eead331e3bb4ce8066cf06d2dfef1bfb1b2a73082dfe8a161301b76e37", - "sha256:cc0ee35043162abbf717b7df924597ade8e5395e7b66d18270116f8745ceb795", - "sha256:d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f", - "sha256:d371e811d6b156d82aa5f9a4e08b58debf97c302a35714f6f45e35139c332e32", - "sha256:d3d20ea5782ba63ed13bc2b8c291a053c8d807a8fa927d941bd718468f7b950c", - "sha256:d3f7594930c423fd9f5d1a76bee85a2c36fd8b4b16921cae7e965f22575e9c01", - "sha256:dcef026f608f678c118779cd6591c8af6e9b4155c44e0d1bc0c87c036fb8c8c4", - "sha256:e0791ac58d91ac58f694d8d2957884df8e4e2f6687cdf367ef7eb7497f79eaa2", - "sha256:e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921", - "sha256:e519d64089b0876c7b467274468709dadf11e41d65f63bba207e04217f47c085", - "sha256:e7229e60ac41a1202444497ddde70a48d33909e484f96eb0da9baf8dc68541df", - "sha256:ed3ad863b1b40cd1d4bd21e7498329ccaece75db5a5bf58cd3c9f130843e7102", - "sha256:f0ba29bafd8e7e22920567ce0d232c26d4d47c8b5cf4ed7b562b5db39fa199c5", - "sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68", - "sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5" - ], - "markers": "python_version >= '3.5'", - "version": "==6.1" - }, - "tqdm": { - "hashes": [ - "sha256:80aead664e6c1672c4ae20dc50e1cdc5e20eeff9b14aa23ecd426375b28be588", - "sha256:a4d6d112e507ef98513ac119ead1159d286deab17dffedd96921412c2d236ff5" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==4.62.2" - }, - "trustar": { - "hashes": [ - "sha256:e2988cb892103b58a8a22aae232518cb3c7d3899fa90408bc7958d3ab959af09" - ], - "index": "pypi", - "version": "==0.3.35" - }, - "typing-extensions": { - "hashes": [ - "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497", - "sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342", - "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84" - ], - "version": "==3.10.0.0" - }, - "tzlocal": { - "hashes": [ - "sha256:c736f2540713deb5938d789ca7c3fc25391e9a20803f05b60ec64987cf086559", - "sha256:f4e6e36db50499e0d92f79b67361041f048e2609d166e93456b50746dc4aef12" - ], - "markers": "python_version >= '3.6'", - "version": "==3.0" - }, - "unicodecsv": { - "hashes": [ - "sha256:018c08037d48649a0412063ff4eda26eaa81eff1546dbffa51fa5293276ff7fc" - ], - "version": "==0.14.1" - }, - "url-normalize": { - "hashes": [ - "sha256:d23d3a070ac52a67b83a1c59a0e68f8608d1cd538783b401bc9de2c0fac999b2", - "sha256:ec3c301f04e5bb676d333a7fa162fa977ad2ca04b7e652bfc9fac4e405728eed" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", - "version": "==1.4.3" - }, - "urlarchiver": { - "hashes": [ - "sha256:652e0890dab58bf62a759656671dcfb9a40eb4a77aac8a8d93154f00360238b5" - ], - "index": "pypi", - "version": "==0.2" - }, - "urllib3": { - "hashes": [ - "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", - "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", - "version": "==1.26.6" - }, - "validators": { - "hashes": [ - "sha256:f0ac832212e3ee2e9b10e156f19b106888cf1429c291fbc5297aae87685014ae" - ], - "version": "==0.14.0" - }, - "vt-graph-api": { - "hashes": [ - "sha256:3b13ce6e460aadd9917e883a8fc205f491ba09107963c9ebd3f5df4a8b3e67b7", - "sha256:d766285b06b854da04dd26cdb0ad3613fa17a935c00825b3dc04ea2b307381a6" - ], - "index": "pypi", - "version": "==1.1.2" - }, - "vt-py": { - "hashes": [ - "sha256:e1adfcb54b4ff3e86456b8a551827702650e25469e9d99bf030b71d564358b1d" - ], - "index": "pypi", - "version": "==0.7.2" - }, - "vulners": { - "hashes": [ - "sha256:94a26ee69989d4a863408d4d5765ef4e3279d8f3ccc1f34bfb9c76c862cea138", - "sha256:ba5ffa05a9995995b307beb6faecbe627207269982b0e6d9081212269f8a2903", - "sha256:de508bc6dd8031eb6f8b00f74f3d6197eb8cb86fe0353957284c17bc17b65f1a" - ], - "index": "pypi", - "version": "==1.5.12" - }, - "wand": { - "hashes": [ - "sha256:5ba497e90741a05ebce4603b04ee843150c566482a753554da54dc57d8503bba", - "sha256:ebc01bccc25dba68414ab55b482341f9ad2b197d7f49d5e724f339bbf63fb6db" - ], - "index": "pypi", - "version": "==0.6.7" - }, - "websocket-client": { - "hashes": [ - "sha256:0133d2f784858e59959ce82ddac316634229da55b498aac311f1620567a710ec", - "sha256:8dfb715d8a992f5712fff8c843adae94e22b22a99b2c5e6b0ec4a1a981cc4e0d" - ], - "version": "==1.2.1" - }, - "wrapt": { - "hashes": [ - "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7" - ], - "version": "==1.12.1" - }, - "xlrd": { - "hashes": [ - "sha256:6a33ee89877bd9abc1158129f6e94be74e2679636b8a205b43b85206c3f0bbdd", - "sha256:f72f148f54442c6b056bf931dbc34f986fd0c3b0b6b5a58d013c9aef274d0c88" - ], - "index": "pypi", - "version": "==2.0.1" - }, - "xlsxwriter": { - "hashes": [ - "sha256:2f2af944d2b4b5f21cd3ac8e01b2417ec74c60e2ca11cae90b4f32ee172c99d6", - "sha256:3f39bf581c55f3ad1438bc170d7f4c4649cee8b6b7a80d21f79508118eeea52a" - ], - "markers": "python_version >= '3.4'", - "version": "==3.0.1" - }, - "yara-python": { - "hashes": [ - "sha256:03e5c5e333c8572e7994b0b11964d515d61a393f23c5e272f8d0e4229f368c58", - "sha256:0423e08bd618752a028ac0405ff8e0103f3a8fd607dde7618a64a4c010c3757b", - "sha256:0a0dd632dcdb347d1a9a8b1f6a83b3a77d5e63f691357ea4021fb1cf1d7ff0a4", - "sha256:728b99627a8072a877eaaa4dafb4eff39d1b14ff4fd70d39f18899ce81e29625", - "sha256:7cb0d5724eccfa52e1bcd352a56cb4dc422aa51f5f6d0945d4f830783927513b", - "sha256:8c76531e89806c0309586dd4863a972d12f1d5d63261c6d4b9331a99859fd1d8", - "sha256:9472676583e212bc4e17c2236634e02273d53c872b350f0571b48e06183de233", - "sha256:9735b680a7d95c1d3f255c351bb067edc62cdb3c0999f7064278cb2c85245405", - "sha256:997f104590167220a9af5564c042ec4d6534261e7b8a5b49655d8dffecc6b8a2", - "sha256:a48e071d02a3699363e628ac899b5b7237803bcb4b512c92ebcb4fb9b1488497", - "sha256:b67c0d75a6519ca357b4b85ede9768c96a81fff20fbc169bd805ff009ddee561" - ], - "index": "pypi", - "version": "==3.8.1" - }, - "yarl": { - "hashes": [ - "sha256:00d7ad91b6583602eb9c1d085a2cf281ada267e9a197e8b7cae487dadbfa293e", - "sha256:0355a701b3998dcd832d0dc47cc5dedf3874f966ac7f870e0f3a6788d802d434", - "sha256:15263c3b0b47968c1d90daa89f21fcc889bb4b1aac5555580d74565de6836366", - "sha256:2ce4c621d21326a4a5500c25031e102af589edb50c09b321049e388b3934eec3", - "sha256:31ede6e8c4329fb81c86706ba8f6bf661a924b53ba191b27aa5fcee5714d18ec", - "sha256:324ba3d3c6fee56e2e0b0d09bf5c73824b9f08234339d2b788af65e60040c959", - "sha256:329412812ecfc94a57cd37c9d547579510a9e83c516bc069470db5f75684629e", - "sha256:4736eaee5626db8d9cda9eb5282028cc834e2aeb194e0d8b50217d707e98bb5c", - "sha256:4953fb0b4fdb7e08b2f3b3be80a00d28c5c8a2056bb066169de00e6501b986b6", - "sha256:4c5bcfc3ed226bf6419f7a33982fb4b8ec2e45785a0561eb99274ebbf09fdd6a", - "sha256:547f7665ad50fa8563150ed079f8e805e63dd85def6674c97efd78eed6c224a6", - "sha256:5b883e458058f8d6099e4420f0cc2567989032b5f34b271c0827de9f1079a424", - "sha256:63f90b20ca654b3ecc7a8d62c03ffa46999595f0167d6450fa8383bab252987e", - "sha256:68dc568889b1c13f1e4745c96b931cc94fdd0defe92a72c2b8ce01091b22e35f", - "sha256:69ee97c71fee1f63d04c945f56d5d726483c4762845400a6795a3b75d56b6c50", - "sha256:6d6283d8e0631b617edf0fd726353cb76630b83a089a40933043894e7f6721e2", - "sha256:72a660bdd24497e3e84f5519e57a9ee9220b6f3ac4d45056961bf22838ce20cc", - "sha256:73494d5b71099ae8cb8754f1df131c11d433b387efab7b51849e7e1e851f07a4", - "sha256:7356644cbed76119d0b6bd32ffba704d30d747e0c217109d7979a7bc36c4d970", - "sha256:8a9066529240171b68893d60dca86a763eae2139dd42f42106b03cf4b426bf10", - "sha256:8aa3decd5e0e852dc68335abf5478a518b41bf2ab2f330fe44916399efedfae0", - "sha256:97b5bdc450d63c3ba30a127d018b866ea94e65655efaf889ebeabc20f7d12406", - "sha256:9ede61b0854e267fd565e7527e2f2eb3ef8858b301319be0604177690e1a3896", - "sha256:b2e9a456c121e26d13c29251f8267541bd75e6a1ccf9e859179701c36a078643", - "sha256:b5dfc9a40c198334f4f3f55880ecf910adebdcb2a0b9a9c23c9345faa9185721", - "sha256:bafb450deef6861815ed579c7a6113a879a6ef58aed4c3a4be54400ae8871478", - "sha256:c49ff66d479d38ab863c50f7bb27dee97c6627c5fe60697de15529da9c3de724", - "sha256:ce3beb46a72d9f2190f9e1027886bfc513702d748047b548b05dab7dfb584d2e", - "sha256:d26608cf178efb8faa5ff0f2d2e77c208f471c5a3709e577a7b3fd0445703ac8", - "sha256:d597767fcd2c3dc49d6eea360c458b65643d1e4dbed91361cf5e36e53c1f8c96", - "sha256:d5c32c82990e4ac4d8150fd7652b972216b204de4e83a122546dce571c1bdf25", - "sha256:d8d07d102f17b68966e2de0e07bfd6e139c7c02ef06d3a0f8d2f0f055e13bb76", - "sha256:e46fba844f4895b36f4c398c5af062a9808d1f26b2999c58909517384d5deda2", - "sha256:e6b5460dc5ad42ad2b36cca524491dfcaffbfd9c8df50508bddc354e787b8dc2", - "sha256:f040bcc6725c821a4c0665f3aa96a4d0805a7aaf2caf266d256b8ed71b9f041c", - "sha256:f0b059678fd549c66b89bed03efcabb009075bd131c248ecdf087bdb6faba24a", - "sha256:fcbb48a93e8699eae920f8d92f7160c03567b421bc17362a9ffbbd706a816f71" - ], - "markers": "python_version >= '3.6'", - "version": "==1.6.3" - } - }, - "develop": { - "attrs": { - "hashes": [ - "sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1", - "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==21.2.0" - }, - "certifi": { - "hashes": [ - "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", - "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" - ], - "version": "==2021.5.30" - }, - "charset-normalizer": { - "hashes": [ - "sha256:0c8911edd15d19223366a194a513099a302055a962bca2cec0f54b8b63175d8b", - "sha256:f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3" - ], - "markers": "python_version >= '3'", - "version": "==2.0.4" - }, - "codecov": { - "hashes": [ - "sha256:585dc217dc3d8185198ceb402f85d5cb5dbfa0c5f350a5abcdf9e347776a5b47", - "sha256:782a8e5352f22593cbc5427a35320b99490eb24d9dcfa2155fd99d2b75cfb635", - "sha256:a0da46bb5025426da895af90938def8ee12d37fcbcbbbc15b6dc64cf7ebc51c1" - ], - "index": "pypi", - "version": "==2.1.12" - }, - "coverage": { - "hashes": [ - "sha256:004d1880bed2d97151facef49f08e255a20ceb6f9432df75f4eef018fdd5a78c", - "sha256:01d84219b5cdbfc8122223b39a954820929497a1cb1422824bb86b07b74594b6", - "sha256:040af6c32813fa3eae5305d53f18875bedd079960822ef8ec067a66dd8afcd45", - "sha256:06191eb60f8d8a5bc046f3799f8a07a2d7aefb9504b0209aff0b47298333302a", - "sha256:13034c4409db851670bc9acd836243aeee299949bd5673e11844befcb0149f03", - "sha256:13c4ee887eca0f4c5a247b75398d4114c37882658300e153113dafb1d76de529", - "sha256:184a47bbe0aa6400ed2d41d8e9ed868b8205046518c52464fde713ea06e3a74a", - "sha256:18ba8bbede96a2c3dde7b868de9dcbd55670690af0988713f0603f037848418a", - "sha256:1aa846f56c3d49205c952d8318e76ccc2ae23303351d9270ab220004c580cfe2", - "sha256:217658ec7187497e3f3ebd901afdca1af062b42cfe3e0dafea4cced3983739f6", - "sha256:24d4a7de75446be83244eabbff746d66b9240ae020ced65d060815fac3423759", - "sha256:2910f4d36a6a9b4214bb7038d537f015346f413a975d57ca6b43bf23d6563b53", - "sha256:2949cad1c5208b8298d5686d5a85b66aae46d73eec2c3e08c817dd3513e5848a", - "sha256:2a3859cb82dcbda1cfd3e6f71c27081d18aa251d20a17d87d26d4cd216fb0af4", - "sha256:2cafbbb3af0733db200c9b5f798d18953b1a304d3f86a938367de1567f4b5bff", - "sha256:2e0d881ad471768bf6e6c2bf905d183543f10098e3b3640fc029509530091502", - "sha256:30c77c1dc9f253283e34c27935fded5015f7d1abe83bc7821680ac444eaf7793", - "sha256:3487286bc29a5aa4b93a072e9592f22254291ce96a9fbc5251f566b6b7343cdb", - "sha256:372da284cfd642d8e08ef606917846fa2ee350f64994bebfbd3afb0040436905", - "sha256:41179b8a845742d1eb60449bdb2992196e211341818565abded11cfa90efb821", - "sha256:44d654437b8ddd9eee7d1eaee28b7219bec228520ff809af170488fd2fed3e2b", - "sha256:4a7697d8cb0f27399b0e393c0b90f0f1e40c82023ea4d45d22bce7032a5d7b81", - "sha256:51cb9476a3987c8967ebab3f0fe144819781fca264f57f89760037a2ea191cb0", - "sha256:52596d3d0e8bdf3af43db3e9ba8dcdaac724ba7b5ca3f6358529d56f7a166f8b", - "sha256:53194af30d5bad77fcba80e23a1441c71abfb3e01192034f8246e0d8f99528f3", - "sha256:5fec2d43a2cc6965edc0bb9e83e1e4b557f76f843a77a2496cbe719583ce8184", - "sha256:6c90e11318f0d3c436a42409f2749ee1a115cd8b067d7f14c148f1ce5574d701", - "sha256:74d881fc777ebb11c63736622b60cb9e4aee5cace591ce274fb69e582a12a61a", - "sha256:7501140f755b725495941b43347ba8a2777407fc7f250d4f5a7d2a1050ba8e82", - "sha256:796c9c3c79747146ebd278dbe1e5c5c05dd6b10cc3bcb8389dfdf844f3ead638", - "sha256:869a64f53488f40fa5b5b9dcb9e9b2962a66a87dab37790f3fcfb5144b996ef5", - "sha256:8963a499849a1fc54b35b1c9f162f4108017b2e6db2c46c1bed93a72262ed083", - "sha256:8d0a0725ad7c1a0bcd8d1b437e191107d457e2ec1084b9f190630a4fb1af78e6", - "sha256:900fbf7759501bc7807fd6638c947d7a831fc9fdf742dc10f02956ff7220fa90", - "sha256:92b017ce34b68a7d67bd6d117e6d443a9bf63a2ecf8567bb3d8c6c7bc5014465", - "sha256:970284a88b99673ccb2e4e334cfb38a10aab7cd44f7457564d11898a74b62d0a", - "sha256:972c85d205b51e30e59525694670de6a8a89691186012535f9d7dbaa230e42c3", - "sha256:9a1ef3b66e38ef8618ce5fdc7bea3d9f45f3624e2a66295eea5e57966c85909e", - "sha256:af0e781009aaf59e25c5a678122391cb0f345ac0ec272c7961dc5455e1c40066", - "sha256:b6d534e4b2ab35c9f93f46229363e17f63c53ad01330df9f2d6bd1187e5eaacf", - "sha256:b7895207b4c843c76a25ab8c1e866261bcfe27bfaa20c192de5190121770672b", - "sha256:c0891a6a97b09c1f3e073a890514d5012eb256845c451bd48f7968ef939bf4ae", - "sha256:c2723d347ab06e7ddad1a58b2a821218239249a9e4365eaff6649d31180c1669", - "sha256:d1f8bf7b90ba55699b3a5e44930e93ff0189aa27186e96071fac7dd0d06a1873", - "sha256:d1f9ce122f83b2305592c11d64f181b87153fc2c2bbd3bb4a3dde8303cfb1a6b", - "sha256:d314ed732c25d29775e84a960c3c60808b682c08d86602ec2c3008e1202e3bb6", - "sha256:d636598c8305e1f90b439dbf4f66437de4a5e3c31fdf47ad29542478c8508bbb", - "sha256:deee1077aae10d8fa88cb02c845cfba9b62c55e1183f52f6ae6a2df6a2187160", - "sha256:ebe78fe9a0e874362175b02371bdfbee64d8edc42a044253ddf4ee7d3c15212c", - "sha256:f030f8873312a16414c0d8e1a1ddff2d3235655a2174e3648b4fa66b3f2f1079", - "sha256:f0b278ce10936db1a37e6954e15a3730bea96a0997c26d7fee88e6c396c2086d", - "sha256:f11642dddbb0253cc8853254301b51390ba0081750a8ac03f20ea8103f0c56b6" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", - "version": "==5.5" - }, - "flake8": { - "hashes": [ - "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b", - "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907" - ], - "index": "pypi", - "version": "==3.9.2" - }, - "idna": { - "hashes": [ - "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a", - "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3" - ], - "markers": "python_version >= '3'", - "version": "==3.2" - }, - "iniconfig": { - "hashes": [ - "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3", - "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32" - ], - "version": "==1.1.1" - }, - "mccabe": { - "hashes": [ - "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42", - "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f" - ], - "version": "==0.6.1" - }, - "nose": { - "hashes": [ - "sha256:9ff7c6cc443f8c51994b34a667bbcf45afd6d945be7477b52e97516fd17c53ac", - "sha256:dadcddc0aefbf99eea214e0f1232b94f2fa9bd98fa8353711dacb112bfcbbb2a", - "sha256:f1bffef9cbc82628f6e7d7b40d7e255aefaa1adb6a1b1d26c69a8b79e6208a98" - ], - "index": "pypi", - "version": "==1.3.7" - }, - "packaging": { - "hashes": [ - "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7", - "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14" - ], - "markers": "python_version >= '3.6'", - "version": "==21.0" - }, - "pluggy": { - "hashes": [ - "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", - "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.13.1" - }, - "py": { - "hashes": [ - "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3", - "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.10.0" - }, - "pycodestyle": { - "hashes": [ - "sha256:514f76d918fcc0b55c6680472f0a37970994e07bbb80725808c17089be302068", - "sha256:c389c1d06bf7904078ca03399a4816f974a1d590090fecea0c63ec26ebaf1cef" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.7.0" - }, - "pyflakes": { - "hashes": [ - "sha256:7893783d01b8a89811dd72d7dfd4d84ff098e5eed95cfa8905b22bbffe52efc3", - "sha256:f5bc8ecabc05bb9d291eb5203d6810b49040f6ff446a756326104746cc00c1db" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.3.1" - }, - "pyparsing": { - "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" - ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.4.7" - }, - "pytest": { - "hashes": [ - "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b", - "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890" - ], - "index": "pypi", - "version": "==6.2.4" - }, - "requests": { - "extras": [ - "security" - ], - "hashes": [ - "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24", - "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7" - ], - "index": "pypi", - "version": "==2.26.0" - }, - "toml": { - "hashes": [ - "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", - "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" - ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.10.2" - }, - "urllib3": { - "hashes": [ - "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4", - "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'", - "version": "==1.26.6" - } - } -} From 2d98885231e647a3572e2c98de1d401fbb2d2b4b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 18 Dec 2021 09:22:32 +0100 Subject: [PATCH 064/132] chg: [hashlookup] support for sha256 and bug fix for non-exising MD5 --- misp_modules/modules/expansion/hashlookup.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index a88de8a..60c43d7 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -5,8 +5,8 @@ from collections import defaultdict from pymisp import MISPEvent, MISPObject misperrors = {'error': 'Error'} -mispattributes = {'input': ['md5', 'sha1'], 'format': 'misp_standard'} -moduleinfo = {'version': '1', 'author': 'Alexandre Dulaunoy', +mispattributes = {'input': ['md5', 'sha1', 'sha256'], 'format': 'misp_standard'} +moduleinfo = {'version': '2', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion module to enrich a file hash with hashlookup.circl.lu services (NSRL and other sources)', 'module-type': ['expansion', 'hover']} moduleconfig = ["custom_API"] @@ -35,8 +35,12 @@ class HashlookupParser(): hashlookup_object.add_attribute('source', **{'type': 'text', 'value': self.hashlookupresult['source']}) if 'KnownMalicious' in self.hashlookupresult: hashlookup_object.add_attribute('KnownMalicious', **{'type': 'text', 'value': self.hashlookupresult['KnownMalicious']}) - hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) + if 'MD5' in self.hashlookupresult: + hashlookup_object.add_attribute('MD5', **{'type': 'md5', 'value': self.hashlookupresult['MD5']}) + # SHA-1 is the default value in hashlookup it must always be present hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) + if 'SHA-256' in self.hashlookupresult: + hashlookup_object.add_attribute('SHA-256', **{'type': 'sha256', 'value': self.hashlookup['SHA-256']}) if 'SSDEEP' in self.hashlookupresult: hashlookup_object.add_attribute('SSDEEP', **{'type': 'ssdeep', 'value': self.hashlookupresult['SSDEEP']}) if 'TLSH' in self.hashlookupresult: @@ -71,8 +75,10 @@ def handler(q=False): pass elif attribute.get('type') == 'sha1': pass + elif attribute.get('type') == 'sha256': + pass else: - misperrors['error'] = 'md5 or sha1 is missing.' + misperrors['error'] = 'md5 or sha1 or sha256 is missing.' return misperrors api_url = check_url(request['config']['custom_API']) if request['config'].get('custom_API') else hashlookup_url r = requests.get("{}/lookup/{}/{}".format(api_url, attribute.get('type'), attribute['value'])) From 268bb312c932f6c5bac3f8b8fb06dbdd7dc98814 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 18 Dec 2021 17:11:06 +0100 Subject: [PATCH 065/132] fix: [hashlookup] typo fixed --- misp_modules/modules/expansion/hashlookup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/hashlookup.py b/misp_modules/modules/expansion/hashlookup.py index 60c43d7..eeca95f 100644 --- a/misp_modules/modules/expansion/hashlookup.py +++ b/misp_modules/modules/expansion/hashlookup.py @@ -40,7 +40,7 @@ class HashlookupParser(): # SHA-1 is the default value in hashlookup it must always be present hashlookup_object.add_attribute('SHA-1', **{'type': 'sha1', 'value': self.hashlookupresult['SHA-1']}) if 'SHA-256' in self.hashlookupresult: - hashlookup_object.add_attribute('SHA-256', **{'type': 'sha256', 'value': self.hashlookup['SHA-256']}) + hashlookup_object.add_attribute('SHA-256', **{'type': 'sha256', 'value': self.hashlookupresult['SHA-256']}) if 'SSDEEP' in self.hashlookupresult: hashlookup_object.add_attribute('SSDEEP', **{'type': 'ssdeep', 'value': self.hashlookupresult['SSDEEP']}) if 'TLSH' in self.hashlookupresult: From 767de02107cc87d1b8edc487ee61fb1c57a591a1 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 22 Dec 2021 11:37:33 +0100 Subject: [PATCH 066/132] chg: [gitchangelogrc] added --- .gitchangelog.rc | 289 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 289 insertions(+) create mode 100644 .gitchangelog.rc diff --git a/.gitchangelog.rc b/.gitchangelog.rc new file mode 100644 index 0000000..19d9b85 --- /dev/null +++ b/.gitchangelog.rc @@ -0,0 +1,289 @@ +# -*- coding: utf-8; mode: python -*- +## +## Format +## +## ACTION: [AUDIENCE:] COMMIT_MSG [!TAG ...] +## +## Description +## +## ACTION is one of 'chg', 'fix', 'new' +## +## Is WHAT the change is about. +## +## 'chg' is for refactor, small improvement, cosmetic changes... +## 'fix' is for bug fixes +## 'new' is for new features, big improvement +## +## AUDIENCE is optional and one of 'dev', 'usr', 'pkg', 'test', 'doc'|'docs' +## +## Is WHO is concerned by the change. +## +## 'dev' is for developpers (API changes, refactors...) +## 'usr' is for final users (UI changes) +## 'pkg' is for packagers (packaging changes) +## 'test' is for testers (test only related changes) +## 'doc' is for doc guys (doc only changes) +## +## COMMIT_MSG is ... well ... the commit message itself. +## +## TAGs are additionnal adjective as 'refactor' 'minor' 'cosmetic' +## +## They are preceded with a '!' or a '@' (prefer the former, as the +## latter is wrongly interpreted in github.) Commonly used tags are: +## +## 'refactor' is obviously for refactoring code only +## 'minor' is for a very meaningless change (a typo, adding a comment) +## 'cosmetic' is for cosmetic driven change (re-indentation, 80-col...) +## 'wip' is for partial functionality but complete subfunctionality. +## +## Example: +## +## new: usr: support of bazaar implemented +## chg: re-indentend some lines !cosmetic +## new: dev: updated code to be compatible with last version of killer lib. +## fix: pkg: updated year of licence coverage. +## new: test: added a bunch of test around user usability of feature X. +## fix: typo in spelling my name in comment. !minor +## +## Please note that multi-line commit message are supported, and only the +## first line will be considered as the "summary" of the commit message. So +## tags, and other rules only applies to the summary. The body of the commit +## message will be displayed in the changelog without reformatting. + + +## +## ``ignore_regexps`` is a line of regexps +## +## Any commit having its full commit message matching any regexp listed here +## will be ignored and won't be reported in the changelog. +## +ignore_regexps = [ + r'@minor', r'!minor', + r'@cosmetic', r'!cosmetic', + r'@refactor', r'!refactor', + r'@wip', r'!wip', + r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*[p|P]kg:', + r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*[d|D]ev:', + r'^(.{3,3}\s*:)?\s*[fF]irst commit.?\s*$', + ] + + +## ``section_regexps`` is a list of 2-tuples associating a string label and a +## list of regexp +## +## Commit messages will be classified in sections thanks to this. Section +## titles are the label, and a commit is classified under this section if any +## of the regexps associated is matching. +## +## Please note that ``section_regexps`` will only classify commits and won't +## make any changes to the contents. So you'll probably want to go check +## ``subject_process`` (or ``body_process``) to do some changes to the subject, +## whenever you are tweaking this variable. +## +section_regexps = [ + ('New', [ + r'^[nN]ew\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$', + ]), + ('Changes', [ + r'^[cC]hg\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$', + ]), + ('Fix', [ + r'^[fF]ix\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n]*)$', + ]), + + ('Other', None ## Match all lines + ), + +] + + +## ``body_process`` is a callable +## +## This callable will be given the original body and result will +## be used in the changelog. +## +## Available constructs are: +## +## - any python callable that take one txt argument and return txt argument. +## +## - ReSub(pattern, replacement): will apply regexp substitution. +## +## - Indent(chars=" "): will indent the text with the prefix +## Please remember that template engines gets also to modify the text and +## will usually indent themselves the text if needed. +## +## - Wrap(regexp=r"\n\n"): re-wrap text in separate paragraph to fill 80-Columns +## +## - noop: do nothing +## +## - ucfirst: ensure the first letter is uppercase. +## (usually used in the ``subject_process`` pipeline) +## +## - final_dot: ensure text finishes with a dot +## (usually used in the ``subject_process`` pipeline) +## +## - strip: remove any spaces before or after the content of the string +## +## - SetIfEmpty(msg="No commit message."): will set the text to +## whatever given ``msg`` if the current text is empty. +## +## Additionally, you can `pipe` the provided filters, for instance: +#body_process = Wrap(regexp=r'\n(?=\w+\s*:)') | Indent(chars=" ") +#body_process = Wrap(regexp=r'\n(?=\w+\s*:)') +#body_process = noop +body_process = ReSub(r'((^|\n)[A-Z]\w+(-\w+)*: .*(\n\s+.*)*)+$', r'') | strip + + +## ``subject_process`` is a callable +## +## This callable will be given the original subject and result will +## be used in the changelog. +## +## Available constructs are those listed in ``body_process`` doc. +subject_process = (strip | + ReSub(r'^([cC]hg|[fF]ix|[nN]ew)\s*:\s*((dev|use?r|pkg|test|doc|docs)\s*:\s*)?([^\n@]*)(@[a-z]+\s+)*$', r'\4') | + SetIfEmpty("No commit message.") | ucfirst | final_dot) + + +## ``tag_filter_regexp`` is a regexp +## +## Tags that will be used for the changelog must match this regexp. +## +tag_filter_regexp = r'^v[0-9]+\.[0-9]+\.[0-9]+$' + + + +## ``unreleased_version_label`` is a string or a callable that outputs a string +## +## This label will be used as the changelog Title of the last set of changes +## between last valid tag and HEAD if any. +unreleased_version_label = "%%version%% (unreleased)" + + +## ``output_engine`` is a callable +## +## This will change the output format of the generated changelog file +## +## Available choices are: +## +## - rest_py +## +## Legacy pure python engine, outputs ReSTructured text. +## This is the default. +## +## - mustache() +## +## Template name could be any of the available templates in +## ``templates/mustache/*.tpl``. +## Requires python package ``pystache``. +## Examples: +## - mustache("markdown") +## - mustache("restructuredtext") +## +## - makotemplate() +## +## Template name could be any of the available templates in +## ``templates/mako/*.tpl``. +## Requires python package ``mako``. +## Examples: +## - makotemplate("restructuredtext") +## +#output_engine = rest_py +#output_engine = mustache("restructuredtext") +output_engine = mustache("markdown") +#output_engine = makotemplate("restructuredtext") + + +## ``include_merge`` is a boolean +## +## This option tells git-log whether to include merge commits in the log. +## The default is to include them. +include_merge = True + + +## ``log_encoding`` is a string identifier +## +## This option tells gitchangelog what encoding is outputed by ``git log``. +## The default is to be clever about it: it checks ``git config`` for +## ``i18n.logOutputEncoding``, and if not found will default to git's own +## default: ``utf-8``. +#log_encoding = 'utf-8' + + +## ``publish`` is a callable +## +## Sets what ``gitchangelog`` should do with the output generated by +## the output engine. ``publish`` is a callable taking one argument +## that is an interator on lines from the output engine. +## +## Some helper callable are provided: +## +## Available choices are: +## +## - stdout +## +## Outputs directly to standard output +## (This is the default) +## +## - FileInsertAtFirstRegexMatch(file, pattern, idx=lamda m: m.start()) +## +## Creates a callable that will parse given file for the given +## regex pattern and will insert the output in the file. +## ``idx`` is a callable that receive the matching object and +## must return a integer index point where to insert the +## the output in the file. Default is to return the position of +## the start of the matched string. +## +## - FileRegexSubst(file, pattern, replace, flags) +## +## Apply a replace inplace in the given file. Your regex pattern must +## take care of everything and might be more complex. Check the README +## for a complete copy-pastable example. +## +# publish = FileInsertIntoFirstRegexMatch( +# "CHANGELOG.rst", +# r'/(?P[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n/', +# idx=lambda m: m.start(1) +# ) +#publish = stdout + + +## ``revs`` is a list of callable or a list of string +## +## callable will be called to resolve as strings and allow dynamical +## computation of these. The result will be used as revisions for +## gitchangelog (as if directly stated on the command line). This allows +## to filter exaclty which commits will be read by gitchangelog. +## +## To get a full documentation on the format of these strings, please +## refer to the ``git rev-list`` arguments. There are many examples. +## +## Using callables is especially useful, for instance, if you +## are using gitchangelog to generate incrementally your changelog. +## +## Some helpers are provided, you can use them:: +## +## - FileFirstRegexMatch(file, pattern): will return a callable that will +## return the first string match for the given pattern in the given file. +## If you use named sub-patterns in your regex pattern, it'll output only +## the string matching the regex pattern named "rev". +## +## - Caret(rev): will return the rev prefixed by a "^", which is a +## way to remove the given revision and all its ancestor. +## +## Please note that if you provide a rev-list on the command line, it'll +## replace this value (which will then be ignored). +## +## If empty, then ``gitchangelog`` will act as it had to generate a full +## changelog. +## +## The default is to use all commits to make the changelog. +#revs = ["^1.0.3", ] +#revs = [ +# Caret( +# FileFirstRegexMatch( +# "CHANGELOG.rst", +# r"(?P[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n")), +# "HEAD" +#] +revs = [] From ef55d7cc3d96ac5b3b9249491edf4b6d768e1c77 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 14:40:19 +0100 Subject: [PATCH 067/132] new: [CI] Use GitHub Actions for test --- .github/workflows/python-package.yml | 50 ++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/python-package.yml diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml new file mode 100644 index 0000000..a444958 --- /dev/null +++ b/.github/workflows/python-package.yml @@ -0,0 +1,50 @@ +name: Python package + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.7", "3.8", "3.9"] + + steps: + - run: | + sudo apt-get install libfuzzy-dev libpoppler-cpp-dev libzbar0 tesseract-ocr + - uses: actions/checkout@v2 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + - name: Cache Python dependencies + uses: actions/cache@v2 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('REQUIREMENTS') }} + - name: Install dependencies + run: | + python -m pip install --upgrade pip + python -m pip install flake8 pytest + # pyfaul must be installed manually (?) + pip install -r REQUIREMENTS pyfaup + pip install . + - name: Lint with flake8 + run: | + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + - name: Test with pytest + run: | + # Run server in background + misp-modules -l 127.0.0.1 -s & + sleep 5 + # Run tests + pytest tests From e50ab6379f289660d50c51f9427455aab9cbf87a Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 14:59:13 +0100 Subject: [PATCH 068/132] fix: [test] Typo --- tests/test_expansions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 838c39b..e33825a 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -253,7 +253,7 @@ class TestExpansions(unittest.TestCase): self.assertEqual(self.get_values(response), 'This IP is commonly spoofed in Internet-scan activity') except Exception: self.assertIn( - self.get_errors(reponse), + self.get_errors(response), ( "Unauthorized. Please check your API key.", "Too many requests. You've hit the rate-limit." From 1f75b8f8658e30faabaca00283d31a0741d7994d Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 15:33:23 +0100 Subject: [PATCH 069/132] fix: [internal] Better exception logging --- misp_modules/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/__init__.py b/misp_modules/__init__.py index 21e3db3..b068d8a 100644 --- a/misp_modules/__init__.py +++ b/misp_modules/__init__.py @@ -41,14 +41,14 @@ try: from .modules import * # noqa HAS_PACKAGE_MODULES = True except Exception as e: - print(e) + logging.exception(e) HAS_PACKAGE_MODULES = False try: from .helpers import * # noqa HAS_PACKAGE_HELPERS = True except Exception as e: - print(e) + logging.exception(e) HAS_PACKAGE_HELPERS = False log = logging.getLogger('misp-modules') From c5801d1776e9f51d66c8580d6271c88042089406 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 16:03:06 +0100 Subject: [PATCH 070/132] fix: [test] Better error handling --- tests/test_expansions.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index e33825a..97d758c 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -65,6 +65,8 @@ class TestExpansions(unittest.TestCase): if not isinstance(data, dict): print(json.dumps(data, indent=2)) return data + if 'results' not in data: + return data for result in data['results']: values = result['values'] if values: From 3fe7072bfbe9410acd419345de179725fb120def Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 16:10:29 +0100 Subject: [PATCH 071/132] fix: [ods_enrich] Better exception logging --- misp_modules/modules/expansion/ods_enrich.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/ods_enrich.py b/misp_modules/modules/expansion/ods_enrich.py index b247c44..8b66688 100644 --- a/misp_modules/modules/expansion/ods_enrich.py +++ b/misp_modules/modules/expansion/ods_enrich.py @@ -4,6 +4,7 @@ import np import ezodf import pandas_ods_reader import io +import logging misperrors = {'error': 'Error'} mispattributes = {'input': ['attachment'], @@ -37,11 +38,10 @@ def handler(q=False): for i in range(0, num_sheets): ods = pandas_ods_reader.read_ods(ods_file, i, headers=False) ods_content = ods_content + "\n" + ods.to_string(max_rows=None) - print(ods_content) return {'results': [{'types': ['freetext'], 'values': ods_content, 'comment': ".ods-to-text from file " + filename}, {'types': ['text'], 'values': ods_content, 'comment': ".ods-to-text from file " + filename}]} except Exception as e: - print(e) + logging.exception(e) err = "Couldn't analyze file as .ods. Error was: " + str(e) misperrors['error'] = err return misperrors From 2842b27c5074fa9a133cc0daf2e936e5e9c5a7c3 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 16:17:37 +0100 Subject: [PATCH 072/132] fix: [test] Skip test_ipasn and test_otx tests --- tests/test_expansions.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 97d758c..7af78b7 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -265,6 +265,7 @@ class TestExpansions(unittest.TestCase): response = self.misp_modules_post(query) self.assertEqual(self.get_errors(response), 'Missing Greynoise API key.') + @unittest.skip("Service doesn't work") def test_ipasn(self): query = {"module": "ipasn", "attribute": {"type": "ip-src", @@ -345,6 +346,7 @@ class TestExpansions(unittest.TestCase): response = self.misp_modules_post(query) self.assertEqual(self.get_errors(response), 'Onyphe authentication is missing') + @unittest.skip("Unreliable results") def test_otx(self): query_types = ('domain', 'ip-src', 'md5') query_values = ('circl.lu', '8.8.8.8', '616eff3e9a7575ae73821b4668d2801c') From 907ac1e93565ae9bd7320482bcedd37fa90a7319 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 16:31:10 +0100 Subject: [PATCH 073/132] fix: [ods_enrich] Try to fix reading bytesio --- misp_modules/modules/expansion/ods_enrich.py | 2 +- tests/test_expansions.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/ods_enrich.py b/misp_modules/modules/expansion/ods_enrich.py index 8b66688..69aca77 100644 --- a/misp_modules/modules/expansion/ods_enrich.py +++ b/misp_modules/modules/expansion/ods_enrich.py @@ -36,7 +36,7 @@ def handler(q=False): num_sheets = len(doc.sheets) try: for i in range(0, num_sheets): - ods = pandas_ods_reader.read_ods(ods_file, i, headers=False) + ods = pandas_ods_reader.algo.read_data(pandas_ods_reader.parsers.ods, ods_file, i, headers=False) ods_content = ods_content + "\n" + ods.to_string(max_rows=None) return {'results': [{'types': ['freetext'], 'values': ods_content, 'comment': ".ods-to-text from file " + filename}, {'types': ['text'], 'values': ods_content, 'comment': ".ods-to-text from file " + filename}]} diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 7af78b7..841a39a 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -304,7 +304,7 @@ class TestExpansions(unittest.TestCase): encoded = b64encode(f.read()).decode() query = {"module": "ods_enrich", "attachment": filename, "data": encoded} response = self.misp_modules_post(query) - self.assertEqual(self.get_values(response), '\n column_0\n0 ods test') + self.assertEqual(self.get_values(response), '\n column.0\n0 ods test') def test_odt(self): filename = 'test.odt' From 84ded524f96011eba6ea952f4e1312b4fed0ad8a Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 24 Dec 2021 16:54:12 +0100 Subject: [PATCH 074/132] chg: [pip] Force pandas to 1.3.5 --- Pipfile | 2 +- REQUIREMENTS | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index e8f6929..85226be 100644 --- a/Pipfile +++ b/Pipfile @@ -48,7 +48,7 @@ ODTReader = { editable = true, git = "https://github.com/cartertemm/ODTReader.gi python-pptx = "*" python-docx = "*" ezodf = "*" -pandas = "*" +pandas = "==1.3.5" pandas_ods_reader = "==0.1.2" pdftotext = "*" lxml = "*" diff --git a/REQUIREMENTS b/REQUIREMENTS index 187722e..46b2a48 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -80,7 +80,7 @@ olefile==0.46; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, oletools==0.56.2 opencv-python==4.5.3.56 pandas-ods-reader==0.1.2 -pandas==1.1.5 +pandas==1.3.5 passivetotal==2.5.4 pcodedmp==1.2.6 pdftotext==2.2.0 From e86201a9fc7775e31e4afcdb1df3a0165fbc184a Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 25 Dec 2021 09:09:08 +0100 Subject: [PATCH 075/132] Update README Add status badge for GH workflow --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 66caa42..6b96be2 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # MISP modules -[![Build Status](https://travis-ci.org/MISP/misp-modules.svg?branch=main)](https://travis-ci.org/MISP/misp-modules) -[![Coverage Status](https://coveralls.io/repos/github/MISP/misp-modules/badge.svg?branch=main)](https://coveralls.io/github/MISP/misp-modules?branch=main) +[![Python package](https://github.com/MISP/misp-modules/actions/workflows/python-package.yml/badge.svg)](https://github.com/MISP/misp-modules/actions/workflows/python-package.yml)[![Coverage Status](https://coveralls.io/repos/github/MISP/misp-modules/badge.svg?branch=main)](https://coveralls.io/github/MISP/misp-modules?branch=main) [![codecov](https://codecov.io/gh/MISP/misp-modules/branch/main/graph/badge.svg)](https://codecov.io/gh/MISP/misp-modules) MISP modules are autonomous modules that can be used to extend [MISP](https://github.com/MISP/MISP) for new services such as expansion, import and export. From c42723d42df0bb295fa8d7d426702ffa96374a89 Mon Sep 17 00:00:00 2001 From: Koen Van Impe Date: Sun, 26 Dec 2021 23:34:00 +0100 Subject: [PATCH 076/132] Module to push malware samples to a MWDB instance - Upload of attachment or malware sample to MWDB - Tags of events and/or attributes are added to MWDB. - Comment of the MISP attribute is added to MWDB. - A link back to the MISP event is added to MWDB via the MWDB attribute. - A link to the MWDB attribute is added as an enriched attribute to the MISP event. --- documentation/website/expansion/mwdb.json | 11 ++ misp_modules/modules/expansion/__init__.py | 4 +- misp_modules/modules/expansion/mwdb.py | 140 +++++++++++++++++++++ 3 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 documentation/website/expansion/mwdb.json create mode 100644 misp_modules/modules/expansion/mwdb.py diff --git a/documentation/website/expansion/mwdb.json b/documentation/website/expansion/mwdb.json new file mode 100644 index 0000000..456a160 --- /dev/null +++ b/documentation/website/expansion/mwdb.json @@ -0,0 +1,11 @@ +{ + "description": "Module to push malware samples to a MWDB instance", + "requirements": [ + "* mwdblib installed (pip install mwdblib) ; * (optional) keys.py file to add tags of events/attributes to MWDB * (optional) MWDB attribute created for the link back to MISP (defined in mwdb_misp_attribute)" + ], + "input": "Attachment or malware sample", + "output": "Link attribute that points to the sample at the MWDB instane", + "references": [ + ], + "features": "An expansion module to push malware samples to a MWDB (https://github.com/CERT-Polska/mwdb-core) instance. This module does not push samples to a sandbox. This can be achieved via Karton (connected to the MWDB). Does: * Upload of attachment or malware sample to MWDB * Tags of events and/or attributes are added to MWDB. * Comment of the MISP attribute is added to MWDB. * A link back to the MISP event is added to MWDB via the MWDB attribute. * A link to the MWDB attribute is added as an enrichted attribute to the MISP event." +} \ No newline at end of file diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 1666ffe..7591d7d 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry'] + 'qintel_qsentry', 'mwdb'] minimum_required_fields = ('type', 'uuid', 'value') @@ -28,4 +28,4 @@ standard_error_message = 'This module requires an "attribute" field as input' def check_input_attribute(attribute, requirements=minimum_required_fields): - return all(feature in attribute for feature in requirements) \ No newline at end of file + return all(feature in attribute for feature in requirements) diff --git a/misp_modules/modules/expansion/mwdb.py b/misp_modules/modules/expansion/mwdb.py new file mode 100644 index 0000000..aa3c727 --- /dev/null +++ b/misp_modules/modules/expansion/mwdb.py @@ -0,0 +1,140 @@ +import json +import sys +import base64 +#from distutils.util import strtobool + +import io +import zipfile + +from pymisp import PyMISP, MISPEvent, MISPAttribute +from mwdblib import MWDB + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['attachment', 'malware-sample'], 'output': ['link']} +moduleinfo = {'version': '1', 'author': 'Koen Van Impe', + 'description': 'Module to push malware samples to a MWDB instance', + 'module-type': ['expansion']} + +moduleconfig = ['mwdb_apikey', 'mwdb_url', 'mwdb_misp_attribute', 'mwdb_public', 'include_tags_event', 'include_tags_attribute'] + +pymisp_keys_file = "/var/www/MISP/PyMISP/" +mwdb_public_default = True + +""" +An expansion module to push malware samples to a MWDB (https://github.com/CERT-Polska/mwdb-core) instance. +This module does not push samples to a sandbox. This can be achieved via Karton (connected to the MWDB) + +Does: +- Upload of attachment or malware sample to MWDB +- Tags of events and/or attributes are added to MWDB. +- Comment of the MISP attribute is added to MWDB. +- A link back to the MISP event is added to MWDB via the MWDB attribute. +- A link to the MWDB attribute is added as an enriched attribute to the MISP event. + +Requires +- mwdblib installed (pip install mwdblib) +- (optional) keys.py file to add tags of events/attributes to MWDB +- (optional) MWDB "attribute" created for the link back to MISP (defined in mwdb_misp_attribute) +""" + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + + try: + data = request.get("data") + if 'malware-sample' in request: + # malicious samples are encrypted with zip (password infected) and then base64 encoded + sample_filename = request.get("malware-sample").split("|", 1)[0] + data = base64.b64decode(data) + fl = io.BytesIO(data) + zf = zipfile.ZipFile(fl) + sample_hashname = zf.namelist()[0] + data = zf.read(sample_hashname, b"infected") + zf.close() + elif 'attachment' in request: + # All attachments get base64 encoded + sample_filename = request.get("attachment") + data = base64.b64decode(data) + + else: + misperrors['error'] = "No malware sample or attachment supplied" + return misperrors + except Exception: + misperrors['error'] = "Unable to process submited sample data" + return misperrors + + if (request["config"].get("mwdb_apikey") is None) or (request["config"].get("mwdb_url") is None): + misperrors["error"] = "Missing MWDB API key or server URL" + return misperrors + + mwdb_misp_attribute = request["config"].get("mwdb_misp_attribute") + mwdb_public = request["config"].get("mwdb_public", mwdb_public_default) + + include_tags_event = request["config"].get("include_tags_event") + include_tags_attribute = request["config"].get("include_tags_attribute") + misp_event_id = request.get("event_id") + misp_attribute_uuid = request.get("attribute_uuid") + misp_attribute_comment = "" + mwdb_tags = [] + misp_info = "" + + try: + if include_tags_event: + sys.path.append(pymisp_keys_file) + from keys import misp_url, misp_key, misp_verifycert + misp = PyMISP(misp_url, misp_key, misp_verifycert, False) + misp_event = misp.get_event(misp_event_id) + if "Event" in misp_event: + misp_info = misp_event["Event"]["info"] + if "Tag" in misp_event["Event"]: + tags = misp_event["Event"]["Tag"] + for tag in tags: + if "misp-galaxy" not in tag["name"]: + mwdb_tags.append(tag["name"]) + if include_tags_attribute: + sys.path.append(pymisp_keys_file) + from keys import misp_url, misp_key, misp_verifycert + misp = PyMISP(misp_url, misp_key, misp_verifycert, False) + misp_attribute = misp.get_attribute(misp_attribute_uuid) + if "Attribute" in misp_attribute: + if "Tag" in misp_attribute["Attribute"]: + tags = misp_attribute["Attribute"]["Tag"] + for tag in tags: + if "misp-galaxy" not in tag["name"]: + mwdb_tags.append(tag["name"]) + misp_attribute_comment = misp_attribute["Attribute"]["comment"] + except Exception: + misperrors['error'] = "Unable to read PyMISP (keys.py) configuration file" + return misperrors + + try: + mwdb = MWDB(api_key=request["config"].get("mwdb_apikey"), api_url=request["config"].get("mwdb_url")) + if mwdb_misp_attribute and len(mwdb_misp_attribute) > 0: + metakeys = {mwdb_misp_attribute: misp_event_id} + else: + metakeys = False + file_object = mwdb.upload_file(sample_filename, data, metakeys=metakeys, public=mwdb_public) + for tag in mwdb_tags: + file_object.add_tag(tag) + if len(misp_attribute_comment) < 1: + misp_attribute_comment = "MISP attribute {}".format(misp_attribute_uuid) + file_object.add_comment(misp_attribute_comment) + mwdb_link = request["config"].get("mwdb_url").replace("/api", "/file/") + "{}".format(file_object.md5) + except Exception: + misperrors['error'] = "Unable to send sample to MWDB instance" + return misperrors + + r = {'results': [{'types': 'link', 'values': mwdb_link, 'comment': 'Link to MWDB sample'}]} + return r + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From b9fb2f3ca7ceb0945523e7fcc87270af60c986c0 Mon Sep 17 00:00:00 2001 From: Koen Van Impe Date: Sun, 26 Dec 2021 23:59:16 +0100 Subject: [PATCH 077/132] Update mwdb.py --- misp_modules/modules/expansion/mwdb.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/mwdb.py b/misp_modules/modules/expansion/mwdb.py index aa3c727..66f5fe4 100644 --- a/misp_modules/modules/expansion/mwdb.py +++ b/misp_modules/modules/expansion/mwdb.py @@ -6,7 +6,7 @@ import base64 import io import zipfile -from pymisp import PyMISP, MISPEvent, MISPAttribute +from pymisp import PyMISP from mwdblib import MWDB misperrors = {'error': 'Error'} @@ -122,6 +122,8 @@ def handler(q=False): if len(misp_attribute_comment) < 1: misp_attribute_comment = "MISP attribute {}".format(misp_attribute_uuid) file_object.add_comment(misp_attribute_comment) + if len(misp_event) > 0: + file_object.add_comment("Fetched from event {} - {}".format(misp_event_id, misp_info)) mwdb_link = request["config"].get("mwdb_url").replace("/api", "/file/") + "{}".format(file_object.md5) except Exception: misperrors['error'] = "Unable to send sample to MWDB instance" From adc61963df95422930643a3eaf73607070fd98e5 Mon Sep 17 00:00:00 2001 From: Koen Van Impe Date: Mon, 27 Dec 2021 15:23:13 +0100 Subject: [PATCH 078/132] Update REQUIREMENTS --- REQUIREMENTS | 1 + 1 file changed, 1 insertion(+) diff --git a/REQUIREMENTS b/REQUIREMENTS index 46b2a48..a2486b4 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -151,3 +151,4 @@ xlsxwriter==3.0.1; python_version >= '3.4' yara-python==3.8.1 yarl==1.6.3; python_version >= '3.6' ndjson==0.3.1 +mwdblib==3.4.1 From 6c4e7881101cc9f429896c24fc592651edd92c29 Mon Sep 17 00:00:00 2001 From: Derek LaHousse Date: Thu, 30 Dec 2021 09:25:44 -0500 Subject: [PATCH 079/132] It seems alright to leave the field empty, just have to check that it is empty --- misp_modules/modules/import_mod/csvimport.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misp_modules/modules/import_mod/csvimport.py b/misp_modules/modules/import_mod/csvimport.py index 34eed8c..6bd79b7 100644 --- a/misp_modules/modules/import_mod/csvimport.py +++ b/misp_modules/modules/import_mod/csvimport.py @@ -224,7 +224,8 @@ class CsvParser(): @staticmethod def __deal_with_tags(attribute): - attribute['Tag'] = [{'name': tag.strip()} for tag in attribute['Tag'].split(',')] + if 'Tag' in attribute.keys(): + attribute['Tag'] = [{'name': tag.strip()} for tag in attribute['Tag'].split(',')] def __get_score(self): score = 1 if 'to_ids' in self.header else 0 From a08ec71b96f55dee5dde7733e456044ac23b9fd1 Mon Sep 17 00:00:00 2001 From: Silvian I Date: Thu, 6 Jan 2022 11:35:01 +0100 Subject: [PATCH 080/132] Upgrade censys_enrich module to new api version --- REQUIREMENTS | 2 +- .../modules/expansion/censys_enrich.py | 119 +++++++++++------- tests/expansion_configs.json | 6 + tests/test_expansions.py | 15 +++ 4 files changed, 93 insertions(+), 49 deletions(-) create mode 100644 tests/expansion_configs.json diff --git a/REQUIREMENTS b/REQUIREMENTS index a2486b4..ccc737f 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -27,8 +27,8 @@ beautifulsoup4==4.9.3 bidict==0.21.2; python_version >= '3.6' blockchain==1.4.4 certifi==2021.5.30 +censys==2.0.9 cffi==1.14.6 - #chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' chardet charset-normalizer==2.0.4; python_version >= '3' diff --git a/misp_modules/modules/expansion/censys_enrich.py b/misp_modules/modules/expansion/censys_enrich.py index d5823ff..033824c 100644 --- a/misp_modules/modules/expansion/censys_enrich.py +++ b/misp_modules/modules/expansion/censys_enrich.py @@ -1,15 +1,26 @@ # encoding: utf-8 import json +import configparser import base64 import codecs +import censys.common.config from dateutil.parser import isoparse from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject + try: - import censys.base - import censys.ipv4 - import censys.websites - import censys.certificates + #needed in order to overwrite the censys module intent of creating config files in the home folder of the proccess owner + #-- + def get_config_over() -> configparser.ConfigParser: + config = configparser.ConfigParser() + config[censys.common.config.DEFAULT] = censys.common.config.default_config + return config + censys.common.config.get_config = get_config_over + #-- + + from censys.search import CensysHosts + from censys.search import CensysCertificates + from censys.common.base import * except ImportError: print("Censys module not installed. Try 'pip install censys'") @@ -20,8 +31,11 @@ mispattributes = {'input': ['ip-src', 'ip-dst', 'domain', 'hostname', 'hostname| moduleinfo = {'version': '0.1', 'author': 'Loïc Fortemps', 'description': 'Censys.io expansion module', 'module-type': ['expansion', 'hover']} +api_id = None +api_secret = None def handler(q=False): + global api_id, api_secret if q is False: return False request = json.loads(q) @@ -65,27 +79,31 @@ def handler(q=False): types.append(attribute.type) values.append(attribute.value) + found = False for t in types: - # ip, ip-src or ip-dst - if t[:2] == "ip": - conn.append(censys.ipv4.CensysIPv4(api_id=api_id, api_secret=api_secret)) - elif t == 'domain' or t == "hostname": - conn.append(censys.websites.CensysWebsites(api_id=api_id, api_secret=api_secret)) - elif 'x509-fingerprint' in t: - conn.append(censys.certificates.CensysCertificates(api_id=api_id, api_secret=api_secret)) - - found = True - for c in conn: - val = values.pop(0) try: - r = c.view(val) - results.append(parse_response(r, attribute)) - found = True - except censys.base.CensysNotFoundException: - found = False - except Exception: - misperrors['error'] = "Connection issue" - return misperrors + val = values.pop(0) + # ip, ip-src or ip-dst + if t[:2] == "ip": + r = CensysHosts(api_id, api_secret).view(val) + results.append(parse_response(r, attribute)) + found = True + elif t == 'domain' or t == "hostname": + #get ips + endpoint = CensysHosts(api_id, api_secret) + for r_list in endpoint.search(query=val, per_page=15, pages=1): + for r in r_list: + results.append(parse_response(r, attribute)) + found = True + elif 'x509-fingerprint' in t: + # TODO switch to api_v2 once available + # sill use api_v1 as Certificates endpoint in api_v2 doesn't yet provide all the details + r = CensysCertificates(api_id, api_secret).view(val) + results.append(parse_response(r, attribute)) + found = True + except CensysException as e: + misperrors['error'] = print("ERROR: param {} / resposne: {}".format(value, e)) + return misperrors if not found: misperrors['error'] = "Nothing could be found on Censys" @@ -98,38 +116,43 @@ def parse_response(censys_output, attribute): misp_event = MISPEvent() misp_event.add_attribute(**attribute) # Generic fields (for IP/Websites) - if "autonomous_system" in censys_output: - cen_as = censys_output['autonomous_system'] + if censys_output.get('autonomous_system'): + cen_as = censys_output.get('autonomous_system') asn_object = MISPObject('asn') - asn_object.add_attribute('asn', value=cen_as["asn"]) - asn_object.add_attribute('description', value=cen_as['name']) - asn_object.add_attribute('subnet-announced', value=cen_as['routed_prefix']) - asn_object.add_attribute('country', value=cen_as['country_code']) + asn_object.add_attribute('asn', value=cen_as.get("asn")) + asn_object.add_attribute('description', value=cen_as.get('name')) + asn_object.add_attribute('subnet-announced', value=cen_as.get('routed_prefix')) + asn_object.add_attribute('country', value=cen_as.get('country_code')) asn_object.add_reference(attribute.uuid, 'associated-to') misp_event.add_object(**asn_object) - if "ip" in censys_output and "ports" in censys_output: + if censys_output.get('ip') and len(censys_output.get('services')): #"ports" in censys_output ip_object = MISPObject('ip-port') - ip_object.add_attribute('ip', value=censys_output['ip']) - for p in censys_output['ports']: - ip_object.add_attribute('dst-port', value=p) + ip_object.add_attribute('ip', value=censys_output.get('ip')) + for serv in censys_output.get('services'): + if serv.get('port'): + ip_object.add_attribute('dst-port', value=serv.get('port')) ip_object.add_reference(attribute.uuid, 'associated-to') misp_event.add_object(**ip_object) # We explore all ports to find https or ssh services - for k in censys_output.keys(): - if not isinstance(censys_output[k], dict): + for serv in censys_output.get('services', []): + if not isinstance(serv, dict): continue - if 'https' in censys_output[k]: + if serv.get('service_name').lower() == 'http' and serv.get('certificate', None): try: - cert = censys_output[k]['https']['tls']['certificate'] - cert_obj = get_certificate_object(cert, attribute) - misp_event.add_object(**cert_obj) + cert = serv.get('certificate', None) + if cert: + # TODO switch to api_v2 once available + # use api_v1 as Certificates endpoint in api_v2 doesn't yet provide all the details + cert_details = CensysCertificates(api_id, api_secret).view(cert) + cert_obj = get_certificate_object(cert_details, attribute) + misp_event.add_object(**cert_obj) except KeyError: print("Error !") - if 'ssh' in censys_output[k]: + if serv.get('ssh') and serv.get('service_name').lower() == 'ssh': try: - cert = censys_output[k]['ssh']['v2']['server_host_key'] + cert = serv.get('ssh').get('server_host_key').get('fingerprint_sha256') # TODO enable once the type is merged # misp_event.add_attribute(type='hasshserver-sha256', value=cert['fingerprint_sha256']) except KeyError: @@ -144,15 +167,15 @@ def parse_response(censys_output, attribute): if "location" in censys_output: loc_obj = MISPObject('geolocation') loc = censys_output['location'] - loc_obj.add_attribute('latitude', value=loc['latitude']) - loc_obj.add_attribute('longitude', value=loc['longitude']) + loc_obj.add_attribute('latitude', value=loc.get('coordinates', {}).get('latitude', None)) + loc_obj.add_attribute('longitude', value=loc.get('coordinates', {}).get('longitude', None)) if 'city' in loc: - loc_obj.add_attribute('city', value=loc['city']) - loc_obj.add_attribute('country', value=loc['country']) + loc_obj.add_attribute('city', value=loc.get('city')) + loc_obj.add_attribute('country', value=loc.get('country')) if 'postal_code' in loc: - loc_obj.add_attribute('zipcode', value=loc['postal_code']) + loc_obj.add_attribute('zipcode', value=loc.get('postal_code')) if 'province' in loc: - loc_obj.add_attribute('region', value=loc['province']) + loc_obj.add_attribute('region', value=loc.get('province')) loc_obj.add_reference(attribute.uuid, 'associated-to') misp_event.add_object(**loc_obj) @@ -253,4 +276,4 @@ def introspection(): def version(): moduleinfo['config'] = moduleconfig - return moduleinfo + return moduleinfo \ No newline at end of file diff --git a/tests/expansion_configs.json b/tests/expansion_configs.json new file mode 100644 index 0000000..57b0f9e --- /dev/null +++ b/tests/expansion_configs.json @@ -0,0 +1,6 @@ +{ + "censys_enrich": { + "api_id" : "", + "api_secret": "" + } +} \ No newline at end of file diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 841a39a..696e000 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -215,6 +215,21 @@ class TestExpansions(unittest.TestCase): response = self.misp_modules_post(query) self.assertEqual(self.get_values(response), '\nThis is an basic test docx file. ') + def test_censys(self): + module_name = "censys_enrich" + query = { + "attribute": {"type" : "ip-dst", "value": "8.8.8.8", "uuid": ""}, + "module": module_name, + "config": {} + } + if module_name in self.configs: + query['config'] = self.configs[module_name] + response = self.misp_modules_post(query) + self.assertEqual(self.get_object(response), 'asn') + else: + response = self.misp_modules_post(query) + self.assertTrue(self.get_errors(response).startswith('Please provide config options')) + def test_farsight_passivedns(self): module_name = 'farsight_passivedns' if module_name in self.configs: From 4af4642d8a0d212b4dd4b7d9a3c5c30cd6d6f105 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 7 Jan 2022 12:10:21 +0100 Subject: [PATCH 081/132] new: [REQUIREMENTS] for the documentation generation --- DOC-REQUIREMENTS | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 DOC-REQUIREMENTS diff --git a/DOC-REQUIREMENTS b/DOC-REQUIREMENTS new file mode 100644 index 0000000..8373cb7 --- /dev/null +++ b/DOC-REQUIREMENTS @@ -0,0 +1,3 @@ +mkdocs +pymdown-extensions +mkdocs-material From ae4221723a031157dd10ce71f2ab2a7e5350d47d Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 7 Jan 2022 12:10:56 +0100 Subject: [PATCH 082/132] chg: [doc] updated --- documentation/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/documentation/README.md b/documentation/README.md index 8936fbf..c9fd62e 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -916,6 +916,20 @@ Query the MALWAREbazaar API to get additional information about the input hash a ----- +#### [mwdb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/mwdb.py) + +Module to push malware samples to a MWDB instance +- **features**: +>An expansion module to push malware samples to a MWDB (https://github.com/CERT-Polska/mwdb-core) instance. This module does not push samples to a sandbox. This can be achieved via Karton (connected to the MWDB). Does: * Upload of attachment or malware sample to MWDB * Tags of events and/or attributes are added to MWDB. * Comment of the MISP attribute is added to MWDB. * A link back to the MISP event is added to MWDB via the MWDB attribute. * A link to the MWDB attribute is added as an enrichted attribute to the MISP event. +- **input**: +>Attachment or malware sample +- **output**: +>Link attribute that points to the sample at the MWDB instane +- **requirements**: +>* mwdblib installed (pip install mwdblib) ; * (optional) keys.py file to add tags of events/attributes to MWDB * (optional) MWDB attribute created for the link back to MISP (defined in mwdb_misp_attribute) + +----- + #### [ocr_enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ocr_enrich.py) Module to process some optical character recognition on pictures. From b9d9df4dd07b6be72fa320b08d7026d7e3e24fa2 Mon Sep 17 00:00:00 2001 From: Silvian I Date: Thu, 6 Jan 2022 11:35:01 +0100 Subject: [PATCH 083/132] Upgrade censys_enrich module to new api version --- REQUIREMENTS | 2 +- .../modules/expansion/censys_enrich.py | 151 ++++++++++-------- tests/expansion_configs.json | 6 + tests/test_expansions.py | 19 +++ 4 files changed, 112 insertions(+), 66 deletions(-) create mode 100644 tests/expansion_configs.json diff --git a/REQUIREMENTS b/REQUIREMENTS index a2486b4..ccc737f 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -27,8 +27,8 @@ beautifulsoup4==4.9.3 bidict==0.21.2; python_version >= '3.6' blockchain==1.4.4 certifi==2021.5.30 +censys==2.0.9 cffi==1.14.6 - #chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' chardet charset-normalizer==2.0.4; python_version >= '3' diff --git a/misp_modules/modules/expansion/censys_enrich.py b/misp_modules/modules/expansion/censys_enrich.py index d5823ff..6f630a3 100644 --- a/misp_modules/modules/expansion/censys_enrich.py +++ b/misp_modules/modules/expansion/censys_enrich.py @@ -1,15 +1,26 @@ # encoding: utf-8 import json +import configparser import base64 import codecs +import censys.common.config from dateutil.parser import isoparse from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject + try: - import censys.base - import censys.ipv4 - import censys.websites - import censys.certificates + #needed in order to overwrite the censys module intent of creating config files in the home folder of the proccess owner + #-- + def get_config_over() -> configparser.ConfigParser: + config = configparser.ConfigParser() + config[censys.common.config.DEFAULT] = censys.common.config.default_config + return config + censys.common.config.get_config = get_config_over + #-- + + from censys.search import CensysHosts + from censys.search import CensysCertificates + from censys.common.base import * except ImportError: print("Censys module not installed. Try 'pip install censys'") @@ -20,8 +31,11 @@ mispattributes = {'input': ['ip-src', 'ip-dst', 'domain', 'hostname', 'hostname| moduleinfo = {'version': '0.1', 'author': 'Loïc Fortemps', 'description': 'Censys.io expansion module', 'module-type': ['expansion', 'hover']} +api_id = None +api_secret = None def handler(q=False): + global api_id, api_secret if q is False: return False request = json.loads(q) @@ -65,26 +79,29 @@ def handler(q=False): types.append(attribute.type) values.append(attribute.value) + found = False for t in types: - # ip, ip-src or ip-dst - if t[:2] == "ip": - conn.append(censys.ipv4.CensysIPv4(api_id=api_id, api_secret=api_secret)) - elif t == 'domain' or t == "hostname": - conn.append(censys.websites.CensysWebsites(api_id=api_id, api_secret=api_secret)) - elif 'x509-fingerprint' in t: - conn.append(censys.certificates.CensysCertificates(api_id=api_id, api_secret=api_secret)) - - found = True - for c in conn: - val = values.pop(0) try: - r = c.view(val) - results.append(parse_response(r, attribute)) - found = True - except censys.base.CensysNotFoundException: - found = False - except Exception: - misperrors['error'] = "Connection issue" + value = values.pop(0) + # ip, ip-src or ip-dst + if t[:2] == "ip": + r = CensysHosts(api_id, api_secret).view(value) + results.append(parse_response(r, attribute)) + found = True + elif t == 'domain' or t == "hostname": + # get ips + endpoint = CensysHosts(api_id, api_secret) + for r_list in endpoint.search(query=value, per_page=5, pages=1): + for r in r_list: + results.append(parse_response(r, attribute)) + found = True + elif 'x509-fingerprint-sha256' in t: + # use api_v1 as Certificates endpoint in api_v2 doesn't yet provide all the details + r = CensysCertificates(api_id, api_secret).view(value) + results.append(parse_response(r, attribute)) + found = True + except CensysException as e: + misperrors['error'] = print("ERROR: param {} / response: {}".format(value, e)) return misperrors if not found: @@ -98,38 +115,43 @@ def parse_response(censys_output, attribute): misp_event = MISPEvent() misp_event.add_attribute(**attribute) # Generic fields (for IP/Websites) - if "autonomous_system" in censys_output: - cen_as = censys_output['autonomous_system'] + if censys_output.get('autonomous_system'): + cen_as = censys_output.get('autonomous_system') asn_object = MISPObject('asn') - asn_object.add_attribute('asn', value=cen_as["asn"]) - asn_object.add_attribute('description', value=cen_as['name']) - asn_object.add_attribute('subnet-announced', value=cen_as['routed_prefix']) - asn_object.add_attribute('country', value=cen_as['country_code']) + asn_object.add_attribute('asn', value=cen_as.get("asn")) + asn_object.add_attribute('description', value=cen_as.get('name')) + asn_object.add_attribute('subnet-announced', value=cen_as.get('routed_prefix')) + asn_object.add_attribute('country', value=cen_as.get('country_code')) asn_object.add_reference(attribute.uuid, 'associated-to') misp_event.add_object(**asn_object) - if "ip" in censys_output and "ports" in censys_output: + if censys_output.get('ip') and len(censys_output.get('services')): #"ports" in censys_output ip_object = MISPObject('ip-port') - ip_object.add_attribute('ip', value=censys_output['ip']) - for p in censys_output['ports']: - ip_object.add_attribute('dst-port', value=p) + ip_object.add_attribute('ip', value=censys_output.get('ip')) + for serv in censys_output.get('services'): + if serv.get('port'): + ip_object.add_attribute('dst-port', value=serv.get('port')) ip_object.add_reference(attribute.uuid, 'associated-to') misp_event.add_object(**ip_object) # We explore all ports to find https or ssh services - for k in censys_output.keys(): - if not isinstance(censys_output[k], dict): + for serv in censys_output.get('services', []): + if not isinstance(serv, dict): continue - if 'https' in censys_output[k]: + if serv.get('service_name').lower() == 'http' and serv.get('certificate', None): try: - cert = censys_output[k]['https']['tls']['certificate'] - cert_obj = get_certificate_object(cert, attribute) - misp_event.add_object(**cert_obj) + cert = serv.get('certificate', None) + if cert: + # TODO switch to api_v2 once available + # use api_v1 as Certificates endpoint in api_v2 doesn't yet provide all the details + cert_details = CensysCertificates(api_id, api_secret).view(cert) + cert_obj = get_certificate_object(cert_details, attribute) + misp_event.add_object(**cert_obj) except KeyError: print("Error !") - if 'ssh' in censys_output[k]: + if serv.get('ssh') and serv.get('service_name').lower() == 'ssh': try: - cert = censys_output[k]['ssh']['v2']['server_host_key'] + cert = serv.get('ssh').get('server_host_key').get('fingerprint_sha256') # TODO enable once the type is merged # misp_event.add_attribute(type='hasshserver-sha256', value=cert['fingerprint_sha256']) except KeyError: @@ -144,20 +166,20 @@ def parse_response(censys_output, attribute): if "location" in censys_output: loc_obj = MISPObject('geolocation') loc = censys_output['location'] - loc_obj.add_attribute('latitude', value=loc['latitude']) - loc_obj.add_attribute('longitude', value=loc['longitude']) + loc_obj.add_attribute('latitude', value=loc.get('coordinates', {}).get('latitude', None)) + loc_obj.add_attribute('longitude', value=loc.get('coordinates', {}).get('longitude', None)) if 'city' in loc: - loc_obj.add_attribute('city', value=loc['city']) - loc_obj.add_attribute('country', value=loc['country']) + loc_obj.add_attribute('city', value=loc.get('city')) + loc_obj.add_attribute('country', value=loc.get('country')) if 'postal_code' in loc: - loc_obj.add_attribute('zipcode', value=loc['postal_code']) + loc_obj.add_attribute('zipcode', value=loc.get('postal_code')) if 'province' in loc: - loc_obj.add_attribute('region', value=loc['province']) + loc_obj.add_attribute('region', value=loc.get('province')) loc_obj.add_reference(attribute.uuid, 'associated-to') misp_event.add_object(**loc_obj) event = json.loads(misp_event.to_json()) - return {'Object': event['Object'], 'Attribute': event['Attribute']} + return {'Object': event.get('Object', []), 'Attribute': event.get('Attribute', [])} # In case of multiple enrichment (ip and domain), we need to filter out similar objects @@ -166,24 +188,23 @@ def remove_duplicates(results): # Only one enrichment was performed so no duplicate if len(results) == 1: return results[0] - elif len(results) == 2: - final_result = results[0] - obj_l2 = results[1]['Object'] - for o2 in obj_l2: - if o2['name'] == "asn": - key = "asn" - elif o2['name'] == "ip-port": - key = "ip" - elif o2['name'] == "x509": - key = "x509-fingerprint-sha256" - elif o2['name'] == "geolocation": - key = "latitude" - if not check_if_present(o2, key, final_result['Object']): - final_result['Object'].append(o2) - - return final_result else: - return [] + final_result = results[0] + for i,result in enumerate(results[1:]): + obj_l = results[i+1].get('Object', []) + for o2 in obj_l: + if o2['name'] == "asn": + key = "asn" + elif o2['name'] == "ip-port": + key = "ip" + elif o2['name'] == "x509": + key = "x509-fingerprint-sha256" + elif o2['name'] == "geolocation": + key = "latitude" + if not check_if_present(o2, key, final_result.get('Object', [])): + final_result['Object'].append(o2) + + return final_result def check_if_present(object, attribute_name, list_objects): @@ -253,4 +274,4 @@ def introspection(): def version(): moduleinfo['config'] = moduleconfig - return moduleinfo + return moduleinfo \ No newline at end of file diff --git a/tests/expansion_configs.json b/tests/expansion_configs.json new file mode 100644 index 0000000..57b0f9e --- /dev/null +++ b/tests/expansion_configs.json @@ -0,0 +1,6 @@ +{ + "censys_enrich": { + "api_id" : "", + "api_secret": "" + } +} \ No newline at end of file diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 841a39a..d015bcb 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -215,6 +215,25 @@ class TestExpansions(unittest.TestCase): response = self.misp_modules_post(query) self.assertEqual(self.get_values(response), '\nThis is an basic test docx file. ') + def test_censys(self): + module_name = "censys_enrich" + query = { + "attribute": {"type" : "ip-dst", "value": "8.8.8.8", "uuid": ""}, + "module": module_name, + "config": {} + } + if module_name in self.configs: + query['config'] = self.configs[module_name] + response = self.misp_modules_post(query) + + if self.configs[module_name].get('api_id') == '': + self.assertTrue(self.get_errors(response).startswith('ERROR: param ')) + else: + self.assertGreaterEqual(len(response.json().get('results', {}).get('Attribute')), 1) + else: + response = self.misp_modules_post(query) + self.assertTrue(self.get_errors(response).startswith('Please provide config options')) + def test_farsight_passivedns(self): module_name = 'farsight_passivedns' if module_name in self.configs: From ef543a3fa827ce5ac3896a1f5e00b31b65b305db Mon Sep 17 00:00:00 2001 From: Silvian I Date: Fri, 7 Jan 2022 19:04:34 +0100 Subject: [PATCH 084/132] Upgrade censys_enrich module to new api version - fix test error --- misp_modules/modules/expansion/censys_enrich.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/misp_modules/modules/expansion/censys_enrich.py b/misp_modules/modules/expansion/censys_enrich.py index 6f630a3..52c3945 100644 --- a/misp_modules/modules/expansion/censys_enrich.py +++ b/misp_modules/modules/expansion/censys_enrich.py @@ -60,7 +60,6 @@ def handler(q=False): attribute = MISPAttribute() attribute.from_dict(**request['attribute']) # Lists to accomodate multi-types attribute - conn = list() types = list() values = list() results = list() @@ -101,8 +100,8 @@ def handler(q=False): results.append(parse_response(r, attribute)) found = True except CensysException as e: - misperrors['error'] = print("ERROR: param {} / response: {}".format(value, e)) - return misperrors + misperrors['error'] = "ERROR: param {} / response: {}".format(value, e) + return misperrors if not found: misperrors['error'] = "Nothing could be found on Censys" @@ -151,7 +150,7 @@ def parse_response(censys_output, attribute): print("Error !") if serv.get('ssh') and serv.get('service_name').lower() == 'ssh': try: - cert = serv.get('ssh').get('server_host_key').get('fingerprint_sha256') + # cert = serv.get('ssh').get('server_host_key').get('fingerprint_sha256') # TODO enable once the type is merged # misp_event.add_attribute(type='hasshserver-sha256', value=cert['fingerprint_sha256']) except KeyError: From 950a76a3ad5967f1f94f28238e329fa132e9b28c Mon Sep 17 00:00:00 2001 From: Silvian I Date: Fri, 7 Jan 2022 19:04:34 +0100 Subject: [PATCH 085/132] Upgrade censys_enrich module to new api version - fix test error --- misp_modules/modules/expansion/censys_enrich.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/censys_enrich.py b/misp_modules/modules/expansion/censys_enrich.py index 52c3945..f423712 100644 --- a/misp_modules/modules/expansion/censys_enrich.py +++ b/misp_modules/modules/expansion/censys_enrich.py @@ -100,8 +100,8 @@ def handler(q=False): results.append(parse_response(r, attribute)) found = True except CensysException as e: - misperrors['error'] = "ERROR: param {} / response: {}".format(value, e) - return misperrors + misperrors['error'] = "ERROR: param {} / response: {}".format(value, e) + return misperrors if not found: misperrors['error'] = "Nothing could be found on Censys" @@ -150,7 +150,7 @@ def parse_response(censys_output, attribute): print("Error !") if serv.get('ssh') and serv.get('service_name').lower() == 'ssh': try: - # cert = serv.get('ssh').get('server_host_key').get('fingerprint_sha256') + cert = serv.get('ssh').get('server_host_key').get('fingerprint_sha256') # TODO enable once the type is merged # misp_event.add_attribute(type='hasshserver-sha256', value=cert['fingerprint_sha256']) except KeyError: From 13cb1f472d40e50735e972bb0e70da3ff29b8940 Mon Sep 17 00:00:00 2001 From: Silvian I Date: Tue, 11 Jan 2022 13:59:59 +0100 Subject: [PATCH 086/132] [crowdstrike_falcon] Upgrade crowdstrike_falcon enrich module to new api version & add attribute creation on enrichment functionality --- REQUIREMENTS | 1 + .../modules/expansion/crowdstrike_falcon.py | 156 ++++++++++-------- tests/expansion_configs.json | 4 + tests/test_expansions.py | 19 +++ 4 files changed, 108 insertions(+), 72 deletions(-) diff --git a/REQUIREMENTS b/REQUIREMENTS index ccc737f..c0b5326 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -39,6 +39,7 @@ colorama==0.4.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3. colorclass==2.2.0 compressed-rtf==1.0.6 configparser==5.0.2; python_version >= '3.6' +crowdstrike-falconpy==0.9.0 cryptography==3.4.7; python_version >= '3.6' decorator==5.0.9; python_version >= '3.5' deprecated==1.2.12; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' diff --git a/misp_modules/modules/expansion/crowdstrike_falcon.py b/misp_modules/modules/expansion/crowdstrike_falcon.py index 1342e88..f556d8a 100755 --- a/misp_modules/modules/expansion/crowdstrike_falcon.py +++ b/misp_modules/modules/expansion/crowdstrike_falcon.py @@ -1,42 +1,45 @@ import json import requests +from . import check_input_attribute, standard_error_message +from falconpy import Intel +from pymisp import MISPAttribute, MISPEvent, MISPObject -moduleinfo = {'version': '0.1', +moduleinfo = {'version': '0.2', 'author': 'Christophe Vandeplas', 'description': 'Module to query CrowdStrike Falcon.', - 'module-type': ['expansion']} + 'module-type': ['expansion', 'hover']} moduleconfig = ['api_id', 'apikey'] misperrors = {'error': 'Error'} -misp_types_in = ['domain', 'email-attachment', 'email-dst', 'email-reply-to', 'email-src', 'email-subject', +misp_type_in = ['domain', 'email-attachment', 'email-dst', 'email-reply-to', 'email-src', 'email-subject', 'filename', 'hostname', 'ip', 'ip-src', 'ip-dst', 'md5', 'mutex', 'regkey', 'sha1', 'sha256', 'uri', 'url', 'user-agent', 'whois-registrant-email', 'x509-fingerprint-md5'] -mapping_out = { # mapping between the MISP attributes types and the compatible CrowdStrike indicator types. - 'domain': {'types': 'hostname', 'to_ids': True}, - 'email_address': {'types': 'email-src', 'to_ids': True}, - 'email_subject': {'types': 'email-subject', 'to_ids': True}, - 'file_name': {'types': 'filename', 'to_ids': True}, - 'hash_md5': {'types': 'md5', 'to_ids': True}, - 'hash_sha1': {'types': 'sha1', 'to_ids': True}, - 'hash_sha256': {'types': 'sha256', 'to_ids': True}, - 'ip_address': {'types': 'ip-dst', 'to_ids': True}, - 'ip_address_block': {'types': 'ip-dst', 'to_ids': True}, - 'mutex_name': {'types': 'mutex', 'to_ids': True}, - 'registry': {'types': 'regkey', 'to_ids': True}, - 'url': {'types': 'url', 'to_ids': True}, - 'user_agent': {'types': 'user-agent', 'to_ids': True}, - 'x509_serial': {'types': 'x509-fingerprint-md5', 'to_ids': True}, +mapping_out = { # mapping between the MISP attributes type and the compatible CrowdStrike indicator types. + 'domain': {'type': 'hostname', 'to_ids': True}, + 'email_address': {'type': 'email-src', 'to_ids': True}, + 'email_subject': {'type': 'email-subject', 'to_ids': True}, + 'file_name': {'type': 'filename', 'to_ids': True}, + 'hash_md5': {'type': 'md5', 'to_ids': True}, + 'hash_sha1': {'type': 'sha1', 'to_ids': True}, + 'hash_sha256': {'type': 'sha256', 'to_ids': True}, + 'ip_address': {'type': 'ip-dst', 'to_ids': True}, + 'ip_address_block': {'type': 'ip-dst', 'to_ids': True}, + 'mutex_name': {'type': 'mutex', 'to_ids': True}, + 'registry': {'type': 'regkey', 'to_ids': True}, + 'url': {'type': 'url', 'to_ids': True}, + 'user_agent': {'type': 'user-agent', 'to_ids': True}, + 'x509_serial': {'type': 'x509-fingerprint-md5', 'to_ids': True}, - 'actors': {'types': 'threat-actor'}, - 'malware_families': {'types': 'text', 'categories': 'Attribution'} + 'actors': {'type': 'threat-actor', 'category': 'Attribution'}, + 'malware_families': {'type': 'text', 'category': 'Attribution'} } -misp_types_out = [item['types'] for item in mapping_out.values()] -mispattributes = {'input': misp_types_in, 'output': misp_types_out} - +misp_type_out = [item['type'] for item in mapping_out.values()] +mispattributes = {'input': misp_type_in, 'format': 'misp_standard'} def handler(q=False): if q is False: return False request = json.loads(q) + #validate CrowdStrike params if (request.get('config')): if (request['config'].get('apikey') is None): misperrors['error'] = 'CrowdStrike apikey is missing' @@ -44,41 +47,64 @@ def handler(q=False): if (request['config'].get('api_id') is None): misperrors['error'] = 'CrowdStrike api_id is missing' return misperrors + + #validate attribute + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + attribute = request.get('attribute') + if not any(input_type == attribute.get('type') for input_type in misp_type_in): + return {'error': 'Unsupported attribute type.'} + client = CSIntelAPI(request['config']['api_id'], request['config']['apikey']) + attribute = MISPAttribute() + attribute.from_dict(**request.get('attribute') ) r = {"results": []} - valid_type = False - for k in misp_types_in: - if request.get(k): - # map the MISP typ to the CrowdStrike type - for item in lookup_indicator(client, request[k]): - r['results'].append(item) - valid_type = True + + try: + for k in misp_type_in: + if attribute.type == k: + # map the MISP type to the CrowdStrike type + r['results'].append(lookup_indicator(client, attribute)) + valid_type = True + except Exception as e: + return {'error': f"{e}"} if not valid_type: misperrors['error'] = "Unsupported attributes type" return misperrors - return r + return {'results': r.get('results').pop()} -def lookup_indicator(client, item): - result = client.search_indicator(item) - for item in result: - for relation in item['relations']: - if mapping_out.get(relation['type']): - r = mapping_out[relation['type']].copy() - r['values'] = relation['indicator'] - yield(r) - for actor in item['actors']: - r = mapping_out['actors'].copy() - r['values'] = actor - yield(r) - for malware_family in item['malware_families']: - r = mapping_out['malware_families'].copy() - r['values'] = malware_family - yield(r) +def lookup_indicator(client, ref_attribute): + result = client.search_indicator(ref_attribute.value) + misp_event = MISPEvent() + misp_event.add_attribute(**ref_attribute) + for item in result.get('resources', []): + for relation in item.get('relations'): + if mapping_out.get(relation.get('type')): + r = mapping_out[relation.get('type')].copy() + r['value'] = relation.get('indicator') + attribute = MISPAttribute() + attribute.from_dict(**r) + misp_event.add_attribute(**attribute) + for actor in item.get('actors'): + r = mapping_out.get('actors').copy() + r['value'] = actor + attribute = MISPAttribute() + attribute.from_dict(**r) + misp_event.add_attribute(**attribute) + if item.get('malware_families'): + r = mapping_out.get('malware_families').copy() + r['value'] = f"malware_families: {' | '.join(item.get('malware_families'))}" + attribute = MISPAttribute() + attribute.from_dict(**r) + misp_event.add_attribute(**attribute) + + event = json.loads(misp_event.to_json()) + return {'Object': event.get('Object', []), 'Attribute': event.get('Attribute', [])} def introspection(): return mispattributes @@ -90,39 +116,25 @@ def version(): class CSIntelAPI(): - def __init__(self, custid=None, custkey=None, perpage=100, page=1, baseurl="https://intelapi.crowdstrike.com/indicator/v2/search/"): + def __init__(self, custid=None, custkey=None): # customer id and key should be passed when obj is created - self.custid = custid - self.custkey = custkey + self.falcon = Intel(client_id=custid, client_secret=custkey) - self.baseurl = baseurl - self.perpage = perpage - self.page = page - - def request(self, query): - headers = {'X-CSIX-CUSTID': self.custid, - 'X-CSIX-CUSTKEY': self.custkey, - 'Content-Type': 'application/json'} - - full_query = self.baseurl + query - - r = requests.get(full_query, headers=headers) + def search_indicator(self, query): + r = self.falcon.query_indicator_entities(q=query) # 400 - bad request - if r.status_code == 400: + if r.get('status_code') == 400: raise Exception('HTTP Error 400 - Bad request.') # 404 - oh shit - if r.status_code == 404: + if r.get('status_code') == 404: raise Exception('HTTP Error 404 - awww snap.') # catch all? - if r.status_code != 200: - raise Exception('HTTP Error: ' + str(r.status_code)) + if r.get('status_code') != 200: + raise Exception('HTTP Error: ' + str(r.get('status_code'))) - if r.text: - return r + if len(r.get('body').get('errors')): + raise Exception('API Error: ' + ' | '.join(r.get('body').get('errors'))) - def search_indicator(self, item): - query = 'indicator?match=' + item - r = self.request(query) - return json.loads(r.text) + return r.get('body', {}) \ No newline at end of file diff --git a/tests/expansion_configs.json b/tests/expansion_configs.json index 57b0f9e..8056ec8 100644 --- a/tests/expansion_configs.json +++ b/tests/expansion_configs.json @@ -2,5 +2,9 @@ "censys_enrich": { "api_id" : "", "api_secret": "" + }, + "crowdstrike_falcon": { + "api_id" : "", + "apikey": "" } } \ No newline at end of file diff --git a/tests/test_expansions.py b/tests/test_expansions.py index d015bcb..b8764f7 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -511,6 +511,25 @@ class TestExpansions(unittest.TestCase): response = self.misp_modules_post(query) self.assertTrue(self.get_values(response), result) + def test_crowdstrike(self): + module_name = "crowdstrike_falcon" + query = { + "attribute": {"type": "sha256", "value": "", "uuid": ""}, + "module": module_name, + "config": {} + } + if module_name in self.configs: + query['config'] = self.configs[module_name] + response = self.misp_modules_post(query) + + if self.configs[module_name].get('api_id') == '': + self.assertTrue(self.get_errors(response).startswith('HTTP Error:')) + else: + self.assertGreaterEqual(len(response.json().get('results', {}).get('Attribute')), 1) + else: + response = self.misp_modules_post(query) + self.assertTrue(self.get_errors(response).startswith('CrowdStrike apikey is missing')) + def test_threatminer(self): if LiveCI: return True From 23ff0348ed073967c33e67b76150fb3293db7509 Mon Sep 17 00:00:00 2001 From: Silvian I Date: Tue, 11 Jan 2022 15:25:39 +0100 Subject: [PATCH 087/132] [crowdstrike_falcon] fix imports warning --- misp_modules/modules/expansion/crowdstrike_falcon.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/crowdstrike_falcon.py b/misp_modules/modules/expansion/crowdstrike_falcon.py index f556d8a..c26d59f 100755 --- a/misp_modules/modules/expansion/crowdstrike_falcon.py +++ b/misp_modules/modules/expansion/crowdstrike_falcon.py @@ -1,8 +1,7 @@ import json -import requests from . import check_input_attribute, standard_error_message from falconpy import Intel -from pymisp import MISPAttribute, MISPEvent, MISPObject +from pymisp import MISPAttribute, MISPEvent moduleinfo = {'version': '0.2', 'author': 'Christophe Vandeplas', From 923fd05eb3e8d917ad9fe0a96b9e0fe33983451b Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 10 Dec 2021 19:26:32 -0500 Subject: [PATCH 088/132] Contribute a TAXII 2.1 import style misp-module. --- .gitmodules | 4 + misp_modules/lib/misp-objects | 1 + misp_modules/lib/stix2misp.py | 2070 +++++++++++++++++++ misp_modules/lib/stix2misp_mapping.py | 460 +++++ misp_modules/lib/synonymsToTagNames.json | 1 + misp_modules/modules/import_mod/__init__.py | 1 + misp_modules/modules/import_mod/taxii21.py | 354 ++++ 7 files changed, 2891 insertions(+) create mode 100644 .gitmodules create mode 160000 misp_modules/lib/misp-objects create mode 100644 misp_modules/lib/stix2misp.py create mode 100644 misp_modules/lib/stix2misp_mapping.py create mode 100644 misp_modules/lib/synonymsToTagNames.json create mode 100644 misp_modules/modules/import_mod/taxii21.py diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..e9f78ac --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "misp_modules/lib/misp-objects"] + path = misp_modules/lib/misp-objects + url = https://github.com/MISP/misp-objects.git + branch = main diff --git a/misp_modules/lib/misp-objects b/misp_modules/lib/misp-objects new file mode 160000 index 0000000..9dc7e35 --- /dev/null +++ b/misp_modules/lib/misp-objects @@ -0,0 +1 @@ +Subproject commit 9dc7e3578f2165e32a3b7cdd09e9e552f2d98d36 diff --git a/misp_modules/lib/stix2misp.py b/misp_modules/lib/stix2misp.py new file mode 100644 index 0000000..ed875b5 --- /dev/null +++ b/misp_modules/lib/stix2misp.py @@ -0,0 +1,2070 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# Copyright (C) 2017-2018 CIRCL Computer Incident Response Center Luxembourg (smile gie) +# Copyright (C) 2017-2018 Christian Studer +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import sys +import json +import os +import time +import io +import pymisp +import stix2 +import misp_modules.lib.stix2misp_mapping as stix2misp_mapping +from collections import defaultdict +from copy import deepcopy +from pathlib import Path +_misp_objects_path = Path(__file__).parent / 'misp-objects' / 'objects' +_misp_types = pymisp.AbstractMISP().describe_types.get('types') +from pymisp import MISPEvent, MISPObject, MISPAttribute + + +class StixParser(): + _galaxy_types = ('intrusion-set', 'malware', 'threat-actor', 'tool') + _stix2misp_mapping = {'marking-definition': '_load_marking', + 'relationship': '_load_relationship', + 'report': '_load_report', + 'indicator': '_parse_indicator', + 'observed-data': '_parse_observable', + 'identity': '_load_identity'} + _stix2misp_mapping.update({galaxy_type: '_load_galaxy' for galaxy_type in _galaxy_types}) + _special_mapping = {'attack-pattern': 'parse_attack_pattern', + 'course-of-action': 'parse_course_of_action', + 'vulnerability': 'parse_vulnerability'} + _timeline_mapping = {'indicator': ('valid_from', 'valid_until'), + 'observed-data': ('first_observed', 'last_observed')} + + def __init__(self): + super().__init__() + self.misp_event = MISPEvent() + self.relationship = defaultdict(list) + self.tags = set() + self.galaxy = {} + self.marking_definition = {} + + def handler(self, event, filename, args): + self.filename = filename + self.stix_version = f"STIX {event['spec_version'] if event.get('spec_version') else '2.1'}" + try: + event_distribution = args[0] + if not isinstance(event_distribution, int): + event_distribution = int(event_distribution) if event_distribution.isdigit() else 0 + except IndexError: + event_distribution = 0 + try: + attribute_distribution = args[1] + if attribute_distribution == 'event': + attribute_distribution = 5 + if not isinstance(attribute_distribution, int): + attribute_distribution = int(attribute_distribution) if attribute_distribution.isdigit() else 5 + except IndexError: + attribute_distribution = 5 + synonyms_to_tag_names = args[2] if len(args) > 2 else '/var/www/MISP/app/files/scripts/synonymsToTagNames.json' + with open(synonyms_to_tag_names, 'rt', encoding='utf-8') as f: + self._synonyms_to_tag_names = json.loads(f.read()) + self.parse_event(event) + + def _load_galaxy(self, galaxy): + self.galaxy[galaxy['id'].split('--')[1]] = {'tag_names': self.parse_galaxy(galaxy), 'used': False} + + def _load_identity(self, identity): + try: + self.identity[identity['id'].split('--')[1]] = identity['name'] + except AttributeError: + self.identity = {identity['id'].split('--')[1]: identity['name']} + + def _load_marking(self, marking): + tag = self.parse_marking(marking) + self.marking_definition[marking['id'].split('--')[1]] = {'object': tag, 'used': False} + + def _load_relationship(self, relationship): + target_uuid = relationship.target_ref.split('--')[1] + reference = (target_uuid, relationship.relationship_type) + source_uuid = relationship.source_ref.split('--')[1] + self.relationship[source_uuid].append(reference) + + def _load_report(self, report): + try: + self.report[report['id'].split('--')[1]] = report + except AttributeError: + self.report = {report['id'].split('--')[1]: report} + + def save_file(self): + event = self.misp_event.to_json() + with open(f'{self.filename}.stix2', 'wt', encoding='utf-8') as f: + f.write(event) + + ################################################################################ + ## PARSING FUNCTIONS USED BY BOTH SUBCLASSES. ## + ################################################################################ + + def handle_markings(self): + if hasattr(self, 'marking_refs'): + for attribute in self.misp_event.attributes: + if attribute.uuid in self.marking_refs: + for marking_uuid in self.marking_refs[attribute.uuid]: + attribute.add_tag(self.marking_definition[marking_uuid]['object']) + self.marking_definition[marking_uuid]['used'] = True + if self.marking_definition: + for marking_definition in self.marking_definition.values(): + if not marking_definition['used']: + self.tags.add(marking_definition['object']) + if self.tags: + for tag in self.tags: + self.misp_event.add_tag(tag) + + @staticmethod + def _parse_email_body(body, references): + attributes = [] + for body_multipart in body: + reference = references.pop(body_multipart['body_raw_ref']) + feature = body_multipart['content_disposition'].split(';')[0] + if feature in stix2misp_mapping.email_references_mapping: + attribute = deepcopy(stix2misp_mapping.email_references_mapping[feature]) + else: + print(f'Unknown content disposition in the following email body: {body_multipart}', file=sys.stderr) + continue + if isinstance(reference, stix2.v20.observables.Artifact): + attribute.update({ + 'value': body_multipart['content_disposition'].split('=')[-1].strip("'"), + 'data': reference.payload_bin, + 'to_ids': False + }) + else: + attribute.update({ + 'value': reference.name, + 'to_ids': False + }) + attributes.append(attribute) + return attributes + + @staticmethod + def _parse_email_references(email_message, references): + attributes = [] + if hasattr(email_message, 'from_ref'): + reference = references.pop(email_message.from_ref) + attribute = { + 'value': reference.value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.email_references_mapping['from_ref']) + attributes.append(attribute) + for feature in ('to_refs', 'cc_refs'): + if hasattr(email_message, feature): + for ref_id in getattr(email_message, feature): + reference = references.pop(ref_id) + attribute = { + 'value': reference.value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.email_references_mapping[feature]) + attributes.append(attribute) + return attributes + + def parse_galaxies(self): + for galaxy in self.galaxy.values(): + if not galaxy['used']: + for tag_name in galaxy['tag_names']: + self.tags.add(tag_name) + + @staticmethod + def _parse_network_connection_reference(feature_type, feature, value): + if feature == 'type': + return {type: value.format(feature_type) for type, value in stix2misp_mapping.network_traffic_references_mapping[value].items()} + return {feature: value} + + @staticmethod + def _parse_network_traffic_protocol(protocol): + return {'type': 'text', 'value': protocol, 'to_ids': False, + 'object_relation': f'layer{stix2misp_mapping.connection_protocols[protocol]}-protocol'} + + @staticmethod + def _parse_observable_reference(reference, mapping, feature=None): + attribute = { + 'value': reference.value, + 'to_ids': False + } + if feature is not None: + attribute.update({key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) + return attribute + attribute.update({key: value for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) + return attribute + + def parse_pe(self, extension): + pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) + self.fill_misp_object(pe_object, extension, 'pe_mapping') + for section in extension['sections']: + section_object = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) + self.fill_misp_object(section_object, section, 'pe_section_mapping') + if hasattr(section, 'hashes'): + self.fill_misp_object(section_object, section.hashes, 'pe_section_mapping') + self.misp_event.add_object(section_object) + pe_object.add_reference(section_object.uuid, 'includes') + self.misp_event.add_object(pe_object) + return pe_object.uuid + + def parse_relationships(self): + attribute_uuids = tuple(attribute.uuid for attribute in self.misp_event.attributes) + object_uuids = tuple(object.uuid for object in self.misp_event.objects) + for source, references in self.relationship.items(): + if source in object_uuids: + source_object = self.misp_event.get_object_by_uuid(source) + for reference in references: + target, reference = reference + if target in attribute_uuids or target in object_uuids: + source_object.add_reference(target, reference) + elif source in attribute_uuids: + for attribute in self.misp_event.attributes: + if attribute.uuid == source: + for reference in references: + target, reference = reference + if target in self.galaxy: + for tag_name in self.galaxy[target]['tag_names']: + attribute.add_tag(tag_name) + self.galaxy[target]['used'] = True + break + + def parse_report(self, event_uuid=None): + event_infos = set() + self.misp_event.uuid = event_uuid if event_uuid and len(self.report) > 1 else tuple(self.report.keys())[0] + for report in self.report.values(): + if hasattr(report, 'name') and report.name: + event_infos.add(report.name) + if hasattr(report, 'labels') and report.labels: + for label in report.labels: + self.tags.add(label) + if hasattr(report, 'object_marking_refs') and report.object_marking_refs: + for marking_ref in report.object_marking_refs: + marking_ref = marking_ref.split('--')[1] + try: + self.tags.add(self.marking_definition[marking_ref]['object']) + self.marking_definition[marking_ref]['used'] = True + except KeyError: + continue + if hasattr(report, 'external_references'): + for reference in report.external_references: + self.misp_event.add_attribute(**{'type': 'link', 'value': reference['url']}) + if len(event_infos) == 1: + self.misp_event.info = event_infos.pop() + else: + self.misp_event.info = f'Imported with MISP import script for {self.stix_version}' + + @staticmethod + def _parse_user_account_groups(groups): + attributes = [{'type': 'text', 'object_relation': 'group', 'to_ids': False, + 'disable_correlation': True, 'value': group} for group in groups] + return attributes + + ################################################################################ + ## UTILITY FUNCTIONS. ## + ################################################################################ + + @staticmethod + def _choose_with_priority(container, first_choice, second_choice): + return first_choice if first_choice in container else second_choice + + def filter_main_object(self, observable, main_type, test_function='_standard_test_filter'): + references = {} + main_objects = [] + for key, value in observable.items(): + if getattr(self, test_function)(value, main_type): + main_objects.append(value) + else: + references[key] = value + if len(main_objects) > 1: + print(f'More than one {main_type} objects in this observable: {observable}', file=sys.stderr) + return main_objects[0] if main_objects else None, references + + @staticmethod + def getTimestampfromDate(date): + try: + return int(date.timestamp()) + except AttributeError: + return int(time.mktime(time.strptime(date.split('+')[0], "%Y-%m-%dT%H:%M:%S.%fZ"))) + + @staticmethod + def _handle_data(data): + return io.BytesIO(data.encode()) + + @staticmethod + def parse_marking(marking): + marking_type = marking.definition_type + tag = getattr(marking.definition, marking_type) + return "{}:{}".format(marking_type, tag) + + def parse_timeline(self, stix_object): + misp_object = {'timestamp': self.getTimestampfromDate(stix_object.modified)} + try: + first, last = self._timeline_mapping[stix_object._type] + first_seen = getattr(stix_object, first) + if stix_object.created != first_seen and stix_object.modified != first_seen: + misp_object['first_seen'] = first_seen + if hasattr(stix_object, last): + misp_object['last_seen'] = getattr(stix_object, last) + elif hasattr(stix_object, last): + misp_object.update({'first_seen': first_seen, 'last_seen': getattr(stix_object, last)}) + except KeyError: + pass + return misp_object + + @staticmethod + def _process_test_filter(value, main_type): + _is_main_process = any(feature in value for feature in ('parent_ref', 'child_refs')) + return isinstance(value, getattr(stix2.v20.observables, main_type)) and _is_main_process + + @staticmethod + def _standard_test_filter(value, main_type): + return isinstance(value, getattr(stix2.v20.observables, main_type)) + + def update_marking_refs(self, attribute_uuid, marking_refs): + try: + self.marking_refs[attribute_uuid] = tuple(marking.split('--')[1] for marking in marking_refs) + except AttributeError: + self.marking_refs = {attribute_uuid: tuple(marking.split('--')[1] for marking in marking_refs)} + + +class StixFromMISPParser(StixParser): + def __init__(self): + super().__init__() + self._stix2misp_mapping.update({'custom_object': '_parse_custom'}) + self._stix2misp_mapping.update({special_type: '_parse_undefined' for special_type in ('attack-pattern', 'course-of-action', 'vulnerability')}) + self._custom_objects = tuple(filename.name.replace('_', '-') for filename in _misp_objects_path.glob('*') if '_' in filename.name) + + def parse_event(self, stix_event): + for stix_object in stix_event.objects: + object_type = stix_object['type'] + if object_type.startswith('x-misp-object'): + object_type = 'custom_object' + if object_type in self._stix2misp_mapping: + getattr(self, self._stix2misp_mapping[object_type])(stix_object) + else: + print(f'not found: {object_type}', file=sys.stderr) + if self.relationship: + self.parse_relationships() + if self.galaxy: + self.parse_galaxies() + if hasattr(self, 'report'): + self.parse_report() + self.handle_markings() + + def _parse_custom(self, custom): + if 'from_object' in custom['labels']: + self.parse_custom_object(custom) + else: + self.parse_custom_attribute(custom) + + def _parse_indicator(self, indicator): + if 'from_object' in indicator['labels']: + self.parse_indicator_object(indicator) + else: + self.parse_indicator_attribute(indicator) + + def _parse_observable(self, observable): + if 'from_object' in observable['labels']: + self.parse_observable_object(observable) + else: + self.parse_observable_attribute(observable) + + def _parse_undefined(self, stix_object): + if any(label.startswith('misp-galaxy:') for label in stix_object.get('labels', [])): + self._load_galaxy(stix_object) + else: + getattr(self, self._special_mapping[stix_object._type])(stix_object) + + ################################################################################ + ## PARSING FUNCTIONS. ## + ################################################################################ + + def fill_misp_object(self, misp_object, stix_object, mapping, + to_call='_fill_observable_object_attribute'): + for feature, value in stix_object.items(): + if feature not in getattr(stix2misp_mapping, mapping): + if feature.startswith('x_misp_'): + attribute = self.parse_custom_property(feature) + if isinstance(value, list): + self._fill_misp_object_from_list(misp_object, attribute, value) + continue + else: + continue + else: + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[feature]) + attribute.update(getattr(self, to_call)(feature, value)) + misp_object.add_attribute(**attribute) + + @staticmethod + def _fill_misp_object_from_list(misp_object, mapping, values): + for value in values: + attribute = {'value': value} + attribute.update(mapping) + misp_object.add_attribute(**attribute) + + def parse_attack_pattern(self, attack_pattern): + misp_object, _ = self.create_misp_object(attack_pattern) + if hasattr(attack_pattern, 'external_references'): + for reference in attack_pattern.external_references: + value = reference['external_id'].split('-')[1] if reference['source_name'] == 'capec' else reference['url'] + misp_object.add_attribute(**{ + 'type': 'text', 'object_relation': 'id', + 'value': value + }) + self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping', + '_fill_observable_object_attribute') + self.misp_event.add_object(**misp_object) + + def parse_course_of_action(self, course_of_action): + misp_object, _ = self.create_misp_object(course_of_action) + self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping', + '_fill_observable_object_attribute') + self.misp_event.add_object(**misp_object) + + def parse_custom_attribute(self, custom): + attribute_type = custom['type'].split('x-misp-object-')[1] + if attribute_type not in _misp_types: + replacement = ' ' if attribute_type == 'named-pipe' else '|' + attribute_type = attribute_type.replace('-', replacement) + attribute = {'type': attribute_type, + 'timestamp': self.getTimestampfromDate(custom['modified']), + 'to_ids': bool(custom['labels'][1].split('=')[1]), + 'value': custom['x_misp_value'], + 'category': self.get_misp_category(custom['labels']), + 'uuid': custom['id'].split('--')[1]} + if custom.get('object_marking_refs'): + self.update_marking_refs(attribute['uuid'], custom['object_marking_refs']) + self.misp_event.add_attribute(**attribute) + + def parse_custom_object(self, custom): + name = custom['type'].split('x-misp-object-')[1] + if name in self._custom_objects: + name = name.replace('-', '_') + misp_object = MISPObject(name, misp_objects_path_custom=_misp_objects_path) + misp_object.timestamp = self.getTimestampfromDate(custom['modified']) + misp_object.uuid = custom['id'].split('--')[1] + try: + misp_object.category = custom['category'] + except KeyError: + misp_object.category = self.get_misp_category(custom['labels']) + for key, value in custom['x_misp_values'].items(): + attribute_type, object_relation = key.replace('_DOT_', '.').split('_') + if isinstance(value, list): + for single_value in value: + misp_object.add_attribute(**{'type': attribute_type, 'value': single_value, + 'object_relation': object_relation}) + else: + misp_object.add_attribute(**{'type': attribute_type, 'value': value, + 'object_relation': object_relation}) + self.misp_event.add_object(**misp_object) + + def parse_galaxy(self, galaxy): + if hasattr(galaxy, 'labels'): + return [label for label in galaxy.labels if label.startswith('misp-galaxy:')] + try: + return self._synonyms_to_tag_names[name] + except KeyError: + print(f'Unknown {galaxy._type} name: {galaxy.name}', file=sys.stderr) + return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] + + def parse_indicator_attribute(self, indicator): + attribute = self.create_attribute_dict(indicator) + attribute['to_ids'] = True + pattern = indicator.pattern.replace('\\\\', '\\') + if attribute['type'] in ('malware-sample', 'attachment'): + value, data = self.parse_attribute_pattern_with_data(pattern) + attribute.update({feature: value for feature, value in zip(('value', 'data'), (value, io.BytesIO(data.encode())))}) + else: + attribute['value'] = self.parse_attribute_pattern(pattern) + self.misp_event.add_attribute(**attribute) + + def parse_indicator_object(self, indicator): + misp_object, object_type = self.create_misp_object(indicator) + pattern = self._handle_pattern(indicator.pattern).replace('\\\\', '\\').split(' AND ') + try: + attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['pattern'])(pattern) + except KeyError: + print(f"Unable to map {object_type} object:\n{indicator}", file=sys.stderr) + return + if isinstance(attributes, tuple): + attributes, target_uuid = attributes + misp_object.add_reference(target_uuid, 'includes') + for attribute in attributes: + misp_object.add_attribute(**attribute) + self.misp_event.add_object(misp_object) + + def parse_observable_attribute(self, observable): + attribute = self.create_attribute_dict(observable) + attribute['to_ids'] = False + objects = observable.objects + value = self.parse_single_attribute_observable(objects, attribute['type']) + if isinstance(value, tuple): + value, data = value + attribute['data'] = data + attribute['value'] = value + self.misp_event.add_attribute(**attribute) + + def parse_observable_object(self, observable): + misp_object, object_type = self.create_misp_object(observable) + observable_object = observable.objects + try: + attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['observable'])(observable_object) + except KeyError: + print(f"Unable to map {object_type} object:\n{observable}", file=sys.stderr) + return + if isinstance(attributes, tuple): + attributes, target_uuid = attributes + misp_object.add_reference(target_uuid, 'includes') + for attribute in attributes: + misp_object.add_attribute(**attribute) + self.misp_event.add_object(misp_object) + + def parse_vulnerability(self, vulnerability): + attributes = self.fill_observable_attributes(vulnerability, 'vulnerability_mapping') + if hasattr(vulnerability, 'external_references'): + for reference in vulnerability.external_references: + if reference['source_name'] == 'url': + attributes.append({'type': 'link', 'object_relation': 'references', 'value': reference['url']}) + if len(attributes) > 1: + vulnerability_object, _ = self.create_misp_object(vulnerability) + for attribute in attributes: + vulnerability_object.add_attribute(**attribute) + self.misp_event.add_object(**vulnerability_object) + else: + attribute = self.create_attribute_dict(vulnerability) + attribute['value'] = attributes[0]['value'] + self.misp_event.add_attribute(**attribute) + + ################################################################################ + ## OBSERVABLE PARSING FUNCTIONS ## + ################################################################################ + + @staticmethod + def _define_hash_type(hash_type): + if 'sha' in hash_type: + return f'SHA-{hash_type.split("sha")[1]}' + return hash_type.upper() if hash_type == 'md5' else hash_type + + @staticmethod + def _fetch_file_observable(observable_objects): + for key, observable in observable_objects.items(): + if observable['type'] == 'file': + return key + return '0' + + @staticmethod + def _fill_observable_attribute(attribute_type, object_relation, value): + return {'type': attribute_type, + 'object_relation': object_relation, + 'value': value, + 'to_ids': False} + + def fill_observable_attributes(self, observable, object_mapping): + attributes = [] + for key, value in observable.items(): + if key in getattr(stix2misp_mapping, object_mapping): + attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[key]) + elif key.startswith('x_misp_'): + attribute = self.parse_custom_property(key) + if isinstance(value, list): + for single_value in value: + single_attribute = {'value': single_value, 'to_ids': False} + single_attribute.update(attribute) + attributes.append(single_attribute) + continue + else: + continue + attribute.update({'value': value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + def _handle_multiple_file_fields(self, file): + attributes = [] + for feature, attribute_type in zip(('filename', 'path', 'fullpath'), ('filename', 'text', 'text')): + key = f'x_misp_multiple_{feature}' + if key in file: + attributes.append(self._fill_observable_attribute(attribute_type, feature, file.pop(key))) + elif f'{key}s' in file: + attributes.extend(self._fill_observable_attribute(attribute_type, feature, value) for value in file.pop(key)) + attributes.extend(self.fill_observable_attributes(file, 'file_mapping')) + return attributes + + def parse_asn_observable(self, observable): + attributes = [] + mapping = 'asn_mapping' + for observable_object in observable.values(): + if isinstance(observable_object, stix2.v20.observables.AutonomousSystem): + attributes.extend(self.fill_observable_attributes(observable_object, mapping)) + else: + attributes.append(self._parse_observable_reference(observable_object, mapping)) + return attributes + + def _parse_attachment(self, observable): + if len(observable) > 1: + return self._parse_name(observable, index='1'), self._parse_payload(observable) + return self._parse_name(observable) + + def parse_credential_observable(self, observable): + return self.fill_observable_attributes(observable['0'], 'credential_mapping') + + def _parse_domain_ip_attribute(self, observable): + return f'{self._parse_value(observable)}|{self._parse_value(observable, index="1")}' + + @staticmethod + def parse_domain_ip_observable(observable): + attributes = [] + for observable_object in observable.values(): + attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[observable_object._type]) + attribute.update({'value': observable_object.value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + @staticmethod + def _parse_email_message(observable, attribute_type): + return observable['0'].get(attribute_type.split('-')[1]) + + def parse_email_observable(self, observable): + email, references = self.filter_main_object(observable, 'EmailMessage') + attributes = self.fill_observable_attributes(email, 'email_mapping') + if hasattr(email, 'additional_header_fields'): + attributes.extend(self.fill_observable_attributes(email.additional_header_fields, 'email_mapping')) + attributes.extend(self._parse_email_references(email, references)) + if hasattr(email, 'body_multipart') and email.body_multipart: + attributes.extend(self._parse_email_body(email.body_multipart, references)) + return attributes + + @staticmethod + def _parse_email_reply_to(observable): + return observable['0'].additional_header_fields.get('Reply-To') + + def parse_file_observable(self, observable): + file, references = self.filter_main_object(observable, 'File') + references = {key: {'object': value, 'used': False} for key, value in references.items()} + file = {key: value for key, value in file.items()} + multiple_fields = any(f'x_misp_multiple_{feature}' in file for feature in ('filename', 'path', 'fullpath')) + attributes = self._handle_multiple_file_fields(file) if multiple_fields else self.fill_observable_attributes(file, 'file_mapping') + if 'hashes' in file: + attributes.extend(self.fill_observable_attributes(file['hashes'], 'file_mapping')) + if 'content_ref' in file: + reference = references[file['content_ref']] + value = f'{reference["object"].name}|{reference["object"].hashes["MD5"]}' + attributes.append({'type': 'malware-sample', 'object_relation': 'malware-sample', 'value': value, + 'to_ids': False, 'data': reference['object'].payload_bin}) + reference['used'] = True + if 'parent_directory_ref' in file: + reference = references[file['parent_directory_ref']] + attributes.append({'type': 'text', 'object_relation': 'path', + 'value': reference['object'].path, 'to_ids': False}) + reference['used'] = True + for reference in references.values(): + if not reference['used']: + attributes.append({ + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': reference['object'].name, + 'data': reference['object'].payload_bin, + 'to_ids': False + }) + return attributes + + def _parse_filename_hash(self, observable, attribute_type, index='0'): + hash_type = attribute_type.split('|')[1] + filename = self._parse_name(observable, index=index) + hash_value = self._parse_hash(observable, hash_type, index=index) + return f'{filename}|{hash_value}' + + def _parse_hash(self, observable, attribute_type, index='0'): + hash_type = self._define_hash_type(attribute_type) + return observable[index]['hashes'].get(hash_type) + + def parse_ip_port_observable(self, observable): + network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') + attributes = [] + for feature in ('src', 'dst'): + port = f'{feature}_port' + if hasattr(network_traffic, port): + attribute = deepcopy(stix2misp_mapping.ip_port_mapping[port]) + attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) + attributes.append(attribute) + ref = f'{feature}_ref' + if hasattr(network_traffic, ref): + attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), 'ip_port_references_mapping', feature)) + for reference in references.values(): + attribute = deepcopy(stix2misp_mapping.ip_port_references_mapping[reference._type]) + attribute.update({'value': reference.value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + def _parse_malware_sample(self, observable): + if len(observable) > 1: + value = self._parse_filename_hash(observable, 'filename|md5', '1') + return value, self._parse_payload(observable) + return self._parse_filename_hash(observable, 'filename|md5') + + @staticmethod + def _parse_name(observable, index='0'): + return observable[index].get('name') + + def _parse_network_attribute(self, observable): + port = self._parse_port(observable, index='1') + return f'{self._parse_value(observable)}|{port}' + + def parse_network_connection_observable(self, observable): + network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') + attributes = self._parse_network_traffic(network_traffic, references) + if hasattr(network_traffic, 'protocols'): + attributes.extend(self._parse_network_traffic_protocol(protocol) for protocol in network_traffic.protocols if protocol in stix2misp_mapping.connection_protocols) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) + return attributes + + def parse_network_socket_observable(self, observable): + network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') + attributes = self._parse_network_traffic(network_traffic, references) + if hasattr(network_traffic, 'protocols'): + attributes.append({'type': 'text', 'object_relation': 'protocol', 'to_ids': False, + 'value': network_traffic.protocols[0].strip("'")}) + if hasattr(network_traffic, 'extensions') and network_traffic.extensions: + attributes.extend(self._parse_socket_extension(network_traffic.extensions['socket-ext'])) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) + return attributes + + def _parse_network_traffic(self, network_traffic, references): + attributes = [] + mapping = 'network_traffic_references_mapping' + for feature in ('src', 'dst'): + port = f'{feature}_port' + if hasattr(network_traffic, port): + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[port]) + attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) + attributes.append(attribute) + ref = f'{feature}_ref' + if hasattr(network_traffic, ref): + attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), mapping, feature)) + if hasattr(network_traffic, f'{ref}s'): + for ref in getattr(network_traffic, f'{ref}s'): + attributes.append(self._parse_observable_reference(references.pop(ref), mapping, feature)) + return attributes + + @staticmethod + def _parse_number(observable): + return observable['0'].get('number') + + @staticmethod + def _parse_payload(observable): + return observable['0'].payload_bin + + def parse_pe_observable(self, observable): + key = self._fetch_file_observable(observable) + extension = observable[key]['extensions']['windows-pebinary-ext'] + pe_uuid = self.parse_pe(extension) + return self.parse_file_observable(observable), pe_uuid + + @staticmethod + def _parse_port(observable, index='0'): + port_observable = observable[index] + return port_observable['src_port'] if 'src_port' in port_observable else port_observable['dst_port'] + + def parse_process_observable(self, observable): + process, references = self.filter_main_object(observable, 'Process', test_function='_process_test_filter') + attributes = self.fill_observable_attributes(process, 'process_mapping') + if hasattr(process, 'parent_ref'): + attributes.extend(self.fill_observable_attributes(references[process.parent_ref], 'parent_process_reference_mapping')) + if hasattr(process, 'child_refs'): + for reference in process.child_refs: + attributes.extend(self.fill_observable_attributes(references[reference], 'child_process_reference_mapping')) + if hasattr(process, 'binary_ref'): + reference = references[process.binary_ref] + attribute = deepcopy(stix2misp_mapping.process_image_mapping) + attribute.update({'value': reference.name, 'to_ids': False}) + attributes.append(attribute) + return attributes + + @staticmethod + def _parse_regkey_attribute(observable): + return observable['0'].get('key') + + def parse_regkey_observable(self, observable): + attributes = [] + for key, value in observable['0'].items(): + if key in stix2misp_mapping.regkey_mapping: + attribute = deepcopy(stix2misp_mapping.regkey_mapping[key]) + attribute.update({'value': value.replace('\\\\', '\\'), 'to_ids': False}) + attributes.append(attribute) + if 'values' in observable['0']: + attributes.extend(self.fill_observable_attributes(observable['0']['values'][0], 'regkey_mapping')) + return attributes + + def _parse_regkey_value(self, observable): + regkey = self._parse_regkey_attribute(observable) + return f'{regkey}|{observable["0"]["values"][0].get("data")}' + + def parse_single_attribute_observable(self, observable, attribute_type): + if attribute_type in stix2misp_mapping.attributes_type_mapping: + return getattr(self, stix2misp_mapping.attributes_type_mapping[attribute_type])(observable, attribute_type) + return getattr(self, stix2misp_mapping.attributes_mapping[attribute_type])(observable) + + def _parse_socket_extension(self, extension): + attributes = [] + extension = {key: value for key, value in extension.items()} + if 'x_misp_text_address_family' in extension: + extension.pop('address_family') + for element, value in extension.items(): + if element in stix2misp_mapping.network_socket_extension_mapping: + attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[element]) + if element in ('is_listening', 'is_blocking'): + if value is False: + continue + value = element.split('_')[1] + elif element.startswith('x_misp_'): + attribute = self.parse_custom_property(element) + else: + continue + attribute.update({'value': value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + @staticmethod + def parse_url_observable(observable): + attributes = [] + for object in observable.values(): + feature = 'dst_port' if isinstance(object, stix2.v20.observables.NetworkTraffic) else 'value' + attribute = deepcopy(stix2misp_mapping.url_mapping[object._type]) + attribute.update({'value': getattr(object, feature), 'to_ids': False}) + attributes.append(attribute) + return attributes + + def parse_user_account_observable(self, observable): + observable = observable['0'] + attributes = self.fill_observable_attributes(observable, 'user_account_mapping') + if 'extensions' in observable and 'unix-account-ext' in observable['extensions']: + extension = observable['extensions']['unix-account-ext'] + if 'groups' in extension: + attributes.extend(self._parse_user_account_groups(extension['groups'])) + attributes.extend(self.fill_observable_attributes(extension, 'user_account_mapping')) + return attributes + + @staticmethod + def _parse_value(observable, index='0'): + return observable[index].get('value') + + def _parse_x509_attribute(self, observable, attribute_type): + hash_type = attribute_type.split('-')[-1] + return self._parse_hash(observable, hash_type) + + def parse_x509_observable(self, observable): + attributes = self.fill_observable_attributes(observable['0'], 'x509_mapping') + if hasattr(observable['0'], 'hashes') and observable['0'].hashes: + attributes.extend(self.fill_observable_attributes(observable['0'].hashes, 'x509_mapping')) + return attributes + + ################################################################################ + ## PATTERN PARSING FUNCTIONS. ## + ################################################################################ + + def fill_pattern_attributes(self, pattern, object_mapping): + attributes = [] + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if pattern_type not in getattr(stix2misp_mapping, object_mapping): + if 'x_misp_' in pattern_type: + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + return attributes + + def parse_asn_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'asn_mapping') + + def parse_credential_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'credential_mapping') + + def parse_domain_ip_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'domain_ip_mapping') + + def parse_email_pattern(self, pattern): + attributes = [] + attachments = defaultdict(dict) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if 'body_multipart' in pattern_type: + pattern_type = pattern_type.split('.') + feature = 'data' if pattern_type[-1] == 'payload_bin' else 'value' + attachments[pattern_type[0][-2]][feature] = pattern_value.strip("'") + continue + if pattern_type not in stix2misp_mapping.email_mapping: + if 'x_misp_' in pattern_type: + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + for attachment in attachments.values(): + if 'data' in attachment: + attribute = {'type': 'attachment', 'object_relation': 'screenshot', 'data': attachment['data']} + else: + attribute = {'type': 'email-attachment', 'object_relation': 'attachment'} + attribute['value'] = attachment['value'] + attributes.append(attribute) + return attributes + + def parse_file_pattern(self, pattern): + attributes = [] + attachment = {} + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if pattern_type in stix2misp_mapping.attachment_types: + attachment[pattern_type] = pattern_value.strip("'") + if pattern_type not in stix2misp_mapping.file_mapping: + continue + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + if 'file:content_ref.payload_bin' in attachment: + filename = self._choose_with_priority(attachment, 'file:content_ref.name', 'file:name') + md5 = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") + attributes.append({ + 'type': 'malware-sample', + 'object_relation': 'malware-sample', + 'value': f'{attachment[filename]}|{attachment[md5]}', + 'data': attachment['file:content_ref.payload_bin'] + }) + if 'artifact:payload_bin' in attachment: + attributes.append({ + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': attachment['artifact:x_misp_text_name'] if 'artifact:x_misp_text_name' in attachment else attachment['file:name'], + 'data': attachment['artifact:payload_bin'] + }) + return attributes + + def parse_ip_port_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'ip_port_mapping') + + def parse_network_connection_pattern(self, pattern): + attributes = [] + references = defaultdict(dict) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if pattern_type not in stix2misp_mapping.network_traffic_mapping: + pattern_value = pattern_value.strip("'") + if pattern_type.startswith('network-traffic:protocols['): + attributes.append({ + 'type': 'text', 'value': pattern_value, + 'object_relation': f'layer{stix2misp_mapping.connection_protocols[pattern_value]}-protocol' + }) + elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) + continue + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + attributes.extend(attribute for attribute in references.values()) + return attributes + + def parse_network_socket_pattern(self, pattern): + attributes = [] + references = defaultdict(dict) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + pattern_value = pattern_value.strip("'") + if pattern_type not in stix2misp_mapping.network_traffic_mapping: + if pattern_type in stix2misp_mapping.network_socket_extension_mapping: + attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[pattern_type]) + if pattern_type.startswith("network-traffic:extensions.'socket-ext'.is_"): + if pattern_value != 'True': + continue + pattern_value = pattern_type.split('_')[1] + else: + if pattern_type.startswith('network-traffic:protocols['): + attributes.append({'type': 'text', 'object_relation': 'protocol', 'value': pattern_value}) + elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) + continue + else: + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + attributes.extend(attribute for attribute in references.values()) + return attributes + + def parse_pe_pattern(self, pattern): + attributes = [] + sections = defaultdict(dict) + pe = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if ':extensions.' in pattern_type: + if '.sections[' in pattern_type: + pattern_type = pattern_type.split('.') + relation = pattern_type[-1].strip("'") + if relation in stix2misp_mapping.pe_section_mapping: + sections[pattern_type[2][-2]][relation] = pattern_value.strip("'") + else: + pattern_type = pattern_type.split('.')[-1] + if pattern_type not in stix2misp_mapping.pe_mapping: + if pattern_type.startswith('x_misp_'): + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + pe.add_attribute(**attribute) + continue + attribute = deepcopy(stix2misp_mapping.pe_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + pe.add_attribute(**attribute) + else: + if pattern_type not in stix2misp_mapping.file_mapping: + if pattern_type.startswith('x_misp_'): + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + for section in sections.values(): + pe_section = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) + for feature, value in section.items(): + attribute = deepcopy(stix2misp_mapping.pe_section_mapping[feature]) + attribute['value'] = value + pe_section.add_attribute(**attribute) + self.misp_event.add_object(pe_section) + pe.add_reference(pe_section.uuid, 'includes') + self.misp_event.add_object(pe) + return attributes, pe.uuid + + def parse_process_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'process_mapping') + + def parse_regkey_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'regkey_mapping') + + def parse_url_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'url_mapping') + + @staticmethod + def parse_user_account_pattern(pattern): + attributes = [] + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + pattern_type = pattern_type.split('.')[-1].split('[')[0] if "extensions.'unix-account-ext'" in pattern_type else pattern_type.split(':')[-1] + if pattern_type not in stix2misp_mapping.user_account_mapping: + if pattern_type.startswith('group'): + attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value.strip("'")}) + continue + attribute = deepcopy(stix2misp_mapping.user_account_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + return attributes + + def parse_x509_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'x509_mapping') + + ################################################################################ + ## UTILITY FUNCTIONS. ## + ################################################################################ + + def create_attribute_dict(self, stix_object): + labels = stix_object['labels'] + attribute_uuid = stix_object.id.split('--')[1] + attribute = {'uuid': attribute_uuid, + 'type': self.get_misp_type(labels), + 'category': self.get_misp_category(labels)} + tags = [{'name': label} for label in labels[3:]] + if tags: + attribute['Tag'] = tags + attribute.update(self.parse_timeline(stix_object)) + if hasattr(stix_object, 'object_marking_refs'): + self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs) + return attribute + + def create_misp_object(self, stix_object): + labels = stix_object['labels'] + object_type = self.get_misp_type(labels) + misp_object = MISPObject('file' if object_type == 'WindowsPEBinaryFile' else object_type, + misp_objects_path_custom=_misp_objects_path) + misp_object.uuid = stix_object.id.split('--')[1] + misp_object.update(self.parse_timeline(stix_object)) + return misp_object, object_type + + @staticmethod + def _fill_object_attribute(feature, value): + return {'value': str(value) if feature in ('entropy', 'size') else value} + + @staticmethod + def _fill_observable_object_attribute(feature, value): + return {'value': str(value) if feature in ('entropy', 'size') else value, + 'to_ids': False} + + @staticmethod + def get_misp_category(labels): + return labels[1].split('=')[1].strip('"') + + @staticmethod + def get_misp_type(labels): + return labels[0].split('=')[1].strip('"') + + @staticmethod + def parse_attribute_pattern(pattern): + if ' AND ' in pattern: + pattern_parts = pattern.strip('[]').split(' AND ') + if len(pattern_parts) == 3: + _, value1 = pattern_parts[2].split(' = ') + _, value2 = pattern_parts[0].split(' = ') + return '{}|{}'.format(value1.strip("'"), value2.strip("'")) + else: + _, value1 = pattern_parts[0].split(' = ') + _, value2 = pattern_parts[1].split(' = ') + if value1 in ("'ipv4-addr'", "'ipv6-addr'"): + return value2.strip("'") + return '{}|{}'.format(value1.strip("'"), value2.strip("'")) + else: + return pattern.split(' = ')[1].strip("]'") + + def parse_attribute_pattern_with_data(self, pattern): + if 'file:content_ref.payload_bin' not in pattern: + return self.parse_attribute_pattern(pattern) + pattern_parts = pattern.strip('[]').split(' AND ') + if len(pattern_parts) == 3: + filename = pattern_parts[0].split(' = ')[1] + md5 = pattern_parts[1].split(' = ')[1] + return "{}|{}".format(filename.strip("'"), md5.strip("'")), pattern_parts[2].split(' = ')[1].strip("'") + return pattern_parts[0].split(' = ')[1].strip("'"), pattern_parts[1].split(' = ')[1].strip("'") + + @staticmethod + def parse_custom_property(custom_property): + properties = custom_property.split('_') + return {'type': properties[2], 'object_relation': '-'.join(properties[3:])} + + +class ExternalStixParser(StixParser): + def __init__(self): + super().__init__() + self._stix2misp_mapping.update({'attack-pattern': 'parse_attack_pattern', + 'course-of-action': 'parse_course_of_action', + 'vulnerability': 'parse_vulnerability'}) + + ################################################################################ + ## PARSING FUNCTIONS. ## + ################################################################################ + + def parse_event(self, stix_event): + for stix_object in stix_event.objects: + object_type = stix_object['type'] + if object_type in self._stix2misp_mapping: + getattr(self, self._stix2misp_mapping[object_type])(stix_object) + else: + print(f'not found: {object_type}', file=sys.stderr) + if self.relationship: + self.parse_relationships() + if self.galaxy: + self.parse_galaxies() + event_uuid = stix_event.id.split('--')[1] + if hasattr(self, 'report'): + self.parse_report(event_uuid=event_uuid) + else: + self.misp_event.uuid = event_uuid + self.misp_event.info = 'Imported with the STIX to MISP import script.' + self.handle_markings() + + def parse_galaxy(self, galaxy): + galaxy_names = self._check_existing_galaxy_name(galaxy.name) + if galaxy_names is not None: + return galaxy_names + return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] + + def _parse_indicator(self, indicator): + pattern = indicator.pattern + if any(relation in pattern for relation in stix2misp_mapping.pattern_forbidden_relations) or all(relation in pattern for relation in (' OR ', ' AND ')): + self.add_stix2_pattern_object(indicator) + separator = ' OR ' if ' OR ' in pattern else ' AND ' + self.parse_usual_indicator(indicator, separator) + + def _parse_observable(self, observable): + types = self._parse_observable_types(observable.objects) + try: + getattr(self, stix2misp_mapping.observable_mapping[types])(observable) + except KeyError: + print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) + + def _parse_undefined(self, stix_object): + try: + self.objects_to_parse[stix_object['id'].split('--')[1]] = stix_object + except AttributeError: + self.objects_to_parse = {stix_object['id'].split('--')[1]: stix_object} + + def add_stix2_pattern_object(self, indicator): + misp_object = MISPObject('stix2-pattern', misp_objects_path_custom=_misp_objects_path) + misp_object.uuid = indicator.id.split('--')[1] + misp_object.update(self.parse_timeline(indicator)) + version = f'STIX {indicator.pattern_version}' if hasattr(indicator, 'pattern_version') else 'STIX 2.0' + misp_object.add_attribute(**{'type': 'text', 'object_relation': 'version', 'value': version}) + misp_object.add_attribute(**{'type': 'stix2-pattern', 'object_relation': 'stix2-pattern', + 'value': indicator.pattern}) + self.misp_event.add_object(**misp_object) + + @staticmethod + def fill_misp_object(misp_object, stix_object, mapping): + for key, feature in getattr(stix2misp_mapping, mapping).items(): + if hasattr(stix_object, key): + attribute = deepcopy(feature) + attribute['value'] = getattr(stix_object, key) + misp_object.add_attribute(**attribute) + + @staticmethod + def fill_misp_object_from_dict(misp_object, stix_object, mapping): + for key, feature in getattr(stix2misp_mapping, mapping).items(): + if key in stix_object: + attribute = deepcopy(feature) + attribute['value'] = stix_object[key] + misp_object.add_attribute(**attribute) + + def parse_attack_pattern(self, attack_pattern): + galaxy_names = self._check_existing_galaxy_name(attack_pattern.name) + if galaxy_names is not None: + self.galaxy[attack_pattern['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} + else: + misp_object = self.create_misp_object(attack_pattern) + if hasattr(attack_pattern, 'external_references'): + for reference in attack_pattern.external_references: + source_name = reference['source_name'] + value = reference['external_id'].split('-')[1] if source_name == 'capec' else reference['url'] + attribute = deepcopy(stix2misp_mapping.attack_pattern_references_mapping[source_name]) if source_name in stix2misp_mapping.attack_pattern_references_mapping else stix2misp_mapping.references_attribute_mapping + attribute['value'] = value + misp_object.add_attribute(**attribute) + self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping') + self.misp_event.add_object(**misp_object) + + def parse_course_of_action(self, course_of_action): + galaxy_names = self._check_existing_galaxy_name(course_of_action.name) + if galaxy_names is not None: + self.galaxy[course_of_action['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} + else: + misp_object = self.create_misp_object(course_of_action) + self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping') + self.misp_event.add_object(**misp_object) + + def parse_usual_indicator(self, indicator, separator): + pattern = tuple(part.strip() for part in self._handle_pattern(indicator.pattern).split(separator)) + types = self._parse_pattern_types(pattern) + try: + getattr(self, stix2misp_mapping.pattern_mapping[types])(indicator, separator) + except KeyError: + print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) + self.add_stix2_pattern_object(indicator) + + def parse_vulnerability(self, vulnerability): + galaxy_names = self._check_existing_galaxy_name(vulnerability.name) + if galaxy_names is not None: + self.galaxy[vulnerability['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} + else: + attributes = self._get_attributes_from_observable(vulnerability, 'vulnerability_mapping') + if hasattr(vulnerability, 'external_references'): + for reference in vulnerability.external_references: + if reference['source_name'] == 'url': + attribute = deepcopy(stix2misp_mapping.references_attribute_mapping) + attribute['value'] = reference['url'] + attributes.append(attribute) + if len(attributes) == 1 and attributes[0]['object_relation'] == 'id': + attributes[0]['type'] = 'vulnerability' + self.handle_import_case(vulnerability, attributes, 'vulnerability') + + ################################################################################ + ## OBSERVABLE PARSING FUNCTIONS ## + ################################################################################ + + @staticmethod + def _fetch_reference_type(references, object_type): + for key, reference in references.items(): + if isinstance(reference, getattr(stix2.v20.observables, object_type)): + return key + return None + + @staticmethod + def _fetch_user_account_type_observable(observable_objects): + for observable_object in observable_objects.values(): + if hasattr(observable_object, 'extensions') or any(key not in ('user_id', 'credential', 'type') for key in observable_object): + return 'user-account', 'user_account_mapping' + return 'credential', 'credential_mapping' + + @staticmethod + def _get_attributes_from_observable(stix_object, mapping): + attributes = [] + for key, value in stix_object.items(): + if key in getattr(stix2misp_mapping, mapping) and value: + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[key]) + attribute.update({'value': value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + def get_network_traffic_attributes(self, network_traffic, references): + attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') + mapping = 'network_traffic_references_mapping' + attributes.extend(self.parse_network_traffic_references(network_traffic, references, mapping)) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, mapping, 'dst')) + return attributes + + @staticmethod + def _handle_attachment_type(stix_object, is_reference, filename): + _has_md5 = hasattr(stix_object, 'hashes') and 'MD5' in stix_object.hashes + if is_reference and _has_md5: + return 'malware-sample', f'{filename}|{stix_object.hashes["MD5"]}' + return 'attachment', filename + + def handle_pe_observable(self, attributes, extension, observable): + pe_uuid = self.parse_pe(extension) + file = self.create_misp_object(observable, 'file') + file.add_reference(pe_uuid, 'includes') + for attribute in attributes: + file.add_attribute(**attribute) + self.misp_event.add_object(file) + + @staticmethod + def _is_reference(network_traffic, reference): + for feature in ('src', 'dst'): + for reference_type in (f'{feature}_{ref}' for ref in ('ref', 'refs')): + if reference in network_traffic.get(reference_type, []): + return True + return False + + @staticmethod + def _network_traffic_has_extension(network_traffic): + if not hasattr(network_traffic, 'extensions'): + return None + if 'socket-ext' in network_traffic.extensions: + return 'parse_socket_extension_observable' + return None + + def parse_asn_observable(self, observable): + autonomous_system, references = self.filter_main_object(observable.objects, 'AutonomousSystem') + mapping = 'asn_mapping' + attributes = self._get_attributes_from_observable(autonomous_system, mapping) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, mapping)) + self.handle_import_case(observable, attributes, 'asn') + + def parse_domain_ip_observable(self, observable): + domain, references = self.filter_main_object(observable.objects, 'DomainName') + mapping = 'domain_ip_mapping' + attributes = [self._parse_observable_reference(domain, mapping)] + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, mapping)) + self.handle_import_case(observable, attributes, 'domain-ip') + + def parse_domain_ip_network_traffic_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + extension = self._network_traffic_has_extension(network_traffic) + if extension: + attributes, object_name = getattr(self, extension)(network_traffic, references) + return self.handle_import_case(observable, attributes, object_name) + if self._required_protocols(network_traffic.protocols): + attributes = self.parse_network_connection_object(network_traffic, references) + return self.handle_import_case(observable, attributes, 'network-connection') + attributes, object_name = self.parse_network_traffic_objects(network_traffic, references) + self.handle_import_case(observable, attributes, object_name) + + def parse_domain_network_traffic_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + extension = self._network_traffic_has_extension(network_traffic) + if extension: + attributes, object_name = getattr(self, extension)(network_traffic, references) + return self.handle_import_case(observable, attributes, object_name) + attributes = self.parse_network_connection_object(network_traffic, references) + self.handle_import_case(observable, attributes, 'network-connection') + + def parse_email_address_observable(self, observable): + self.add_attributes_from_observable(observable, 'email-src', 'value') + + def parse_email_observable(self, observable): + email_message, references = self.filter_main_object(observable.objects, 'EmailMessage') + attributes = self._get_attributes_from_observable(email_message, 'email_mapping') + if hasattr(email_message, 'additional_header_fields'): + attributes.extend(self._get_attributes_from_observable(email_message.additional_header_fields, 'email_mapping')) + attributes.extend(self._parse_email_references(email_message, references)) + if hasattr(email_message, 'body_multipart') and email_message.body_multipart: + attributes.extend(self._parse_email_body(email_message.body_multipart, references)) + if references: + print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) + self.handle_import_case(observable, attributes, 'email') + + def parse_file_observable(self, observable): + file_object, references = self.filter_main_object(observable.objects, 'File') + attributes = self._get_attributes_from_observable(file_object, 'file_mapping') + if 'hashes' in file_object: + attributes.extend(self._get_attributes_from_observable(file_object.hashes, 'file_mapping')) + if references: + filename = file_object.name if hasattr(file_object, 'name') else 'unknown_filename' + for key, reference in references.items(): + if isinstance(reference, stix2.v20.observables.Artifact): + _is_content_ref = 'content_ref' in file_object and file_object.content_ref == key + attribute_type, value = self._handle_attachment_type(reference, _is_content_ref, filename) + attribute = { + 'type': attribute_type, + 'object_relation': attribute_type, + 'value': value, + 'to_ids': False + } + if hasattr(reference, 'payload_bin'): + attribute['data'] = reference.payload_bin + attributes.append(attribute) + elif isinstance(reference, stix2.v20.observables.Directory): + attribute = { + 'type': 'text', + 'object_relation': 'path', + 'value': reference.path, + 'to_ids': False + } + attributes.append(attribute) + if hasattr(file_object, 'extensions'): + # Support of more extension types probably in the future + if 'windows-pebinary-ext' in file_object.extensions: + # Here we do not go to the standard route of "handle_import_case" + # because we want to make sure a file object is created + return self.handle_pe_observable(attributes, file_object.extensions['windows-pebinary-ext'], observable) + extension_types = (extension_type for extension_type in file_object.extensions.keys()) + print(f'File extension type(s) not supported at the moment: {", ".join(extension_types)}', file=sys.stderr) + self.handle_import_case(observable, attributes, 'file', _force_object=('file-encoding', 'path')) + + def parse_ip_address_observable(self, observable): + attributes = [] + for observable_object in observable.objects.values(): + attribute = { + 'value': observable_object.value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.ip_attribute_mapping) + attributes.append(attribute) + self.handle_import_case(observable, attributes, 'ip-port') + + def parse_ip_network_traffic_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + extension = self._network_traffic_has_extension(network_traffic) + if extension: + attributes, object_name = getattr(self, extension)(network_traffic, references) + return self.handle_import_case(observable, attributes, object_name) + attributes = self.parse_ip_port_object(network_traffic, references) + self.handle_import_case(observable, attributes, 'ip-port') + + def parse_ip_port_object(self, network_traffic, references): + attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') + attributes.extend(self.parse_network_traffic_references(network_traffic, references, 'ip_port_references_mapping')) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) + return attributes + + def parse_mac_address_observable(self, observable): + self.add_attributes_from_observable(observable, 'mac-address', 'value') + + def parse_network_connection_object(self, network_traffic, references): + attributes = self.get_network_traffic_attributes(network_traffic, references) + attributes.extend(self.parse_protocols(network_traffic.protocols, 'observable object')) + return attributes + + def parse_network_traffic_objects(self, network_traffic, references): + _has_domain = self._fetch_reference_type(references.values(), 'DomainName') + if _has_domain and self._is_reference(network_traffic, _has_domain): + return self.parse_network_connection_object(network_traffic, references), 'network-connection' + return self.parse_ip_port_object(network_traffic, references), 'ip-port' + + def parse_network_traffic_references(self, network_traffic, references, mapping): + attributes = [] + for feature in ('src', 'dst'): + ref = f'{feature}_ref' + if hasattr(network_traffic, ref): + reference = getattr(network_traffic, ref) + attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) + if hasattr(network_traffic, f'{ref}s'): + for reference in getattr(network_traffic, f'{ref}s'): + attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) + return attributes + + def parse_mutex_observable(self, observable): + self.add_attributes_from_observable(observable, 'mutex', 'name') + + def parse_process_observable(self, observable): + process, references = self.filter_main_object(observable.objects, 'Process', test_function='_process_test_filter') + attributes = self._get_attributes_from_observable(process, 'process_mapping') + if hasattr(process, 'parent_ref'): + attributes.extend(self._get_attributes_from_observable(references.pop(process.parent_ref), 'parent_process_reference_mapping')) + if hasattr(process, 'child_refs'): + for reference in process.child_refs: + attributes.extend(self._get_attributes_from_observable(references.pop(reference), 'child_process_reference_mapping')) + if hasattr(process, 'binary_ref'): + reference = references.pop(process.binary_ref) + attribute = { + 'value': reference.name, + 'to_ids': False + } + attribute.update(stix2misp_mapping.process_image_mapping) + attributes.append(attribute) + if references: + print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) + self.handle_import_case(observable, attributes, 'process', _force_object=True) + + def parse_protocols(self, protocols, object_type): + attributes = [] + protocols = (protocol.upper() for protocol in protocols) + for protocol in protocols: + try: + attributes.append(self._parse_network_traffic_protocol(protocol)) + except KeyError: + print(f'Unknown protocol in network-traffic {object_type}: {protocol}', file=sys.stderr) + return attributes + + def parse_regkey_observable(self, observable): + attributes = [] + for observable_object in observable.objects.values(): + attributes.extend(self._get_attributes_from_observable(observable_object, 'regkey_mapping')) + if 'values' in observable_object: + for registry_value in observable_object['values']: + attributes.extend(self._get_attributes_from_observable(registry_value, 'regkey_mapping')) + self.handle_import_case(observable, attributes, 'registry-key') + + def parse_socket_extension_observable(self, network_traffic, references): + attributes = self.get_network_traffic_attributes(network_traffic, references) + for key, value in network_traffic.extensions['socket-ext'].items(): + if key not in stix2misp_mapping.network_socket_extension_mapping: + print(f'Unknown socket extension field in observable object: {key}', file=sys.stderr) + continue + if key.startswith('is_') and not value: + continue + attribute = { + 'value': key.split('_')[1] if key.startswith('is_') else value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.network_socket_extension_mapping[key]) + attributes.append(attribute) + return attributes, 'network-socket' + + def parse_url_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') if network_traffic else [] + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'url_mapping')) + self.handle_import_case(observable, attributes, 'url') + + def parse_user_account_extension(self, extension): + attributes = self._parse_user_account_groups(extension['groups']) if 'groups' in extension else [] + attributes.extend(self._get_attributes_from_observable(extension, 'user_account_mapping')) + return attributes + + def parse_user_account_observable(self, observable): + attributes = [] + object_name, mapping = self._fetch_user_account_type_observable(observable.objects) + for observable_object in observable.objects.values(): + attributes.extend(self._get_attributes_from_observable(observable_object, mapping)) + if hasattr(observable_object, 'extensions') and observable_object.extensions.get('unix-account-ext'): + attributes.extend(self.parse_user_account_extension(observable_object.extensions['unix-account-ext'])) + self.handle_import_case(observable, attributes, object_name) + + def parse_x509_observable(self, observable): + attributes = [] + for observable_object in observable.objects.values(): + attributes.extend(self._get_attributes_from_observable(observable_object, 'x509_mapping')) + if hasattr(observable_object, 'hashes'): + attributes.extend(self._get_attributes_from_observable(observable_object.hashes, 'x509_mapping')) + self.handle_import_case(observable, attributes, 'x509') + + ################################################################################ + ## PATTERN PARSING FUNCTIONS. ## + ################################################################################ + + @staticmethod + def _fetch_user_account_type_pattern(pattern): + for stix_object in pattern: + if 'extensions' in stix_object or all(key not in stix_object for key in ('user_id', 'credential', 'type')): + return 'user-account', 'user_account_mapping' + return 'credential', 'credential_mapping' + + def get_attachment(self, attachment, filename): + attribute = { + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': attachment.pop(filename) + } + data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') + attribute['data'] = attachment.pop(data_feature) + return attribute + + def get_attributes_from_pattern(self, pattern, mapping, separator): + attributes = [] + for pattern_part in pattern.strip('[]').split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + try: + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) + except KeyError: + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + continue + attribute['value'] = pattern_value + attributes.append(attribute) + return attributes + + def get_malware_sample(self, attachment, filename): + md5_feature = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") + attribute = { + 'type': 'malware-sample', + 'object_relation': 'malware-sample', + 'value': f'{attachment.pop(filename)}|{attachment.pop(md5_feature)}' + } + data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') + attribute['data'] = attachment.pop(data_feature) + return attribute + + def _handle_file_attachments(self, attachment): + attributes = [] + if any('content_ref' in feature for feature in attachment.keys()): + attribute_type = 'attachment' + value = attachment['file:name'] if 'file:name' in attachment else 'unknown_filename' + if "file:content_ref.hashes.'MD5'" in attachment: + attribute_type = 'malware-sample' + md5 = attachment.pop("file:content_ref.hashes.'MD5'") + value = f'{value}|{md5}' + data = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') + attribute = { + 'type': attribute_type, + 'object_relation': attribute_type, + 'value': value, + 'data': attachment.pop(data) + } + attributes.append(attribute) + if 'artifact:payload_bin' in attachment: + attribute = { + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': attachment['file:name'], + 'data': attachment.pop('artifact:payload_bin') + } + attributes.append(attribute) + return attributes + + def parse_as_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'asn_mapping', separator) + self.handle_import_case(indicator, attributes, 'asn') + + def parse_domain_ip_port_pattern(self, indicator, separator): + attributes = [] + references = defaultdict(dict) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type not in stix2misp_mapping.domain_ip_mapping: + if any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) + else: + print(f'Pattern type not currently mapped: {pattern_type}', file=sys.stderr) + continue + attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + if references: + attributes.extend(references.values()) + object_name = 'ip-port' if 'network-traffic' in indicator.pattern else 'domain-ip' + self.handle_import_case(indicator, attributes, object_name) + + def parse_email_address_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'email-src', separator) + + def parse_email_message_pattern(self, indicator, separator): + attributes = [] + attachments = defaultdict(dict) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type not in stix2misp_mapping.email_mapping: + if pattern_type.startswith('email-message:body_multipart'): + features = pattern_type.split('.') + if len(features) == 3 and features[1] == 'body_raw_ref': + index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' + key = 'data' if features[2] == 'payload_bin' else 'value' + attachments[index][key] = pattern_value + continue + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + continue + attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + if attachments: + for attachment in attachments.values(): + attribute = { + 'type': 'attachment', + 'object_relation': 'screenshot' + } if 'data' in attachment else { + 'type': 'email-attachment', + 'object_relation': 'attachment' + } + attribute.update(attachment) + attributes.append(attribute) + self.handle_import_case(indicator, attributes, 'email') + + def parse_file_pattern(self, indicator, separator): + attributes = [] + attachment = {} + extensions = defaultdict(lambda: defaultdict(dict)) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type in stix2misp_mapping.attachment_types: + attachment[pattern_type] = pattern_value.strip("'") + continue + if pattern_type not in stix2misp_mapping.file_mapping: + if 'extensions' in pattern_type: + features = pattern_type.split('.')[1:] + extension_type = features.pop(0).strip("'") + if 'section' in features[0] and features[0] != 'number_of_sections': + index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' + extensions[extension_type][f'section_{index}'][features[-1].strip("'")] = pattern_value + else: + extensions[extension_type]['.'.join(features)] = pattern_value + continue + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + if any(key.endswith('payload_bin') for key in attachment.keys()): + attributes.extend(self._handle_file_attachments(attachment)) + if attachment: + for pattern_type, value in attachment.items(): + if pattern_type in stix2misp_mapping.file_mapping: + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = value + attributes.append(attribute) + if extensions: + file_object = self.create_misp_object(indicator, 'file') + self.parse_file_extension(file_object, attributes, extensions) + else: + self.handle_import_case(indicator, attributes, 'file', _force_object=('file-encoding', 'path')) + + def parse_file_extension(self, file_object, attributes, extensions): + for attribute in attributes: + file_object.add_attribute(**attribute) + if 'windows-pebinary-ext' in extensions: + pe_extension = extensions['windows-pebinary-ext'] + pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) + sections = self._get_sections(pe_extension) + self.fill_misp_object_from_dict(pe_object, pe_extension, 'pe_mapping') + if sections: + for section in sections: + section_object = MISPObject('pe-section') + self.fill_misp_object_from_dict(section_object, section, 'pe_section_mapping') + self.misp_event.add_object(section_object) + pe_object.add_reference(section_object.uuid, 'includes') + self.misp_event.add_object(pe_object) + file_object.add_reference(pe_object.uuid, 'includes') + self.misp_event.add_object(file_object) + + def parse_ip_address_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'ip-dst', separator) + + def parse_mac_address_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'mac-address', separator) + + def parse_mutex_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'mutex', separator) + + def parse_network_connection_pattern(self, indicator, attributes, references): + attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) + self.handle_import_case(indicator, attributes, 'network-connection') + + @staticmethod + def _parse_network_pattern_references(references, mapping): + attributes = [] + for feature, reference in references.items(): + feature = feature.split('_')[0] + attribute = {key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference['type']].items()} + attribute['value'] = reference['value'] + attributes.append(attribute) + return attributes + + def parse_network_socket_pattern(self, indicator, attributes, references, extension): + attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) + for key, value in extension.items(): + if key not in stix2misp_mapping.network_socket_extension_mapping: + print(f'Unknown socket extension field in pattern: {key}', file=sys.stderr) + continue + if key.startswith('is_') and not json.loads(value.lower()): + continue + attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[key]) + attribute['value'] = key.split('_')[1] if key.startswith('is_') else value + attributes.append(attribute) + self.handle_import_case(indicator, attributes, 'network-socket') + + def parse_network_traffic_pattern(self, indicator, separator): + attributes = [] + protocols = [] + references = defaultdict(dict) + extensions = defaultdict(dict) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type in stix2misp_mapping.network_traffic_mapping: + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + if pattern_type.startswith('network-traffic:protocols['): + protocols.append(pattern_value) + elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update({feature: pattern_value}) + elif pattern_type.startswith('network-traffic:extensions.'): + _, extension_type, feature = pattern_type.split('.') + extensions[extension_type.strip("'")][feature] = pattern_value + else: + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + if extensions: + if 'socket-ext' in extensions: + return self.parse_network_socket_pattern(indicator, attributes, references, extensions['socket-ext']) + print(f'Unknown network extension(s) in pattern: {", ".join(extensions.keys())}', file=sys.stderr) + if protocols and self._required_protocols(protocols): + attributes.extend(self.parse_protocols(protocols, 'pattern')) + return self.parse_network_connection_pattern(indicator, attributes, references) + attributes.extend(self._parse_network_pattern_references(references, 'ip_port_references_mapping')) + self.handle_import_case(indicator, attributes, 'ip-port') + + def parse_process_pattern(self, indicator, separator): + attributes = [] + parent = {} + child = defaultdict(set) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if 'parent_' in pattern_type: + child[pattern_type.split('.')[-1]].add(pattern_value) + elif 'child_' in pattern_type: + parent[pattern_type.split('.')[-1]] = pattern_value + else: + try: + attribute = deepcopy(stix2misp_mapping.process_mapping[pattern_type]) + except KeyError: + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + continue + attribute['value'] = pattern_value + attributes.append(attribute) + if parent: + for key, value in parent.items(): + if key not in stix2misp_mapping.parent_process_reference_mapping: + print(f'Parent process key from pattern not supported at the moment: {key}', file=sys.stderr) + continue + attribute = {'value': value} + attribute.update(stix2misp_mapping.parent_process_reference_mapping[key]) + attributes.append(attribute) + if child: + for key, values in child.items(): + if key not in stix2misp_mapping.child_process_reference_mapping: + print(f'Child process key from pattern not supported at the moment: {key}', file=sys.stderr) + continue + for value in values: + attribute = {'value': value} + attribute.update(stix2misp_mapping.child_process_reference_mapping[key]) + attributes.append(attribute) + self.handle_import_case(indicator, attributes, 'process', _force_object=True) + + def parse_regkey_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'regkey_mapping', separator) + self.handle_import_case(indicator, attributes, 'registry-key') + + def parse_url_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'url_mapping', separator) + self.handle_import_case(indicator, attributes, 'url') + + def parse_user_account_pattern(self, indicator, separator): + attributes = [] + pattern = self._handle_pattern(indicator.pattern).split(separator) + object_name, mapping = self._fetch_user_account_type_pattern(pattern) + for pattern_part in pattern: + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + pattern_type = pattern_type.split(':')[1] + if pattern_type.startswith('extensions.'): + pattern_type = pattern_type.split('.')[-1] + if '[' in pattern_type: + pattern_type = pattern_type.split('[')[0] + if pattern_type in ('group', 'groups'): + attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value}) + continue + if pattern_type in getattr(stix2misp_mapping, mapping): + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + self.handle_import_case(indicator, attributes, object_name) + + def parse_x509_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'x509_mapping', separator) + self.handle_import_case(indicator, attributes, 'x509') + + ################################################################################ + ## UTILITY FUNCTIONS. ## + ################################################################################ + + def add_attributes_from_indicator(self, indicator, attribute_type, separator): + patterns = self._handle_pattern(indicator.pattern).split(separator) + if len(patterns) == 1: + _, value = self.get_type_and_value_from_pattern(patterns[0]) + attribute = MISPAttribute() + attribute.from_dict(**{ + 'uuid': indicator.id.split('--')[1], + 'type': attribute_type, + 'value': value, + 'to_ids': True + }) + attribute.update(self.parse_timeline(indicator)) + self.misp_event.add_attribute(**attribute) + else: + tmp_attribute = self.parse_timeline(indicator) + for pattern in patterns: + _, value = self.get_type_and_value_from_pattern(pattern) + attribute = MISPAttribute() + attribute.from_dict(**{ + 'type': attribute_type, + 'value': value, + 'to_ids': True + }) + attribute.update(tmp_attribute) + self.misp_event.add_attribute(**attribute) + + def add_attributes_from_observable(self, observable, attribute_type, feature): + if len(observable.objects) == 1: + attribute = MISPAttribute() + attribute.from_dict(**{ + 'uuid': observable.id.split('--')[1], + 'type': attribute_type, + 'value': getattr(observable.objects['0'], feature), + 'to_ids': False + }) + attribute.update(self.parse_timeline(observable)) + self.misp_event.add_attribute(**attribute) + else: + tmp_attribute = self.parse_timeline(observable) + for observable_object in observable.objects.values(): + attribute = MISPAttribute() + attribute.from_dict(**{ + 'type': attribute_type, + 'value': getattr(observable_object, feature), + 'to_ids': False + }) + attribute.update(tmp_attribute) + self.misp_event.add_attribute(**attribute) + + def _check_existing_galaxy_name(self, galaxy_name): + if galaxy_name in self._synonyms_to_tag_names: + return self._synonyms_to_tag_names[galaxy_name] + for name, tag_names in self._synonyms_to_tag_names.items(): + if galaxy_name in name: + return tag_names + return None + + def create_misp_object(self, stix_object, name=None): + misp_object = MISPObject(name if name is not None else stix_object.type, + misp_objects_path_custom=_misp_objects_path) + misp_object.uuid = stix_object.id.split('--')[1] + misp_object.update(self.parse_timeline(stix_object)) + return misp_object + + @staticmethod + def _get_sections(pe_extension): + sections = [feature for feature in pe_extension.keys() if feature.startswith('section_')] + return (pe_extension.pop(feature) for feature in sections) + + @staticmethod + def get_type_and_value_from_pattern(pattern): + pattern = pattern.strip('[]') + try: + pattern_type, pattern_value = pattern.split(' = \'') + except ValueError: + pattern_type, pattern_value = pattern.split('=') + return pattern_type.strip(), pattern_value.strip("'") + + def handle_import_case(self, stix_object, attributes, name, _force_object=False): + try: + if len(attributes) > 1 or (_force_object and self._handle_object_forcing(_force_object, attributes[0])): + misp_object = self.create_misp_object(stix_object, name) + for attribute in attributes: + misp_object.add_attribute(**attribute) + self.misp_event.add_object(**misp_object) + else: + attribute = {field: attributes[0][field] for field in stix2misp_mapping.single_attribute_fields if attributes[0].get(field) is not None} + attribute['uuid'] = stix_object.id.split('--')[1] + attribute.update(self.parse_timeline(stix_object)) + if isinstance(stix_object, stix2.v20.Indicator): + attribute['to_ids'] = True + if hasattr(stix_object, 'object_marking_refs'): + self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs) + self.misp_event.add_attribute(**attribute) + except IndexError: + object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects' + print(f'No attribute or object could be imported from the following {object_type}: {stix_object}', file=sys.stderr) + + @staticmethod + def _handle_object_forcing(_force_object, attribute): + if isinstance(_force_object, (list, tuple)): + return attribute['object_relation'] in _force_object + return _force_object + + @staticmethod + def _handle_pattern(pattern): + return pattern.strip().strip('[]') + + @staticmethod + def _parse_observable_types(observable_objects): + types = {observable_object._type for observable_object in observable_objects.values()} + return tuple(sorted(types)) + + @staticmethod + def _parse_pattern_types(pattern): + types = {part.split('=')[0].split(':')[0].strip('[') for part in pattern} + return tuple(sorted(types)) + + @staticmethod + def _required_protocols(protocols): + protocols = tuple(protocol.upper() for protocol in protocols) + if any(protocol not in ('TCP', 'IP') for protocol in protocols): + return True + return False + + +def from_misp(stix_objects): + for stix_object in stix_objects: + if stix_object['type'] == "report" and 'misp:tool="misp2stix2"' in stix_object.get('labels', []): + return True + return False + + +def main(args): + filename = Path(os.path.dirname(args[0]), args[1]) + with open(filename, 'rt', encoding='utf-8') as f: + event = stix2.parse(f.read(), allow_custom=True, interoperability=True) + stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser() + stix_parser.handler(event, filename, args[2:]) + stix_parser.save_file() + print(1) + + +if __name__ == '__main__': + main(sys.argv) diff --git a/misp_modules/lib/stix2misp_mapping.py b/misp_modules/lib/stix2misp_mapping.py new file mode 100644 index 0000000..706d990 --- /dev/null +++ b/misp_modules/lib/stix2misp_mapping.py @@ -0,0 +1,460 @@ +################################################################################ +# ATTRIBUTES AND OBJECTS MAPPING # +################################################################################ + +attributes_mapping = { + 'filename': '_parse_name', + 'ip-src': '_parse_value', + 'ip-dst': '_parse_value', + 'hostname': '_parse_value', + 'domain': '_parse_value', + 'domain|ip': '_parse_domain_ip_attribute', + 'email-src': '_parse_value', + 'email-dst': '_parse_value', + 'email-attachment': '_parse_name', + 'url': '_parse_value', + 'regkey': '_parse_regkey_attribute', + 'regkey|value': '_parse_regkey_value', + 'malware-sample': '_parse_malware_sample', + 'mutex': '_parse_name', + 'uri': '_parse_value', + 'port': '_parse_port', + 'ip-dst|port': '_parse_network_attribute', + 'ip-src|port': '_parse_network_attribute', + 'hostname|port': '_parse_network_attribute', + 'email-reply-to': '_parse_email_reply_to', + 'attachment': '_parse_attachment', + 'mac-address': '_parse_value', + 'AS': '_parse_number' +} + +attributes_type_mapping = { + 'md5': '_parse_hash', + 'sha1': '_parse_hash', + 'sha256': '_parse_hash', + 'filename|md5': '_parse_filename_hash', + 'filename|sha1': '_parse_filename_hash', + 'filename|sha256': '_parse_filename_hash', + 'email-subject': '_parse_email_message', + 'email-body': '_parse_email_message', + 'authentihash': '_parse_hash', + 'ssdeep': '_parse_hash', + 'imphash': '_parse_hash', + 'pehash': '_parse_hash', + 'impfuzzy': '_parse_hash', + 'sha224': '_parse_hash', + 'sha384': '_parse_hash', + 'sha512': '_parse_hash', + 'sha512/224': '_parse_hash', + 'sha512/256': '_parse_hash', + 'tlsh': '_parse_hash', + 'cdhash': '_parse_hash', + 'filename|authentihash': '_parse_filename_hash', + 'filename|ssdeep': '_parse_filename_hash', + 'filename|imphash': '_parse_filename_hash', + 'filename|impfuzzy': '_parse_filename_hash', + 'filename|pehash': '_parse_filename_hash', + 'filename|sha224': '_parse_filename_hash', + 'filename|sha384': '_parse_filename_hash', + 'filename|sha512': '_parse_filename_hash', + 'filename|sha512/224': '_parse_filename_hash', + 'filename|sha512/256': '_parse_filename_hash', + 'filename|tlsh': '_parse_filename_hash', + 'x509-fingerprint-md5': '_parse_x509_attribute', + 'x509-fingerprint-sha1': '_parse_x509_attribute', + 'x509-fingerprint-sha256': '_parse_x509_attribute' +} + +objects_mapping = { + 'asn': { + 'observable': 'parse_asn_observable', + 'pattern': 'parse_asn_pattern'}, + 'credential': { + 'observable': 'parse_credential_observable', + 'pattern': 'parse_credential_pattern'}, + 'domain-ip': { + 'observable': 'parse_domain_ip_observable', + 'pattern': 'parse_domain_ip_pattern'}, + 'email': { + 'observable': 'parse_email_observable', + 'pattern': 'parse_email_pattern'}, + 'file': { + 'observable': 'parse_file_observable', + 'pattern': 'parse_file_pattern'}, + 'ip-port': { + 'observable': 'parse_ip_port_observable', + 'pattern': 'parse_ip_port_pattern'}, + 'network-connection': { + 'observable': 'parse_network_connection_observable', + 'pattern': 'parse_network_connection_pattern'}, + 'network-socket': { + 'observable': 'parse_network_socket_observable', + 'pattern': 'parse_network_socket_pattern'}, + 'process': { + 'observable': 'parse_process_observable', + 'pattern': 'parse_process_pattern'}, + 'registry-key': { + 'observable': 'parse_regkey_observable', + 'pattern': 'parse_regkey_pattern'}, + 'url': { + 'observable': 'parse_url_observable', + 'pattern': 'parse_url_pattern'}, + 'user-account': { + 'observable': 'parse_user_account_observable', + 'pattern': 'parse_user_account_pattern'}, + 'WindowsPEBinaryFile': { + 'observable': 'parse_pe_observable', + 'pattern': 'parse_pe_pattern'}, + 'x509': { + 'observable': 'parse_x509_observable', + 'pattern': 'parse_x509_pattern'} +} + +observable_mapping = { + ('artifact', 'file'): 'parse_file_observable', + ('artifact', 'directory', 'file'): 'parse_file_observable', + ('artifact', 'email-addr', 'email-message', 'file'): 'parse_email_observable', + ('autonomous-system',): 'parse_asn_observable', + ('autonomous-system', 'ipv4-addr'): 'parse_asn_observable', + ('autonomous-system', 'ipv6-addr'): 'parse_asn_observable', + ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_asn_observable', + ('directory', 'file'): 'parse_file_observable', + ('domain-name',): 'parse_domain_ip_observable', + ('domain-name', 'ipv4-addr'): 'parse_domain_ip_observable', + ('domain-name', 'ipv6-addr'): 'parse_domain_ip_observable', + ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_observable', + ('domain-name', 'ipv4-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', + ('domain-name', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', + ('domain-name', 'ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', + ('domain-name', 'network-traffic'): 'parse_domain_network_traffic_observable', + ('domain-name', 'network-traffic', 'url'): 'parse_url_observable', + ('email-addr',): 'parse_email_address_observable', + ('email-addr', 'email-message'): 'parse_email_observable', + ('email-addr', 'email-message', 'file'): 'parse_email_observable', + ('email-message',): 'parse_email_observable', + ('file',): 'parse_file_observable', + ('file', 'process'): 'parse_process_observable', + ('ipv4-addr',): 'parse_ip_address_observable', + ('ipv6-addr',): 'parse_ip_address_observable', + ('ipv4-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', + ('ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', + ('ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', + ('mac-addr',): 'parse_mac_address_observable', + ('mutex',): 'parse_mutex_observable', + ('process',): 'parse_process_observable', + ('x509-certificate',): 'parse_x509_observable', + ('url',): 'parse_url_observable', + ('user-account',): 'parse_user_account_observable', + ('windows-registry-key',): 'parse_regkey_observable' +} + +pattern_mapping = { + ('artifact', 'file'): 'parse_file_pattern', + ('artifact', 'directory', 'file'): 'parse_file_pattern', + ('autonomous-system', ): 'parse_as_pattern', + ('autonomous-system', 'ipv4-addr'): 'parse_as_pattern', + ('autonomous-system', 'ipv6-addr'): 'parse_as_pattern', + ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_as_pattern', + ('directory',): 'parse_file_pattern', + ('directory', 'file'): 'parse_file_pattern', + ('domain-name',): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv4-addr'): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv6-addr'): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv4-addr', 'url'): 'parse_url_pattern', + ('domain-name', 'ipv6-addr', 'url'): 'parse_url_pattern', + ('domain-name', 'ipv4-addr', 'ipv6-addr', 'url'): 'parse_url_pattern', + ('domain-name', 'network-traffic'): 'parse_domain_ip_port_pattern', + ('domain-name', 'network-traffic', 'url'): 'parse_url_pattern', + ('email-addr',): 'parse_email_address_pattern', + ('email-message',): 'parse_email_message_pattern', + ('file',): 'parse_file_pattern', + ('ipv4-addr',): 'parse_ip_address_pattern', + ('ipv6-addr',): 'parse_ip_address_pattern', + ('ipv4-addr', 'ipv6-addr'): 'parse_ip_address_pattern', + ('mac-addr',): 'parse_mac_address_pattern', + ('mutex',): 'parse_mutex_pattern', + ('network-traffic',): 'parse_network_traffic_pattern', + ('process',): 'parse_process_pattern', + ('url',): 'parse_url_pattern', + ('user-account',): 'parse_user_account_pattern', + ('windows-registry-key',): 'parse_regkey_pattern', + ('x509-certificate',): 'parse_x509_pattern' +} + +pattern_forbidden_relations = (' LIKE ', ' FOLLOWEDBY ', ' MATCHES ', ' ISSUBSET ', ' ISSUPERSET ', ' REPEATS ') +single_attribute_fields = ('type', 'value', 'to_ids') + + +################################################################################ +# OBSERVABLE OBJECTS AND PATTERNS MAPPING. # +################################################################################ + +address_family_attribute_mapping = {'type': 'text','object_relation': 'address-family'} +as_number_attribute_mapping = {'type': 'AS', 'object_relation': 'asn'} +description_attribute_mapping = {'type': 'text', 'object_relation': 'description'} +asn_subnet_attribute_mapping = {'type': 'ip-src', 'object_relation': 'subnet-announced'} +cc_attribute_mapping = {'type': 'email-dst', 'object_relation': 'cc'} +credential_attribute_mapping = {'type': 'text', 'object_relation': 'password'} +data_attribute_mapping = {'type': 'text', 'object_relation': 'data'} +data_type_attribute_mapping = {'type': 'text', 'object_relation': 'data-type'} +domain_attribute_mapping = {'type': 'domain', 'object_relation': 'domain'} +domain_family_attribute_mapping = {'type': 'text', 'object_relation': 'domain-family'} +dst_port_attribute_mapping = {'type': 'port', 'object_relation': 'dst-port'} +email_attachment_attribute_mapping = {'type': 'email-attachment', 'object_relation': 'attachment'} +email_date_attribute_mapping = {'type': 'datetime', 'object_relation': 'send-date'} +email_subject_attribute_mapping = {'type': 'email-subject', 'object_relation': 'subject'} +encoding_attribute_mapping = {'type': 'text', 'object_relation': 'file-encoding'} +end_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-seen'} +entropy_mapping = {'type': 'float', 'object_relation': 'entropy'} +filename_attribute_mapping = {'type': 'filename', 'object_relation': 'filename'} +from_attribute_mapping = {'type': 'email-src', 'object_relation': 'from'} +imphash_mapping = {'type': 'imphash', 'object_relation': 'imphash'} +id_attribute_mapping = {'type': 'text', 'object_relation': 'id'} +ip_attribute_mapping = {'type': 'ip-dst', 'object_relation': 'ip'} +issuer_attribute_mapping = {'type': 'text', 'object_relation': 'issuer'} +key_attribute_mapping = {'type': 'regkey', 'object_relation': 'key'} +malware_sample_attribute_mapping = {'type': 'malware-sample', 'object_relation': 'malware-sample'} +mime_type_attribute_mapping = {'type': 'mime-type', 'object_relation': 'mimetype'} +modified_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-modified'} +name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} +network_traffic_ip = {'type': 'ip-{}', 'object_relation': 'ip-{}'} +number_sections_mapping = {'type': 'counter', 'object_relation': 'number-sections'} +password_mapping = {'type': 'text', 'object_relation': 'password'} +path_attribute_mapping = {'type': 'text', 'object_relation': 'path'} +pe_type_mapping = {'type': 'text', 'object_relation': 'type'} +pid_attribute_mapping = {'type': 'text', 'object_relation': 'pid'} +process_command_line_mapping = {'type': 'text', 'object_relation': 'command-line'} +process_creation_time_mapping = {'type': 'datetime', 'object_relation': 'creation-time'} +process_image_mapping = {'type': 'filename', 'object_relation': 'image'} +process_name_mapping = {'type': 'text', 'object_relation': 'name'} +regkey_name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} +references_attribute_mapping = {'type': 'link', 'object_relation': 'references'} +reply_to_attribute_mapping = {'type': 'email-reply-to', 'object_relation': 'reply-to'} +screenshot_attribute_mapping = {'type': 'attachment', 'object_relation': 'screenshot'} +section_name_mapping = {'type': 'text', 'object_relation': 'name'} +serial_number_attribute_mapping = {'type': 'text', 'object_relation': 'serial-number'} +size_attribute_mapping = {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'} +src_port_attribute_mapping = {'type': 'port', 'object_relation': 'src-port'} +start_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'first-seen'} +state_attribute_mapping = {'type': 'text', 'object_relation': 'state'} +summary_attribute_mapping = {'type': 'text', 'object_relation': 'summary'} +to_attribute_mapping = {'type': 'email-dst', 'object_relation': 'to'} +url_attribute_mapping = {'type': 'url', 'object_relation': 'url'} +url_port_attribute_mapping = {'type': 'port', 'object_relation': 'port'} +user_id_mapping = {'type': 'text', 'object_relation': 'username'} +x_mailer_attribute_mapping = {'type': 'email-x-mailer', 'object_relation': 'x-mailer'} +x509_md5_attribute_mapping = {'type': 'x509-fingerprint-md5', 'object_relation': 'x509-fingerprint-md5'} +x509_sha1_attribute_mapping = {'type': 'x509-fingerprint-sha1', 'object_relation': 'x509-fingerprint-sha1'} +x509_sha256_attribute_mapping = {'type': 'x509-fingerprint-sha256', 'object_relation': 'x509-fingerprint-sha256'} +x509_spka_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-algorithm'} # x509 subject public key algorithm +x509_spke_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-exponent'} # x509 subject public key exponent +x509_spkm_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-modulus'} # x509 subject public key modulus +x509_subject_attribute_mapping = {'type': 'text', 'object_relation': 'subject'} +x509_version_attribute_mapping = {'type': 'text', 'object_relation': 'version'} +x509_vna_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-after'} # x509 validity not after +x509_vnb_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-before'} # x509 validity not before + +asn_mapping = {'number': as_number_attribute_mapping, + 'autonomous-system:number': as_number_attribute_mapping, + 'name': description_attribute_mapping, + 'autonomous-system:name': description_attribute_mapping, + 'ipv4-addr': asn_subnet_attribute_mapping, + 'ipv6-addr': asn_subnet_attribute_mapping, + 'ipv4-addr:value': asn_subnet_attribute_mapping, + 'ipv6-addr:value': asn_subnet_attribute_mapping} + +attack_pattern_mapping = {'name': name_attribute_mapping, + 'description': summary_attribute_mapping} + +attack_pattern_references_mapping = {'mitre-attack': references_attribute_mapping, + 'capec': id_attribute_mapping} + +course_of_action_mapping = {'description': description_attribute_mapping, + 'name': name_attribute_mapping} + +credential_mapping = {'credential': credential_attribute_mapping, + 'user-account:credential': credential_attribute_mapping, + 'user_id': user_id_mapping, + 'user-account:user_id': user_id_mapping} + +domain_ip_mapping = {'domain-name': domain_attribute_mapping, + 'domain-name:value': domain_attribute_mapping, + 'ipv4-addr': ip_attribute_mapping, + 'ipv6-addr': ip_attribute_mapping, + 'ipv4-addr:value': ip_attribute_mapping, + 'ipv6-addr:value': ip_attribute_mapping, + 'domain-name:resolves_to_refs[*].value': ip_attribute_mapping, + 'network-traffic:dst_port': dst_port_attribute_mapping, + 'network-traffic:src_port': src_port_attribute_mapping} + +email_mapping = {'date': email_date_attribute_mapping, + 'email-message:date': email_date_attribute_mapping, + 'email-message:to_refs[*].value': to_attribute_mapping, + 'email-message:cc_refs[*].value': cc_attribute_mapping, + 'subject': email_subject_attribute_mapping, + 'email-message:subject': email_subject_attribute_mapping, + 'X-Mailer': x_mailer_attribute_mapping, + 'email-message:additional_header_fields.x_mailer': x_mailer_attribute_mapping, + 'Reply-To': reply_to_attribute_mapping, + 'email-message:additional_header_fields.reply_to': reply_to_attribute_mapping, + 'email-message:from_ref.value': from_attribute_mapping, + 'email-addr:value': to_attribute_mapping} + +email_references_mapping = {'attachment': email_attachment_attribute_mapping, + 'cc_refs': cc_attribute_mapping, + 'from_ref': from_attribute_mapping, + 'screenshot': screenshot_attribute_mapping, + 'to_refs': to_attribute_mapping} + +file_mapping = {'artifact:mime_type': mime_type_attribute_mapping, + 'file:content_ref.mime_type': mime_type_attribute_mapping, + 'mime_type': mime_type_attribute_mapping, + 'file:mime_type': mime_type_attribute_mapping, + 'name': filename_attribute_mapping, + 'file:name': filename_attribute_mapping, + 'name_enc': encoding_attribute_mapping, + 'file:name_enc': encoding_attribute_mapping, + 'file:parent_directory_ref.path': path_attribute_mapping, + 'directory:path': path_attribute_mapping, + 'size': size_attribute_mapping, + 'file:size': size_attribute_mapping} + +network_traffic_mapping = {'dst_port':dst_port_attribute_mapping, + 'src_port': src_port_attribute_mapping, + 'network-traffic:dst_port': dst_port_attribute_mapping, + 'network-traffic:src_port': src_port_attribute_mapping} + +ip_port_mapping = {'value': domain_attribute_mapping, + 'domain-name:value': domain_attribute_mapping, + 'network-traffic:dst_ref.value': {'type': 'ip-dst', 'object_relation': 'ip-dst'}, + 'network-traffic:src_ref.value': {'type': 'ip-src', 'object_relation': 'ip-src'}} +ip_port_mapping.update(network_traffic_mapping) + +ip_port_references_mapping = {'domain-name': domain_attribute_mapping, + 'ipv4-addr': network_traffic_ip, + 'ipv6-addr': network_traffic_ip} + +network_socket_extension_mapping = {'address_family': address_family_attribute_mapping, + "network-traffic:extensions.'socket-ext'.address_family": address_family_attribute_mapping, + 'protocol_family': domain_family_attribute_mapping, + "network-traffic:extensions.'socket-ext'.protocol_family": domain_family_attribute_mapping, + 'is_blocking': state_attribute_mapping, + "network-traffic:extensions.'socket-ext'.is_blocking": state_attribute_mapping, + 'is_listening': state_attribute_mapping, + "network-traffic:extensions.'socket-ext'.is_listening": state_attribute_mapping} + +network_traffic_references_mapping = {'domain-name': {'type': 'hostname', 'object_relation': 'hostname-{}'}, + 'ipv4-addr': network_traffic_ip, + 'ipv6-addr': network_traffic_ip} + +pe_mapping = {'pe_type': pe_type_mapping, 'number_of_sections': number_sections_mapping, 'imphash': imphash_mapping} + +pe_section_mapping = {'name': section_name_mapping, 'size': size_attribute_mapping, 'entropy': entropy_mapping} + +hash_types = ('MD5', 'SHA-1', 'SHA-256', 'SHA-224', 'SHA-384', 'SHA-512', 'ssdeep', 'tlsh') +for hash_type in hash_types: + misp_hash_type = hash_type.replace('-', '').lower() + attribute = {'type': misp_hash_type, 'object_relation': misp_hash_type} + file_mapping[hash_type] = attribute + file_mapping.update({f"file:hashes.'{feature}'": attribute for feature in (hash_type, misp_hash_type)}) + file_mapping.update({f"file:hashes.{feature}": attribute for feature in (hash_type, misp_hash_type)}) + pe_section_mapping[hash_type] = attribute + pe_section_mapping[misp_hash_type] = attribute + +process_mapping = {'name': process_name_mapping, + 'process:name': process_name_mapping, + 'pid': pid_attribute_mapping, + 'process:pid': pid_attribute_mapping, + 'created': process_creation_time_mapping, + 'process:created': process_creation_time_mapping, + 'command_line': process_command_line_mapping, + 'process:command_line': process_command_line_mapping, + 'process:parent_ref.pid': {'type': 'text', 'object_relation': 'parent-pid'}, + 'process:child_refs[*].pid': {'type': 'text', 'object_relation': 'child-pid'}, + 'process:binary_ref.name': process_image_mapping} + +child_process_reference_mapping = {'pid': {'type': 'text', 'object_relation': 'child-pid'}} + +parent_process_reference_mapping = {'command_line': {'type': 'text', 'object_relation': 'parent-command-line'}, + 'pid': {'type': 'text', 'object_relation': 'parent-pid'}, + 'process-name': {'type': 'text', 'object_relation': 'parent-process-name'}} + +regkey_mapping = {'data': data_attribute_mapping, + 'windows-registry-key:values.data': data_attribute_mapping, + 'data_type': data_type_attribute_mapping, + 'windows-registry-key:values.data_type': data_type_attribute_mapping, + 'modified': modified_attribute_mapping, + 'windows-registry-key:modified': modified_attribute_mapping, + 'name': regkey_name_attribute_mapping, + 'windows-registry-key:values.name': regkey_name_attribute_mapping, + 'key': key_attribute_mapping, + 'windows-registry-key:key': key_attribute_mapping, + 'windows-registry-key:value': {'type': 'text', 'object_relation': 'hive'} + } + +url_mapping = {'url': url_attribute_mapping, + 'url:value': url_attribute_mapping, + 'domain-name': domain_attribute_mapping, + 'domain-name:value': domain_attribute_mapping, + 'network-traffic': url_port_attribute_mapping, + 'network-traffic:dst_port': url_port_attribute_mapping, + 'ipv4-addr:value': ip_attribute_mapping, + 'ipv6-addr:value': ip_attribute_mapping + } + +user_account_mapping = {'account_created': {'type': 'datetime', 'object_relation': 'created'}, + 'account_expires': {'type': 'datetime', 'object_relation': 'expires'}, + 'account_first_login': {'type': 'datetime', 'object_relation': 'first_login'}, + 'account_last_login': {'type': 'datetime', 'object_relation': 'last_login'}, + 'account_login': user_id_mapping, + 'account_type': {'type': 'text', 'object_relation': 'account-type'}, + 'can_escalate_privs': {'type': 'boolean', 'object_relation': 'can_escalate_privs'}, + 'credential': credential_attribute_mapping, + 'credential_last_changed': {'type': 'datetime', 'object_relation': 'password_last_changed'}, + 'display_name': {'type': 'text', 'object_relation': 'display-name'}, + 'gid': {'type': 'text', 'object_relation': 'group-id'}, + 'home_dir': {'type': 'text', 'object_relation': 'home_dir'}, + 'is_disabled': {'type': 'boolean', 'object_relation': 'disabled'}, + 'is_privileged': {'type': 'boolean', 'object_relation': 'privileged'}, + 'is_service_account': {'type': 'boolean', 'object_relation': 'is_service_account'}, + 'shell': {'type': 'text', 'object_relation': 'shell'}, + 'user_id': {'type': 'text', 'object_relation': 'user-id'}} + +vulnerability_mapping = {'name': id_attribute_mapping, + 'description': summary_attribute_mapping} + +x509_mapping = {'issuer': issuer_attribute_mapping, + 'x509-certificate:issuer': issuer_attribute_mapping, + 'serial_number': serial_number_attribute_mapping, + 'x509-certificate:serial_number': serial_number_attribute_mapping, + 'subject': x509_subject_attribute_mapping, + 'x509-certificate:subject': x509_subject_attribute_mapping, + 'subject_public_key_algorithm': x509_spka_attribute_mapping, + 'x509-certificate:subject_public_key_algorithm': x509_spka_attribute_mapping, + 'subject_public_key_exponent': x509_spke_attribute_mapping, + 'x509-certificate:subject_public_key_exponent': x509_spke_attribute_mapping, + 'subject_public_key_modulus': x509_spkm_attribute_mapping, + 'x509-certificate:subject_public_key_modulus': x509_spkm_attribute_mapping, + 'validity_not_before': x509_vnb_attribute_mapping, + 'x509-certificate:validity_not_before': x509_vnb_attribute_mapping, + 'validity_not_after': x509_vna_attribute_mapping, + 'x509-certificate:validity_not_after': x509_vna_attribute_mapping, + 'version': x509_version_attribute_mapping, + 'x509-certificate:version': x509_version_attribute_mapping, + 'SHA-1': x509_sha1_attribute_mapping, + "x509-certificate:hashes.'sha1'": x509_sha1_attribute_mapping, + 'SHA-256': x509_sha256_attribute_mapping, + "x509-certificate:hashes.'sha256'": x509_sha256_attribute_mapping, + 'MD5': x509_md5_attribute_mapping, + "x509-certificate:hashes.'md5'": x509_md5_attribute_mapping, + } + +attachment_types = ('file:content_ref.name', 'file:content_ref.payload_bin', + 'artifact:x_misp_text_name', 'artifact:payload_bin', + "file:hashes.'MD5'", "file:content_ref.hashes.'MD5'", + 'file:name') + +connection_protocols = {"IP": "3", "ICMP": "3", "ARP": "3", + "TCP": "4", "UDP": "4", + "HTTP": "7", "HTTPS": "7", "FTP": "7"} diff --git a/misp_modules/lib/synonymsToTagNames.json b/misp_modules/lib/synonymsToTagNames.json new file mode 100644 index 0000000..c3013f3 --- /dev/null +++ b/misp_modules/lib/synonymsToTagNames.json @@ -0,0 +1 @@ +{"Accstealer":["misp-galaxy:android=\"Accstealer\""],"Ackposts":["misp-galaxy:android=\"Ackposts\""],"Acnetdoor":["misp-galaxy:android=\"Acnetdoor\""],"Acnetsteal":["misp-galaxy:android=\"Acnetsteal\""],"Actech":["misp-galaxy:android=\"Actech\""],"AdChina":["misp-galaxy:android=\"AdChina\""],"AdInfo":["misp-galaxy:android=\"AdInfo\""],"AdMarvel":["misp-galaxy:android=\"AdMarvel\""],"AdMob":["misp-galaxy:android=\"AdMob\""],"AdSms":["misp-galaxy:android=\"AdSms\""],"Adfonic":["misp-galaxy:android=\"Adfonic\""],"Adknowledge":["misp-galaxy:android=\"Adknowledge\""],"Adrd":["misp-galaxy:android=\"Adrd\""],"Aduru":["misp-galaxy:android=\"Aduru\""],"Adwhirl":["misp-galaxy:android=\"Adwhirl\""],"Adwind":["misp-galaxy:android=\"Adwind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:tool=\"Adwind\""],"AlienSpy":["misp-galaxy:android=\"Adwind\"","misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"Adwind RAT\"","misp-galaxy:tool=\"Adwind\""],"Frutas":["misp-galaxy:android=\"Adwind\"","misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"Adwind RAT\"","misp-galaxy:tool=\"Adwind\""],"Unrecom":["misp-galaxy:android=\"Adwind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"Adwind RAT\"","misp-galaxy:tool=\"Adwind\""],"Sockrat":["misp-galaxy:android=\"Adwind\"","misp-galaxy:android=\"Sockrat\"","misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:tool=\"Adwind\""],"Jsocket":["misp-galaxy:android=\"Adwind\"","misp-galaxy:rat=\"Adwind RAT\""],"jRat":["misp-galaxy:android=\"Adwind\"","misp-galaxy:tool=\"Adwind\""],"Backdoor:Java\/Adwind":["misp-galaxy:android=\"Adwind\"","misp-galaxy:tool=\"Adwind\""],"Adwlauncher":["misp-galaxy:android=\"Adwlauncher\""],"Adwo":["misp-galaxy:android=\"Adwo\""],"Airad":["misp-galaxy:android=\"Airad\""],"Airpush":["misp-galaxy:android=\"Airpush\""],"StopSMS":["misp-galaxy:android=\"Airpush\""],"Alienspy":["misp-galaxy:android=\"Alienspy\""],"AmazonAds":["misp-galaxy:android=\"AmazonAds\""],"Andr\/Dropr-FH":["misp-galaxy:android=\"Andr\/Dropr-FH\""],"GhostCtrl":["misp-galaxy:android=\"Andr\/Dropr-FH\"","misp-galaxy:malpedia=\"GhostCtrl\""],"AndroidOS_HidenAd":["misp-galaxy:android=\"AndroidOS_HidenAd\""],"AndroidOS_HiddenAd":["misp-galaxy:android=\"AndroidOS_HidenAd\""],"Answerbot":["misp-galaxy:android=\"Answerbot\""],"Antammi":["misp-galaxy:android=\"Antammi\""],"Apkmore":["misp-galaxy:android=\"Apkmore\""],"Aplog":["misp-galaxy:android=\"Aplog\""],"AppLovin":["misp-galaxy:android=\"AppLovin\""],"Appenda":["misp-galaxy:android=\"Appenda\""],"Apperhand":["misp-galaxy:android=\"Apperhand\""],"Appleservice":["misp-galaxy:android=\"Appleservice\""],"Arspam":["misp-galaxy:android=\"Arspam\""],"Aurecord":["misp-galaxy:android=\"Aurecord\""],"Backapp":["misp-galaxy:android=\"Backapp\""],"Backdexer":["misp-galaxy:android=\"Backdexer\""],"Backflash":["misp-galaxy:android=\"Backflash\""],"Backscript":["misp-galaxy:android=\"Backscript\""],"Badaccents":["misp-galaxy:android=\"Badaccents\""],"Badpush":["misp-galaxy:android=\"Badpush\""],"Ballonpop":["misp-galaxy:android=\"Ballonpop\""],"BambaPurple":["misp-galaxy:android=\"BambaPurple\""],"BankBot":["misp-galaxy:android=\"BankBot\"","misp-galaxy:malpedia=\"Anubis\"","misp-galaxy:malpedia=\"BankBot\""],"Bankosy":["misp-galaxy:android=\"Bankosy\"","misp-galaxy:android=\"GM Bot\"","misp-galaxy:tool=\"Slempo\""],"Bankun":["misp-galaxy:android=\"Bankun\""],"Basebridge":["misp-galaxy:android=\"Basebridge\""],"Basedao":["misp-galaxy:android=\"Basedao\""],"Batterydoctor":["misp-galaxy:android=\"Batterydoctor\""],"BeNews":["misp-galaxy:android=\"BeNews\""],"Beaglespy":["misp-galaxy:android=\"Beaglespy\""],"BeanBot":["misp-galaxy:android=\"BeanBot\""],"Becuro":["misp-galaxy:android=\"Becuro\""],"Beita":["misp-galaxy:android=\"Beita\""],"Bgserv":["misp-galaxy:android=\"Bgserv\""],"Biigespy":["misp-galaxy:android=\"Biigespy\""],"Bmaster":["misp-galaxy:android=\"Bmaster\""],"Bossefiv":["misp-galaxy:android=\"Bossefiv\""],"Boxpush":["misp-galaxy:android=\"Boxpush\""],"BreadSMS":["misp-galaxy:android=\"BreadSMS\""],"Burstly":["misp-galaxy:android=\"Burstly\""],"BusyGasper":["misp-galaxy:android=\"BusyGasper\"","misp-galaxy:malpedia=\"BusyGasper\""],"Buzzcity":["misp-galaxy:android=\"Buzzcity\""],"ByPush":["misp-galaxy:android=\"ByPush\""],"Cajino":["misp-galaxy:android=\"Cajino\""],"Casee":["misp-galaxy:android=\"Casee\""],"Catchtoken":["misp-galaxy:android=\"Catchtoken\""],"Cauly":["misp-galaxy:android=\"Cauly\""],"Cellshark":["misp-galaxy:android=\"Cellshark\""],"Centero":["misp-galaxy:android=\"Centero\""],"Cepsohord":["misp-galaxy:android=\"Cepsohord\""],"Chamois":["misp-galaxy:android=\"Chamois\"","misp-galaxy:malpedia=\"Chamois\""],"Chuli":["misp-galaxy:android=\"Chuli\""],"Citmo":["misp-galaxy:android=\"Citmo\""],"Claco":["misp-galaxy:android=\"Claco\""],"Clevernet":["misp-galaxy:android=\"Clevernet\""],"Cnappbox":["misp-galaxy:android=\"Cnappbox\""],"Cobblerone":["misp-galaxy:android=\"Cobblerone\""],"Coolpaperleak":["misp-galaxy:android=\"Coolpaperleak\""],"Coolreaper":["misp-galaxy:android=\"Coolreaper\""],"CopyCat":["misp-galaxy:android=\"CopyCat\""],"Cosha":["misp-galaxy:android=\"Cosha\""],"Counterclank":["misp-galaxy:android=\"Counterclank\""],"Crazymedia":["misp-galaxy:android=\"Crazymedia\""],"Crisis":["misp-galaxy:android=\"Crisis\"","misp-galaxy:malpedia=\"RCS\""],"Crusewind":["misp-galaxy:android=\"Crusewind\""],"Dandro":["misp-galaxy:android=\"Dandro\""],"Daoyoudao":["misp-galaxy:android=\"Daoyoudao\""],"Deathring":["misp-galaxy:android=\"Deathring\""],"Deeveemap":["misp-galaxy:android=\"Deeveemap\""],"Dendoroid":["misp-galaxy:android=\"Dendoroid\""],"Dengaru":["misp-galaxy:android=\"Dengaru\""],"Diandong":["misp-galaxy:android=\"Diandong\""],"Dianjin":["misp-galaxy:android=\"Dianjin\""],"Dogowar":["misp-galaxy:android=\"Dogowar\""],"Domob":["misp-galaxy:android=\"Domob\""],"DoubleLocker":["misp-galaxy:android=\"DoubleLocker\"","misp-galaxy:malpedia=\"DoubleLocker\""],"Dougalek":["misp-galaxy:android=\"Dougalek\""],"Dowgin":["misp-galaxy:android=\"Dowgin\""],"Droidsheep":["misp-galaxy:android=\"Droidsheep\""],"Dropdialer":["misp-galaxy:android=\"Dropdialer\""],"Dupvert":["misp-galaxy:android=\"Dupvert\""],"Dynamicit":["misp-galaxy:android=\"Dynamicit\""],"Ecardgrabber":["misp-galaxy:android=\"Ecardgrabber\""],"Ecobatry":["misp-galaxy:android=\"Ecobatry\""],"Enesoluty":["misp-galaxy:android=\"Enesoluty\""],"Everbadge":["misp-galaxy:android=\"Everbadge\""],"Ewalls":["misp-galaxy:android=\"Ewalls\""],"Expensive Wall":["misp-galaxy:android=\"Expensive Wall\""],"ExpensiveWall":["misp-galaxy:android=\"ExpensiveWall\""],"Exprespam":["misp-galaxy:android=\"Exprespam\""],"FakeLookout":["misp-galaxy:android=\"FakeLookout\""],"FakeMart":["misp-galaxy:android=\"FakeMart\""],"Fakealbums":["misp-galaxy:android=\"Fakealbums\""],"Fakeangry":["misp-galaxy:android=\"Fakeangry\""],"Fakeapp":["misp-galaxy:android=\"Fakeapp\""],"Fakebanco":["misp-galaxy:android=\"Fakebanco\""],"Fakebank":["misp-galaxy:android=\"Fakebank\""],"Fakebank.B":["misp-galaxy:android=\"Fakebank.B\""],"Fakebok":["misp-galaxy:android=\"Fakebok\""],"Fakedaum":["misp-galaxy:android=\"Fakedaum\""],"Fakedefender":["misp-galaxy:android=\"Fakedefender\""],"Fakedefender.B":["misp-galaxy:android=\"Fakedefender.B\""],"Fakedown":["misp-galaxy:android=\"Fakedown\""],"Fakeflash":["misp-galaxy:android=\"Fakeflash\""],"Fakegame":["misp-galaxy:android=\"Fakegame\""],"Fakeguard":["misp-galaxy:android=\"Fakeguard\""],"Fakejob":["misp-galaxy:android=\"Fakejob\""],"Fakekakao":["misp-galaxy:android=\"Fakekakao\""],"Fakelemon":["misp-galaxy:android=\"Fakelemon\""],"Fakelicense":["misp-galaxy:android=\"Fakelicense\""],"Fakelogin":["misp-galaxy:android=\"Fakelogin\""],"Fakem Rat":["misp-galaxy:android=\"Fakem Rat\""],"Fakemini":["misp-galaxy:android=\"Fakemini\""],"Fakemrat":["misp-galaxy:android=\"Fakemrat\""],"Fakeneflic":["misp-galaxy:android=\"Fakeneflic\""],"Fakenotify":["misp-galaxy:android=\"Fakenotify\""],"Fakepatch":["misp-galaxy:android=\"Fakepatch\""],"Fakeplay":["misp-galaxy:android=\"Fakeplay\""],"Fakescarav":["misp-galaxy:android=\"Fakescarav\""],"Fakesecsuit":["misp-galaxy:android=\"Fakesecsuit\""],"Fakesucon":["misp-galaxy:android=\"Fakesucon\""],"Faketaobao":["misp-galaxy:android=\"Faketaobao\""],"Faketaobao.B":["misp-galaxy:android=\"Faketaobao.B\""],"Faketoken":["misp-galaxy:android=\"Faketoken\""],"Fakeupdate":["misp-galaxy:android=\"Fakeupdate\""],"Fakevoice":["misp-galaxy:android=\"Fakevoice\""],"Farmbaby":["misp-galaxy:android=\"Farmbaby\""],"Fauxtocopy":["misp-galaxy:android=\"Fauxtocopy\""],"Feiwo":["misp-galaxy:android=\"Feiwo\""],"FindAndCall":["misp-galaxy:android=\"FindAndCall\""],"Finfish":["misp-galaxy:android=\"Finfish\""],"Fireleaker":["misp-galaxy:android=\"Fireleaker\""],"Fitikser":["misp-galaxy:android=\"Fitikser\""],"Flexispy":["misp-galaxy:android=\"Flexispy\""],"Fokonge":["misp-galaxy:android=\"Fokonge\""],"FoncySMS":["misp-galaxy:android=\"FoncySMS\""],"Frogonal":["misp-galaxy:android=\"Frogonal\""],"Ftad":["misp-galaxy:android=\"Ftad\""],"Funtasy":["misp-galaxy:android=\"Funtasy\""],"GM Bot":["misp-galaxy:android=\"GM Bot\""],"Acecard":["misp-galaxy:android=\"GM Bot\"","misp-galaxy:tool=\"Slempo\""],"SlemBunk":["misp-galaxy:android=\"GM Bot\"","misp-galaxy:malpedia=\"Slempo\"","misp-galaxy:tool=\"Slempo\""],"Gaiaphish":["misp-galaxy:android=\"Gaiaphish\""],"GallMe":["misp-galaxy:android=\"GallMe\""],"Gamex":["misp-galaxy:android=\"Gamex\""],"Gappusin":["misp-galaxy:android=\"Gappusin\""],"Gazon":["misp-galaxy:android=\"Gazon\""],"Geinimi":["misp-galaxy:android=\"Geinimi\""],"Generisk":["misp-galaxy:android=\"Generisk\""],"Genheur":["misp-galaxy:android=\"Genheur\""],"Genpush":["misp-galaxy:android=\"Genpush\""],"GeoFake":["misp-galaxy:android=\"GeoFake\""],"Geplook":["misp-galaxy:android=\"Geplook\""],"Getadpush":["misp-galaxy:android=\"Getadpush\""],"Ggtracker":["misp-galaxy:android=\"Ggtracker\""],"Ghost Push":["misp-galaxy:android=\"Ghost Push\"","misp-galaxy:mitre-malware=\"Gooligan - S0290\""],"Ghostpush":["misp-galaxy:android=\"Ghostpush\""],"Gmaster":["misp-galaxy:android=\"Gmaster\""],"Godwon":["misp-galaxy:android=\"Godwon\""],"Golddream":["misp-galaxy:android=\"Golddream\""],"Goldeneagle":["misp-galaxy:android=\"Goldeneagle\""],"Golocker":["misp-galaxy:android=\"Golocker\""],"Gomal":["misp-galaxy:android=\"Gomal\""],"Gonesixty":["misp-galaxy:android=\"Gonesixty\""],"Gonfu":["misp-galaxy:android=\"Gonfu\""],"Gonfu.B":["misp-galaxy:android=\"Gonfu.B\""],"Gonfu.C":["misp-galaxy:android=\"Gonfu.C\""],"Gonfu.D":["misp-galaxy:android=\"Gonfu.D\""],"Gooboot":["misp-galaxy:android=\"Gooboot\""],"Goodadpush":["misp-galaxy:android=\"Goodadpush\""],"Greystripe":["misp-galaxy:android=\"Greystripe\""],"Gugespy":["misp-galaxy:android=\"Gugespy\""],"Gugespy.B":["misp-galaxy:android=\"Gugespy.B\""],"Gupno":["misp-galaxy:android=\"Gupno\""],"Habey":["misp-galaxy:android=\"Habey\""],"Handyclient":["misp-galaxy:android=\"Handyclient\""],"Hehe":["misp-galaxy:android=\"Hehe\""],"HenBox":["misp-galaxy:android=\"HenBox\"","misp-galaxy:threat-actor=\"HenBox\""],"Hesperbot":["misp-galaxy:android=\"Hesperbot\""],"Hippo":["misp-galaxy:android=\"Hippo\""],"Hippo.B":["misp-galaxy:android=\"Hippo.B\""],"HummingBad":["misp-galaxy:android=\"HummingBad\"","misp-galaxy:mitre-malware=\"HummingBad - S0322\"","misp-galaxy:mitre-mobile-attack-malware=\"HummingBad - MOB-S0038\"","misp-galaxy:threat-actor=\"HummingBad\""],"IadPush":["misp-galaxy:android=\"IadPush\""],"IcicleGum":["misp-galaxy:android=\"IcicleGum\"","misp-galaxy:android=\"Igexin\""],"Iconosis":["misp-galaxy:android=\"Iconosis\""],"Iconosys":["misp-galaxy:android=\"Iconosys\""],"Igexin":["misp-galaxy:android=\"Igexin\""],"ImAdPush":["misp-galaxy:android=\"ImAdPush\""],"InMobi":["misp-galaxy:android=\"InMobi\""],"JamSkunk":["misp-galaxy:android=\"JamSkunk\""],"Jifake":["misp-galaxy:android=\"Jifake\""],"Jollyserv":["misp-galaxy:android=\"Jollyserv\""],"Jsmshider":["misp-galaxy:android=\"Jsmshider\""],"Ju6":["misp-galaxy:android=\"Ju6\""],"Judy":["misp-galaxy:android=\"Judy\"","misp-galaxy:mitre-malware=\"Judy - S0325\""],"Jumptap":["misp-galaxy:android=\"Jumptap\""],"Jzmob":["misp-galaxy:android=\"Jzmob\""],"Kabstamper":["misp-galaxy:android=\"Kabstamper\""],"Kemoge":["misp-galaxy:android=\"Kemoge\"","misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Kidlogger":["misp-galaxy:android=\"Kidlogger\""],"Kielog":["misp-galaxy:android=\"Kielog\""],"Kituri":["misp-galaxy:android=\"Kituri\""],"KoreFrog":["misp-galaxy:android=\"KoreFrog\""],"Kranxpay":["misp-galaxy:android=\"Kranxpay\""],"Krysanec":["misp-galaxy:android=\"Krysanec\""],"Kuaidian360":["misp-galaxy:android=\"Kuaidian360\""],"Kuguo":["misp-galaxy:android=\"Kuguo\""],"Lastacloud":["misp-galaxy:android=\"Lastacloud\""],"Laucassspy":["misp-galaxy:android=\"Laucassspy\""],"Lifemonspy":["misp-galaxy:android=\"Lifemonspy\""],"Lightdd":["misp-galaxy:android=\"Lightdd\""],"Loaderpush":["misp-galaxy:android=\"Loaderpush\""],"Loapi":["misp-galaxy:android=\"Loapi\""],"Locaspy":["misp-galaxy:android=\"Locaspy\""],"Lockdroid.E":["misp-galaxy:android=\"Lockdroid.E\""],"Lockdroid.F":["misp-galaxy:android=\"Lockdroid.F\""],"Lockdroid.G":["misp-galaxy:android=\"Lockdroid.G\""],"Lockdroid.H":["misp-galaxy:android=\"Lockdroid.H\""],"Lockscreen":["misp-galaxy:android=\"Lockscreen\""],"LogiaAd":["misp-galaxy:android=\"LogiaAd\""],"Loicdos":["misp-galaxy:android=\"Loicdos\""],"LokiBot":["misp-galaxy:android=\"LokiBot\"","misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\"","misp-galaxy:malpedia=\"LokiBot\""],"Loozfon":["misp-galaxy:android=\"Loozfon\""],"Lotoor":["misp-galaxy:android=\"Lotoor\""],"Lovespy":["misp-galaxy:android=\"Lovespy\""],"Lovetrap":["misp-galaxy:android=\"Lovetrap\""],"Luckycat":["misp-galaxy:android=\"Luckycat\""],"Machinleak":["misp-galaxy:android=\"Machinleak\""],"Maistealer":["misp-galaxy:android=\"Maistealer\""],"Malapp":["misp-galaxy:android=\"Malapp\""],"Malebook":["misp-galaxy:android=\"Malebook\""],"Malhome":["misp-galaxy:android=\"Malhome\""],"Malminer":["misp-galaxy:android=\"Malminer\""],"Mania":["misp-galaxy:android=\"Mania\""],"Maxit":["misp-galaxy:android=\"Maxit\""],"MdotM":["misp-galaxy:android=\"MdotM\""],"Medialets":["misp-galaxy:android=\"Medialets\""],"Meshidden":["misp-galaxy:android=\"Meshidden\""],"Mesploit":["misp-galaxy:android=\"Mesploit\""],"Mesprank":["misp-galaxy:android=\"Mesprank\""],"Meswatcherbox":["misp-galaxy:android=\"Meswatcherbox\""],"Miji":["misp-galaxy:android=\"Miji\""],"Milipnot":["misp-galaxy:android=\"Milipnot\""],"MillennialMedia":["misp-galaxy:android=\"MillennialMedia\""],"Mitcad":["misp-galaxy:android=\"Mitcad\""],"MoPub":["misp-galaxy:android=\"MoPub\""],"MobClix":["misp-galaxy:android=\"MobClix\""],"MobFox":["misp-galaxy:android=\"MobFox\""],"MobWin":["misp-galaxy:android=\"MobWin\""],"Mobidisplay":["misp-galaxy:android=\"Mobidisplay\""],"Mobigapp":["misp-galaxy:android=\"Mobigapp\""],"MobileBackup":["misp-galaxy:android=\"MobileBackup\""],"Mobilespy":["misp-galaxy:android=\"Mobilespy\""],"Mobiletx":["misp-galaxy:android=\"Mobiletx\""],"Mobinaspy":["misp-galaxy:android=\"Mobinaspy\""],"Mobus":["misp-galaxy:android=\"Mobus\""],"Mocore":["misp-galaxy:android=\"Mocore\""],"Moghava":["misp-galaxy:android=\"Moghava\""],"Momark":["misp-galaxy:android=\"Momark\""],"Monitorello":["misp-galaxy:android=\"Monitorello\""],"Moolah":["misp-galaxy:android=\"Moolah\""],"Moplus":["misp-galaxy:android=\"Moplus\""],"Morepaks":["misp-galaxy:android=\"Morepaks\""],"MysteryBot":["misp-galaxy:android=\"MysteryBot\"","misp-galaxy:malpedia=\"MysteryBot\""],"Nandrobox":["misp-galaxy:android=\"Nandrobox\""],"Netisend":["misp-galaxy:android=\"Netisend\""],"Nickispy":["misp-galaxy:android=\"Nickispy\""],"Notcompatible":["misp-galaxy:android=\"Notcompatible\""],"Nuhaz":["misp-galaxy:android=\"Nuhaz\""],"Nyearleaker":["misp-galaxy:android=\"Nyearleaker\""],"Obad":["misp-galaxy:android=\"Obad\""],"Oneclickfraud":["misp-galaxy:android=\"Oneclickfraud\""],"Opfake":["misp-galaxy:android=\"Opfake\""],"Opfake.B":["misp-galaxy:android=\"Opfake.B\""],"Ozotshielder":["misp-galaxy:android=\"Ozotshielder\""],"Pafloat":["misp-galaxy:android=\"Pafloat\""],"PandaAds":["misp-galaxy:android=\"PandaAds\""],"Pandbot":["misp-galaxy:android=\"Pandbot\""],"Pdaspy":["misp-galaxy:android=\"Pdaspy\""],"Penetho":["misp-galaxy:android=\"Penetho\""],"Perkel":["misp-galaxy:android=\"Perkel\""],"Phimdropper":["misp-galaxy:android=\"Phimdropper\""],"Phospy":["misp-galaxy:android=\"Phospy\""],"Piddialer":["misp-galaxy:android=\"Piddialer\""],"Pikspam":["misp-galaxy:android=\"Pikspam\""],"Pincer":["misp-galaxy:android=\"Pincer\""],"Pirator":["misp-galaxy:android=\"Pirator\""],"Pjapps":["misp-galaxy:android=\"Pjapps\""],"Pjapps.B":["misp-galaxy:android=\"Pjapps.B\""],"Pletora":["misp-galaxy:android=\"Pletora\""],"Podec":["misp-galaxy:android=\"Podec\"","misp-galaxy:malpedia=\"Podec\""],"Poisoncake":["misp-galaxy:android=\"Poisoncake\""],"Pontiflex":["misp-galaxy:android=\"Pontiflex\""],"Positmob":["misp-galaxy:android=\"Positmob\""],"Premiumtext":["misp-galaxy:android=\"Premiumtext\""],"Pris":["misp-galaxy:android=\"Pris\""],"Qdplugin":["misp-galaxy:android=\"Qdplugin\""],"Qicsomos":["misp-galaxy:android=\"Qicsomos\""],"Qitmo":["misp-galaxy:android=\"Qitmo\""],"Rabbhome":["misp-galaxy:android=\"Rabbhome\""],"Razdel":["misp-galaxy:android=\"Razdel\""],"RedAlert2":["misp-galaxy:android=\"RedAlert2\"","misp-galaxy:malpedia=\"RedAlert2\""],"RedDrop":["misp-galaxy:android=\"RedDrop\"","misp-galaxy:mitre-malware=\"RedDrop - S0326\""],"Repane":["misp-galaxy:android=\"Repane\""],"Reputation.1":["misp-galaxy:android=\"Reputation.1\""],"Reputation.2":["misp-galaxy:android=\"Reputation.2\""],"Reputation.3":["misp-galaxy:android=\"Reputation.3\""],"RevMob":["misp-galaxy:android=\"RevMob\""],"Roidsec":["misp-galaxy:android=\"Roidsec\""],"Rootcager":["misp-galaxy:android=\"Rootcager\""],"Rootnik":["misp-galaxy:android=\"Rootnik\"","misp-galaxy:malpedia=\"Rootnik\""],"Rufraud":["misp-galaxy:android=\"Rufraud\""],"Rusms":["misp-galaxy:android=\"Rusms\""],"SLocker":["misp-galaxy:android=\"SLocker\""],"SMSLocker":["misp-galaxy:android=\"SLocker\""],"SMSReplicator":["misp-galaxy:android=\"SMSReplicator\""],"Samsapo":["misp-galaxy:android=\"Samsapo\""],"Sandorat":["misp-galaxy:android=\"Sandorat\""],"Sberick":["misp-galaxy:android=\"Sberick\""],"Scartibro":["misp-galaxy:android=\"Scartibro\""],"Scipiex":["misp-galaxy:android=\"Scipiex\""],"Selfmite":["misp-galaxy:android=\"Selfmite\""],"Selfmite.B":["misp-galaxy:android=\"Selfmite.B\""],"SellARing":["misp-galaxy:android=\"SellARing\""],"SendDroid":["misp-galaxy:android=\"SendDroid\""],"Simhosy":["misp-galaxy:android=\"Simhosy\""],"Simplocker":["misp-galaxy:android=\"Simplocker\""],"Simplocker.B":["misp-galaxy:android=\"Simplocker.B\""],"Skullkey":["misp-galaxy:android=\"Skullkey\""],"Skygofree":["misp-galaxy:android=\"Skygofree\"","misp-galaxy:malpedia=\"Skygofree\"","misp-galaxy:mitre-malware=\"Skygofree - S0327\""],"Smaato":["misp-galaxy:android=\"Smaato\""],"Smbcheck":["misp-galaxy:android=\"Smbcheck\""],"Smsblocker":["misp-galaxy:android=\"Smsblocker\""],"Smsbomber":["misp-galaxy:android=\"Smsbomber\""],"Smslink":["misp-galaxy:android=\"Smslink\""],"Smspacem":["misp-galaxy:android=\"Smspacem\""],"Smssniffer":["misp-galaxy:android=\"Smssniffer\""],"Smsstealer":["misp-galaxy:android=\"Smsstealer\""],"Smstibook":["misp-galaxy:android=\"Smstibook\""],"Smszombie":["misp-galaxy:android=\"Smszombie\""],"Snadapps":["misp-galaxy:android=\"Snadapps\""],"Sockbot":["misp-galaxy:android=\"Sockbot\""],"Sofacy":["misp-galaxy:android=\"Sofacy\"","misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\"","misp-galaxy:tool=\"CORESHELL\"","misp-galaxy:tool=\"GAMEFISH\"","misp-galaxy:tool=\"SOURFACE\""],"Sosceo":["misp-galaxy:android=\"Sosceo\""],"Spitmo":["misp-galaxy:android=\"Spitmo\""],"Spitmo.B":["misp-galaxy:android=\"Spitmo.B\""],"Spyagent":["misp-galaxy:android=\"Spyagent\""],"Spybubble":["misp-galaxy:android=\"Spybubble\""],"Spydafon":["misp-galaxy:android=\"Spydafon\""],"Spymple":["misp-galaxy:android=\"Spymple\""],"Spyoo":["misp-galaxy:android=\"Spyoo\""],"Spytekcell":["misp-galaxy:android=\"Spytekcell\""],"Spytrack":["misp-galaxy:android=\"Spytrack\""],"Spywaller":["misp-galaxy:android=\"Spywaller\""],"Stealthgenie":["misp-galaxy:android=\"Stealthgenie\""],"Steek":["misp-galaxy:android=\"Steek\""],"Stels":["misp-galaxy:android=\"Stels\""],"Stiniter":["misp-galaxy:android=\"Stiniter\""],"Sumzand":["misp-galaxy:android=\"Sumzand\""],"Svpeng":["misp-galaxy:android=\"Svpeng\"","misp-galaxy:malpedia=\"Svpeng\"","misp-galaxy:tool=\"Svpeng\""],"Invisble Man":["misp-galaxy:android=\"Svpeng\""],"Switcher":["misp-galaxy:android=\"Switcher\"","misp-galaxy:malpedia=\"Switcher\""],"Sysecsms":["misp-galaxy:android=\"Sysecsms\""],"Tanci":["misp-galaxy:android=\"Tanci\""],"Tapjoy":["misp-galaxy:android=\"Tapjoy\""],"Tapsnake":["misp-galaxy:android=\"Tapsnake\""],"Tascudap":["misp-galaxy:android=\"Tascudap\""],"Teelog":["misp-galaxy:android=\"Teelog\""],"Temai":["misp-galaxy:android=\"Temai\""],"Tetus":["misp-galaxy:android=\"Tetus\""],"Tgpush":["misp-galaxy:android=\"Tgpush\""],"Tigerbot":["misp-galaxy:android=\"Tigerbot\""],"Tizi":["misp-galaxy:android=\"Tizi\""],"Tonclank":["misp-galaxy:android=\"Tonclank\""],"Triout":["misp-galaxy:android=\"Triout\"","misp-galaxy:malpedia=\"Triout\""],"Trogle":["misp-galaxy:android=\"Trogle\""],"Twikabot":["misp-galaxy:android=\"Twikabot\""],"Uapush":["misp-galaxy:android=\"Uapush\""],"Umeng":["misp-galaxy:android=\"Umeng\""],"Updtbot":["misp-galaxy:android=\"Updtbot\""],"Upush":["misp-galaxy:android=\"Upush\""],"Uracto":["misp-galaxy:android=\"Uracto\""],"Uranico":["misp-galaxy:android=\"Uranico\""],"Usbcleaver":["misp-galaxy:android=\"Usbcleaver\""],"Utchi":["misp-galaxy:android=\"Utchi\""],"Uten":["misp-galaxy:android=\"Uten\""],"Uupay":["misp-galaxy:android=\"Uupay\""],"Uxipp":["misp-galaxy:android=\"Uxipp\""],"VDopia":["misp-galaxy:android=\"VDopia\""],"VServ":["misp-galaxy:android=\"VServ\""],"Vdloader":["misp-galaxy:android=\"Vdloader\""],"Vibleaker":["misp-galaxy:android=\"Vibleaker\""],"Viking Horde":["misp-galaxy:android=\"Viking Horde\""],"Virusshield":["misp-galaxy:android=\"Virusshield\""],"Walkinwat":["misp-galaxy:android=\"Walkinwat\""],"WannaLocker":["misp-galaxy:android=\"WannaLocker\""],"Waps":["misp-galaxy:android=\"Waps\""],"Waren":["misp-galaxy:android=\"Waren\""],"Windseeker":["misp-galaxy:android=\"Windseeker\""],"Wirex":["misp-galaxy:android=\"Wirex\""],"Wiyun":["misp-galaxy:android=\"Wiyun\""],"Wooboo":["misp-galaxy:android=\"Wooboo\""],"Wqmobile":["misp-galaxy:android=\"Wqmobile\""],"YahooAds":["misp-galaxy:android=\"YahooAds\""],"Yatoot":["misp-galaxy:android=\"Yatoot\""],"Yinhan":["misp-galaxy:android=\"Yinhan\""],"Youmi":["misp-galaxy:android=\"Youmi\""],"YuMe":["misp-galaxy:android=\"YuMe\""],"Zeahache":["misp-galaxy:android=\"Zeahache\""],"ZertSecurity":["misp-galaxy:android=\"ZertSecurity\""],"ZestAdz":["misp-galaxy:android=\"ZestAdz\""],"Zeusmitmo":["misp-galaxy:android=\"Zeusmitmo\""],"iBanking":["misp-galaxy:android=\"iBanking\""],"Rising Sun":["misp-galaxy:backdoor=\"Rising Sun\"","misp-galaxy:malpedia=\"Rising Sun\""],"Rosenbridge":["misp-galaxy:backdoor=\"Rosenbridge\""],"SLUB":["misp-galaxy:backdoor=\"SLUB\"","misp-galaxy:malpedia=\"SLUB\""],"ServHelper":["misp-galaxy:backdoor=\"ServHelper\"","misp-galaxy:malpedia=\"ServHelper\""],"WellMess":["misp-galaxy:backdoor=\"WellMess\"","misp-galaxy:malpedia=\"WellMess\""],"Atmos":["misp-galaxy:banker=\"Atmos\""],"Backswap":["misp-galaxy:banker=\"Backswap\""],"Banjori":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"MultiBanker 2":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"BankPatch":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"BackPatcher":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"Bebloh":["misp-galaxy:banker=\"Bebloh\"","misp-galaxy:malpedia=\"UrlZone\""],"URLZone":["misp-galaxy:banker=\"Bebloh\""],"Shiotob":["misp-galaxy:banker=\"Bebloh\"","misp-galaxy:malpedia=\"UrlZone\""],"CamuBot":["misp-galaxy:banker=\"CamuBot\"","misp-galaxy:malpedia=\"CamuBot\""],"Chthonic":["misp-galaxy:banker=\"Chthonic\"","misp-galaxy:malpedia=\"Chthonic\""],"Chtonic":["misp-galaxy:banker=\"Chthonic\""],"Citadel":["misp-galaxy:banker=\"Citadel\"","misp-galaxy:malpedia=\"Citadel\""],"Corebot":["misp-galaxy:banker=\"Corebot\"","misp-galaxy:malpedia=\"Corebot\""],"DanaBot":["misp-galaxy:banker=\"DanaBot\"","misp-galaxy:malpedia=\"DanaBot\""],"Dok":["misp-galaxy:banker=\"Dok\"","misp-galaxy:malpedia=\"Dok\"","misp-galaxy:mitre-malware=\"Dok - S0281\""],"Dreambot":["misp-galaxy:banker=\"Dreambot\""],"Dridex":["misp-galaxy:banker=\"Dridex\"","misp-galaxy:malpedia=\"Dridex\"","misp-galaxy:tool=\"Dridex\""],"Feodo Version D":["misp-galaxy:banker=\"Dridex\""],"Dyre":["misp-galaxy:banker=\"Dyre\"","misp-galaxy:malpedia=\"Dyre\"","misp-galaxy:mitre-enterprise-attack-malware=\"Dyre - S0024\"","misp-galaxy:mitre-malware=\"Dyre - S0024\""],"Dyreza":["misp-galaxy:banker=\"Dyre\"","misp-galaxy:malpedia=\"Dyre\""],"Feodo":["misp-galaxy:banker=\"Feodo\"","misp-galaxy:malpedia=\"Feodo\""],"Bugat":["misp-galaxy:banker=\"Feodo\"","misp-galaxy:malpedia=\"Bugat\"","misp-galaxy:malpedia=\"Feodo\""],"Cridex":["misp-galaxy:banker=\"Feodo\"","misp-galaxy:malpedia=\"Feodo\"","misp-galaxy:tool=\"Dridex\""],"Fobber":["misp-galaxy:banker=\"Fobber\"","misp-galaxy:malpedia=\"Fobber\""],"Geodo":["misp-galaxy:banker=\"Geodo\"","misp-galaxy:malpedia=\"Emotet\"","misp-galaxy:malpedia=\"Geodo\"","misp-galaxy:mitre-malware=\"Emotet - S0367\"","misp-galaxy:tool=\"Emotet\""],"Feodo Version C":["misp-galaxy:banker=\"Geodo\""],"Emotet":["misp-galaxy:banker=\"Geodo\"","misp-galaxy:malpedia=\"Emotet\"","misp-galaxy:malpedia=\"Geodo\"","misp-galaxy:mitre-malware=\"Emotet - S0367\"","misp-galaxy:tool=\"Emotet\""],"GozNym":["misp-galaxy:banker=\"GozNym\"","misp-galaxy:threat-actor=\"GozNym\""],"Gozi ISFB":["misp-galaxy:banker=\"Gozi ISFB\"","misp-galaxy:malpedia=\"ISFB\""],"Gozi":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\""],"Ursnif":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\"","misp-galaxy:malpedia=\"Snifula\"","misp-galaxy:tool=\"Snifula\""],"CRM":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\""],"Snifula":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\"","misp-galaxy:malpedia=\"Snifula\"","misp-galaxy:tool=\"Snifula\""],"Papras":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\""],"Goziv2":["misp-galaxy:banker=\"Goziv2\""],"Prinimalka":["misp-galaxy:banker=\"Goziv2\""],"GratefulPOS":["misp-galaxy:banker=\"GratefulPOS\"","misp-galaxy:tool=\"GratefulPOS\""],"IAP":["misp-galaxy:banker=\"IAP\"","misp-galaxy:malpedia=\"ISFB\""],"Ice IX":["misp-galaxy:banker=\"Ice IX\"","misp-galaxy:malpedia=\"Ice IX\""],"IcedID":["misp-galaxy:banker=\"IcedID\"","misp-galaxy:malpedia=\"IcedID\""],"Karius":["misp-galaxy:banker=\"Karius\"","misp-galaxy:malpedia=\"Karius\""],"Kronos":["misp-galaxy:banker=\"Kronos\"","misp-galaxy:malpedia=\"Kronos\""],"Licat":["misp-galaxy:banker=\"Licat\""],"Murofet":["misp-galaxy:banker=\"Licat\"","misp-galaxy:malpedia=\"Murofet\""],"Matrix Banker":["misp-galaxy:banker=\"Matrix Banker\"","misp-galaxy:malpedia=\"Matrix Banker\""],"Panda Banker":["misp-galaxy:banker=\"Panda Banker\""],"Zeus Panda":["misp-galaxy:banker=\"Panda Banker\"","misp-galaxy:mitre-malware=\"Zeus Panda - S0330\""],"Qadars":["misp-galaxy:banker=\"Qadars\"","misp-galaxy:malpedia=\"Qadars\""],"Qakbot":["misp-galaxy:banker=\"Qakbot\"","misp-galaxy:tool=\"Akbot\""],"Qbot ":["misp-galaxy:banker=\"Qakbot\""],"Pinkslipbot":["misp-galaxy:banker=\"Qakbot\"","misp-galaxy:malpedia=\"QakBot\""],"Ramnit":["misp-galaxy:banker=\"Ramnit\"","misp-galaxy:botnet=\"Ramnit\"","misp-galaxy:malpedia=\"Ramnit\""],"Nimnul":["misp-galaxy:banker=\"Ramnit\"","misp-galaxy:malpedia=\"Ramnit\""],"Ranbyus":["misp-galaxy:banker=\"Ranbyus\"","misp-galaxy:malpedia=\"Ranbyus\""],"ReactorBot":["misp-galaxy:banker=\"ReactorBot\"","misp-galaxy:malpedia=\"ReactorBot\""],"Retefe":["misp-galaxy:banker=\"Retefe\"","misp-galaxy:malpedia=\"Dok\"","misp-galaxy:mitre-malware=\"Dok - S0281\""],"Tsukuba":["misp-galaxy:banker=\"Retefe\"","misp-galaxy:malpedia=\"Retefe (Windows)\""],"Werdlod":["misp-galaxy:banker=\"Retefe\"","misp-galaxy:malpedia=\"Retefe (Windows)\""],"Sisron":["misp-galaxy:banker=\"Sisron\""],"Skynet":["misp-galaxy:banker=\"Skynet\""],"Smominru":["misp-galaxy:banker=\"Smominru\"","misp-galaxy:malpedia=\"Smominru\""],"Ismo":["misp-galaxy:banker=\"Smominru\"","misp-galaxy:malpedia=\"Smominru\""],"lsmo":["misp-galaxy:banker=\"Smominru\""],"SpyEye":["misp-galaxy:banker=\"SpyEye\""],"Tinba":["misp-galaxy:banker=\"Tinba\"","misp-galaxy:malpedia=\"Tinba\"","misp-galaxy:tool=\"Tinba\""],"Zusy":["misp-galaxy:banker=\"Tinba\"","misp-galaxy:malpedia=\"Tinba\"","misp-galaxy:tool=\"Tinba\""],"TinyBanker":["misp-galaxy:banker=\"Tinba\"","misp-galaxy:malpedia=\"Tinba\"","misp-galaxy:tool=\"Tinba\""],"illi":["misp-galaxy:banker=\"Tinba\""],"TinyNuke":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"NukeBot":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"Nuclear Bot":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"MicroBankingTrojan":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"Xbot":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\"","misp-galaxy:malpedia=\"Xbot\"","misp-galaxy:mitre-mobile-attack-tool=\"Xbot - MOB-S0014\"","misp-galaxy:mitre-tool=\"Xbot - S0298\""],"Trickbot":["misp-galaxy:banker=\"Trickbot\""],"Trickster":["misp-galaxy:banker=\"Trickbot\"","misp-galaxy:malpedia=\"TrickBot\""],"Trickloader":["misp-galaxy:banker=\"Trickbot\""],"Vawtrak":["misp-galaxy:banker=\"Vawtrak\"","misp-galaxy:malpedia=\"Vawtrak\"","misp-galaxy:tool=\"Vawtrak\""],"Neverquest":["misp-galaxy:banker=\"Vawtrak\""],"Zeus Gameover":["misp-galaxy:banker=\"Zeus Gameover\""],"Zeus KINS":["misp-galaxy:banker=\"Zeus KINS\""],"Kasper Internet Non-Security":["misp-galaxy:banker=\"Zeus KINS\"","misp-galaxy:malpedia=\"KINS\""],"Maple":["misp-galaxy:banker=\"Zeus KINS\"","misp-galaxy:malpedia=\"KINS\""],"Zeus Sphinx":["misp-galaxy:banker=\"Zeus Sphinx\"","misp-galaxy:malpedia=\"Zeus Sphinx\""],"Zeus VM":["misp-galaxy:banker=\"Zeus VM\""],"VM Zeus":["misp-galaxy:banker=\"Zeus VM\"","misp-galaxy:malpedia=\"VM Zeus\""],"Zeus":["misp-galaxy:banker=\"Zeus\"","misp-galaxy:botnet=\"Zeus\"","misp-galaxy:malpedia=\"Zeus\"","misp-galaxy:tool=\"Zeus\""],"Zbot":["misp-galaxy:banker=\"Zeus\"","misp-galaxy:botnet=\"Zeus\"","misp-galaxy:malpedia=\"Zeus\"","misp-galaxy:tool=\"Zeus\""],"Zitmo":["misp-galaxy:banker=\"Zitmo\""],"Zloader Zeus":["misp-galaxy:banker=\"Zloader Zeus\""],"Zeus Terdot":["misp-galaxy:banker=\"Zloader Zeus\""],"downAndExec":["misp-galaxy:banker=\"downAndExec\""],"ADB.miner":["misp-galaxy:botnet=\"ADB.miner\""],"AESDDoS":["misp-galaxy:botnet=\"AESDDoS\""],"Akbot":["misp-galaxy:botnet=\"Akbot\"","misp-galaxy:tool=\"Akbot\""],"Asprox":["misp-galaxy:botnet=\"Asprox\"","misp-galaxy:malpedia=\"Asprox\""],"Badsrc":["misp-galaxy:botnet=\"Asprox\""],"Aseljo":["misp-galaxy:botnet=\"Asprox\"","misp-galaxy:malpedia=\"Asprox\""],"Danmec":["misp-galaxy:botnet=\"Asprox\""],"Hydraflux":["misp-galaxy:botnet=\"Asprox\""],"Bagle":["misp-galaxy:botnet=\"Bagle\"","misp-galaxy:malpedia=\"Bagle\""],"Beagle":["misp-galaxy:botnet=\"Bagle\""],"Mitglieder":["misp-galaxy:botnet=\"Bagle\""],"Lodeight":["misp-galaxy:botnet=\"Bagle\""],"Bamital":["misp-galaxy:botnet=\"Bamital\""],"Mdrop-CSK":["misp-galaxy:botnet=\"Bamital\""],"Agent-OCF":["misp-galaxy:botnet=\"Bamital\""],"Beebone":["misp-galaxy:botnet=\"Beebone\""],"BetaBot":["misp-galaxy:botnet=\"BetaBot\"","misp-galaxy:malpedia=\"BetaBot\""],"Brain Food":["misp-galaxy:botnet=\"Brain Food\""],"BredoLab":["misp-galaxy:botnet=\"BredoLab\""],"Oficla":["misp-galaxy:botnet=\"BredoLab\"","misp-galaxy:malpedia=\"Sasfis\"","misp-galaxy:tool=\"Oficla\""],"Chalubo":["misp-galaxy:botnet=\"Chalubo\""],"Chameleon":["misp-galaxy:botnet=\"Chameleon\""],"Conficker":["misp-galaxy:botnet=\"Conficker\"","misp-galaxy:malpedia=\"Conficker\""],"DownUp":["misp-galaxy:botnet=\"Conficker\""],"DownAndUp":["misp-galaxy:botnet=\"Conficker\""],"DownAdUp":["misp-galaxy:botnet=\"Conficker\""],"Kido":["misp-galaxy:botnet=\"Conficker\"","misp-galaxy:malpedia=\"Conficker\""],"Cutwail":["misp-galaxy:botnet=\"Cutwail\"","misp-galaxy:malpedia=\"Cutwail\""],"Pandex":["misp-galaxy:botnet=\"Cutwail\""],"Mutant":["misp-galaxy:botnet=\"Cutwail\""],"Donbot":["misp-galaxy:botnet=\"Donbot\""],"Buzus":["misp-galaxy:botnet=\"Donbot\"","misp-galaxy:malpedia=\"Buzus\""],"Bachsoy":["misp-galaxy:botnet=\"Donbot\""],"Festi":["misp-galaxy:botnet=\"Festi\""],"Spamnost":["misp-galaxy:botnet=\"Festi\""],"Gafgyt":["misp-galaxy:botnet=\"Gafgyt\"","misp-galaxy:malpedia=\"Bashlite\"","misp-galaxy:tool=\"Gafgyt\""],"Bashlite":["misp-galaxy:botnet=\"Gafgyt\"","misp-galaxy:malpedia=\"Bashlite\""],"Gheg":["misp-galaxy:botnet=\"Gheg\"","misp-galaxy:malpedia=\"Tofsee\""],"Tofsee":["misp-galaxy:botnet=\"Gheg\"","misp-galaxy:malpedia=\"Tofsee\""],"Mondera":["misp-galaxy:botnet=\"Gheg\""],"Grum":["misp-galaxy:botnet=\"Grum\""],"Tedroo":["misp-galaxy:botnet=\"Grum\""],"Reddyb":["misp-galaxy:botnet=\"Grum\""],"Gumblar":["misp-galaxy:botnet=\"Gumblar\""],"Hajime":["misp-galaxy:botnet=\"Hajime\"","misp-galaxy:malpedia=\"Hajime\""],"Hide and Seek":["misp-galaxy:botnet=\"Hide and Seek\"","misp-galaxy:malpedia=\"Hide and Seek\""],"HNS":["misp-galaxy:botnet=\"Hide and Seek\"","misp-galaxy:malpedia=\"Hide and Seek\""],"Hide 'N Seek":["misp-galaxy:botnet=\"Hide and Seek\""],"Kelihos":["misp-galaxy:botnet=\"Kelihos\"","misp-galaxy:malpedia=\"Kelihos\""],"Hlux":["misp-galaxy:botnet=\"Kelihos\""],"Kraken":["misp-galaxy:botnet=\"Kraken\"","misp-galaxy:botnet=\"Marina Botnet\"","misp-galaxy:malpedia=\"Kraken\""],"Kracken":["misp-galaxy:botnet=\"Kraken\""],"Lethic":["misp-galaxy:botnet=\"Lethic\"","misp-galaxy:malpedia=\"Lethic\""],"LowSec":["misp-galaxy:botnet=\"LowSec\""],"LowSecurity":["misp-galaxy:botnet=\"LowSec\""],"FreeMoney":["misp-galaxy:botnet=\"LowSec\""],"Ring0.Tools":["misp-galaxy:botnet=\"LowSec\""],"Maazben":["misp-galaxy:botnet=\"Maazben\""],"Madmax":["misp-galaxy:botnet=\"Madmax\""],"Mad Max":["misp-galaxy:botnet=\"Madmax\"","misp-galaxy:tool=\"Mad Max\""],"Marina Botnet":["misp-galaxy:botnet=\"Marina Botnet\""],"Damon Briant":["misp-galaxy:botnet=\"Marina Botnet\""],"BOB.dc":["misp-galaxy:botnet=\"Marina Botnet\""],"Cotmonger":["misp-galaxy:botnet=\"Marina Botnet\""],"Hacktool.Spammer":["misp-galaxy:botnet=\"Marina Botnet\""],"Mariposa":["misp-galaxy:botnet=\"Mariposa\""],"Mega-D":["misp-galaxy:botnet=\"Mega-D\""],"Ozdok":["misp-galaxy:botnet=\"Mega-D\""],"Mettle":["misp-galaxy:botnet=\"Mettle\""],"Mirai":["misp-galaxy:botnet=\"Mirai\"","misp-galaxy:tool=\"Mirai\""],"Muhstik":["misp-galaxy:botnet=\"Muhstik\"","misp-galaxy:malpedia=\"Tsunami (ELF)\""],"Nucrypt":["misp-galaxy:botnet=\"Nucrypt\""],"Onewordsub":["misp-galaxy:botnet=\"Onewordsub\""],"Owari":["misp-galaxy:botnet=\"Owari\"","misp-galaxy:malpedia=\"Owari\""],"Persirai":["misp-galaxy:botnet=\"Persirai\"","misp-galaxy:malpedia=\"Persirai\""],"Pontoeb":["misp-galaxy:botnet=\"Pontoeb\""],"N0ise":["misp-galaxy:botnet=\"Pontoeb\""],"Pushdo":["misp-galaxy:botnet=\"Pushdo\"","misp-galaxy:malpedia=\"Pushdo\""],"Rustock":["misp-galaxy:botnet=\"Rustock\"","misp-galaxy:malpedia=\"Rustock\""],"RKRustok":["misp-galaxy:botnet=\"Rustock\""],"Costrat":["misp-galaxy:botnet=\"Rustock\""],"Sality":["misp-galaxy:botnet=\"Sality\"","misp-galaxy:botnet=\"Sality\"","misp-galaxy:malpedia=\"Sality\""],"Sector":["misp-galaxy:botnet=\"Sality\""],"Kuku":["misp-galaxy:botnet=\"Sality\""],"SalLoad":["misp-galaxy:botnet=\"Sality\""],"Kookoo":["misp-galaxy:botnet=\"Sality\""],"SaliCode":["misp-galaxy:botnet=\"Sality\""],"Kukacka":["misp-galaxy:botnet=\"Sality\""],"Satori":["misp-galaxy:botnet=\"Satori\"","misp-galaxy:malpedia=\"Satori\"","misp-galaxy:tool=\"Satori\""],"Okiru":["misp-galaxy:botnet=\"Satori\"","misp-galaxy:tool=\"Satori\""],"Simda":["misp-galaxy:botnet=\"Simda\"","misp-galaxy:malpedia=\"Simda\""],"Sora":["misp-galaxy:botnet=\"Sora\""],"Mirai Sora":["misp-galaxy:botnet=\"Sora\""],"Spamthru":["misp-galaxy:botnet=\"Spamthru\""],"Spam-DComServ":["misp-galaxy:botnet=\"Spamthru\""],"Covesmer":["misp-galaxy:botnet=\"Spamthru\""],"Xmiler":["misp-galaxy:botnet=\"Spamthru\""],"Srizbi":["misp-galaxy:botnet=\"Srizbi\""],"Cbeplay":["misp-galaxy:botnet=\"Srizbi\""],"Exchanger":["misp-galaxy:botnet=\"Srizbi\""],"Storm":["misp-galaxy:botnet=\"Storm\""],"Nuwar":["misp-galaxy:botnet=\"Storm\""],"Peacomm":["misp-galaxy:botnet=\"Storm\""],"Zhelatin":["misp-galaxy:botnet=\"Storm\""],"Dorf":["misp-galaxy:botnet=\"Storm\""],"Ecard":["misp-galaxy:botnet=\"Storm\""],"TDL4":["misp-galaxy:botnet=\"TDL4\""],"TDSS":["misp-galaxy:botnet=\"TDL4\"","misp-galaxy:malpedia=\"Alureon\""],"Alureon":["misp-galaxy:botnet=\"TDL4\"","misp-galaxy:malpedia=\"Alureon\""],"Torii":["misp-galaxy:botnet=\"Torii\"","misp-galaxy:malpedia=\"Torii\""],"Torpig":["misp-galaxy:botnet=\"Torpig\"","misp-galaxy:malpedia=\"Sinowal\""],"Sinowal":["misp-galaxy:botnet=\"Torpig\"","misp-galaxy:malpedia=\"Sinowal\""],"Anserin":["misp-galaxy:botnet=\"Torpig\"","misp-galaxy:malpedia=\"Sinowal\""],"Trik Spam Botnet":["misp-galaxy:botnet=\"Trik Spam Botnet\""],"Trik Trojan":["misp-galaxy:botnet=\"Trik Spam Botnet\""],"Virut":["misp-galaxy:botnet=\"Virut\"","misp-galaxy:malpedia=\"Virut\""],"Vulcanbot":["misp-galaxy:botnet=\"Vulcanbot\""],"Waledac":["misp-galaxy:botnet=\"Waledac\""],"Waled":["misp-galaxy:botnet=\"Waledac\""],"Waledpak":["misp-galaxy:botnet=\"Waledac\""],"Wopla":["misp-galaxy:botnet=\"Wopla\""],"Xarvester":["misp-galaxy:botnet=\"Xarvester\""],"Rlsloup":["misp-galaxy:botnet=\"Xarvester\""],"Pixoliz":["misp-galaxy:botnet=\"Xarvester\""],"XorDDoS":["misp-galaxy:botnet=\"XorDDoS\""],"Zer0n3t":["misp-galaxy:botnet=\"Zer0n3t\"","misp-galaxy:botnet=\"Zer0n3t\""],"Fib3rl0g1c":["misp-galaxy:botnet=\"Zer0n3t\""],"Zer0Log1x":["misp-galaxy:botnet=\"Zer0n3t\""],"ZeuS":["misp-galaxy:botnet=\"Zeus\""],"PRG":["misp-galaxy:botnet=\"Zeus\""],"Wsnpoem":["misp-galaxy:botnet=\"Zeus\""],"Gorhax":["misp-galaxy:botnet=\"Zeus\""],"Kneber":["misp-galaxy:botnet=\"Zeus\""],"BadUSB":["misp-galaxy:branded-vulnerability=\"BadUSB\""],"Badlock":["misp-galaxy:branded-vulnerability=\"Badlock\""],"Blacknurse":["misp-galaxy:branded-vulnerability=\"Blacknurse\""],"BlueKeep":["misp-galaxy:branded-vulnerability=\"BlueKeep\""],"Dirty COW":["misp-galaxy:branded-vulnerability=\"Dirty COW\""],"Ghost":["misp-galaxy:branded-vulnerability=\"Ghost\"","misp-galaxy:rat=\"Ghost\""],"Heartbleed":["misp-galaxy:branded-vulnerability=\"Heartbleed\""],"ImageTragick":["misp-galaxy:branded-vulnerability=\"ImageTragick\""],"Meltdown":["misp-galaxy:branded-vulnerability=\"Meltdown\""],"POODLE":["misp-galaxy:branded-vulnerability=\"POODLE\""],"SPOILER":["misp-galaxy:branded-vulnerability=\"SPOILER\""],"Shellshock":["misp-galaxy:branded-vulnerability=\"Shellshock\""],"Spectre":["misp-galaxy:branded-vulnerability=\"Spectre\""],"Stagefright":["misp-galaxy:branded-vulnerability=\"Stagefright\""],"Constituency":["misp-galaxy:cert-eu-govsector=\"Constituency\""],"EU-Centric":["misp-galaxy:cert-eu-govsector=\"EU-Centric\""],"EU-nearby":["misp-galaxy:cert-eu-govsector=\"EU-nearby\""],"Outside World":["misp-galaxy:cert-eu-govsector=\"Outside World\""],"Unknown":["misp-galaxy:cert-eu-govsector=\"Unknown\"","misp-galaxy:exploit-kit=\"Unknown\"","misp-galaxy:sector=\"Unknown\""],"World-class":["misp-galaxy:cert-eu-govsector=\"World-class\""],"AAD - Dump users and groups with Azure AD":["misp-galaxy:cloud-security=\"AAD - Dump users and groups with Azure AD\""],"AAD - Password Spray: CredKing":["misp-galaxy:cloud-security=\"AAD - Password Spray: CredKing\""],"AAD - Password Spray: MailSniper":["misp-galaxy:cloud-security=\"AAD - Password Spray: MailSniper\""],"End Point - Create Hidden Mailbox Rule":["misp-galaxy:cloud-security=\"End Point - Create Hidden Mailbox Rule\""],"End Point - Persistence throught Outlook Home Page: SensePost Ruler":["misp-galaxy:cloud-security=\"End Point - Persistence throught Outlook Home Page: SensePost Ruler\""],"End Point - Persistence throught custom Outlook form":["misp-galaxy:cloud-security=\"End Point - Persistence throught custom Outlook form\""],"End Point - Search host for Azure Credentials: SharpCloud":["misp-galaxy:cloud-security=\"End Point - Search host for Azure Credentials: SharpCloud\""],"O365 - 2FA MITM Phishing: evilginx2":["misp-galaxy:cloud-security=\"O365 - 2FA MITM Phishing: evilginx2\""],"O365 - Account Takeover: Add-MailboxPermission":["misp-galaxy:cloud-security=\"O365 - Account Takeover: Add-MailboxPermission\""],"O365 - Add Global admin account":["misp-galaxy:cloud-security=\"O365 - Add Global admin account\""],"O365 - Add Mail forwarding rule":["misp-galaxy:cloud-security=\"O365 - Add Mail forwarding rule\""],"O365 - Bruteforce of Autodiscover: SensePost Ruler":["misp-galaxy:cloud-security=\"O365 - Bruteforce of Autodiscover: SensePost Ruler\""],"O365 - Delegate Tenant Admin":["misp-galaxy:cloud-security=\"O365 - Delegate Tenant Admin\""],"O365 - Download documents and email":["misp-galaxy:cloud-security=\"O365 - Download documents and email\""],"O365 - Exchange Tasks for C2: MWR":["misp-galaxy:cloud-security=\"O365 - Exchange Tasks for C2: MWR\""],"O365 - Exfiltration email using EWS APIs with PowerShell":["misp-galaxy:cloud-security=\"O365 - Exfiltration email using EWS APIs with PowerShell\""],"O365 - Find Open Mailboxes: MailSniper":["misp-galaxy:cloud-security=\"O365 - Find Open Mailboxes: MailSniper\""],"O365 - Get Global Address List: MailSniper":["misp-galaxy:cloud-security=\"O365 - Get Global Address List: MailSniper\""],"O365 - MailSniper: Search Mailbox for content":["misp-galaxy:cloud-security=\"O365 - MailSniper: Search Mailbox for content\""],"O365 - MailSniper: Search Mailbox for credentials":["misp-galaxy:cloud-security=\"O365 - MailSniper: Search Mailbox for credentials\""],"O365 - Phishing for credentials":["misp-galaxy:cloud-security=\"O365 - Phishing for credentials\""],"O365 - Phishing using OAuth app":["misp-galaxy:cloud-security=\"O365 - Phishing using OAuth app\""],"O365 - Pivot to On-Prem host: SensePost Ruler":["misp-galaxy:cloud-security=\"O365 - Pivot to On-Prem host: SensePost Ruler\""],"O365 - Search for Content with eDiscovery":["misp-galaxy:cloud-security=\"O365 - Search for Content with eDiscovery\""],"O365 - Send Internal Email":["misp-galaxy:cloud-security=\"O365 - Send Internal Email\""],"O365 - User account enumeration with ActiveSync":["misp-galaxy:cloud-security=\"O365 - User account enumeration with ActiveSync\""],"On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler":["misp-galaxy:cloud-security=\"On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler\""],"On-Prem Exchange - Delegation":["misp-galaxy:cloud-security=\"On-Prem Exchange - Delegation\""],"On-Prem Exchange - Enumerate domain accounts: FindPeople":["misp-galaxy:cloud-security=\"On-Prem Exchange - Enumerate domain accounts: FindPeople\""],"On-Prem Exchange - Enumerate domain accounts: OWA & Exchange":["misp-galaxy:cloud-security=\"On-Prem Exchange - Enumerate domain accounts: OWA & Exchange\""],"On-Prem Exchange - Enumerate domain accounts: using Skype4B":["misp-galaxy:cloud-security=\"On-Prem Exchange - Enumerate domain accounts: using Skype4B\""],"On-Prem Exchange - OWA version discovery":["misp-galaxy:cloud-security=\"On-Prem Exchange - OWA version discovery\""],"On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS":["misp-galaxy:cloud-security=\"On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS\""],"On-Prem Exchange - Portal Recon":["misp-galaxy:cloud-security=\"On-Prem Exchange - Portal Recon\""],"On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B)":["misp-galaxy:cloud-security=\"On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B)\""],"Angler":["misp-galaxy:exploit-kit=\"Angler\""],"XXX":["misp-galaxy:exploit-kit=\"Angler\""],"AEK":["misp-galaxy:exploit-kit=\"Angler\""],"Axpergle":["misp-galaxy:exploit-kit=\"Angler\""],"Archie":["misp-galaxy:exploit-kit=\"Archie\""],"Astrum":["misp-galaxy:exploit-kit=\"Astrum\""],"Stegano EK":["misp-galaxy:exploit-kit=\"Astrum\""],"Bingo":["misp-galaxy:exploit-kit=\"Bingo\""],"Bizarro Sundown":["misp-galaxy:exploit-kit=\"Bizarro Sundown\""],"Sundown-b":["misp-galaxy:exploit-kit=\"Bizarro Sundown\""],"BlackHole":["misp-galaxy:exploit-kit=\"BlackHole\"","misp-galaxy:rat=\"BlackHole\""],"BHEK":["misp-galaxy:exploit-kit=\"BlackHole\""],"Bleeding Life":["misp-galaxy:exploit-kit=\"Bleeding Life\""],"BL":["misp-galaxy:exploit-kit=\"Bleeding Life\""],"BL2":["misp-galaxy:exploit-kit=\"Bleeding Life\""],"Cool":["misp-galaxy:exploit-kit=\"Cool\""],"CEK":["misp-galaxy:exploit-kit=\"Cool\""],"Styxy Cool":["misp-galaxy:exploit-kit=\"Cool\""],"DNSChanger":["misp-galaxy:exploit-kit=\"DNSChanger\""],"RouterEK":["misp-galaxy:exploit-kit=\"DNSChanger\""],"DealersChoice":["misp-galaxy:exploit-kit=\"DealersChoice\"","misp-galaxy:mitre-malware=\"DealersChoice - S0243\""],"Sednit RTF EK":["misp-galaxy:exploit-kit=\"DealersChoice\""],"Disdain":["misp-galaxy:exploit-kit=\"Disdain\""],"Empire":["misp-galaxy:exploit-kit=\"Empire\"","misp-galaxy:mitre-tool=\"Empire - S0363\"","misp-galaxy:tool=\"Empire\""],"RIG-E":["misp-galaxy:exploit-kit=\"Empire\""],"Fallout":["misp-galaxy:exploit-kit=\"Fallout\"","misp-galaxy:exploit-kit=\"Fallout\""],"Fiesta":["misp-galaxy:exploit-kit=\"Fiesta\""],"NeoSploit":["misp-galaxy:exploit-kit=\"Fiesta\""],"Fiexp":["misp-galaxy:exploit-kit=\"Fiesta\""],"FlashPack":["misp-galaxy:exploit-kit=\"FlashPack\""],"FlashEK":["misp-galaxy:exploit-kit=\"FlashPack\""],"SafePack":["misp-galaxy:exploit-kit=\"FlashPack\""],"CritXPack":["misp-galaxy:exploit-kit=\"FlashPack\""],"Vintage Pack":["misp-galaxy:exploit-kit=\"FlashPack\""],"Glazunov":["misp-galaxy:exploit-kit=\"Glazunov\""],"GrandSoft":["misp-galaxy:exploit-kit=\"GrandSoft\""],"StampEK":["misp-galaxy:exploit-kit=\"GrandSoft\""],"SofosFO":["misp-galaxy:exploit-kit=\"GrandSoft\""],"GreenFlash Sundown":["misp-galaxy:exploit-kit=\"GreenFlash Sundown\""],"Sundown-GF":["misp-galaxy:exploit-kit=\"GreenFlash Sundown\""],"HanJuan":["misp-galaxy:exploit-kit=\"HanJuan\""],"Himan":["misp-galaxy:exploit-kit=\"Himan\""],"High Load":["misp-galaxy:exploit-kit=\"Himan\""],"Hunter":["misp-galaxy:exploit-kit=\"Hunter\"","misp-galaxy:tool=\"Tinba\""],"3ROS Exploit Kit":["misp-galaxy:exploit-kit=\"Hunter\""],"Impact":["misp-galaxy:exploit-kit=\"Impact\""],"Infinity":["misp-galaxy:exploit-kit=\"Infinity\""],"Redkit v2.0":["misp-galaxy:exploit-kit=\"Infinity\""],"Goon":["misp-galaxy:exploit-kit=\"Infinity\""],"Kaixin":["misp-galaxy:exploit-kit=\"Kaixin\""],"CK vip":["misp-galaxy:exploit-kit=\"Kaixin\""],"Lightsout":["misp-galaxy:exploit-kit=\"Lightsout\""],"MWI":["misp-galaxy:exploit-kit=\"MWI\""],"Magnitude":["misp-galaxy:exploit-kit=\"Magnitude\""],"Popads EK":["misp-galaxy:exploit-kit=\"Magnitude\""],"TopExp":["misp-galaxy:exploit-kit=\"Magnitude\""],"Nebula":["misp-galaxy:exploit-kit=\"Nebula\""],"Neutrino":["misp-galaxy:exploit-kit=\"Neutrino\"","misp-galaxy:malpedia=\"Neutrino\""],"Job314":["misp-galaxy:exploit-kit=\"Neutrino\""],"Neutrino Rebooted":["misp-galaxy:exploit-kit=\"Neutrino\""],"Neutrino-v":["misp-galaxy:exploit-kit=\"Neutrino\""],"Niteris":["misp-galaxy:exploit-kit=\"Niteris\""],"CottonCastle":["misp-galaxy:exploit-kit=\"Niteris\""],"Novidade":["misp-galaxy:exploit-kit=\"Novidade\""],"DNSGhost":["misp-galaxy:exploit-kit=\"Novidade\""],"Nuclear":["misp-galaxy:exploit-kit=\"Nuclear\""],"NEK":["misp-galaxy:exploit-kit=\"Nuclear\""],"Nuclear Pack":["misp-galaxy:exploit-kit=\"Nuclear\""],"Spartan":["misp-galaxy:exploit-kit=\"Nuclear\""],"Neclu":["misp-galaxy:exploit-kit=\"Nuclear\""],"Phoenix":["misp-galaxy:exploit-kit=\"Phoenix\""],"PEK":["misp-galaxy:exploit-kit=\"Phoenix\""],"Private Exploit Pack":["misp-galaxy:exploit-kit=\"Private Exploit Pack\""],"PEP":["misp-galaxy:exploit-kit=\"Private Exploit Pack\""],"RIG":["misp-galaxy:exploit-kit=\"RIG\""],"RIG 3":["misp-galaxy:exploit-kit=\"RIG\""],"RIG-v":["misp-galaxy:exploit-kit=\"RIG\""],"RIG 4":["misp-galaxy:exploit-kit=\"RIG\""],"Meadgive":["misp-galaxy:exploit-kit=\"RIG\""],"Redkit":["misp-galaxy:exploit-kit=\"Redkit\""],"SPL":["misp-galaxy:exploit-kit=\"SPL\""],"SPL_Data":["misp-galaxy:exploit-kit=\"SPL\""],"SPLNet":["misp-galaxy:exploit-kit=\"SPL\""],"SPL2":["misp-galaxy:exploit-kit=\"SPL\""],"Sakura":["misp-galaxy:exploit-kit=\"Sakura\""],"Sednit EK":["misp-galaxy:exploit-kit=\"Sednit EK\""],"SedKit":["misp-galaxy:exploit-kit=\"Sednit EK\""],"Spelevo":["misp-galaxy:exploit-kit=\"Spelevo\""],"SpelevoEK":["misp-galaxy:exploit-kit=\"SpelevoEK\""],"Styx":["misp-galaxy:exploit-kit=\"Styx\""],"Sundown":["misp-galaxy:exploit-kit=\"Sundown\""],"Beps":["misp-galaxy:exploit-kit=\"Sundown\""],"Xer":["misp-galaxy:exploit-kit=\"Sundown\""],"Beta":["misp-galaxy:exploit-kit=\"Sundown\""],"Sundown-P":["misp-galaxy:exploit-kit=\"Sundown-P\""],"Sundown-Pirate":["misp-galaxy:exploit-kit=\"Sundown-P\""],"CaptainBlack":["misp-galaxy:exploit-kit=\"Sundown-P\""],"Sweet-Orange":["misp-galaxy:exploit-kit=\"Sweet-Orange\""],"SWO":["misp-galaxy:exploit-kit=\"Sweet-Orange\""],"Anogre":["misp-galaxy:exploit-kit=\"Sweet-Orange\""],"Taurus Builder":["misp-galaxy:exploit-kit=\"Taurus Builder\""],"Terror EK":["misp-galaxy:exploit-kit=\"Terror EK\""],"Blaze EK":["misp-galaxy:exploit-kit=\"Terror EK\""],"Neptune EK":["misp-galaxy:exploit-kit=\"Terror EK\""],"ThreadKit":["misp-galaxy:exploit-kit=\"ThreadKit\""],"Underminer":["misp-galaxy:exploit-kit=\"Underminer\""],"Underminer EK":["misp-galaxy:exploit-kit=\"Underminer\""],"VenomKit":["misp-galaxy:exploit-kit=\"VenomKit\""],"Venom":["misp-galaxy:exploit-kit=\"VenomKit\""],"WhiteHole":["misp-galaxy:exploit-kit=\"WhiteHole\""],"ATM Black Box Attack":["misp-galaxy:financial-fraud=\"ATM Black Box Attack\""],"ATM Explosive Attack":["misp-galaxy:financial-fraud=\"ATM Explosive Attack\""],"ATM Jackpotting":["misp-galaxy:financial-fraud=\"ATM Jackpotting\""],"ATM Shimming":["misp-galaxy:financial-fraud=\"ATM Shimming\""],"ATM skimming":["misp-galaxy:financial-fraud=\"ATM skimming\""],"Account-Checking Services":["misp-galaxy:financial-fraud=\"Account-Checking Services\""],"Business Email Compromise":["misp-galaxy:financial-fraud=\"Business Email Compromise\""],"Compromised Account Credentials":["misp-galaxy:financial-fraud=\"Compromised Account Credentials\""],"Compromised Intellectual Property (IP)":["misp-galaxy:financial-fraud=\"Compromised Intellectual Property (IP)\""],"Compromised Payment Cards":["misp-galaxy:financial-fraud=\"Compromised Payment Cards\""],"Compromised Personally Identifiable Information (PII)":["misp-galaxy:financial-fraud=\"Compromised Personally Identifiable Information (PII)\""],"Cryptocurrency Exchange":["misp-galaxy:financial-fraud=\"Cryptocurrency Exchange\""],"CxO Fraud":["misp-galaxy:financial-fraud=\"CxO Fraud\""],"Fund Transfer":["misp-galaxy:financial-fraud=\"Fund Transfer\""],"Insider Trading":["misp-galaxy:financial-fraud=\"Insider Trading\""],"Malware":["misp-galaxy:financial-fraud=\"Malware\""],"Money Mules":["misp-galaxy:financial-fraud=\"Money Mules\""],"POS Skimming":["misp-galaxy:financial-fraud=\"POS Skimming\""],"Phishing":["misp-galaxy:financial-fraud=\"Phishing\""],"Prepaid Cards":["misp-galaxy:financial-fraud=\"Prepaid Cards\""],"Resell Stolen Data":["misp-galaxy:financial-fraud=\"Resell Stolen Data\""],"SWIFT Transaction":["misp-galaxy:financial-fraud=\"SWIFT Transaction\""],"Scam":["misp-galaxy:financial-fraud=\"Scam\""],"Social Media Scams":["misp-galaxy:financial-fraud=\"Social Media Scams\""],"Spear phishing":["misp-galaxy:financial-fraud=\"Spear phishing\""],"Vishing":["misp-galaxy:financial-fraud=\"Vishing\""],"Breach of voters privacy during the casting of votes":["misp-galaxy:guidelines=\"Breach of voters privacy during the casting of votes\""],"Defacement, DoS or overload of websites or other systems used for publication of the results":["misp-galaxy:guidelines=\"Defacement, DoS or overload of websites or other systems used for publication of the results\""],"Deleting or tampering with voter data":["misp-galaxy:guidelines=\"Deleting or tampering with voter data\""],"DoS or overload of government websites":["misp-galaxy:guidelines=\"DoS or overload of government websites\""],"DoS or overload of party\/campaign registration, causing them to miss the deadline":["misp-galaxy:guidelines=\"DoS or overload of party\/campaign registration, causing them to miss the deadline\""],"DoS or overload of voter registration system, suppressing voters":["misp-galaxy:guidelines=\"DoS or overload of voter registration system, suppressing voters\""],"Fabricated signatures from sponsor":["misp-galaxy:guidelines=\"Fabricated signatures from sponsor\""],"Hacking campaign websites (defacement, DoS)":["misp-galaxy:guidelines=\"Hacking campaign websites (defacement, DoS)\""],"Hacking campaign websites, spreading misinformation on the election process, registered parties\/candidates, or results":["misp-galaxy:guidelines=\"Hacking campaign websites, spreading misinformation on the election process, registered parties\/candidates, or results\""],"Hacking candidate laptops or email accounts":["misp-galaxy:guidelines=\"Hacking candidate laptops or email accounts\""],"Hacking of internal systems used by media or press":["misp-galaxy:guidelines=\"Hacking of internal systems used by media or press\""],"Hacking\/misconfiguration of government servers, communication networks, or endpoints":["misp-galaxy:guidelines=\"Hacking\/misconfiguration of government servers, communication networks, or endpoints\""],"Identity fraud during voter registration":["misp-galaxy:guidelines=\"Identity fraud during voter registration\""],"Leak of confidential information":["misp-galaxy:guidelines=\"Leak of confidential information\""],"Misconfiguration of a website":["misp-galaxy:guidelines=\"Misconfiguration of a website\""],"Software bug altering results":["misp-galaxy:guidelines=\"Software bug altering results\""],"Tampering or DoS of communication links uesd to transfer (interim) results":["misp-galaxy:guidelines=\"Tampering or DoS of communication links uesd to transfer (interim) results\""],"Tampering or DoS of voting and\/or vote confidentiality during or after the elections":["misp-galaxy:guidelines=\"Tampering or DoS of voting and\/or vote confidentiality during or after the elections\""],"Tampering with logs\/journals":["misp-galaxy:guidelines=\"Tampering with logs\/journals\""],"Tampering with registrations":["misp-galaxy:guidelines=\"Tampering with registrations\""],"Tampering with supply chain involved in the movement or transfer data":["misp-galaxy:guidelines=\"Tampering with supply chain involved in the movement or transfer data\""],"Tampering, DoS or overload of the systems used for counting or aggregating results":["misp-galaxy:guidelines=\"Tampering, DoS or overload of the systems used for counting or aggregating results\""],"Tampering, DoS, or overload of media communication links":["misp-galaxy:guidelines=\"Tampering, DoS, or overload of media communication links\""],"7ev3n":["misp-galaxy:malpedia=\"7ev3n\"","misp-galaxy:ransomware=\"7ev3n\""],"9002 RAT":["misp-galaxy:malpedia=\"9002 RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\""],"Hydraq":["misp-galaxy:malpedia=\"9002 RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\"","misp-galaxy:tool=\"Aurora\""],"McRAT":["misp-galaxy:malpedia=\"9002 RAT\""],"AIRBREAK":["misp-galaxy:malpedia=\"AIRBREAK\"","misp-galaxy:mitre-enterprise-attack-malware=\"Orz - S0229\"","misp-galaxy:mitre-malware=\"Orz - S0229\""],"Orz":["misp-galaxy:malpedia=\"AIRBREAK\"","misp-galaxy:mitre-enterprise-attack-malware=\"Orz - S0229\"","misp-galaxy:mitre-malware=\"Orz - S0229\""],"ALPC Local PrivEsc":["misp-galaxy:malpedia=\"ALPC Local PrivEsc\""],"AMTsol":["misp-galaxy:malpedia=\"AMTsol\""],"Adupihan":["misp-galaxy:malpedia=\"AMTsol\""],"ANTAK":["misp-galaxy:malpedia=\"ANTAK\""],"APT3 Keylogger":["misp-galaxy:malpedia=\"APT3 Keylogger\""],"ARS VBS Loader":["misp-galaxy:malpedia=\"ARS VBS Loader\"","misp-galaxy:rat=\"ARS VBS Loader\""],"ASPC":["misp-galaxy:malpedia=\"ASPC\""],"ATI-Agent":["misp-galaxy:malpedia=\"ATI-Agent\""],"ATMSpitter":["misp-galaxy:malpedia=\"ATMSpitter\""],"ATMii":["misp-galaxy:malpedia=\"ATMii\""],"ATMitch":["misp-galaxy:malpedia=\"ATMitch\""],"AVCrypt":["misp-galaxy:malpedia=\"AVCrypt\""],"AbaddonPOS":["misp-galaxy:malpedia=\"AbaddonPOS\""],"PinkKite":["misp-galaxy:malpedia=\"AbaddonPOS\""],"Abbath Banker":["misp-galaxy:malpedia=\"Abbath Banker\""],"AcridRain":["misp-galaxy:malpedia=\"AcridRain\""],"Acronym":["misp-galaxy:malpedia=\"Acronym\""],"AdKoob":["misp-galaxy:malpedia=\"AdKoob\""],"AdWind":["misp-galaxy:malpedia=\"AdWind\""],"JBifrost":["misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:rat=\"Adwind RAT\""],"JSocket":["misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:tool=\"Adwind\""],"UNRECOM":["misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:rat=\"Adwind RAT\""],"AdamLocker":["misp-galaxy:malpedia=\"AdamLocker\""],"AdultSwine":["misp-galaxy:malpedia=\"AdultSwine\""],"AdvisorsBot":["misp-galaxy:malpedia=\"AdvisorsBot\""],"Adylkuzz":["misp-galaxy:malpedia=\"Adylkuzz\""],"Agent Tesla":["misp-galaxy:malpedia=\"Agent Tesla\"","misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"","misp-galaxy:tool=\"Agent Tesla\""],"Agent.BTZ":["misp-galaxy:malpedia=\"Agent.BTZ\"","misp-galaxy:tool=\"Agent.BTZ\""],"ComRAT":["misp-galaxy:malpedia=\"Agent.BTZ\"","misp-galaxy:mitre-enterprise-attack-malware=\"ComRAT - S0126\"","misp-galaxy:mitre-malware=\"ComRAT - S0126\"","misp-galaxy:rat=\"ComRAT\""],"Sun rootkit":["misp-galaxy:malpedia=\"Agent.BTZ\""],"Aldibot":["misp-galaxy:malpedia=\"Aldibot\""],"Alina POS":["misp-galaxy:malpedia=\"Alina POS\""],"alina_eagle":["misp-galaxy:malpedia=\"Alina POS\""],"alina_spark":["misp-galaxy:malpedia=\"Alina POS\""],"katrina":["misp-galaxy:malpedia=\"Alina POS\""],"Allaple":["misp-galaxy:malpedia=\"Allaple\""],"Starman":["misp-galaxy:malpedia=\"Allaple\""],"Alma Communicator":["misp-galaxy:malpedia=\"Alma Communicator\""],"AlmaLocker":["misp-galaxy:malpedia=\"AlmaLocker\""],"AlphaLocker":["misp-galaxy:malpedia=\"AlphaLocker\"","misp-galaxy:ransomware=\"Alpha Ransomware\""],"AlphaNC":["misp-galaxy:malpedia=\"AlphaNC\""],"Alphabet Ransomware":["misp-galaxy:malpedia=\"Alphabet Ransomware\"","misp-galaxy:ransomware=\"Alphabet Ransomware\""],"Alreay":["misp-galaxy:malpedia=\"Alreay\""],"Olmarik":["misp-galaxy:malpedia=\"Alureon\""],"Pihar":["misp-galaxy:malpedia=\"Alureon\""],"TDL":["misp-galaxy:malpedia=\"Alureon\""],"Amadey":["misp-galaxy:malpedia=\"Amadey\""],"Anatova Ransomware":["misp-galaxy:malpedia=\"Anatova Ransomware\""],"AndroRAT":["misp-galaxy:malpedia=\"AndroRAT\"","misp-galaxy:mitre-malware=\"AndroRAT - S0292\"","misp-galaxy:mitre-mobile-attack-malware=\"AndroRAT - MOB-S0008\""],"Andromeda":["misp-galaxy:malpedia=\"Andromeda\"","misp-galaxy:tool=\"Gamarue\""],"B106-Gamarue":["misp-galaxy:malpedia=\"Andromeda\""],"B67-SS-Gamarue":["misp-galaxy:malpedia=\"Andromeda\""],"Gamarue":["misp-galaxy:malpedia=\"Andromeda\"","misp-galaxy:tool=\"Gamarue\""],"b66":["misp-galaxy:malpedia=\"Andromeda\""],"Anel":["misp-galaxy:malpedia=\"Anel\""],"Antilam":["misp-galaxy:malpedia=\"Antilam\""],"Latinus":["misp-galaxy:malpedia=\"Antilam\""],"Anubis":["misp-galaxy:malpedia=\"Anubis\""],"AnubisSpy":["misp-galaxy:malpedia=\"AnubisSpy\""],"Apocalipto":["misp-galaxy:malpedia=\"Apocalipto\""],"Apocalypse":["misp-galaxy:malpedia=\"Apocalypse\"","misp-galaxy:ransomware=\"Apocalypse\"","misp-galaxy:rat=\"Apocalypse\""],"AppleJeus":["misp-galaxy:malpedia=\"AppleJeus\""],"ArdaMax":["misp-galaxy:malpedia=\"ArdaMax\""],"Arefty":["misp-galaxy:malpedia=\"Arefty\""],"Arik Keylogger":["misp-galaxy:malpedia=\"Arik Keylogger\""],"Aaron Keylogger":["misp-galaxy:malpedia=\"Arik Keylogger\""],"Arkei Stealer":["misp-galaxy:malpedia=\"Arkei Stealer\""],"Artra Downloader":["misp-galaxy:malpedia=\"Artra Downloader\""],"Asacub":["misp-galaxy:malpedia=\"Asacub\""],"AscentLoader":["misp-galaxy:malpedia=\"AscentLoader\""],"BadSrc":["misp-galaxy:malpedia=\"Asprox\""],"AthenaGo RAT":["misp-galaxy:malpedia=\"AthenaGo RAT\""],"Atmosphere":["misp-galaxy:malpedia=\"Atmosphere\""],"August Stealer":["misp-galaxy:malpedia=\"August Stealer\"","misp-galaxy:tool=\"August\""],"Auriga":["misp-galaxy:malpedia=\"Auriga\""],"Riodrv":["misp-galaxy:malpedia=\"Auriga\""],"Aurora":["misp-galaxy:malpedia=\"Aurora\"","misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\"","misp-galaxy:tool=\"Aurora\""],"AutoCAD Downloader":["misp-galaxy:malpedia=\"AutoCAD Downloader\""],"Acad.Bursted":["misp-galaxy:malpedia=\"AutoCAD Downloader\""],"Duxfas":["misp-galaxy:malpedia=\"AutoCAD Downloader\""],"AvastDisabler":["misp-galaxy:malpedia=\"AvastDisabler\""],"Ave Maria":["misp-galaxy:malpedia=\"Ave Maria\"","misp-galaxy:stealer=\"Ave Maria\""],"AVE_MARIA":["misp-galaxy:malpedia=\"Ave Maria\""],"Aveo":["misp-galaxy:malpedia=\"Aveo\""],"Avzhan":["misp-galaxy:malpedia=\"Avzhan\""],"Ayegent":["misp-galaxy:malpedia=\"Ayegent\""],"Azorult":["misp-galaxy:malpedia=\"Azorult\"","misp-galaxy:mitre-malware=\"Azorult - S0344\""],"PuffStealer":["misp-galaxy:malpedia=\"Azorult\""],"Rultazo":["misp-galaxy:malpedia=\"Azorult\""],"BABYMETAL":["misp-galaxy:malpedia=\"BABYMETAL\""],"BACKBEND":["misp-galaxy:malpedia=\"BACKBEND\""],"BBSRAT":["misp-galaxy:malpedia=\"BBSRAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"BBSRAT - S0127\"","misp-galaxy:mitre-malware=\"BBSRAT - S0127\""],"BCMPUPnP_Hunter":["misp-galaxy:malpedia=\"BCMPUPnP_Hunter\""],"BELLHOP":["misp-galaxy:malpedia=\"BELLHOP\""],"BKA Trojaner":["misp-galaxy:malpedia=\"BKA Trojaner\""],"bwin3_bka":["misp-galaxy:malpedia=\"BKA Trojaner\""],"BLACKCOFFEE":["misp-galaxy:malpedia=\"BLACKCOFFEE\"","misp-galaxy:mitre-enterprise-attack-malware=\"BLACKCOFFEE - S0069\"","misp-galaxy:mitre-malware=\"BLACKCOFFEE - S0069\""],"BONDUPDATER":["misp-galaxy:malpedia=\"BONDUPDATER\"","misp-galaxy:mitre-malware=\"BONDUPDATER - S0360\"","misp-galaxy:rat=\"BONDUPDATER\""],"Glimpse":["misp-galaxy:malpedia=\"BONDUPDATER\""],"BRAIN":["misp-galaxy:malpedia=\"BRAIN\""],"BS2005":["misp-galaxy:malpedia=\"BS2005\"","misp-galaxy:mitre-enterprise-attack-malware=\"BS2005 - S0014\"","misp-galaxy:mitre-malware=\"BS2005 - S0014\"","misp-galaxy:tool=\"Hoardy\""],"BTCWare":["misp-galaxy:malpedia=\"BTCWare\""],"BUBBLEWRAP":["misp-galaxy:malpedia=\"BUBBLEWRAP\"","misp-galaxy:mitre-enterprise-attack-malware=\"BUBBLEWRAP - S0043\"","misp-galaxy:mitre-malware=\"BUBBLEWRAP - S0043\""],"BYEBY":["misp-galaxy:malpedia=\"BYEBY\""],"Babar":["misp-galaxy:malpedia=\"Babar\"","misp-galaxy:tool=\"Babar\""],"SNOWBALL":["misp-galaxy:malpedia=\"Babar\""],"BabyLon RAT":["misp-galaxy:malpedia=\"BabyLon RAT\""],"BackNet":["misp-galaxy:malpedia=\"BackNet\""],"BackSwap":["misp-galaxy:malpedia=\"BackSwap\""],"BadEncript":["misp-galaxy:malpedia=\"BadEncript\""],"BadNews":["misp-galaxy:malpedia=\"BadNews\""],"Bahamut (Android)":["misp-galaxy:malpedia=\"Bahamut (Android)\""],"Bahamut (Windows)":["misp-galaxy:malpedia=\"Bahamut (Windows)\""],"Baldir":["misp-galaxy:malpedia=\"Baldir\""],"Baldr":["misp-galaxy:malpedia=\"Baldir\""],"Banatrix":["misp-galaxy:malpedia=\"Banatrix\""],"Bankshot":["misp-galaxy:malpedia=\"Bankshot\"","misp-galaxy:mitre-malware=\"Bankshot - S0239\"","misp-galaxy:tool=\"Bankshot\""],"Banload":["misp-galaxy:malpedia=\"Banload\"","misp-galaxy:tool=\"Banload\""],"Bart":["misp-galaxy:malpedia=\"Bart\"","misp-galaxy:ransomware=\"Bart\""],"gayfgt":["misp-galaxy:malpedia=\"Bashlite\""],"lizkebab":["misp-galaxy:malpedia=\"Bashlite\""],"qbot":["misp-galaxy:malpedia=\"Bashlite\""],"torlus":["misp-galaxy:malpedia=\"Bashlite\""],"BatchWiper":["misp-galaxy:malpedia=\"BatchWiper\""],"Batel":["misp-galaxy:malpedia=\"Batel\""],"Bateleur":["misp-galaxy:malpedia=\"Bateleur\"","misp-galaxy:tool=\"Bateleur\""],"Beapy":["misp-galaxy:malpedia=\"Beapy\""],"Bedep":["misp-galaxy:malpedia=\"Bedep\"","misp-galaxy:tool=\"Bedep\""],"Bella":["misp-galaxy:malpedia=\"Bella\""],"Belonard":["misp-galaxy:malpedia=\"Belonard\""],"Berbomthum":["misp-galaxy:malpedia=\"Berbomthum\""],"BernhardPOS":["misp-galaxy:malpedia=\"BernhardPOS\""],"Neurevt":["misp-galaxy:malpedia=\"BetaBot\""],"Bezigate":["misp-galaxy:malpedia=\"Bezigate\""],"BfBot":["misp-galaxy:malpedia=\"BfBot\""],"BianLian":["misp-galaxy:malpedia=\"BianLian\""],"BillGates":["misp-galaxy:malpedia=\"BillGates\""],"BioData":["misp-galaxy:malpedia=\"BioData\""],"Biscuit":["misp-galaxy:malpedia=\"Biscuit\""],"zxdosml":["misp-galaxy:malpedia=\"Biscuit\""],"Bitsran":["misp-galaxy:malpedia=\"Bitsran\""],"Bitter RAT":["misp-galaxy:malpedia=\"Bitter RAT\""],"BlackEnergy":["misp-galaxy:malpedia=\"BlackEnergy\"","misp-galaxy:mitre-enterprise-attack-malware=\"BlackEnergy - S0089\"","misp-galaxy:mitre-malware=\"BlackEnergy - S0089\"","misp-galaxy:threat-actor=\"Sandworm\"","misp-galaxy:tool=\"BlackEnergy\""],"BlackPOS":["misp-galaxy:malpedia=\"BlackPOS\""],"Kaptoxa":["misp-galaxy:malpedia=\"BlackPOS\""],"POSWDS":["misp-galaxy:malpedia=\"BlackPOS\""],"Reedum":["misp-galaxy:malpedia=\"BlackPOS\""],"BlackRevolution":["misp-galaxy:malpedia=\"BlackRevolution\""],"BlackRouter":["misp-galaxy:malpedia=\"BlackRouter\""],"BLACKHEART":["misp-galaxy:malpedia=\"BlackRouter\""],"BlackShades":["misp-galaxy:malpedia=\"BlackShades\""],"Boaxxe":["misp-galaxy:malpedia=\"Boaxxe\""],"Bohmini":["misp-galaxy:malpedia=\"Bohmini\""],"Bolek":["misp-galaxy:malpedia=\"Bolek\""],"KBOT":["misp-galaxy:malpedia=\"Bolek\""],"Bouncer":["misp-galaxy:malpedia=\"Bouncer\""],"Bozok":["misp-galaxy:malpedia=\"Bozok\"","misp-galaxy:rat=\"Bozok\""],"Brambul":["misp-galaxy:malpedia=\"Brambul\"","misp-galaxy:tool=\"Brambul\""],"BravoNC":["misp-galaxy:malpedia=\"BravoNC\""],"BreachRAT":["misp-galaxy:malpedia=\"BreachRAT\""],"Breakthrough":["misp-galaxy:malpedia=\"Breakthrough\""],"Bredolab":["misp-galaxy:malpedia=\"Bredolab\""],"BrickerBot":["misp-galaxy:malpedia=\"BrickerBot\""],"BrushaLoader":["misp-galaxy:malpedia=\"BrushaLoader\""],"BrutPOS":["misp-galaxy:malpedia=\"BrutPOS\""],"Buhtrap":["misp-galaxy:malpedia=\"Buhtrap\""],"Ratopak":["misp-galaxy:malpedia=\"Buhtrap\""],"Bundestrojaner":["misp-galaxy:malpedia=\"Bundestrojaner\""],"0zapftis":["misp-galaxy:malpedia=\"Bundestrojaner\""],"R2D2":["misp-galaxy:malpedia=\"Bundestrojaner\""],"Bunitu":["misp-galaxy:malpedia=\"Bunitu\""],"Buterat":["misp-galaxy:malpedia=\"Buterat\""],"spyvoltar":["misp-galaxy:malpedia=\"Buterat\""],"Yimfoca":["misp-galaxy:malpedia=\"Buzus\""],"CACTUSTORCH":["misp-galaxy:malpedia=\"CACTUSTORCH\""],"CCleaner Backdoor":["misp-galaxy:malpedia=\"CCleaner Backdoor\""],"CDorked":["misp-galaxy:malpedia=\"CDorked\""],"CDorked.A":["misp-galaxy:malpedia=\"CDorked\""],"CHINACHOPPER":["misp-galaxy:malpedia=\"CHINACHOPPER\""],"CMSBrute":["misp-galaxy:malpedia=\"CMSBrute\""],"CMSTAR":["misp-galaxy:malpedia=\"CMSTAR\""],"meciv":["misp-galaxy:malpedia=\"CMSTAR\""],"CREAMSICLE":["misp-galaxy:malpedia=\"CREAMSICLE\""],"CabArt":["misp-galaxy:malpedia=\"CabArt\""],"CadelSpy":["misp-galaxy:malpedia=\"CadelSpy\""],"Cadelle":["misp-galaxy:malpedia=\"CadelSpy\"","misp-galaxy:threat-actor=\"Cadelle\""],"Cannibal Rat":["misp-galaxy:malpedia=\"Cannibal Rat\""],"Cannon":["misp-galaxy:malpedia=\"Cannon\"","misp-galaxy:mitre-malware=\"Cannon - S0351\""],"Carbanak":["misp-galaxy:malpedia=\"Carbanak\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-malware=\"Carbanak - S0030\"","misp-galaxy:threat-actor=\"Anunak\""],"Anunak":["misp-galaxy:malpedia=\"Carbanak\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-malware=\"Carbanak - S0030\"","misp-galaxy:threat-actor=\"Anunak\""],"Carberp":["misp-galaxy:malpedia=\"Carberp\""],"Cardinal RAT":["misp-galaxy:malpedia=\"Cardinal RAT\"","misp-galaxy:mitre-malware=\"Cardinal RAT - S0348\"","misp-galaxy:tool=\"Cardinal RAT\""],"Careto":["misp-galaxy:malpedia=\"Careto\"","misp-galaxy:threat-actor=\"Careto\""],"Appetite":["misp-galaxy:malpedia=\"Careto\""],"Mask":["misp-galaxy:malpedia=\"Careto\"","misp-galaxy:threat-actor=\"Careto\""],"CarrotBat":["misp-galaxy:malpedia=\"CarrotBat\""],"Casper":["misp-galaxy:malpedia=\"Casper\"","misp-galaxy:tool=\"Casper\""],"Catchamas":["misp-galaxy:malpedia=\"Catchamas\"","misp-galaxy:mitre-malware=\"Catchamas - S0261\""],"Catelites":["misp-galaxy:malpedia=\"Catelites\""],"CenterPOS":["misp-galaxy:malpedia=\"CenterPOS\""],"cerebrus":["misp-galaxy:malpedia=\"CenterPOS\""],"Cerber":["misp-galaxy:malpedia=\"Cerber\"","misp-galaxy:ransomware=\"Cerber\""],"Cerbu":["misp-galaxy:malpedia=\"Cerbu\""],"ChChes":["misp-galaxy:malpedia=\"ChChes\"","misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\""],"Ham Backdoor":["misp-galaxy:malpedia=\"ChChes\""],"Chainshot":["misp-galaxy:malpedia=\"Chainshot\"","misp-galaxy:tool=\"Chainshot\""],"Chapro":["misp-galaxy:malpedia=\"Chapro\""],"Charger":["misp-galaxy:malpedia=\"Charger\"","misp-galaxy:mitre-malware=\"Charger - S0323\"","misp-galaxy:mitre-mobile-attack-malware=\"Charger - MOB-S0039\""],"CherryPicker POS":["misp-galaxy:malpedia=\"CherryPicker POS\""],"cherry_picker":["misp-galaxy:malpedia=\"CherryPicker POS\""],"cherrypicker":["misp-galaxy:malpedia=\"CherryPicker POS\""],"cherrypickerpos":["misp-galaxy:malpedia=\"CherryPicker POS\""],"ChewBacca":["misp-galaxy:malpedia=\"ChewBacca\""],"Chinad":["misp-galaxy:malpedia=\"Chinad\""],"Chir":["misp-galaxy:malpedia=\"Chir\""],"Chrysaor":["misp-galaxy:malpedia=\"Chrysaor\"","misp-galaxy:mitre-malware=\"Pegasus for Android - S0316\"","misp-galaxy:mitre-mobile-attack-malware=\"Pegasus for Android - MOB-S0032\"","misp-galaxy:tool=\"Chrysaor\""],"JigglyPuff":["misp-galaxy:malpedia=\"Chrysaor\""],"Pegasus":["misp-galaxy:malpedia=\"Chrysaor\"","misp-galaxy:mitre-mobile-attack-malware=\"Pegasus - MOB-S0005\"","misp-galaxy:tool=\"Chrysaor\""],"AndroKINS":["misp-galaxy:malpedia=\"Chthonic\""],"Client Maximus":["misp-galaxy:malpedia=\"Client Maximus\"","misp-galaxy:rat=\"Client Maximus\""],"Clientor":["misp-galaxy:malpedia=\"Clientor\""],"Clipper":["misp-galaxy:malpedia=\"Clipper\""],"Cloud Duke":["misp-galaxy:malpedia=\"Cloud Duke\""],"CoalaBot":["misp-galaxy:malpedia=\"CoalaBot\"","misp-galaxy:tool=\"CoalaBot\""],"CobInt":["misp-galaxy:malpedia=\"CobInt\""],"COOLPANTS":["misp-galaxy:malpedia=\"CobInt\""],"Cobalt Strike":["misp-galaxy:malpedia=\"Cobalt Strike\"","misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike - S0154\"","misp-galaxy:mitre-tool=\"Cobalt Strike - S0154\"","misp-galaxy:rat=\"Cobalt Strike\""],"Cobian RAT":["misp-galaxy:malpedia=\"Cobian RAT\"","misp-galaxy:mitre-malware=\"Cobian RAT - S0338\"","misp-galaxy:rat=\"Cobian RAT\""],"Cobra Carbon System":["misp-galaxy:malpedia=\"Cobra Carbon System\""],"Carbon":["misp-galaxy:malpedia=\"Cobra Carbon System\"","misp-galaxy:mitre-malware=\"Carbon - S0335\""],"CockBlocker":["misp-galaxy:malpedia=\"CockBlocker\""],"CodeKey":["misp-galaxy:malpedia=\"CodeKey\""],"Cohhoc":["misp-galaxy:malpedia=\"Cohhoc\""],"CoinThief":["misp-galaxy:malpedia=\"CoinThief\""],"Coinminer":["misp-galaxy:malpedia=\"Coinminer\""],"Coldroot RAT":["misp-galaxy:malpedia=\"Coldroot RAT\""],"Colony":["misp-galaxy:malpedia=\"Colony\""],"Bandios":["misp-galaxy:malpedia=\"Colony\""],"GrayBird":["misp-galaxy:malpedia=\"Colony\""],"Combojack":["misp-galaxy:malpedia=\"Combojack\""],"Combos":["misp-galaxy:malpedia=\"Combos\""],"CometBot":["misp-galaxy:malpedia=\"CometBot\""],"ComodoSec":["misp-galaxy:malpedia=\"ComodoSec\""],"Computrace":["misp-galaxy:malpedia=\"Computrace\""],"lojack":["misp-galaxy:malpedia=\"Computrace\""],"ComradeCircle":["misp-galaxy:malpedia=\"ComradeCircle\""],"downadup":["misp-galaxy:malpedia=\"Conficker\""],"traffic converter":["misp-galaxy:malpedia=\"Conficker\""],"Confucius":["misp-galaxy:malpedia=\"Confucius\""],"Connic":["misp-galaxy:malpedia=\"Connic\""],"SpyBanker":["misp-galaxy:malpedia=\"Connic\"","misp-galaxy:malpedia=\"SpyBanker\""],"Contopee":["misp-galaxy:malpedia=\"Contopee\""],"CookieBag":["misp-galaxy:malpedia=\"CookieBag\""],"CoreDN":["misp-galaxy:malpedia=\"CoreDN\""],"Coreshell":["misp-galaxy:malpedia=\"Coreshell\""],"CpuMeaner":["misp-galaxy:malpedia=\"CpuMeaner\"","misp-galaxy:tool=\"CpuMeaner\""],"Cpuminer (Android)":["misp-galaxy:malpedia=\"Cpuminer (Android)\""],"Cpuminer (ELF)":["misp-galaxy:malpedia=\"Cpuminer (ELF)\""],"Cr1ptT0r":["misp-galaxy:malpedia=\"Cr1ptT0r\"","misp-galaxy:ransomware=\"Cr1ptT0r\""],"CriptTor":["misp-galaxy:malpedia=\"Cr1ptT0r\""],"CradleCore":["misp-galaxy:malpedia=\"CradleCore\""],"CrashOverride":["misp-galaxy:malpedia=\"CrashOverride\""],"Crash":["misp-galaxy:malpedia=\"CrashOverride\""],"Industroyer":["misp-galaxy:malpedia=\"CrashOverride\""],"CreativeUpdater":["misp-galaxy:malpedia=\"CreativeUpdater\""],"Credraptor":["misp-galaxy:malpedia=\"Credraptor\""],"Crenufs":["misp-galaxy:malpedia=\"Crenufs\""],"Crimson RAT":["misp-galaxy:malpedia=\"Crimson RAT\""],"SEEDOOR":["misp-galaxy:malpedia=\"Crimson RAT\""],"Crimson":["misp-galaxy:malpedia=\"Crimson\"","misp-galaxy:mitre-enterprise-attack-malware=\"Crimson - S0115\"","misp-galaxy:mitre-malware=\"Crimson - S0115\"","misp-galaxy:rat=\"Crimson\"","misp-galaxy:tool=\"Crimson\""],"Crisis (OS X)":["misp-galaxy:malpedia=\"Crisis (OS X)\""],"Crisis (Windows)":["misp-galaxy:malpedia=\"Crisis (Windows)\""],"CrossRAT":["misp-galaxy:malpedia=\"CrossRAT\"","misp-galaxy:mitre-malware=\"CrossRAT - S0235\""],"Trupto":["misp-galaxy:malpedia=\"CrossRAT\""],"Crossrider":["misp-galaxy:malpedia=\"Crossrider\""],"CryLocker":["misp-galaxy:malpedia=\"CryLocker\"","misp-galaxy:ransomware=\"CryLocker\""],"Cryakl":["misp-galaxy:malpedia=\"Cryakl\"","misp-galaxy:ransomware=\"Cryakl\"","misp-galaxy:ransomware=\"Offline ransomware\""],"CrypMic":["misp-galaxy:malpedia=\"CrypMic\""],"Crypt0l0cker":["misp-galaxy:malpedia=\"Crypt0l0cker\""],"CryptXXXX":["misp-galaxy:malpedia=\"CryptXXXX\""],"CryptoFortress":["misp-galaxy:malpedia=\"CryptoFortress\"","misp-galaxy:ransomware=\"CryptoFortress\"","misp-galaxy:ransomware=\"TorrentLocker\""],"CryptoLocker":["misp-galaxy:malpedia=\"CryptoLocker\"","misp-galaxy:ransomware=\"CryptoLocker\""],"CryptoLuck":["misp-galaxy:malpedia=\"CryptoLuck\""],"CryptoMix":["misp-galaxy:malpedia=\"CryptoMix\"","misp-galaxy:ransomware=\"CryptoMix\""],"CryptFile2":["misp-galaxy:malpedia=\"CryptoMix\""],"CryptoNight":["misp-galaxy:malpedia=\"CryptoNight\""],"CryptoRansomeware":["misp-galaxy:malpedia=\"CryptoRansomeware\"","misp-galaxy:ransomware=\"CryptoRansomeware\""],"CryptoShield":["misp-galaxy:malpedia=\"CryptoShield\""],"CryptoShuffler":["misp-galaxy:malpedia=\"CryptoShuffler\""],"CryptoWire":["misp-galaxy:malpedia=\"CryptoWire\"","misp-galaxy:ransomware=\"Owl\""],"Cryptorium":["misp-galaxy:malpedia=\"Cryptorium\""],"Cryptowall":["misp-galaxy:malpedia=\"Cryptowall\""],"CsExt":["misp-galaxy:malpedia=\"CsExt\""],"Cuegoe":["misp-galaxy:malpedia=\"Cuegoe\""],"Windshield?":["misp-galaxy:malpedia=\"Cuegoe\""],"Cueisfry":["misp-galaxy:malpedia=\"Cueisfry\""],"CukieGrab":["misp-galaxy:malpedia=\"CukieGrab\""],"Roblox Trade Assist":["misp-galaxy:malpedia=\"CukieGrab\""],"Cutlet":["misp-galaxy:malpedia=\"Cutlet\""],"CyberGate":["misp-galaxy:malpedia=\"CyberGate\"","misp-galaxy:rat=\"CyberGate\""],"Rebhip":["misp-galaxy:malpedia=\"CyberGate\""],"CyberSplitter":["misp-galaxy:malpedia=\"CyberSplitter\"","misp-galaxy:ransomware=\"Cyber SpLiTTer Vbs\""],"CycBot":["misp-galaxy:malpedia=\"CycBot\""],"DDKONG":["misp-galaxy:malpedia=\"DDKONG\"","misp-galaxy:mitre-malware=\"DDKONG - S0255\"","misp-galaxy:tool=\"DDKONG\""],"DMA Locker":["misp-galaxy:malpedia=\"DMA Locker\""],"DMSniff":["misp-galaxy:malpedia=\"DMSniff\""],"DNSMessenger":["misp-galaxy:malpedia=\"DNSMessenger\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-enterprise-attack-malware=\"TEXTMATE - S0146\"","misp-galaxy:mitre-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-malware=\"TEXTMATE - S0146\"","misp-galaxy:rat=\"DNSMessenger\""],"TEXTMATE":["misp-galaxy:malpedia=\"DNSMessenger\"","misp-galaxy:mitre-enterprise-attack-malware=\"TEXTMATE - S0146\"","misp-galaxy:mitre-malware=\"TEXTMATE - S0146\""],"DNSRat":["misp-galaxy:malpedia=\"DNSRat\""],"DNSbot":["misp-galaxy:malpedia=\"DNSRat\""],"DNSpionage":["misp-galaxy:malpedia=\"DNSpionage\"","misp-galaxy:threat-actor=\"DNSpionage\""],"Agent Drable":["misp-galaxy:malpedia=\"DNSpionage\""],"Webmask":["misp-galaxy:malpedia=\"DNSpionage\""],"DRIFTPIN":["misp-galaxy:malpedia=\"DRIFTPIN\"","misp-galaxy:tool=\"Agent ORM\""],"Spy.Agent.ORM":["misp-galaxy:malpedia=\"DRIFTPIN\""],"Toshliph":["misp-galaxy:malpedia=\"DRIFTPIN\""],"DROPSHOT":["misp-galaxy:malpedia=\"DROPSHOT\""],"DUBrute":["misp-galaxy:malpedia=\"DUBrute\""],"Dairy":["misp-galaxy:malpedia=\"Dairy\""],"DarkComet":["misp-galaxy:malpedia=\"DarkComet\"","misp-galaxy:mitre-malware=\"DarkComet - S0334\"","misp-galaxy:rat=\"DarkComet\""],"Fynloski":["misp-galaxy:malpedia=\"DarkComet\"","misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"klovbot":["misp-galaxy:malpedia=\"DarkComet\""],"DarkHotel":["misp-galaxy:malpedia=\"DarkHotel\"","misp-galaxy:threat-actor=\"DarkHotel\""],"DarkMegi":["misp-galaxy:malpedia=\"DarkMegi\""],"DarkPulsar":["misp-galaxy:malpedia=\"DarkPulsar\"","misp-galaxy:tool=\"DarkPulsar\""],"DarkShell":["misp-galaxy:malpedia=\"DarkShell\""],"DarkStRat":["misp-galaxy:malpedia=\"DarkStRat\""],"DarkTequila":["misp-galaxy:malpedia=\"DarkTequila\""],"Darkmoon":["misp-galaxy:malpedia=\"Darkmoon\"","misp-galaxy:mitre-enterprise-attack-malware=\"Darkmoon - S0209\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\""],"Chymine":["misp-galaxy:malpedia=\"Darkmoon\""],"Darksky":["misp-galaxy:malpedia=\"Darksky\""],"Darktrack RAT":["misp-galaxy:malpedia=\"Darktrack RAT\""],"DarthMiner":["misp-galaxy:malpedia=\"DarthMiner\"","misp-galaxy:tool=\"DarthMiner\""],"Daserf":["misp-galaxy:malpedia=\"Daserf\"","misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Muirim":["misp-galaxy:malpedia=\"Daserf\"","misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Nioupale":["misp-galaxy:malpedia=\"Daserf\"","misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Datper":["misp-galaxy:malpedia=\"Datper\""],"Decebal":["misp-galaxy:malpedia=\"Decebal\""],"Delta(Alfa,Bravo, ...)":["misp-galaxy:malpedia=\"Delta(Alfa,Bravo, ...)\""],"Dented":["misp-galaxy:malpedia=\"Dented\""],"DeputyDog":["misp-galaxy:malpedia=\"DeputyDog\""],"DeriaLock":["misp-galaxy:malpedia=\"DeriaLock\""],"Derusbi":["misp-galaxy:malpedia=\"Derusbi\"","misp-galaxy:mitre-enterprise-attack-malware=\"Derusbi - S0021\"","misp-galaxy:mitre-malware=\"Derusbi - S0021\"","misp-galaxy:tool=\"Derusbi\""],"PHOTO":["misp-galaxy:malpedia=\"Derusbi\"","misp-galaxy:mitre-enterprise-attack-malware=\"Derusbi - S0021\"","misp-galaxy:mitre-malware=\"Derusbi - S0021\""],"Devil's Rat":["misp-galaxy:malpedia=\"Devil's Rat\""],"Dexter":["misp-galaxy:malpedia=\"Dexter\""],"LusyPOS":["misp-galaxy:malpedia=\"Dexter\""],"Dharma":["misp-galaxy:malpedia=\"Dharma\""],"Arena":["misp-galaxy:malpedia=\"Dharma\""],"Crysis":["misp-galaxy:malpedia=\"Dharma\""],"DiamondFox":["misp-galaxy:malpedia=\"DiamondFox\""],"Crystal":["misp-galaxy:malpedia=\"DiamondFox\""],"Gorynch":["misp-galaxy:malpedia=\"DiamondFox\""],"Gorynych":["misp-galaxy:malpedia=\"DiamondFox\""],"Dimnie":["misp-galaxy:malpedia=\"Dimnie\"","misp-galaxy:tool=\"Dimnie\""],"DirCrypt":["misp-galaxy:malpedia=\"DirCrypt\"","misp-galaxy:ransomware=\"DirCrypt\""],"DispenserXFS":["misp-galaxy:malpedia=\"DispenserXFS\""],"DistTrack":["misp-galaxy:malpedia=\"DistTrack\"","misp-galaxy:tool=\"Shamoon\""],"Dockster":["misp-galaxy:malpedia=\"Dockster\""],"DogHousePower":["misp-galaxy:malpedia=\"DogHousePower\""],"Shelma":["misp-galaxy:malpedia=\"DogHousePower\""],"Dorshel":["misp-galaxy:malpedia=\"Dorshel\""],"DoublePulsar":["misp-galaxy:malpedia=\"DoublePulsar\""],"DownPaper":["misp-galaxy:malpedia=\"DownPaper\"","misp-galaxy:mitre-enterprise-attack-malware=\"DownPaper - S0186\"","misp-galaxy:mitre-malware=\"DownPaper - S0186\""],"Downdelph":["misp-galaxy:malpedia=\"Downdelph\"","misp-galaxy:mitre-enterprise-attack-malware=\"Downdelph - S0134\"","misp-galaxy:mitre-malware=\"Downdelph - S0134\"","misp-galaxy:tool=\"Downdelph\""],"DELPHACY":["misp-galaxy:malpedia=\"Downdelph\""],"Downeks":["misp-galaxy:malpedia=\"Downeks\""],"DramNudge":["misp-galaxy:malpedia=\"DramNudge\""],"DreamBot":["misp-galaxy:malpedia=\"DreamBot\""],"DtBackdoor":["misp-galaxy:malpedia=\"DtBackdoor\""],"DuQu":["misp-galaxy:malpedia=\"DuQu\""],"DualToy (Android)":["misp-galaxy:malpedia=\"DualToy (Android)\""],"DualToy (Windows)":["misp-galaxy:malpedia=\"DualToy (Windows)\""],"DualToy (iOS)":["misp-galaxy:malpedia=\"DualToy (iOS)\""],"Dumador":["misp-galaxy:malpedia=\"Dumador\""],"Dummy":["misp-galaxy:malpedia=\"Dummy\""],"Duuzer":["misp-galaxy:malpedia=\"Duuzer\""],"Dvmap":["misp-galaxy:malpedia=\"Dvmap\""],"EDA2":["misp-galaxy:malpedia=\"EDA2\"","misp-galaxy:ransomware=\"HiddenTear\""],"EHDevel":["misp-galaxy:malpedia=\"EHDevel\""],"ELMER":["misp-galaxy:malpedia=\"ELMER\"","misp-galaxy:mitre-enterprise-attack-malware=\"ELMER - S0064\"","misp-galaxy:mitre-malware=\"ELMER - S0064\""],"Elmost":["misp-galaxy:malpedia=\"ELMER\""],"EVILNUM (Javascript)":["misp-galaxy:malpedia=\"EVILNUM (Javascript)\""],"EVILNUM (Windows)":["misp-galaxy:malpedia=\"EVILNUM (Windows)\""],"Ebury":["misp-galaxy:malpedia=\"Ebury\"","misp-galaxy:mitre-malware=\"Ebury - S0377\""],"Eleanor":["misp-galaxy:malpedia=\"Eleanor\""],"ElectricPowder":["misp-galaxy:malpedia=\"ElectricPowder\""],"Elirks":["misp-galaxy:malpedia=\"Elirks\"","misp-galaxy:tool=\"Elirks\""],"Elise":["misp-galaxy:malpedia=\"Elise\"","misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\"","misp-galaxy:threat-actor=\"Lotus Panda\"","misp-galaxy:tool=\"Elise Backdoor\""],"Emdivi":["misp-galaxy:malpedia=\"Emdivi\"","misp-galaxy:threat-actor=\"Blue Termite\"","misp-galaxy:tool=\"Emdivi\""],"Heodo":["misp-galaxy:malpedia=\"Emotet\"","misp-galaxy:malpedia=\"Geodo\""],"Empire Downloader":["misp-galaxy:malpedia=\"Empire Downloader\""],"Enfal":["misp-galaxy:malpedia=\"Enfal\"","misp-galaxy:mitre-enterprise-attack-malware=\"Lurid - S0010\"","misp-galaxy:mitre-malware=\"Lurid - S0010\""],"Lurid":["misp-galaxy:malpedia=\"Enfal\"","misp-galaxy:mitre-enterprise-attack-malware=\"Lurid - S0010\"","misp-galaxy:mitre-malware=\"Lurid - S0010\"","misp-galaxy:threat-actor=\"Mirage\""],"EquationDrug":["misp-galaxy:malpedia=\"EquationDrug\"","misp-galaxy:tool=\"EquationDrug\""],"Equationgroup (Sorting)":["misp-galaxy:malpedia=\"Equationgroup (Sorting)\""],"Erebus (ELF)":["misp-galaxy:malpedia=\"Erebus (ELF)\""],"Erebus (Windows)":["misp-galaxy:malpedia=\"Erebus (Windows)\""],"Eredel":["misp-galaxy:malpedia=\"Eredel\""],"EternalPetya":["misp-galaxy:malpedia=\"EternalPetya\""],"BadRabbit":["misp-galaxy:malpedia=\"EternalPetya\"","misp-galaxy:ransomware=\"Bad Rabbit\""],"Diskcoder.C":["misp-galaxy:malpedia=\"EternalPetya\""],"ExPetr":["misp-galaxy:malpedia=\"EternalPetya\""],"NonPetya":["misp-galaxy:malpedia=\"EternalPetya\""],"NotPetya":["misp-galaxy:malpedia=\"EternalPetya\"","misp-galaxy:mitre-malware=\"NotPetya - S0368\"","misp-galaxy:tool=\"NotPetya\""],"Nyetya":["misp-galaxy:malpedia=\"EternalPetya\"","misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"Petna":["misp-galaxy:malpedia=\"EternalPetya\""],"Pnyetya":["misp-galaxy:malpedia=\"EternalPetya\""],"nPetya":["misp-galaxy:malpedia=\"EternalPetya\""],"EtumBot":["misp-galaxy:malpedia=\"EtumBot\""],"HighTide":["misp-galaxy:malpedia=\"EtumBot\""],"EvilGrab":["misp-galaxy:malpedia=\"EvilGrab\"","misp-galaxy:mitre-enterprise-attack-malware=\"EvilGrab - S0152\"","misp-galaxy:mitre-malware=\"EvilGrab - S0152\"","misp-galaxy:tool=\"EvilGrab\""],"Vidgrab":["misp-galaxy:malpedia=\"EvilGrab\""],"EvilOSX":["misp-galaxy:malpedia=\"EvilOSX\""],"EvilPony":["misp-galaxy:malpedia=\"EvilPony\""],"CREstealer":["misp-galaxy:malpedia=\"EvilPony\""],"Evilbunny":["misp-galaxy:malpedia=\"Evilbunny\""],"Evrial":["misp-galaxy:malpedia=\"Evrial\""],"Excalibur":["misp-galaxy:malpedia=\"Excalibur\""],"Saber":["misp-galaxy:malpedia=\"Excalibur\""],"Sabresac":["misp-galaxy:malpedia=\"Excalibur\""],"Exile RAT":["misp-galaxy:malpedia=\"Exile RAT\""],"ExoBot":["misp-galaxy:malpedia=\"ExoBot\"","misp-galaxy:malpedia=\"Marcher\""],"Exodus":["misp-galaxy:malpedia=\"Exodus\""],"Eye Pyramid":["misp-galaxy:malpedia=\"Eye Pyramid\""],"FBot":["misp-galaxy:malpedia=\"FBot\""],"FEimea RAT":["misp-galaxy:malpedia=\"FEimea RAT\""],"FF RAT":["misp-galaxy:malpedia=\"FF RAT\""],"FLASHFLOOD":["misp-galaxy:malpedia=\"FLASHFLOOD\"","misp-galaxy:mitre-enterprise-attack-malware=\"FLASHFLOOD - S0036\"","misp-galaxy:mitre-malware=\"FLASHFLOOD - S0036\""],"FailyTale":["misp-galaxy:malpedia=\"FailyTale\""],"Fake Pornhub":["misp-galaxy:malpedia=\"Fake Pornhub\""],"FakeDGA":["misp-galaxy:malpedia=\"FakeDGA\""],"WillExec":["misp-galaxy:malpedia=\"FakeDGA\""],"FakeGram":["misp-galaxy:malpedia=\"FakeGram\""],"FakeTGram":["misp-galaxy:malpedia=\"FakeGram\""],"FakeRean":["misp-galaxy:malpedia=\"FakeRean\""],"Braviax":["misp-galaxy:malpedia=\"FakeRean\""],"FakeSpy":["misp-galaxy:malpedia=\"FakeSpy\""],"FakeTC":["misp-galaxy:malpedia=\"FakeTC\""],"Fanny":["misp-galaxy:malpedia=\"Fanny\"","misp-galaxy:tool=\"Fanny\""],"FantomCrypt":["misp-galaxy:malpedia=\"FantomCrypt\""],"Farseer":["misp-galaxy:malpedia=\"Farseer\""],"FastCash":["misp-galaxy:malpedia=\"FastCash\""],"FastPOS":["misp-galaxy:malpedia=\"FastPOS\""],"Felismus":["misp-galaxy:malpedia=\"Felismus\"","misp-galaxy:mitre-enterprise-attack-malware=\"Felismus - S0171\"","misp-galaxy:mitre-malware=\"Felismus - S0171\""],"Felixroot":["misp-galaxy:malpedia=\"Felixroot\""],"FileIce":["misp-galaxy:malpedia=\"FileIce\""],"Filecoder":["misp-galaxy:malpedia=\"Filecoder\""],"FinFisher RAT":["misp-galaxy:malpedia=\"FinFisher RAT\""],"FinSpy":["misp-galaxy:malpedia=\"FinFisher RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"FinFisher - S0182\"","misp-galaxy:mitre-malware=\"FinFisher - S0182\""],"Final1stSpy":["misp-galaxy:malpedia=\"Final1stSpy\""],"FindPOS":["misp-galaxy:malpedia=\"FindPOS\""],"Poseidon":["misp-galaxy:malpedia=\"FindPOS\""],"FireCrypt":["misp-galaxy:malpedia=\"FireCrypt\"","misp-galaxy:ransomware=\"FireCrypt\""],"FireMalv":["misp-galaxy:malpedia=\"FireMalv\"","misp-galaxy:tool=\"FireMalv\""],"Fireball":["misp-galaxy:malpedia=\"Fireball\"","misp-galaxy:tool=\"Fireball\""],"FirstRansom":["misp-galaxy:malpedia=\"FirstRansom\""],"Flame":["misp-galaxy:malpedia=\"Flame\"","misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\"","misp-galaxy:tool=\"Flame\""],"FlashBack":["misp-galaxy:malpedia=\"FlashBack\""],"FlawedAmmyy":["misp-galaxy:malpedia=\"FlawedAmmyy\"","misp-galaxy:rat=\"FlawedAmmyy\""],"FlawedGrace":["misp-galaxy:malpedia=\"FlawedGrace\"","misp-galaxy:rat=\"FlawedGrace\""],"FlexNet":["misp-galaxy:malpedia=\"FlexNet\""],"gugi":["misp-galaxy:malpedia=\"FlexNet\""],"FlexiSpy (Android)":["misp-galaxy:malpedia=\"FlexiSpy (Android)\""],"FlexiSpy (Windows)":["misp-galaxy:malpedia=\"FlexiSpy (Windows)\""],"FlexiSpy (symbian)":["misp-galaxy:malpedia=\"FlexiSpy (symbian)\""],"FlokiBot":["misp-galaxy:malpedia=\"FlokiBot\""],"FlowerShop":["misp-galaxy:malpedia=\"FlowerShop\""],"Floxif":["misp-galaxy:malpedia=\"Floxif\""],"Flusihoc":["misp-galaxy:malpedia=\"Flusihoc\""],"Formbook":["misp-galaxy:malpedia=\"Formbook\""],"FormerFirstRAT":["misp-galaxy:malpedia=\"FormerFirstRAT\""],"ffrat":["misp-galaxy:malpedia=\"FormerFirstRAT\""],"Freenki Loader":["misp-galaxy:malpedia=\"Freenki Loader\""],"FriedEx":["misp-galaxy:malpedia=\"FriedEx\""],"BitPaymer":["misp-galaxy:malpedia=\"FriedEx\"","misp-galaxy:ransomware=\"BitPaymer\""],"FruitFly":["misp-galaxy:malpedia=\"FruitFly\"","misp-galaxy:mitre-malware=\"FruitFly - S0277\"","misp-galaxy:tool=\"FruitFly\""],"Quimitchin":["misp-galaxy:malpedia=\"FruitFly\""],"Furtim":["misp-galaxy:malpedia=\"Furtim\""],"GEMCUTTER":["misp-galaxy:malpedia=\"GEMCUTTER\""],"GPCode":["misp-galaxy:malpedia=\"GPCode\"","misp-galaxy:ransomware=\"OMG! Ransomware\""],"GPlayed":["misp-galaxy:malpedia=\"GPlayed\""],"GREASE":["misp-galaxy:malpedia=\"GREASE\""],"GROK":["misp-galaxy:malpedia=\"GROK\""],"GalaxyLoader":["misp-galaxy:malpedia=\"GalaxyLoader\""],"Gameover DGA":["misp-galaxy:malpedia=\"Gameover DGA\""],"Gameover P2P":["misp-galaxy:malpedia=\"Gameover P2P\""],"GOZ":["misp-galaxy:malpedia=\"Gameover P2P\""],"ZeuS P2P":["misp-galaxy:malpedia=\"Gameover P2P\""],"Gamotrol":["misp-galaxy:malpedia=\"Gamotrol\""],"Gandcrab":["misp-galaxy:malpedia=\"Gandcrab\""],"GrandCrab":["misp-galaxy:malpedia=\"Gandcrab\""],"Gaudox":["misp-galaxy:malpedia=\"Gaudox\""],"Gauss":["misp-galaxy:malpedia=\"Gauss\""],"Gazer":["misp-galaxy:malpedia=\"Gazer\"","misp-galaxy:mitre-enterprise-attack-malware=\"Gazer - S0168\"","misp-galaxy:mitre-malware=\"Gazer - S0168\""],"WhiteBear":["misp-galaxy:malpedia=\"Gazer\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-enterprise-attack-malware=\"Gazer - S0168\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-malware=\"Gazer - S0168\""],"GearInformer":["misp-galaxy:malpedia=\"GearInformer\""],"GetMail":["misp-galaxy:malpedia=\"GetMail\""],"GetMyPass":["misp-galaxy:malpedia=\"GetMyPass\""],"getmypos":["misp-galaxy:malpedia=\"GetMyPass\""],"Gh0stnet":["misp-galaxy:malpedia=\"Gh0stnet\""],"Remosh":["misp-galaxy:malpedia=\"Gh0stnet\""],"Ghole":["misp-galaxy:malpedia=\"Ghole\""],"CoreImpact (Modified)":["misp-galaxy:malpedia=\"Ghole\""],"Gholee":["misp-galaxy:malpedia=\"Ghole\""],"Ghost RAT":["misp-galaxy:malpedia=\"Ghost RAT\""],"Gh0st RAT":["misp-galaxy:malpedia=\"Ghost RAT\"","misp-galaxy:rat=\"Gh0st RAT\""],"PCRat":["misp-galaxy:malpedia=\"Ghost RAT\""],"GhostAdmin":["misp-galaxy:malpedia=\"GhostAdmin\"","misp-galaxy:tool=\"GhostAdmin\""],"Ghost iBot":["misp-galaxy:malpedia=\"GhostAdmin\""],"GhostMiner":["misp-galaxy:malpedia=\"GhostMiner\"","misp-galaxy:tool=\"GhostMiner\""],"GlanceLove":["misp-galaxy:malpedia=\"GlanceLove\""],"GlassRAT":["misp-galaxy:malpedia=\"GlassRAT\""],"Glasses":["misp-galaxy:malpedia=\"Glasses\""],"Wordpress Bruteforcer":["misp-galaxy:malpedia=\"Glasses\""],"GlitchPOS":["misp-galaxy:malpedia=\"GlitchPOS\""],"Globe":["misp-galaxy:malpedia=\"Globe\""],"GlobeImposter":["misp-galaxy:malpedia=\"GlobeImposter\"","misp-galaxy:ransomware=\"Fake Globe Ransomware\"","misp-galaxy:ransomware=\"GlobeImposter\""],"GlooxMail":["misp-galaxy:malpedia=\"GlooxMail\""],"Glupteba":["misp-galaxy:malpedia=\"Glupteba\""],"Godzilla Loader":["misp-galaxy:malpedia=\"Godzilla Loader\""],"Goggles":["misp-galaxy:malpedia=\"Goggles\""],"GoldDragon":["misp-galaxy:malpedia=\"GoldDragon\""],"GoldenEye":["misp-galaxy:malpedia=\"GoldenEye\"","misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"Petya\/Mischa":["misp-galaxy:malpedia=\"GoldenEye\""],"GoldenRAT":["misp-galaxy:malpedia=\"GoldenRAT\""],"Golroted":["misp-galaxy:malpedia=\"Golroted\""],"GooPic Drooper":["misp-galaxy:malpedia=\"GooPic Drooper\""],"Goodor":["misp-galaxy:malpedia=\"Goodor\""],"Fuerboos":["misp-galaxy:malpedia=\"Goodor\""],"GoogleDrive RAT":["misp-galaxy:malpedia=\"GoogleDrive RAT\""],"GootKit":["misp-galaxy:malpedia=\"GootKit\"","misp-galaxy:tool=\"GootKit\""],"Xswkit":["misp-galaxy:malpedia=\"GootKit\""],"talalpek":["misp-galaxy:malpedia=\"GootKit\""],"GovRAT":["misp-galaxy:malpedia=\"GovRAT\"","misp-galaxy:rat=\"GovRAT\""],"Gozi CRM":["misp-galaxy:malpedia=\"Gozi\""],"GrabBot":["misp-galaxy:malpedia=\"GrabBot\""],"Graftor":["misp-galaxy:malpedia=\"Graftor\"","misp-galaxy:tool=\"Aumlib\""],"Grateful POS":["misp-galaxy:malpedia=\"Grateful POS\""],"FrameworkPOS":["misp-galaxy:malpedia=\"Grateful POS\""],"trinity":["misp-galaxy:malpedia=\"Grateful POS\""],"Gratem":["misp-galaxy:malpedia=\"Gratem\""],"Gravity RAT":["misp-galaxy:malpedia=\"Gravity RAT\""],"GreenShaitan":["misp-galaxy:malpedia=\"GreenShaitan\""],"eoehttp":["misp-galaxy:malpedia=\"GreenShaitan\""],"GreyEnergy":["misp-galaxy:malpedia=\"GreyEnergy\"","misp-galaxy:mitre-malware=\"GreyEnergy - S0342\"","misp-galaxy:threat-actor=\"GreyEnergy\""],"Griffon":["misp-galaxy:malpedia=\"Griffon\""],"GuiInject":["misp-galaxy:malpedia=\"GuiInject\""],"Gustuff":["misp-galaxy:malpedia=\"Gustuff\""],"H1N1 Loader":["misp-galaxy:malpedia=\"H1N1 Loader\""],"HALFBAKED":["misp-galaxy:malpedia=\"HALFBAKED\"","misp-galaxy:mitre-enterprise-attack-malware=\"HALFBAKED - S0151\"","misp-galaxy:mitre-malware=\"HALFBAKED - S0151\"","misp-galaxy:tool=\"VB Flash\""],"HLUX":["misp-galaxy:malpedia=\"HLUX\""],"HOPLIGHT":["misp-galaxy:malpedia=\"HOPLIGHT\"","misp-galaxy:mitre-malware=\"HOPLIGHT - S0376\""],"HTML5 Encoding":["misp-galaxy:malpedia=\"HTML5 Encoding\""],"HTran":["misp-galaxy:malpedia=\"HTran\"","misp-galaxy:tool=\"Htran\""],"HUC Packet Transmit Tool":["misp-galaxy:malpedia=\"HTran\"","misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"","misp-galaxy:mitre-tool=\"HTRAN - S0040\""],"HackSpy":["misp-galaxy:malpedia=\"HackSpy\""],"Hacksfase":["misp-galaxy:malpedia=\"Hacksfase\""],"Haiduc":["misp-galaxy:malpedia=\"Haiduc\""],"Hakai":["misp-galaxy:malpedia=\"Hakai\""],"Hamweq":["misp-galaxy:malpedia=\"Hamweq\""],"Hancitor":["misp-galaxy:malpedia=\"Hancitor\"","misp-galaxy:tool=\"Hancitor\""],"Chanitor":["misp-galaxy:malpedia=\"Hancitor\"","misp-galaxy:tool=\"Hancitor\""],"HappyLocker (HiddenTear?)":["misp-galaxy:malpedia=\"HappyLocker (HiddenTear?)\""],"Harnig":["misp-galaxy:malpedia=\"Harnig\""],"Piptea":["misp-galaxy:malpedia=\"Harnig\""],"Havex RAT":["misp-galaxy:malpedia=\"Havex RAT\"","misp-galaxy:tool=\"Havex RAT\""],"HawkEye Keylogger":["misp-galaxy:malpedia=\"HawkEye Keylogger\""],"HawkEye Reborn":["misp-galaxy:malpedia=\"HawkEye Keylogger\""],"Predator Pain":["misp-galaxy:malpedia=\"HawkEye Keylogger\"","misp-galaxy:rat=\"Predator Pain\""],"Helauto":["misp-galaxy:malpedia=\"Helauto\""],"Helminth":["misp-galaxy:malpedia=\"Helminth\"","misp-galaxy:mitre-enterprise-attack-malware=\"Helminth - S0170\"","misp-galaxy:mitre-malware=\"Helminth - S0170\""],"Heloag":["misp-galaxy:malpedia=\"Heloag\""],"Herbst":["misp-galaxy:malpedia=\"Herbst\"","misp-galaxy:ransomware=\"Herbst\""],"Heriplor":["misp-galaxy:malpedia=\"Heriplor\""],"Hermes Ransomware":["misp-galaxy:malpedia=\"Hermes Ransomware\"","misp-galaxy:ransomware=\"Hermes Ransomware\""],"Hermes":["misp-galaxy:malpedia=\"Hermes\""],"HeroRAT":["misp-galaxy:malpedia=\"HeroRAT\""],"HerpesBot":["misp-galaxy:malpedia=\"HerpesBot\""],"HesperBot":["misp-galaxy:malpedia=\"HesperBot\""],"Hi-Zor RAT":["misp-galaxy:malpedia=\"Hi-Zor RAT\""],"HiKit":["misp-galaxy:malpedia=\"HiKit\""],"HiddenLotus":["misp-galaxy:malpedia=\"HiddenLotus\""],"HiddenTear":["misp-galaxy:malpedia=\"HiddenTear\"","misp-galaxy:ransomware=\"HiddenTear\""],"HideDRV":["misp-galaxy:malpedia=\"HideDRV\""],"HtBot":["misp-galaxy:malpedia=\"HtBot\""],"HttpBrowser":["misp-galaxy:malpedia=\"HttpBrowser\""],"Hworm":["misp-galaxy:malpedia=\"Hworm\"","misp-galaxy:tool=\"Hworm\""],"houdini":["misp-galaxy:malpedia=\"Hworm\""],"HyperBro":["misp-galaxy:malpedia=\"HyperBro\""],"IDKEY":["misp-galaxy:malpedia=\"IDKEY\""],"IISniff":["misp-galaxy:malpedia=\"IISniff\""],"IRONHALO":["misp-galaxy:malpedia=\"IRONHALO\""],"IRRat":["misp-galaxy:malpedia=\"IRRat\""],"ISFB":["misp-galaxy:malpedia=\"ISFB\""],"Pandemyia":["misp-galaxy:malpedia=\"ISFB\""],"ISMAgent":["misp-galaxy:malpedia=\"ISMAgent\""],"ISMDoor":["misp-galaxy:malpedia=\"ISMDoor\""],"ISR Stealer":["misp-galaxy:malpedia=\"ISR Stealer\""],"IcedID Downloader":["misp-galaxy:malpedia=\"IcedID Downloader\""],"BokBot":["misp-galaxy:malpedia=\"IcedID\""],"Icefog":["misp-galaxy:malpedia=\"Icefog\""],"Imecab":["misp-galaxy:malpedia=\"Imecab\""],"Imminent Monitor RAT":["misp-galaxy:malpedia=\"Imminent Monitor RAT\""],"Infy":["misp-galaxy:malpedia=\"Infy\"","misp-galaxy:threat-actor=\"Infy\""],"Foudre":["misp-galaxy:malpedia=\"Infy\""],"InnaputRAT":["misp-galaxy:malpedia=\"InnaputRAT\"","misp-galaxy:mitre-malware=\"InnaputRAT - S0259\""],"InvisiMole":["misp-galaxy:malpedia=\"InvisiMole\"","misp-galaxy:mitre-malware=\"InvisiMole - S0260\"","misp-galaxy:tool=\"InvisiMole\""],"IoT Reaper":["misp-galaxy:malpedia=\"IoT Reaper\""],"IoTroop":["misp-galaxy:malpedia=\"IoT Reaper\""],"Reaper":["misp-galaxy:malpedia=\"IoT Reaper\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"APT37\""],"Irc16":["misp-galaxy:malpedia=\"Irc16\""],"IsSpace":["misp-galaxy:malpedia=\"IsSpace\"","misp-galaxy:tool=\"IsSpace\""],"IsraBye":["misp-galaxy:malpedia=\"IsraBye\"","misp-galaxy:ransomware=\"IsraBye\""],"JCry":["misp-galaxy:malpedia=\"JCry\""],"JQJSNICKER":["misp-galaxy:malpedia=\"JQJSNICKER\""],"JackPOS":["misp-galaxy:malpedia=\"JackPOS\""],"JadeRAT":["misp-galaxy:malpedia=\"JadeRAT\"","misp-galaxy:rat=\"JadeRAT\""],"Jaff":["misp-galaxy:malpedia=\"Jaff\"","misp-galaxy:ransomware=\"Jaff\""],"Jager Decryptor":["misp-galaxy:malpedia=\"Jager Decryptor\""],"Jaku":["misp-galaxy:malpedia=\"Jaku\""],"C3PRO-RACOON":["misp-galaxy:malpedia=\"Jaku\""],"KCNA Infostealer":["misp-galaxy:malpedia=\"Jaku\""],"Reconcyc":["misp-galaxy:malpedia=\"Jaku\""],"Jasus":["misp-galaxy:malpedia=\"Jasus\""],"JavaDispCash":["misp-galaxy:malpedia=\"JavaDispCash\""],"JenX":["misp-galaxy:malpedia=\"JenX\""],"Jigsaw":["misp-galaxy:malpedia=\"Jigsaw\"","misp-galaxy:ransomware=\"Jigsaw\""],"Jimmy":["misp-galaxy:malpedia=\"Jimmy\"","misp-galaxy:malpedia=\"Neutrino POS\""],"Joanap":["misp-galaxy:malpedia=\"Joanap\""],"Joao":["misp-galaxy:malpedia=\"Joao\"","misp-galaxy:tool=\"Joao\""],"Jolob":["misp-galaxy:malpedia=\"Jolob\"","misp-galaxy:tool=\"Jolob\""],"JripBot":["misp-galaxy:malpedia=\"JripBot\""],"KAgent":["misp-galaxy:malpedia=\"KAgent\""],"KEYMARBLE":["misp-galaxy:malpedia=\"KEYMARBLE\"","misp-galaxy:mitre-malware=\"KEYMARBLE - S0271\"","misp-galaxy:tool=\"KEYMARBLE\""],"KHRAT":["misp-galaxy:malpedia=\"KHRAT\"","misp-galaxy:tool=\"KHRAT\""],"KINS":["misp-galaxy:malpedia=\"KINS\""],"KLRD":["misp-galaxy:malpedia=\"KLRD\""],"KOMPROGO":["misp-galaxy:malpedia=\"KOMPROGO\"","misp-galaxy:mitre-enterprise-attack-malware=\"KOMPROGO - S0156\"","misp-galaxy:mitre-malware=\"KOMPROGO - S0156\""],"KPOT Stealer":["misp-galaxy:malpedia=\"KPOT Stealer\""],"KSL0T":["misp-galaxy:malpedia=\"KSL0T\""],"Kaiten":["misp-galaxy:malpedia=\"Kaiten\""],"STD":["misp-galaxy:malpedia=\"Kaiten\""],"Karagany":["misp-galaxy:malpedia=\"Karagany\""],"Kardon Loader":["misp-galaxy:malpedia=\"Kardon Loader\""],"Karkoff":["misp-galaxy:malpedia=\"Karkoff\"","misp-galaxy:tool=\"Karkoff\""],"KasperAgent":["misp-galaxy:malpedia=\"KasperAgent\""],"Kazuar":["misp-galaxy:malpedia=\"Kazuar\"","misp-galaxy:mitre-malware=\"Kazuar - S0265\"","misp-galaxy:tool=\"Kazuar\""],"KeRanger":["misp-galaxy:malpedia=\"KeRanger\"","misp-galaxy:ransomware=\"KeRanger\""],"Kegotip":["misp-galaxy:malpedia=\"Kegotip\""],"KerrDown":["misp-galaxy:malpedia=\"KerrDown\""],"KevDroid":["misp-galaxy:malpedia=\"KevDroid\""],"KeyBase":["misp-galaxy:malpedia=\"KeyBase\""],"Kibex":["misp-galaxy:malpedia=\"KeyBase\""],"KeyBoy":["misp-galaxy:malpedia=\"KeyBoy\"","misp-galaxy:malpedia=\"Yahoyah\"","misp-galaxy:mitre-intrusion-set=\"Tropic Trooper - G0081\"","misp-galaxy:threat-actor=\"Pirate Panda\"","misp-galaxy:tool=\"KeyBoy\""],"TSSL":["misp-galaxy:malpedia=\"KeyBoy\""],"KeyPass":["misp-galaxy:malpedia=\"KeyPass\"","misp-galaxy:malpedia=\"STOP Ransomware\"","misp-galaxy:ransomware=\"KEYPASS\""],"Keydnap":["misp-galaxy:malpedia=\"Keydnap\"","misp-galaxy:mitre-malware=\"Keydnap - S0276\""],"Kikothac":["misp-galaxy:malpedia=\"Kikothac\""],"KillDisk":["misp-galaxy:malpedia=\"KillDisk\"","misp-galaxy:tool=\"KillDisk Wiper\""],"Kitmos":["misp-galaxy:malpedia=\"Kitmos\""],"KitM":["misp-galaxy:malpedia=\"Kitmos\""],"KleptoParasite Stealer":["misp-galaxy:malpedia=\"KleptoParasite Stealer\""],"Joglog":["misp-galaxy:malpedia=\"KleptoParasite Stealer\""],"Koadic":["misp-galaxy:malpedia=\"Koadic\"","misp-galaxy:mitre-tool=\"Koadic - S0250\"","misp-galaxy:tool=\"Koadic\""],"KokoKrypt":["misp-galaxy:malpedia=\"KokoKrypt\""],"Koler":["misp-galaxy:malpedia=\"Koler\""],"Komplex":["misp-galaxy:malpedia=\"Komplex\"","misp-galaxy:mitre-enterprise-attack-malware=\"Komplex - S0162\"","misp-galaxy:mitre-malware=\"Komplex - S0162\""],"JHUHUGIT":["misp-galaxy:malpedia=\"Komplex\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:tool=\"GAMEFISH\""],"JKEYSKW":["misp-galaxy:malpedia=\"Komplex\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"SedUploader":["misp-galaxy:malpedia=\"Komplex\""],"Konni":["misp-galaxy:malpedia=\"Konni\"","misp-galaxy:rat=\"Konni\""],"KoobFace":["misp-galaxy:malpedia=\"KoobFace\""],"KopiLuwak":["misp-galaxy:malpedia=\"KopiLuwak\""],"Korlia":["misp-galaxy:malpedia=\"Korlia\""],"Bisonal":["misp-galaxy:malpedia=\"Korlia\"","misp-galaxy:mitre-malware=\"Bisonal - S0268\"","misp-galaxy:tool=\"Bisonal\""],"Kovter":["misp-galaxy:malpedia=\"Kovter\""],"KrBanker":["misp-galaxy:malpedia=\"KrBanker\""],"BlackMoon":["misp-galaxy:malpedia=\"KrBanker\""],"KrDownloader":["misp-galaxy:malpedia=\"KrDownloader\""],"Osiris":["misp-galaxy:malpedia=\"Kronos\""],"Kuaibu":["misp-galaxy:malpedia=\"Kuaibu\""],"Barys":["misp-galaxy:malpedia=\"Kuaibu\""],"Gofot":["misp-galaxy:malpedia=\"Kuaibu\""],"Kuaibpy":["misp-galaxy:malpedia=\"Kuaibu\""],"Kuluoz":["misp-galaxy:malpedia=\"Kuluoz\""],"Kurton":["misp-galaxy:malpedia=\"Kurton\""],"Kutaki":["misp-galaxy:malpedia=\"Kutaki\""],"Kwampirs":["misp-galaxy:malpedia=\"Kwampirs\"","misp-galaxy:mitre-malware=\"Kwampirs - S0236\"","misp-galaxy:tool=\"Kwampirs\""],"LOWBALL":["misp-galaxy:malpedia=\"LOWBALL\"","misp-galaxy:mitre-enterprise-attack-malware=\"LOWBALL - S0042\"","misp-galaxy:mitre-malware=\"LOWBALL - S0042\""],"Lady":["misp-galaxy:malpedia=\"Lady\""],"Lambert":["misp-galaxy:malpedia=\"Lambert\""],"Lamdelin":["misp-galaxy:malpedia=\"Lamdelin\""],"Laoshu":["misp-galaxy:malpedia=\"Laoshu\""],"LatentBot":["misp-galaxy:malpedia=\"LatentBot\""],"Lazarus (Android)":["misp-galaxy:malpedia=\"Lazarus (Android)\""],"Lazarus (Windows)":["misp-galaxy:malpedia=\"Lazarus (Windows)\""],"Lazarus ELF Backdoor":["misp-galaxy:malpedia=\"Lazarus ELF Backdoor\""],"Laziok":["misp-galaxy:malpedia=\"Laziok\"","misp-galaxy:tool=\"Trojan.Laziok\""],"LazyCat":["misp-galaxy:malpedia=\"LazyCat\""],"Leash":["misp-galaxy:malpedia=\"Leash\""],"Leouncia":["misp-galaxy:malpedia=\"Leouncia\""],"shoco":["misp-galaxy:malpedia=\"Leouncia\""],"Leverage":["misp-galaxy:malpedia=\"Leverage\""],"LimeRAT":["misp-galaxy:malpedia=\"LimeRAT\""],"Limitail":["misp-galaxy:malpedia=\"Limitail\""],"Listrix":["misp-galaxy:malpedia=\"Listrix\""],"LiteHTTP":["misp-galaxy:malpedia=\"LiteHTTP\""],"LoJax":["misp-galaxy:malpedia=\"LoJax\"","misp-galaxy:tool=\"LoJax\""],"LockPOS":["misp-galaxy:malpedia=\"LockPOS\""],"LockerGoga":["misp-galaxy:malpedia=\"LockerGoga\"","misp-galaxy:ransomware=\"LockerGoga\""],"Locky (Decryptor)":["misp-galaxy:malpedia=\"Locky (Decryptor)\""],"Locky Loader":["misp-galaxy:malpedia=\"Locky Loader\""],"Locky":["misp-galaxy:malpedia=\"Locky\"","misp-galaxy:ransomware=\"Locky\""],"Loda":["misp-galaxy:malpedia=\"Loda\""],"Nymeria":["misp-galaxy:malpedia=\"Loda\""],"LogPOS":["misp-galaxy:malpedia=\"LogPOS\""],"Logedrut":["misp-galaxy:malpedia=\"Logedrut\""],"Loki Password Stealer (PWS)":["misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\""],"Loki":["misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\"","misp-galaxy:malpedia=\"Loki\""],"LokiPWS":["misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\""],"Lordix":["misp-galaxy:malpedia=\"Lordix\""],"LuckyCat":["misp-galaxy:malpedia=\"LuckyCat\""],"Luminosity RAT":["misp-galaxy:malpedia=\"Luminosity RAT\""],"LunchMoney":["misp-galaxy:malpedia=\"LunchMoney\""],"Lurk":["misp-galaxy:malpedia=\"Lurk\""],"Luzo":["misp-galaxy:malpedia=\"Luzo\""],"Lyposit":["misp-galaxy:malpedia=\"Lyposit\""],"Adneukine":["misp-galaxy:malpedia=\"Lyposit\""],"Bomba Locker":["misp-galaxy:malpedia=\"Lyposit\""],"Lucky Locker":["misp-galaxy:malpedia=\"Lyposit\""],"MAPIget":["misp-galaxy:malpedia=\"MAPIget\""],"MBRlock":["misp-galaxy:malpedia=\"MBRlock\""],"DexLocker":["misp-galaxy:malpedia=\"MBRlock\""],"MECHANICAL":["misp-galaxy:malpedia=\"MECHANICAL\""],"MILKMAID":["misp-galaxy:malpedia=\"MILKMAID\""],"MM Core":["misp-galaxy:malpedia=\"MM Core\"","misp-galaxy:tool=\"MM Core\""],"MPKBot":["misp-galaxy:malpedia=\"MPKBot\""],"MPK":["misp-galaxy:malpedia=\"MPKBot\""],"MS Exchange Tool":["misp-galaxy:malpedia=\"MS Exchange Tool\""],"MaMi":["misp-galaxy:malpedia=\"MaMi\""],"MacDownloader":["misp-galaxy:malpedia=\"MacDownloader\"","misp-galaxy:tool=\"MacDownloader\""],"MacInstaller":["misp-galaxy:malpedia=\"MacInstaller\""],"MacRansom":["misp-galaxy:malpedia=\"MacRansom\"","misp-galaxy:ransomware=\"MacRansom\""],"MacSpy":["misp-galaxy:malpedia=\"MacSpy\"","misp-galaxy:mitre-malware=\"MacSpy - S0282\"","misp-galaxy:rat=\"MacSpy\""],"MacVX":["misp-galaxy:malpedia=\"MacVX\""],"Machete":["misp-galaxy:malpedia=\"Machete\"","misp-galaxy:threat-actor=\"El Machete\""],"El Machete":["misp-galaxy:malpedia=\"Machete\"","misp-galaxy:threat-actor=\"El Machete\""],"MadMax":["misp-galaxy:malpedia=\"MadMax\""],"Magala":["misp-galaxy:malpedia=\"Magala\""],"Magniber":["misp-galaxy:malpedia=\"Magniber\""],"Maintools.js":["misp-galaxy:malpedia=\"Maintools.js\""],"MajikPos":["misp-galaxy:malpedia=\"MajikPos\""],"MakLoader":["misp-galaxy:malpedia=\"MakLoader\""],"Makadocs":["misp-galaxy:malpedia=\"Makadocs\""],"Maktub":["misp-galaxy:malpedia=\"Maktub\""],"MalumPOS":["misp-galaxy:malpedia=\"MalumPOS\""],"Mamba":["misp-galaxy:malpedia=\"Mamba\"","misp-galaxy:ransomware=\"HDDCryptor\""],"DiskCryptor":["misp-galaxy:malpedia=\"Mamba\""],"HDDCryptor":["misp-galaxy:malpedia=\"Mamba\"","misp-galaxy:ransomware=\"HDDCryptor\""],"ManItsMe":["misp-galaxy:malpedia=\"ManItsMe\""],"ManameCrypt":["misp-galaxy:malpedia=\"ManameCrypt\""],"CryptoHost":["misp-galaxy:malpedia=\"ManameCrypt\"","misp-galaxy:ransomware=\"CryptoHost\""],"Mangzamel":["misp-galaxy:malpedia=\"Mangzamel\""],"junidor":["misp-galaxy:malpedia=\"Mangzamel\""],"mengkite":["misp-galaxy:malpedia=\"Mangzamel\""],"vedratve":["misp-galaxy:malpedia=\"Mangzamel\""],"Manifestus":["misp-galaxy:malpedia=\"Manifestus\"","misp-galaxy:ransomware=\"EnkripsiPC Ransomware\""],"Marap":["misp-galaxy:malpedia=\"Marap\""],"Marcher":["misp-galaxy:malpedia=\"Marcher\"","misp-galaxy:mitre-malware=\"Marcher - S0317\""],"Masuta":["misp-galaxy:malpedia=\"Masuta\"","misp-galaxy:tool=\"Masuta\""],"PureMasuta":["misp-galaxy:malpedia=\"Masuta\"","misp-galaxy:tool=\"Masuta\""],"Matrix Ransom":["misp-galaxy:malpedia=\"Matrix Ransom\""],"Matryoshka RAT":["misp-galaxy:malpedia=\"Matryoshka RAT\""],"Matsnu":["misp-galaxy:malpedia=\"Matsnu\""],"MazarBot":["misp-galaxy:malpedia=\"MazarBot\""],"Mebromi":["misp-galaxy:malpedia=\"Mebromi\""],"MyBios":["misp-galaxy:malpedia=\"Mebromi\""],"Medre":["misp-galaxy:malpedia=\"Medre\""],"Medusa":["misp-galaxy:malpedia=\"Medusa\""],"Merlin":["misp-galaxy:malpedia=\"Merlin\""],"Metamorfo":["misp-galaxy:malpedia=\"Metamorfo\""],"Casbaneiro":["misp-galaxy:malpedia=\"Metamorfo\""],"Mewsei":["misp-galaxy:malpedia=\"Mewsei\""],"MiKey":["misp-galaxy:malpedia=\"MiKey\""],"Miancha":["misp-galaxy:malpedia=\"Miancha\""],"Micrass":["misp-galaxy:malpedia=\"Micrass\""],"Microcin":["misp-galaxy:malpedia=\"Microcin\"","misp-galaxy:threat-actor=\"Microcin\""],"Micropsia":["misp-galaxy:malpedia=\"Micropsia\"","misp-galaxy:mitre-malware=\"Micropsia - S0339\""],"Mikoponi":["misp-galaxy:malpedia=\"Mikoponi\""],"MimiKatz":["misp-galaxy:malpedia=\"MimiKatz\""],"MiniASP":["misp-galaxy:malpedia=\"MiniASP\""],"Mirage":["misp-galaxy:malpedia=\"Mirage\"","misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"MirageFox":["misp-galaxy:malpedia=\"MirageFox\"","misp-galaxy:mitre-malware=\"MirageFox - S0280\""],"Mirai (ELF)":["misp-galaxy:malpedia=\"Mirai (ELF)\""],"Mirai (Windows)":["misp-galaxy:malpedia=\"Mirai (Windows)\""],"Misdat":["misp-galaxy:malpedia=\"Misdat\"","misp-galaxy:mitre-enterprise-attack-malware=\"Misdat - S0083\"","misp-galaxy:mitre-malware=\"Misdat - S0083\""],"Misfox":["misp-galaxy:malpedia=\"Misfox\""],"MixFox":["misp-galaxy:malpedia=\"Misfox\""],"ModPack":["misp-galaxy:malpedia=\"Misfox\""],"Miuref":["misp-galaxy:malpedia=\"Miuref\""],"MobiRAT":["misp-galaxy:malpedia=\"MobiRAT\""],"Mocton":["misp-galaxy:malpedia=\"Mocton\""],"ModPOS":["misp-galaxy:malpedia=\"ModPOS\""],"straxbot":["misp-galaxy:malpedia=\"ModPOS\""],"Moker":["misp-galaxy:malpedia=\"Moker\""],"Mokes (ELF)":["misp-galaxy:malpedia=\"Mokes (ELF)\""],"Mokes (OS X)":["misp-galaxy:malpedia=\"Mokes (OS X)\""],"Mokes (Windows)":["misp-galaxy:malpedia=\"Mokes (Windows)\""],"Mole":["misp-galaxy:malpedia=\"Mole\""],"Molerat Loader":["misp-galaxy:malpedia=\"Molerat Loader\""],"Monero Miner":["misp-galaxy:malpedia=\"Monero Miner\""],"CoinMiner":["misp-galaxy:malpedia=\"Monero Miner\"","misp-galaxy:tool=\"CoinMiner\""],"MoonWind":["misp-galaxy:malpedia=\"MoonWind\"","misp-galaxy:mitre-enterprise-attack-malware=\"MoonWind - S0149\"","misp-galaxy:mitre-malware=\"MoonWind - S0149\"","misp-galaxy:rat=\"MoonWind\"","misp-galaxy:tool=\"MoonWind\""],"Moose":["misp-galaxy:malpedia=\"Moose\""],"More_eggs":["misp-galaxy:malpedia=\"More_eggs\"","misp-galaxy:mitre-malware=\"More_eggs - S0284\""],"SpicyOmelette":["misp-galaxy:malpedia=\"More_eggs\"","misp-galaxy:tool=\"SpicyOmelette\""],"Morphine":["misp-galaxy:malpedia=\"Morphine\""],"Morto":["misp-galaxy:malpedia=\"Morto\""],"Mosquito":["misp-galaxy:malpedia=\"Mosquito\"","misp-galaxy:mitre-malware=\"Mosquito - S0256\""],"Moure":["misp-galaxy:malpedia=\"Moure\""],"MrBlack":["misp-galaxy:malpedia=\"MrBlack\""],"Mughthesec":["misp-galaxy:malpedia=\"Mughthesec\"","misp-galaxy:tool=\"Mughthesec\""],"Multigrain POS":["misp-galaxy:malpedia=\"Multigrain POS\""],"Mutabaha":["misp-galaxy:malpedia=\"Mutabaha\""],"MyKings Spreader":["misp-galaxy:malpedia=\"MyKings Spreader\""],"MyloBot":["misp-galaxy:malpedia=\"MyloBot\""],"N40":["misp-galaxy:malpedia=\"N40\""],"NETEAGLE":["misp-galaxy:malpedia=\"NETEAGLE\"","misp-galaxy:mitre-enterprise-attack-malware=\"NETEAGLE - S0034\"","misp-galaxy:mitre-malware=\"NETEAGLE - S0034\""],"ScoutEagle":["misp-galaxy:malpedia=\"NETEAGLE\""],"Nabucur":["misp-galaxy:malpedia=\"Nabucur\""],"Nagini":["misp-galaxy:malpedia=\"Nagini\""],"Naikon":["misp-galaxy:malpedia=\"Naikon\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Naikon - G0019\"","misp-galaxy:mitre-intrusion-set=\"Naikon - G0019\"","misp-galaxy:threat-actor=\"Naikon\""],"NanHaiShu":["misp-galaxy:malpedia=\"NanHaiShu\"","misp-galaxy:mitre-enterprise-attack-malware=\"NanHaiShu - S0228\"","misp-galaxy:mitre-malware=\"NanHaiShu - S0228\"","misp-galaxy:tool=\"NanHaiShu\""],"NanoLocker":["misp-galaxy:malpedia=\"NanoLocker\"","misp-galaxy:ransomware=\"NanoLocker\""],"Nanocore RAT":["misp-galaxy:malpedia=\"Nanocore RAT\""],"Narilam":["misp-galaxy:malpedia=\"Narilam\""],"Nautilus":["misp-galaxy:malpedia=\"Nautilus\"","misp-galaxy:tool=\"Nautilus\""],"NavRAT":["misp-galaxy:malpedia=\"NavRAT\"","misp-galaxy:mitre-malware=\"NavRAT - S0247\"","misp-galaxy:rat=\"NavRAT\""],"Necurs":["misp-galaxy:malpedia=\"Necurs\"","misp-galaxy:tool=\"Necurs\""],"nucurs":["misp-galaxy:malpedia=\"Necurs\""],"Nemim":["misp-galaxy:malpedia=\"Nemim\"","misp-galaxy:threat-actor=\"DarkHotel\""],"Nemain":["misp-galaxy:malpedia=\"Nemim\""],"NetC":["misp-galaxy:malpedia=\"NetC\"","misp-galaxy:mitre-enterprise-attack-malware=\"Net Crawler - S0056\"","misp-galaxy:mitre-malware=\"Net Crawler - S0056\""],"NetSupportManager RAT":["misp-galaxy:malpedia=\"NetSupportManager RAT\""],"NetTraveler":["misp-galaxy:malpedia=\"NetTraveler\"","misp-galaxy:mitre-enterprise-attack-malware=\"NetTraveler - S0033\"","misp-galaxy:mitre-malware=\"NetTraveler - S0033\"","misp-galaxy:threat-actor=\"NetTraveler\"","misp-galaxy:tool=\"NetTraveler\""],"TravNet":["misp-galaxy:malpedia=\"NetTraveler\"","misp-galaxy:threat-actor=\"NetTraveler\"","misp-galaxy:tool=\"NetTraveler\""],"NetWire RC":["misp-galaxy:malpedia=\"NetWire RC\""],"Recam":["misp-galaxy:malpedia=\"NetWire RC\""],"Netrepser":["misp-galaxy:malpedia=\"Netrepser\""],"Neuron":["misp-galaxy:malpedia=\"Neuron\"","misp-galaxy:tool=\"Neuron\""],"Neutrino POS":["misp-galaxy:malpedia=\"Neutrino POS\""],"Kasidet":["misp-galaxy:malpedia=\"Neutrino\"","misp-galaxy:mitre-enterprise-attack-malware=\"Kasidet - S0088\"","misp-galaxy:mitre-malware=\"Kasidet - S0088\""],"NewCT":["misp-galaxy:malpedia=\"NewCT\"","misp-galaxy:tool=\"NewCT\""],"CT":["misp-galaxy:malpedia=\"NewCT\""],"NewCore RAT":["misp-galaxy:malpedia=\"NewCore RAT\""],"NewPosThings":["misp-galaxy:malpedia=\"NewPosThings\""],"NewsReels":["misp-galaxy:malpedia=\"NewsReels\""],"Nexster Bot":["misp-galaxy:malpedia=\"Nexster Bot\""],"NexusLogger":["misp-galaxy:malpedia=\"NexusLogger\""],"Ngioweb":["misp-galaxy:malpedia=\"Ngioweb\""],"NgrBot":["misp-galaxy:malpedia=\"NgrBot\""],"Nitol":["misp-galaxy:malpedia=\"Nitol\""],"NjRAT":["misp-galaxy:malpedia=\"NjRAT\""],"Bladabindi":["misp-galaxy:malpedia=\"NjRAT\"","misp-galaxy:tool=\"njRAT\""],"Nocturnal Stealer":["misp-galaxy:malpedia=\"Nocturnal Stealer\"","misp-galaxy:stealer=\"Nocturnal Stealer\""],"Nokki":["misp-galaxy:malpedia=\"Nokki\""],"Nozelesn (Decryptor)":["misp-galaxy:malpedia=\"Nozelesn (Decryptor)\""],"Nymaim":["misp-galaxy:malpedia=\"Nymaim\"","misp-galaxy:tool=\"Nymaim\""],"nymain":["misp-galaxy:malpedia=\"Nymaim\""],"Nymaim2":["misp-galaxy:malpedia=\"Nymaim2\""],"OLDBAIT":["misp-galaxy:malpedia=\"OLDBAIT\"","misp-galaxy:mitre-enterprise-attack-malware=\"OLDBAIT - S0138\"","misp-galaxy:mitre-malware=\"OLDBAIT - S0138\"","misp-galaxy:tool=\"OLDBAIT\""],"Sasfis":["misp-galaxy:malpedia=\"OLDBAIT\"","misp-galaxy:malpedia=\"Sasfis\"","misp-galaxy:mitre-enterprise-attack-malware=\"OLDBAIT - S0138\"","misp-galaxy:mitre-malware=\"OLDBAIT - S0138\"","misp-galaxy:tool=\"OLDBAIT\""],"ONHAT":["misp-galaxy:malpedia=\"ONHAT\""],"ORANGEADE":["misp-galaxy:malpedia=\"ORANGEADE\""],"OceanLotus":["misp-galaxy:malpedia=\"OceanLotus\"","misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"Oceansalt":["misp-galaxy:malpedia=\"Oceansalt\""],"Octopus":["misp-galaxy:malpedia=\"Octopus\"","misp-galaxy:mitre-malware=\"Octopus - S0340\""],"OddJob":["misp-galaxy:malpedia=\"OddJob\""],"Odinaff":["misp-galaxy:malpedia=\"Odinaff\"","misp-galaxy:tool=\"Odinaff\""],"OilRig":["misp-galaxy:malpedia=\"OilRig\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig - G0049\"","misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\"","misp-galaxy:threat-actor=\"CHRYSENE\"","misp-galaxy:threat-actor=\"OilRig\""],"Olympic Destroyer":["misp-galaxy:malpedia=\"Olympic Destroyer\"","misp-galaxy:mitre-malware=\"Olympic Destroyer - S0365\"","misp-galaxy:tool=\"Olympic Destroyer\""],"Olyx":["misp-galaxy:malpedia=\"Olyx\""],"OmniRAT":["misp-galaxy:malpedia=\"OmniRAT\"","misp-galaxy:rat=\"OmniRAT\""],"OneKeyLocker":["misp-galaxy:malpedia=\"OneKeyLocker\""],"OnionDuke":["misp-galaxy:malpedia=\"OnionDuke\"","misp-galaxy:mitre-enterprise-attack-malware=\"OnionDuke - S0052\"","misp-galaxy:mitre-malware=\"OnionDuke - S0052\""],"OnlinerSpambot":["misp-galaxy:malpedia=\"OnlinerSpambot\""],"Onliner":["misp-galaxy:malpedia=\"OnlinerSpambot\""],"SBot":["misp-galaxy:malpedia=\"OnlinerSpambot\""],"OopsIE":["misp-galaxy:malpedia=\"OopsIE\"","misp-galaxy:mitre-malware=\"OopsIE - S0264\""],"OpBlockBuster":["misp-galaxy:malpedia=\"OpBlockBuster\""],"OpGhoul":["misp-galaxy:malpedia=\"OpGhoul\""],"Opachki":["misp-galaxy:malpedia=\"Opachki\""],"OrcaRAT":["misp-galaxy:malpedia=\"OrcaRAT\""],"Orcus RAT":["misp-galaxy:malpedia=\"Orcus RAT\""],"Ordinypt":["misp-galaxy:malpedia=\"Ordinypt\"","misp-galaxy:tool=\"Ordinypt\""],"Outlook Backdoor":["misp-galaxy:malpedia=\"Outlook Backdoor\""],"Overlay RAT":["misp-galaxy:malpedia=\"Overlay RAT\""],"OvidiyStealer":["misp-galaxy:malpedia=\"OvidiyStealer\""],"PAS":["misp-galaxy:malpedia=\"PAS\""],"PC Surveillance System":["misp-galaxy:malpedia=\"PC Surveillance System\""],"PSS":["misp-galaxy:malpedia=\"PC Surveillance System\""],"PHOREAL":["misp-galaxy:malpedia=\"PHOREAL\"","misp-galaxy:mitre-enterprise-attack-malware=\"PHOREAL - S0158\"","misp-galaxy:mitre-malware=\"PHOREAL - S0158\""],"Rizzo":["misp-galaxy:malpedia=\"PHOREAL\""],"PLAINTEE":["misp-galaxy:malpedia=\"PLAINTEE\"","misp-galaxy:mitre-malware=\"PLAINTEE - S0254\"","misp-galaxy:tool=\"PLAINTEE\""],"PLEAD":["misp-galaxy:malpedia=\"PLEAD\"","misp-galaxy:tool=\"PLEAD\""],"TSCookie":["misp-galaxy:malpedia=\"PLEAD\"","misp-galaxy:tool=\"TSCookie\""],"POSHSPY":["misp-galaxy:malpedia=\"POSHSPY\"","misp-galaxy:mitre-enterprise-attack-malware=\"POSHSPY - S0150\"","misp-galaxy:mitre-malware=\"POSHSPY - S0150\""],"POWERPIPE":["misp-galaxy:malpedia=\"POWERPIPE\""],"POWERSOURCE":["misp-galaxy:malpedia=\"POWERSOURCE\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-malware=\"POWERSOURCE - S0145\""],"POWERSTATS":["misp-galaxy:malpedia=\"POWERSTATS\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWERSTATS - S0223\"","misp-galaxy:mitre-malware=\"POWERSTATS - S0223\""],"Valyria":["misp-galaxy:malpedia=\"POWERSTATS\""],"POWRUNER":["misp-galaxy:malpedia=\"POWRUNER\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWRUNER - S0184\"","misp-galaxy:mitre-malware=\"POWRUNER - S0184\""],"PadCrypt":["misp-galaxy:malpedia=\"PadCrypt\"","misp-galaxy:ransomware=\"PadCrypt\""],"PandaBanker":["misp-galaxy:malpedia=\"PandaBanker\""],"ZeusPanda":["misp-galaxy:malpedia=\"PandaBanker\""],"Patcher":["misp-galaxy:malpedia=\"Patcher\"","misp-galaxy:ransomware=\"FileCoder\"","misp-galaxy:ransomware=\"Patcher\""],"FileCoder":["misp-galaxy:malpedia=\"Patcher\"","misp-galaxy:ransomware=\"FileCoder\""],"Findzip":["misp-galaxy:malpedia=\"Patcher\""],"Peepy RAT":["misp-galaxy:malpedia=\"Peepy RAT\""],"Penco":["misp-galaxy:malpedia=\"Penco\""],"Penquin Turla":["misp-galaxy:malpedia=\"Penquin Turla\""],"PerlBot":["misp-galaxy:malpedia=\"PerlBot\""],"DDoS Perl IrcBot":["misp-galaxy:malpedia=\"PerlBot\""],"ShellBot":["misp-galaxy:malpedia=\"PerlBot\""],"PetrWrap":["misp-galaxy:malpedia=\"PetrWrap\""],"Petya":["misp-galaxy:malpedia=\"Petya\"","misp-galaxy:ransomware=\"Petya\""],"PhanDoor":["misp-galaxy:malpedia=\"PhanDoor\""],"Philadephia Ransom":["misp-galaxy:malpedia=\"Philadephia Ransom\""],"Phorpiex":["misp-galaxy:malpedia=\"Phorpiex\""],"Trik":["misp-galaxy:malpedia=\"Phorpiex\""],"PintSized":["misp-galaxy:malpedia=\"PintSized\""],"Pirrit":["misp-galaxy:malpedia=\"Pirrit\""],"Pitou":["misp-galaxy:malpedia=\"Pitou\""],"PittyTiger RAT":["misp-galaxy:malpedia=\"PittyTiger RAT\""],"Pkybot":["misp-galaxy:malpedia=\"Pkybot\""],"Bublik":["misp-galaxy:malpedia=\"Pkybot\""],"Pykbot":["misp-galaxy:malpedia=\"Pkybot\""],"TBag":["misp-galaxy:malpedia=\"Pkybot\""],"Plexor":["misp-galaxy:malpedia=\"Plexor\"","misp-galaxy:tool=\"Plexor\""],"Ploutus ATM":["misp-galaxy:malpedia=\"Ploutus ATM\""],"PlugX":["misp-galaxy:malpedia=\"PlugX\"","misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\"","misp-galaxy:rat=\"PlugX\"","misp-galaxy:tool=\"PlugX\""],"Korplug":["misp-galaxy:malpedia=\"PlugX\"","misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\"","misp-galaxy:rat=\"PlugX\"","misp-galaxy:tool=\"PlugX\""],"Poison Ivy":["misp-galaxy:malpedia=\"Poison Ivy\"","misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\"","misp-galaxy:rat=\"PoisonIvy\"","misp-galaxy:tool=\"Poison Ivy\""],"pivy":["misp-galaxy:malpedia=\"Poison Ivy\""],"poisonivy":["misp-galaxy:malpedia=\"Poison Ivy\"","misp-galaxy:tool=\"poisonivy\""],"Polyglot":["misp-galaxy:malpedia=\"Polyglot\"","misp-galaxy:ransomware=\"Polyglot\""],"Pony":["misp-galaxy:malpedia=\"Pony\"","misp-galaxy:tool=\"Hancitor\""],"Fareit":["misp-galaxy:malpedia=\"Pony\"","misp-galaxy:tool=\"Fareit\""],"Siplog":["misp-galaxy:malpedia=\"Pony\""],"PoohMilk Loader":["misp-galaxy:malpedia=\"PoohMilk Loader\""],"Popcorn Time":["misp-galaxy:malpedia=\"Popcorn Time\""],"PoshC2":["misp-galaxy:malpedia=\"PoshC2\"","misp-galaxy:mitre-tool=\"PoshC2 - S0378\""],"Poweliks Dropper":["misp-galaxy:malpedia=\"Poweliks Dropper\""],"PowerDuke":["misp-galaxy:malpedia=\"PowerDuke\"","misp-galaxy:mitre-enterprise-attack-malware=\"PowerDuke - S0139\"","misp-galaxy:mitre-malware=\"PowerDuke - S0139\""],"PowerPool":["misp-galaxy:malpedia=\"PowerPool\"","misp-galaxy:threat-actor=\"PowerPool\""],"PowerRatankba":["misp-galaxy:malpedia=\"PowerRatankba\"","misp-galaxy:tool=\"PowerRatankba\""],"PowerSpritz":["misp-galaxy:malpedia=\"PowerSpritz\"","misp-galaxy:tool=\"PowerSpritz\""],"PowerWare":["misp-galaxy:malpedia=\"PowerWare\"","misp-galaxy:ransomware=\"PowerWare\""],"Powersniff":["misp-galaxy:malpedia=\"Powersniff\""],"Powmet":["misp-galaxy:malpedia=\"Powmet\""],"Predator The Thief":["misp-galaxy:malpedia=\"Predator The Thief\""],"Premier RAT":["misp-galaxy:malpedia=\"Premier RAT\""],"PresFox":["misp-galaxy:malpedia=\"PresFox\""],"Prikorma":["misp-galaxy:malpedia=\"Prikorma\""],"Prilex":["misp-galaxy:malpedia=\"Prilex\""],"PrincessLocker":["misp-galaxy:malpedia=\"PrincessLocker\""],"Project Alice":["misp-galaxy:malpedia=\"Project Alice\""],"AliceATM":["misp-galaxy:malpedia=\"Project Alice\""],"PrAlice":["misp-galaxy:malpedia=\"Project Alice\""],"Proton RAT":["misp-galaxy:malpedia=\"Proton RAT\""],"Calisto":["misp-galaxy:malpedia=\"Proton RAT\"","misp-galaxy:mitre-malware=\"Calisto - S0274\""],"PsiX":["misp-galaxy:malpedia=\"PsiX\""],"Pteranodon":["misp-galaxy:malpedia=\"Pteranodon\"","misp-galaxy:mitre-enterprise-attack-malware=\"Pteranodon - S0147\"","misp-galaxy:mitre-malware=\"Pteranodon - S0147\""],"PubNubRAT":["misp-galaxy:malpedia=\"PubNubRAT\""],"Punkey POS":["misp-galaxy:malpedia=\"Punkey POS\""],"Putabmow":["misp-galaxy:malpedia=\"Putabmow\""],"PvzOut":["misp-galaxy:malpedia=\"PvzOut\""],"Pwnet":["misp-galaxy:malpedia=\"Pwnet\"","misp-galaxy:tool=\"Pwnet\""],"PyLocky":["misp-galaxy:malpedia=\"PyLocky\""],"Locky Locker":["misp-galaxy:malpedia=\"PyLocky\""],"Pykspa":["misp-galaxy:malpedia=\"Pykspa\""],"QHost":["misp-galaxy:malpedia=\"QHost\""],"Tolouge":["misp-galaxy:malpedia=\"QHost\""],"QRat":["misp-galaxy:malpedia=\"QRat\""],"Quaverse RAT":["misp-galaxy:malpedia=\"QRat\""],"QUADAGENT":["misp-galaxy:malpedia=\"QUADAGENT\"","misp-galaxy:mitre-malware=\"QUADAGENT - S0269\""],"Qaccel":["misp-galaxy:malpedia=\"Qaccel\""],"QakBot":["misp-galaxy:malpedia=\"QakBot\""],"Qbot":["misp-galaxy:malpedia=\"QakBot\"","misp-galaxy:tool=\"Akbot\""],"Qarallax RAT":["misp-galaxy:malpedia=\"Qarallax RAT\""],"Qealler":["misp-galaxy:malpedia=\"Qealler\""],"QtBot":["misp-galaxy:malpedia=\"QtBot\""],"qtproject":["misp-galaxy:malpedia=\"QtBot\""],"Quant Loader":["misp-galaxy:malpedia=\"Quant Loader\"","misp-galaxy:tool=\"Quant Loader\""],"Quasar RAT":["misp-galaxy:malpedia=\"Quasar RAT\"","misp-galaxy:rat=\"Quasar RAT\""],"Qulab":["misp-galaxy:malpedia=\"Qulab\""],"RCS":["misp-galaxy:malpedia=\"RCS\""],"Remote Control System":["misp-galaxy:malpedia=\"RCS\""],"RGDoor":["misp-galaxy:malpedia=\"RGDoor\"","misp-galaxy:mitre-malware=\"RGDoor - S0258\""],"RMS":["misp-galaxy:malpedia=\"RMS\""],"Remote Manipulator System":["misp-galaxy:malpedia=\"RMS\""],"RTM":["misp-galaxy:malpedia=\"RTM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"RTM - G0048\"","misp-galaxy:mitre-enterprise-attack-malware=\"RTM - S0148\"","misp-galaxy:mitre-intrusion-set=\"RTM - G0048\"","misp-galaxy:mitre-malware=\"RTM - S0148\"","misp-galaxy:threat-actor=\"RTM\""],"RadRAT":["misp-galaxy:malpedia=\"RadRAT\"","misp-galaxy:rat=\"RadRAT\""],"Radamant":["misp-galaxy:malpedia=\"Radamant\"","misp-galaxy:ransomware=\"Radamant\""],"Rakhni":["misp-galaxy:malpedia=\"Rakhni\"","misp-galaxy:ransomware=\"Bandarchor\"","misp-galaxy:ransomware=\"Rakhni\""],"Rakos":["misp-galaxy:malpedia=\"Rakos\""],"Rambo":["misp-galaxy:malpedia=\"Rambo\""],"brebsd":["misp-galaxy:malpedia=\"Rambo\""],"Ramdo":["misp-galaxy:malpedia=\"Ramdo\""],"Ranscam":["misp-galaxy:malpedia=\"Ranscam\"","misp-galaxy:ransomware=\"CryptoFinancial\""],"Ransoc":["misp-galaxy:malpedia=\"Ransoc\"","misp-galaxy:ransomware=\"Ransoc\""],"Ransomlock":["misp-galaxy:malpedia=\"Ransomlock\""],"WinLock":["misp-galaxy:malpedia=\"Ransomlock\""],"Rapid Ransom":["misp-galaxy:malpedia=\"Rapid Ransom\""],"RapidStealer":["misp-galaxy:malpedia=\"RapidStealer\""],"Rarog":["misp-galaxy:malpedia=\"Rarog\""],"RatabankaPOS":["misp-galaxy:malpedia=\"RatabankaPOS\""],"Ratty":["misp-galaxy:malpedia=\"Ratty\"","misp-galaxy:rat=\"Ratty\""],"RawPOS":["misp-galaxy:malpedia=\"RawPOS\"","misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"Raxir":["misp-galaxy:malpedia=\"Raxir\""],"Reaver":["misp-galaxy:malpedia=\"Reaver\"","misp-galaxy:mitre-enterprise-attack-malware=\"Reaver - S0172\"","misp-galaxy:mitre-malware=\"Reaver - S0172\"","misp-galaxy:tool=\"Reaver\""],"Red Alert":["misp-galaxy:malpedia=\"Red Alert\"","misp-galaxy:ransomware=\"Red Alert\""],"Red Gambler":["misp-galaxy:malpedia=\"Red Gambler\""],"RedAlpha":["misp-galaxy:malpedia=\"RedAlpha\"","misp-galaxy:threat-actor=\"RedAlpha\""],"RedLeaves":["misp-galaxy:malpedia=\"RedLeaves\"","misp-galaxy:mitre-enterprise-attack-malware=\"RedLeaves - S0153\"","misp-galaxy:mitre-malware=\"RedLeaves - S0153\"","misp-galaxy:rat=\"RedLeaves\""],"Redaman":["misp-galaxy:malpedia=\"Redaman\""],"Redyms":["misp-galaxy:malpedia=\"Redyms\""],"Regin":["misp-galaxy:malpedia=\"Regin\"","misp-galaxy:mitre-enterprise-attack-malware=\"Regin - S0019\"","misp-galaxy:mitre-malware=\"Regin - S0019\"","misp-galaxy:tool=\"Regin\""],"Remcos":["misp-galaxy:malpedia=\"Remcos\"","misp-galaxy:mitre-tool=\"Remcos - S0332\"","misp-galaxy:rat=\"Remcos\""],"Remexi":["misp-galaxy:malpedia=\"Remexi\"","misp-galaxy:mitre-malware=\"Remexi - S0375\""],"Remsec":["misp-galaxy:malpedia=\"Remsec\"","misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-malware=\"Remsec - S0125\""],"Remy":["misp-galaxy:malpedia=\"Remy\""],"Rerdom":["misp-galaxy:malpedia=\"Rerdom\""],"Retadup":["misp-galaxy:malpedia=\"Retadup\""],"Retefe (Android)":["misp-galaxy:malpedia=\"Retefe (Android)\""],"Retefe (Windows)":["misp-galaxy:malpedia=\"Retefe (Windows)\""],"Revenge RAT":["misp-galaxy:malpedia=\"Revenge RAT\""],"Revetrat":["misp-galaxy:malpedia=\"Revenge RAT\""],"Rex":["misp-galaxy:malpedia=\"Rex\""],"Rietspoof":["misp-galaxy:malpedia=\"Rietspoof\""],"Rifdoor":["misp-galaxy:malpedia=\"Rifdoor\""],"Rikamanu":["misp-galaxy:malpedia=\"Rikamanu\""],"Rincux":["misp-galaxy:malpedia=\"Rincux\""],"Ripper ATM":["misp-galaxy:malpedia=\"Ripper ATM\""],"Roaming Mantis":["misp-galaxy:malpedia=\"Roaming Mantis\"","misp-galaxy:threat-actor=\"Roaming Mantis\"","misp-galaxy:tool=\"Roaming Mantis\""],"Rockloader":["misp-galaxy:malpedia=\"Rockloader\""],"Rofin":["misp-galaxy:malpedia=\"Rofin\""],"RogueRobin":["misp-galaxy:malpedia=\"RogueRobin\"","misp-galaxy:mitre-malware=\"RogueRobin - S0270\""],"RogueRobinNET":["misp-galaxy:malpedia=\"RogueRobinNET\""],"RokRAT":["misp-galaxy:malpedia=\"RokRAT\""],"Rokku":["misp-galaxy:malpedia=\"Rokku\"","misp-galaxy:ransomware=\"Rokku\""],"Rombertik":["misp-galaxy:malpedia=\"Rombertik\""],"CarbonGrabber":["misp-galaxy:malpedia=\"Rombertik\""],"Romeo(Alfa,Bravo, ...)":["misp-galaxy:malpedia=\"Romeo(Alfa,Bravo, ...)\""],"Roopirs":["misp-galaxy:malpedia=\"Roopirs\""],"Roseam":["misp-galaxy:malpedia=\"Roseam\""],"RotorCrypt":["misp-galaxy:malpedia=\"RotorCrypt\"","misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"RotoCrypt":["misp-galaxy:malpedia=\"RotorCrypt\"","misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"Rotor":["misp-galaxy:malpedia=\"RotorCrypt\"","misp-galaxy:ransomware=\"Rakhni\""],"Rover":["misp-galaxy:malpedia=\"Rover\"","misp-galaxy:mitre-enterprise-attack-malware=\"Rover - S0090\"","misp-galaxy:mitre-malware=\"Rover - S0090\""],"Rovnix":["misp-galaxy:malpedia=\"Rovnix\"","misp-galaxy:tool=\"Rovnix\""],"BkLoader":["misp-galaxy:malpedia=\"Rovnix\""],"Cidox":["misp-galaxy:malpedia=\"Rovnix\""],"Mayachok":["misp-galaxy:malpedia=\"Rovnix\""],"Royal DNS":["misp-galaxy:malpedia=\"Royal DNS\""],"RoyalCli":["misp-galaxy:malpedia=\"RoyalCli\"","misp-galaxy:tool=\"RoyalCli\""],"Rozena":["misp-galaxy:malpedia=\"Rozena\""],"Ruckguv":["misp-galaxy:malpedia=\"Ruckguv\"","misp-galaxy:tool=\"Ruckguv\""],"Rumish":["misp-galaxy:malpedia=\"Rumish\""],"Rurktar":["misp-galaxy:malpedia=\"Rurktar\"","misp-galaxy:rat=\"Rurktar\""],"RCSU":["misp-galaxy:malpedia=\"Rurktar\""],"Ryuk":["misp-galaxy:malpedia=\"Ryuk\""],"SAGE":["misp-galaxy:malpedia=\"SAGE\""],"Saga":["misp-galaxy:malpedia=\"SAGE\""],"SHAPESHIFT":["misp-galaxy:malpedia=\"SHAPESHIFT\""],"SHARPKNOT":["misp-galaxy:malpedia=\"SHARPKNOT\"","misp-galaxy:tool=\"SHARPKNOT\""],"Bitrep":["misp-galaxy:malpedia=\"SHARPKNOT\""],"SHIPSHAPE":["misp-galaxy:malpedia=\"SHIPSHAPE\"","misp-galaxy:mitre-enterprise-attack-malware=\"SHIPSHAPE - S0028\"","misp-galaxy:mitre-malware=\"SHIPSHAPE - S0028\""],"SMSspy":["misp-galaxy:malpedia=\"SMSspy\""],"SNEEPY":["misp-galaxy:malpedia=\"SNEEPY\""],"ByeByeShell":["misp-galaxy:malpedia=\"SNEEPY\""],"SNS Locker":["misp-galaxy:malpedia=\"SNS Locker\""],"SOUNDBITE":["misp-galaxy:malpedia=\"SOUNDBITE\"","misp-galaxy:mitre-enterprise-attack-malware=\"SOUNDBITE - S0157\"","misp-galaxy:mitre-malware=\"SOUNDBITE - S0157\""],"denis":["misp-galaxy:malpedia=\"SOUNDBITE\""],"SPACESHIP":["misp-galaxy:malpedia=\"SPACESHIP\"","misp-galaxy:mitre-enterprise-attack-malware=\"SPACESHIP - S0035\"","misp-galaxy:mitre-malware=\"SPACESHIP - S0035\""],"SQLRat":["misp-galaxy:malpedia=\"SQLRat\""],"SSHDoor":["misp-galaxy:malpedia=\"SSHDoor\"","misp-galaxy:tool=\"SSHDoor\""],"STOP Ransomware":["misp-galaxy:malpedia=\"STOP Ransomware\"","misp-galaxy:ransomware=\"STOP Ransomware\""],"Djvu":["misp-galaxy:malpedia=\"STOP Ransomware\"","misp-galaxy:ransomware=\"Djvu\""],"Sakula RAT":["misp-galaxy:malpedia=\"Sakula RAT\""],"Sakurel":["misp-galaxy:malpedia=\"Sakula RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\"","misp-galaxy:rat=\"Sakula\"","misp-galaxy:tool=\"Sakula\""],"Salgorea":["misp-galaxy:malpedia=\"Salgorea\""],"SamSam":["misp-galaxy:malpedia=\"SamSam\"","misp-galaxy:mitre-malware=\"SamSam - S0370\"","misp-galaxy:ransomware=\"Samas-Samsam\""],"Sanny":["misp-galaxy:malpedia=\"Sanny\""],"Daws":["misp-galaxy:malpedia=\"Sanny\""],"Saphyra":["misp-galaxy:malpedia=\"Saphyra\""],"SappyCache":["misp-galaxy:malpedia=\"SappyCache\""],"Sarhust":["misp-galaxy:malpedia=\"Sarhust\""],"Hussarini":["misp-galaxy:malpedia=\"Sarhust\""],"Satan Ransomware":["misp-galaxy:malpedia=\"Satan Ransomware\"","misp-galaxy:ransomware=\"Satan Ransomware\""],"DBGer":["misp-galaxy:malpedia=\"Satan Ransomware\""],"Lucky Ransomware":["misp-galaxy:malpedia=\"Satan Ransomware\"","misp-galaxy:ransomware=\"Lucky Ransomware\""],"Satana":["misp-galaxy:malpedia=\"Satana\"","misp-galaxy:ransomware=\"Satana\""],"Sathurbot":["misp-galaxy:malpedia=\"Sathurbot\"","misp-galaxy:tool=\"Sathurbot\""],"Sauron Locker":["misp-galaxy:malpedia=\"Sauron Locker\""],"ScanPOS":["misp-galaxy:malpedia=\"ScanPOS\""],"Schneiken":["misp-galaxy:malpedia=\"Schneiken\""],"Scote":["misp-galaxy:malpedia=\"Scote\""],"ScreenLocker":["misp-galaxy:malpedia=\"ScreenLocker\""],"SeDll":["misp-galaxy:malpedia=\"SeDll\""],"SeaDaddy":["misp-galaxy:malpedia=\"SeaDaddy\"","misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\""],"SeaSalt":["misp-galaxy:malpedia=\"SeaSalt\""],"Sedreco":["misp-galaxy:malpedia=\"Sedreco\"","misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"azzy":["misp-galaxy:malpedia=\"Sedreco\""],"eviltoss":["misp-galaxy:malpedia=\"Sedreco\""],"Seduploader":["misp-galaxy:malpedia=\"Seduploader\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:tool=\"GAMEFISH\""],"carberplike":["misp-galaxy:malpedia=\"Seduploader\""],"downrage":["misp-galaxy:malpedia=\"Seduploader\""],"jhuhugit":["misp-galaxy:malpedia=\"Seduploader\""],"jkeyskw":["misp-galaxy:malpedia=\"Seduploader\""],"SendSafe":["misp-galaxy:malpedia=\"SendSafe\""],"Serpico":["misp-galaxy:malpedia=\"Serpico\"","misp-galaxy:ransomware=\"Serpico\""],"ShadowPad":["misp-galaxy:malpedia=\"ShadowPad\"","misp-galaxy:tool=\"ShadowPad\""],"XShellGhost":["misp-galaxy:malpedia=\"ShadowPad\""],"Shakti":["misp-galaxy:malpedia=\"Shakti\""],"ShellBind":["misp-galaxy:malpedia=\"ShellBind\""],"ShellLocker":["misp-galaxy:malpedia=\"ShellLocker\""],"Shifu":["misp-galaxy:malpedia=\"Shifu\"","misp-galaxy:tool=\"Shifu\""],"Shim RAT":["misp-galaxy:malpedia=\"Shim RAT\""],"Shishiga":["misp-galaxy:malpedia=\"Shishiga\""],"Shujin":["misp-galaxy:malpedia=\"Shujin\"","misp-galaxy:ransomware=\"Shujin\""],"Shurl0ckr":["misp-galaxy:malpedia=\"Shurl0ckr\""],"Shylock":["misp-galaxy:malpedia=\"Shylock\""],"Caphaw":["misp-galaxy:malpedia=\"Shylock\""],"SideWinder":["misp-galaxy:malpedia=\"SideWinder\""],"Sierra(Alfa,Bravo, ...)":["misp-galaxy:malpedia=\"Sierra(Alfa,Bravo, ...)\""],"Destover":["misp-galaxy:malpedia=\"Sierra(Alfa,Bravo, ...)\""],"Siggen6":["misp-galaxy:malpedia=\"Siggen6\""],"Silence DDoS":["misp-galaxy:malpedia=\"Silence DDoS\""],"Silence":["misp-galaxy:malpedia=\"Silence\"","misp-galaxy:threat-actor=\"Silence group\"","misp-galaxy:tool=\"Silence\""],"TrueBot":["misp-galaxy:malpedia=\"Silence\""],"Silon":["misp-galaxy:malpedia=\"Silon\""],"Siluhdur":["misp-galaxy:malpedia=\"Siluhdur\""],"iBank":["misp-galaxy:malpedia=\"Simda\""],"Mebroot":["misp-galaxy:malpedia=\"Sinowal\""],"Quarian":["misp-galaxy:malpedia=\"Sinowal\""],"Theola":["misp-galaxy:malpedia=\"Sinowal\""],"Sisfader":["misp-galaxy:malpedia=\"Sisfader\"","misp-galaxy:rat=\"Sisfader\""],"Skarab Ransom":["misp-galaxy:malpedia=\"Skarab Ransom\""],"Skyplex":["misp-galaxy:malpedia=\"Skyplex\""],"Slave":["misp-galaxy:malpedia=\"Slave\""],"Slempo":["misp-galaxy:malpedia=\"Slempo\"","misp-galaxy:tool=\"Slempo\""],"Slingshot":["misp-galaxy:malpedia=\"Slingshot\"","misp-galaxy:threat-actor=\"Slingshot\""],"Slocker":["misp-galaxy:malpedia=\"Slocker\""],"SmokeLoader":["misp-galaxy:malpedia=\"SmokeLoader\"","misp-galaxy:tool=\"Smoke Loader\""],"Dofoil":["misp-galaxy:malpedia=\"SmokeLoader\"","misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"","misp-galaxy:mitre-malware=\"Smoke Loader - S0226\""],"Smrss32 Ransomware":["misp-galaxy:malpedia=\"Smrss32 Ransomware\""],"SnatchLoader":["misp-galaxy:malpedia=\"SnatchLoader\""],"Snojan":["misp-galaxy:malpedia=\"Snojan\""],"Sobaken":["misp-galaxy:malpedia=\"Sobaken\""],"Socks5 Systemz":["misp-galaxy:malpedia=\"Socks5 Systemz\""],"SocksBot":["misp-galaxy:malpedia=\"SocksBot\""],"BIRDDOG":["misp-galaxy:malpedia=\"SocksBot\""],"Nadrac":["misp-galaxy:malpedia=\"SocksBot\""],"Solarbot":["misp-galaxy:malpedia=\"Solarbot\""],"Napolar":["misp-galaxy:malpedia=\"Solarbot\""],"Sorgu":["misp-galaxy:malpedia=\"Sorgu\""],"Spamtorte":["misp-galaxy:malpedia=\"Spamtorte\""],"SpeakUp":["misp-galaxy:malpedia=\"SpeakUp\"","misp-galaxy:mitre-malware=\"SpeakUp - S0374\""],"Spedear":["misp-galaxy:malpedia=\"Spedear\""],"Spora":["misp-galaxy:malpedia=\"Spora\""],"SpyBot":["misp-galaxy:malpedia=\"SpyBot\""],"SpyNote":["misp-galaxy:malpedia=\"SpyNote\"","misp-galaxy:rat=\"SpyNote\""],"SquirtDanger":["misp-galaxy:malpedia=\"SquirtDanger\""],"SslMM":["misp-galaxy:malpedia=\"SslMM\"","misp-galaxy:mitre-enterprise-attack-malware=\"SslMM - S0058\"","misp-galaxy:mitre-malware=\"SslMM - S0058\""],"Stabuniq":["misp-galaxy:malpedia=\"Stabuniq\""],"Stampedo":["misp-galaxy:malpedia=\"Stampedo\""],"Stantinko":["misp-galaxy:malpedia=\"Stantinko\""],"StarCruft":["misp-galaxy:malpedia=\"StarCruft\"","misp-galaxy:threat-actor=\"APT37\""],"StarLoader":["misp-galaxy:malpedia=\"StarLoader\""],"StarsyPound":["misp-galaxy:malpedia=\"StarsyPound\""],"StartPage":["misp-galaxy:malpedia=\"StartPage\""],"Easy Television Access Now":["misp-galaxy:malpedia=\"StartPage\""],"Stealth Mango":["misp-galaxy:malpedia=\"Stealth Mango\"","misp-galaxy:mitre-malware=\"Stealth Mango - S0328\""],"StealthAgent":["misp-galaxy:malpedia=\"StealthAgent\""],"StealthWorker Go":["misp-galaxy:malpedia=\"StealthWorker Go\""],"StegoLoader":["misp-galaxy:malpedia=\"StegoLoader\""],"Stinger":["misp-galaxy:malpedia=\"Stinger\""],"Stration":["misp-galaxy:malpedia=\"Stration\""],"Stresspaint":["misp-galaxy:malpedia=\"Stresspaint\""],"StrongPity":["misp-galaxy:malpedia=\"StrongPity\"","misp-galaxy:threat-actor=\"PROMETHIUM\""],"Stuxnet":["misp-galaxy:malpedia=\"Stuxnet\"","misp-galaxy:tool=\"Stuxnet\""],"SunOrcal":["misp-galaxy:malpedia=\"SunOrcal\"","misp-galaxy:tool=\"SunOrcal\""],"Sunless":["misp-galaxy:malpedia=\"Sunless\""],"SuppoBox":["misp-galaxy:malpedia=\"SuppoBox\""],"Bayrob":["misp-galaxy:malpedia=\"SuppoBox\""],"Nivdort":["misp-galaxy:malpedia=\"SuppoBox\""],"SupremeBot":["misp-galaxy:malpedia=\"SupremeBot\""],"BlazeBot":["misp-galaxy:malpedia=\"SupremeBot\""],"Swift?":["misp-galaxy:malpedia=\"Swift?\""],"Sword":["misp-galaxy:malpedia=\"Sword\""],"SynAck":["misp-galaxy:malpedia=\"SynAck\"","misp-galaxy:mitre-malware=\"SynAck - S0242\"","misp-galaxy:ransomware=\"SynAck\""],"SynFlooder":["misp-galaxy:malpedia=\"SynFlooder\""],"SyncCrypt":["misp-galaxy:malpedia=\"SyncCrypt\"","misp-galaxy:ransomware=\"SyncCrypt\""],"Synth Loader":["misp-galaxy:malpedia=\"Synth Loader\""],"Sys10":["misp-galaxy:malpedia=\"Sys10\"","misp-galaxy:mitre-enterprise-attack-malware=\"Sys10 - S0060\"","misp-galaxy:mitre-malware=\"Sys10 - S0060\""],"SysGet":["misp-galaxy:malpedia=\"SysGet\""],"SysScan":["misp-galaxy:malpedia=\"SysScan\""],"Syscon":["misp-galaxy:malpedia=\"Syscon\""],"Sysraw Stealer":["misp-galaxy:malpedia=\"Sysraw Stealer\""],"Clipsa":["misp-galaxy:malpedia=\"Sysraw Stealer\""],"Szribi":["misp-galaxy:malpedia=\"Szribi\""],"TDTESS":["misp-galaxy:malpedia=\"TDTESS\"","misp-galaxy:mitre-enterprise-attack-malware=\"TDTESS - S0164\"","misp-galaxy:mitre-malware=\"TDTESS - S0164\""],"TURNEDUP":["misp-galaxy:malpedia=\"TURNEDUP\"","misp-galaxy:mitre-enterprise-attack-malware=\"TURNEDUP - S0199\"","misp-galaxy:mitre-malware=\"TURNEDUP - S0199\""],"TabMsgSQL":["misp-galaxy:malpedia=\"TabMsgSQL\""],"TalentRAT":["misp-galaxy:malpedia=\"TalentRAT\""],"Assassin RAT":["misp-galaxy:malpedia=\"TalentRAT\""],"Taleret":["misp-galaxy:malpedia=\"Taleret\""],"Tandfuy":["misp-galaxy:malpedia=\"Tandfuy\""],"Tapaoux":["misp-galaxy:malpedia=\"Tapaoux\"","misp-galaxy:threat-actor=\"DarkHotel\""],"Tarsip":["misp-galaxy:malpedia=\"Tarsip\""],"Tater PrivEsc":["misp-galaxy:malpedia=\"Tater PrivEsc\""],"TeamBot":["misp-galaxy:malpedia=\"TeamBot\""],"FINTEAM":["misp-galaxy:malpedia=\"TeamBot\""],"TefoSteal":["misp-galaxy:malpedia=\"TefoSteal\""],"TeleBot":["misp-galaxy:malpedia=\"TeleBot\""],"TeleDoor":["misp-galaxy:malpedia=\"TeleDoor\""],"TeleRAT":["misp-galaxy:malpedia=\"TeleRAT\""],"Tempedreve":["misp-galaxy:malpedia=\"Tempedreve\""],"TemptingCedar Spyware":["misp-galaxy:malpedia=\"TemptingCedar Spyware\""],"Terminator RAT":["misp-galaxy:malpedia=\"Terminator RAT\""],"Fakem RAT":["misp-galaxy:malpedia=\"Terminator RAT\"","misp-galaxy:tool=\"Fakem RAT\""],"Termite":["misp-galaxy:malpedia=\"Termite\""],"TeslaCrypt":["misp-galaxy:malpedia=\"TeslaCrypt\""],"cryptesla":["misp-galaxy:malpedia=\"TeslaCrypt\""],"Thanatos Ransomware":["misp-galaxy:malpedia=\"Thanatos Ransomware\""],"Thanatos":["misp-galaxy:malpedia=\"Thanatos\"","misp-galaxy:ransomware=\"Thanatos\""],"Alphabot":["misp-galaxy:malpedia=\"Thanatos\""],"ThreeByte":["misp-galaxy:malpedia=\"ThreeByte\""],"ThumbThief":["misp-galaxy:malpedia=\"ThumbThief\""],"ThunderShell":["misp-galaxy:malpedia=\"ThunderShell\""],"Thunker":["misp-galaxy:malpedia=\"Thunker\""],"Tidepool":["misp-galaxy:malpedia=\"Tidepool\""],"Illi":["misp-galaxy:malpedia=\"Tinba\""],"TinyLoader":["misp-galaxy:malpedia=\"TinyLoader\""],"TinyMet":["misp-galaxy:malpedia=\"TinyMet\""],"TiniMet":["misp-galaxy:malpedia=\"TinyMet\""],"TinyTyphon":["misp-galaxy:malpedia=\"TinyTyphon\"","misp-galaxy:tool=\"TinyTyphon\""],"TinyZ":["misp-galaxy:malpedia=\"TinyZ\""],"Catelites Android Bot":["misp-galaxy:malpedia=\"TinyZ\""],"MarsElite Android Bot":["misp-galaxy:malpedia=\"TinyZ\""],"TinyZbot":["misp-galaxy:malpedia=\"TinyZbot\""],"Tiop":["misp-galaxy:malpedia=\"Tiop\""],"Titan":["misp-galaxy:malpedia=\"Titan\""],"TorrentLocker":["misp-galaxy:malpedia=\"TorrentLocker\"","misp-galaxy:ransomware=\"TorrentLocker\""],"TreasureHunter":["misp-galaxy:malpedia=\"TreasureHunter\""],"huntpos":["misp-galaxy:malpedia=\"TreasureHunter\""],"Triada":["misp-galaxy:malpedia=\"Triada\""],"TrickBot":["misp-galaxy:malpedia=\"TrickBot\"","misp-galaxy:mitre-malware=\"TrickBot - S0266\"","misp-galaxy:tool=\"Trick Bot\""],"TheTrick":["misp-galaxy:malpedia=\"TrickBot\""],"TrickLoader":["misp-galaxy:malpedia=\"TrickBot\"","misp-galaxy:tool=\"Trick Bot\""],"Triton":["misp-galaxy:malpedia=\"Triton\""],"HatMan":["misp-galaxy:malpedia=\"Triton\""],"Trisis":["misp-galaxy:malpedia=\"Triton\""],"Trochilus RAT":["misp-galaxy:malpedia=\"Trochilus RAT\""],"Troldesh":["misp-galaxy:malpedia=\"Troldesh\""],"Shade":["misp-galaxy:malpedia=\"Troldesh\""],"Trump Bot":["misp-galaxy:malpedia=\"Trump Bot\""],"Trump Ransom":["misp-galaxy:malpedia=\"Trump Ransom\""],"Tsifiri":["misp-galaxy:malpedia=\"Tsifiri\""],"Tsunami (ELF)":["misp-galaxy:malpedia=\"Tsunami (ELF)\""],"Amnesia":["misp-galaxy:malpedia=\"Tsunami (ELF)\"","misp-galaxy:malpedia=\"Tsunami\""],"Radiation":["misp-galaxy:malpedia=\"Tsunami (ELF)\"","misp-galaxy:malpedia=\"Tsunami\""],"Tsunami (OS X)":["misp-galaxy:malpedia=\"Tsunami (OS X)\""],"Tsunami":["misp-galaxy:malpedia=\"Tsunami\""],"Turla RAT":["misp-galaxy:malpedia=\"Turla RAT\""],"TwoFace":["misp-galaxy:malpedia=\"TwoFace\"","misp-galaxy:tool=\"TwoFace\""],"HyperShell":["misp-galaxy:malpedia=\"TwoFace\""],"Tyupkin":["misp-galaxy:malpedia=\"Tyupkin\""],"UACMe":["misp-galaxy:malpedia=\"UACMe\"","misp-galaxy:mitre-enterprise-attack-tool=\"UACMe - S0116\"","misp-galaxy:mitre-tool=\"UACMe - S0116\""],"Akagi":["misp-galaxy:malpedia=\"UACMe\""],"UDPoS":["misp-galaxy:malpedia=\"UDPoS\""],"UFR Stealer":["misp-galaxy:malpedia=\"UFR Stealer\""],"Usteal":["misp-galaxy:malpedia=\"UFR Stealer\""],"UPAS":["misp-galaxy:malpedia=\"UPAS\""],"Rombrast":["misp-galaxy:malpedia=\"UPAS\""],"Uiwix":["misp-galaxy:malpedia=\"Uiwix\""],"Umbreon":["misp-galaxy:malpedia=\"Umbreon\"","misp-galaxy:mitre-enterprise-attack-malware=\"Umbreon - S0221\"","misp-galaxy:mitre-malware=\"Umbreon - S0221\"","misp-galaxy:tool=\"Umbreon\""],"Espeon":["misp-galaxy:malpedia=\"Umbreon\""],"Unidentified 001":["misp-galaxy:malpedia=\"Unidentified 001\""],"Unidentified 003":["misp-galaxy:malpedia=\"Unidentified 003\""],"Unidentified 006":["misp-galaxy:malpedia=\"Unidentified 006\""],"Unidentified 013 (Korean)":["misp-galaxy:malpedia=\"Unidentified 013 (Korean)\""],"Unidentified 020 (Vault7)":["misp-galaxy:malpedia=\"Unidentified 020 (Vault7)\""],"Unidentified 022 (Ransom)":["misp-galaxy:malpedia=\"Unidentified 022 (Ransom)\""],"Unidentified 023":["misp-galaxy:malpedia=\"Unidentified 023\""],"Unidentified 024 (Ransomware)":["misp-galaxy:malpedia=\"Unidentified 024 (Ransomware)\""],"Unidentified 025 (Clickfraud)":["misp-galaxy:malpedia=\"Unidentified 025 (Clickfraud)\""],"Unidentified 028":["misp-galaxy:malpedia=\"Unidentified 028\""],"Unidentified 029":["misp-galaxy:malpedia=\"Unidentified 029\""],"Unidentified 031":["misp-galaxy:malpedia=\"Unidentified 031\""],"Unidentified 032":["misp-galaxy:malpedia=\"Unidentified 032\""],"Unidentified 033":["misp-galaxy:malpedia=\"Unidentified 033\""],"Unidentified 035":["misp-galaxy:malpedia=\"Unidentified 035\""],"Unidentified 037":["misp-galaxy:malpedia=\"Unidentified 037\""],"Unidentified 038":["misp-galaxy:malpedia=\"Unidentified 038\""],"Unidentified 039":["misp-galaxy:malpedia=\"Unidentified 039\""],"Unidentified 041":["misp-galaxy:malpedia=\"Unidentified 041\""],"Unidentified 042":["misp-galaxy:malpedia=\"Unidentified 042\""],"Unidentified 044":["misp-galaxy:malpedia=\"Unidentified 044\""],"Unidentified 045":["misp-galaxy:malpedia=\"Unidentified 045\""],"Unidentified 046":["misp-galaxy:malpedia=\"Unidentified 046\""],"Unidentified 047":["misp-galaxy:malpedia=\"Unidentified 047\""],"Unidentified 048 (Lazarus?)":["misp-galaxy:malpedia=\"Unidentified 048 (Lazarus?)\""],"Unidentified 049 (Lazarus\/RAT)":["misp-galaxy:malpedia=\"Unidentified 049 (Lazarus\/RAT)\""],"Unidentified 050 (APT32 Profiler)":["misp-galaxy:malpedia=\"Unidentified 050 (APT32 Profiler)\""],"Unidentified 051":["misp-galaxy:malpedia=\"Unidentified 051\""],"Unidentified 052":["misp-galaxy:malpedia=\"Unidentified 052\""],"Unidentified 053 (Wonknu?)":["misp-galaxy:malpedia=\"Unidentified 053 (Wonknu?)\""],"Unidentified 055":["misp-galaxy:malpedia=\"Unidentified 055\""],"Unidentified 057":["misp-galaxy:malpedia=\"Unidentified 057\""],"Unidentified 058":["misp-galaxy:malpedia=\"Unidentified 058\""],"Unidentified APK 001":["misp-galaxy:malpedia=\"Unidentified APK 001\""],"Unidentified APK 002":["misp-galaxy:malpedia=\"Unidentified APK 002\""],"Unidentified ASP 001 (Webshell)":["misp-galaxy:malpedia=\"Unidentified ASP 001 (Webshell)\""],"Unlock92":["misp-galaxy:malpedia=\"Unlock92\""],"Upatre":["misp-galaxy:malpedia=\"Upatre\"","misp-galaxy:tool=\"Upatre\""],"Urausy":["misp-galaxy:malpedia=\"Urausy\""],"UrlZone":["misp-galaxy:malpedia=\"UrlZone\""],"Uroburos (OS X)":["misp-galaxy:malpedia=\"Uroburos (OS X)\""],"Uroburos (Windows)":["misp-galaxy:malpedia=\"Uroburos (Windows)\""],"Snake":["misp-galaxy:malpedia=\"Uroburos (Windows)\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:threat-actor=\"Turla Group\"","misp-galaxy:tool=\"Turla\""],"VMzeus":["misp-galaxy:malpedia=\"VM Zeus\""],"Zberp":["misp-galaxy:malpedia=\"VM Zeus\""],"ZeusVM":["misp-galaxy:malpedia=\"VM Zeus\""],"Catch":["misp-galaxy:malpedia=\"Vawtrak\""],"NeverQuest":["misp-galaxy:malpedia=\"Vawtrak\""],"grabnew":["misp-galaxy:malpedia=\"Vawtrak\""],"VegaLocker":["misp-galaxy:malpedia=\"VegaLocker\""],"Vega":["misp-galaxy:malpedia=\"VegaLocker\""],"Velso Ransomware":["misp-galaxy:malpedia=\"Velso Ransomware\""],"Venus Locker":["misp-galaxy:malpedia=\"Venus Locker\""],"Vermin":["misp-galaxy:malpedia=\"Vermin\""],"Vflooder":["misp-galaxy:malpedia=\"Vflooder\""],"Viper RAT":["misp-galaxy:malpedia=\"Viper RAT\""],"Vobfus":["misp-galaxy:malpedia=\"Vobfus\""],"Volgmer":["misp-galaxy:malpedia=\"Volgmer\"","misp-galaxy:mitre-enterprise-attack-malware=\"Volgmer - S0180\"","misp-galaxy:mitre-malware=\"Volgmer - S0180\"","misp-galaxy:tool=\"Volgmer\""],"FALLCHILL":["misp-galaxy:malpedia=\"Volgmer\"","misp-galaxy:mitre-enterprise-attack-malware=\"FALLCHILL - S0181\"","misp-galaxy:mitre-malware=\"FALLCHILL - S0181\"","misp-galaxy:rat=\"FALLCHILL\""],"Manuscrypt":["misp-galaxy:malpedia=\"Volgmer\""],"Vreikstadi":["misp-galaxy:malpedia=\"Vreikstadi\""],"WMI Ghost":["misp-galaxy:malpedia=\"WMI Ghost\""],"Syndicasec":["misp-galaxy:malpedia=\"WMI Ghost\""],"Wimmie":["misp-galaxy:malpedia=\"WMI Ghost\""],"WMImplant":["misp-galaxy:malpedia=\"WMImplant\""],"WSCSPL":["misp-galaxy:malpedia=\"WSCSPL\""],"WSO":["misp-galaxy:malpedia=\"WSO\""],"Webshell by Orb":["misp-galaxy:malpedia=\"WSO\""],"WallyShack":["misp-galaxy:malpedia=\"WallyShack\""],"WannaCryptor":["misp-galaxy:malpedia=\"WannaCryptor\""],"Wana Decrypt0r":["misp-galaxy:malpedia=\"WannaCryptor\""],"WannaCry":["misp-galaxy:malpedia=\"WannaCryptor\"","misp-galaxy:mitre-malware=\"WannaCry - S0366\"","misp-galaxy:ransomware=\"WannaCry\"","misp-galaxy:ransomware=\"WannaCry\""],"Wcry":["misp-galaxy:malpedia=\"WannaCryptor\""],"WaterMiner":["misp-galaxy:malpedia=\"WaterMiner\""],"WaterSpout":["misp-galaxy:malpedia=\"WaterSpout\""],"WebC2-AdSpace":["misp-galaxy:malpedia=\"WebC2-AdSpace\""],"WebC2-Ausov":["misp-galaxy:malpedia=\"WebC2-Ausov\""],"WebC2-Bolid":["misp-galaxy:malpedia=\"WebC2-Bolid\""],"WebC2-Cson":["misp-galaxy:malpedia=\"WebC2-Cson\""],"WebC2-DIV":["misp-galaxy:malpedia=\"WebC2-DIV\""],"WebC2-GreenCat":["misp-galaxy:malpedia=\"WebC2-GreenCat\""],"WebC2-Head":["misp-galaxy:malpedia=\"WebC2-Head\""],"WebC2-Kt3":["misp-galaxy:malpedia=\"WebC2-Kt3\""],"WebC2-Qbp":["misp-galaxy:malpedia=\"WebC2-Qbp\""],"WebC2-Rave":["misp-galaxy:malpedia=\"WebC2-Rave\""],"WebC2-Table":["misp-galaxy:malpedia=\"WebC2-Table\""],"WebC2-UGX":["misp-galaxy:malpedia=\"WebC2-UGX\""],"WebC2-Yahoo":["misp-galaxy:malpedia=\"WebC2-Yahoo\""],"WebMonitor RAT":["misp-galaxy:malpedia=\"WebMonitor RAT\""],"WildFire":["misp-galaxy:malpedia=\"WildFire\""],"WinMM":["misp-galaxy:malpedia=\"WinMM\"","misp-galaxy:mitre-enterprise-attack-malware=\"WinMM - S0059\"","misp-galaxy:mitre-malware=\"WinMM - S0059\""],"WinPot":["misp-galaxy:malpedia=\"WinPot\""],"ATMPot":["misp-galaxy:malpedia=\"WinPot\""],"WindTail":["misp-galaxy:malpedia=\"WindTail\""],"Winnti (OS X)":["misp-galaxy:malpedia=\"Winnti (OS X)\""],"Winnti (Windows)":["misp-galaxy:malpedia=\"Winnti (Windows)\""],"Winsloader":["misp-galaxy:malpedia=\"Winsloader\""],"Wipbot":["misp-galaxy:malpedia=\"Wipbot\"","misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"WireLurker (OS X)":["misp-galaxy:malpedia=\"WireLurker (OS X)\""],"WireLurker (iOS)":["misp-galaxy:malpedia=\"WireLurker (iOS)\""],"WireX":["misp-galaxy:malpedia=\"WireX\""],"Wirenet (ELF)":["misp-galaxy:malpedia=\"Wirenet (ELF)\""],"Wirenet (OS X)":["misp-galaxy:malpedia=\"Wirenet (OS X)\""],"WndTest":["misp-galaxy:malpedia=\"WndTest\""],"Wonknu":["misp-galaxy:malpedia=\"Wonknu\""],"Woolger":["misp-galaxy:malpedia=\"Woolger\""],"WoolenLogger":["misp-galaxy:malpedia=\"Woolger\""],"X-Agent (Android)":["misp-galaxy:malpedia=\"X-Agent (Android)\""],"Popr-d30":["misp-galaxy:malpedia=\"X-Agent (Android)\""],"X-Agent (ELF)":["misp-galaxy:malpedia=\"X-Agent (ELF)\""],"chopstick":["misp-galaxy:malpedia=\"X-Agent (ELF)\"","misp-galaxy:malpedia=\"X-Agent (Windows)\""],"fysbis":["misp-galaxy:malpedia=\"X-Agent (ELF)\""],"splm":["misp-galaxy:malpedia=\"X-Agent (ELF)\"","misp-galaxy:malpedia=\"X-Agent (Windows)\""],"X-Agent (OS X)":["misp-galaxy:malpedia=\"X-Agent (OS X)\""],"X-Agent (Windows)":["misp-galaxy:malpedia=\"X-Agent (Windows)\""],"X-Tunnel (.NET)":["misp-galaxy:malpedia=\"X-Tunnel (.NET)\""],"X-Tunnel":["misp-galaxy:malpedia=\"X-Tunnel\"","misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\"","misp-galaxy:tool=\"X-Tunnel\""],"xaps":["misp-galaxy:malpedia=\"X-Tunnel\""],"XBTL":["misp-galaxy:malpedia=\"XBTL\""],"XBot POS":["misp-galaxy:malpedia=\"XBot POS\""],"XLoader":["misp-galaxy:malpedia=\"XLoader\"","misp-galaxy:mitre-malware=\"XLoader - S0318\""],"XOR DDoS":["misp-galaxy:malpedia=\"XOR DDoS\""],"XP PrivEsc (CVE-2014-4076)":["misp-galaxy:malpedia=\"XP PrivEsc (CVE-2014-4076)\""],"XPCTRA":["misp-galaxy:malpedia=\"XPCTRA\""],"Expectra":["misp-galaxy:malpedia=\"XPCTRA\""],"XRat":["misp-galaxy:malpedia=\"XRat\""],"XSLCmd":["misp-galaxy:malpedia=\"XSLCmd\""],"Xaynnalc":["misp-galaxy:malpedia=\"Xaynnalc\""],"Xbash":["misp-galaxy:malpedia=\"Xbash\"","misp-galaxy:mitre-malware=\"Xbash - S0341\"","misp-galaxy:tool=\"Xbash\""],"Xpan":["misp-galaxy:malpedia=\"Xpan\""],"Xtreme RAT":["misp-galaxy:malpedia=\"Xtreme RAT\""],"ExtRat":["misp-galaxy:malpedia=\"Xtreme RAT\""],"Xwo":["misp-galaxy:malpedia=\"Xwo\""],"Yahoyah":["misp-galaxy:malpedia=\"Yahoyah\"","misp-galaxy:tool=\"Yahoyah\""],"YellYouth":["misp-galaxy:malpedia=\"YellYouth\""],"Yort":["misp-galaxy:malpedia=\"Yort\""],"YoungLotus":["misp-galaxy:malpedia=\"YoungLotus\""],"DarkShare":["misp-galaxy:malpedia=\"YoungLotus\""],"ZXShell":["misp-galaxy:malpedia=\"ZXShell\"","misp-galaxy:tool=\"ZXShell\""],"Sensocode":["misp-galaxy:malpedia=\"ZXShell\""],"Zebrocy (AutoIT)":["misp-galaxy:malpedia=\"Zebrocy (AutoIT)\""],"Zebrocy":["misp-galaxy:malpedia=\"Zebrocy\"","misp-galaxy:mitre-malware=\"Zebrocy - S0251\"","misp-galaxy:tool=\"Zebrocy\""],"Zekapab":["misp-galaxy:malpedia=\"Zebrocy\"","misp-galaxy:tool=\"Zebrocy\""],"Zedhou":["misp-galaxy:malpedia=\"Zedhou\""],"Zen":["misp-galaxy:malpedia=\"Zen\""],"ZeroAccess":["misp-galaxy:malpedia=\"ZeroAccess\""],"Max++":["misp-galaxy:malpedia=\"ZeroAccess\""],"Sirefef":["misp-galaxy:malpedia=\"ZeroAccess\"","misp-galaxy:tool=\"Sirefef\""],"Smiscer":["misp-galaxy:malpedia=\"ZeroAccess\""],"ZeroEvil":["misp-galaxy:malpedia=\"ZeroEvil\""],"ZeroT":["misp-galaxy:malpedia=\"ZeroT\"","misp-galaxy:mitre-enterprise-attack-malware=\"ZeroT - S0230\"","misp-galaxy:mitre-malware=\"ZeroT - S0230\"","misp-galaxy:tool=\"ZeroT\""],"Zeus MailSniffer":["misp-galaxy:malpedia=\"Zeus MailSniffer\""],"Zeus OpenSSL":["misp-galaxy:malpedia=\"Zeus OpenSSL\""],"XSphinx":["misp-galaxy:malpedia=\"Zeus OpenSSL\""],"Zezin":["misp-galaxy:malpedia=\"Zezin\""],"ZhCat":["misp-galaxy:malpedia=\"ZhCat\""],"ZhMimikatz":["misp-galaxy:malpedia=\"ZhMimikatz\""],"Zloader":["misp-galaxy:malpedia=\"Zloader\""],"DELoader":["misp-galaxy:malpedia=\"Zloader\""],"Terdot":["misp-galaxy:malpedia=\"Zloader\""],"Zollard":["misp-galaxy:malpedia=\"Zollard\""],"darlloz":["misp-galaxy:malpedia=\"Zollard\""],"ZooPark":["misp-galaxy:malpedia=\"ZooPark\"","misp-galaxy:threat-actor=\"ZooPark\""],"ZoxPNG":["misp-galaxy:malpedia=\"ZoxPNG\""],"gresim":["misp-galaxy:malpedia=\"ZoxPNG\""],"Ztorg":["misp-galaxy:malpedia=\"Ztorg\""],"Qysly":["misp-galaxy:malpedia=\"Ztorg\""],"Zyklon":["misp-galaxy:malpedia=\"Zyklon\"","misp-galaxy:ransomware=\"Zyklon\""],"abantes":["misp-galaxy:malpedia=\"abantes\""],"backspace":["misp-galaxy:malpedia=\"backspace\""],"badflick":["misp-galaxy:malpedia=\"badflick\""],"bangat":["misp-galaxy:malpedia=\"bangat\""],"beendoor":["misp-galaxy:malpedia=\"beendoor\""],"c0d0so0":["misp-galaxy:malpedia=\"c0d0so0\""],"concealment_troy":["misp-galaxy:malpedia=\"concealment_troy\""],"elf.vpnfilter":["misp-galaxy:malpedia=\"elf.vpnfilter\""],"elf.wellmess":["misp-galaxy:malpedia=\"elf.wellmess\""],"ext4":["misp-galaxy:malpedia=\"ext4\""],"gamapos":["misp-galaxy:malpedia=\"gamapos\""],"pios":["misp-galaxy:malpedia=\"gamapos\""],"gcman":["misp-galaxy:malpedia=\"gcman\""],"gsecdump":["misp-galaxy:malpedia=\"gsecdump\"","misp-galaxy:mitre-enterprise-attack-tool=\"gsecdump - S0008\"","misp-galaxy:mitre-tool=\"gsecdump - S0008\""],"himan":["misp-galaxy:malpedia=\"himan\""],"homefry":["misp-galaxy:malpedia=\"homefry\""],"htpRAT":["misp-galaxy:malpedia=\"htpRAT\"","misp-galaxy:rat=\"htpRAT\""],"http_troy":["misp-galaxy:malpedia=\"http_troy\""],"httpdropper":["misp-galaxy:malpedia=\"httpdropper\""],"httpdr0pper":["misp-galaxy:malpedia=\"httpdropper\""],"iMuler":["misp-galaxy:malpedia=\"iMuler\""],"Revir":["misp-galaxy:malpedia=\"iMuler\""],"iSpy Keylogger":["misp-galaxy:malpedia=\"iSpy Keylogger\""],"jRAT":["misp-galaxy:malpedia=\"jRAT\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"jRAT\""],"Jacksbot":["misp-galaxy:malpedia=\"jRAT\""],"jSpy":["misp-galaxy:malpedia=\"jSpy\"","misp-galaxy:rat=\"jSpy\""],"magecart":["misp-galaxy:malpedia=\"magecart\""],"mozart":["misp-galaxy:malpedia=\"mozart\""],"murkytop":["misp-galaxy:malpedia=\"murkytop\""],"nRansom":["misp-galaxy:malpedia=\"nRansom\""],"nitlove":["misp-galaxy:malpedia=\"nitlove\""],"owaauth":["misp-galaxy:malpedia=\"owaauth\""],"luckyowa":["misp-galaxy:malpedia=\"owaauth\""],"paladin":["misp-galaxy:malpedia=\"paladin\""],"parasite_http":["misp-galaxy:malpedia=\"parasite_http\""],"pgift":["misp-galaxy:malpedia=\"pgift\""],"ReRol":["misp-galaxy:malpedia=\"pgift\""],"pipcreat":["misp-galaxy:malpedia=\"pipcreat\""],"pirpi":["misp-galaxy:malpedia=\"pirpi\""],"playwork":["misp-galaxy:malpedia=\"playwork\""],"ployx":["misp-galaxy:malpedia=\"ployx\""],"pngdowner":["misp-galaxy:malpedia=\"pngdowner\"","misp-galaxy:mitre-enterprise-attack-malware=\"pngdowner - S0067\"","misp-galaxy:mitre-malware=\"pngdowner - S0067\""],"portless":["misp-galaxy:malpedia=\"portless\""],"poscardstealer":["misp-galaxy:malpedia=\"poscardstealer\""],"powerkatz":["misp-galaxy:malpedia=\"powerkatz\""],"prb_backdoor":["misp-galaxy:malpedia=\"prb_backdoor\""],"pupy (ELF)":["misp-galaxy:malpedia=\"pupy (ELF)\""],"pupy (Python)":["misp-galaxy:malpedia=\"pupy (Python)\""],"pupy (Windows)":["misp-galaxy:malpedia=\"pupy (Windows)\""],"pupy":["misp-galaxy:malpedia=\"pupy\""],"pwnpos":["misp-galaxy:malpedia=\"pwnpos\""],"r2r2":["misp-galaxy:malpedia=\"r2r2\""],"r980":["misp-galaxy:malpedia=\"r980\""],"rarstar":["misp-galaxy:malpedia=\"rarstar\""],"rdasrv":["misp-galaxy:malpedia=\"rdasrv\""],"reGeorg":["misp-galaxy:malpedia=\"reGeorg\"","misp-galaxy:tool=\"reGeorg\""],"rock":["misp-galaxy:malpedia=\"rock\""],"yellowalbatross":["misp-galaxy:malpedia=\"rock\""],"rtpos":["misp-galaxy:malpedia=\"rtpos\""],"running_rat":["misp-galaxy:malpedia=\"running_rat\""],"sLoad":["misp-galaxy:malpedia=\"sLoad\""],"scanbox":["misp-galaxy:malpedia=\"scanbox\""],"shadowhammer":["misp-galaxy:malpedia=\"shadowhammer\""],"shareip":["misp-galaxy:malpedia=\"shareip\""],"remotecmd":["misp-galaxy:malpedia=\"shareip\""],"smac":["misp-galaxy:malpedia=\"smac\""],"speccom":["misp-galaxy:malpedia=\"smac\""],"soraya":["misp-galaxy:malpedia=\"soraya\""],"sykipot":["misp-galaxy:malpedia=\"sykipot\""],"getkys":["misp-galaxy:malpedia=\"sykipot\""],"systemd":["misp-galaxy:malpedia=\"systemd\""],"tDiscoverer":["misp-galaxy:malpedia=\"tDiscoverer\""],"tRat":["misp-galaxy:malpedia=\"tRat\""],"taidoor":["misp-galaxy:malpedia=\"taidoor\""],"simbot":["misp-galaxy:malpedia=\"taidoor\""],"vSkimmer":["misp-galaxy:malpedia=\"vSkimmer\""],"vidar":["misp-galaxy:malpedia=\"vidar\""],"virdetdoor":["misp-galaxy:malpedia=\"virdetdoor\""],"w32times":["misp-galaxy:malpedia=\"w32times\""],"win.spynet_rat":["misp-galaxy:malpedia=\"win.spynet_rat\""],"win.unidentified_005":["misp-galaxy:malpedia=\"win.unidentified_005\""],"witchcoven":["misp-galaxy:malpedia=\"witchcoven\""],"woody":["misp-galaxy:malpedia=\"woody\""],"xsPlus":["misp-galaxy:malpedia=\"xsPlus\""],"nokian":["misp-galaxy:malpedia=\"xsPlus\""],"xxmm":["misp-galaxy:malpedia=\"xxmm\""],"ShadowWalker":["misp-galaxy:malpedia=\"xxmm\""],"yayih":["misp-galaxy:malpedia=\"yayih\""],"aumlib":["misp-galaxy:malpedia=\"yayih\""],"bbsinfo":["misp-galaxy:malpedia=\"yayih\""],"yty":["misp-galaxy:malpedia=\"yty\"","misp-galaxy:mitre-malware=\"yty - S0248\""],"BARIUM":["misp-galaxy:microsoft-activity-group=\"BARIUM\""],"DUBNIUM":["misp-galaxy:microsoft-activity-group=\"DUBNIUM\"","misp-galaxy:threat-actor=\"DarkHotel\""],"darkhotel":["misp-galaxy:microsoft-activity-group=\"DUBNIUM\""],"LEAD":["misp-galaxy:microsoft-activity-group=\"LEAD\""],"NEODYMIUM":["misp-galaxy:microsoft-activity-group=\"NEODYMIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"NEODYMIUM - G0055\"","misp-galaxy:mitre-intrusion-set=\"NEODYMIUM - G0055\"","misp-galaxy:threat-actor=\"NEODYMIUM\""],"PLATINUM":["misp-galaxy:microsoft-activity-group=\"PLATINUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PLATINUM - G0068\"","misp-galaxy:mitre-intrusion-set=\"PLATINUM - G0068\"","misp-galaxy:threat-actor=\"PLATINUM\""],"PROMETHIUM":["misp-galaxy:microsoft-activity-group=\"PROMETHIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PROMETHIUM - G0056\"","misp-galaxy:mitre-intrusion-set=\"PROMETHIUM - G0056\"","misp-galaxy:threat-actor=\"PROMETHIUM\""],"STRONTIUM":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"APT 28":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:threat-actor=\"Sofacy\""],"APT28":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Pawn Storm":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Fancy Bear":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Sednit":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\"","misp-galaxy:tool=\"GAMEFISH\""],"TsarTeam":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:threat-actor=\"Sofacy\""],"TG-4127":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Group-4127":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:threat-actor=\"Sofacy\""],"Grey-Cloud":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\""],"TERBIUM":["misp-galaxy:microsoft-activity-group=\"TERBIUM\"","misp-galaxy:threat-actor=\"TERBIUM\""],"ZIRCONIUM":["misp-galaxy:microsoft-activity-group=\"ZIRCONIUM\"","misp-galaxy:threat-actor=\"APT31\""],"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard":["misp-galaxy:microsoft-activity-group=\"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard\""],"C-Major":["misp-galaxy:microsoft-activity-group=\"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard\"","misp-galaxy:threat-actor=\"Operation C-Major\""],"Transparent Tribe":["misp-galaxy:microsoft-activity-group=\"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard\"","misp-galaxy:threat-actor=\"Operation C-Major\""],".bash_profile and .bashrc - T1156":["misp-galaxy:mitre-attack-pattern=\".bash_profile and .bashrc - T1156\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\".bash_profile and .bashrc - T1156\""],"Abuse Accessibility Features - T1453":["misp-galaxy:mitre-attack-pattern=\"Abuse Accessibility Features - T1453\""],"Abuse Device Administrator Access to Prevent Removal - T1401":["misp-galaxy:mitre-attack-pattern=\"Abuse Device Administrator Access to Prevent Removal - T1401\""],"Abuse of iOS Enterprise App Signing Key - T1445":["misp-galaxy:mitre-attack-pattern=\"Abuse of iOS Enterprise App Signing Key - T1445\""],"Access Calendar Entries - T1435":["misp-galaxy:mitre-attack-pattern=\"Access Calendar Entries - T1435\""],"Access Call Log - T1433":["misp-galaxy:mitre-attack-pattern=\"Access Call Log - T1433\""],"Access Contact List - T1432":["misp-galaxy:mitre-attack-pattern=\"Access Contact List - T1432\""],"Access Sensitive Data in Device Logs - T1413":["misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data in Device Logs - T1413\""],"Access Sensitive Data or Credentials in Files - T1409":["misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data or Credentials in Files - T1409\""],"Access Token Manipulation - T1134":["misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Access Token Manipulation - T1134\""],"Accessibility Features - T1015":["misp-galaxy:mitre-attack-pattern=\"Accessibility Features - T1015\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Accessibility Features - T1015\""],"Account Discovery - T1087":["misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Discovery - T1087\""],"Account Manipulation - T1098":["misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Manipulation - T1098\""],"Acquire OSINT data sets and information - T1247":["misp-galaxy:mitre-attack-pattern=\"Acquire OSINT data sets and information - T1247\""],"Acquire OSINT data sets and information - T1266":["misp-galaxy:mitre-attack-pattern=\"Acquire OSINT data sets and information - T1266\""],"Acquire OSINT data sets and information - T1277":["misp-galaxy:mitre-attack-pattern=\"Acquire OSINT data sets and information - T1277\""],"Acquire and\/or use 3rd party infrastructure services - T1307":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - T1307\""],"Acquire and\/or use 3rd party infrastructure services - T1329":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - T1329\""],"Acquire and\/or use 3rd party software services - T1308":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party software services - T1308\""],"Acquire and\/or use 3rd party software services - T1330":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party software services - T1330\""],"Acquire or compromise 3rd party signing certificates - T1310":["misp-galaxy:mitre-attack-pattern=\"Acquire or compromise 3rd party signing certificates - T1310\""],"Acquire or compromise 3rd party signing certificates - T1332":["misp-galaxy:mitre-attack-pattern=\"Acquire or compromise 3rd party signing certificates - T1332\""],"Aggregate individual's digital footprint - T1275":["misp-galaxy:mitre-attack-pattern=\"Aggregate individual's digital footprint - T1275\""],"Alternate Network Mediums - T1438":["misp-galaxy:mitre-attack-pattern=\"Alternate Network Mediums - T1438\""],"Analyze application security posture - T1293":["misp-galaxy:mitre-attack-pattern=\"Analyze application security posture - T1293\""],"Analyze architecture and configuration posture - T1288":["misp-galaxy:mitre-attack-pattern=\"Analyze architecture and configuration posture - T1288\""],"Analyze business processes - T1301":["misp-galaxy:mitre-attack-pattern=\"Analyze business processes - T1301\""],"Analyze data collected - T1287":["misp-galaxy:mitre-attack-pattern=\"Analyze data collected - T1287\""],"Analyze hardware\/software security defensive capabilities - T1294":["misp-galaxy:mitre-attack-pattern=\"Analyze hardware\/software security defensive capabilities - T1294\""],"Analyze organizational skillsets and deficiencies - T1289":["misp-galaxy:mitre-attack-pattern=\"Analyze organizational skillsets and deficiencies - T1289\""],"Analyze organizational skillsets and deficiencies - T1297":["misp-galaxy:mitre-attack-pattern=\"Analyze organizational skillsets and deficiencies - T1297\""],"Analyze organizational skillsets and deficiencies - T1300":["misp-galaxy:mitre-attack-pattern=\"Analyze organizational skillsets and deficiencies - T1300\""],"Analyze presence of outsourced capabilities - T1303":["misp-galaxy:mitre-attack-pattern=\"Analyze presence of outsourced capabilities - T1303\""],"Analyze social and business relationships, interests, and affiliations - T1295":["misp-galaxy:mitre-attack-pattern=\"Analyze social and business relationships, interests, and affiliations - T1295\""],"Android Intent Hijacking - T1416":["misp-galaxy:mitre-attack-pattern=\"Android Intent Hijacking - T1416\""],"Anonymity services - T1306":["misp-galaxy:mitre-attack-pattern=\"Anonymity services - T1306\""],"App Auto-Start at Device Boot - T1402":["misp-galaxy:mitre-attack-pattern=\"App Auto-Start at Device Boot - T1402\""],"App Delivered via Email Attachment - T1434":["misp-galaxy:mitre-attack-pattern=\"App Delivered via Email Attachment - T1434\""],"App Delivered via Web Download - T1431":["misp-galaxy:mitre-attack-pattern=\"App Delivered via Web Download - T1431\""],"AppCert DLLs - T1182":["misp-galaxy:mitre-attack-pattern=\"AppCert DLLs - T1182\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"AppCert DLLs - T1182\""],"AppInit DLLs - T1103":["misp-galaxy:mitre-attack-pattern=\"AppInit DLLs - T1103\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"AppInit DLLs - T1103\""],"AppleScript - T1155":["misp-galaxy:mitre-attack-pattern=\"AppleScript - T1155\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"AppleScript - T1155\""],"Application Deployment Software - T1017":["misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Application Deployment Software - T1017\""],"Application Discovery - T1418":["misp-galaxy:mitre-attack-pattern=\"Application Discovery - T1418\""],"Application Shimming - T1138":["misp-galaxy:mitre-attack-pattern=\"Application Shimming - T1138\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Application Shimming - T1138\""],"Application Window Discovery - T1010":["misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Application Window Discovery - T1010\""],"Assess KITs\/KIQs benefits - T1229":["misp-galaxy:mitre-attack-pattern=\"Assess KITs\/KIQs benefits - T1229\""],"Assess current holdings, needs, and wants - T1236":["misp-galaxy:mitre-attack-pattern=\"Assess current holdings, needs, and wants - T1236\""],"Assess leadership areas of interest - T1224":["misp-galaxy:mitre-attack-pattern=\"Assess leadership areas of interest - T1224\""],"Assess opportunities created by business deals - T1299":["misp-galaxy:mitre-attack-pattern=\"Assess opportunities created by business deals - T1299\""],"Assess security posture of physical locations - T1302":["misp-galaxy:mitre-attack-pattern=\"Assess security posture of physical locations - T1302\""],"Assess targeting options - T1296":["misp-galaxy:mitre-attack-pattern=\"Assess targeting options - T1296\""],"Assess vulnerability of 3rd party vendors - T1298":["misp-galaxy:mitre-attack-pattern=\"Assess vulnerability of 3rd party vendors - T1298\""],"Assign KITs, KIQs, and\/or intelligence requirements - T1238":["misp-galaxy:mitre-attack-pattern=\"Assign KITs, KIQs, and\/or intelligence requirements - T1238\""],"Assign KITs\/KIQs into categories - T1228":["misp-galaxy:mitre-attack-pattern=\"Assign KITs\/KIQs into categories - T1228\""],"Attack PC via USB Connection - T1427":["misp-galaxy:mitre-attack-pattern=\"Attack PC via USB Connection - T1427\""],"Audio Capture - T1123":["misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Audio Capture - T1123\""],"Authentication Package - T1131":["misp-galaxy:mitre-attack-pattern=\"Authentication Package - T1131\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Authentication Package - T1131\""],"Authentication attempt - T1381":["misp-galaxy:mitre-attack-pattern=\"Authentication attempt - T1381\""],"Authorized user performs requested cyber action - T1386":["misp-galaxy:mitre-attack-pattern=\"Authorized user performs requested cyber action - T1386\""],"Automated Collection - T1119":["misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Collection - T1119\""],"Automated Exfiltration - T1020":["misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\""],"Automated system performs requested action - T1384":["misp-galaxy:mitre-attack-pattern=\"Automated system performs requested action - T1384\""],"BITS Jobs - T1197":["misp-galaxy:mitre-attack-pattern=\"BITS Jobs - T1197\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"BITS Jobs - T1197\""],"Bash History - T1139":["misp-galaxy:mitre-attack-pattern=\"Bash History - T1139\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Bash History - T1139\""],"Binary Padding - T1009":["misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1009\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Binary Padding - T1009\""],"Biometric Spoofing - T1460":["misp-galaxy:mitre-attack-pattern=\"Biometric Spoofing - T1460\""],"Bootkit - T1067":["misp-galaxy:mitre-attack-pattern=\"Bootkit - T1067\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Bootkit - T1067\""],"Browser Bookmark Discovery - T1217":["misp-galaxy:mitre-attack-pattern=\"Browser Bookmark Discovery - T1217\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Browser Bookmark Discovery - T1217\""],"Browser Extensions - T1176":["misp-galaxy:mitre-attack-pattern=\"Browser Extensions - T1176\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Browser Extensions - T1176\""],"Brute Force - T1110":["misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Brute Force - T1110\""],"Build and configure delivery systems - T1347":["misp-galaxy:mitre-attack-pattern=\"Build and configure delivery systems - T1347\""],"Build or acquire exploits - T1349":["misp-galaxy:mitre-attack-pattern=\"Build or acquire exploits - T1349\""],"Build social network persona - T1341":["misp-galaxy:mitre-attack-pattern=\"Build social network persona - T1341\""],"Buy domain name - T1328":["misp-galaxy:mitre-attack-pattern=\"Buy domain name - T1328\""],"Bypass User Account Control - T1088":["misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1088\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Bypass User Account Control - T1088\""],"C2 protocol development - T1352":["misp-galaxy:mitre-attack-pattern=\"C2 protocol development - T1352\""],"CMSTP - T1191":["misp-galaxy:mitre-attack-pattern=\"CMSTP - T1191\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"CMSTP - T1191\""],"Capture Clipboard Data - T1414":["misp-galaxy:mitre-attack-pattern=\"Capture Clipboard Data - T1414\""],"Capture SMS Messages - T1412":["misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\""],"Change Default File Association - T1042":["misp-galaxy:mitre-attack-pattern=\"Change Default File Association - T1042\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Change Default File Association - T1042\""],"Choose pre-compromised mobile app developer account credentials or signing keys - T1391":["misp-galaxy:mitre-attack-pattern=\"Choose pre-compromised mobile app developer account credentials or signing keys - T1391\""],"Choose pre-compromised persona and affiliated accounts - T1343":["misp-galaxy:mitre-attack-pattern=\"Choose pre-compromised persona and affiliated accounts - T1343\""],"Clear Command History - T1146":["misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1146\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Clear Command History - T1146\""],"Clipboard Data - T1115":["misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Clipboard Data - T1115\""],"Code Signing - T1116":["misp-galaxy:mitre-attack-pattern=\"Code Signing - T1116\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Code Signing - T1116\""],"Command-Line Interface - T1059":["misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\""],"Common, high volume protocols and software - T1321":["misp-galaxy:mitre-attack-pattern=\"Common, high volume protocols and software - T1321\""],"Commonly Used Port - T1043":["misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\""],"Commonly Used Port - T1436":["misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1436\""],"Communication Through Removable Media - T1092":["misp-galaxy:mitre-attack-pattern=\"Communication Through Removable Media - T1092\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Communication Through Removable Media - T1092\""],"Compile After Delivery - T1500":["misp-galaxy:mitre-attack-pattern=\"Compile After Delivery - T1500\""],"Compiled HTML File - T1223":["misp-galaxy:mitre-attack-pattern=\"Compiled HTML File - T1223\""],"Component Firmware - T1109":["misp-galaxy:mitre-attack-pattern=\"Component Firmware - T1109\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Component Firmware - T1109\""],"Component Object Model Hijacking - T1122":["misp-galaxy:mitre-attack-pattern=\"Component Object Model Hijacking - T1122\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Component Object Model Hijacking - T1122\""],"Compromise 3rd party infrastructure to support delivery - T1312":["misp-galaxy:mitre-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - T1312\""],"Compromise 3rd party infrastructure to support delivery - T1334":["misp-galaxy:mitre-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - T1334\""],"Compromise 3rd party or closed-source vulnerability\/exploit information - T1354":["misp-galaxy:mitre-attack-pattern=\"Compromise 3rd party or closed-source vulnerability\/exploit information - T1354\""],"Compromise of externally facing system - T1388":["misp-galaxy:mitre-attack-pattern=\"Compromise of externally facing system - T1388\""],"Conduct active scanning - T1254":["misp-galaxy:mitre-attack-pattern=\"Conduct active scanning - T1254\""],"Conduct cost\/benefit analysis - T1226":["misp-galaxy:mitre-attack-pattern=\"Conduct cost\/benefit analysis - T1226\""],"Conduct passive scanning - T1253":["misp-galaxy:mitre-attack-pattern=\"Conduct passive scanning - T1253\""],"Conduct social engineering - T1249":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1249\""],"Conduct social engineering - T1268":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1268\""],"Conduct social engineering - T1279":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1279\""],"Conduct social engineering or HUMINT operation - T1376":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering or HUMINT operation - T1376\""],"Confirmation of launched compromise achieved - T1383":["misp-galaxy:mitre-attack-pattern=\"Confirmation of launched compromise achieved - T1383\""],"Connection Proxy - T1090":["misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Connection Proxy - T1090\""],"Control Panel Items - T1196":["misp-galaxy:mitre-attack-pattern=\"Control Panel Items - T1196\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Control Panel Items - T1196\""],"Create Account - T1136":["misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Create Account - T1136\""],"Create backup infrastructure - T1339":["misp-galaxy:mitre-attack-pattern=\"Create backup infrastructure - T1339\""],"Create custom payloads - T1345":["misp-galaxy:mitre-attack-pattern=\"Create custom payloads - T1345\""],"Create implementation plan - T1232":["misp-galaxy:mitre-attack-pattern=\"Create implementation plan - T1232\""],"Create infected removable media - T1355":["misp-galaxy:mitre-attack-pattern=\"Create infected removable media - T1355\""],"Create strategic plan - T1231":["misp-galaxy:mitre-attack-pattern=\"Create strategic plan - T1231\""],"Credential Dumping - T1003":["misp-galaxy:mitre-attack-pattern=\"Credential Dumping - T1003\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Credential Dumping - T1003\""],"Credential pharming - T1374":["misp-galaxy:mitre-attack-pattern=\"Credential pharming - T1374\""],"Credentials in Files - T1081":["misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Credentials in Files - T1081\""],"Credentials in Registry - T1214":["misp-galaxy:mitre-attack-pattern=\"Credentials in Registry - T1214\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Credentials in Registry - T1214\""],"Custom Command and Control Protocol - T1094":["misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Custom Command and Control Protocol - T1094\""],"Custom Cryptographic Protocol - T1024":["misp-galaxy:mitre-attack-pattern=\"Custom Cryptographic Protocol - T1024\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Custom Cryptographic Protocol - T1024\""],"DCShadow - T1207":["misp-galaxy:mitre-attack-pattern=\"DCShadow - T1207\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"DCShadow - T1207\""],"DLL Search Order Hijacking - T1038":["misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1038\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"DLL Search Order Hijacking - T1038\""],"DLL Side-Loading - T1073":["misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"DLL Side-Loading - T1073\""],"DNS poisoning - T1382":["misp-galaxy:mitre-attack-pattern=\"DNS poisoning - T1382\""],"DNSCalc - T1324":["misp-galaxy:mitre-attack-pattern=\"DNSCalc - T1324\""],"Data Compressed - T1002":["misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Compressed - T1002\""],"Data Destruction - T1485":["misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\""],"Data Encoding - T1132":["misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encoding - T1132\""],"Data Encrypted - T1022":["misp-galaxy:mitre-attack-pattern=\"Data Encrypted - T1022\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\""],"Data Encrypted for Impact - T1486":["misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\""],"Data Hiding - T1320":["misp-galaxy:mitre-attack-pattern=\"Data Hiding - T1320\""],"Data Obfuscation - T1001":["misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Obfuscation - T1001\""],"Data Staged - T1074":["misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Staged - T1074\""],"Data Transfer Size Limits - T1030":["misp-galaxy:mitre-attack-pattern=\"Data Transfer Size Limits - T1030\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Transfer Size Limits - T1030\""],"Data from Information Repositories - T1213":["misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Information Repositories - T1213\""],"Data from Local System - T1005":["misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Local System - T1005\""],"Data from Network Shared Drive - T1039":["misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Network Shared Drive - T1039\""],"Data from Removable Media - T1025":["misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Removable Media - T1025\""],"Defacement - T1491":["misp-galaxy:mitre-attack-pattern=\"Defacement - T1491\""],"Deliver Malicious App via Authorized App Store - T1475":["misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Authorized App Store - T1475\""],"Deliver Malicious App via Other Means - T1476":["misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\""],"Deobfuscate\/Decode Files or Information - T1140":["misp-galaxy:mitre-attack-pattern=\"Deobfuscate\/Decode Files or Information - T1140\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Deobfuscate\/Decode Files or Information - T1140\""],"Deploy exploit using advertising - T1380":["misp-galaxy:mitre-attack-pattern=\"Deploy exploit using advertising - T1380\""],"Derive intelligence requirements - T1230":["misp-galaxy:mitre-attack-pattern=\"Derive intelligence requirements - T1230\""],"Detect App Analysis Environment - T1440":["misp-galaxy:mitre-attack-pattern=\"Detect App Analysis Environment - T1440\""],"Determine 3rd party infrastructure services - T1260":["misp-galaxy:mitre-attack-pattern=\"Determine 3rd party infrastructure services - T1260\""],"Determine 3rd party infrastructure services - T1284":["misp-galaxy:mitre-attack-pattern=\"Determine 3rd party infrastructure services - T1284\""],"Determine approach\/attack vector - T1245":["misp-galaxy:mitre-attack-pattern=\"Determine approach\/attack vector - T1245\""],"Determine centralization of IT management - T1285":["misp-galaxy:mitre-attack-pattern=\"Determine centralization of IT management - T1285\""],"Determine domain and IP address space - T1250":["misp-galaxy:mitre-attack-pattern=\"Determine domain and IP address space - T1250\""],"Determine external network trust dependencies - T1259":["misp-galaxy:mitre-attack-pattern=\"Determine external network trust dependencies - T1259\""],"Determine firmware version - T1258":["misp-galaxy:mitre-attack-pattern=\"Determine firmware version - T1258\""],"Determine highest level tactical element - T1243":["misp-galaxy:mitre-attack-pattern=\"Determine highest level tactical element - T1243\""],"Determine operational element - T1242":["misp-galaxy:mitre-attack-pattern=\"Determine operational element - T1242\""],"Determine physical locations - T1282":["misp-galaxy:mitre-attack-pattern=\"Determine physical locations - T1282\""],"Determine secondary level tactical element - T1244":["misp-galaxy:mitre-attack-pattern=\"Determine secondary level tactical element - T1244\""],"Determine strategic target - T1241":["misp-galaxy:mitre-attack-pattern=\"Determine strategic target - T1241\""],"Develop KITs\/KIQs - T1227":["misp-galaxy:mitre-attack-pattern=\"Develop KITs\/KIQs - T1227\""],"Develop social network persona digital footprint - T1342":["misp-galaxy:mitre-attack-pattern=\"Develop social network persona digital footprint - T1342\""],"Device Type Discovery - T1419":["misp-galaxy:mitre-attack-pattern=\"Device Type Discovery - T1419\""],"Device Unlock Code Guessing or Brute Force - T1459":["misp-galaxy:mitre-attack-pattern=\"Device Unlock Code Guessing or Brute Force - T1459\""],"Disabling Security Tools - T1089":["misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Disabling Security Tools - T1089\""],"Discover new exploits and monitor exploit-provider forums - T1350":["misp-galaxy:mitre-attack-pattern=\"Discover new exploits and monitor exploit-provider forums - T1350\""],"Discover target logon\/email address format - T1255":["misp-galaxy:mitre-attack-pattern=\"Discover target logon\/email address format - T1255\""],"Disguise Root\/Jailbreak Indicators - T1408":["misp-galaxy:mitre-attack-pattern=\"Disguise Root\/Jailbreak Indicators - T1408\""],"Disk Content Wipe - T1488":["misp-galaxy:mitre-attack-pattern=\"Disk Content Wipe - T1488\""],"Disk Structure Wipe - T1487":["misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1487\""],"Disseminate removable media - T1379":["misp-galaxy:mitre-attack-pattern=\"Disseminate removable media - T1379\""],"Distribute malicious software development tools - T1394":["misp-galaxy:mitre-attack-pattern=\"Distribute malicious software development tools - T1394\""],"Distributed Component Object Model - T1175":["misp-galaxy:mitre-attack-pattern=\"Distributed Component Object Model - T1175\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Distributed Component Object Model - T1175\""],"Domain Fronting - T1172":["misp-galaxy:mitre-attack-pattern=\"Domain Fronting - T1172\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Domain Fronting - T1172\""],"Domain Generation Algorithms (DGA) - T1323":["misp-galaxy:mitre-attack-pattern=\"Domain Generation Algorithms (DGA) - T1323\""],"Domain Generation Algorithms - T1483":["misp-galaxy:mitre-attack-pattern=\"Domain Generation Algorithms - T1483\""],"Domain Trust Discovery - T1482":["misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\""],"Domain registration hijacking - T1326":["misp-galaxy:mitre-attack-pattern=\"Domain registration hijacking - T1326\""],"Downgrade to Insecure Protocols - T1466":["misp-galaxy:mitre-attack-pattern=\"Downgrade to Insecure Protocols - T1466\""],"Download New Code at Runtime - T1407":["misp-galaxy:mitre-attack-pattern=\"Download New Code at Runtime - T1407\""],"Drive-by Compromise - T1189":["misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Drive-by Compromise - T1189\""],"Drive-by Compromise - T1456":["misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1456\""],"Dumpster dive - T1286":["misp-galaxy:mitre-attack-pattern=\"Dumpster dive - T1286\""],"Dylib Hijacking - T1157":["misp-galaxy:mitre-attack-pattern=\"Dylib Hijacking - T1157\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Dylib Hijacking - T1157\""],"Dynamic DNS - T1311":["misp-galaxy:mitre-attack-pattern=\"Dynamic DNS - T1311\""],"Dynamic DNS - T1333":["misp-galaxy:mitre-attack-pattern=\"Dynamic DNS - T1333\""],"Dynamic Data Exchange - T1173":["misp-galaxy:mitre-attack-pattern=\"Dynamic Data Exchange - T1173\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Dynamic Data Exchange - T1173\""],"Eavesdrop on Insecure Network Communication - T1439":["misp-galaxy:mitre-attack-pattern=\"Eavesdrop on Insecure Network Communication - T1439\""],"Email Collection - T1114":["misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Email Collection - T1114\""],"Encrypt Files - T1471":["misp-galaxy:mitre-attack-pattern=\"Encrypt Files - T1471\""],"Encrypt Files for Ransom - T1471":["misp-galaxy:mitre-attack-pattern=\"Encrypt Files for Ransom - T1471\""],"Endpoint Denial of Service - T1499":["misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1499\""],"Enumerate client configurations - T1262":["misp-galaxy:mitre-attack-pattern=\"Enumerate client configurations - T1262\""],"Enumerate externally facing software applications technologies, languages, and dependencies - T1261":["misp-galaxy:mitre-attack-pattern=\"Enumerate externally facing software applications technologies, languages, and dependencies - T1261\""],"Execution Guardrails - T1480":["misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\""],"Execution through API - T1106":["misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Execution through API - T1106\""],"Execution through Module Load - T1129":["misp-galaxy:mitre-attack-pattern=\"Execution through Module Load - T1129\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Execution through Module Load - T1129\""],"Exfiltration Over Alternative Protocol - T1048":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\""],"Exfiltration Over Command and Control Channel - T1041":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""],"Exfiltration Over Other Network Medium - T1011":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Other Network Medium - T1011\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Other Network Medium - T1011\""],"Exfiltration Over Physical Medium - T1052":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Physical Medium - T1052\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Physical Medium - T1052\""],"Exploit Baseband Vulnerability - T1455":["misp-galaxy:mitre-attack-pattern=\"Exploit Baseband Vulnerability - T1455\""],"Exploit Enterprise Resources - T1428":["misp-galaxy:mitre-attack-pattern=\"Exploit Enterprise Resources - T1428\""],"Exploit OS Vulnerability - T1404":["misp-galaxy:mitre-attack-pattern=\"Exploit OS Vulnerability - T1404\""],"Exploit Public-Facing Application - T1190":["misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\""],"Exploit SS7 to Redirect Phone Calls\/SMS - T1449":["misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Redirect Phone Calls\/SMS - T1449\""],"Exploit SS7 to Track Device Location - T1450":["misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Track Device Location - T1450\""],"Exploit TEE Vulnerability - T1405":["misp-galaxy:mitre-attack-pattern=\"Exploit TEE Vulnerability - T1405\""],"Exploit public-facing application - T1377":["misp-galaxy:mitre-attack-pattern=\"Exploit public-facing application - T1377\""],"Exploit via Charging Station or PC - T1458":["misp-galaxy:mitre-attack-pattern=\"Exploit via Charging Station or PC - T1458\""],"Exploit via Radio Interfaces - T1477":["misp-galaxy:mitre-attack-pattern=\"Exploit via Radio Interfaces - T1477\""],"Exploitation for Client Execution - T1203":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Client Execution - T1203\""],"Exploitation for Credential Access - T1212":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Credential Access - T1212\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Credential Access - T1212\""],"Exploitation for Defense Evasion - T1211":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Defense Evasion - T1211\""],"Exploitation for Privilege Escalation - T1068":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Privilege Escalation - T1068\""],"Exploitation of Remote Services - T1210":["misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation of Remote Services - T1210\""],"External Remote Services - T1133":["misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"External Remote Services - T1133\""],"Extra Window Memory Injection - T1181":["misp-galaxy:mitre-attack-pattern=\"Extra Window Memory Injection - T1181\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Extra Window Memory Injection - T1181\""],"Fake Developer Accounts - T1442":["misp-galaxy:mitre-attack-pattern=\"Fake Developer Accounts - T1442\""],"Fallback Channels - T1008":["misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Fallback Channels - T1008\""],"Fast Flux DNS - T1325":["misp-galaxy:mitre-attack-pattern=\"Fast Flux DNS - T1325\""],"File Deletion - T1107":["misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File Deletion - T1107\""],"File Permissions Modification - T1222":["misp-galaxy:mitre-attack-pattern=\"File Permissions Modification - T1222\""],"File System Logical Offsets - T1006":["misp-galaxy:mitre-attack-pattern=\"File System Logical Offsets - T1006\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File System Logical Offsets - T1006\""],"File System Permissions Weakness - T1044":["misp-galaxy:mitre-attack-pattern=\"File System Permissions Weakness - T1044\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File System Permissions Weakness - T1044\""],"File and Directory Discovery - T1083":["misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File and Directory Discovery - T1083\""],"File and Directory Discovery - T1420":["misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\""],"Firmware Corruption - T1495":["misp-galaxy:mitre-attack-pattern=\"Firmware Corruption - T1495\""],"Forced Authentication - T1187":["misp-galaxy:mitre-attack-pattern=\"Forced Authentication - T1187\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Forced Authentication - T1187\""],"Friend\/Follow\/Connect to targets of interest - T1344":["misp-galaxy:mitre-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - T1344\""],"Friend\/Follow\/Connect to targets of interest - T1364":["misp-galaxy:mitre-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - T1364\""],"Gatekeeper Bypass - T1144":["misp-galaxy:mitre-attack-pattern=\"Gatekeeper Bypass - T1144\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Gatekeeper Bypass - T1144\""],"Generate Fraudulent Advertising Revenue - T1472":["misp-galaxy:mitre-attack-pattern=\"Generate Fraudulent Advertising Revenue - T1472\""],"Generate analyst intelligence requirements - T1234":["misp-galaxy:mitre-attack-pattern=\"Generate analyst intelligence requirements - T1234\""],"Graphical User Interface - T1061":["misp-galaxy:mitre-attack-pattern=\"Graphical User Interface - T1061\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Graphical User Interface - T1061\""],"Group Policy Modification - T1484":["misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484\""],"HISTCONTROL - T1148":["misp-galaxy:mitre-attack-pattern=\"HISTCONTROL - T1148\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"HISTCONTROL - T1148\""],"Hardware Additions - T1200":["misp-galaxy:mitre-attack-pattern=\"Hardware Additions - T1200\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hardware Additions - T1200\""],"Hardware or software supply chain implant - T1365":["misp-galaxy:mitre-attack-pattern=\"Hardware or software supply chain implant - T1365\""],"Hidden Files and Directories - T1158":["misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1158\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hidden Files and Directories - T1158\""],"Hidden Users - T1147":["misp-galaxy:mitre-attack-pattern=\"Hidden Users - T1147\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hidden Users - T1147\""],"Hidden Window - T1143":["misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1143\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hidden Window - T1143\""],"Hooking - T1179":["misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hooking - T1179\""],"Host-based hiding techniques - T1314":["misp-galaxy:mitre-attack-pattern=\"Host-based hiding techniques - T1314\""],"Human performs requested action of physical nature - T1385":["misp-galaxy:mitre-attack-pattern=\"Human performs requested action of physical nature - T1385\""],"Hypervisor - T1062":["misp-galaxy:mitre-attack-pattern=\"Hypervisor - T1062\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hypervisor - T1062\""],"Identify analyst level gaps - T1233":["misp-galaxy:mitre-attack-pattern=\"Identify analyst level gaps - T1233\""],"Identify business processes\/tempo - T1280":["misp-galaxy:mitre-attack-pattern=\"Identify business processes\/tempo - T1280\""],"Identify business relationships - T1272":["misp-galaxy:mitre-attack-pattern=\"Identify business relationships - T1272\""],"Identify business relationships - T1283":["misp-galaxy:mitre-attack-pattern=\"Identify business relationships - T1283\""],"Identify gap areas - T1225":["misp-galaxy:mitre-attack-pattern=\"Identify gap areas - T1225\""],"Identify groups\/roles - T1270":["misp-galaxy:mitre-attack-pattern=\"Identify groups\/roles - T1270\""],"Identify job postings and needs\/gaps - T1248":["misp-galaxy:mitre-attack-pattern=\"Identify job postings and needs\/gaps - T1248\""],"Identify job postings and needs\/gaps - T1267":["misp-galaxy:mitre-attack-pattern=\"Identify job postings and needs\/gaps - T1267\""],"Identify job postings and needs\/gaps - T1278":["misp-galaxy:mitre-attack-pattern=\"Identify job postings and needs\/gaps - T1278\""],"Identify people of interest - T1269":["misp-galaxy:mitre-attack-pattern=\"Identify people of interest - T1269\""],"Identify personnel with an authority\/privilege - T1271":["misp-galaxy:mitre-attack-pattern=\"Identify personnel with an authority\/privilege - T1271\""],"Identify resources required to build capabilities - T1348":["misp-galaxy:mitre-attack-pattern=\"Identify resources required to build capabilities - T1348\""],"Identify security defensive capabilities - T1263":["misp-galaxy:mitre-attack-pattern=\"Identify security defensive capabilities - T1263\""],"Identify sensitive personnel information - T1274":["misp-galaxy:mitre-attack-pattern=\"Identify sensitive personnel information - T1274\""],"Identify supply chains - T1246":["misp-galaxy:mitre-attack-pattern=\"Identify supply chains - T1246\""],"Identify supply chains - T1265":["misp-galaxy:mitre-attack-pattern=\"Identify supply chains - T1265\""],"Identify supply chains - T1276":["misp-galaxy:mitre-attack-pattern=\"Identify supply chains - T1276\""],"Identify technology usage patterns - T1264":["misp-galaxy:mitre-attack-pattern=\"Identify technology usage patterns - T1264\""],"Identify vulnerabilities in third-party software libraries - T1389":["misp-galaxy:mitre-attack-pattern=\"Identify vulnerabilities in third-party software libraries - T1389\""],"Identify web defensive services - T1256":["misp-galaxy:mitre-attack-pattern=\"Identify web defensive services - T1256\""],"Image File Execution Options Injection - T1183":["misp-galaxy:mitre-attack-pattern=\"Image File Execution Options Injection - T1183\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Image File Execution Options Injection - T1183\""],"Indicator Blocking - T1054":["misp-galaxy:mitre-attack-pattern=\"Indicator Blocking - T1054\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indicator Blocking - T1054\""],"Indicator Removal from Tools - T1066":["misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1066\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indicator Removal from Tools - T1066\""],"Indicator Removal on Host - T1070":["misp-galaxy:mitre-attack-pattern=\"Indicator Removal on Host - T1070\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indicator Removal on Host - T1070\""],"Indirect Command Execution - T1202":["misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indirect Command Execution - T1202\""],"Inhibit System Recovery - T1490":["misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\""],"Input Capture - T1056":["misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Input Capture - T1056\""],"Input Prompt - T1141":["misp-galaxy:mitre-attack-pattern=\"Input Prompt - T1141\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Input Prompt - T1141\""],"Insecure Third-Party Libraries - T1425":["misp-galaxy:mitre-attack-pattern=\"Insecure Third-Party Libraries - T1425\""],"Install Insecure or Malicious Configuration - T1478":["misp-galaxy:mitre-attack-pattern=\"Install Insecure or Malicious Configuration - T1478\""],"Install Root Certificate - T1130":["misp-galaxy:mitre-attack-pattern=\"Install Root Certificate - T1130\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Install Root Certificate - T1130\""],"Install and configure hardware, network, and systems - T1336":["misp-galaxy:mitre-attack-pattern=\"Install and configure hardware, network, and systems - T1336\""],"InstallUtil - T1118":["misp-galaxy:mitre-attack-pattern=\"InstallUtil - T1118\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"InstallUtil - T1118\""],"Jamming or Denial of Service - T1464":["misp-galaxy:mitre-attack-pattern=\"Jamming or Denial of Service - T1464\""],"Kerberoasting - T1208":["misp-galaxy:mitre-attack-pattern=\"Kerberoasting - T1208\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Kerberoasting - T1208\""],"Kernel Modules and Extensions - T1215":["misp-galaxy:mitre-attack-pattern=\"Kernel Modules and Extensions - T1215\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Kernel Modules and Extensions - T1215\""],"Keychain - T1142":["misp-galaxy:mitre-attack-pattern=\"Keychain - T1142\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Keychain - T1142\""],"LC_LOAD_DYLIB Addition - T1161":["misp-galaxy:mitre-attack-pattern=\"LC_LOAD_DYLIB Addition - T1161\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LC_LOAD_DYLIB Addition - T1161\""],"LC_MAIN Hijacking - T1149":["misp-galaxy:mitre-attack-pattern=\"LC_MAIN Hijacking - T1149\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LC_MAIN Hijacking - T1149\""],"LLMNR\/NBT-NS Poisoning - T1171":["misp-galaxy:mitre-attack-pattern=\"LLMNR\/NBT-NS Poisoning - T1171\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LLMNR\/NBT-NS Poisoning - T1171\""],"LLMNR\/NBT-NS Poisoning and Relay - T1171":["misp-galaxy:mitre-attack-pattern=\"LLMNR\/NBT-NS Poisoning and Relay - T1171\""],"LSASS Driver - T1177":["misp-galaxy:mitre-attack-pattern=\"LSASS Driver - T1177\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LSASS Driver - T1177\""],"Launch Agent - T1159":["misp-galaxy:mitre-attack-pattern=\"Launch Agent - T1159\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Launch Agent - T1159\""],"Launch Daemon - T1160":["misp-galaxy:mitre-attack-pattern=\"Launch Daemon - T1160\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Launch Daemon - T1160\""],"Launchctl - T1152":["misp-galaxy:mitre-attack-pattern=\"Launchctl - T1152\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Launchctl - T1152\""],"Leverage compromised 3rd party resources - T1375":["misp-galaxy:mitre-attack-pattern=\"Leverage compromised 3rd party resources - T1375\""],"Local Job Scheduling - T1168":["misp-galaxy:mitre-attack-pattern=\"Local Job Scheduling - T1168\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Local Job Scheduling - T1168\""],"Local Network Configuration Discovery - T1422":["misp-galaxy:mitre-attack-pattern=\"Local Network Configuration Discovery - T1422\""],"Local Network Connections Discovery - T1421":["misp-galaxy:mitre-attack-pattern=\"Local Network Connections Discovery - T1421\""],"Location Tracking - T1430":["misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\""],"Lock User Out of Device - T1446":["misp-galaxy:mitre-attack-pattern=\"Lock User Out of Device - T1446\""],"Lockscreen Bypass - T1461":["misp-galaxy:mitre-attack-pattern=\"Lockscreen Bypass - T1461\""],"Login Item - T1162":["misp-galaxy:mitre-attack-pattern=\"Login Item - T1162\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Login Item - T1162\""],"Logon Scripts - T1037":["misp-galaxy:mitre-attack-pattern=\"Logon Scripts - T1037\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Logon Scripts - T1037\""],"Malicious Media Content - T1457":["misp-galaxy:mitre-attack-pattern=\"Malicious Media Content - T1457\""],"Malicious SMS Message - T1454":["misp-galaxy:mitre-attack-pattern=\"Malicious SMS Message - T1454\""],"Malicious Software Development Tools - T1462":["misp-galaxy:mitre-attack-pattern=\"Malicious Software Development Tools - T1462\""],"Malicious Third Party Keyboard App - T1417":["misp-galaxy:mitre-attack-pattern=\"Malicious Third Party Keyboard App - T1417\""],"Malicious or Vulnerable Built-in Device Functionality - T1473":["misp-galaxy:mitre-attack-pattern=\"Malicious or Vulnerable Built-in Device Functionality - T1473\""],"Man in the Browser - T1185":["misp-galaxy:mitre-attack-pattern=\"Man in the Browser - T1185\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Man in the Browser - T1185\""],"Manipulate App Store Rankings or Ratings - T1452":["misp-galaxy:mitre-attack-pattern=\"Manipulate App Store Rankings or Ratings - T1452\""],"Manipulate Device Communication - T1463":["misp-galaxy:mitre-attack-pattern=\"Manipulate Device Communication - T1463\""],"Map network topology - T1252":["misp-galaxy:mitre-attack-pattern=\"Map network topology - T1252\""],"Masquerading - T1036":["misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Masquerading - T1036\""],"Microphone or Camera Recordings - T1429":["misp-galaxy:mitre-attack-pattern=\"Microphone or Camera Recordings - T1429\""],"Mine social media - T1273":["misp-galaxy:mitre-attack-pattern=\"Mine social media - T1273\""],"Mine technical blogs\/forums - T1257":["misp-galaxy:mitre-attack-pattern=\"Mine technical blogs\/forums - T1257\""],"Misattributable credentials - T1322":["misp-galaxy:mitre-attack-pattern=\"Misattributable credentials - T1322\""],"Modify Existing Service - T1031":["misp-galaxy:mitre-attack-pattern=\"Modify Existing Service - T1031\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Modify Existing Service - T1031\""],"Modify OS Kernel or Boot Partition - T1398":["misp-galaxy:mitre-attack-pattern=\"Modify OS Kernel or Boot Partition - T1398\""],"Modify Registry - T1112":["misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Modify Registry - T1112\""],"Modify System Partition - T1400":["misp-galaxy:mitre-attack-pattern=\"Modify System Partition - T1400\""],"Modify Trusted Execution Environment - T1399":["misp-galaxy:mitre-attack-pattern=\"Modify Trusted Execution Environment - T1399\""],"Modify cached executable code - T1403":["misp-galaxy:mitre-attack-pattern=\"Modify cached executable code - T1403\""],"Mshta - T1170":["misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Mshta - T1170\""],"Multi-Stage Channels - T1104":["misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multi-Stage Channels - T1104\""],"Multi-hop Proxy - T1188":["misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1188\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multi-hop Proxy - T1188\""],"Multiband Communication - T1026":["misp-galaxy:mitre-attack-pattern=\"Multiband Communication - T1026\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multiband Communication - T1026\""],"Multilayer Encryption - T1079":["misp-galaxy:mitre-attack-pattern=\"Multilayer Encryption - T1079\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multilayer Encryption - T1079\""],"NTFS File Attributes - T1096":["misp-galaxy:mitre-attack-pattern=\"NTFS File Attributes - T1096\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"NTFS File Attributes - T1096\""],"Netsh Helper DLL - T1128":["misp-galaxy:mitre-attack-pattern=\"Netsh Helper DLL - T1128\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Netsh Helper DLL - T1128\""],"Network Denial of Service - T1498":["misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\""],"Network Service Scanning - T1046":["misp-galaxy:mitre-attack-pattern=\"Network Service Scanning - T1046\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Service Scanning - T1046\""],"Network Service Scanning - T1423":["misp-galaxy:mitre-attack-pattern=\"Network Service Scanning - T1423\""],"Network Share Connection Removal - T1126":["misp-galaxy:mitre-attack-pattern=\"Network Share Connection Removal - T1126\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Share Connection Removal - T1126\""],"Network Share Discovery - T1135":["misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Share Discovery - T1135\""],"Network Sniffing - T1040":["misp-galaxy:mitre-attack-pattern=\"Network Sniffing - T1040\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Sniffing - T1040\""],"Network Traffic Capture or Redirection - T1410":["misp-galaxy:mitre-attack-pattern=\"Network Traffic Capture or Redirection - T1410\""],"Network-based hiding techniques - T1315":["misp-galaxy:mitre-attack-pattern=\"Network-based hiding techniques - T1315\""],"New Service - T1050":["misp-galaxy:mitre-attack-pattern=\"New Service - T1050\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""],"Non-traditional or less attributable payment options - T1316":["misp-galaxy:mitre-attack-pattern=\"Non-traditional or less attributable payment options - T1316\""],"OS-vendor provided communication channels - T1390":["misp-galaxy:mitre-attack-pattern=\"OS-vendor provided communication channels - T1390\""],"Obfuscate infrastructure - T1309":["misp-galaxy:mitre-attack-pattern=\"Obfuscate infrastructure - T1309\""],"Obfuscate infrastructure - T1331":["misp-galaxy:mitre-attack-pattern=\"Obfuscate infrastructure - T1331\""],"Obfuscate operational infrastructure - T1318":["misp-galaxy:mitre-attack-pattern=\"Obfuscate operational infrastructure - T1318\""],"Obfuscate or encrypt code - T1319":["misp-galaxy:mitre-attack-pattern=\"Obfuscate or encrypt code - T1319\""],"Obfuscated Files or Information - T1027":["misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Obfuscated Files or Information - T1027\""],"Obfuscated Files or Information - T1406":["misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\""],"Obfuscated or Encrypted Payload - T1406":["misp-galaxy:mitre-attack-pattern=\"Obfuscated or Encrypted Payload - T1406\""],"Obfuscation or cryptography - T1313":["misp-galaxy:mitre-attack-pattern=\"Obfuscation or cryptography - T1313\""],"Obtain Apple iOS enterprise distribution key pair and certificate - T1392":["misp-galaxy:mitre-attack-pattern=\"Obtain Apple iOS enterprise distribution key pair and certificate - T1392\""],"Obtain Device Cloud Backups - T1470":["misp-galaxy:mitre-attack-pattern=\"Obtain Device Cloud Backups - T1470\""],"Obtain booter\/stressor subscription - T1396":["misp-galaxy:mitre-attack-pattern=\"Obtain booter\/stressor subscription - T1396\""],"Obtain domain\/IP registration information - T1251":["misp-galaxy:mitre-attack-pattern=\"Obtain domain\/IP registration information - T1251\""],"Obtain templates\/branding materials - T1281":["misp-galaxy:mitre-attack-pattern=\"Obtain templates\/branding materials - T1281\""],"Obtain\/re-use payloads - T1346":["misp-galaxy:mitre-attack-pattern=\"Obtain\/re-use payloads - T1346\""],"Office Application Startup - T1137":["misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Office Application Startup - T1137\""],"Pass the Hash - T1075":["misp-galaxy:mitre-attack-pattern=\"Pass the Hash - T1075\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Pass the Hash - T1075\""],"Pass the Ticket - T1097":["misp-galaxy:mitre-attack-pattern=\"Pass the Ticket - T1097\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Pass the Ticket - T1097\""],"Password Filter DLL - T1174":["misp-galaxy:mitre-attack-pattern=\"Password Filter DLL - T1174\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Password Filter DLL - T1174\""],"Password Policy Discovery - T1201":["misp-galaxy:mitre-attack-pattern=\"Password Policy Discovery - T1201\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Password Policy Discovery - T1201\""],"Path Interception - T1034":["misp-galaxy:mitre-attack-pattern=\"Path Interception - T1034\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Path Interception - T1034\""],"Peripheral Device Discovery - T1120":["misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Peripheral Device Discovery - T1120\""],"Permission Groups Discovery - T1069":["misp-galaxy:mitre-attack-pattern=\"Permission Groups Discovery - T1069\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Permission Groups Discovery - T1069\""],"Plist Modification - T1150":["misp-galaxy:mitre-attack-pattern=\"Plist Modification - T1150\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Plist Modification - T1150\""],"Port Knocking - T1205":["misp-galaxy:mitre-attack-pattern=\"Port Knocking - T1205\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Port Knocking - T1205\""],"Port Monitors - T1013":["misp-galaxy:mitre-attack-pattern=\"Port Monitors - T1013\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Port Monitors - T1013\""],"Port redirector - T1363":["misp-galaxy:mitre-attack-pattern=\"Port redirector - T1363\""],"Post compromise tool development - T1353":["misp-galaxy:mitre-attack-pattern=\"Post compromise tool development - T1353\""],"PowerShell - T1086":["misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\""],"Premium SMS Toll Fraud - T1448":["misp-galaxy:mitre-attack-pattern=\"Premium SMS Toll Fraud - T1448\""],"Private Keys - T1145":["misp-galaxy:mitre-attack-pattern=\"Private Keys - T1145\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Private Keys - T1145\""],"Private whois services - T1305":["misp-galaxy:mitre-attack-pattern=\"Private whois services - T1305\""],"Process Discovery - T1057":["misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Discovery - T1057\""],"Process Discovery - T1424":["misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1424\""],"Process Doppelg\u00e4nging - T1186":["misp-galaxy:mitre-attack-pattern=\"Process Doppelg\u00e4nging - T1186\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Doppelg\u00e4nging - T1186\""],"Process Hollowing - T1093":["misp-galaxy:mitre-attack-pattern=\"Process Hollowing - T1093\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Hollowing - T1093\""],"Process Injection - T1055":["misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Injection - T1055\""],"Procure required equipment and software - T1335":["misp-galaxy:mitre-attack-pattern=\"Procure required equipment and software - T1335\""],"Proxy\/protocol relays - T1304":["misp-galaxy:mitre-attack-pattern=\"Proxy\/protocol relays - T1304\""],"Push-notification client-side exploit - T1373":["misp-galaxy:mitre-attack-pattern=\"Push-notification client-side exploit - T1373\""],"Query Registry - T1012":["misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Query Registry - T1012\""],"Rc.common - T1163":["misp-galaxy:mitre-attack-pattern=\"Rc.common - T1163\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Rc.common - T1163\""],"Re-opened Applications - T1164":["misp-galaxy:mitre-attack-pattern=\"Re-opened Applications - T1164\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Re-opened Applications - T1164\""],"Receive KITs\/KIQs and determine requirements - T1239":["misp-galaxy:mitre-attack-pattern=\"Receive KITs\/KIQs and determine requirements - T1239\""],"Receive operator KITs\/KIQs tasking - T1235":["misp-galaxy:mitre-attack-pattern=\"Receive operator KITs\/KIQs tasking - T1235\""],"Redundant Access - T1108":["misp-galaxy:mitre-attack-pattern=\"Redundant Access - T1108\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Redundant Access - T1108\""],"Registry Run Keys \/ Startup Folder - T1060":["misp-galaxy:mitre-attack-pattern=\"Registry Run Keys \/ Startup Folder - T1060\""],"Regsvcs\/Regasm - T1121":["misp-galaxy:mitre-attack-pattern=\"Regsvcs\/Regasm - T1121\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Regsvcs\/Regasm - T1121\""],"Regsvr32 - T1117":["misp-galaxy:mitre-attack-pattern=\"Regsvr32 - T1117\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Regsvr32 - T1117\""],"Remote Access Tools - T1219":["misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote Access Tools - T1219\""],"Remote Desktop Protocol - T1076":["misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1076\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote Desktop Protocol - T1076\""],"Remote File Copy - T1105":["misp-galaxy:mitre-attack-pattern=\"Remote File Copy - T1105\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote File Copy - T1105\""],"Remote Services - T1021":["misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote Services - T1021\""],"Remote System Discovery - T1018":["misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote System Discovery - T1018\""],"Remote access tool development - T1351":["misp-galaxy:mitre-attack-pattern=\"Remote access tool development - T1351\""],"Remotely Install Application - T1443":["misp-galaxy:mitre-attack-pattern=\"Remotely Install Application - T1443\""],"Remotely Track Device Without Authorization - T1468":["misp-galaxy:mitre-attack-pattern=\"Remotely Track Device Without Authorization - T1468\""],"Remotely Wipe Data Without Authorization - T1469":["misp-galaxy:mitre-attack-pattern=\"Remotely Wipe Data Without Authorization - T1469\""],"Repackaged Application - T1444":["misp-galaxy:mitre-attack-pattern=\"Repackaged Application - T1444\""],"Replace legitimate binary with malware - T1378":["misp-galaxy:mitre-attack-pattern=\"Replace legitimate binary with malware - T1378\""],"Replication Through Removable Media - T1091":["misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Replication Through Removable Media - T1091\""],"Research relevant vulnerabilities\/CVEs - T1291":["misp-galaxy:mitre-attack-pattern=\"Research relevant vulnerabilities\/CVEs - T1291\""],"Research visibility gap of security vendors - T1290":["misp-galaxy:mitre-attack-pattern=\"Research visibility gap of security vendors - T1290\""],"Resource Hijacking - T1496":["misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\""],"Review logs and residual traces - T1358":["misp-galaxy:mitre-attack-pattern=\"Review logs and residual traces - T1358\""],"Rogue Cellular Base Station - T1467":["misp-galaxy:mitre-attack-pattern=\"Rogue Cellular Base Station - T1467\""],"Rogue Wi-Fi Access Points - T1465":["misp-galaxy:mitre-attack-pattern=\"Rogue Wi-Fi Access Points - T1465\""],"Rootkit - T1014":["misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Rootkit - T1014\""],"Rundll32 - T1085":["misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Rundll32 - T1085\""],"Runtime Data Manipulation - T1494":["misp-galaxy:mitre-attack-pattern=\"Runtime Data Manipulation - T1494\""],"Runtime code download and execution - T1395":["misp-galaxy:mitre-attack-pattern=\"Runtime code download and execution - T1395\""],"SID-History Injection - T1178":["misp-galaxy:mitre-attack-pattern=\"SID-History Injection - T1178\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"SID-History Injection - T1178\""],"SIM Card Swap - T1451":["misp-galaxy:mitre-attack-pattern=\"SIM Card Swap - T1451\""],"SIP and Trust Provider Hijacking - T1198":["misp-galaxy:mitre-attack-pattern=\"SIP and Trust Provider Hijacking - T1198\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"SIP and Trust Provider Hijacking - T1198\""],"SSH Hijacking - T1184":["misp-galaxy:mitre-attack-pattern=\"SSH Hijacking - T1184\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"SSH Hijacking - T1184\""],"SSL certificate acquisition for domain - T1337":["misp-galaxy:mitre-attack-pattern=\"SSL certificate acquisition for domain - T1337\""],"SSL certificate acquisition for trust breaking - T1338":["misp-galaxy:mitre-attack-pattern=\"SSL certificate acquisition for trust breaking - T1338\""],"Scheduled Task - T1053":["misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scheduled Task - T1053\""],"Scheduled Transfer - T1029":["misp-galaxy:mitre-attack-pattern=\"Scheduled Transfer - T1029\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scheduled Transfer - T1029\""],"Screen Capture - T1113":["misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Screen Capture - T1113\""],"Screensaver - T1180":["misp-galaxy:mitre-attack-pattern=\"Screensaver - T1180\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Screensaver - T1180\""],"Scripting - T1064":["misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\""],"Secure and protect infrastructure - T1317":["misp-galaxy:mitre-attack-pattern=\"Secure and protect infrastructure - T1317\""],"Security Software Discovery - T1063":["misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1063\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Security Software Discovery - T1063\""],"Security Support Provider - T1101":["misp-galaxy:mitre-attack-pattern=\"Security Support Provider - T1101\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Security Support Provider - T1101\""],"Securityd Memory - T1167":["misp-galaxy:mitre-attack-pattern=\"Securityd Memory - T1167\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Securityd Memory - T1167\""],"Service Execution - T1035":["misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Service Execution - T1035\""],"Service Registry Permissions Weakness - T1058":["misp-galaxy:mitre-attack-pattern=\"Service Registry Permissions Weakness - T1058\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Service Registry Permissions Weakness - T1058\""],"Service Stop - T1489":["misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\""],"Setuid and Setgid - T1166":["misp-galaxy:mitre-attack-pattern=\"Setuid and Setgid - T1166\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Setuid and Setgid - T1166\""],"Shadow DNS - T1340":["misp-galaxy:mitre-attack-pattern=\"Shadow DNS - T1340\""],"Shared Webroot - T1051":["misp-galaxy:mitre-attack-pattern=\"Shared Webroot - T1051\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Shared Webroot - T1051\""],"Shortcut Modification - T1023":["misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1023\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Shortcut Modification - T1023\""],"Signed Binary Proxy Execution - T1218":["misp-galaxy:mitre-attack-pattern=\"Signed Binary Proxy Execution - T1218\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Signed Binary Proxy Execution - T1218\""],"Signed Script Proxy Execution - T1216":["misp-galaxy:mitre-attack-pattern=\"Signed Script Proxy Execution - T1216\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Signed Script Proxy Execution - T1216\""],"Software Packing - T1045":["misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Software Packing - T1045\""],"Source - T1153":["misp-galaxy:mitre-attack-pattern=\"Source - T1153\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Source - T1153\""],"Space after Filename - T1151":["misp-galaxy:mitre-attack-pattern=\"Space after Filename - T1151\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Space after Filename - T1151\""],"Spear phishing messages with malicious attachments - T1367":["misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with malicious attachments - T1367\""],"Spear phishing messages with malicious links - T1369":["misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with malicious links - T1369\""],"Spear phishing messages with text only - T1368":["misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with text only - T1368\""],"Spearphishing Attachment - T1193":["misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""],"Spearphishing Link - T1192":["misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Link - T1192\""],"Spearphishing for Information - T1397":["misp-galaxy:mitre-attack-pattern=\"Spearphishing for Information - T1397\""],"Spearphishing via Service - T1194":["misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing via Service - T1194\""],"Standard Application Layer Protocol - T1071":["misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\""],"Standard Application Layer Protocol - T1437":["misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1437\""],"Standard Cryptographic Protocol - T1032":["misp-galaxy:mitre-attack-pattern=\"Standard Cryptographic Protocol - T1032\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Cryptographic Protocol - T1032\""],"Standard Non-Application Layer Protocol - T1095":["misp-galaxy:mitre-attack-pattern=\"Standard Non-Application Layer Protocol - T1095\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Non-Application Layer Protocol - T1095\""],"Startup Items - T1165":["misp-galaxy:mitre-attack-pattern=\"Startup Items - T1165\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Startup Items - T1165\""],"Stolen Developer Credentials or Signing Keys - T1441":["misp-galaxy:mitre-attack-pattern=\"Stolen Developer Credentials or Signing Keys - T1441\""],"Stored Data Manipulation - T1492":["misp-galaxy:mitre-attack-pattern=\"Stored Data Manipulation - T1492\""],"Submit KITs, KIQs, and intelligence requirements - T1237":["misp-galaxy:mitre-attack-pattern=\"Submit KITs, KIQs, and intelligence requirements - T1237\""],"Sudo - T1169":["misp-galaxy:mitre-attack-pattern=\"Sudo - T1169\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Sudo - T1169\""],"Sudo Caching - T1206":["misp-galaxy:mitre-attack-pattern=\"Sudo Caching - T1206\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Sudo Caching - T1206\""],"Supply Chain Compromise - T1195":["misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Supply Chain Compromise - T1195\""],"Supply Chain Compromise - T1474":["misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1474\""],"System Firmware - T1019":["misp-galaxy:mitre-attack-pattern=\"System Firmware - T1019\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Firmware - T1019\""],"System Information Discovery - T1082":["misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\""],"System Information Discovery - T1426":["misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\""],"System Network Configuration Discovery - T1016":["misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\""],"System Network Configuration Discovery - T1422":["misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\""],"System Network Connections Discovery - T1049":["misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Connections Discovery - T1049\""],"System Network Connections Discovery - T1421":["misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1421\""],"System Owner\/User Discovery - T1033":["misp-galaxy:mitre-attack-pattern=\"System Owner\/User Discovery - T1033\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Owner\/User Discovery - T1033\""],"System Service Discovery - T1007":["misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Service Discovery - T1007\""],"System Time Discovery - T1124":["misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Time Discovery - T1124\""],"Systemd Service - T1501":["misp-galaxy:mitre-attack-pattern=\"Systemd Service - T1501\""],"Taint Shared Content - T1080":["misp-galaxy:mitre-attack-pattern=\"Taint Shared Content - T1080\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Taint Shared Content - T1080\""],"Targeted client-side exploitation - T1371":["misp-galaxy:mitre-attack-pattern=\"Targeted client-side exploitation - T1371\""],"Targeted social media phishing - T1366":["misp-galaxy:mitre-attack-pattern=\"Targeted social media phishing - T1366\""],"Task requirements - T1240":["misp-galaxy:mitre-attack-pattern=\"Task requirements - T1240\""],"Template Injection - T1221":["misp-galaxy:mitre-attack-pattern=\"Template Injection - T1221\""],"Test ability to evade automated mobile application security analysis performed by app stores - T1393":["misp-galaxy:mitre-attack-pattern=\"Test ability to evade automated mobile application security analysis performed by app stores - T1393\""],"Test callback functionality - T1356":["misp-galaxy:mitre-attack-pattern=\"Test callback functionality - T1356\""],"Test malware in various execution environments - T1357":["misp-galaxy:mitre-attack-pattern=\"Test malware in various execution environments - T1357\""],"Test malware to evade detection - T1359":["misp-galaxy:mitre-attack-pattern=\"Test malware to evade detection - T1359\""],"Test physical access - T1360":["misp-galaxy:mitre-attack-pattern=\"Test physical access - T1360\""],"Test signature detection - T1292":["misp-galaxy:mitre-attack-pattern=\"Test signature detection - T1292\""],"Test signature detection for file upload\/email filters - T1361":["misp-galaxy:mitre-attack-pattern=\"Test signature detection for file upload\/email filters - T1361\""],"Third-party Software - T1072":["misp-galaxy:mitre-attack-pattern=\"Third-party Software - T1072\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Third-party Software - T1072\""],"Time Providers - T1209":["misp-galaxy:mitre-attack-pattern=\"Time Providers - T1209\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Time Providers - T1209\""],"Timestomp - T1099":["misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Timestomp - T1099\""],"Transmitted Data Manipulation - T1493":["misp-galaxy:mitre-attack-pattern=\"Transmitted Data Manipulation - T1493\""],"Trap - T1154":["misp-galaxy:mitre-attack-pattern=\"Trap - T1154\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Trap - T1154\""],"Trusted Developer Utilities - T1127":["misp-galaxy:mitre-attack-pattern=\"Trusted Developer Utilities - T1127\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Trusted Developer Utilities - T1127\""],"Trusted Relationship - T1199":["misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Trusted Relationship - T1199\""],"Two-Factor Authentication Interception - T1111":["misp-galaxy:mitre-attack-pattern=\"Two-Factor Authentication Interception - T1111\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Two-Factor Authentication Interception - T1111\""],"URL Scheme Hijacking - T1415":["misp-galaxy:mitre-attack-pattern=\"URL Scheme Hijacking - T1415\""],"Unauthorized user introduces compromise delivery mechanism - T1387":["misp-galaxy:mitre-attack-pattern=\"Unauthorized user introduces compromise delivery mechanism - T1387\""],"Uncommonly Used Port - T1065":["misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Uncommonly Used Port - T1065\""],"Unconditional client-side exploitation\/Injected Website\/Driveby - T1372":["misp-galaxy:mitre-attack-pattern=\"Unconditional client-side exploitation\/Injected Website\/Driveby - T1372\""],"Untargeted client-side exploitation - T1370":["misp-galaxy:mitre-attack-pattern=\"Untargeted client-side exploitation - T1370\""],"Upload, install, and configure software\/tools - T1362":["misp-galaxy:mitre-attack-pattern=\"Upload, install, and configure software\/tools - T1362\""],"Use multiple DNS infrastructures - T1327":["misp-galaxy:mitre-attack-pattern=\"Use multiple DNS infrastructures - T1327\""],"User Execution - T1204":["misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"User Execution - T1204\""],"User Interface Spoofing - T1411":["misp-galaxy:mitre-attack-pattern=\"User Interface Spoofing - T1411\""],"Valid Accounts - T1078":["misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Valid Accounts - T1078\""],"Video Capture - T1125":["misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Video Capture - T1125\""],"Virtualization\/Sandbox Evasion - T1497":["misp-galaxy:mitre-attack-pattern=\"Virtualization\/Sandbox Evasion - T1497\""],"Web Service - T1102":["misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Web Service - T1102\""],"Web Service - T1481":["misp-galaxy:mitre-attack-pattern=\"Web Service - T1481\""],"Web Shell - T1100":["misp-galaxy:mitre-attack-pattern=\"Web Shell - T1100\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Web Shell - T1100\""],"Windows Admin Shares - T1077":["misp-galaxy:mitre-attack-pattern=\"Windows Admin Shares - T1077\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Admin Shares - T1077\""],"Windows Management Instrumentation - T1047":["misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation - T1047\""],"Windows Management Instrumentation Event Subscription - T1084":["misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\""],"Windows Remote Management - T1028":["misp-galaxy:mitre-attack-pattern=\"Windows Remote Management - T1028\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Remote Management - T1028\""],"Winlogon Helper DLL - T1004":["misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1004\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Winlogon Helper DLL - T1004\""],"Wipe Device Data - T1447":["misp-galaxy:mitre-attack-pattern=\"Wipe Device Data - T1447\""],"XSL Script Processing - T1220":["misp-galaxy:mitre-attack-pattern=\"XSL Script Processing - T1220\""],".bash_profile and .bashrc Mitigation - T1156":["misp-galaxy:mitre-course-of-action=\".bash_profile and .bashrc Mitigation - T1156\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\".bash_profile and .bashrc Mitigation - T1156\""],"Access Token Manipulation Mitigation - T1134":["misp-galaxy:mitre-course-of-action=\"Access Token Manipulation Mitigation - T1134\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Access Token Manipulation Mitigation - T1134\""],"Accessibility Features Mitigation - T1015":["misp-galaxy:mitre-course-of-action=\"Accessibility Features Mitigation - T1015\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Accessibility Features Mitigation - T1015\""],"Account Discovery Mitigation - T1087":["misp-galaxy:mitre-course-of-action=\"Account Discovery Mitigation - T1087\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Account Discovery Mitigation - T1087\""],"Account Manipulation Mitigation - T1098":["misp-galaxy:mitre-course-of-action=\"Account Manipulation Mitigation - T1098\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Account Manipulation Mitigation - T1098\""],"AppCert DLLs Mitigation - T1182":["misp-galaxy:mitre-course-of-action=\"AppCert DLLs Mitigation - T1182\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"AppCert DLLs Mitigation - T1182\""],"AppInit DLLs Mitigation - T1103":["misp-galaxy:mitre-course-of-action=\"AppInit DLLs Mitigation - T1103\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"AppInit DLLs Mitigation - T1103\""],"AppleScript Mitigation - T1155":["misp-galaxy:mitre-course-of-action=\"AppleScript Mitigation - T1155\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"AppleScript Mitigation - T1155\""],"Application Deployment Software Mitigation - T1017":["misp-galaxy:mitre-course-of-action=\"Application Deployment Software Mitigation - T1017\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Application Deployment Software Mitigation - T1017\""],"Application Developer Guidance - M1013":["misp-galaxy:mitre-course-of-action=\"Application Developer Guidance - M1013\""],"Application Shimming Mitigation - T1138":["misp-galaxy:mitre-course-of-action=\"Application Shimming Mitigation - T1138\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Application Shimming Mitigation - T1138\""],"Application Vetting - M1005":["misp-galaxy:mitre-course-of-action=\"Application Vetting - M1005\""],"Application Window Discovery Mitigation - T1010":["misp-galaxy:mitre-course-of-action=\"Application Window Discovery Mitigation - T1010\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Application Window Discovery Mitigation - T1010\""],"Attestation - M1002":["misp-galaxy:mitre-course-of-action=\"Attestation - M1002\""],"Audio Capture Mitigation - T1123":["misp-galaxy:mitre-course-of-action=\"Audio Capture Mitigation - T1123\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Audio Capture Mitigation - T1123\""],"Authentication Package Mitigation - T1131":["misp-galaxy:mitre-course-of-action=\"Authentication Package Mitigation - T1131\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Authentication Package Mitigation - T1131\""],"Automated Collection Mitigation - T1119":["misp-galaxy:mitre-course-of-action=\"Automated Collection Mitigation - T1119\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Automated Collection Mitigation - T1119\""],"Automated Exfiltration Mitigation - T1020":["misp-galaxy:mitre-course-of-action=\"Automated Exfiltration Mitigation - T1020\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Automated Exfiltration Mitigation - T1020\""],"BITS Jobs Mitigation - T1197":["misp-galaxy:mitre-course-of-action=\"BITS Jobs Mitigation - T1197\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"BITS Jobs Mitigation - T1197\""],"Bash History Mitigation - T1139":["misp-galaxy:mitre-course-of-action=\"Bash History Mitigation - T1139\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Bash History Mitigation - T1139\""],"Binary Padding Mitigation - T1009":["misp-galaxy:mitre-course-of-action=\"Binary Padding Mitigation - T1009\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Binary Padding Mitigation - T1009\""],"Bootkit Mitigation - T1067":["misp-galaxy:mitre-course-of-action=\"Bootkit Mitigation - T1067\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Bootkit Mitigation - T1067\""],"Browser Bookmark Discovery Mitigation - T1217":["misp-galaxy:mitre-course-of-action=\"Browser Bookmark Discovery Mitigation - T1217\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Browser Bookmark Discovery Mitigation - T1217\""],"Browser Extensions Mitigation - T1176":["misp-galaxy:mitre-course-of-action=\"Browser Extensions Mitigation - T1176\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Browser Extensions Mitigation - T1176\""],"Brute Force Mitigation - T1110":["misp-galaxy:mitre-course-of-action=\"Brute Force Mitigation - T1110\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Brute Force Mitigation - T1110\""],"Bypass User Account Control Mitigation - T1088":["misp-galaxy:mitre-course-of-action=\"Bypass User Account Control Mitigation - T1088\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Bypass User Account Control Mitigation - T1088\""],"CMSTP Mitigation - T1191":["misp-galaxy:mitre-course-of-action=\"CMSTP Mitigation - T1191\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"CMSTP Mitigation - T1191\""],"Caution with Device Administrator Access - M1007":["misp-galaxy:mitre-course-of-action=\"Caution with Device Administrator Access - M1007\""],"Change Default File Association Mitigation - T1042":["misp-galaxy:mitre-course-of-action=\"Change Default File Association Mitigation - T1042\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Change Default File Association Mitigation - T1042\""],"Clear Command History Mitigation - T1146":["misp-galaxy:mitre-course-of-action=\"Clear Command History Mitigation - T1146\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Clear Command History Mitigation - T1146\""],"Clipboard Data Mitigation - T1115":["misp-galaxy:mitre-course-of-action=\"Clipboard Data Mitigation - T1115\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Clipboard Data Mitigation - T1115\""],"Code Signing Mitigation - T1116":["misp-galaxy:mitre-course-of-action=\"Code Signing Mitigation - T1116\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Code Signing Mitigation - T1116\""],"Command-Line Interface Mitigation - T1059":["misp-galaxy:mitre-course-of-action=\"Command-Line Interface Mitigation - T1059\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Command-Line Interface Mitigation - T1059\""],"Commonly Used Port Mitigation - T1043":["misp-galaxy:mitre-course-of-action=\"Commonly Used Port Mitigation - T1043\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Commonly Used Port Mitigation - T1043\""],"Communication Through Removable Media Mitigation - T1092":["misp-galaxy:mitre-course-of-action=\"Communication Through Removable Media Mitigation - T1092\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Communication Through Removable Media Mitigation - T1092\""],"Compile After Delivery Mitigation - T1502":["misp-galaxy:mitre-course-of-action=\"Compile After Delivery Mitigation - T1502\""],"Compiled HTML File Mitigation - T1223":["misp-galaxy:mitre-course-of-action=\"Compiled HTML File Mitigation - T1223\""],"Component Firmware Mitigation - T1109":["misp-galaxy:mitre-course-of-action=\"Component Firmware Mitigation - T1109\""],"Component Object Model Hijacking Mitigation - T1122":["misp-galaxy:mitre-course-of-action=\"Component Object Model Hijacking Mitigation - T1122\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Component Object Model Hijacking Mitigation - T1122\""],"Connection Proxy Mitigation - T1090":["misp-galaxy:mitre-course-of-action=\"Connection Proxy Mitigation - T1090\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Connection Proxy Mitigation - T1090\""],"Control Panel Items Mitigation - T1196":["misp-galaxy:mitre-course-of-action=\"Control Panel Items Mitigation - T1196\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Control Panel Items Mitigation - T1196\""],"Create Account Mitigation - T1136":["misp-galaxy:mitre-course-of-action=\"Create Account Mitigation - T1136\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Create Account Mitigation - T1136\""],"Credential Dumping Mitigation - T1003":["misp-galaxy:mitre-course-of-action=\"Credential Dumping Mitigation - T1003\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Credential Dumping Mitigation - T1003\""],"Credentials in Files Mitigation - T1081":["misp-galaxy:mitre-course-of-action=\"Credentials in Files Mitigation - T1081\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Credentials in Files Mitigation - T1081\""],"Credentials in Registry Mitigation - T1214":["misp-galaxy:mitre-course-of-action=\"Credentials in Registry Mitigation - T1214\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Credentials in Registry Mitigation - T1214\""],"Custom Command and Control Protocol Mitigation - T1094":["misp-galaxy:mitre-course-of-action=\"Custom Command and Control Protocol Mitigation - T1094\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Custom Command and Control Protocol Mitigation - T1094\""],"Custom Cryptographic Protocol Mitigation - T1024":["misp-galaxy:mitre-course-of-action=\"Custom Cryptographic Protocol Mitigation - T1024\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Custom Cryptographic Protocol Mitigation - T1024\""],"DCShadow Mitigation - T1207":["misp-galaxy:mitre-course-of-action=\"DCShadow Mitigation - T1207\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"DCShadow Mitigation - T1207\""],"DLL Search Order Hijacking Mitigation - T1038":["misp-galaxy:mitre-course-of-action=\"DLL Search Order Hijacking Mitigation - T1038\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"DLL Search Order Hijacking Mitigation - T1038\""],"DLL Side-Loading Mitigation - T1073":["misp-galaxy:mitre-course-of-action=\"DLL Side-Loading Mitigation - T1073\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"DLL Side-Loading Mitigation - T1073\""],"Data Compressed Mitigation - T1002":["misp-galaxy:mitre-course-of-action=\"Data Compressed Mitigation - T1002\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Compressed Mitigation - T1002\""],"Data Destruction Mitigation - T1488":["misp-galaxy:mitre-course-of-action=\"Data Destruction Mitigation - T1488\""],"Data Encoding Mitigation - T1132":["misp-galaxy:mitre-course-of-action=\"Data Encoding Mitigation - T1132\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Encoding Mitigation - T1132\""],"Data Encrypted Mitigation - T1022":["misp-galaxy:mitre-course-of-action=\"Data Encrypted Mitigation - T1022\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Encrypted Mitigation - T1022\""],"Data Encrypted for Impact Mitigation - T1486":["misp-galaxy:mitre-course-of-action=\"Data Encrypted for Impact Mitigation - T1486\""],"Data Obfuscation Mitigation - T1001":["misp-galaxy:mitre-course-of-action=\"Data Obfuscation Mitigation - T1001\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Obfuscation Mitigation - T1001\""],"Data Staged Mitigation - T1074":["misp-galaxy:mitre-course-of-action=\"Data Staged Mitigation - T1074\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Staged Mitigation - T1074\""],"Data Transfer Size Limits Mitigation - T1030":["misp-galaxy:mitre-course-of-action=\"Data Transfer Size Limits Mitigation - T1030\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Transfer Size Limits Mitigation - T1030\""],"Data from Information Repositories Mitigation - T1213":["misp-galaxy:mitre-course-of-action=\"Data from Information Repositories Mitigation - T1213\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Information Repositories Mitigation - T1213\""],"Data from Local System Mitigation - T1005":["misp-galaxy:mitre-course-of-action=\"Data from Local System Mitigation - T1005\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Local System Mitigation - T1005\""],"Data from Network Shared Drive Mitigation - T1039":["misp-galaxy:mitre-course-of-action=\"Data from Network Shared Drive Mitigation - T1039\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Network Shared Drive Mitigation - T1039\""],"Data from Removable Media Mitigation - T1025":["misp-galaxy:mitre-course-of-action=\"Data from Removable Media Mitigation - T1025\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Removable Media Mitigation - T1025\""],"Defacement Mitigation - T1491":["misp-galaxy:mitre-course-of-action=\"Defacement Mitigation - T1491\""],"Deobfuscate\/Decode Files or Information Mitigation - T1140":["misp-galaxy:mitre-course-of-action=\"Deobfuscate\/Decode Files or Information Mitigation - T1140\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Deobfuscate\/Decode Files or Information Mitigation - T1140\""],"Deploy Compromised Device Detection Method - M1010":["misp-galaxy:mitre-course-of-action=\"Deploy Compromised Device Detection Method - M1010\""],"Disabling Security Tools Mitigation - T1089":["misp-galaxy:mitre-course-of-action=\"Disabling Security Tools Mitigation - T1089\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Disabling Security Tools Mitigation - T1089\""],"Distributed Component Object Model Mitigation - T1175":["misp-galaxy:mitre-course-of-action=\"Distributed Component Object Model Mitigation - T1175\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Distributed Component Object Model Mitigation - T1175\""],"Domain Fronting Mitigation - T1172":["misp-galaxy:mitre-course-of-action=\"Domain Fronting Mitigation - T1172\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Domain Fronting Mitigation - T1172\""],"Domain Generation Algorithms Mitigation - T1483":["misp-galaxy:mitre-course-of-action=\"Domain Generation Algorithms Mitigation - T1483\""],"Domain Trust Discovery Mitigation - T1482":["misp-galaxy:mitre-course-of-action=\"Domain Trust Discovery Mitigation - T1482\""],"Drive-by Compromise Mitigation - T1189":["misp-galaxy:mitre-course-of-action=\"Drive-by Compromise Mitigation - T1189\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Drive-by Compromise Mitigation - T1189\""],"Dylib Hijacking Mitigation - T1157":["misp-galaxy:mitre-course-of-action=\"Dylib Hijacking Mitigation - T1157\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Dylib Hijacking Mitigation - T1157\""],"Dynamic Data Exchange Mitigation - T1173":["misp-galaxy:mitre-course-of-action=\"Dynamic Data Exchange Mitigation - T1173\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Dynamic Data Exchange Mitigation - T1173\""],"Email Collection Mitigation - T1114":["misp-galaxy:mitre-course-of-action=\"Email Collection Mitigation - T1114\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Email Collection Mitigation - T1114\""],"Encrypt Network Traffic - M1009":["misp-galaxy:mitre-course-of-action=\"Encrypt Network Traffic - M1009\""],"Endpoint Denial of Service Mitigation - T1499":["misp-galaxy:mitre-course-of-action=\"Endpoint Denial of Service Mitigation - T1499\""],"Enterprise Policy - M1012":["misp-galaxy:mitre-course-of-action=\"Enterprise Policy - M1012\""],"Environmental Keying Mitigation - T1480":["misp-galaxy:mitre-course-of-action=\"Environmental Keying Mitigation - T1480\""],"Execution through API Mitigation - T1106":["misp-galaxy:mitre-course-of-action=\"Execution through API Mitigation - T1106\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Execution through API Mitigation - T1106\""],"Execution through Module Load Mitigation - T1129":["misp-galaxy:mitre-course-of-action=\"Execution through Module Load Mitigation - T1129\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Execution through Module Load Mitigation - T1129\""],"Exfiltration Over Alternative Protocol Mitigation - T1048":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Alternative Protocol Mitigation - T1048\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exfiltration Over Alternative Protocol Mitigation - T1048\""],"Exfiltration Over Command and Control Channel Mitigation - T1041":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Command and Control Channel Mitigation - T1041\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exfiltration Over Command and Control Channel Mitigation - T1041\""],"Exfiltration Over Other Network Medium Mitigation - T1011":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Other Network Medium Mitigation - T1011\""],"Exfiltration Over Physical Medium Mitigation - T1052":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Physical Medium Mitigation - T1052\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exfiltration Over Physical Medium Mitigation - T1052\""],"Exploit Public-Facing Application Mitigation - T1190":["misp-galaxy:mitre-course-of-action=\"Exploit Public-Facing Application Mitigation - T1190\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploit Public-Facing Application Mitigation - T1190\""],"Exploitation for Client Execution Mitigation - T1203":["misp-galaxy:mitre-course-of-action=\"Exploitation for Client Execution Mitigation - T1203\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Client Execution Mitigation - T1203\""],"Exploitation for Credential Access Mitigation - T1212":["misp-galaxy:mitre-course-of-action=\"Exploitation for Credential Access Mitigation - T1212\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Credential Access Mitigation - T1212\""],"Exploitation for Defense Evasion Mitigation - T1211":["misp-galaxy:mitre-course-of-action=\"Exploitation for Defense Evasion Mitigation - T1211\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Defense Evasion Mitigation - T1211\""],"Exploitation for Privilege Escalation Mitigation - T1068":["misp-galaxy:mitre-course-of-action=\"Exploitation for Privilege Escalation Mitigation - T1068\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Privilege Escalation Mitigation - T1068\""],"Exploitation of Remote Services Mitigation - T1210":["misp-galaxy:mitre-course-of-action=\"Exploitation of Remote Services Mitigation - T1210\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation of Remote Services Mitigation - T1210\""],"External Remote Services Mitigation - T1133":["misp-galaxy:mitre-course-of-action=\"External Remote Services Mitigation - T1133\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"External Remote Services Mitigation - T1133\""],"Extra Window Memory Injection Mitigation - T1181":["misp-galaxy:mitre-course-of-action=\"Extra Window Memory Injection Mitigation - T1181\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Extra Window Memory Injection Mitigation - T1181\""],"Fallback Channels Mitigation - T1008":["misp-galaxy:mitre-course-of-action=\"Fallback Channels Mitigation - T1008\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Fallback Channels Mitigation - T1008\""],"File Deletion Mitigation - T1107":["misp-galaxy:mitre-course-of-action=\"File Deletion Mitigation - T1107\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File Deletion Mitigation - T1107\""],"File Permissions Modification Mitigation - T1222":["misp-galaxy:mitre-course-of-action=\"File Permissions Modification Mitigation - T1222\""],"File System Logical Offsets Mitigation - T1006":["misp-galaxy:mitre-course-of-action=\"File System Logical Offsets Mitigation - T1006\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File System Logical Offsets Mitigation - T1006\""],"File System Permissions Weakness Mitigation - T1044":["misp-galaxy:mitre-course-of-action=\"File System Permissions Weakness Mitigation - T1044\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File System Permissions Weakness Mitigation - T1044\""],"File and Directory Discovery Mitigation - T1083":["misp-galaxy:mitre-course-of-action=\"File and Directory Discovery Mitigation - T1083\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File and Directory Discovery Mitigation - T1083\""],"Firmware Corruption Mitigation - T1495":["misp-galaxy:mitre-course-of-action=\"Firmware Corruption Mitigation - T1495\""],"Forced Authentication Mitigation - T1187":["misp-galaxy:mitre-course-of-action=\"Forced Authentication Mitigation - T1187\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Forced Authentication Mitigation - T1187\""],"Gatekeeper Bypass Mitigation - T1144":["misp-galaxy:mitre-course-of-action=\"Gatekeeper Bypass Mitigation - T1144\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Gatekeeper Bypass Mitigation - T1144\""],"Graphical User Interface Mitigation - T1061":["misp-galaxy:mitre-course-of-action=\"Graphical User Interface Mitigation - T1061\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Graphical User Interface Mitigation - T1061\""],"Group Policy Modification Mitigation - T1484":["misp-galaxy:mitre-course-of-action=\"Group Policy Modification Mitigation - T1484\""],"HISTCONTROL Mitigation - T1148":["misp-galaxy:mitre-course-of-action=\"HISTCONTROL Mitigation - T1148\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"HISTCONTROL Mitigation - T1148\""],"Hardware Additions Mitigation - T1200":["misp-galaxy:mitre-course-of-action=\"Hardware Additions Mitigation - T1200\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hardware Additions Mitigation - T1200\""],"Hidden Files and Directories Mitigation - T1158":["misp-galaxy:mitre-course-of-action=\"Hidden Files and Directories Mitigation - T1158\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hidden Files and Directories Mitigation - T1158\""],"Hidden Users Mitigation - T1147":["misp-galaxy:mitre-course-of-action=\"Hidden Users Mitigation - T1147\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hidden Users Mitigation - T1147\""],"Hidden Window Mitigation - T1143":["misp-galaxy:mitre-course-of-action=\"Hidden Window Mitigation - T1143\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hidden Window Mitigation - T1143\""],"Hooking Mitigation - T1179":["misp-galaxy:mitre-course-of-action=\"Hooking Mitigation - T1179\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hooking Mitigation - T1179\""],"Hypervisor Mitigation - T1062":["misp-galaxy:mitre-course-of-action=\"Hypervisor Mitigation - T1062\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hypervisor Mitigation - T1062\""],"Image File Execution Options Injection Mitigation - T1183":["misp-galaxy:mitre-course-of-action=\"Image File Execution Options Injection Mitigation - T1183\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Image File Execution Options Injection Mitigation - T1183\""],"Indicator Blocking Mitigation - T1054":["misp-galaxy:mitre-course-of-action=\"Indicator Blocking Mitigation - T1054\""],"Indicator Removal from Tools Mitigation - T1066":["misp-galaxy:mitre-course-of-action=\"Indicator Removal from Tools Mitigation - T1066\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Indicator Removal from Tools Mitigation - T1066\""],"Indicator Removal on Host Mitigation - T1070":["misp-galaxy:mitre-course-of-action=\"Indicator Removal on Host Mitigation - T1070\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Indicator Removal on Host Mitigation - T1070\""],"Indirect Command Execution Mitigation - T1202":["misp-galaxy:mitre-course-of-action=\"Indirect Command Execution Mitigation - T1202\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Indirect Command Execution Mitigation - T1202\""],"Inhibit System Recovery Mitigation - T1490":["misp-galaxy:mitre-course-of-action=\"Inhibit System Recovery Mitigation - T1490\""],"Input Capture Mitigation - T1056":["misp-galaxy:mitre-course-of-action=\"Input Capture Mitigation - T1056\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Input Capture Mitigation - T1056\""],"Input Prompt Mitigation - T1141":["misp-galaxy:mitre-course-of-action=\"Input Prompt Mitigation - T1141\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Input Prompt Mitigation - T1141\""],"Install Root Certificate Mitigation - T1130":["misp-galaxy:mitre-course-of-action=\"Install Root Certificate Mitigation - T1130\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Install Root Certificate Mitigation - T1130\""],"InstallUtil Mitigation - T1118":["misp-galaxy:mitre-course-of-action=\"InstallUtil Mitigation - T1118\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"InstallUtil Mitigation - T1118\""],"Interconnection Filtering - M1014":["misp-galaxy:mitre-course-of-action=\"Interconnection Filtering - M1014\""],"Kerberoasting Mitigation - T1208":["misp-galaxy:mitre-course-of-action=\"Kerberoasting Mitigation - T1208\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Kerberoasting Mitigation - T1208\""],"Kernel Modules and Extensions Mitigation - T1215":["misp-galaxy:mitre-course-of-action=\"Kernel Modules and Extensions Mitigation - T1215\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Kernel Modules and Extensions Mitigation - T1215\""],"Keychain Mitigation - T1142":["misp-galaxy:mitre-course-of-action=\"Keychain Mitigation - T1142\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Keychain Mitigation - T1142\""],"LC_LOAD_DYLIB Addition Mitigation - T1161":["misp-galaxy:mitre-course-of-action=\"LC_LOAD_DYLIB Addition Mitigation - T1161\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LC_LOAD_DYLIB Addition Mitigation - T1161\""],"LC_MAIN Hijacking Mitigation - T1149":["misp-galaxy:mitre-course-of-action=\"LC_MAIN Hijacking Mitigation - T1149\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LC_MAIN Hijacking Mitigation - T1149\""],"LLMNR\/NBT-NS Poisoning Mitigation - T1171":["misp-galaxy:mitre-course-of-action=\"LLMNR\/NBT-NS Poisoning Mitigation - T1171\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LLMNR\/NBT-NS Poisoning Mitigation - T1171\""],"LSASS Driver Mitigation - T1177":["misp-galaxy:mitre-course-of-action=\"LSASS Driver Mitigation - T1177\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LSASS Driver Mitigation - T1177\""],"Launch Agent Mitigation - T1159":["misp-galaxy:mitre-course-of-action=\"Launch Agent Mitigation - T1159\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Launch Agent Mitigation - T1159\""],"Launch Daemon Mitigation - T1160":["misp-galaxy:mitre-course-of-action=\"Launch Daemon Mitigation - T1160\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Launch Daemon Mitigation - T1160\""],"Launchctl Mitigation - T1152":["misp-galaxy:mitre-course-of-action=\"Launchctl Mitigation - T1152\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Launchctl Mitigation - T1152\""],"Local Job Scheduling Mitigation - T1168":["misp-galaxy:mitre-course-of-action=\"Local Job Scheduling Mitigation - T1168\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Local Job Scheduling Mitigation - T1168\""],"Lock Bootloader - M1003":["misp-galaxy:mitre-course-of-action=\"Lock Bootloader - M1003\""],"Login Item Mitigation - T1162":["misp-galaxy:mitre-course-of-action=\"Login Item Mitigation - T1162\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Login Item Mitigation - T1162\""],"Logon Scripts Mitigation - T1037":["misp-galaxy:mitre-course-of-action=\"Logon Scripts Mitigation - T1037\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Logon Scripts Mitigation - T1037\""],"Man in the Browser Mitigation - T1185":["misp-galaxy:mitre-course-of-action=\"Man in the Browser Mitigation - T1185\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Man in the Browser Mitigation - T1185\""],"Masquerading Mitigation - T1036":["misp-galaxy:mitre-course-of-action=\"Masquerading Mitigation - T1036\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Masquerading Mitigation - T1036\""],"Modify Existing Service Mitigation - T1031":["misp-galaxy:mitre-course-of-action=\"Modify Existing Service Mitigation - T1031\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Modify Existing Service Mitigation - T1031\""],"Modify Registry Mitigation - T1112":["misp-galaxy:mitre-course-of-action=\"Modify Registry Mitigation - T1112\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Modify Registry Mitigation - T1112\""],"Mshta Mitigation - T1170":["misp-galaxy:mitre-course-of-action=\"Mshta Mitigation - T1170\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Mshta Mitigation - T1170\""],"Multi-Stage Channels Mitigation - T1104":["misp-galaxy:mitre-course-of-action=\"Multi-Stage Channels Mitigation - T1104\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multi-Stage Channels Mitigation - T1104\""],"Multi-hop Proxy Mitigation - T1188":["misp-galaxy:mitre-course-of-action=\"Multi-hop Proxy Mitigation - T1188\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multi-hop Proxy Mitigation - T1188\""],"Multiband Communication Mitigation - T1026":["misp-galaxy:mitre-course-of-action=\"Multiband Communication Mitigation - T1026\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multiband Communication Mitigation - T1026\""],"Multilayer Encryption Mitigation - T1079":["misp-galaxy:mitre-course-of-action=\"Multilayer Encryption Mitigation - T1079\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multilayer Encryption Mitigation - T1079\""],"NTFS File Attributes Mitigation - T1096":["misp-galaxy:mitre-course-of-action=\"NTFS File Attributes Mitigation - T1096\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"NTFS File Attributes Mitigation - T1096\""],"Netsh Helper DLL Mitigation - T1128":["misp-galaxy:mitre-course-of-action=\"Netsh Helper DLL Mitigation - T1128\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Netsh Helper DLL Mitigation - T1128\""],"Network Denial of Service Mitigation - T1498":["misp-galaxy:mitre-course-of-action=\"Network Denial of Service Mitigation - T1498\""],"Network Service Scanning Mitigation - T1046":["misp-galaxy:mitre-course-of-action=\"Network Service Scanning Mitigation - T1046\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Service Scanning Mitigation - T1046\""],"Network Share Connection Removal Mitigation - T1126":["misp-galaxy:mitre-course-of-action=\"Network Share Connection Removal Mitigation - T1126\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Share Connection Removal Mitigation - T1126\""],"Network Share Discovery Mitigation - T1135":["misp-galaxy:mitre-course-of-action=\"Network Share Discovery Mitigation - T1135\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Share Discovery Mitigation - T1135\""],"Network Sniffing Mitigation - T1040":["misp-galaxy:mitre-course-of-action=\"Network Sniffing Mitigation - T1040\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Sniffing Mitigation - T1040\""],"New Service Mitigation - T1050":["misp-galaxy:mitre-course-of-action=\"New Service Mitigation - T1050\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"New Service Mitigation - T1050\""],"Obfuscated Files or Information Mitigation - T1027":["misp-galaxy:mitre-course-of-action=\"Obfuscated Files or Information Mitigation - T1027\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Obfuscated Files or Information Mitigation - T1027\""],"Office Application Startup Mitigation - T1137":["misp-galaxy:mitre-course-of-action=\"Office Application Startup Mitigation - T1137\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Office Application Startup Mitigation - T1137\""],"Pass the Hash Mitigation - T1075":["misp-galaxy:mitre-course-of-action=\"Pass the Hash Mitigation - T1075\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Pass the Hash Mitigation - T1075\""],"Pass the Ticket Mitigation - T1097":["misp-galaxy:mitre-course-of-action=\"Pass the Ticket Mitigation - T1097\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Pass the Ticket Mitigation - T1097\""],"Password Filter DLL Mitigation - T1174":["misp-galaxy:mitre-course-of-action=\"Password Filter DLL Mitigation - T1174\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Password Filter DLL Mitigation - T1174\""],"Password Policy Discovery Mitigation - T1201":["misp-galaxy:mitre-course-of-action=\"Password Policy Discovery Mitigation - T1201\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Password Policy Discovery Mitigation - T1201\""],"Path Interception Mitigation - T1034":["misp-galaxy:mitre-course-of-action=\"Path Interception Mitigation - T1034\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Path Interception Mitigation - T1034\""],"Peripheral Device Discovery Mitigation - T1120":["misp-galaxy:mitre-course-of-action=\"Peripheral Device Discovery Mitigation - T1120\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Peripheral Device Discovery Mitigation - T1120\""],"Permission Groups Discovery Mitigation - T1069":["misp-galaxy:mitre-course-of-action=\"Permission Groups Discovery Mitigation - T1069\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Permission Groups Discovery Mitigation - T1069\""],"Plist Modification Mitigation - T1150":["misp-galaxy:mitre-course-of-action=\"Plist Modification Mitigation - T1150\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Plist Modification Mitigation - T1150\""],"Port Knocking Mitigation - T1205":["misp-galaxy:mitre-course-of-action=\"Port Knocking Mitigation - T1205\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Port Knocking Mitigation - T1205\""],"Port Monitors Mitigation - T1013":["misp-galaxy:mitre-course-of-action=\"Port Monitors Mitigation - T1013\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Port Monitors Mitigation - T1013\""],"PowerShell Mitigation - T1086":["misp-galaxy:mitre-course-of-action=\"PowerShell Mitigation - T1086\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"PowerShell Mitigation - T1086\""],"Private Keys Mitigation - T1145":["misp-galaxy:mitre-course-of-action=\"Private Keys Mitigation - T1145\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Private Keys Mitigation - T1145\""],"Process Discovery Mitigation - T1057":["misp-galaxy:mitre-course-of-action=\"Process Discovery Mitigation - T1057\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Discovery Mitigation - T1057\""],"Process Doppelg\u00e4nging Mitigation - T1186":["misp-galaxy:mitre-course-of-action=\"Process Doppelg\u00e4nging Mitigation - T1186\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Doppelg\u00e4nging Mitigation - T1186\""],"Process Hollowing Mitigation - T1093":["misp-galaxy:mitre-course-of-action=\"Process Hollowing Mitigation - T1093\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Hollowing Mitigation - T1093\""],"Process Injection Mitigation - T1055":["misp-galaxy:mitre-course-of-action=\"Process Injection Mitigation - T1055\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Injection Mitigation - T1055\""],"Query Registry Mitigation - T1012":["misp-galaxy:mitre-course-of-action=\"Query Registry Mitigation - T1012\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Query Registry Mitigation - T1012\""],"Rc.common Mitigation - T1163":["misp-galaxy:mitre-course-of-action=\"Rc.common Mitigation - T1163\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Rc.common Mitigation - T1163\""],"Re-opened Applications Mitigation - T1164":["misp-galaxy:mitre-course-of-action=\"Re-opened Applications Mitigation - T1164\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Re-opened Applications Mitigation - T1164\""],"Redundant Access Mitigation - T1108":["misp-galaxy:mitre-course-of-action=\"Redundant Access Mitigation - T1108\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Redundant Access Mitigation - T1108\""],"Registry Run Keys \/ Startup Folder Mitigation - T1060":["misp-galaxy:mitre-course-of-action=\"Registry Run Keys \/ Startup Folder Mitigation - T1060\""],"Regsvcs\/Regasm Mitigation - T1121":["misp-galaxy:mitre-course-of-action=\"Regsvcs\/Regasm Mitigation - T1121\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Regsvcs\/Regasm Mitigation - T1121\""],"Regsvr32 Mitigation - T1117":["misp-galaxy:mitre-course-of-action=\"Regsvr32 Mitigation - T1117\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Regsvr32 Mitigation - T1117\""],"Remote Access Tools Mitigation - T1219":["misp-galaxy:mitre-course-of-action=\"Remote Access Tools Mitigation - T1219\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote Access Tools Mitigation - T1219\""],"Remote Desktop Protocol Mitigation - T1076":["misp-galaxy:mitre-course-of-action=\"Remote Desktop Protocol Mitigation - T1076\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote Desktop Protocol Mitigation - T1076\""],"Remote File Copy Mitigation - T1105":["misp-galaxy:mitre-course-of-action=\"Remote File Copy Mitigation - T1105\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote File Copy Mitigation - T1105\""],"Remote Services Mitigation - T1021":["misp-galaxy:mitre-course-of-action=\"Remote Services Mitigation - T1021\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote Services Mitigation - T1021\""],"Remote System Discovery Mitigation - T1018":["misp-galaxy:mitre-course-of-action=\"Remote System Discovery Mitigation - T1018\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote System Discovery Mitigation - T1018\""],"Replication Through Removable Media Mitigation - T1091":["misp-galaxy:mitre-course-of-action=\"Replication Through Removable Media Mitigation - T1091\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Replication Through Removable Media Mitigation - T1091\""],"Resource Hijacking Mitigation - T1496":["misp-galaxy:mitre-course-of-action=\"Resource Hijacking Mitigation - T1496\""],"Rootkit Mitigation - T1014":["misp-galaxy:mitre-course-of-action=\"Rootkit Mitigation - T1014\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Rootkit Mitigation - T1014\""],"Rundll32 Mitigation - T1085":["misp-galaxy:mitre-course-of-action=\"Rundll32 Mitigation - T1085\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Rundll32 Mitigation - T1085\""],"Runtime Data Manipulation Mitigation - T1494":["misp-galaxy:mitre-course-of-action=\"Runtime Data Manipulation Mitigation - T1494\""],"SID-History Injection Mitigation - T1178":["misp-galaxy:mitre-course-of-action=\"SID-History Injection Mitigation - T1178\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"SID-History Injection Mitigation - T1178\""],"SIP and Trust Provider Hijacking Mitigation - T1198":["misp-galaxy:mitre-course-of-action=\"SIP and Trust Provider Hijacking Mitigation - T1198\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"SIP and Trust Provider Hijacking Mitigation - T1198\""],"SSH Hijacking Mitigation - T1184":["misp-galaxy:mitre-course-of-action=\"SSH Hijacking Mitigation - T1184\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"SSH Hijacking Mitigation - T1184\""],"Scheduled Task Mitigation - T1053":["misp-galaxy:mitre-course-of-action=\"Scheduled Task Mitigation - T1053\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Scheduled Task Mitigation - T1053\""],"Scheduled Transfer Mitigation - T1029":["misp-galaxy:mitre-course-of-action=\"Scheduled Transfer Mitigation - T1029\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Scheduled Transfer Mitigation - T1029\""],"Screen Capture Mitigation - T1113":["misp-galaxy:mitre-course-of-action=\"Screen Capture Mitigation - T1113\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Screen Capture Mitigation - T1113\""],"Screensaver Mitigation - T1180":["misp-galaxy:mitre-course-of-action=\"Screensaver Mitigation - T1180\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Screensaver Mitigation - T1180\""],"Scripting Mitigation - T1064":["misp-galaxy:mitre-course-of-action=\"Scripting Mitigation - T1064\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Scripting Mitigation - T1064\""],"Security Software Discovery Mitigation - T1063":["misp-galaxy:mitre-course-of-action=\"Security Software Discovery Mitigation - T1063\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Security Software Discovery Mitigation - T1063\""],"Security Support Provider Mitigation - T1101":["misp-galaxy:mitre-course-of-action=\"Security Support Provider Mitigation - T1101\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Security Support Provider Mitigation - T1101\""],"Security Updates - M1001":["misp-galaxy:mitre-course-of-action=\"Security Updates - M1001\""],"Service Execution Mitigation - T1035":["misp-galaxy:mitre-course-of-action=\"Service Execution Mitigation - T1035\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Service Execution Mitigation - T1035\""],"Service Registry Permissions Weakness Mitigation - T1058":["misp-galaxy:mitre-course-of-action=\"Service Registry Permissions Weakness Mitigation - T1058\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Service Registry Permissions Weakness Mitigation - T1058\""],"Service Stop Mitigation - T1489":["misp-galaxy:mitre-course-of-action=\"Service Stop Mitigation - T1489\""],"Setuid and Setgid Mitigation - T1166":["misp-galaxy:mitre-course-of-action=\"Setuid and Setgid Mitigation - T1166\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Setuid and Setgid Mitigation - T1166\""],"Shared Webroot Mitigation - T1051":["misp-galaxy:mitre-course-of-action=\"Shared Webroot Mitigation - T1051\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Shared Webroot Mitigation - T1051\""],"Shortcut Modification Mitigation - T1023":["misp-galaxy:mitre-course-of-action=\"Shortcut Modification Mitigation - T1023\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Shortcut Modification Mitigation - T1023\""],"Signed Binary Proxy Execution Mitigation - T1218":["misp-galaxy:mitre-course-of-action=\"Signed Binary Proxy Execution Mitigation - T1218\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Signed Binary Proxy Execution Mitigation - T1218\""],"Signed Script Proxy Execution Mitigation - T1216":["misp-galaxy:mitre-course-of-action=\"Signed Script Proxy Execution Mitigation - T1216\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Signed Script Proxy Execution Mitigation - T1216\""],"Software Packing Mitigation - T1045":["misp-galaxy:mitre-course-of-action=\"Software Packing Mitigation - T1045\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Software Packing Mitigation - T1045\""],"Source Mitigation - T1153":["misp-galaxy:mitre-course-of-action=\"Source Mitigation - T1153\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Source Mitigation - T1153\""],"Space after Filename Mitigation - T1151":["misp-galaxy:mitre-course-of-action=\"Space after Filename Mitigation - T1151\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Space after Filename Mitigation - T1151\""],"Spearphishing Attachment Mitigation - T1193":["misp-galaxy:mitre-course-of-action=\"Spearphishing Attachment Mitigation - T1193\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Spearphishing Attachment Mitigation - T1193\""],"Spearphishing Link Mitigation - T1192":["misp-galaxy:mitre-course-of-action=\"Spearphishing Link Mitigation - T1192\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Spearphishing Link Mitigation - T1192\""],"Spearphishing via Service Mitigation - T1194":["misp-galaxy:mitre-course-of-action=\"Spearphishing via Service Mitigation - T1194\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Spearphishing via Service Mitigation - T1194\""],"Standard Application Layer Protocol Mitigation - T1071":["misp-galaxy:mitre-course-of-action=\"Standard Application Layer Protocol Mitigation - T1071\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Standard Application Layer Protocol Mitigation - T1071\""],"Standard Cryptographic Protocol Mitigation - T1032":["misp-galaxy:mitre-course-of-action=\"Standard Cryptographic Protocol Mitigation - T1032\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Standard Cryptographic Protocol Mitigation - T1032\""],"Standard Non-Application Layer Protocol Mitigation - T1095":["misp-galaxy:mitre-course-of-action=\"Standard Non-Application Layer Protocol Mitigation - T1095\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Standard Non-Application Layer Protocol Mitigation - T1095\""],"Startup Items Mitigation - T1165":["misp-galaxy:mitre-course-of-action=\"Startup Items Mitigation - T1165\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Startup Items Mitigation - T1165\""],"Stored Data Manipulation Mitigation - T1492":["misp-galaxy:mitre-course-of-action=\"Stored Data Manipulation Mitigation - T1492\""],"Sudo Caching Mitigation - T1206":["misp-galaxy:mitre-course-of-action=\"Sudo Caching Mitigation - T1206\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Sudo Caching Mitigation - T1206\""],"Sudo Mitigation - T1169":["misp-galaxy:mitre-course-of-action=\"Sudo Mitigation - T1169\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Sudo Mitigation - T1169\""],"Supply Chain Compromise Mitigation - T1195":["misp-galaxy:mitre-course-of-action=\"Supply Chain Compromise Mitigation - T1195\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Supply Chain Compromise Mitigation - T1195\""],"System Firmware Mitigation - T1019":["misp-galaxy:mitre-course-of-action=\"System Firmware Mitigation - T1019\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Firmware Mitigation - T1019\""],"System Information Discovery Mitigation - T1082":["misp-galaxy:mitre-course-of-action=\"System Information Discovery Mitigation - T1082\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Information Discovery Mitigation - T1082\""],"System Network Configuration Discovery Mitigation - T1016":["misp-galaxy:mitre-course-of-action=\"System Network Configuration Discovery Mitigation - T1016\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Network Configuration Discovery Mitigation - T1016\""],"System Network Connections Discovery Mitigation - T1049":["misp-galaxy:mitre-course-of-action=\"System Network Connections Discovery Mitigation - T1049\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Network Connections Discovery Mitigation - T1049\""],"System Owner\/User Discovery Mitigation - T1033":["misp-galaxy:mitre-course-of-action=\"System Owner\/User Discovery Mitigation - T1033\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Owner\/User Discovery Mitigation - T1033\""],"System Owner\/User Discovery Mitigation - T1482":["misp-galaxy:mitre-course-of-action=\"System Owner\/User Discovery Mitigation - T1482\""],"System Partition Integrity - M1004":["misp-galaxy:mitre-course-of-action=\"System Partition Integrity - M1004\""],"System Service Discovery Mitigation - T1007":["misp-galaxy:mitre-course-of-action=\"System Service Discovery Mitigation - T1007\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Service Discovery Mitigation - T1007\""],"System Time Discovery Mitigation - T1124":["misp-galaxy:mitre-course-of-action=\"System Time Discovery Mitigation - T1124\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Time Discovery Mitigation - T1124\""],"Systemd Service Mitigation - T1501":["misp-galaxy:mitre-course-of-action=\"Systemd Service Mitigation - T1501\""],"Taint Shared Content Mitigation - T1080":["misp-galaxy:mitre-course-of-action=\"Taint Shared Content Mitigation - T1080\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Taint Shared Content Mitigation - T1080\""],"Template Injection Mitigation - T1221":["misp-galaxy:mitre-course-of-action=\"Template Injection Mitigation - T1221\""],"Third-party Software Mitigation - T1072":["misp-galaxy:mitre-course-of-action=\"Third-party Software Mitigation - T1072\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Third-party Software Mitigation - T1072\""],"Time Providers Mitigation - T1209":["misp-galaxy:mitre-course-of-action=\"Time Providers Mitigation - T1209\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Time Providers Mitigation - T1209\""],"Timestomp Mitigation - T1099":["misp-galaxy:mitre-course-of-action=\"Timestomp Mitigation - T1099\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Timestomp Mitigation - T1099\""],"Transmitted Data Manipulation Mitigation - T1493":["misp-galaxy:mitre-course-of-action=\"Transmitted Data Manipulation Mitigation - T1493\""],"Trap Mitigation - T1154":["misp-galaxy:mitre-course-of-action=\"Trap Mitigation - T1154\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Trap Mitigation - T1154\""],"Trusted Developer Utilities Mitigation - T1127":["misp-galaxy:mitre-course-of-action=\"Trusted Developer Utilities Mitigation - T1127\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Trusted Developer Utilities Mitigation - T1127\""],"Trusted Relationship Mitigation - T1199":["misp-galaxy:mitre-course-of-action=\"Trusted Relationship Mitigation - T1199\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Trusted Relationship Mitigation - T1199\""],"Two-Factor Authentication Interception Mitigation - T1111":["misp-galaxy:mitre-course-of-action=\"Two-Factor Authentication Interception Mitigation - T1111\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Two-Factor Authentication Interception Mitigation - T1111\""],"Uncommonly Used Port Mitigation - T1065":["misp-galaxy:mitre-course-of-action=\"Uncommonly Used Port Mitigation - T1065\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Uncommonly Used Port Mitigation - T1065\""],"Use Device-Provided Credential Storage - M1008":["misp-galaxy:mitre-course-of-action=\"Use Device-Provided Credential Storage - M1008\""],"Use Recent OS Version - M1006":["misp-galaxy:mitre-course-of-action=\"Use Recent OS Version - M1006\""],"User Execution Mitigation - T1204":["misp-galaxy:mitre-course-of-action=\"User Execution Mitigation - T1204\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"User Execution Mitigation - T1204\""],"User Guidance - M1011":["misp-galaxy:mitre-course-of-action=\"User Guidance - M1011\""],"Valid Accounts Mitigation - T1078":["misp-galaxy:mitre-course-of-action=\"Valid Accounts Mitigation - T1078\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Valid Accounts Mitigation - T1078\""],"Video Capture Mitigation - T1125":["misp-galaxy:mitre-course-of-action=\"Video Capture Mitigation - T1125\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Video Capture Mitigation - T1125\""],"Virtualization\/Sandbox Evasion Mitigation - T1497":["misp-galaxy:mitre-course-of-action=\"Virtualization\/Sandbox Evasion Mitigation - T1497\""],"Web Service Mitigation - T1102":["misp-galaxy:mitre-course-of-action=\"Web Service Mitigation - T1102\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Web Service Mitigation - T1102\""],"Web Shell Mitigation - T1100":["misp-galaxy:mitre-course-of-action=\"Web Shell Mitigation - T1100\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Web Shell Mitigation - T1100\""],"Windows Admin Shares Mitigation - T1077":["misp-galaxy:mitre-course-of-action=\"Windows Admin Shares Mitigation - T1077\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Admin Shares Mitigation - T1077\""],"Windows Management Instrumentation Event Subscription Mitigation - T1084":["misp-galaxy:mitre-course-of-action=\"Windows Management Instrumentation Event Subscription Mitigation - T1084\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Management Instrumentation Event Subscription Mitigation - T1084\""],"Windows Management Instrumentation Mitigation - T1047":["misp-galaxy:mitre-course-of-action=\"Windows Management Instrumentation Mitigation - T1047\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Management Instrumentation Mitigation - T1047\""],"Windows Remote Management Mitigation - T1028":["misp-galaxy:mitre-course-of-action=\"Windows Remote Management Mitigation - T1028\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Remote Management Mitigation - T1028\""],"Winlogon Helper DLL Mitigation - T1004":["misp-galaxy:mitre-course-of-action=\"Winlogon Helper DLL Mitigation - T1004\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Winlogon Helper DLL Mitigation - T1004\""],"XSL Script Processing Mitigation - T1220":["misp-galaxy:mitre-course-of-action=\"XSL Script Processing Mitigation - T1220\""],"Registry Run Keys \/ Start Folder - T1060":["misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys \/ Start Folder - T1060\""],"Registry Run Keys \/ Start Folder Mitigation - T1060":["misp-galaxy:mitre-enterprise-attack-course-of-action=\"Registry Run Keys \/ Start Folder Mitigation - T1060\""],"APT1 - G0006":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\""],"APT1":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"Comment Crew":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"Comment Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"Comment Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"APT12 - G0005":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\""],"APT12":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"IXESHE":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"DynCalc":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"Numbered Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"DNSCALC":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\""],"APT16 - G0023":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT16 - G0023\""],"APT16":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT16 - G0023\"","misp-galaxy:threat-actor=\"APT 16\""],"APT17 - G0025":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT17 - G0025\""],"APT17":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Deputy Dog":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"APT18 - G0026":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\""],"APT18":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\"","misp-galaxy:threat-actor=\"Wekby\""],"Threat Group-0416":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\""],"TG-0416":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\"","misp-galaxy:threat-actor=\"Wekby\""],"Dynamite Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\"","misp-galaxy:threat-actor=\"Wekby\""],"APT28 - G0007":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\""],"Tsar Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Threat Group-4127":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\""],"APT29 - G0016":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\""],"APT29":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"The Dukes":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"Cozy Bear":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"CozyDuke":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"APT3 - G0022":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\""],"APT3":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Gothic Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Pirpi":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\"","misp-galaxy:tool=\"Pirpi\""],"UPS Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Buckeye":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Threat Group-0110":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\""],"TG-0110":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"APT30 - G0013":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT30 - G0013\"","misp-galaxy:mitre-intrusion-set=\"APT30 - G0013\""],"APT30":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT30 - G0013\"","misp-galaxy:mitre-intrusion-set=\"APT30 - G0013\"","misp-galaxy:threat-actor=\"APT 30\"","misp-galaxy:threat-actor=\"Naikon\""],"APT32 - G0050":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT32 - G0050\"","misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\""],"APT32":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT32 - G0050\"","misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"OceanLotus Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"APT33 - G0064":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"","misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\""],"APT33":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"","misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"","misp-galaxy:threat-actor=\"APT33\"","misp-galaxy:threat-actor=\"MAGNALLIUM\""],"APT34 - G0057":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT34 - G0057\"","misp-galaxy:mitre-intrusion-set=\"APT34 - G0057\""],"APT34":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT34 - G0057\"","misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\"","misp-galaxy:threat-actor=\"APT34\"","misp-galaxy:threat-actor=\"OilRig\""],"APT37 - G0067":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\""],"APT37":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"APT37\""],"ScarCruft":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"ScarCruft\""],"Group123":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"APT37\""],"TEMP.Reaper":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\""],"Axiom - G0001":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Axiom - G0001\"","misp-galaxy:mitre-intrusion-set=\"Axiom - G0001\""],"Axiom":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Axiom - G0001\"","misp-galaxy:mitre-intrusion-set=\"Axiom - G0001\"","misp-galaxy:threat-actor=\"Axiom\""],"Group 72":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Axiom - G0001\"","misp-galaxy:mitre-intrusion-set=\"Axiom - G0001\"","misp-galaxy:threat-actor=\"Axiom\""],"BRONZE BUTLER - G0060":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\""],"BRONZE BUTLER":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\""],"REDBALDKNIGHT":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\""],"Tick":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:threat-actor=\"Tick\""],"BlackOasis - G0063":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BlackOasis - G0063\"","misp-galaxy:mitre-intrusion-set=\"BlackOasis - G0063\""],"BlackOasis":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BlackOasis - G0063\"","misp-galaxy:mitre-intrusion-set=\"BlackOasis - G0063\"","misp-galaxy:threat-actor=\"BlackOasis\"","misp-galaxy:tool=\"FINSPY\""],"Carbanak - G0008":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\""],"Carbon Spider":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:threat-actor=\"Anunak\""],"Charming Kitten - G0058":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Charming Kitten - G0058\"","misp-galaxy:mitre-intrusion-set=\"Charming Kitten - G0058\""],"Charming Kitten":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Charming Kitten - G0058\"","misp-galaxy:mitre-intrusion-set=\"Charming Kitten - G0058\"","misp-galaxy:threat-actor=\"Charming Kitten\""],"Cleaver - G0003":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\""],"Cleaver":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:threat-actor=\"Cleaver\""],"TG-2889":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"Threat Group 2889":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"CopyKittens - G0052":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"CopyKittens - G0052\"","misp-galaxy:mitre-intrusion-set=\"CopyKittens - G0052\""],"CopyKittens":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"CopyKittens - G0052\"","misp-galaxy:mitre-intrusion-set=\"CopyKittens - G0052\"","misp-galaxy:threat-actor=\"CopyKittens\""],"Darkhotel - G0012":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Darkhotel - G0012\"","misp-galaxy:mitre-intrusion-set=\"Darkhotel - G0012\""],"Darkhotel":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Darkhotel - G0012\"","misp-galaxy:mitre-intrusion-set=\"Darkhotel - G0012\""],"Deep Panda - G0009":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\""],"Deep Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"Shell Crew":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"WebMasters":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"KungFu Kittens":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"PinkPanther":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"Black Vine":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Hurricane Panda\"","misp-galaxy:threat-actor=\"Shell Crew\""],"DragonOK - G0017":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"DragonOK - G0017\"","misp-galaxy:mitre-intrusion-set=\"DragonOK - G0017\""],"DragonOK":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"DragonOK - G0017\"","misp-galaxy:mitre-intrusion-set=\"DragonOK - G0017\"","misp-galaxy:threat-actor=\"DragonOK\""],"Dragonfly - G0035":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:mitre-intrusion-set=\"Dragonfly - G0035\""],"Dragonfly":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:mitre-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:threat-actor=\"Energetic Bear\""],"Energetic Bear":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:mitre-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:threat-actor=\"Energetic Bear\""],"Dust Storm - G0031":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dust Storm - G0031\"","misp-galaxy:mitre-intrusion-set=\"Dust Storm - G0031\""],"Dust Storm":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dust Storm - G0031\"","misp-galaxy:mitre-intrusion-set=\"Dust Storm - G0031\"","misp-galaxy:threat-actor=\"Dust Storm\""],"Elderwood - G0066":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\""],"Elderwood":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Elderwood Gang":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Beijing Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Sneaky Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Equation - G0020":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Equation - G0020\"","misp-galaxy:mitre-intrusion-set=\"Equation - G0020\""],"Equation":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Equation - G0020\"","misp-galaxy:mitre-intrusion-set=\"Equation - G0020\""],"FIN10 - G0051":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN10 - G0051\"","misp-galaxy:mitre-intrusion-set=\"FIN10 - G0051\""],"FIN10":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN10 - G0051\"","misp-galaxy:mitre-intrusion-set=\"FIN10 - G0051\"","misp-galaxy:threat-actor=\"FIN10\""],"FIN5 - G0053":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN5 - G0053\"","misp-galaxy:mitre-intrusion-set=\"FIN5 - G0053\""],"FIN5":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN5 - G0053\"","misp-galaxy:mitre-intrusion-set=\"FIN5 - G0053\"","misp-galaxy:threat-actor=\"FIN5\""],"FIN6 - G0037":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN6 - G0037\"","misp-galaxy:mitre-intrusion-set=\"FIN6 - G0037\""],"FIN6":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN6 - G0037\"","misp-galaxy:mitre-intrusion-set=\"FIN6 - G0037\"","misp-galaxy:threat-actor=\"FIN6\""],"FIN7 - G0046":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN7 - G0046\"","misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\""],"FIN7":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN7 - G0046\"","misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\"","misp-galaxy:threat-actor=\"Anunak\""],"FIN8 - G0061":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN8 - G0061\"","misp-galaxy:mitre-intrusion-set=\"FIN8 - G0061\""],"FIN8":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN8 - G0061\"","misp-galaxy:mitre-intrusion-set=\"FIN8 - G0061\"","misp-galaxy:threat-actor=\"FIN8\""],"GCMAN - G0036":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"GCMAN - G0036\"","misp-galaxy:mitre-intrusion-set=\"GCMAN - G0036\""],"GCMAN":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"GCMAN - G0036\"","misp-galaxy:mitre-intrusion-set=\"GCMAN - G0036\"","misp-galaxy:threat-actor=\"GCMAN\""],"Gamaredon Group - G0047":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Gamaredon Group - G0047\"","misp-galaxy:mitre-intrusion-set=\"Gamaredon Group - G0047\""],"Gamaredon Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Gamaredon Group - G0047\"","misp-galaxy:mitre-intrusion-set=\"Gamaredon Group - G0047\"","misp-galaxy:threat-actor=\"Gamaredon Group\""],"Group5 - G0043":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Group5 - G0043\"","misp-galaxy:mitre-intrusion-set=\"Group5 - G0043\""],"Group5":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Group5 - G0043\"","misp-galaxy:mitre-intrusion-set=\"Group5 - G0043\"","misp-galaxy:threat-actor=\"Group5\""],"Ke3chang - G0004":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\""],"Ke3chang":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\""],"Lazarus Group - G0032":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"Lazarus Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:threat-actor=\"Lazarus Group\""],"HIDDEN COBRA":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"Guardians of Peace":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"ZINC":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"NICKEL ACADEMY":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"Leviathan - G0065":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\""],"Leviathan":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"TEMP.Periscope":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"Lotus Blossom - G0030":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\""],"Lotus Blossom":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:threat-actor=\"Lotus Blossom\""],"Spring Dragon":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:threat-actor=\"Lotus Blossom\""],"MONSOON - G0042":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MONSOON - G0042\"","misp-galaxy:mitre-intrusion-set=\"MONSOON - G0042\""],"Magic Hound - G0059":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\""],"Magic Hound":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Cleaver\""],"Rocket Kitten":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Rocket Kitten\""],"Operation Saffron Rose":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\""],"Ajax Security Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Flying Kitten\""],"Operation Woolen-Goldfish":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Rocket Kitten\""],"Newscaster":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Charming Kitten\""],"Cobalt Gypsy":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"OilRig\""],"Moafee - G0002":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Moafee - G0002\"","misp-galaxy:mitre-intrusion-set=\"Moafee - G0002\""],"Moafee":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Moafee - G0002\"","misp-galaxy:mitre-intrusion-set=\"Moafee - G0002\"","misp-galaxy:threat-actor=\"DragonOK\""],"Molerats - G0021":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\""],"Molerats":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\"","misp-galaxy:threat-actor=\"Molerats\""],"Operation Molerats":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\"","misp-galaxy:threat-actor=\"Molerats\""],"Gaza Cybergang":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\"","misp-galaxy:threat-actor=\"Molerats\""],"MuddyWater - G0069":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\""],"MuddyWater":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:threat-actor=\"MuddyWater\""],"TEMP.Zagros":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:threat-actor=\"MuddyWater\""],"NEODYMIUM - G0055":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"NEODYMIUM - G0055\"","misp-galaxy:mitre-intrusion-set=\"NEODYMIUM - G0055\""],"Naikon - G0019":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Naikon - G0019\"","misp-galaxy:mitre-intrusion-set=\"Naikon - G0019\""],"Night Dragon - G0014":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Night Dragon - G0014\""],"Night Dragon":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:threat-actor=\"Night Dragon\""],"Musical Chairs":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Night Dragon - G0014\""],"OilRig - G0049":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig - G0049\"","misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\""],"PLATINUM - G0068":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PLATINUM - G0068\"","misp-galaxy:mitre-intrusion-set=\"PLATINUM - G0068\""],"PROMETHIUM - G0056":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PROMETHIUM - G0056\"","misp-galaxy:mitre-intrusion-set=\"PROMETHIUM - G0056\""],"Patchwork - G0040":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\""],"Patchwork":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:threat-actor=\"Dropping Elephant\""],"Dropping Elephant":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:threat-actor=\"Dropping Elephant\""],"Chinastrats":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:threat-actor=\"Dropping Elephant\""],"MONSOON":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\""],"Operation Hangover":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\""],"PittyTiger - G0011":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PittyTiger - G0011\"","misp-galaxy:mitre-intrusion-set=\"PittyTiger - G0011\""],"PittyTiger":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PittyTiger - G0011\"","misp-galaxy:mitre-intrusion-set=\"PittyTiger - G0011\"","misp-galaxy:threat-actor=\"Pitty Panda\""],"Poseidon Group - G0033":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Poseidon Group - G0033\"","misp-galaxy:mitre-intrusion-set=\"Poseidon Group - G0033\""],"Poseidon Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Poseidon Group - G0033\"","misp-galaxy:mitre-intrusion-set=\"Poseidon Group - G0033\"","misp-galaxy:threat-actor=\"Poseidon Group\""],"Putter Panda - G0024":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\""],"Putter Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:threat-actor=\"Putter Panda\""],"APT2":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:threat-actor=\"Putter Panda\""],"MSUpdater":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:threat-actor=\"Putter Panda\"","misp-galaxy:tool=\"MSUpdater\""],"RTM - G0048":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"RTM - G0048\"","misp-galaxy:mitre-intrusion-set=\"RTM - G0048\""],"Sandworm Team - G0034":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\""],"Sandworm Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:threat-actor=\"Sandworm\""],"Quedagh":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:threat-actor=\"Sandworm\""],"Scarlet Mimic - G0029":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Scarlet Mimic - G0029\"","misp-galaxy:mitre-intrusion-set=\"Scarlet Mimic - G0029\""],"Scarlet Mimic":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Scarlet Mimic - G0029\"","misp-galaxy:mitre-intrusion-set=\"Scarlet Mimic - G0029\"","misp-galaxy:threat-actor=\"Scarlet Mimic\""],"Sowbug - G0054":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sowbug - G0054\"","misp-galaxy:mitre-intrusion-set=\"Sowbug - G0054\""],"Sowbug":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sowbug - G0054\"","misp-galaxy:mitre-intrusion-set=\"Sowbug - G0054\"","misp-galaxy:threat-actor=\"Sowbug\""],"Stealth Falcon - G0038":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Stealth Falcon - G0038\"","misp-galaxy:mitre-intrusion-set=\"Stealth Falcon - G0038\""],"Stealth Falcon":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Stealth Falcon - G0038\"","misp-galaxy:mitre-intrusion-set=\"Stealth Falcon - G0038\"","misp-galaxy:threat-actor=\"Stealth Falcon\""],"Strider - G0041":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-intrusion-set=\"Strider - G0041\""],"Strider":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-intrusion-set=\"Strider - G0041\"","misp-galaxy:threat-actor=\"ProjectSauron\""],"ProjectSauron":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-malware=\"Remsec - S0125\"","misp-galaxy:threat-actor=\"ProjectSauron\""],"Suckfly - G0039":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Suckfly - G0039\"","misp-galaxy:mitre-intrusion-set=\"Suckfly - G0039\""],"Suckfly":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Suckfly - G0039\"","misp-galaxy:mitre-intrusion-set=\"Suckfly - G0039\"","misp-galaxy:threat-actor=\"Suckfly\""],"TA459 - G0062":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"TA459 - G0062\"","misp-galaxy:mitre-intrusion-set=\"TA459 - G0062\""],"TA459":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"TA459 - G0062\"","misp-galaxy:mitre-intrusion-set=\"TA459 - G0062\"","misp-galaxy:threat-actor=\"TA459\""],"Taidoor - G0015":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Taidoor - G0015\"","misp-galaxy:mitre-intrusion-set=\"Taidoor - G0015\""],"Taidoor":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Taidoor - G0015\"","misp-galaxy:mitre-enterprise-attack-malware=\"Taidoor - S0011\"","misp-galaxy:mitre-intrusion-set=\"Taidoor - G0015\"","misp-galaxy:mitre-malware=\"Taidoor - S0011\"","misp-galaxy:threat-actor=\"Taidoor\"","misp-galaxy:tool=\"Taidoor\""],"Threat Group-1314 - G0028":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-1314 - G0028\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-1314 - G0028\""],"Threat Group-1314":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-1314 - G0028\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-1314 - G0028\""],"TG-1314":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-1314 - G0028\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-1314 - G0028\""],"Threat Group-3390 - G0027":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\""],"Threat Group-3390":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Threat Group-3390\""],"TG-3390":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\"","misp-galaxy:threat-actor=\"Threat Group-3390\""],"Emissary Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\"","misp-galaxy:threat-actor=\"Threat Group-3390\""],"BRONZE UNION":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\""],"Turla - G0010":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\""],"Turla":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:threat-actor=\"Turla Group\"","misp-galaxy:tool=\"Turla\""],"Waterbug":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:threat-actor=\"Turla Group\""],"Winnti Group - G0044":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:mitre-intrusion-set=\"Winnti Group - G0044\""],"Winnti Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:mitre-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:threat-actor=\"Axiom\""],"Blackfly":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:mitre-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:threat-actor=\"Axiom\""],"admin@338 - G0018":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"admin@338 - G0018\"","misp-galaxy:mitre-intrusion-set=\"admin@338 - G0018\""],"admin@338":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"admin@338 - G0018\"","misp-galaxy:mitre-intrusion-set=\"admin@338 - G0018\"","misp-galaxy:threat-actor=\"Temper Panda\""],"menuPass - G0045":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\""],"menuPass":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"Stone Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"APT10":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"Red Apollo":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"CVNX":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"3PARA RAT - S0066":["misp-galaxy:mitre-enterprise-attack-malware=\"3PARA RAT - S0066\"","misp-galaxy:mitre-malware=\"3PARA RAT - S0066\""],"3PARA RAT":["misp-galaxy:mitre-enterprise-attack-malware=\"3PARA RAT - S0066\"","misp-galaxy:mitre-malware=\"3PARA RAT - S0066\"","misp-galaxy:rat=\"3PARA RAT\""],"4H RAT - S0065":["misp-galaxy:mitre-enterprise-attack-malware=\"4H RAT - S0065\"","misp-galaxy:mitre-malware=\"4H RAT - S0065\""],"4H RAT":["misp-galaxy:mitre-enterprise-attack-malware=\"4H RAT - S0065\"","misp-galaxy:mitre-malware=\"4H RAT - S0065\"","misp-galaxy:rat=\"4H RAT\""],"ADVSTORESHELL - S0045":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\""],"ADVSTORESHELL":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"NETUI":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"EVILTOSS":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"AZZY":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"ASPXSpy - S0073":["misp-galaxy:mitre-enterprise-attack-malware=\"ASPXSpy - S0073\"","misp-galaxy:mitre-malware=\"ASPXSpy - S0073\""],"ASPXSpy":["misp-galaxy:mitre-enterprise-attack-malware=\"ASPXSpy - S0073\"","misp-galaxy:mitre-malware=\"ASPXSpy - S0073\""],"ASPXTool":["misp-galaxy:mitre-enterprise-attack-malware=\"ASPXSpy - S0073\"","misp-galaxy:mitre-malware=\"ASPXSpy - S0073\""],"Agent.btz - S0092":["misp-galaxy:mitre-enterprise-attack-malware=\"Agent.btz - S0092\"","misp-galaxy:mitre-malware=\"Agent.btz - S0092\""],"Agent.btz":["misp-galaxy:mitre-enterprise-attack-malware=\"Agent.btz - S0092\"","misp-galaxy:mitre-malware=\"Agent.btz - S0092\""],"AutoIt backdoor - S0129":["misp-galaxy:mitre-enterprise-attack-malware=\"AutoIt backdoor - S0129\"","misp-galaxy:mitre-malware=\"AutoIt backdoor - S0129\""],"AutoIt backdoor":["misp-galaxy:mitre-enterprise-attack-malware=\"AutoIt backdoor - S0129\"","misp-galaxy:mitre-malware=\"AutoIt backdoor - S0129\""],"BACKSPACE - S0031":["misp-galaxy:mitre-enterprise-attack-malware=\"BACKSPACE - S0031\"","misp-galaxy:mitre-malware=\"BACKSPACE - S0031\""],"BACKSPACE":["misp-galaxy:mitre-enterprise-attack-malware=\"BACKSPACE - S0031\"","misp-galaxy:mitre-malware=\"BACKSPACE - S0031\""],"Lecna":["misp-galaxy:mitre-enterprise-attack-malware=\"BACKSPACE - S0031\"","misp-galaxy:mitre-malware=\"BACKSPACE - S0031\"","misp-galaxy:tool=\"Backspace\""],"BADNEWS - S0128":["misp-galaxy:mitre-enterprise-attack-malware=\"BADNEWS - S0128\"","misp-galaxy:mitre-malware=\"BADNEWS - S0128\""],"BADNEWS":["misp-galaxy:mitre-enterprise-attack-malware=\"BADNEWS - S0128\"","misp-galaxy:mitre-malware=\"BADNEWS - S0128\""],"BBSRAT - S0127":["misp-galaxy:mitre-enterprise-attack-malware=\"BBSRAT - S0127\"","misp-galaxy:mitre-malware=\"BBSRAT - S0127\""],"BISCUIT - S0017":["misp-galaxy:mitre-enterprise-attack-malware=\"BISCUIT - S0017\"","misp-galaxy:mitre-malware=\"BISCUIT - S0017\""],"BISCUIT":["misp-galaxy:mitre-enterprise-attack-malware=\"BISCUIT - S0017\"","misp-galaxy:mitre-malware=\"BISCUIT - S0017\"","misp-galaxy:tool=\"BISCUIT\""],"BLACKCOFFEE - S0069":["misp-galaxy:mitre-enterprise-attack-malware=\"BLACKCOFFEE - S0069\"","misp-galaxy:mitre-malware=\"BLACKCOFFEE - S0069\""],"BOOTRASH - S0114":["misp-galaxy:mitre-enterprise-attack-malware=\"BOOTRASH - S0114\"","misp-galaxy:mitre-malware=\"BOOTRASH - S0114\""],"BOOTRASH":["misp-galaxy:mitre-enterprise-attack-malware=\"BOOTRASH - S0114\"","misp-galaxy:mitre-malware=\"BOOTRASH - S0114\""],"BS2005 - S0014":["misp-galaxy:mitre-enterprise-attack-malware=\"BS2005 - S0014\"","misp-galaxy:mitre-malware=\"BS2005 - S0014\""],"BUBBLEWRAP - S0043":["misp-galaxy:mitre-enterprise-attack-malware=\"BUBBLEWRAP - S0043\"","misp-galaxy:mitre-malware=\"BUBBLEWRAP - S0043\""],"Backdoor.APT.FakeWinHTTPHelper":["misp-galaxy:mitre-enterprise-attack-malware=\"BUBBLEWRAP - S0043\"","misp-galaxy:mitre-malware=\"BUBBLEWRAP - S0043\""],"Backdoor.Oldrea - S0093":["misp-galaxy:mitre-enterprise-attack-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:mitre-malware=\"Backdoor.Oldrea - S0093\""],"Backdoor.Oldrea":["misp-galaxy:mitre-enterprise-attack-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:mitre-malware=\"Backdoor.Oldrea - S0093\""],"Havex":["misp-galaxy:mitre-enterprise-attack-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:mitre-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:threat-actor=\"Energetic Bear\"","misp-galaxy:tool=\"Havex RAT\""],"BlackEnergy - S0089":["misp-galaxy:mitre-enterprise-attack-malware=\"BlackEnergy - S0089\"","misp-galaxy:mitre-malware=\"BlackEnergy - S0089\""],"Black Energy":["misp-galaxy:mitre-enterprise-attack-malware=\"BlackEnergy - S0089\"","misp-galaxy:mitre-malware=\"BlackEnergy - S0089\"","misp-galaxy:threat-actor=\"Sandworm\""],"Briba - S0204":["misp-galaxy:mitre-enterprise-attack-malware=\"Briba - S0204\"","misp-galaxy:mitre-malware=\"Briba - S0204\""],"Briba":["misp-galaxy:mitre-enterprise-attack-malware=\"Briba - S0204\"","misp-galaxy:mitre-malware=\"Briba - S0204\""],"CALENDAR - S0025":["misp-galaxy:mitre-enterprise-attack-malware=\"CALENDAR - S0025\"","misp-galaxy:mitre-malware=\"CALENDAR - S0025\""],"CALENDAR":["misp-galaxy:mitre-enterprise-attack-malware=\"CALENDAR - S0025\"","misp-galaxy:mitre-malware=\"CALENDAR - S0025\"","misp-galaxy:tool=\"CALENDAR\""],"CCBkdr - S0222":["misp-galaxy:mitre-enterprise-attack-malware=\"CCBkdr - S0222\"","misp-galaxy:mitre-malware=\"CCBkdr - S0222\""],"CCBkdr":["misp-galaxy:mitre-enterprise-attack-malware=\"CCBkdr - S0222\"","misp-galaxy:mitre-malware=\"CCBkdr - S0222\""],"CHOPSTICK - S0023":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\""],"CHOPSTICK":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:tool=\"CHOPSTICK\""],"SPLM":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:tool=\"CHOPSTICK\""],"Xagent":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\""],"X-Agent":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-mobile-attack-malware=\"X-Agent - MOB-S0030\"","misp-galaxy:tool=\"X-Agent\""],"webhp":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:tool=\"CHOPSTICK\""],"CORALDECK - S0212":["misp-galaxy:mitre-enterprise-attack-malware=\"CORALDECK - S0212\"","misp-galaxy:mitre-malware=\"CORALDECK - S0212\""],"CORALDECK":["misp-galaxy:mitre-enterprise-attack-malware=\"CORALDECK - S0212\"","misp-galaxy:mitre-malware=\"CORALDECK - S0212\"","misp-galaxy:tool=\"CORALDECK\""],"CORESHELL - S0137":["misp-galaxy:mitre-enterprise-attack-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\""],"CORESHELL":["misp-galaxy:mitre-enterprise-attack-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\"","misp-galaxy:tool=\"CORESHELL\""],"SOURFACE":["misp-galaxy:mitre-enterprise-attack-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\"","misp-galaxy:tool=\"SOURFACE\""],"CallMe - S0077":["misp-galaxy:mitre-enterprise-attack-malware=\"CallMe - S0077\"","misp-galaxy:mitre-malware=\"CallMe - S0077\""],"CallMe":["misp-galaxy:mitre-enterprise-attack-malware=\"CallMe - S0077\"","misp-galaxy:mitre-malware=\"CallMe - S0077\""],"Carbanak - S0030":["misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\"","misp-galaxy:mitre-malware=\"Carbanak - S0030\""],"ChChes - S0144":["misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\""],"Scorpion":["misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\""],"HAYMAKER":["misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\"","misp-galaxy:tool=\"HAYMAKER\""],"Chaos - S0220":["misp-galaxy:mitre-enterprise-attack-malware=\"Chaos - S0220\"","misp-galaxy:mitre-malware=\"Chaos - S0220\""],"Chaos":["misp-galaxy:mitre-enterprise-attack-malware=\"Chaos - S0220\"","misp-galaxy:mitre-malware=\"Chaos - S0220\""],"Cherry Picker - S0107":["misp-galaxy:mitre-enterprise-attack-malware=\"Cherry Picker - S0107\"","misp-galaxy:mitre-malware=\"Cherry Picker - S0107\""],"Cherry Picker":["misp-galaxy:mitre-enterprise-attack-malware=\"Cherry Picker - S0107\"","misp-galaxy:mitre-malware=\"Cherry Picker - S0107\""],"China Chopper - S0020":["misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper - S0020\"","misp-galaxy:mitre-malware=\"China Chopper - S0020\""],"China Chopper":["misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper - S0020\"","misp-galaxy:mitre-malware=\"China Chopper - S0020\"","misp-galaxy:tool=\"China Chopper\""],"CloudDuke - S0054":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"CloudDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"MiniDionis":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"CloudLook":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"ComRAT - S0126":["misp-galaxy:mitre-enterprise-attack-malware=\"ComRAT - S0126\"","misp-galaxy:mitre-malware=\"ComRAT - S0126\""],"CosmicDuke - S0050":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"CosmicDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"TinyBaron":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"BotgenStudios":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"NemesisGemina":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"CozyCar - S0046":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\""],"CozyCar":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"CozyBear":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"Cozer":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"EuroAPT":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"Crimson - S0115":["misp-galaxy:mitre-enterprise-attack-malware=\"Crimson - S0115\"","misp-galaxy:mitre-malware=\"Crimson - S0115\""],"MSIL\/Crimson":["misp-galaxy:mitre-enterprise-attack-malware=\"Crimson - S0115\"","misp-galaxy:mitre-malware=\"Crimson - S0115\""],"DOGCALL - S0213":["misp-galaxy:mitre-enterprise-attack-malware=\"DOGCALL - S0213\"","misp-galaxy:mitre-malware=\"DOGCALL - S0213\""],"DOGCALL":["misp-galaxy:mitre-enterprise-attack-malware=\"DOGCALL - S0213\"","misp-galaxy:mitre-malware=\"DOGCALL - S0213\"","misp-galaxy:tool=\"DOGCALL\""],"Darkmoon - S0209":["misp-galaxy:mitre-enterprise-attack-malware=\"Darkmoon - S0209\"","misp-galaxy:mitre-malware=\"Darkmoon - S0209\""],"Daserf - S0187":["misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Derusbi - S0021":["misp-galaxy:mitre-enterprise-attack-malware=\"Derusbi - S0021\"","misp-galaxy:mitre-malware=\"Derusbi - S0021\""],"Dipsind - S0200":["misp-galaxy:mitre-enterprise-attack-malware=\"Dipsind - S0200\"","misp-galaxy:mitre-malware=\"Dipsind - S0200\""],"Dipsind":["misp-galaxy:mitre-enterprise-attack-malware=\"Dipsind - S0200\"","misp-galaxy:mitre-malware=\"Dipsind - S0200\""],"DownPaper - S0186":["misp-galaxy:mitre-enterprise-attack-malware=\"DownPaper - S0186\"","misp-galaxy:mitre-malware=\"DownPaper - S0186\""],"Downdelph - S0134":["misp-galaxy:mitre-enterprise-attack-malware=\"Downdelph - S0134\"","misp-galaxy:mitre-malware=\"Downdelph - S0134\""],"Delphacy":["misp-galaxy:mitre-enterprise-attack-malware=\"Downdelph - S0134\"","misp-galaxy:mitre-malware=\"Downdelph - S0134\""],"Duqu - S0038":["misp-galaxy:mitre-enterprise-attack-malware=\"Duqu - S0038\"","misp-galaxy:mitre-malware=\"Duqu - S0038\""],"Duqu":["misp-galaxy:mitre-enterprise-attack-malware=\"Duqu - S0038\"","misp-galaxy:mitre-malware=\"Duqu - S0038\"","misp-galaxy:tool=\"Duqu\""],"DustySky - S0062":["misp-galaxy:mitre-enterprise-attack-malware=\"DustySky - S0062\"","misp-galaxy:mitre-malware=\"DustySky - S0062\""],"DustySky":["misp-galaxy:mitre-enterprise-attack-malware=\"DustySky - S0062\"","misp-galaxy:mitre-malware=\"DustySky - S0062\""],"NeD Worm":["misp-galaxy:mitre-enterprise-attack-malware=\"DustySky - S0062\"","misp-galaxy:mitre-malware=\"DustySky - S0062\"","misp-galaxy:tool=\"NeD Worm\""],"Dyre - S0024":["misp-galaxy:mitre-enterprise-attack-malware=\"Dyre - S0024\"","misp-galaxy:mitre-malware=\"Dyre - S0024\""],"ELMER - S0064":["misp-galaxy:mitre-enterprise-attack-malware=\"ELMER - S0064\"","misp-galaxy:mitre-malware=\"ELMER - S0064\""],"Elise - S0081":["misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\""],"BKDR_ESILE":["misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\""],"Page":["misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\""],"Emissary - S0082":["misp-galaxy:mitre-enterprise-attack-malware=\"Emissary - S0082\"","misp-galaxy:mitre-malware=\"Emissary - S0082\""],"Emissary":["misp-galaxy:mitre-enterprise-attack-malware=\"Emissary - S0082\"","misp-galaxy:mitre-malware=\"Emissary - S0082\""],"Epic - S0091":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\""],"Epic":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\""],"Tavdig":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"WorldCupSec":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"TadjMakhal":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"EvilGrab - S0152":["misp-galaxy:mitre-enterprise-attack-malware=\"EvilGrab - S0152\"","misp-galaxy:mitre-malware=\"EvilGrab - S0152\""],"FALLCHILL - S0181":["misp-galaxy:mitre-enterprise-attack-malware=\"FALLCHILL - S0181\"","misp-galaxy:mitre-malware=\"FALLCHILL - S0181\""],"FLASHFLOOD - S0036":["misp-galaxy:mitre-enterprise-attack-malware=\"FLASHFLOOD - S0036\"","misp-galaxy:mitre-malware=\"FLASHFLOOD - S0036\""],"FLIPSIDE - S0173":["misp-galaxy:mitre-enterprise-attack-malware=\"FLIPSIDE - S0173\"","misp-galaxy:mitre-malware=\"FLIPSIDE - S0173\""],"FLIPSIDE":["misp-galaxy:mitre-enterprise-attack-malware=\"FLIPSIDE - S0173\"","misp-galaxy:mitre-malware=\"FLIPSIDE - S0173\""],"FakeM - S0076":["misp-galaxy:mitre-enterprise-attack-malware=\"FakeM - S0076\"","misp-galaxy:mitre-malware=\"FakeM - S0076\""],"FakeM":["misp-galaxy:mitre-enterprise-attack-malware=\"FakeM - S0076\"","misp-galaxy:mitre-malware=\"FakeM - S0076\""],"Felismus - S0171":["misp-galaxy:mitre-enterprise-attack-malware=\"Felismus - S0171\"","misp-galaxy:mitre-malware=\"Felismus - S0171\""],"FinFisher - S0182":["misp-galaxy:mitre-enterprise-attack-malware=\"FinFisher - S0182\"","misp-galaxy:mitre-malware=\"FinFisher - S0182\""],"FinFisher":["misp-galaxy:mitre-enterprise-attack-malware=\"FinFisher - S0182\"","misp-galaxy:mitre-malware=\"FinFisher - S0182\""],"Flame - S0143":["misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\""],"Flamer":["misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\""],"sKyWIper":["misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\""],"GLOOXMAIL - S0026":["misp-galaxy:mitre-enterprise-attack-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:mitre-malware=\"GLOOXMAIL - S0026\""],"GLOOXMAIL":["misp-galaxy:mitre-enterprise-attack-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:mitre-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:tool=\"GLOOXMAIL\""],"Trojan.GTALK":["misp-galaxy:mitre-enterprise-attack-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:mitre-malware=\"GLOOXMAIL - S0026\""],"Gazer - S0168":["misp-galaxy:mitre-enterprise-attack-malware=\"Gazer - S0168\"","misp-galaxy:mitre-malware=\"Gazer - S0168\""],"GeminiDuke - S0049":["misp-galaxy:mitre-enterprise-attack-malware=\"GeminiDuke - S0049\"","misp-galaxy:mitre-malware=\"GeminiDuke - S0049\""],"GeminiDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"GeminiDuke - S0049\"","misp-galaxy:mitre-malware=\"GeminiDuke - S0049\"","misp-galaxy:tool=\"GeminiDuke\""],"H1N1 - S0132":["misp-galaxy:mitre-enterprise-attack-malware=\"H1N1 - S0132\"","misp-galaxy:mitre-malware=\"H1N1 - S0132\""],"H1N1":["misp-galaxy:mitre-enterprise-attack-malware=\"H1N1 - S0132\"","misp-galaxy:mitre-malware=\"H1N1 - S0132\""],"HALFBAKED - S0151":["misp-galaxy:mitre-enterprise-attack-malware=\"HALFBAKED - S0151\"","misp-galaxy:mitre-malware=\"HALFBAKED - S0151\""],"HAMMERTOSS - S0037":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"HAMMERTOSS":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"HammerDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"NetDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"HAPPYWORK - S0214":["misp-galaxy:mitre-enterprise-attack-malware=\"HAPPYWORK - S0214\"","misp-galaxy:mitre-malware=\"HAPPYWORK - S0214\""],"HAPPYWORK":["misp-galaxy:mitre-enterprise-attack-malware=\"HAPPYWORK - S0214\"","misp-galaxy:mitre-malware=\"HAPPYWORK - S0214\"","misp-galaxy:tool=\"HAPPYWORK\""],"HDoor - S0061":["misp-galaxy:mitre-enterprise-attack-malware=\"HDoor - S0061\"","misp-galaxy:mitre-malware=\"HDoor - S0061\""],"HDoor":["misp-galaxy:mitre-enterprise-attack-malware=\"HDoor - S0061\"","misp-galaxy:mitre-malware=\"HDoor - S0061\""],"Custom HDoor":["misp-galaxy:mitre-enterprise-attack-malware=\"HDoor - S0061\"","misp-galaxy:mitre-malware=\"HDoor - S0061\""],"HIDEDRV - S0135":["misp-galaxy:mitre-enterprise-attack-malware=\"HIDEDRV - S0135\"","misp-galaxy:mitre-malware=\"HIDEDRV - S0135\""],"HIDEDRV":["misp-galaxy:mitre-enterprise-attack-malware=\"HIDEDRV - S0135\"","misp-galaxy:mitre-malware=\"HIDEDRV - S0135\""],"HOMEFRY - S0232":["misp-galaxy:mitre-enterprise-attack-malware=\"HOMEFRY - S0232\"","misp-galaxy:mitre-malware=\"HOMEFRY - S0232\""],"HOMEFRY":["misp-galaxy:mitre-enterprise-attack-malware=\"HOMEFRY - S0232\"","misp-galaxy:mitre-malware=\"HOMEFRY - S0232\""],"HTTPBrowser - S0070":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\""],"HTTPBrowser":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\"","misp-galaxy:tool=\"HTTPBrowser\""],"Token Control":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\""],"HttpDump":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\""],"Hacking Team UEFI Rootkit - S0047":["misp-galaxy:mitre-enterprise-attack-malware=\"Hacking Team UEFI Rootkit - S0047\"","misp-galaxy:mitre-malware=\"Hacking Team UEFI Rootkit - S0047\""],"Hacking Team UEFI Rootkit":["misp-galaxy:mitre-enterprise-attack-malware=\"Hacking Team UEFI Rootkit - S0047\"","misp-galaxy:mitre-malware=\"Hacking Team UEFI Rootkit - S0047\""],"Helminth - S0170":["misp-galaxy:mitre-enterprise-attack-malware=\"Helminth - S0170\"","misp-galaxy:mitre-malware=\"Helminth - S0170\""],"Hi-Zor - S0087":["misp-galaxy:mitre-enterprise-attack-malware=\"Hi-Zor - S0087\"","misp-galaxy:mitre-malware=\"Hi-Zor - S0087\""],"Hi-Zor":["misp-galaxy:mitre-enterprise-attack-malware=\"Hi-Zor - S0087\"","misp-galaxy:mitre-malware=\"Hi-Zor - S0087\"","misp-galaxy:rat=\"Hi-Zor\""],"Hikit - S0009":["misp-galaxy:mitre-enterprise-attack-malware=\"Hikit - S0009\"","misp-galaxy:mitre-malware=\"Hikit - S0009\""],"Hikit":["misp-galaxy:mitre-enterprise-attack-malware=\"Hikit - S0009\"","misp-galaxy:mitre-malware=\"Hikit - S0009\"","misp-galaxy:tool=\"Hikit\""],"Hydraq - S0203":["misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\""],"ISMInjector - S0189":["misp-galaxy:mitre-enterprise-attack-malware=\"ISMInjector - S0189\"","misp-galaxy:mitre-malware=\"ISMInjector - S0189\""],"ISMInjector":["misp-galaxy:mitre-enterprise-attack-malware=\"ISMInjector - S0189\"","misp-galaxy:mitre-malware=\"ISMInjector - S0189\""],"Ixeshe - S0015":["misp-galaxy:mitre-enterprise-attack-malware=\"Ixeshe - S0015\"","misp-galaxy:mitre-malware=\"Ixeshe - S0015\""],"Ixeshe":["misp-galaxy:mitre-enterprise-attack-malware=\"Ixeshe - S0015\"","misp-galaxy:mitre-malware=\"Ixeshe - S0015\""],"JHUHUGIT - S0044":["misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"GAMEFISH":["misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:tool=\"GAMEFISH\""],"SofacyCarberp":["misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"JPIN - S0201":["misp-galaxy:mitre-enterprise-attack-malware=\"JPIN - S0201\"","misp-galaxy:mitre-malware=\"JPIN - S0201\""],"JPIN":["misp-galaxy:mitre-enterprise-attack-malware=\"JPIN - S0201\"","misp-galaxy:mitre-malware=\"JPIN - S0201\""],"Janicab - S0163":["misp-galaxy:mitre-enterprise-attack-malware=\"Janicab - S0163\"","misp-galaxy:mitre-malware=\"Janicab - S0163\""],"Janicab":["misp-galaxy:mitre-enterprise-attack-malware=\"Janicab - S0163\"","misp-galaxy:mitre-malware=\"Janicab - S0163\"","misp-galaxy:tool=\"Janicab\""],"KARAE - S0215":["misp-galaxy:mitre-enterprise-attack-malware=\"KARAE - S0215\"","misp-galaxy:mitre-malware=\"KARAE - S0215\""],"KARAE":["misp-galaxy:mitre-enterprise-attack-malware=\"KARAE - S0215\"","misp-galaxy:mitre-malware=\"KARAE - S0215\"","misp-galaxy:tool=\"KARAE\""],"KOMPROGO - S0156":["misp-galaxy:mitre-enterprise-attack-malware=\"KOMPROGO - S0156\"","misp-galaxy:mitre-malware=\"KOMPROGO - S0156\""],"Kasidet - S0088":["misp-galaxy:mitre-enterprise-attack-malware=\"Kasidet - S0088\"","misp-galaxy:mitre-malware=\"Kasidet - S0088\""],"Komplex - S0162":["misp-galaxy:mitre-enterprise-attack-malware=\"Komplex - S0162\"","misp-galaxy:mitre-malware=\"Komplex - S0162\""],"LOWBALL - S0042":["misp-galaxy:mitre-enterprise-attack-malware=\"LOWBALL - S0042\"","misp-galaxy:mitre-malware=\"LOWBALL - S0042\""],"Linfo - S0211":["misp-galaxy:mitre-enterprise-attack-malware=\"Linfo - S0211\"","misp-galaxy:mitre-malware=\"Linfo - S0211\""],"Linfo":["misp-galaxy:mitre-enterprise-attack-malware=\"Linfo - S0211\"","misp-galaxy:mitre-malware=\"Linfo - S0211\""],"Lurid - S0010":["misp-galaxy:mitre-enterprise-attack-malware=\"Lurid - S0010\"","misp-galaxy:mitre-malware=\"Lurid - S0010\""],"MURKYTOP - S0233":["misp-galaxy:mitre-enterprise-attack-malware=\"MURKYTOP - S0233\"","misp-galaxy:mitre-malware=\"MURKYTOP - S0233\""],"MURKYTOP":["misp-galaxy:mitre-enterprise-attack-malware=\"MURKYTOP - S0233\"","misp-galaxy:mitre-malware=\"MURKYTOP - S0233\""],"Matroyshka - S0167":["misp-galaxy:mitre-enterprise-attack-malware=\"Matroyshka - S0167\"","misp-galaxy:mitre-malware=\"Matroyshka - S0167\""],"Matroyshka":["misp-galaxy:mitre-enterprise-attack-malware=\"Matroyshka - S0167\"","misp-galaxy:mitre-malware=\"Matroyshka - S0167\""],"Miner-C - S0133":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"Miner-C":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"Mal\/Miner-C":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"PhotoMiner":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"MiniDuke - S0051":["misp-galaxy:mitre-enterprise-attack-malware=\"MiniDuke - S0051\"","misp-galaxy:mitre-malware=\"MiniDuke - S0051\""],"MiniDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"MiniDuke - S0051\"","misp-galaxy:mitre-malware=\"MiniDuke - S0051\""],"Mis-Type - S0084":["misp-galaxy:mitre-enterprise-attack-malware=\"Mis-Type - S0084\"","misp-galaxy:mitre-malware=\"Mis-Type - S0084\""],"Mis-Type":["misp-galaxy:mitre-enterprise-attack-malware=\"Mis-Type - S0084\"","misp-galaxy:mitre-malware=\"Mis-Type - S0084\""],"Misdat - S0083":["misp-galaxy:mitre-enterprise-attack-malware=\"Misdat - S0083\"","misp-galaxy:mitre-malware=\"Misdat - S0083\""],"Mivast - S0080":["misp-galaxy:mitre-enterprise-attack-malware=\"Mivast - S0080\"","misp-galaxy:mitre-malware=\"Mivast - S0080\""],"Mivast":["misp-galaxy:mitre-enterprise-attack-malware=\"Mivast - S0080\"","misp-galaxy:mitre-malware=\"Mivast - S0080\""],"MobileOrder - S0079":["misp-galaxy:mitre-enterprise-attack-malware=\"MobileOrder - S0079\"","misp-galaxy:mitre-malware=\"MobileOrder - S0079\""],"MobileOrder":["misp-galaxy:mitre-enterprise-attack-malware=\"MobileOrder - S0079\"","misp-galaxy:mitre-malware=\"MobileOrder - S0079\""],"MoonWind - S0149":["misp-galaxy:mitre-enterprise-attack-malware=\"MoonWind - S0149\"","misp-galaxy:mitre-malware=\"MoonWind - S0149\""],"NETEAGLE - S0034":["misp-galaxy:mitre-enterprise-attack-malware=\"NETEAGLE - S0034\"","misp-galaxy:mitre-malware=\"NETEAGLE - S0034\""],"NETWIRE - S0198":["misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"","misp-galaxy:mitre-malware=\"NETWIRE - S0198\""],"NETWIRE":["misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"","misp-galaxy:mitre-malware=\"NETWIRE - S0198\""],"Naid - S0205":["misp-galaxy:mitre-enterprise-attack-malware=\"Naid - S0205\"","misp-galaxy:mitre-malware=\"Naid - S0205\""],"Naid":["misp-galaxy:mitre-enterprise-attack-malware=\"Naid - S0205\"","misp-galaxy:mitre-malware=\"Naid - S0205\"","misp-galaxy:tool=\"Trojan.Naid\""],"NanHaiShu - S0228":["misp-galaxy:mitre-enterprise-attack-malware=\"NanHaiShu - S0228\"","misp-galaxy:mitre-malware=\"NanHaiShu - S0228\""],"Nerex - S0210":["misp-galaxy:mitre-enterprise-attack-malware=\"Nerex - S0210\"","misp-galaxy:mitre-malware=\"Nerex - S0210\""],"Nerex":["misp-galaxy:mitre-enterprise-attack-malware=\"Nerex - S0210\"","misp-galaxy:mitre-malware=\"Nerex - S0210\""],"Net Crawler - S0056":["misp-galaxy:mitre-enterprise-attack-malware=\"Net Crawler - S0056\"","misp-galaxy:mitre-malware=\"Net Crawler - S0056\""],"Net Crawler":["misp-galaxy:mitre-enterprise-attack-malware=\"Net Crawler - S0056\"","misp-galaxy:mitre-malware=\"Net Crawler - S0056\""],"NetTraveler - S0033":["misp-galaxy:mitre-enterprise-attack-malware=\"NetTraveler - S0033\"","misp-galaxy:mitre-malware=\"NetTraveler - S0033\""],"Nidiran - S0118":["misp-galaxy:mitre-enterprise-attack-malware=\"Nidiran - S0118\"","misp-galaxy:mitre-malware=\"Nidiran - S0118\""],"Nidiran":["misp-galaxy:mitre-enterprise-attack-malware=\"Nidiran - S0118\"","misp-galaxy:mitre-malware=\"Nidiran - S0118\""],"Backdoor.Nidiran":["misp-galaxy:mitre-enterprise-attack-malware=\"Nidiran - S0118\"","misp-galaxy:mitre-malware=\"Nidiran - S0118\""],"OLDBAIT - S0138":["misp-galaxy:mitre-enterprise-attack-malware=\"OLDBAIT - S0138\"","misp-galaxy:mitre-malware=\"OLDBAIT - S0138\""],"OSInfo - S0165":["misp-galaxy:mitre-enterprise-attack-malware=\"OSInfo - S0165\"","misp-galaxy:mitre-malware=\"OSInfo - S0165\""],"OSInfo":["misp-galaxy:mitre-enterprise-attack-malware=\"OSInfo - S0165\"","misp-galaxy:mitre-malware=\"OSInfo - S0165\""],"OnionDuke - S0052":["misp-galaxy:mitre-enterprise-attack-malware=\"OnionDuke - S0052\"","misp-galaxy:mitre-malware=\"OnionDuke - S0052\""],"Orz - S0229":["misp-galaxy:mitre-enterprise-attack-malware=\"Orz - S0229\"","misp-galaxy:mitre-malware=\"Orz - S0229\""],"OwaAuth - S0072":["misp-galaxy:mitre-enterprise-attack-malware=\"OwaAuth - S0072\"","misp-galaxy:mitre-malware=\"OwaAuth - S0072\""],"OwaAuth":["misp-galaxy:mitre-enterprise-attack-malware=\"OwaAuth - S0072\"","misp-galaxy:mitre-malware=\"OwaAuth - S0072\""],"P2P ZeuS - S0016":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"P2P ZeuS":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"Peer-to-Peer ZeuS":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"Gameover ZeuS":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"PHOREAL - S0158":["misp-galaxy:mitre-enterprise-attack-malware=\"PHOREAL - S0158\"","misp-galaxy:mitre-malware=\"PHOREAL - S0158\""],"POORAIM - S0216":["misp-galaxy:mitre-enterprise-attack-malware=\"POORAIM - S0216\"","misp-galaxy:mitre-malware=\"POORAIM - S0216\""],"POORAIM":["misp-galaxy:mitre-enterprise-attack-malware=\"POORAIM - S0216\"","misp-galaxy:mitre-malware=\"POORAIM - S0216\"","misp-galaxy:tool=\"POORAIM\""],"POSHSPY - S0150":["misp-galaxy:mitre-enterprise-attack-malware=\"POSHSPY - S0150\"","misp-galaxy:mitre-malware=\"POSHSPY - S0150\""],"POWERSOURCE - S0145":["misp-galaxy:mitre-enterprise-attack-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-malware=\"POWERSOURCE - S0145\""],"POWERSTATS - S0223":["misp-galaxy:mitre-enterprise-attack-malware=\"POWERSTATS - S0223\"","misp-galaxy:mitre-malware=\"POWERSTATS - S0223\""],"POWRUNER - S0184":["misp-galaxy:mitre-enterprise-attack-malware=\"POWRUNER - S0184\"","misp-galaxy:mitre-malware=\"POWRUNER - S0184\""],"PUNCHBUGGY - S0196":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHBUGGY - S0196\"","misp-galaxy:mitre-malware=\"PUNCHBUGGY - S0196\""],"PUNCHBUGGY":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHBUGGY - S0196\"","misp-galaxy:mitre-malware=\"PUNCHBUGGY - S0196\""],"PUNCHTRACK - S0197":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHTRACK - S0197\"","misp-galaxy:mitre-malware=\"PUNCHTRACK - S0197\""],"PUNCHTRACK":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHTRACK - S0197\"","misp-galaxy:mitre-malware=\"PUNCHTRACK - S0197\""],"PSVC":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHTRACK - S0197\"","misp-galaxy:mitre-malware=\"PUNCHTRACK - S0197\""],"Pasam - S0208":["misp-galaxy:mitre-enterprise-attack-malware=\"Pasam - S0208\"","misp-galaxy:mitre-malware=\"Pasam - S0208\""],"Pasam":["misp-galaxy:mitre-enterprise-attack-malware=\"Pasam - S0208\"","misp-galaxy:mitre-malware=\"Pasam - S0208\""],"PinchDuke - S0048":["misp-galaxy:mitre-enterprise-attack-malware=\"PinchDuke - S0048\"","misp-galaxy:mitre-malware=\"PinchDuke - S0048\""],"PinchDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"PinchDuke - S0048\"","misp-galaxy:mitre-malware=\"PinchDuke - S0048\""],"Pisloader - S0124":["misp-galaxy:mitre-enterprise-attack-malware=\"Pisloader - S0124\"","misp-galaxy:mitre-malware=\"Pisloader - S0124\""],"Pisloader":["misp-galaxy:mitre-enterprise-attack-malware=\"Pisloader - S0124\"","misp-galaxy:mitre-malware=\"Pisloader - S0124\""],"PlugX - S0013":["misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\""],"Sogu":["misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\""],"Kaba":["misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\""],"PoisonIvy - S0012":["misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\""],"PoisonIvy":["misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\"","misp-galaxy:rat=\"PoisonIvy\""],"Power Loader - S0177":["misp-galaxy:mitre-enterprise-attack-malware=\"Power Loader - S0177\"","misp-galaxy:mitre-malware=\"Power Loader - S0177\""],"Power Loader":["misp-galaxy:mitre-enterprise-attack-malware=\"Power Loader - S0177\"","misp-galaxy:mitre-malware=\"Power Loader - S0177\""],"Win32\/Agent.UAW":["misp-galaxy:mitre-enterprise-attack-malware=\"Power Loader - S0177\"","misp-galaxy:mitre-malware=\"Power Loader - S0177\""],"PowerDuke - S0139":["misp-galaxy:mitre-enterprise-attack-malware=\"PowerDuke - S0139\"","misp-galaxy:mitre-malware=\"PowerDuke - S0139\""],"Prikormka - S0113":["misp-galaxy:mitre-enterprise-attack-malware=\"Prikormka - S0113\"","misp-galaxy:mitre-malware=\"Prikormka - S0113\""],"Prikormka":["misp-galaxy:mitre-enterprise-attack-malware=\"Prikormka - S0113\"","misp-galaxy:mitre-malware=\"Prikormka - S0113\"","misp-galaxy:tool=\"Prikormka\""],"Psylo - S0078":["misp-galaxy:mitre-enterprise-attack-malware=\"Psylo - S0078\"","misp-galaxy:mitre-malware=\"Psylo - S0078\""],"Psylo":["misp-galaxy:mitre-enterprise-attack-malware=\"Psylo - S0078\"","misp-galaxy:mitre-malware=\"Psylo - S0078\""],"Pteranodon - S0147":["misp-galaxy:mitre-enterprise-attack-malware=\"Pteranodon - S0147\"","misp-galaxy:mitre-malware=\"Pteranodon - S0147\""],"RARSTONE - S0055":["misp-galaxy:mitre-enterprise-attack-malware=\"RARSTONE - S0055\"","misp-galaxy:mitre-malware=\"RARSTONE - S0055\""],"RARSTONE":["misp-galaxy:mitre-enterprise-attack-malware=\"RARSTONE - S0055\"","misp-galaxy:mitre-malware=\"RARSTONE - S0055\"","misp-galaxy:tool=\"RARSTONE\""],"RIPTIDE - S0003":["misp-galaxy:mitre-enterprise-attack-malware=\"RIPTIDE - S0003\"","misp-galaxy:mitre-malware=\"RIPTIDE - S0003\""],"RIPTIDE":["misp-galaxy:mitre-enterprise-attack-malware=\"RIPTIDE - S0003\"","misp-galaxy:mitre-malware=\"RIPTIDE - S0003\"","misp-galaxy:tool=\"Etumbot\""],"ROCKBOOT - S0112":["misp-galaxy:mitre-enterprise-attack-malware=\"ROCKBOOT - S0112\"","misp-galaxy:mitre-malware=\"ROCKBOOT - S0112\""],"ROCKBOOT":["misp-galaxy:mitre-enterprise-attack-malware=\"ROCKBOOT - S0112\"","misp-galaxy:mitre-malware=\"ROCKBOOT - S0112\""],"RTM - S0148":["misp-galaxy:mitre-enterprise-attack-malware=\"RTM - S0148\"","misp-galaxy:mitre-malware=\"RTM - S0148\""],"RawPOS - S0169":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"FIENDCRY":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"DUEBREW":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"DRIFTWOOD":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"Reaver - S0172":["misp-galaxy:mitre-enterprise-attack-malware=\"Reaver - S0172\"","misp-galaxy:mitre-malware=\"Reaver - S0172\""],"RedLeaves - S0153":["misp-galaxy:mitre-enterprise-attack-malware=\"RedLeaves - S0153\"","misp-galaxy:mitre-malware=\"RedLeaves - S0153\""],"BUGJUICE":["misp-galaxy:mitre-enterprise-attack-malware=\"RedLeaves - S0153\"","misp-galaxy:mitre-malware=\"RedLeaves - S0153\"","misp-galaxy:tool=\"BUGJUICE\""],"Regin - S0019":["misp-galaxy:mitre-enterprise-attack-malware=\"Regin - S0019\"","misp-galaxy:mitre-malware=\"Regin - S0019\""],"RemoteCMD - S0166":["misp-galaxy:mitre-enterprise-attack-malware=\"RemoteCMD - S0166\"","misp-galaxy:mitre-malware=\"RemoteCMD - S0166\""],"RemoteCMD":["misp-galaxy:mitre-enterprise-attack-malware=\"RemoteCMD - S0166\"","misp-galaxy:mitre-malware=\"RemoteCMD - S0166\""],"Remsec - S0125":["misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-malware=\"Remsec - S0125\""],"Backdoor.Remsec":["misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-malware=\"Remsec - S0125\""],"Rover - S0090":["misp-galaxy:mitre-enterprise-attack-malware=\"Rover - S0090\"","misp-galaxy:mitre-malware=\"Rover - S0090\""],"S-Type - S0085":["misp-galaxy:mitre-enterprise-attack-malware=\"S-Type - S0085\"","misp-galaxy:mitre-malware=\"S-Type - S0085\""],"S-Type":["misp-galaxy:mitre-enterprise-attack-malware=\"S-Type - S0085\"","misp-galaxy:mitre-malware=\"S-Type - S0085\""],"SEASHARPEE - S0185":["misp-galaxy:mitre-enterprise-attack-malware=\"SEASHARPEE - S0185\"","misp-galaxy:mitre-malware=\"SEASHARPEE - S0185\""],"SEASHARPEE":["misp-galaxy:mitre-enterprise-attack-malware=\"SEASHARPEE - S0185\"","misp-galaxy:mitre-malware=\"SEASHARPEE - S0185\""],"SHIPSHAPE - S0028":["misp-galaxy:mitre-enterprise-attack-malware=\"SHIPSHAPE - S0028\"","misp-galaxy:mitre-malware=\"SHIPSHAPE - S0028\""],"SHOTPUT - S0063":["misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\""],"SHOTPUT":["misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\""],"Backdoor.APT.CookieCutter":["misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\""],"SHUTTERSPEED - S0217":["misp-galaxy:mitre-enterprise-attack-malware=\"SHUTTERSPEED - S0217\"","misp-galaxy:mitre-malware=\"SHUTTERSPEED - S0217\""],"SHUTTERSPEED":["misp-galaxy:mitre-enterprise-attack-malware=\"SHUTTERSPEED - S0217\"","misp-galaxy:mitre-malware=\"SHUTTERSPEED - S0217\"","misp-galaxy:tool=\"SHUTTERSPEED\""],"SLOWDRIFT - S0218":["misp-galaxy:mitre-enterprise-attack-malware=\"SLOWDRIFT - S0218\"","misp-galaxy:mitre-malware=\"SLOWDRIFT - S0218\""],"SLOWDRIFT":["misp-galaxy:mitre-enterprise-attack-malware=\"SLOWDRIFT - S0218\"","misp-galaxy:mitre-malware=\"SLOWDRIFT - S0218\"","misp-galaxy:tool=\"SLOWDRIFT\""],"SNUGRIDE - S0159":["misp-galaxy:mitre-enterprise-attack-malware=\"SNUGRIDE - S0159\"","misp-galaxy:mitre-malware=\"SNUGRIDE - S0159\""],"SNUGRIDE":["misp-galaxy:mitre-enterprise-attack-malware=\"SNUGRIDE - S0159\"","misp-galaxy:mitre-malware=\"SNUGRIDE - S0159\"","misp-galaxy:tool=\"SNUGRIDE\""],"SOUNDBITE - S0157":["misp-galaxy:mitre-enterprise-attack-malware=\"SOUNDBITE - S0157\"","misp-galaxy:mitre-malware=\"SOUNDBITE - S0157\""],"SPACESHIP - S0035":["misp-galaxy:mitre-enterprise-attack-malware=\"SPACESHIP - S0035\"","misp-galaxy:mitre-malware=\"SPACESHIP - S0035\""],"Sakula - S0074":["misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\""],"Sakula":["misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\"","misp-galaxy:rat=\"Sakula\"","misp-galaxy:tool=\"Sakula\""],"VIPER":["misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\"","misp-galaxy:rat=\"Sakula\""],"SeaDuke - S0053":["misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\""],"SeaDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\"","misp-galaxy:threat-actor=\"APT 29\""],"SeaDesk":["misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\""],"Shamoon - S0140":["misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon - S0140\"","misp-galaxy:mitre-malware=\"Shamoon - S0140\""],"Shamoon":["misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon - S0140\"","misp-galaxy:mitre-malware=\"Shamoon - S0140\"","misp-galaxy:tool=\"Shamoon\""],"Disttrack":["misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon - S0140\"","misp-galaxy:mitre-malware=\"Shamoon - S0140\""],"Skeleton Key - S0007":["misp-galaxy:mitre-enterprise-attack-malware=\"Skeleton Key - S0007\"","misp-galaxy:mitre-malware=\"Skeleton Key - S0007\""],"Skeleton Key":["misp-galaxy:mitre-enterprise-attack-malware=\"Skeleton Key - S0007\"","misp-galaxy:mitre-malware=\"Skeleton Key - S0007\""],"Smoke Loader - S0226":["misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"","misp-galaxy:mitre-malware=\"Smoke Loader - S0226\""],"Smoke Loader":["misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"","misp-galaxy:mitre-malware=\"Smoke Loader - S0226\"","misp-galaxy:tool=\"Smoke Loader\""],"SslMM - S0058":["misp-galaxy:mitre-enterprise-attack-malware=\"SslMM - S0058\"","misp-galaxy:mitre-malware=\"SslMM - S0058\""],"Starloader - S0188":["misp-galaxy:mitre-enterprise-attack-malware=\"Starloader - S0188\"","misp-galaxy:mitre-malware=\"Starloader - S0188\""],"Starloader":["misp-galaxy:mitre-enterprise-attack-malware=\"Starloader - S0188\"","misp-galaxy:mitre-malware=\"Starloader - S0188\""],"StreamEx - S0142":["misp-galaxy:mitre-enterprise-attack-malware=\"StreamEx - S0142\"","misp-galaxy:mitre-malware=\"StreamEx - S0142\""],"StreamEx":["misp-galaxy:mitre-enterprise-attack-malware=\"StreamEx - S0142\"","misp-galaxy:mitre-malware=\"StreamEx - S0142\"","misp-galaxy:tool=\"StreamEx\""],"Sykipot - S0018":["misp-galaxy:mitre-enterprise-attack-malware=\"Sykipot - S0018\"","misp-galaxy:mitre-malware=\"Sykipot - S0018\""],"Sykipot":["misp-galaxy:mitre-enterprise-attack-malware=\"Sykipot - S0018\"","misp-galaxy:mitre-malware=\"Sykipot - S0018\"","misp-galaxy:threat-actor=\"Maverick Panda\""],"Sys10 - S0060":["misp-galaxy:mitre-enterprise-attack-malware=\"Sys10 - S0060\"","misp-galaxy:mitre-malware=\"Sys10 - S0060\""],"T9000 - S0098":["misp-galaxy:mitre-enterprise-attack-malware=\"T9000 - S0098\"","misp-galaxy:mitre-malware=\"T9000 - S0098\""],"T9000":["misp-galaxy:mitre-enterprise-attack-malware=\"T9000 - S0098\"","misp-galaxy:mitre-malware=\"T9000 - S0098\"","misp-galaxy:tool=\"T9000\""],"TDTESS - S0164":["misp-galaxy:mitre-enterprise-attack-malware=\"TDTESS - S0164\"","misp-galaxy:mitre-malware=\"TDTESS - S0164\""],"TEXTMATE - S0146":["misp-galaxy:mitre-enterprise-attack-malware=\"TEXTMATE - S0146\"","misp-galaxy:mitre-malware=\"TEXTMATE - S0146\""],"TINYTYPHON - S0131":["misp-galaxy:mitre-enterprise-attack-malware=\"TINYTYPHON - S0131\"","misp-galaxy:mitre-malware=\"TINYTYPHON - S0131\""],"TINYTYPHON":["misp-galaxy:mitre-enterprise-attack-malware=\"TINYTYPHON - S0131\"","misp-galaxy:mitre-malware=\"TINYTYPHON - S0131\""],"TURNEDUP - S0199":["misp-galaxy:mitre-enterprise-attack-malware=\"TURNEDUP - S0199\"","misp-galaxy:mitre-malware=\"TURNEDUP - S0199\""],"Taidoor - S0011":["misp-galaxy:mitre-enterprise-attack-malware=\"Taidoor - S0011\"","misp-galaxy:mitre-malware=\"Taidoor - S0011\""],"TinyZBot - S0004":["misp-galaxy:mitre-enterprise-attack-malware=\"TinyZBot - S0004\"","misp-galaxy:mitre-malware=\"TinyZBot - S0004\""],"TinyZBot":["misp-galaxy:mitre-enterprise-attack-malware=\"TinyZBot - S0004\"","misp-galaxy:mitre-malware=\"TinyZBot - S0004\"","misp-galaxy:tool=\"TinyZBot\""],"Trojan.Karagany - S0094":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Karagany - S0094\"","misp-galaxy:mitre-malware=\"Trojan.Karagany - S0094\""],"Trojan.Karagany":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Karagany - S0094\"","misp-galaxy:mitre-malware=\"Trojan.Karagany - S0094\""],"Trojan.Mebromi - S0001":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Mebromi - S0001\"","misp-galaxy:mitre-malware=\"Trojan.Mebromi - S0001\""],"Trojan.Mebromi":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Mebromi - S0001\"","misp-galaxy:mitre-malware=\"Trojan.Mebromi - S0001\""],"Truvasys - S0178":["misp-galaxy:mitre-enterprise-attack-malware=\"Truvasys - S0178\"","misp-galaxy:mitre-malware=\"Truvasys - S0178\""],"Truvasys":["misp-galaxy:mitre-enterprise-attack-malware=\"Truvasys - S0178\"","misp-galaxy:mitre-malware=\"Truvasys - S0178\""],"USBStealer - S0136":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\""],"USBStealer":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\"","misp-galaxy:tool=\"USBStealer\""],"USB Stealer":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\""],"Win32\/USBStealer":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\""],"Umbreon - S0221":["misp-galaxy:mitre-enterprise-attack-malware=\"Umbreon - S0221\"","misp-galaxy:mitre-malware=\"Umbreon - S0221\""],"Unknown Logger - S0130":["misp-galaxy:mitre-enterprise-attack-malware=\"Unknown Logger - S0130\"","misp-galaxy:mitre-malware=\"Unknown Logger - S0130\""],"Unknown Logger":["misp-galaxy:mitre-enterprise-attack-malware=\"Unknown Logger - S0130\"","misp-galaxy:mitre-malware=\"Unknown Logger - S0130\""],"Uroburos - S0022":["misp-galaxy:mitre-enterprise-attack-malware=\"Uroburos - S0022\"","misp-galaxy:mitre-malware=\"Uroburos - S0022\""],"Uroburos":["misp-galaxy:mitre-enterprise-attack-malware=\"Uroburos - S0022\"","misp-galaxy:mitre-malware=\"Uroburos - S0022\"","misp-galaxy:threat-actor=\"Turla Group\"","misp-galaxy:tool=\"Turla\""],"Vasport - S0207":["misp-galaxy:mitre-enterprise-attack-malware=\"Vasport - S0207\"","misp-galaxy:mitre-malware=\"Vasport - S0207\""],"Vasport":["misp-galaxy:mitre-enterprise-attack-malware=\"Vasport - S0207\"","misp-galaxy:mitre-malware=\"Vasport - S0207\""],"Volgmer - S0180":["misp-galaxy:mitre-enterprise-attack-malware=\"Volgmer - S0180\"","misp-galaxy:mitre-malware=\"Volgmer - S0180\""],"WEBC2 - S0109":["misp-galaxy:mitre-enterprise-attack-malware=\"WEBC2 - S0109\"","misp-galaxy:mitre-malware=\"WEBC2 - S0109\""],"WEBC2":["misp-galaxy:mitre-enterprise-attack-malware=\"WEBC2 - S0109\"","misp-galaxy:mitre-malware=\"WEBC2 - S0109\"","misp-galaxy:tool=\"WEBC2\""],"WINDSHIELD - S0155":["misp-galaxy:mitre-enterprise-attack-malware=\"WINDSHIELD - S0155\"","misp-galaxy:mitre-malware=\"WINDSHIELD - S0155\""],"WINDSHIELD":["misp-galaxy:mitre-enterprise-attack-malware=\"WINDSHIELD - S0155\"","misp-galaxy:mitre-malware=\"WINDSHIELD - S0155\""],"WINERACK - S0219":["misp-galaxy:mitre-enterprise-attack-malware=\"WINERACK - S0219\"","misp-galaxy:mitre-malware=\"WINERACK - S0219\""],"WINERACK":["misp-galaxy:mitre-enterprise-attack-malware=\"WINERACK - S0219\"","misp-galaxy:mitre-malware=\"WINERACK - S0219\"","misp-galaxy:tool=\"WINERACK\""],"Wiarp - S0206":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiarp - S0206\"","misp-galaxy:mitre-malware=\"Wiarp - S0206\""],"Wiarp":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiarp - S0206\"","misp-galaxy:mitre-malware=\"Wiarp - S0206\""],"WinMM - S0059":["misp-galaxy:mitre-enterprise-attack-malware=\"WinMM - S0059\"","misp-galaxy:mitre-malware=\"WinMM - S0059\""],"Wingbird - S0176":["misp-galaxy:mitre-enterprise-attack-malware=\"Wingbird - S0176\"","misp-galaxy:mitre-malware=\"Wingbird - S0176\""],"Wingbird":["misp-galaxy:mitre-enterprise-attack-malware=\"Wingbird - S0176\"","misp-galaxy:mitre-malware=\"Wingbird - S0176\""],"Winnti - S0141":["misp-galaxy:mitre-enterprise-attack-malware=\"Winnti - S0141\"","misp-galaxy:mitre-malware=\"Winnti - S0141\""],"Winnti":["misp-galaxy:mitre-enterprise-attack-malware=\"Winnti - S0141\"","misp-galaxy:mitre-malware=\"Winnti - S0141\"","misp-galaxy:tool=\"Winnti\""],"Wiper - S0041":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiper - S0041\"","misp-galaxy:mitre-malware=\"Wiper - S0041\""],"Wiper":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiper - S0041\"","misp-galaxy:mitre-malware=\"Wiper - S0041\""],"XAgentOSX - S0161":["misp-galaxy:mitre-enterprise-attack-malware=\"XAgentOSX - S0161\"","misp-galaxy:mitre-malware=\"XAgentOSX - S0161\""],"XAgentOSX":["misp-galaxy:mitre-enterprise-attack-malware=\"XAgentOSX - S0161\"","misp-galaxy:mitre-malware=\"XAgentOSX - S0161\""],"XTunnel - S0117":["misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\""],"XTunnel":["misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\"","misp-galaxy:tool=\"X-Tunnel\""],"XAPS":["misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\""],"ZLib - S0086":["misp-galaxy:mitre-enterprise-attack-malware=\"ZLib - S0086\"","misp-galaxy:mitre-malware=\"ZLib - S0086\""],"ZLib":["misp-galaxy:mitre-enterprise-attack-malware=\"ZLib - S0086\"","misp-galaxy:mitre-malware=\"ZLib - S0086\""],"ZeroT - S0230":["misp-galaxy:mitre-enterprise-attack-malware=\"ZeroT - S0230\"","misp-galaxy:mitre-malware=\"ZeroT - S0230\""],"Zeroaccess - S0027":["misp-galaxy:mitre-enterprise-attack-malware=\"Zeroaccess - S0027\"","misp-galaxy:mitre-malware=\"Zeroaccess - S0027\""],"Zeroaccess":["misp-galaxy:mitre-enterprise-attack-malware=\"Zeroaccess - S0027\"","misp-galaxy:mitre-malware=\"Zeroaccess - S0027\""],"Trojan.Zeroaccess":["misp-galaxy:mitre-enterprise-attack-malware=\"Zeroaccess - S0027\"","misp-galaxy:mitre-malware=\"Zeroaccess - S0027\""],"adbupd - S0202":["misp-galaxy:mitre-enterprise-attack-malware=\"adbupd - S0202\"","misp-galaxy:mitre-malware=\"adbupd - S0202\""],"adbupd":["misp-galaxy:mitre-enterprise-attack-malware=\"adbupd - S0202\"","misp-galaxy:mitre-malware=\"adbupd - S0202\""],"gh0st - S0032":["misp-galaxy:mitre-enterprise-attack-malware=\"gh0st - S0032\"","misp-galaxy:mitre-malware=\"gh0st - S0032\""],"gh0st":["misp-galaxy:mitre-enterprise-attack-malware=\"gh0st - S0032\"","misp-galaxy:mitre-malware=\"gh0st - S0032\"","misp-galaxy:tool=\"gh0st\""],"hcdLoader - S0071":["misp-galaxy:mitre-enterprise-attack-malware=\"hcdLoader - S0071\"","misp-galaxy:mitre-malware=\"hcdLoader - S0071\""],"hcdLoader":["misp-galaxy:mitre-enterprise-attack-malware=\"hcdLoader - S0071\"","misp-galaxy:mitre-malware=\"hcdLoader - S0071\"","misp-galaxy:rat=\"hcdLoader\""],"httpclient - S0068":["misp-galaxy:mitre-enterprise-attack-malware=\"httpclient - S0068\"","misp-galaxy:mitre-malware=\"httpclient - S0068\""],"httpclient":["misp-galaxy:mitre-enterprise-attack-malware=\"httpclient - S0068\"","misp-galaxy:mitre-malware=\"httpclient - S0068\""],"pngdowner - S0067":["misp-galaxy:mitre-enterprise-attack-malware=\"pngdowner - S0067\"","misp-galaxy:mitre-malware=\"pngdowner - S0067\""],"Arp - S0099":["misp-galaxy:mitre-enterprise-attack-tool=\"Arp - S0099\"","misp-galaxy:mitre-tool=\"Arp - S0099\""],"Arp":["misp-galaxy:mitre-enterprise-attack-tool=\"Arp - S0099\"","misp-galaxy:mitre-tool=\"Arp - S0099\""],"arp.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Arp - S0099\"","misp-galaxy:mitre-tool=\"Arp - S0099\""],"BITSAdmin - S0190":["misp-galaxy:mitre-enterprise-attack-tool=\"BITSAdmin - S0190\"","misp-galaxy:mitre-tool=\"BITSAdmin - S0190\""],"BITSAdmin":["misp-galaxy:mitre-enterprise-attack-tool=\"BITSAdmin - S0190\"","misp-galaxy:mitre-tool=\"BITSAdmin - S0190\""],"Cachedump - S0119":["misp-galaxy:mitre-enterprise-attack-tool=\"Cachedump - S0119\"","misp-galaxy:mitre-tool=\"Cachedump - S0119\""],"Cachedump":["misp-galaxy:mitre-enterprise-attack-tool=\"Cachedump - S0119\"","misp-galaxy:mitre-tool=\"Cachedump - S0119\""],"Cobalt Strike - S0154":["misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike - S0154\"","misp-galaxy:mitre-tool=\"Cobalt Strike - S0154\""],"FTP - S0095":["misp-galaxy:mitre-enterprise-attack-tool=\"FTP - S0095\"","misp-galaxy:mitre-tool=\"FTP - S0095\""],"FTP":["misp-galaxy:mitre-enterprise-attack-tool=\"FTP - S0095\"","misp-galaxy:mitre-tool=\"FTP - S0095\""],"ftp.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"FTP - S0095\"","misp-galaxy:mitre-tool=\"FTP - S0095\""],"Fgdump - S0120":["misp-galaxy:mitre-enterprise-attack-tool=\"Fgdump - S0120\"","misp-galaxy:mitre-tool=\"Fgdump - S0120\""],"Fgdump":["misp-galaxy:mitre-enterprise-attack-tool=\"Fgdump - S0120\"","misp-galaxy:mitre-tool=\"Fgdump - S0120\""],"Forfiles - S0193":["misp-galaxy:mitre-enterprise-attack-tool=\"Forfiles - S0193\"","misp-galaxy:mitre-tool=\"Forfiles - S0193\""],"Forfiles":["misp-galaxy:mitre-enterprise-attack-tool=\"Forfiles - S0193\"","misp-galaxy:mitre-tool=\"Forfiles - S0193\""],"HTRAN - S0040":["misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"","misp-galaxy:mitre-tool=\"HTRAN - S0040\""],"HTRAN":["misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"","misp-galaxy:mitre-tool=\"HTRAN - S0040\""],"Havij - S0224":["misp-galaxy:mitre-enterprise-attack-tool=\"Havij - S0224\"","misp-galaxy:mitre-tool=\"Havij - S0224\""],"Havij":["misp-galaxy:mitre-enterprise-attack-tool=\"Havij - S0224\"","misp-galaxy:mitre-tool=\"Havij - S0224\""],"Invoke-PSImage - S0231":["misp-galaxy:mitre-enterprise-attack-tool=\"Invoke-PSImage - S0231\"","misp-galaxy:mitre-tool=\"Invoke-PSImage - S0231\""],"Invoke-PSImage":["misp-galaxy:mitre-enterprise-attack-tool=\"Invoke-PSImage - S0231\"","misp-galaxy:mitre-tool=\"Invoke-PSImage - S0231\""],"Lslsass - S0121":["misp-galaxy:mitre-enterprise-attack-tool=\"Lslsass - S0121\"","misp-galaxy:mitre-tool=\"Lslsass - S0121\""],"Lslsass":["misp-galaxy:mitre-enterprise-attack-tool=\"Lslsass - S0121\"","misp-galaxy:mitre-tool=\"Lslsass - S0121\""],"MimiPenguin - S0179":["misp-galaxy:mitre-enterprise-attack-tool=\"MimiPenguin - S0179\"","misp-galaxy:mitre-tool=\"MimiPenguin - S0179\""],"MimiPenguin":["misp-galaxy:mitre-enterprise-attack-tool=\"MimiPenguin - S0179\"","misp-galaxy:mitre-tool=\"MimiPenguin - S0179\""],"Mimikatz - S0002":["misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"","misp-galaxy:mitre-tool=\"Mimikatz - S0002\""],"Mimikatz":["misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"","misp-galaxy:mitre-tool=\"Mimikatz - S0002\"","misp-galaxy:tool=\"Mimikatz\""],"Net - S0039":["misp-galaxy:mitre-enterprise-attack-tool=\"Net - S0039\"","misp-galaxy:mitre-tool=\"Net - S0039\""],"Net":["misp-galaxy:mitre-enterprise-attack-tool=\"Net - S0039\"","misp-galaxy:mitre-tool=\"Net - S0039\""],"net.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Net - S0039\"","misp-galaxy:mitre-tool=\"Net - S0039\""],"Pass-The-Hash Toolkit - S0122":["misp-galaxy:mitre-enterprise-attack-tool=\"Pass-The-Hash Toolkit - S0122\"","misp-galaxy:mitre-tool=\"Pass-The-Hash Toolkit - S0122\""],"Pass-The-Hash Toolkit":["misp-galaxy:mitre-enterprise-attack-tool=\"Pass-The-Hash Toolkit - S0122\"","misp-galaxy:mitre-tool=\"Pass-The-Hash Toolkit - S0122\""],"Ping - S0097":["misp-galaxy:mitre-enterprise-attack-tool=\"Ping - S0097\"","misp-galaxy:mitre-tool=\"Ping - S0097\""],"Ping":["misp-galaxy:mitre-enterprise-attack-tool=\"Ping - S0097\"","misp-galaxy:mitre-tool=\"Ping - S0097\""],"ping.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Ping - S0097\"","misp-galaxy:mitre-tool=\"Ping - S0097\""],"PowerSploit - S0194":["misp-galaxy:mitre-enterprise-attack-tool=\"PowerSploit - S0194\"","misp-galaxy:mitre-tool=\"PowerSploit - S0194\""],"PowerSploit":["misp-galaxy:mitre-enterprise-attack-tool=\"PowerSploit - S0194\"","misp-galaxy:mitre-tool=\"PowerSploit - S0194\""],"PsExec - S0029":["misp-galaxy:mitre-enterprise-attack-tool=\"PsExec - S0029\"","misp-galaxy:mitre-tool=\"PsExec - S0029\""],"PsExec":["misp-galaxy:mitre-enterprise-attack-tool=\"PsExec - S0029\"","misp-galaxy:mitre-tool=\"PsExec - S0029\"","misp-galaxy:tool=\"PsExec\""],"Pupy - S0192":["misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\"","misp-galaxy:mitre-tool=\"Pupy - S0192\""],"Pupy":["misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\"","misp-galaxy:mitre-tool=\"Pupy - S0192\"","misp-galaxy:rat=\"Pupy\""],"Reg - S0075":["misp-galaxy:mitre-enterprise-attack-tool=\"Reg - S0075\"","misp-galaxy:mitre-tool=\"Reg - S0075\""],"Reg":["misp-galaxy:mitre-enterprise-attack-tool=\"Reg - S0075\"","misp-galaxy:mitre-tool=\"Reg - S0075\""],"reg.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Reg - S0075\"","misp-galaxy:mitre-tool=\"Reg - S0075\""],"Responder - S0174":["misp-galaxy:mitre-enterprise-attack-tool=\"Responder - S0174\"","misp-galaxy:mitre-tool=\"Responder - S0174\""],"Responder":["misp-galaxy:mitre-enterprise-attack-tool=\"Responder - S0174\"","misp-galaxy:mitre-tool=\"Responder - S0174\""],"SDelete - S0195":["misp-galaxy:mitre-enterprise-attack-tool=\"SDelete - S0195\"","misp-galaxy:mitre-tool=\"SDelete - S0195\""],"SDelete":["misp-galaxy:mitre-enterprise-attack-tool=\"SDelete - S0195\"","misp-galaxy:mitre-tool=\"SDelete - S0195\""],"Systeminfo - S0096":["misp-galaxy:mitre-enterprise-attack-tool=\"Systeminfo - S0096\"","misp-galaxy:mitre-tool=\"Systeminfo - S0096\""],"Systeminfo":["misp-galaxy:mitre-enterprise-attack-tool=\"Systeminfo - S0096\"","misp-galaxy:mitre-tool=\"Systeminfo - S0096\""],"systeminfo.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Systeminfo - S0096\"","misp-galaxy:mitre-tool=\"Systeminfo - S0096\""],"Tasklist - S0057":["misp-galaxy:mitre-enterprise-attack-tool=\"Tasklist - S0057\"","misp-galaxy:mitre-tool=\"Tasklist - S0057\""],"Tasklist":["misp-galaxy:mitre-enterprise-attack-tool=\"Tasklist - S0057\"","misp-galaxy:mitre-tool=\"Tasklist - S0057\""],"Tor - S0183":["misp-galaxy:mitre-enterprise-attack-tool=\"Tor - S0183\"","misp-galaxy:mitre-tool=\"Tor - S0183\""],"Tor":["misp-galaxy:mitre-enterprise-attack-tool=\"Tor - S0183\"","misp-galaxy:mitre-tool=\"Tor - S0183\""],"UACMe - S0116":["misp-galaxy:mitre-enterprise-attack-tool=\"UACMe - S0116\"","misp-galaxy:mitre-tool=\"UACMe - S0116\""],"Windows Credential Editor - S0005":["misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"","misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\""],"Windows Credential Editor":["misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"","misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\""],"WCE":["misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"","misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\""],"Winexe - S0191":["misp-galaxy:mitre-enterprise-attack-tool=\"Winexe - S0191\"","misp-galaxy:mitre-tool=\"Winexe - S0191\""],"Winexe":["misp-galaxy:mitre-enterprise-attack-tool=\"Winexe - S0191\"","misp-galaxy:mitre-tool=\"Winexe - S0191\"","misp-galaxy:tool=\"Winexe\""],"at - S0110":["misp-galaxy:mitre-enterprise-attack-tool=\"at - S0110\"","misp-galaxy:mitre-tool=\"at - S0110\""],"at":["misp-galaxy:mitre-enterprise-attack-tool=\"at - S0110\"","misp-galaxy:mitre-tool=\"at - S0110\""],"at.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"at - S0110\"","misp-galaxy:mitre-tool=\"at - S0110\""],"certutil - S0160":["misp-galaxy:mitre-enterprise-attack-tool=\"certutil - S0160\"","misp-galaxy:mitre-tool=\"certutil - S0160\""],"certutil":["misp-galaxy:mitre-enterprise-attack-tool=\"certutil - S0160\"","misp-galaxy:mitre-tool=\"certutil - S0160\""],"certutil.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"certutil - S0160\"","misp-galaxy:mitre-tool=\"certutil - S0160\""],"cmd - S0106":["misp-galaxy:mitre-enterprise-attack-tool=\"cmd - S0106\"","misp-galaxy:mitre-tool=\"cmd - S0106\""],"cmd":["misp-galaxy:mitre-enterprise-attack-tool=\"cmd - S0106\"","misp-galaxy:mitre-tool=\"cmd - S0106\""],"cmd.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"cmd - S0106\"","misp-galaxy:mitre-tool=\"cmd - S0106\""],"dsquery - S0105":["misp-galaxy:mitre-enterprise-attack-tool=\"dsquery - S0105\"","misp-galaxy:mitre-tool=\"dsquery - S0105\""],"dsquery":["misp-galaxy:mitre-enterprise-attack-tool=\"dsquery - S0105\"","misp-galaxy:mitre-tool=\"dsquery - S0105\""],"dsquery.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"dsquery - S0105\"","misp-galaxy:mitre-tool=\"dsquery - S0105\""],"gsecdump - S0008":["misp-galaxy:mitre-enterprise-attack-tool=\"gsecdump - S0008\"","misp-galaxy:mitre-tool=\"gsecdump - S0008\""],"ifconfig - S0101":["misp-galaxy:mitre-enterprise-attack-tool=\"ifconfig - S0101\"","misp-galaxy:mitre-tool=\"ifconfig - S0101\""],"ifconfig":["misp-galaxy:mitre-enterprise-attack-tool=\"ifconfig - S0101\"","misp-galaxy:mitre-tool=\"ifconfig - S0101\""],"ipconfig - S0100":["misp-galaxy:mitre-enterprise-attack-tool=\"ipconfig - S0100\"","misp-galaxy:mitre-tool=\"ipconfig - S0100\""],"ipconfig":["misp-galaxy:mitre-enterprise-attack-tool=\"ipconfig - S0100\"","misp-galaxy:mitre-tool=\"ipconfig - S0100\""],"ipconfig.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"ipconfig - S0100\"","misp-galaxy:mitre-tool=\"ipconfig - S0100\""],"meek - S0175":["misp-galaxy:mitre-enterprise-attack-tool=\"meek - S0175\"","misp-galaxy:mitre-tool=\"meek - S0175\""],"meek":["misp-galaxy:mitre-enterprise-attack-tool=\"meek - S0175\"","misp-galaxy:mitre-tool=\"meek - S0175\""],"nbtstat - S0102":["misp-galaxy:mitre-enterprise-attack-tool=\"nbtstat - S0102\"","misp-galaxy:mitre-tool=\"nbtstat - S0102\""],"nbtstat":["misp-galaxy:mitre-enterprise-attack-tool=\"nbtstat - S0102\"","misp-galaxy:mitre-tool=\"nbtstat - S0102\""],"nbtstat.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"nbtstat - S0102\"","misp-galaxy:mitre-tool=\"nbtstat - S0102\""],"netsh - S0108":["misp-galaxy:mitre-enterprise-attack-tool=\"netsh - S0108\"","misp-galaxy:mitre-tool=\"netsh - S0108\""],"netsh":["misp-galaxy:mitre-enterprise-attack-tool=\"netsh - S0108\"","misp-galaxy:mitre-tool=\"netsh - S0108\""],"netsh.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"netsh - S0108\"","misp-galaxy:mitre-tool=\"netsh - S0108\""],"netstat - S0104":["misp-galaxy:mitre-enterprise-attack-tool=\"netstat - S0104\"","misp-galaxy:mitre-tool=\"netstat - S0104\""],"netstat":["misp-galaxy:mitre-enterprise-attack-tool=\"netstat - S0104\"","misp-galaxy:mitre-tool=\"netstat - S0104\""],"netstat.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"netstat - S0104\"","misp-galaxy:mitre-tool=\"netstat - S0104\""],"pwdump - S0006":["misp-galaxy:mitre-enterprise-attack-tool=\"pwdump - S0006\"","misp-galaxy:mitre-tool=\"pwdump - S0006\""],"pwdump":["misp-galaxy:mitre-enterprise-attack-tool=\"pwdump - S0006\"","misp-galaxy:mitre-tool=\"pwdump - S0006\""],"route - S0103":["misp-galaxy:mitre-enterprise-attack-tool=\"route - S0103\"","misp-galaxy:mitre-tool=\"route - S0103\""],"route":["misp-galaxy:mitre-enterprise-attack-tool=\"route - S0103\"","misp-galaxy:mitre-tool=\"route - S0103\""],"route.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"route - S0103\"","misp-galaxy:mitre-tool=\"route - S0103\""],"schtasks - S0111":["misp-galaxy:mitre-enterprise-attack-tool=\"schtasks - S0111\"","misp-galaxy:mitre-tool=\"schtasks - S0111\""],"schtasks":["misp-galaxy:mitre-enterprise-attack-tool=\"schtasks - S0111\"","misp-galaxy:mitre-tool=\"schtasks - S0111\""],"schtasks.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"schtasks - S0111\"","misp-galaxy:mitre-tool=\"schtasks - S0111\""],"spwebmember - S0227":["misp-galaxy:mitre-enterprise-attack-tool=\"spwebmember - S0227\"","misp-galaxy:mitre-tool=\"spwebmember - S0227\""],"spwebmember":["misp-galaxy:mitre-enterprise-attack-tool=\"spwebmember - S0227\"","misp-galaxy:mitre-tool=\"spwebmember - S0227\""],"sqlmap - S0225":["misp-galaxy:mitre-enterprise-attack-tool=\"sqlmap - S0225\"","misp-galaxy:mitre-tool=\"sqlmap - S0225\""],"sqlmap":["misp-galaxy:mitre-enterprise-attack-tool=\"sqlmap - S0225\"","misp-galaxy:mitre-tool=\"sqlmap - S0225\""],"xCmd - S0123":["misp-galaxy:mitre-enterprise-attack-tool=\"xCmd - S0123\"","misp-galaxy:mitre-tool=\"xCmd - S0123\""],"xCmd":["misp-galaxy:mitre-enterprise-attack-tool=\"xCmd - S0123\"","misp-galaxy:mitre-tool=\"xCmd - S0123\""],"APT19 - G0073":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\""],"APT19":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\"","misp-galaxy:threat-actor=\"Codoso\""],"Codoso":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\"","misp-galaxy:threat-actor=\"Codoso\""],"C0d0so0":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\""],"Codoso Team":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\""],"Sunshop Group":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\"","misp-galaxy:threat-actor=\"Codoso\""],"SNAKEMACKEREL":["misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Swallowtail":["misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Group 74":["misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"YTTRIUM":["misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"SeaLotus":["misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"APT-C-00":["misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"Elfin":["misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"","misp-galaxy:threat-actor=\"APT33\""],"APT38 - G0082":["misp-galaxy:mitre-intrusion-set=\"APT38 - G0082\""],"APT38":["misp-galaxy:mitre-intrusion-set=\"APT38 - G0082\"","misp-galaxy:threat-actor=\"Lazarus Group\""],"APT39 - G0087":["misp-galaxy:mitre-intrusion-set=\"APT39 - G0087\""],"APT39":["misp-galaxy:mitre-intrusion-set=\"APT39 - G0087\"","misp-galaxy:threat-actor=\"APT39\""],"Chafer":["misp-galaxy:mitre-intrusion-set=\"APT39 - G0087\"","misp-galaxy:threat-actor=\"APT39\"","misp-galaxy:threat-actor=\"Chafer\""],"Cobalt Group - G0080":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\""],"Cobalt Group":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\"","misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt Gang":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\"","misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt Spider":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\"","misp-galaxy:threat-actor=\"Cobalt\""],"Dark Caracal - G0070":["misp-galaxy:mitre-intrusion-set=\"Dark Caracal - G0070\""],"Dark Caracal":["misp-galaxy:mitre-intrusion-set=\"Dark Caracal - G0070\"","misp-galaxy:threat-actor=\"Dark Caracal\""],"DarkHydrus - G0079":["misp-galaxy:mitre-intrusion-set=\"DarkHydrus - G0079\""],"DarkHydrus":["misp-galaxy:mitre-intrusion-set=\"DarkHydrus - G0079\"","misp-galaxy:threat-actor=\"DarkHydrus\""],"Dragonfly 2.0 - G0074":["misp-galaxy:mitre-intrusion-set=\"Dragonfly 2.0 - G0074\""],"Dragonfly 2.0":["misp-galaxy:mitre-intrusion-set=\"Dragonfly 2.0 - G0074\"","misp-galaxy:threat-actor=\"DYMALLOY\""],"Berserk Bear":["misp-galaxy:mitre-intrusion-set=\"Dragonfly 2.0 - G0074\"","misp-galaxy:threat-actor=\"Berserk Bear\"","misp-galaxy:threat-actor=\"TeamSpy Crew\""],"FIN4 - G0085":["misp-galaxy:mitre-intrusion-set=\"FIN4 - G0085\""],"FIN4":["misp-galaxy:mitre-intrusion-set=\"FIN4 - G0085\"","misp-galaxy:threat-actor=\"Wolf Spider\""],"Gallmaker - G0084":["misp-galaxy:mitre-intrusion-set=\"Gallmaker - G0084\""],"Gallmaker":["misp-galaxy:mitre-intrusion-set=\"Gallmaker - G0084\"","misp-galaxy:threat-actor=\"Gallmaker\""],"Gorgon Group - G0078":["misp-galaxy:mitre-intrusion-set=\"Gorgon Group - G0078\""],"Gorgon Group":["misp-galaxy:mitre-intrusion-set=\"Gorgon Group - G0078\"","misp-galaxy:threat-actor=\"The Gorgon Group\""],"Honeybee - G0072":["misp-galaxy:mitre-intrusion-set=\"Honeybee - G0072\""],"Honeybee":["misp-galaxy:mitre-intrusion-set=\"Honeybee - G0072\"","misp-galaxy:threat-actor=\"Honeybee\""],"APT15":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"Vixen Panda":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"GREF":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"Playful Dragon":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"RoyalAPT":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\""],"Leafminer - G0077":["misp-galaxy:mitre-intrusion-set=\"Leafminer - G0077\""],"Leafminer":["misp-galaxy:mitre-intrusion-set=\"Leafminer - G0077\""],"Raspite":["misp-galaxy:mitre-intrusion-set=\"Leafminer - G0077\"","misp-galaxy:threat-actor=\"RASPITE\""],"TEMP.Jumper":["misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"APT40":["misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"DRAGONFISH":["misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:threat-actor=\"Lotus Blossom\""],"APT35":["misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"APT35\"","misp-galaxy:threat-actor=\"Cleaver\""],"Seedworm":["misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:threat-actor=\"MuddyWater\""],"IRN2":["misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\"","misp-galaxy:threat-actor=\"OilRig\""],"HELIX KITTEN":["misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\""],"Orangeworm - G0071":["misp-galaxy:mitre-intrusion-set=\"Orangeworm - G0071\""],"Orangeworm":["misp-galaxy:mitre-intrusion-set=\"Orangeworm - G0071\"","misp-galaxy:threat-actor=\"Orangeworm\""],"Rancor - G0075":["misp-galaxy:mitre-intrusion-set=\"Rancor - G0075\""],"Rancor":["misp-galaxy:mitre-intrusion-set=\"Rancor - G0075\"","misp-galaxy:threat-actor=\"RANCOR\""],"VOODOO BEAR":["misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\""],"SilverTerrier - G0083":["misp-galaxy:mitre-intrusion-set=\"SilverTerrier - G0083\""],"SilverTerrier":["misp-galaxy:mitre-intrusion-set=\"SilverTerrier - G0083\"","misp-galaxy:threat-actor=\"SilverTerrier\""],"Stolen Pencil - G0086":["misp-galaxy:mitre-intrusion-set=\"Stolen Pencil - G0086\""],"Stolen Pencil":["misp-galaxy:mitre-intrusion-set=\"Stolen Pencil - G0086\""],"TEMP.Veles - G0088":["misp-galaxy:mitre-intrusion-set=\"TEMP.Veles - G0088\""],"TEMP.Veles":["misp-galaxy:mitre-intrusion-set=\"TEMP.Veles - G0088\"","misp-galaxy:threat-actor=\"TEMP.Veles\""],"XENOTIME":["misp-galaxy:mitre-intrusion-set=\"TEMP.Veles - G0088\"","misp-galaxy:threat-actor=\"XENOTIME\""],"APT27":["misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Iron Tiger":["misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"LuckyMouse":["misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Thrip - G0076":["misp-galaxy:mitre-intrusion-set=\"Thrip - G0076\""],"Thrip":["misp-galaxy:mitre-intrusion-set=\"Thrip - G0076\"","misp-galaxy:threat-actor=\"Thrip\""],"Tropic Trooper - G0081":["misp-galaxy:mitre-intrusion-set=\"Tropic Trooper - G0081\""],"Tropic Trooper":["misp-galaxy:mitre-intrusion-set=\"Tropic Trooper - G0081\"","misp-galaxy:threat-actor=\"Tropic Trooper\""],"VENOMOUS BEAR":["misp-galaxy:mitre-intrusion-set=\"Turla - G0010\""],"Krypton":["misp-galaxy:mitre-intrusion-set=\"Turla - G0010\""],"HOGFISH":["misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"ANDROIDOS_ANSERVER.A - S0310":["misp-galaxy:mitre-malware=\"ANDROIDOS_ANSERVER.A - S0310\""],"ANDROIDOS_ANSERVER.A":["misp-galaxy:mitre-malware=\"ANDROIDOS_ANSERVER.A - S0310\"","misp-galaxy:mitre-mobile-attack-malware=\"ANDROIDOS_ANSERVER.A - MOB-S0026\""],"Adups - S0309":["misp-galaxy:mitre-malware=\"Adups - S0309\""],"Adups":["misp-galaxy:mitre-malware=\"Adups - S0309\"","misp-galaxy:mitre-mobile-attack-malware=\"Adups - MOB-S0025\""],"Agent Tesla - S0331":["misp-galaxy:mitre-malware=\"Agent Tesla - S0331\""],"Allwinner - S0319":["misp-galaxy:mitre-malware=\"Allwinner - S0319\""],"Allwinner":["misp-galaxy:mitre-malware=\"Allwinner - S0319\""],"AndroRAT - S0292":["misp-galaxy:mitre-malware=\"AndroRAT - S0292\""],"Android Overlay Malware - S0296":["misp-galaxy:mitre-malware=\"Android Overlay Malware - S0296\""],"Android Overlay Malware":["misp-galaxy:mitre-malware=\"Android Overlay Malware - S0296\""],"Android\/Chuli.A - S0304":["misp-galaxy:mitre-malware=\"Android\/Chuli.A - S0304\""],"Android\/Chuli.A":["misp-galaxy:mitre-malware=\"Android\/Chuli.A - S0304\"","misp-galaxy:mitre-mobile-attack-malware=\"Android\/Chuli.A - MOB-S0020\""],"Astaroth - S0373":["misp-galaxy:mitre-malware=\"Astaroth - S0373\""],"Astaroth":["misp-galaxy:mitre-malware=\"Astaroth - S0373\""],"AuditCred - S0347":["misp-galaxy:mitre-malware=\"AuditCred - S0347\""],"AuditCred":["misp-galaxy:mitre-malware=\"AuditCred - S0347\""],"Roptimizer":["misp-galaxy:mitre-malware=\"AuditCred - S0347\""],"Azorult - S0344":["misp-galaxy:mitre-malware=\"Azorult - S0344\""],"BADCALL - S0245":["misp-galaxy:mitre-malware=\"BADCALL - S0245\""],"BADCALL":["misp-galaxy:mitre-malware=\"BADCALL - S0245\""],"BONDUPDATER - S0360":["misp-galaxy:mitre-malware=\"BONDUPDATER - S0360\""],"BadPatch - S0337":["misp-galaxy:mitre-malware=\"BadPatch - S0337\""],"BadPatch":["misp-galaxy:mitre-malware=\"BadPatch - S0337\""],"Bandook - S0234":["misp-galaxy:mitre-malware=\"Bandook - S0234\""],"Bandook":["misp-galaxy:mitre-malware=\"Bandook - S0234\""],"Bankshot - S0239":["misp-galaxy:mitre-malware=\"Bankshot - S0239\""],"Trojan Manuscript":["misp-galaxy:mitre-malware=\"Bankshot - S0239\""],"Bisonal - S0268":["misp-galaxy:mitre-malware=\"Bisonal - S0268\""],"BrainTest - S0293":["misp-galaxy:mitre-malware=\"BrainTest - S0293\""],"BrainTest":["misp-galaxy:mitre-malware=\"BrainTest - S0293\"","misp-galaxy:mitre-mobile-attack-malware=\"BrainTest - MOB-S0009\""],"Brave Prince - S0252":["misp-galaxy:mitre-malware=\"Brave Prince - S0252\""],"Brave Prince":["misp-galaxy:mitre-malware=\"Brave Prince - S0252\""],"Backdoor.SofacyX":["misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\""],"Calisto - S0274":["misp-galaxy:mitre-malware=\"Calisto - S0274\""],"Cannon - S0351":["misp-galaxy:mitre-malware=\"Cannon - S0351\""],"Carbon - S0335":["misp-galaxy:mitre-malware=\"Carbon - S0335\""],"Cardinal RAT - S0348":["misp-galaxy:mitre-malware=\"Cardinal RAT - S0348\""],"Catchamas - S0261":["misp-galaxy:mitre-malware=\"Catchamas - S0261\""],"Charger - S0323":["misp-galaxy:mitre-malware=\"Charger - S0323\""],"Cobian RAT - S0338":["misp-galaxy:mitre-malware=\"Cobian RAT - S0338\""],"CoinTicker - S0369":["misp-galaxy:mitre-malware=\"CoinTicker - S0369\""],"CoinTicker":["misp-galaxy:mitre-malware=\"CoinTicker - S0369\""],"Comnie - S0244":["misp-galaxy:mitre-malware=\"Comnie - S0244\""],"Comnie":["misp-galaxy:mitre-malware=\"Comnie - S0244\"","misp-galaxy:rat=\"Comnie\"","misp-galaxy:threat-actor=\"Blackgear\""],"CrossRAT - S0235":["misp-galaxy:mitre-malware=\"CrossRAT - S0235\""],"DDKONG - S0255":["misp-galaxy:mitre-malware=\"DDKONG - S0255\""],"DarkComet - S0334":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"DarkKomet":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"Krademok":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"FYNLOS":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"DealersChoice - S0243":["misp-galaxy:mitre-malware=\"DealersChoice - S0243\""],"Dendroid - S0301":["misp-galaxy:mitre-malware=\"Dendroid - S0301\""],"Dendroid":["misp-galaxy:mitre-malware=\"Dendroid - S0301\"","misp-galaxy:mitre-mobile-attack-malware=\"Dendroid - MOB-S0017\"","misp-galaxy:rat=\"Dendroid\""],"Denis - S0354":["misp-galaxy:mitre-malware=\"Denis - S0354\""],"Denis":["misp-galaxy:mitre-malware=\"Denis - S0354\""],"Dok - S0281":["misp-galaxy:mitre-malware=\"Dok - S0281\""],"DressCode - S0300":["misp-galaxy:mitre-malware=\"DressCode - S0300\""],"DressCode":["misp-galaxy:mitre-malware=\"DressCode - S0300\"","misp-galaxy:mitre-mobile-attack-malware=\"DressCode - MOB-S0016\""],"DroidJack - S0320":["misp-galaxy:mitre-malware=\"DroidJack - S0320\""],"DroidJack":["misp-galaxy:mitre-malware=\"DroidJack - S0320\"","misp-galaxy:rat=\"DroidJack\""],"DualToy - S0315":["misp-galaxy:mitre-malware=\"DualToy - S0315\""],"DualToy":["misp-galaxy:mitre-malware=\"DualToy - S0315\"","misp-galaxy:mitre-mobile-attack-malware=\"DualToy - MOB-S0031\""],"Ebury - S0377":["misp-galaxy:mitre-malware=\"Ebury - S0377\""],"Emotet - S0367":["misp-galaxy:mitre-malware=\"Emotet - S0367\""],"Exaramel - S0343":["misp-galaxy:mitre-malware=\"Exaramel - S0343\""],"Exaramel":["misp-galaxy:mitre-malware=\"Exaramel - S0343\""],"FELIXROOT - S0267":["misp-galaxy:mitre-malware=\"FELIXROOT - S0267\""],"FELIXROOT":["misp-galaxy:mitre-malware=\"FELIXROOT - S0267\""],"GreyEnergy mini":["misp-galaxy:mitre-malware=\"FELIXROOT - S0267\""],"Final1stspy - S0355":["misp-galaxy:mitre-malware=\"Final1stspy - S0355\""],"Final1stspy":["misp-galaxy:mitre-malware=\"Final1stspy - S0355\""],"FruitFly - S0277":["misp-galaxy:mitre-malware=\"FruitFly - S0277\""],"Gold Dragon - S0249":["misp-galaxy:mitre-malware=\"Gold Dragon - S0249\""],"Gold Dragon":["misp-galaxy:mitre-malware=\"Gold Dragon - S0249\""],"Gooligan - S0290":["misp-galaxy:mitre-malware=\"Gooligan - S0290\""],"Gooligan":["misp-galaxy:mitre-malware=\"Gooligan - S0290\"","misp-galaxy:mitre-mobile-attack-malware=\"Gooligan - MOB-S0006\""],"GravityRAT - S0237":["misp-galaxy:mitre-malware=\"GravityRAT - S0237\""],"GravityRAT":["misp-galaxy:mitre-malware=\"GravityRAT - S0237\"","misp-galaxy:rat=\"GravityRAT\""],"GreyEnergy - S0342":["misp-galaxy:mitre-malware=\"GreyEnergy - S0342\""],"HARDRAIN - S0246":["misp-galaxy:mitre-malware=\"HARDRAIN - S0246\""],"HARDRAIN":["misp-galaxy:mitre-malware=\"HARDRAIN - S0246\""],"HOPLIGHT - S0376":["misp-galaxy:mitre-malware=\"HOPLIGHT - S0376\""],"HummingBad - S0322":["misp-galaxy:mitre-malware=\"HummingBad - S0322\""],"HummingWhale - S0321":["misp-galaxy:mitre-malware=\"HummingWhale - S0321\""],"HummingWhale":["misp-galaxy:mitre-malware=\"HummingWhale - S0321\"","misp-galaxy:mitre-mobile-attack-malware=\"HummingWhale - MOB-S0037\""],"InnaputRAT - S0259":["misp-galaxy:mitre-malware=\"InnaputRAT - S0259\""],"InvisiMole - S0260":["misp-galaxy:mitre-malware=\"InvisiMole - S0260\""],"Trojan.Sofacy":["misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"Judy - S0325":["misp-galaxy:mitre-malware=\"Judy - S0325\""],"KEYMARBLE - S0271":["misp-galaxy:mitre-malware=\"KEYMARBLE - S0271\""],"KONNI - S0356":["misp-galaxy:mitre-malware=\"KONNI - S0356\""],"KONNI":["misp-galaxy:mitre-malware=\"KONNI - S0356\"","misp-galaxy:rat=\"Konni\"","misp-galaxy:tool=\"KONNI\""],"Kazuar - S0265":["misp-galaxy:mitre-malware=\"Kazuar - S0265\""],"KeyRaider - S0288":["misp-galaxy:mitre-malware=\"KeyRaider - S0288\""],"KeyRaider":["misp-galaxy:mitre-malware=\"KeyRaider - S0288\"","misp-galaxy:mitre-mobile-attack-malware=\"KeyRaider - MOB-S0004\""],"Keydnap - S0276":["misp-galaxy:mitre-malware=\"Keydnap - S0276\""],"OSX\/Keydnap":["misp-galaxy:mitre-malware=\"Keydnap - S0276\""],"Kwampirs - S0236":["misp-galaxy:mitre-malware=\"Kwampirs - S0236\""],"Linux Rabbit - S0362":["misp-galaxy:mitre-malware=\"Linux Rabbit - S0362\""],"Linux Rabbit":["misp-galaxy:mitre-malware=\"Linux Rabbit - S0362\""],"LockerGoga - S0372":["misp-galaxy:mitre-malware=\"LockerGoga - S0372\""],"LockerGoga ":["misp-galaxy:mitre-malware=\"LockerGoga - S0372\""],"MacSpy - S0282":["misp-galaxy:mitre-malware=\"MacSpy - S0282\""],"Marcher - S0317":["misp-galaxy:mitre-malware=\"Marcher - S0317\""],"MazarBOT - S0303":["misp-galaxy:mitre-malware=\"MazarBOT - S0303\""],"MazarBOT":["misp-galaxy:mitre-malware=\"MazarBOT - S0303\"","misp-galaxy:mitre-mobile-attack-malware=\"MazarBOT - MOB-S0019\""],"Micropsia - S0339":["misp-galaxy:mitre-malware=\"Micropsia - S0339\""],"MirageFox - S0280":["misp-galaxy:mitre-malware=\"MirageFox - S0280\""],"More_eggs - S0284":["misp-galaxy:mitre-malware=\"More_eggs - S0284\""],"Mosquito - S0256":["misp-galaxy:mitre-malware=\"Mosquito - S0256\""],"NDiskMonitor - S0272":["misp-galaxy:mitre-malware=\"NDiskMonitor - S0272\""],"NDiskMonitor":["misp-galaxy:mitre-malware=\"NDiskMonitor - S0272\""],"NOKKI - S0353":["misp-galaxy:mitre-malware=\"NOKKI - S0353\""],"NOKKI":["misp-galaxy:mitre-malware=\"NOKKI - S0353\"","misp-galaxy:tool=\"NOKKI\""],"NanoCore - S0336":["misp-galaxy:mitre-malware=\"NanoCore - S0336\""],"NanoCore":["misp-galaxy:mitre-malware=\"NanoCore - S0336\"","misp-galaxy:rat=\"NanoCore\"","misp-galaxy:tool=\"NanoCoreRAT\""],"NavRAT - S0247":["misp-galaxy:mitre-malware=\"NavRAT - S0247\""],"NotCompatible - S0299":["misp-galaxy:mitre-malware=\"NotCompatible - S0299\""],"NotCompatible":["misp-galaxy:mitre-malware=\"NotCompatible - S0299\"","misp-galaxy:mitre-mobile-attack-malware=\"NotCompatible - MOB-S0015\""],"NotPetya - S0368":["misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"Petrwrap":["misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"OBAD - S0286":["misp-galaxy:mitre-malware=\"OBAD - S0286\""],"OBAD":["misp-galaxy:mitre-malware=\"OBAD - S0286\"","misp-galaxy:mitre-mobile-attack-malware=\"OBAD - MOB-S0002\""],"OSX_OCEANLOTUS.D - S0352":["misp-galaxy:mitre-malware=\"OSX_OCEANLOTUS.D - S0352\""],"OSX_OCEANLOTUS.D":["misp-galaxy:mitre-malware=\"OSX_OCEANLOTUS.D - S0352\""],"OceanSalt - S0346":["misp-galaxy:mitre-malware=\"OceanSalt - S0346\""],"OceanSalt":["misp-galaxy:mitre-malware=\"OceanSalt - S0346\""],"Octopus - S0340":["misp-galaxy:mitre-malware=\"Octopus - S0340\""],"OldBoot - S0285":["misp-galaxy:mitre-malware=\"OldBoot - S0285\""],"OldBoot":["misp-galaxy:mitre-malware=\"OldBoot - S0285\"","misp-galaxy:mitre-mobile-attack-malware=\"OldBoot - MOB-S0001\""],"Olympic Destroyer - S0365":["misp-galaxy:mitre-malware=\"Olympic Destroyer - S0365\""],"OopsIE - S0264":["misp-galaxy:mitre-malware=\"OopsIE - S0264\""],"PJApps - S0291":["misp-galaxy:mitre-malware=\"PJApps - S0291\""],"PJApps":["misp-galaxy:mitre-malware=\"PJApps - S0291\"","misp-galaxy:mitre-mobile-attack-malware=\"PJApps - MOB-S0007\""],"PLAINTEE - S0254":["misp-galaxy:mitre-malware=\"PLAINTEE - S0254\""],"Powermud":["misp-galaxy:mitre-malware=\"POWERSTATS - S0223\""],"POWERTON - S0371":["misp-galaxy:mitre-malware=\"POWERTON - S0371\""],"POWERTON":["misp-galaxy:mitre-malware=\"POWERTON - S0371\""],"Pegasus for Android - S0316":["misp-galaxy:mitre-malware=\"Pegasus for Android - S0316\""],"Pegasus for Android":["misp-galaxy:mitre-malware=\"Pegasus for Android - S0316\"","misp-galaxy:mitre-mobile-attack-malware=\"Pegasus for Android - MOB-S0032\""],"Pegasus for iOS - S0289":["misp-galaxy:mitre-malware=\"Pegasus for iOS - S0289\""],"Pegasus for iOS":["misp-galaxy:mitre-malware=\"Pegasus for iOS - S0289\""],"DestroyRAT":["misp-galaxy:mitre-malware=\"PlugX - S0013\""],"Proton - S0279":["misp-galaxy:mitre-malware=\"Proton - S0279\""],"Proton":["misp-galaxy:mitre-malware=\"Proton - S0279\"","misp-galaxy:tool=\"Proton\""],"Proxysvc - S0238":["misp-galaxy:mitre-malware=\"Proxysvc - S0238\""],"Proxysvc":["misp-galaxy:mitre-malware=\"Proxysvc - S0238\"","misp-galaxy:tool=\"Proxysvc\""],"QUADAGENT - S0269":["misp-galaxy:mitre-malware=\"QUADAGENT - S0269\""],"RATANKBA - S0241":["misp-galaxy:mitre-malware=\"RATANKBA - S0241\""],"RATANKBA":["misp-galaxy:mitre-malware=\"RATANKBA - S0241\""],"RCSAndroid - S0295":["misp-galaxy:mitre-malware=\"RCSAndroid - S0295\""],"RCSAndroid":["misp-galaxy:mitre-malware=\"RCSAndroid - S0295\"","misp-galaxy:mitre-mobile-attack-malware=\"RCSAndroid - MOB-S0011\""],"RGDoor - S0258":["misp-galaxy:mitre-malware=\"RGDoor - S0258\""],"ROKRAT - S0240":["misp-galaxy:mitre-malware=\"ROKRAT - S0240\""],"ROKRAT":["misp-galaxy:mitre-malware=\"ROKRAT - S0240\"","misp-galaxy:rat=\"rokrat\""],"RedDrop - S0326":["misp-galaxy:mitre-malware=\"RedDrop - S0326\""],"Remexi - S0375":["misp-galaxy:mitre-malware=\"Remexi - S0375\""],"RogueRobin - S0270":["misp-galaxy:mitre-malware=\"RogueRobin - S0270\""],"RuMMS - S0313":["misp-galaxy:mitre-malware=\"RuMMS - S0313\""],"RuMMS":["misp-galaxy:mitre-malware=\"RuMMS - S0313\"","misp-galaxy:mitre-mobile-attack-malware=\"RuMMS - MOB-S0029\""],"RunningRAT - S0253":["misp-galaxy:mitre-malware=\"RunningRAT - S0253\""],"RunningRAT":["misp-galaxy:mitre-malware=\"RunningRAT - S0253\""],"SamSam - S0370":["misp-galaxy:mitre-malware=\"SamSam - S0370\""],"Samas":["misp-galaxy:mitre-malware=\"SamSam - S0370\""],"Seasalt - S0345":["misp-galaxy:mitre-malware=\"Seasalt - S0345\""],"Seasalt":["misp-galaxy:mitre-malware=\"Seasalt - S0345\""],"ShiftyBug - S0294":["misp-galaxy:mitre-malware=\"ShiftyBug - S0294\""],"ShiftyBug":["misp-galaxy:mitre-malware=\"ShiftyBug - S0294\"","misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Skygofree - S0327":["misp-galaxy:mitre-malware=\"Skygofree - S0327\""],"Socksbot - S0273":["misp-galaxy:mitre-malware=\"Socksbot - S0273\""],"Socksbot":["misp-galaxy:mitre-malware=\"Socksbot - S0273\""],"SpeakUp - S0374":["misp-galaxy:mitre-malware=\"SpeakUp - S0374\""],"SpyDealer - S0324":["misp-galaxy:mitre-malware=\"SpyDealer - S0324\""],"SpyDealer":["misp-galaxy:mitre-malware=\"SpyDealer - S0324\"","misp-galaxy:tool=\"SpyDealer\""],"SpyNote RAT - S0305":["misp-galaxy:mitre-malware=\"SpyNote RAT - S0305\""],"SpyNote RAT":["misp-galaxy:mitre-malware=\"SpyNote RAT - S0305\"","misp-galaxy:mitre-mobile-attack-malware=\"SpyNote RAT - MOB-S0021\""],"Stealth Mango - S0328":["misp-galaxy:mitre-malware=\"Stealth Mango - S0328\""],"SynAck - S0242":["misp-galaxy:mitre-malware=\"SynAck - S0242\""],"TYPEFRAME - S0263":["misp-galaxy:mitre-malware=\"TYPEFRAME - S0263\""],"TYPEFRAME":["misp-galaxy:mitre-malware=\"TYPEFRAME - S0263\"","misp-galaxy:tool=\"TYPEFRAME\""],"Tangelo - S0329":["misp-galaxy:mitre-malware=\"Tangelo - S0329\""],"Tangelo":["misp-galaxy:mitre-malware=\"Tangelo - S0329\""],"TrickBot - S0266":["misp-galaxy:mitre-malware=\"TrickBot - S0266\""],"Totbrick":["misp-galaxy:mitre-malware=\"TrickBot - S0266\""],"TSPY_TRICKLOAD":["misp-galaxy:mitre-malware=\"TrickBot - S0266\""],"Trojan-SMS.AndroidOS.Agent.ao - S0307":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.Agent.ao - S0307\""],"Trojan-SMS.AndroidOS.Agent.ao":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.Agent.ao - S0307\"","misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023\""],"Trojan-SMS.AndroidOS.FakeInst.a - S0306":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - S0306\""],"Trojan-SMS.AndroidOS.FakeInst.a":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - S0306\"","misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022\""],"Trojan-SMS.AndroidOS.OpFake.a - S0308":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.OpFake.a - S0308\""],"Trojan-SMS.AndroidOS.OpFake.a":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.OpFake.a - S0308\"","misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024\""],"Twitoor - S0302":["misp-galaxy:mitre-malware=\"Twitoor - S0302\""],"Twitoor":["misp-galaxy:mitre-malware=\"Twitoor - S0302\"","misp-galaxy:mitre-mobile-attack-malware=\"Twitoor - MOB-S0018\""],"UBoatRAT - S0333":["misp-galaxy:mitre-malware=\"UBoatRAT - S0333\""],"UBoatRAT":["misp-galaxy:mitre-malware=\"UBoatRAT - S0333\"","misp-galaxy:rat=\"UBoatRAT\""],"UPPERCUT - S0275":["misp-galaxy:mitre-malware=\"UPPERCUT - S0275\""],"UPPERCUT":["misp-galaxy:mitre-malware=\"UPPERCUT - S0275\"","misp-galaxy:tool=\"ANEL\""],"ANEL":["misp-galaxy:mitre-malware=\"UPPERCUT - S0275\"","misp-galaxy:tool=\"ANEL\""],"VERMIN - S0257":["misp-galaxy:mitre-malware=\"VERMIN - S0257\""],"VERMIN":["misp-galaxy:mitre-malware=\"VERMIN - S0257\""],"WannaCry - S0366":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WanaCry":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WanaCrypt":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WanaCrypt0r":["misp-galaxy:mitre-malware=\"WannaCry - S0366\"","misp-galaxy:ransomware=\"WannaCry\""],"WCry":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WireLurker - S0312":["misp-galaxy:mitre-malware=\"WireLurker - S0312\""],"WireLurker":["misp-galaxy:mitre-malware=\"WireLurker - S0312\"","misp-galaxy:mitre-mobile-attack-malware=\"WireLurker - MOB-S0028\""],"X-Agent for Android - S0314":["misp-galaxy:mitre-malware=\"X-Agent for Android - S0314\""],"X-Agent for Android":["misp-galaxy:mitre-malware=\"X-Agent for Android - S0314\""],"OSX.Sofacy":["misp-galaxy:mitre-malware=\"XAgentOSX - S0161\""],"XLoader - S0318":["misp-galaxy:mitre-malware=\"XLoader - S0318\""],"Trojan.Shunnael":["misp-galaxy:mitre-malware=\"XTunnel - S0117\""],"Xbash - S0341":["misp-galaxy:mitre-malware=\"Xbash - S0341\""],"XcodeGhost - S0297":["misp-galaxy:mitre-malware=\"XcodeGhost - S0297\""],"XcodeGhost":["misp-galaxy:mitre-malware=\"XcodeGhost - S0297\"","misp-galaxy:mitre-mobile-attack-malware=\"XcodeGhost - MOB-S0013\""],"YiSpecter - S0311":["misp-galaxy:mitre-malware=\"YiSpecter - S0311\""],"YiSpecter":["misp-galaxy:mitre-malware=\"YiSpecter - S0311\"","misp-galaxy:mitre-mobile-attack-malware=\"YiSpecter - MOB-S0027\""],"Zebrocy - S0251":["misp-galaxy:mitre-malware=\"Zebrocy - S0251\""],"ZergHelper - S0287":["misp-galaxy:mitre-malware=\"ZergHelper - S0287\""],"ZergHelper":["misp-galaxy:mitre-malware=\"ZergHelper - S0287\"","misp-galaxy:mitre-mobile-attack-malware=\"ZergHelper - MOB-S0003\""],"Zeus Panda - S0330":["misp-galaxy:mitre-malware=\"Zeus Panda - S0330\""],"gh0st RAT - S0032":["misp-galaxy:mitre-malware=\"gh0st RAT - S0032\""],"gh0st RAT":["misp-galaxy:mitre-malware=\"gh0st RAT - S0032\""],"iKitten - S0278":["misp-galaxy:mitre-malware=\"iKitten - S0278\""],"iKitten":["misp-galaxy:mitre-malware=\"iKitten - S0278\"","misp-galaxy:tool=\"MacDownloader\""],"OSX\/MacDownloader":["misp-galaxy:mitre-malware=\"iKitten - S0278\""],"jRAT - S0283":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"jFrutas":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"jBiFrost":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"Trojan.Maljava":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"yty - S0248":["misp-galaxy:mitre-malware=\"yty - S0248\""],"zwShell - S0350":["misp-galaxy:mitre-malware=\"zwShell - S0350\""],"zwShell":["misp-galaxy:mitre-malware=\"zwShell - S0350\""],"Abuse Accessibility Features - MOB-T1056":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Abuse Accessibility Features - MOB-T1056\""],"Abuse Device Administrator Access to Prevent Removal - MOB-T1004":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Abuse Device Administrator Access to Prevent Removal - MOB-T1004\""],"Abuse of iOS Enterprise App Signing Key - MOB-T1048":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Abuse of iOS Enterprise App Signing Key - MOB-T1048\""],"Access Calendar Entries - MOB-T1038":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Calendar Entries - MOB-T1038\""],"Access Call Log - MOB-T1036":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Call Log - MOB-T1036\""],"Access Contact List - MOB-T1035":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Contact List - MOB-T1035\""],"Access Sensitive Data in Device Logs - MOB-T1016":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Sensitive Data in Device Logs - MOB-T1016\""],"Access Sensitive Data or Credentials in Files - MOB-T1012":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Sensitive Data or Credentials in Files - MOB-T1012\""],"Alternate Network Mediums - MOB-T1041":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Alternate Network Mediums - MOB-T1041\""],"Android Intent Hijacking - MOB-T1019":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Android Intent Hijacking - MOB-T1019\""],"App Auto-Start at Device Boot - MOB-T1005":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"App Auto-Start at Device Boot - MOB-T1005\""],"App Delivered via Email Attachment - MOB-T1037":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"App Delivered via Email Attachment - MOB-T1037\""],"App Delivered via Web Download - MOB-T1034":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"App Delivered via Web Download - MOB-T1034\""],"Application Discovery - MOB-T1021":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Application Discovery - MOB-T1021\""],"Attack PC via USB Connection - MOB-T1030":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Attack PC via USB Connection - MOB-T1030\""],"Biometric Spoofing - MOB-T1063":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Biometric Spoofing - MOB-T1063\""],"Capture Clipboard Data - MOB-T1017":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Capture Clipboard Data - MOB-T1017\""],"Capture SMS Messages - MOB-T1015":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Capture SMS Messages - MOB-T1015\""],"Commonly Used Port - MOB-T1039":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Commonly Used Port - MOB-T1039\""],"Detect App Analysis Environment - MOB-T1043":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Detect App Analysis Environment - MOB-T1043\""],"Device Type Discovery - MOB-T1022":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Device Type Discovery - MOB-T1022\""],"Device Unlock Code Guessing or Brute Force - MOB-T1062":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Device Unlock Code Guessing or Brute Force - MOB-T1062\""],"Disguise Root\/Jailbreak Indicators - MOB-T1011":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Disguise Root\/Jailbreak Indicators - MOB-T1011\""],"Downgrade to Insecure Protocols - MOB-T1069":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Downgrade to Insecure Protocols - MOB-T1069\""],"Download New Code at Runtime - MOB-T1010":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Download New Code at Runtime - MOB-T1010\""],"Eavesdrop on Insecure Network Communication - MOB-T1042":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Eavesdrop on Insecure Network Communication - MOB-T1042\""],"Encrypt Files for Ransom - MOB-T1074":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Encrypt Files for Ransom - MOB-T1074\""],"Exploit Baseband Vulnerability - MOB-T1058":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit Baseband Vulnerability - MOB-T1058\""],"Exploit Enterprise Resources - MOB-T1031":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit Enterprise Resources - MOB-T1031\""],"Exploit OS Vulnerability - MOB-T1007":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit OS Vulnerability - MOB-T1007\""],"Exploit SS7 to Redirect Phone Calls\/SMS - MOB-T1052":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit SS7 to Redirect Phone Calls\/SMS - MOB-T1052\""],"Exploit SS7 to Track Device Location - MOB-T1053":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit SS7 to Track Device Location - MOB-T1053\""],"Exploit TEE Vulnerability - MOB-T1008":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit TEE Vulnerability - MOB-T1008\""],"Exploit via Charging Station or PC - MOB-T1061":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit via Charging Station or PC - MOB-T1061\""],"Fake Developer Accounts - MOB-T1045":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Fake Developer Accounts - MOB-T1045\""],"File and Directory Discovery - MOB-T1023":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"File and Directory Discovery - MOB-T1023\""],"Generate Fraudulent Advertising Revenue - MOB-T1075":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Generate Fraudulent Advertising Revenue - MOB-T1075\""],"Insecure Third-Party Libraries - MOB-T1028":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Insecure Third-Party Libraries - MOB-T1028\""],"Jamming or Denial of Service - MOB-T1067":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Jamming or Denial of Service - MOB-T1067\""],"Local Network Configuration Discovery - MOB-T1025":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Local Network Configuration Discovery - MOB-T1025\""],"Local Network Connections Discovery - MOB-T1024":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Local Network Connections Discovery - MOB-T1024\""],"Location Tracking - MOB-T1033":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Location Tracking - MOB-T1033\""],"Lock User Out of Device - MOB-T1049":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Lock User Out of Device - MOB-T1049\""],"Lockscreen Bypass - MOB-T1064":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Lockscreen Bypass - MOB-T1064\""],"Malicious Media Content - MOB-T1060":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Media Content - MOB-T1060\""],"Malicious SMS Message - MOB-T1057":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious SMS Message - MOB-T1057\""],"Malicious Software Development Tools - MOB-T1065":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Software Development Tools - MOB-T1065\""],"Malicious Third Party Keyboard App - MOB-T1020":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Third Party Keyboard App - MOB-T1020\""],"Malicious Web Content - MOB-T1059":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Web Content - MOB-T1059\""],"Malicious or Vulnerable Built-in Device Functionality - MOB-T1076":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious or Vulnerable Built-in Device Functionality - MOB-T1076\""],"Manipulate App Store Rankings or Ratings - MOB-T1055":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Manipulate App Store Rankings or Ratings - MOB-T1055\""],"Manipulate Device Communication - MOB-T1066":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Manipulate Device Communication - MOB-T1066\""],"Microphone or Camera Recordings - MOB-T1032":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Microphone or Camera Recordings - MOB-T1032\""],"Modify OS Kernel or Boot Partition - MOB-T1001":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify OS Kernel or Boot Partition - MOB-T1001\""],"Modify System Partition - MOB-T1003":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify System Partition - MOB-T1003\""],"Modify Trusted Execution Environment - MOB-T1002":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify Trusted Execution Environment - MOB-T1002\""],"Modify cached executable code - MOB-T1006":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify cached executable code - MOB-T1006\""],"Network Service Scanning - MOB-T1026":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Network Service Scanning - MOB-T1026\""],"Network Traffic Capture or Redirection - MOB-T1013":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Network Traffic Capture or Redirection - MOB-T1013\""],"Obfuscated or Encrypted Payload - MOB-T1009":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Obfuscated or Encrypted Payload - MOB-T1009\""],"Obtain Device Cloud Backups - MOB-T1073":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Obtain Device Cloud Backups - MOB-T1073\""],"Premium SMS Toll Fraud - MOB-T1051":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Premium SMS Toll Fraud - MOB-T1051\""],"Process Discovery - MOB-T1027":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Process Discovery - MOB-T1027\""],"Remotely Install Application - MOB-T1046":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Remotely Install Application - MOB-T1046\""],"Remotely Track Device Without Authorization - MOB-T1071":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Remotely Track Device Without Authorization - MOB-T1071\""],"Remotely Wipe Data Without Authorization - MOB-T1072":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Remotely Wipe Data Without Authorization - MOB-T1072\""],"Repackaged Application - MOB-T1047":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Repackaged Application - MOB-T1047\""],"Rogue Cellular Base Station - MOB-T1070":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Rogue Cellular Base Station - MOB-T1070\""],"Rogue Wi-Fi Access Points - MOB-T1068":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Rogue Wi-Fi Access Points - MOB-T1068\""],"SIM Card Swap - MOB-T1054":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"SIM Card Swap - MOB-T1054\""],"Standard Application Layer Protocol - MOB-T1040":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Standard Application Layer Protocol - MOB-T1040\""],"Stolen Developer Credentials or Signing Keys - MOB-T1044":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Stolen Developer Credentials or Signing Keys - MOB-T1044\""],"System Information Discovery - MOB-T1029":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"System Information Discovery - MOB-T1029\""],"URL Scheme Hijacking - MOB-T1018":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"URL Scheme Hijacking - MOB-T1018\""],"User Interface Spoofing - MOB-T1014":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"User Interface Spoofing - MOB-T1014\""],"Wipe Device Data - MOB-T1050":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Wipe Device Data - MOB-T1050\""],"Application Developer Guidance - MOB-M1013":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Application Developer Guidance - MOB-M1013\""],"Application Vetting - MOB-M1005":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Application Vetting - MOB-M1005\""],"Attestation - MOB-M1002":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Attestation - MOB-M1002\""],"Caution with Device Administrator Access - MOB-M1007":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Caution with Device Administrator Access - MOB-M1007\""],"Deploy Compromised Device Detection Method - MOB-M1010":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Deploy Compromised Device Detection Method - MOB-M1010\""],"Encrypt Network Traffic - MOB-M1009":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Encrypt Network Traffic - MOB-M1009\""],"Enterprise Policy - MOB-M1012":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Enterprise Policy - MOB-M1012\""],"Interconnection Filtering - MOB-M1014":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Interconnection Filtering - MOB-M1014\""],"Lock Bootloader - MOB-M1003":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Lock Bootloader - MOB-M1003\""],"Security Updates - MOB-M1001":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Security Updates - MOB-M1001\""],"System Partition Integrity - MOB-M1004":["misp-galaxy:mitre-mobile-attack-course-of-action=\"System Partition Integrity - MOB-M1004\""],"Use Device-Provided Credential Storage - MOB-M1008":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Use Device-Provided Credential Storage - MOB-M1008\""],"Use Recent OS Version - MOB-M1006":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Use Recent OS Version - MOB-M1006\""],"User Guidance - MOB-M1011":["misp-galaxy:mitre-mobile-attack-course-of-action=\"User Guidance - MOB-M1011\""],"ANDROIDOS_ANSERVER.A - MOB-S0026":["misp-galaxy:mitre-mobile-attack-malware=\"ANDROIDOS_ANSERVER.A - MOB-S0026\""],"Adups - MOB-S0025":["misp-galaxy:mitre-mobile-attack-malware=\"Adups - MOB-S0025\""],"AndroRAT - MOB-S0008":["misp-galaxy:mitre-mobile-attack-malware=\"AndroRAT - MOB-S0008\""],"Android\/Chuli.A - MOB-S0020":["misp-galaxy:mitre-mobile-attack-malware=\"Android\/Chuli.A - MOB-S0020\""],"AndroidOverlayMalware - MOB-S0012":["misp-galaxy:mitre-mobile-attack-malware=\"AndroidOverlayMalware - MOB-S0012\""],"AndroidOverlayMalware":["misp-galaxy:mitre-mobile-attack-malware=\"AndroidOverlayMalware - MOB-S0012\""],"BrainTest - MOB-S0009":["misp-galaxy:mitre-mobile-attack-malware=\"BrainTest - MOB-S0009\""],"Charger - MOB-S0039":["misp-galaxy:mitre-mobile-attack-malware=\"Charger - MOB-S0039\""],"Dendroid - MOB-S0017":["misp-galaxy:mitre-mobile-attack-malware=\"Dendroid - MOB-S0017\""],"DressCode - MOB-S0016":["misp-galaxy:mitre-mobile-attack-malware=\"DressCode - MOB-S0016\""],"DroidJack RAT - MOB-S0036":["misp-galaxy:mitre-mobile-attack-malware=\"DroidJack RAT - MOB-S0036\""],"DroidJack RAT":["misp-galaxy:mitre-mobile-attack-malware=\"DroidJack RAT - MOB-S0036\""],"DualToy - MOB-S0031":["misp-galaxy:mitre-mobile-attack-malware=\"DualToy - MOB-S0031\""],"Gooligan - MOB-S0006":["misp-galaxy:mitre-mobile-attack-malware=\"Gooligan - MOB-S0006\""],"HummingBad - MOB-S0038":["misp-galaxy:mitre-mobile-attack-malware=\"HummingBad - MOB-S0038\""],"HummingWhale - MOB-S0037":["misp-galaxy:mitre-mobile-attack-malware=\"HummingWhale - MOB-S0037\""],"KeyRaider - MOB-S0004":["misp-galaxy:mitre-mobile-attack-malware=\"KeyRaider - MOB-S0004\""],"MazarBOT - MOB-S0019":["misp-galaxy:mitre-mobile-attack-malware=\"MazarBOT - MOB-S0019\""],"NotCompatible - MOB-S0015":["misp-galaxy:mitre-mobile-attack-malware=\"NotCompatible - MOB-S0015\""],"OBAD - MOB-S0002":["misp-galaxy:mitre-mobile-attack-malware=\"OBAD - MOB-S0002\""],"OldBoot - MOB-S0001":["misp-galaxy:mitre-mobile-attack-malware=\"OldBoot - MOB-S0001\""],"PJApps - MOB-S0007":["misp-galaxy:mitre-mobile-attack-malware=\"PJApps - MOB-S0007\""],"Pegasus - MOB-S0005":["misp-galaxy:mitre-mobile-attack-malware=\"Pegasus - MOB-S0005\""],"Pegasus for Android - MOB-S0032":["misp-galaxy:mitre-mobile-attack-malware=\"Pegasus for Android - MOB-S0032\""],"RCSAndroid - MOB-S0011":["misp-galaxy:mitre-mobile-attack-malware=\"RCSAndroid - MOB-S0011\""],"RuMMS - MOB-S0029":["misp-galaxy:mitre-mobile-attack-malware=\"RuMMS - MOB-S0029\""],"Shedun - MOB-S0010":["misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Shedun":["misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Shuanet":["misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"SpyNote RAT - MOB-S0021":["misp-galaxy:mitre-mobile-attack-malware=\"SpyNote RAT - MOB-S0021\""],"Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023":["misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023\""],"Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022":["misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022\""],"Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024":["misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024\""],"Twitoor - MOB-S0018":["misp-galaxy:mitre-mobile-attack-malware=\"Twitoor - MOB-S0018\""],"WireLurker - MOB-S0028":["misp-galaxy:mitre-mobile-attack-malware=\"WireLurker - MOB-S0028\""],"X-Agent - MOB-S0030":["misp-galaxy:mitre-mobile-attack-malware=\"X-Agent - MOB-S0030\""],"XcodeGhost - MOB-S0013":["misp-galaxy:mitre-mobile-attack-malware=\"XcodeGhost - MOB-S0013\""],"YiSpecter - MOB-S0027":["misp-galaxy:mitre-mobile-attack-malware=\"YiSpecter - MOB-S0027\""],"ZergHelper - MOB-S0003":["misp-galaxy:mitre-mobile-attack-malware=\"ZergHelper - MOB-S0003\""],"Xbot - MOB-S0014":["misp-galaxy:mitre-mobile-attack-tool=\"Xbot - MOB-S0014\""],"Acquire OSINT data sets and information - PRE-T1024":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire OSINT data sets and information - PRE-T1024\""],"Acquire OSINT data sets and information - PRE-T1043":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire OSINT data sets and information - PRE-T1043\""],"Acquire OSINT data sets and information - PRE-T1054":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire OSINT data sets and information - PRE-T1054\""],"Acquire and\/or use 3rd party infrastructure services - PRE-T1084":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - PRE-T1084\""],"Acquire and\/or use 3rd party infrastructure services - PRE-T1106":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - PRE-T1106\""],"Acquire and\/or use 3rd party software services - PRE-T1085":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party software services - PRE-T1085\""],"Acquire and\/or use 3rd party software services - PRE-T1107":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party software services - PRE-T1107\""],"Acquire or compromise 3rd party signing certificates - PRE-T1087":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire or compromise 3rd party signing certificates - PRE-T1087\""],"Acquire or compromise 3rd party signing certificates - PRE-T1109":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire or compromise 3rd party signing certificates - PRE-T1109\""],"Aggregate individual's digital footprint - PRE-T1052":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Aggregate individual's digital footprint - PRE-T1052\""],"Analyze application security posture - PRE-T1070":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze application security posture - PRE-T1070\""],"Analyze architecture and configuration posture - PRE-T1065":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze architecture and configuration posture - PRE-T1065\""],"Analyze business processes - PRE-T1078":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze business processes - PRE-T1078\""],"Analyze data collected - PRE-T1064":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze data collected - PRE-T1064\""],"Analyze hardware\/software security defensive capabilities - PRE-T1071":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze hardware\/software security defensive capabilities - PRE-T1071\""],"Analyze organizational skillsets and deficiencies - PRE-T1066":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze organizational skillsets and deficiencies - PRE-T1066\""],"Analyze organizational skillsets and deficiencies - PRE-T1074":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze organizational skillsets and deficiencies - PRE-T1074\""],"Analyze organizational skillsets and deficiencies - PRE-T1077":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze organizational skillsets and deficiencies - PRE-T1077\""],"Analyze presence of outsourced capabilities - PRE-T1080":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze presence of outsourced capabilities - PRE-T1080\""],"Analyze social and business relationships, interests, and affiliations - PRE-T1072":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze social and business relationships, interests, and affiliations - PRE-T1072\""],"Anonymity services - PRE-T1083":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Anonymity services - PRE-T1083\""],"Assess KITs\/KIQs benefits - PRE-T1006":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess KITs\/KIQs benefits - PRE-T1006\""],"Assess current holdings, needs, and wants - PRE-T1013":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess current holdings, needs, and wants - PRE-T1013\""],"Assess leadership areas of interest - PRE-T1001":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess leadership areas of interest - PRE-T1001\""],"Assess opportunities created by business deals - PRE-T1076":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess opportunities created by business deals - PRE-T1076\""],"Assess security posture of physical locations - PRE-T1079":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess security posture of physical locations - PRE-T1079\""],"Assess targeting options - PRE-T1073":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess targeting options - PRE-T1073\""],"Assess vulnerability of 3rd party vendors - PRE-T1075":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess vulnerability of 3rd party vendors - PRE-T1075\""],"Assign KITs, KIQs, and\/or intelligence requirements - PRE-T1015":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assign KITs, KIQs, and\/or intelligence requirements - PRE-T1015\""],"Assign KITs\/KIQs into categories - PRE-T1005":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assign KITs\/KIQs into categories - PRE-T1005\""],"Authentication attempt - PRE-T1158":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Authentication attempt - PRE-T1158\""],"Authorized user performs requested cyber action - PRE-T1163":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Authorized user performs requested cyber action - PRE-T1163\""],"Automated system performs requested action - PRE-T1161":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Automated system performs requested action - PRE-T1161\""],"Build and configure delivery systems - PRE-T1124":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Build and configure delivery systems - PRE-T1124\""],"Build or acquire exploits - PRE-T1126":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Build or acquire exploits - PRE-T1126\""],"Build social network persona - PRE-T1118":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Build social network persona - PRE-T1118\""],"Buy domain name - PRE-T1105":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Buy domain name - PRE-T1105\""],"C2 protocol development - PRE-T1129":["misp-galaxy:mitre-pre-attack-attack-pattern=\"C2 protocol development - PRE-T1129\""],"Choose pre-compromised mobile app developer account credentials or signing keys - PRE-T1168":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Choose pre-compromised mobile app developer account credentials or signing keys - PRE-T1168\""],"Choose pre-compromised persona and affiliated accounts - PRE-T1120":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Choose pre-compromised persona and affiliated accounts - PRE-T1120\""],"Common, high volume protocols and software - PRE-T1098":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Common, high volume protocols and software - PRE-T1098\""],"Compromise 3rd party infrastructure to support delivery - PRE-T1089":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - PRE-T1089\""],"Compromise 3rd party infrastructure to support delivery - PRE-T1111":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - PRE-T1111\""],"Compromise 3rd party or closed-source vulnerability\/exploit information - PRE-T1131":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise 3rd party or closed-source vulnerability\/exploit information - PRE-T1131\""],"Compromise of externally facing system - PRE-T1165":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise of externally facing system - PRE-T1165\""],"Conduct active scanning - PRE-T1031":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct active scanning - PRE-T1031\""],"Conduct cost\/benefit analysis - PRE-T1003":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct cost\/benefit analysis - PRE-T1003\""],"Conduct passive scanning - PRE-T1030":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct passive scanning - PRE-T1030\""],"Conduct social engineering - PRE-T1026":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering - PRE-T1026\""],"Conduct social engineering - PRE-T1045":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering - PRE-T1045\""],"Conduct social engineering - PRE-T1056":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering - PRE-T1056\""],"Conduct social engineering or HUMINT operation - PRE-T1153":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering or HUMINT operation - PRE-T1153\""],"Confirmation of launched compromise achieved - PRE-T1160":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Confirmation of launched compromise achieved - PRE-T1160\""],"Create backup infrastructure - PRE-T1116":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create backup infrastructure - PRE-T1116\""],"Create custom payloads - PRE-T1122":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create custom payloads - PRE-T1122\""],"Create implementation plan - PRE-T1009":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create implementation plan - PRE-T1009\""],"Create infected removable media - PRE-T1132":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create infected removable media - PRE-T1132\""],"Create strategic plan - PRE-T1008":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create strategic plan - PRE-T1008\""],"Credential pharming - PRE-T1151":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Credential pharming - PRE-T1151\""],"DNS poisoning - PRE-T1159":["misp-galaxy:mitre-pre-attack-attack-pattern=\"DNS poisoning - PRE-T1159\""],"DNSCalc - PRE-T1101":["misp-galaxy:mitre-pre-attack-attack-pattern=\"DNSCalc - PRE-T1101\""],"Data Hiding - PRE-T1097":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Data Hiding - PRE-T1097\""],"Deploy exploit using advertising - PRE-T1157":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Deploy exploit using advertising - PRE-T1157\""],"Derive intelligence requirements - PRE-T1007":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Derive intelligence requirements - PRE-T1007\""],"Determine 3rd party infrastructure services - PRE-T1037":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine 3rd party infrastructure services - PRE-T1037\""],"Determine 3rd party infrastructure services - PRE-T1061":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine 3rd party infrastructure services - PRE-T1061\""],"Determine approach\/attack vector - PRE-T1022":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine approach\/attack vector - PRE-T1022\""],"Determine centralization of IT management - PRE-T1062":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine centralization of IT management - PRE-T1062\""],"Determine domain and IP address space - PRE-T1027":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine domain and IP address space - PRE-T1027\""],"Determine external network trust dependencies - PRE-T1036":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine external network trust dependencies - PRE-T1036\""],"Determine firmware version - PRE-T1035":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine firmware version - PRE-T1035\""],"Determine highest level tactical element - PRE-T1020":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine highest level tactical element - PRE-T1020\""],"Determine operational element - PRE-T1019":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine operational element - PRE-T1019\""],"Determine physical locations - PRE-T1059":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine physical locations - PRE-T1059\""],"Determine secondary level tactical element - PRE-T1021":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine secondary level tactical element - PRE-T1021\""],"Determine strategic target - PRE-T1018":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine strategic target - PRE-T1018\""],"Develop KITs\/KIQs - PRE-T1004":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Develop KITs\/KIQs - PRE-T1004\""],"Develop social network persona digital footprint - PRE-T1119":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Develop social network persona digital footprint - PRE-T1119\""],"Discover new exploits and monitor exploit-provider forums - PRE-T1127":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Discover new exploits and monitor exploit-provider forums - PRE-T1127\""],"Discover target logon\/email address format - PRE-T1032":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Discover target logon\/email address format - PRE-T1032\""],"Disseminate removable media - PRE-T1156":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Disseminate removable media - PRE-T1156\""],"Distribute malicious software development tools - PRE-T1171":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Distribute malicious software development tools - PRE-T1171\""],"Domain Generation Algorithms (DGA) - PRE-T1100":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Domain Generation Algorithms (DGA) - PRE-T1100\""],"Domain registration hijacking - PRE-T1103":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Domain registration hijacking - PRE-T1103\""],"Dumpster dive - PRE-T1063":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Dumpster dive - PRE-T1063\""],"Dynamic DNS - PRE-T1088":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Dynamic DNS - PRE-T1088\""],"Dynamic DNS - PRE-T1110":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Dynamic DNS - PRE-T1110\""],"Enumerate client configurations - PRE-T1039":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Enumerate client configurations - PRE-T1039\""],"Enumerate externally facing software applications technologies, languages, and dependencies - PRE-T1038":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Enumerate externally facing software applications technologies, languages, and dependencies - PRE-T1038\""],"Exploit public-facing application - PRE-T1154":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Exploit public-facing application - PRE-T1154\""],"Fast Flux DNS - PRE-T1102":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Fast Flux DNS - PRE-T1102\""],"Friend\/Follow\/Connect to targets of interest - PRE-T1121":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - PRE-T1121\""],"Friend\/Follow\/Connect to targets of interest - PRE-T1141":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - PRE-T1141\""],"Generate analyst intelligence requirements - PRE-T1011":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Generate analyst intelligence requirements - PRE-T1011\""],"Hardware or software supply chain implant - PRE-T1142":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Hardware or software supply chain implant - PRE-T1142\""],"Host-based hiding techniques - PRE-T1091":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Host-based hiding techniques - PRE-T1091\""],"Human performs requested action of physical nature - PRE-T1162":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Human performs requested action of physical nature - PRE-T1162\""],"Identify analyst level gaps - PRE-T1010":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify analyst level gaps - PRE-T1010\""],"Identify business processes\/tempo - PRE-T1057":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify business processes\/tempo - PRE-T1057\""],"Identify business relationships - PRE-T1049":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify business relationships - PRE-T1049\""],"Identify business relationships - PRE-T1060":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify business relationships - PRE-T1060\""],"Identify gap areas - PRE-T1002":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify gap areas - PRE-T1002\""],"Identify groups\/roles - PRE-T1047":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify groups\/roles - PRE-T1047\""],"Identify job postings and needs\/gaps - PRE-T1025":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify job postings and needs\/gaps - PRE-T1025\""],"Identify job postings and needs\/gaps - PRE-T1044":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify job postings and needs\/gaps - PRE-T1044\""],"Identify job postings and needs\/gaps - PRE-T1055":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify job postings and needs\/gaps - PRE-T1055\""],"Identify people of interest - PRE-T1046":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify people of interest - PRE-T1046\""],"Identify personnel with an authority\/privilege - PRE-T1048":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify personnel with an authority\/privilege - PRE-T1048\""],"Identify resources required to build capabilities - PRE-T1125":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify resources required to build capabilities - PRE-T1125\""],"Identify security defensive capabilities - PRE-T1040":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify security defensive capabilities - PRE-T1040\""],"Identify sensitive personnel information - PRE-T1051":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify sensitive personnel information - PRE-T1051\""],"Identify supply chains - PRE-T1023":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify supply chains - PRE-T1023\""],"Identify supply chains - PRE-T1042":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify supply chains - PRE-T1042\""],"Identify supply chains - PRE-T1053":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify supply chains - PRE-T1053\""],"Identify technology usage patterns - PRE-T1041":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify technology usage patterns - PRE-T1041\""],"Identify vulnerabilities in third-party software libraries - PRE-T1166":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify vulnerabilities in third-party software libraries - PRE-T1166\""],"Identify web defensive services - PRE-T1033":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify web defensive services - PRE-T1033\""],"Install and configure hardware, network, and systems - PRE-T1113":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Install and configure hardware, network, and systems - PRE-T1113\""],"Leverage compromised 3rd party resources - PRE-T1152":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Leverage compromised 3rd party resources - PRE-T1152\""],"Map network topology - PRE-T1029":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Map network topology - PRE-T1029\""],"Mine social media - PRE-T1050":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Mine social media - PRE-T1050\""],"Mine technical blogs\/forums - PRE-T1034":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Mine technical blogs\/forums - PRE-T1034\""],"Misattributable credentials - PRE-T1099":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Misattributable credentials - PRE-T1099\""],"Network-based hiding techniques - PRE-T1092":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Network-based hiding techniques - PRE-T1092\""],"Non-traditional or less attributable payment options - PRE-T1093":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Non-traditional or less attributable payment options - PRE-T1093\""],"OS-vendor provided communication channels - PRE-T1167":["misp-galaxy:mitre-pre-attack-attack-pattern=\"OS-vendor provided communication channels - PRE-T1167\""],"Obfuscate infrastructure - PRE-T1086":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate infrastructure - PRE-T1086\""],"Obfuscate infrastructure - PRE-T1108":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate infrastructure - PRE-T1108\""],"Obfuscate operational infrastructure - PRE-T1095":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate operational infrastructure - PRE-T1095\""],"Obfuscate or encrypt code - PRE-T1096":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate or encrypt code - PRE-T1096\""],"Obfuscation or cryptography - PRE-T1090":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscation or cryptography - PRE-T1090\""],"Obtain Apple iOS enterprise distribution key pair and certificate - PRE-T1169":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain Apple iOS enterprise distribution key pair and certificate - PRE-T1169\""],"Obtain booter\/stressor subscription - PRE-T1173":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain booter\/stressor subscription - PRE-T1173\""],"Obtain domain\/IP registration information - PRE-T1028":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain domain\/IP registration information - PRE-T1028\""],"Obtain templates\/branding materials - PRE-T1058":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain templates\/branding materials - PRE-T1058\""],"Obtain\/re-use payloads - PRE-T1123":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain\/re-use payloads - PRE-T1123\""],"Port redirector - PRE-T1140":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Port redirector - PRE-T1140\""],"Post compromise tool development - PRE-T1130":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Post compromise tool development - PRE-T1130\""],"Private whois services - PRE-T1082":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Private whois services - PRE-T1082\""],"Procure required equipment and software - PRE-T1112":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Procure required equipment and software - PRE-T1112\""],"Proxy\/protocol relays - PRE-T1081":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Proxy\/protocol relays - PRE-T1081\""],"Push-notification client-side exploit - PRE-T1150":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Push-notification client-side exploit - PRE-T1150\""],"Receive KITs\/KIQs and determine requirements - PRE-T1016":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Receive KITs\/KIQs and determine requirements - PRE-T1016\""],"Receive operator KITs\/KIQs tasking - PRE-T1012":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Receive operator KITs\/KIQs tasking - PRE-T1012\""],"Remote access tool development - PRE-T1128":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Remote access tool development - PRE-T1128\""],"Replace legitimate binary with malware - PRE-T1155":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Replace legitimate binary with malware - PRE-T1155\""],"Research relevant vulnerabilities\/CVEs - PRE-T1068":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Research relevant vulnerabilities\/CVEs - PRE-T1068\""],"Research visibility gap of security vendors - PRE-T1067":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Research visibility gap of security vendors - PRE-T1067\""],"Review logs and residual traces - PRE-T1135":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Review logs and residual traces - PRE-T1135\""],"Runtime code download and execution - PRE-T1172":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Runtime code download and execution - PRE-T1172\""],"SSL certificate acquisition for domain - PRE-T1114":["misp-galaxy:mitre-pre-attack-attack-pattern=\"SSL certificate acquisition for domain - PRE-T1114\""],"SSL certificate acquisition for trust breaking - PRE-T1115":["misp-galaxy:mitre-pre-attack-attack-pattern=\"SSL certificate acquisition for trust breaking - PRE-T1115\""],"Secure and protect infrastructure - PRE-T1094":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Secure and protect infrastructure - PRE-T1094\""],"Shadow DNS - PRE-T1117":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Shadow DNS - PRE-T1117\""],"Spear phishing messages with malicious attachments - PRE-T1144":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spear phishing messages with malicious attachments - PRE-T1144\""],"Spear phishing messages with malicious links - PRE-T1146":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spear phishing messages with malicious links - PRE-T1146\""],"Spear phishing messages with text only - PRE-T1145":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spear phishing messages with text only - PRE-T1145\""],"Spearphishing for Information - PRE-T1174":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spearphishing for Information - PRE-T1174\""],"Submit KITs, KIQs, and intelligence requirements - PRE-T1014":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Submit KITs, KIQs, and intelligence requirements - PRE-T1014\""],"Targeted client-side exploitation - PRE-T1148":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Targeted client-side exploitation - PRE-T1148\""],"Targeted social media phishing - PRE-T1143":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Targeted social media phishing - PRE-T1143\""],"Task requirements - PRE-T1017":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Task requirements - PRE-T1017\""],"Test ability to evade automated mobile application security analysis performed by app stores - PRE-T1170":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test ability to evade automated mobile application security analysis performed by app stores - PRE-T1170\""],"Test callback functionality - PRE-T1133":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test callback functionality - PRE-T1133\""],"Test malware in various execution environments - PRE-T1134":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test malware in various execution environments - PRE-T1134\""],"Test malware to evade detection - PRE-T1136":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test malware to evade detection - PRE-T1136\""],"Test physical access - PRE-T1137":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test physical access - PRE-T1137\""],"Test signature detection - PRE-T1069":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test signature detection - PRE-T1069\""],"Test signature detection for file upload\/email filters - PRE-T1138":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test signature detection for file upload\/email filters - PRE-T1138\""],"Unauthorized user introduces compromise delivery mechanism - PRE-T1164":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Unauthorized user introduces compromise delivery mechanism - PRE-T1164\""],"Unconditional client-side exploitation\/Injected Website\/Driveby - PRE-T1149":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Unconditional client-side exploitation\/Injected Website\/Driveby - PRE-T1149\""],"Untargeted client-side exploitation - PRE-T1147":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Untargeted client-side exploitation - PRE-T1147\""],"Upload, install, and configure software\/tools - PRE-T1139":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Upload, install, and configure software\/tools - PRE-T1139\""],"Use multiple DNS infrastructures - PRE-T1104":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Use multiple DNS infrastructures - PRE-T1104\""],"Empire - S0363":["misp-galaxy:mitre-tool=\"Empire - S0363\""],"EmPyre":["misp-galaxy:mitre-tool=\"Empire - S0363\""],"PowerShell Empire":["misp-galaxy:mitre-tool=\"Empire - S0363\""],"Expand - S0361":["misp-galaxy:mitre-tool=\"Expand - S0361\""],"Expand":["misp-galaxy:mitre-tool=\"Expand - S0361\""],"Impacket - S0357":["misp-galaxy:mitre-tool=\"Impacket - S0357\""],"Impacket":["misp-galaxy:mitre-tool=\"Impacket - S0357\""],"Koadic - S0250":["misp-galaxy:mitre-tool=\"Koadic - S0250\""],"LaZagne - S0349":["misp-galaxy:mitre-tool=\"LaZagne - S0349\""],"LaZagne":["misp-galaxy:mitre-tool=\"LaZagne - S0349\""],"Nltest - S0359":["misp-galaxy:mitre-tool=\"Nltest - S0359\""],"Nltest":["misp-galaxy:mitre-tool=\"Nltest - S0359\""],"PoshC2 - S0378":["misp-galaxy:mitre-tool=\"PoshC2 - S0378\""],"QuasarRAT - S0262":["misp-galaxy:mitre-tool=\"QuasarRAT - S0262\""],"QuasarRAT":["misp-galaxy:mitre-tool=\"QuasarRAT - S0262\""],"xRAT":["misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"","misp-galaxy:rat=\"xRAT\""],"RawDisk - S0364":["misp-galaxy:mitre-tool=\"RawDisk - S0364\""],"RawDisk":["misp-galaxy:mitre-tool=\"RawDisk - S0364\""],"Remcos - S0332":["misp-galaxy:mitre-tool=\"Remcos - S0332\""],"Ruler - S0358":["misp-galaxy:mitre-tool=\"Ruler - S0358\""],"Ruler":["misp-galaxy:mitre-tool=\"Ruler - S0358\""],"Xbot - S0298":["misp-galaxy:mitre-tool=\"Xbot - S0298\""],"ACL":["misp-galaxy:preventive-measure=\"ACL\""],"Backup and Restore Process":["misp-galaxy:preventive-measure=\"Backup and Restore Process\""],"Blacklist-phone-numbers":["misp-galaxy:preventive-measure=\"Blacklist-phone-numbers\""],"Block Macros":["misp-galaxy:preventive-measure=\"Block Macros\""],"Change Default \"Open With\" to Notepad":["misp-galaxy:preventive-measure=\"Change Default \"Open With\" to Notepad\""],"Disable WSH":["misp-galaxy:preventive-measure=\"Disable WSH\""],"EMET":["misp-galaxy:preventive-measure=\"EMET\""],"Enforce UAC Prompt":["misp-galaxy:preventive-measure=\"Enforce UAC Prompt\""],"Execution Prevention":["misp-galaxy:preventive-measure=\"Execution Prevention\""],"File Screening":["misp-galaxy:preventive-measure=\"File Screening\""],"Filter Attachments Level 1":["misp-galaxy:preventive-measure=\"Filter Attachments Level 1\""],"Filter Attachments Level 2":["misp-galaxy:preventive-measure=\"Filter Attachments Level 2\""],"Remove Admin Privileges":["misp-galaxy:preventive-measure=\"Remove Admin Privileges\""],"Restrict Workstation Communication":["misp-galaxy:preventive-measure=\"Restrict Workstation Communication\""],"Restrict program execution #2":["misp-galaxy:preventive-measure=\"Restrict program execution #2\""],"Restrict program execution":["misp-galaxy:preventive-measure=\"Restrict program execution\""],"Sandboxing Email Input":["misp-galaxy:preventive-measure=\"Sandboxing Email Input\""],"Show File Extensions":["misp-galaxy:preventive-measure=\"Show File Extensions\""],"Sysmon":["misp-galaxy:preventive-measure=\"Sysmon\""],"\"prepending (enc) ransomware\" (Not an official name)":["misp-galaxy:ransomware=\"\"prepending (enc) ransomware\" (Not an official name)\""],".CryptoHasYou.":["misp-galaxy:ransomware=\".CryptoHasYou.\""],"777":["misp-galaxy:ransomware=\"777\""],"Sevleg":["misp-galaxy:ransomware=\"777\""],"7Zipper Ransomware":["misp-galaxy:ransomware=\"7Zipper Ransomware\""],"7ev3n-HONE$T":["misp-galaxy:ransomware=\"7ev3n\""],"8lock8":["misp-galaxy:ransomware=\"8lock8\""],"AES-NI Ransomware ":["misp-galaxy:ransomware=\"AES-NI Ransomware \""],"AES_KEY_GEN_ASSIST Ransomware":["misp-galaxy:ransomware=\"AES_KEY_GEN_ASSIST Ransomware\""],"ALFA Ransomware":["misp-galaxy:ransomware=\"ALFA Ransomware\""],"AMBA":["misp-galaxy:ransomware=\"AMBA\""],"APT Ransomware v.2":["misp-galaxy:ransomware=\"APT Ransomware v.2\""],"ASN1 Encoder Ransomware":["misp-galaxy:ransomware=\"ASN1 Encoder Ransomware\""],"Acroware Cryptolocker Ransomware":["misp-galaxy:ransomware=\"Acroware Cryptolocker Ransomware\""],"Acroware Screenlocker":["misp-galaxy:ransomware=\"Acroware Cryptolocker Ransomware\""],"AdamLocker Ransomware":["misp-galaxy:ransomware=\"AdamLocker Ransomware\""],"AiraCrop Ransomware":["misp-galaxy:ransomware=\"AiraCrop Ransomware\""],"AiraCrop":["misp-galaxy:ransomware=\"AiraCrop\""],"Al-Namrood":["misp-galaxy:ransomware=\"Al-Namrood\""],"Alcatraz Locker Ransomware":["misp-galaxy:ransomware=\"Alcatraz Locker Ransomware\""],"All_Your_Documents Ransomware":["misp-galaxy:ransomware=\"All_Your_Documents Ransomware\""],"Alma Ransomware":["misp-galaxy:ransomware=\"Alma Ransomware\""],"Alpha Ransomware":["misp-galaxy:ransomware=\"Alpha Ransomware\""],"Angela Merkel Ransomware":["misp-galaxy:ransomware=\"Angela Merkel Ransomware\""],"AngleWare":["misp-galaxy:ransomware=\"AngleWare\""],"AngryDuck Ransomware":["misp-galaxy:ransomware=\"AngryDuck Ransomware\""],"Anony":["misp-galaxy:ransomware=\"Anony\""],"ngocanh":["misp-galaxy:ransomware=\"Anony\""],"Antihacker2017 Ransomware":["misp-galaxy:ransomware=\"Antihacker2017 Ransomware\""],"Antix Ransomware":["misp-galaxy:ransomware=\"Antix Ransomware\""],"Anubis Ransomware":["misp-galaxy:ransomware=\"Anubis Ransomware\""],"Fabiansomeware":["misp-galaxy:ransomware=\"Apocalypse\""],"ApocalypseVM":["misp-galaxy:ransomware=\"ApocalypseVM\""],"Aurora Ransomware":["misp-galaxy:ransomware=\"Aurora Ransomware\""],"Zorro Ransomware":["misp-galaxy:ransomware=\"Aurora Ransomware\""],"AutoLocky":["misp-galaxy:ransomware=\"AutoLocky\""],"AvastVirusinfo Ransomware":["misp-galaxy:ransomware=\"AvastVirusinfo Ransomware\""],"Aw3s0m3Sc0t7":["misp-galaxy:ransomware=\"Aw3s0m3Sc0t7\""],"B2DR Ransomware":["misp-galaxy:ransomware=\"B2DR Ransomware\""],"BTCLocker Ransomware":["misp-galaxy:ransomware=\"BTCLocker Ransomware\""],"BTC Ransomware":["misp-galaxy:ransomware=\"BTCLocker Ransomware\""],"BTCWare Related to \/ new version of CryptXXX":["misp-galaxy:ransomware=\"BTCWare Related to \/ new version of CryptXXX\""],"BTCamant Ransomware":["misp-galaxy:ransomware=\"BTCamant Ransomware\""],"Bad Rabbit":["misp-galaxy:ransomware=\"Bad Rabbit\""],"Bad-Rabbit":["misp-galaxy:ransomware=\"Bad Rabbit\""],"BadBlock":["misp-galaxy:ransomware=\"BadBlock\""],"BadEncript Ransomware":["misp-galaxy:ransomware=\"BadEncript Ransomware\""],"BaksoCrypt":["misp-galaxy:ransomware=\"BaksoCrypt\""],"Bandarchor":["misp-galaxy:ransomware=\"Bandarchor\"","misp-galaxy:ransomware=\"Rakhni\""],"BansomQare Manna Ransomware":["misp-galaxy:ransomware=\"BansomQare Manna Ransomware\""],"BarRax Ransomware":["misp-galaxy:ransomware=\"BarRax Ransomware\""],"BarRaxCrypt Ransomware":["misp-galaxy:ransomware=\"BarRax Ransomware\""],"Barack Obama's Everlasting Blue Blackmail Virus Ransomware":["misp-galaxy:ransomware=\"Barack Obama's Everlasting Blue Blackmail Virus Ransomware\""],"Barack Obama's Blackmail Virus Ransomware":["misp-galaxy:ransomware=\"Barack Obama's Everlasting Blue Blackmail Virus Ransomware\""],"BaCrypt":["misp-galaxy:ransomware=\"Bart\""],"BigBobRoss":["misp-galaxy:ransomware=\"BigBobRoss\""],"BitCryptor":["misp-galaxy:ransomware=\"BitCryptor\""],"BitStak":["misp-galaxy:ransomware=\"BitStak\""],"Black Ruby":["misp-galaxy:ransomware=\"Black Ruby\""],"BlackShades Crypter":["misp-galaxy:ransomware=\"BlackShades Crypter\""],"SilentShade":["misp-galaxy:ransomware=\"BlackShades Crypter\""],"BlackWorm":["misp-galaxy:ransomware=\"BlackWorm\""],"BleedGreen Ransomware":["misp-galaxy:ransomware=\"BleedGreen Ransomware\""],"FireCrypt Ransomware":["misp-galaxy:ransomware=\"BleedGreen Ransomware\""],"Blocatto":["misp-galaxy:ransomware=\"Blocatto\""],"Booyah":["misp-galaxy:ransomware=\"Booyah\"","misp-galaxy:ransomware=\"MM Locker\""],"Salami":["misp-galaxy:ransomware=\"Booyah\""],"BrLock":["misp-galaxy:ransomware=\"BrLock\""],"BrainCrypt Ransomware":["misp-galaxy:ransomware=\"BrainCrypt Ransomware\""],"Brazilian Globe":["misp-galaxy:ransomware=\"Brazilian Globe\""],"Brazilian":["misp-galaxy:ransomware=\"Brazilian\""],"Browlock":["misp-galaxy:ransomware=\"Browlock\""],"Bucbi":["misp-galaxy:ransomware=\"Bucbi\""],"BuyUnlockCode":["misp-galaxy:ransomware=\"BuyUnlockCode\""],"CIA Special Agent 767 Ransomware (FAKE!!!)":["misp-galaxy:ransomware=\"CIA Special Agent 767 Ransomware (FAKE!!!)\""],"CSGO Ransomware":["misp-galaxy:ransomware=\"CSGO Ransomware\""],"CTB-Faker":["misp-galaxy:ransomware=\"CTB-Faker\""],"Citroni":["misp-galaxy:ransomware=\"CTB-Faker\""],"CTB-Locker WEB":["misp-galaxy:ransomware=\"CTB-Locker WEB\""],"CYR-Locker Ransomware (FAKE)":["misp-galaxy:ransomware=\"CYR-Locker Ransomware (FAKE)\""],"Cancer Ransomware FAKE":["misp-galaxy:ransomware=\"Cancer Ransomware FAKE\""],"Cassetto Ransomware":["misp-galaxy:ransomware=\"Cassetto Ransomware\""],"Central Security Treatment Organization":["misp-galaxy:ransomware=\"Central Security Treatment Organization\"","misp-galaxy:ransomware=\"CryLocker\""],"CRBR ENCRYPTOR":["misp-galaxy:ransomware=\"Cerber\""],"CerberTear Ransomware":["misp-galaxy:ransomware=\"CerberTear Ransomware\""],"Chartwig Ransomware":["misp-galaxy:ransomware=\"Chartwig Ransomware\""],"Chimera":["misp-galaxy:ransomware=\"Chimera\""],"Chip Ransomware":["misp-galaxy:ransomware=\"Chip Ransomware\""],"ChipLocker Ransomware":["misp-galaxy:ransomware=\"Chip Ransomware\""],"Click Me Ransomware":["misp-galaxy:ransomware=\"Click Me Ransomware\""],"Clock":["misp-galaxy:ransomware=\"Clock\""],"CloudSword Ransomware":["misp-galaxy:ransomware=\"CloudSword Ransomware\""],"CockBlocker Ransomware":["misp-galaxy:ransomware=\"CockBlocker Ransomware\""],"Code Virus Ransomware ":["misp-galaxy:ransomware=\"Code Virus Ransomware \""],"CoinVault":["misp-galaxy:ransomware=\"CoinVault\""],"CommonRansom":["misp-galaxy:ransomware=\"CommonRansom\""],"Comrade Circle Ransomware":["misp-galaxy:ransomware=\"Comrade Circle Ransomware\""],"ConsoleApplication1 Ransomware":["misp-galaxy:ransomware=\"ConsoleApplication1 Ransomware\""],"Coverton":["misp-galaxy:ransomware=\"Coverton\""],"Criptt0r":["misp-galaxy:ransomware=\"Cr1ptT0r\""],"Cr1pt0r":["misp-galaxy:ransomware=\"Cr1ptT0r\""],"Cripttor":["misp-galaxy:ransomware=\"Cr1ptT0r\""],"CreamPie Ransomware":["misp-galaxy:ransomware=\"CreamPie Ransomware\""],"Crptxxx Ransomware":["misp-galaxy:ransomware=\"Crptxxx Ransomware\""],"CryBrazil":["misp-galaxy:ransomware=\"CryBrazil\""],"CryFile":["misp-galaxy:ransomware=\"CryFile\""],"Cry":["misp-galaxy:ransomware=\"CryLocker\""],"CSTO":["misp-galaxy:ransomware=\"CryLocker\""],"CryPy":["misp-galaxy:ransomware=\"CryPy\""],"Cryaki":["misp-galaxy:ransomware=\"Cryaki\""],"Crybola":["misp-galaxy:ransomware=\"Crybola\""],"CrypMIC":["misp-galaxy:ransomware=\"CrypMIC\""],"Crypren":["misp-galaxy:ransomware=\"Crypren\""],"Crypt0saur":["misp-galaxy:ransomware=\"Crypt0saur\""],"Crypt38":["misp-galaxy:ransomware=\"Crypt38\""],"CryptConsole 2.0 Ransomware":["misp-galaxy:ransomware=\"CryptConsole 2.0 Ransomware\""],"CryptConsole":["misp-galaxy:ransomware=\"CryptConsole\""],"CryptFIle2":["misp-galaxy:ransomware=\"CryptFIle2\""],"CryptInfinite":["misp-galaxy:ransomware=\"CryptInfinite\""],"CryptXXX 2.0":["misp-galaxy:ransomware=\"CryptXXX 2.0\""],"CryptProjectXXX":["misp-galaxy:ransomware=\"CryptXXX 2.0\"","misp-galaxy:ransomware=\"CryptXXX\""],"CryptXXX 3.0":["misp-galaxy:ransomware=\"CryptXXX 3.0\""],"UltraDeCrypter":["misp-galaxy:ransomware=\"CryptXXX 3.0\""],"UltraCrypter":["misp-galaxy:ransomware=\"CryptXXX 3.0\""],"CryptXXX 3.1":["misp-galaxy:ransomware=\"CryptXXX 3.1\""],"CryptXXX":["misp-galaxy:ransomware=\"CryptXXX\""],"Crypter":["misp-galaxy:ransomware=\"Crypter\""],"CryptoBit":["misp-galaxy:ransomware=\"CryptoBit\"","misp-galaxy:ransomware=\"Mobef\""],"CryptoBlock Ransomware ":["misp-galaxy:ransomware=\"CryptoBlock Ransomware \""],"CryptoDefense":["misp-galaxy:ransomware=\"CryptoDefense\""],"CryptoDevil Ransomware":["misp-galaxy:ransomware=\"CryptoDevil Ransomware\""],"CryptoFinancial":["misp-galaxy:ransomware=\"CryptoFinancial\""],"CryptoGraphic Locker":["misp-galaxy:ransomware=\"CryptoGraphic Locker\""],"Manamecrypt":["misp-galaxy:ransomware=\"CryptoHost\""],"Telograph":["misp-galaxy:ransomware=\"CryptoHost\""],"ROI Locker":["misp-galaxy:ransomware=\"CryptoHost\""],"CryptoJacky Ransomware":["misp-galaxy:ransomware=\"CryptoJacky Ransomware\""],"CryptoJoker":["misp-galaxy:ransomware=\"CryptoJoker\""],"CryptoKill Ransomware":["misp-galaxy:ransomware=\"CryptoKill Ransomware\""],"CryptoLocker 1.0.0":["misp-galaxy:ransomware=\"CryptoLocker 1.0.0\""],"CryptoLocker 5.1":["misp-galaxy:ransomware=\"CryptoLocker 5.1\""],"CryptoLocker by NTK Ransomware":["misp-galaxy:ransomware=\"CryptoLocker by NTK Ransomware\""],"CryptoLocker3 Ransomware":["misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\""],"Fake CryptoLocker":["misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\""],"CryptoLuck Ransomware":["misp-galaxy:ransomware=\"CryptoLuck Ransomware\""],"YafunnLocker":["misp-galaxy:ransomware=\"CryptoLuck Ransomware\""],"CryptoMeister Ransomware":["misp-galaxy:ransomware=\"CryptoMeister Ransomware\""],"Zeta":["misp-galaxy:ransomware=\"CryptoMix\""],"CryptoNar":["misp-galaxy:ransomware=\"CryptoNar\""],"CryptoRoger":["misp-galaxy:ransomware=\"CryptoRoger\""],"CryptoShadow":["misp-galaxy:ransomware=\"CryptoShadow\""],"CryptoShield 1.0 Ransomware":["misp-galaxy:ransomware=\"CryptoShield 1.0 Ransomware\""],"CryptoShocker":["misp-galaxy:ransomware=\"CryptoShocker\""],"CryptoSweetTooth Ransomware":["misp-galaxy:ransomware=\"CryptoSweetTooth Ransomware\""],"CryptoTorLocker2015":["misp-galaxy:ransomware=\"CryptoTorLocker2015\""],"CryptoTrooper":["misp-galaxy:ransomware=\"CryptoTrooper\""],"CryptoWall 1":["misp-galaxy:ransomware=\"CryptoWall 1\""],"CryptoWall 2":["misp-galaxy:ransomware=\"CryptoWall 2\""],"CryptoWall 3":["misp-galaxy:ransomware=\"CryptoWall 3\""],"CryptoWall 4":["misp-galaxy:ransomware=\"CryptoWall 4\""],"CryptoWire Ransomeware":["misp-galaxy:ransomware=\"CryptoWire Ransomeware\""],"Crypton Ransomware":["misp-galaxy:ransomware=\"Crypton Ransomware\""],"Nemesis":["misp-galaxy:ransomware=\"Crypton Ransomware\""],"X3M":["misp-galaxy:ransomware=\"Crypton Ransomware\""],"Cryptorium (Fake Ransomware)":["misp-galaxy:ransomware=\"Cryptorium (Fake Ransomware)\""],"Crypute Ransomware":["misp-galaxy:ransomware=\"Crypute Ransomware\""],"m0on Ransomware":["misp-galaxy:ransomware=\"Crypute Ransomware\""],"CuteRansomware":["misp-galaxy:ransomware=\"CuteRansomware\""],"my-Little-Ransomware":["misp-galaxy:ransomware=\"CuteRansomware\""],"Cyber Drill Exercise ":["misp-galaxy:ransomware=\"Cyber Drill Exercise \""],"Ransomuhahawhere":["misp-galaxy:ransomware=\"Cyber Drill Exercise \""],"Cyber SpLiTTer Vbs":["misp-galaxy:ransomware=\"Cyber SpLiTTer Vbs\""],"Cyron":["misp-galaxy:ransomware=\"Cyron\""],"DBGer Ransomware":["misp-galaxy:ransomware=\"DBGer Ransomware\""],"DEDCryptor":["misp-galaxy:ransomware=\"DEDCryptor\""],"DMALocker 3.0":["misp-galaxy:ransomware=\"DMALocker 3.0\""],"DMALocker":["misp-galaxy:ransomware=\"DMALocker\""],"DN":["misp-galaxy:ransomware=\"DN\""],"Fake":["misp-galaxy:ransomware=\"DN\""],"DNRansomware":["misp-galaxy:ransomware=\"DNRansomware\""],"DUMB Ransomware":["misp-galaxy:ransomware=\"DUMB Ransomware\""],"DXXD":["misp-galaxy:ransomware=\"DXXD\""],"Dablio Ransomware":["misp-galaxy:ransomware=\"Dablio Ransomware\""],"Dale Ransomware":["misp-galaxy:ransomware=\"Dale Ransomware\""],"DaleLocker Ransomware":["misp-galaxy:ransomware=\"Dale Ransomware\""],"Damage Ransomware":["misp-galaxy:ransomware=\"Damage Ransomware\""],"Dangerous Ransomware":["misp-galaxy:ransomware=\"Dangerous Ransomware\""],"DeCrypt Protect":["misp-galaxy:ransomware=\"DeCrypt Protect\""],"DeLpHiMoRix":["misp-galaxy:ransomware=\"DeLpHiMoRix\""],"DelphiMorix":["misp-galaxy:ransomware=\"DeLpHiMoRix\""],"Deadly Ransomware":["misp-galaxy:ransomware=\"Deadly Ransomware\""],"Deadly for a Good Purpose Ransomware":["misp-galaxy:ransomware=\"Deadly Ransomware\""],"Death Bitches":["misp-galaxy:ransomware=\"Death Bitches\""],"DecryptFox Ransomware":["misp-galaxy:ransomware=\"DecryptFox Ransomware\""],"Demo":["misp-galaxy:ransomware=\"Demo\""],"DeriaLock Ransomware":["misp-galaxy:ransomware=\"DeriaLock Ransomware\""],"DetoxCrypto":["misp-galaxy:ransomware=\"DetoxCrypto\""],"Dharma Ransomware":["misp-galaxy:ransomware=\"Dharma Ransomware\""],"Digisom":["misp-galaxy:ransomware=\"Digisom\""],"DirtyDecrypt":["misp-galaxy:ransomware=\"DirtyDecrypt\""],"DiskDoctor":["misp-galaxy:ransomware=\"DiskDoctor\""],"Scarab-DiskDoctor":["misp-galaxy:ransomware=\"DiskDoctor\""],"DoNotChange":["misp-galaxy:ransomware=\"DoNotChange\""],"Domino":["misp-galaxy:ransomware=\"Domino\""],"Donald Trump 2 Ransomware":["misp-galaxy:ransomware=\"Donald Trump 2 Ransomware\""],"Donut":["misp-galaxy:ransomware=\"Donut\""],"DotRansomware":["misp-galaxy:ransomware=\"DotRansomware\""],"DummyEncrypter Ransomware":["misp-galaxy:ransomware=\"DummyEncrypter Ransomware\""],"DummyLocker":["misp-galaxy:ransomware=\"DummyLocker\""],"DynA-Crypt Ransomware":["misp-galaxy:ransomware=\"DynA-Crypt Ransomware\""],"DynA CryptoLocker Ransomware":["misp-galaxy:ransomware=\"DynA-Crypt Ransomware\""],"EQ Ransomware":["misp-galaxy:ransomware=\"EQ Ransomware\""],"EdgeLocker":["misp-galaxy:ransomware=\"EdgeLocker\""],"EduCrypt":["misp-galaxy:ransomware=\"EduCrypt\""],"EduCrypter":["misp-galaxy:ransomware=\"EduCrypt\""],"EiTest":["misp-galaxy:ransomware=\"EiTest\""],"El-Polocker":["misp-galaxy:ransomware=\"El-Polocker\""],"Los Pollos Hermanos":["misp-galaxy:ransomware=\"El-Polocker\""],"Encoder.xxxx":["misp-galaxy:ransomware=\"Encoder.xxxx\""],"Trojan.Encoder.6491":["misp-galaxy:ransomware=\"Encoder.xxxx\"","misp-galaxy:ransomware=\"Windows_Security Ransonware\""],"EncrypTile Ransomware":["misp-galaxy:ransomware=\"EncrypTile Ransomware\""],"Encryptss77 Ransomware":["misp-galaxy:ransomware=\"Encryptss77 Ransomware\""],"SFX Monster Ransomware":["misp-galaxy:ransomware=\"Encryptss77 Ransomware\""],"Enigma 2 Ransomware":["misp-galaxy:ransomware=\"Enigma 2 Ransomware\""],"Enigma":["misp-galaxy:ransomware=\"Enigma\""],"Enjey":["misp-galaxy:ransomware=\"Enjey\""],"EnjeyCrypter Ransomware":["misp-galaxy:ransomware=\"EnjeyCrypter Ransomware\""],"EnkripsiPC Ransomware":["misp-galaxy:ransomware=\"EnkripsiPC Ransomware\""],"IDRANSOMv3":["misp-galaxy:ransomware=\"EnkripsiPC Ransomware\""],"EnyBeny Nuclear Ransomware":["misp-galaxy:ransomware=\"EnyBeny Nuclear Ransomware\""],"EnyBenyHorsuke Ransomware":["misp-galaxy:ransomware=\"EnyBenyHorsuke Ransomware\""],"Erebus 2017 Ransomware":["misp-galaxy:ransomware=\"Erebus 2017 Ransomware\""],"Erebus Ransomware":["misp-galaxy:ransomware=\"Erebus Ransomware\""],"Esmeralda Ransomware":["misp-galaxy:ransomware=\"Esmeralda Ransomware\""],"Everbe Ransomware":["misp-galaxy:ransomware=\"Everbe Ransomware\""],"Evil Ransomware":["misp-galaxy:ransomware=\"Evil Ransomware\""],"File0Locked KZ Ransomware":["misp-galaxy:ransomware=\"Evil Ransomware\""],"Exotic Ransomware":["misp-galaxy:ransomware=\"Exotic Ransomware\""],"FILE FROZR":["misp-galaxy:ransomware=\"FILE FROZR\""],"FLKR Ransomware":["misp-galaxy:ransomware=\"FLKR Ransomware\""],"FSociety":["misp-galaxy:ransomware=\"FSociety\""],"FabSysCrypto Ransomware":["misp-galaxy:ransomware=\"FabSysCrypto Ransomware\""],"Fadesoft Ransomware":["misp-galaxy:ransomware=\"Fadesoft Ransomware\""],"Fairware":["misp-galaxy:ransomware=\"Fairware\""],"Fakben":["misp-galaxy:ransomware=\"Fakben\""],"Fake Globe Ransomware":["misp-galaxy:ransomware=\"Fake Globe Ransomware\""],"Globe Imposter":["misp-galaxy:ransomware=\"Fake Globe Ransomware\""],"Fake Locky Ransomware":["misp-galaxy:ransomware=\"Fake Locky Ransomware\""],"Locky Impersonator Ransomware":["misp-galaxy:ransomware=\"Fake Locky Ransomware\""],"FakeCryptoLocker":["misp-galaxy:ransomware=\"FakeCryptoLocker\""],"Fantom":["misp-galaxy:ransomware=\"Fantom\""],"Comrad Circle":["misp-galaxy:ransomware=\"Fantom\""],"FenixLocker":["misp-galaxy:ransomware=\"FenixLocker\""],"File Spider":["misp-galaxy:ransomware=\"File Spider\""],"File-Locker":["misp-galaxy:ransomware=\"File-Locker\""],"FindZip":["misp-galaxy:ransomware=\"FileCoder\""],"FileLocker":["misp-galaxy:ransomware=\"FileLocker\""],"Fileice Ransomware Survey Ransomware":["misp-galaxy:ransomware=\"Fileice Ransomware Survey Ransomware\""],"First":["misp-galaxy:ransomware=\"First\""],"FlatChestWare":["misp-galaxy:ransomware=\"FlatChestWare\""],"Flotera Ransomware":["misp-galaxy:ransomware=\"Flotera Ransomware\""],"Flyper":["misp-galaxy:ransomware=\"Flyper\""],"Fonco":["misp-galaxy:ransomware=\"Fonco\""],"Forma Ransomware":["misp-galaxy:ransomware=\"Forma Ransomware\""],"FortuneCookie ":["misp-galaxy:ransomware=\"FortuneCookie \""],"FortuneCookie":["misp-galaxy:ransomware=\"FortuneCookie\""],"Free-Freedom":["misp-galaxy:ransomware=\"Free-Freedom\""],"Roga":["misp-galaxy:ransomware=\"Free-Freedom\"","misp-galaxy:ransomware=\"Roga\""],"Fs0ciety Locker Ransomware":["misp-galaxy:ransomware=\"Fs0ciety Locker Ransomware\""],"FuckSociety Ransomware":["misp-galaxy:ransomware=\"FuckSociety Ransomware\""],"FunFact Ransomware":["misp-galaxy:ransomware=\"FunFact Ransomware\""],"Fury":["misp-galaxy:ransomware=\"Fury\""],"Fusob":["misp-galaxy:ransomware=\"Fusob\""],"GC47 Ransomware":["misp-galaxy:ransomware=\"GC47 Ransomware\""],"GG Ransomware":["misp-galaxy:ransomware=\"GG Ransomware\""],"GNL Locker":["misp-galaxy:ransomware=\"GNL Locker\"","misp-galaxy:ransomware=\"Zyklon\""],"GOG Ransomware":["misp-galaxy:ransomware=\"GOG Ransomware\""],"GandCrab":["misp-galaxy:ransomware=\"GandCrab\""],"GarryWeber Ransomware":["misp-galaxy:ransomware=\"GarryWeber Ransomware\""],"Gerber Ransomware 1.0":["misp-galaxy:ransomware=\"Gerber Ransomware 1.0\""],"Gerber Ransomware 3.0":["misp-galaxy:ransomware=\"Gerber Ransomware 3.0\""],"GetCrypt":["misp-galaxy:ransomware=\"GetCrypt\""],"GhostCrypt":["misp-galaxy:ransomware=\"GhostCrypt\""],"Gingerbread":["misp-galaxy:ransomware=\"Gingerbread\""],"Globe v1":["misp-galaxy:ransomware=\"Globe v1\""],"Purge":["misp-galaxy:ransomware=\"Globe v1\""],"Globe2 Ransomware":["misp-galaxy:ransomware=\"Globe2 Ransomware\""],"Purge Ransomware":["misp-galaxy:ransomware=\"Globe2 Ransomware\"","misp-galaxy:ransomware=\"Globe3 Ransomware\""],"Globe3 Ransomware":["misp-galaxy:ransomware=\"Globe3 Ransomware\""],"God Crypt Joke Ransomware":["misp-galaxy:ransomware=\"God Crypt Joke Ransomware\""],"Godsomware v1.0":["misp-galaxy:ransomware=\"God Crypt Joke Ransomware\""],"Ransomware God Crypt":["misp-galaxy:ransomware=\"God Crypt Joke Ransomware\""],"GoldenEye Ransomware":["misp-galaxy:ransomware=\"GoldenEye Ransomware\""],"Gomasom":["misp-galaxy:ransomware=\"Gomasom\""],"Goopic":["misp-galaxy:ransomware=\"Goopic\""],"Gopher":["misp-galaxy:ransomware=\"Gopher\""],"Gremit Ransomware":["misp-galaxy:ransomware=\"Gremit Ransomware\""],"Guster Ransomware":["misp-galaxy:ransomware=\"Guster Ransomware\""],"HC6":["misp-galaxy:ransomware=\"HC6\""],"HC7":["misp-galaxy:ransomware=\"HC7\""],"HPE iLO 4 Ransomware":["misp-galaxy:ransomware=\"HPE iLO 4 Ransomware\""],"HTCryptor":["misp-galaxy:ransomware=\"HTCryptor\""],"Hacked":["misp-galaxy:ransomware=\"Hacked\""],"HackedLocker Ransomware":["misp-galaxy:ransomware=\"HackedLocker Ransomware\""],"Halloware":["misp-galaxy:ransomware=\"Halloware\""],"HappyDayzz":["misp-galaxy:ransomware=\"HappyDayzz\""],"Harasom":["misp-galaxy:ransomware=\"Harasom\""],"Havoc":["misp-galaxy:ransomware=\"Havoc\""],"HavocCrypt Ransomware":["misp-galaxy:ransomware=\"Havoc\""],"Haxerboi Ransomware":["misp-galaxy:ransomware=\"Haxerboi Ransomware\""],"Heimdall":["misp-galaxy:ransomware=\"Heimdall\""],"Help_dcfile":["misp-galaxy:ransomware=\"Help_dcfile\""],"Hi Buddy!":["misp-galaxy:ransomware=\"Hi Buddy!\""],"Cryptear":["misp-galaxy:ransomware=\"HiddenTear\""],"Hidden Tear":["misp-galaxy:ransomware=\"HiddenTear\""],"Hitler":["misp-galaxy:ransomware=\"Hitler\""],"Hollycrypt Ransomware":["misp-galaxy:ransomware=\"Hollycrypt Ransomware\""],"HolyCrypt":["misp-galaxy:ransomware=\"HolyCrypt\""],"Hucky Ransomware":["misp-galaxy:ransomware=\"Hucky Ransomware\""],"Hungarian Locky Ransomware":["misp-galaxy:ransomware=\"Hucky Ransomware\""],"HugeMe Ransomware":["misp-galaxy:ransomware=\"HugeMe Ransomware\""],"HydraCrypt":["misp-galaxy:ransomware=\"HydraCrypt\""],"IFN643 Ransomware":["misp-galaxy:ransomware=\"IFN643 Ransomware\""],"International Police Association":["misp-galaxy:ransomware=\"International Police Association\""],"Iron":["misp-galaxy:ransomware=\"Iron\""],"Ishtar Ransomware":["misp-galaxy:ransomware=\"Ishtar Ransomware\""],"JackPot Ransomware":["misp-galaxy:ransomware=\"JackPot Ransomware\""],"Jack.Pot Ransomware":["misp-galaxy:ransomware=\"JackPot Ransomware\""],"JagerDecryptor":["misp-galaxy:ransomware=\"JagerDecryptor\""],"JapanLocker Ransomware":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"SHC Ransomware":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"SHCLocker":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"SyNcryption":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"Jeff the Ransomware":["misp-galaxy:ransomware=\"Jeff the Ransomware\""],"Jeiphoos":["misp-galaxy:ransomware=\"Jeiphoos\""],"Encryptor RaaS":["misp-galaxy:ransomware=\"Jeiphoos\""],"Sarento":["misp-galaxy:ransomware=\"Jeiphoos\""],"Jhon Woddy":["misp-galaxy:ransomware=\"Jhon Woddy\""],"CryptoHitMan":["misp-galaxy:ransomware=\"Jigsaw\""],"Job Crypter":["misp-galaxy:ransomware=\"Job Crypter\""],"JohnyCryptor":["misp-galaxy:ransomware=\"JohnyCryptor\""],"Jokeroo":["misp-galaxy:ransomware=\"Jokeroo\""],"Fake GandCrab":["misp-galaxy:ransomware=\"Jokeroo\""],"JungleSec":["misp-galaxy:ransomware=\"JungleSec\""],"KEYHolder":["misp-galaxy:ransomware=\"KEYHolder\""],"KEYPASS":["misp-galaxy:ransomware=\"KEYPASS\""],"KRider Ransomware":["misp-galaxy:ransomware=\"KRider Ransomware\""],"Kaandsona Ransomware":["misp-galaxy:ransomware=\"Kaandsona Ransomware\""],"RansomTroll Ransomware":["misp-galaxy:ransomware=\"Kaandsona Ransomware\""],"K\u00e4\u00e4nds\u00f5na Ransomware":["misp-galaxy:ransomware=\"Kaandsona Ransomware\""],"Kaenlupuf Ransomware":["misp-galaxy:ransomware=\"Kaenlupuf Ransomware\""],"Kangaroo Ransomware":["misp-galaxy:ransomware=\"Kangaroo Ransomware\""],"Kappa":["misp-galaxy:ransomware=\"Kappa\""],"Karma Ransomware":["misp-galaxy:ransomware=\"Karma Ransomware\""],"Karmen Ransomware":["misp-galaxy:ransomware=\"Karmen Ransomware\""],"Kasiski Ransomware":["misp-galaxy:ransomware=\"Kasiski Ransomware\""],"KawaiiLocker":["misp-galaxy:ransomware=\"KawaiiLocker\""],"KeyBTC":["misp-galaxy:ransomware=\"KeyBTC\""],"KillDisk Ransomware":["misp-galaxy:ransomware=\"KillDisk Ransomware\""],"KillerLocker":["misp-galaxy:ransomware=\"KillerLocker\""],"KimcilWare":["misp-galaxy:ransomware=\"KimcilWare\""],"Kirk Ransomware & Spock Decryptor":["misp-galaxy:ransomware=\"Kirk Ransomware & Spock Decryptor\""],"KoKoKrypt Ransomware":["misp-galaxy:ransomware=\"KoKoKrypt Ransomware\""],"KokoLocker Ransomware":["misp-galaxy:ransomware=\"KoKoKrypt Ransomware\""],"Kolobo Ransomware":["misp-galaxy:ransomware=\"Kolobo Ransomware\""],"Kolobocheg Ransomware":["misp-galaxy:ransomware=\"Kolobo Ransomware\""],"Koolova Ransomware":["misp-galaxy:ransomware=\"Koolova Ransomware\""],"Korean":["misp-galaxy:ransomware=\"Korean\""],"Kostya Ransomware":["misp-galaxy:ransomware=\"Kostya Ransomware\""],"Kozy.Jozy":["misp-galaxy:ransomware=\"Kozy.Jozy\""],"QC":["misp-galaxy:ransomware=\"Kozy.Jozy\""],"Kraken Cryptor Ransomware":["misp-galaxy:ransomware=\"Kraken Cryptor Ransomware\""],"Kraken Ransomware":["misp-galaxy:ransomware=\"Kraken Ransomware\""],"KratosCrypt":["misp-galaxy:ransomware=\"KratosCrypt\""],"KryptoLocker":["misp-galaxy:ransomware=\"KryptoLocker\""],"L33TAF Locker Ransomware":["misp-galaxy:ransomware=\"L33TAF Locker Ransomware\""],"LK Encryption":["misp-galaxy:ransomware=\"LK Encryption\""],"LLTP Locker":["misp-galaxy:ransomware=\"LLTP Locker\""],"LambdaLocker Ransomware":["misp-galaxy:ransomware=\"LambdaLocker Ransomware\""],"LanRan":["misp-galaxy:ransomware=\"LanRan\""],"LeChiffre":["misp-galaxy:ransomware=\"LeChiffre\""],"Lick":["misp-galaxy:ransomware=\"Lick\""],"Linux.Encoder":["misp-galaxy:ransomware=\"Linux.Encoder\""],"Linux.Encoder.{0,3}":["misp-galaxy:ransomware=\"Linux.Encoder\""],"Lock2017 Ransomware":["misp-galaxy:ransomware=\"Lock2017 Ransomware\""],"Lock93 Ransomware":["misp-galaxy:ransomware=\"Lock93 Ransomware\""],"LockCrypt":["misp-galaxy:ransomware=\"LockCrypt\""],"LockLock":["misp-galaxy:ransomware=\"LockLock\""],"Locked-In Ransomware or NoValid Ransomware":["misp-galaxy:ransomware=\"Locked-In Ransomware or NoValid Ransomware\""],"Locker":["misp-galaxy:ransomware=\"Locker\""],"Lomix Ransomware":["misp-galaxy:ransomware=\"Lomix Ransomware\""],"Lortok":["misp-galaxy:ransomware=\"Lortok\""],"LoveLock Ransomware or Love2Lock Ransomware":["misp-galaxy:ransomware=\"LoveLock Ransomware or Love2Lock Ransomware\""],"LoveServer Ransomware ":["misp-galaxy:ransomware=\"LoveServer Ransomware \""],"LowLevel04":["misp-galaxy:ransomware=\"LowLevel04\""],"M4N1F3STO Ransomware (FAKE!!!!!)":["misp-galaxy:ransomware=\"M4N1F3STO Ransomware (FAKE!!!!!)\""],"M4N1F3STO":["misp-galaxy:ransomware=\"M4N1F3STO\""],"M@r1a ransomware":["misp-galaxy:ransomware=\"M@r1a ransomware\""],"M@r1a":["misp-galaxy:ransomware=\"M@r1a ransomware\""],"BlackHeart":["misp-galaxy:ransomware=\"M@r1a ransomware\""],"MC Ransomware":["misp-galaxy:ransomware=\"MC Ransomware\""],"MIRCOP":["misp-galaxy:ransomware=\"MIRCOP\""],"Crypt888":["misp-galaxy:ransomware=\"MIRCOP\""],"MM Locker":["misp-galaxy:ransomware=\"MM Locker\""],"MOTD Ransomware":["misp-galaxy:ransomware=\"MOTD Ransomware\""],"MSN CryptoLocker Ransomware":["misp-galaxy:ransomware=\"MSN CryptoLocker Ransomware\""],"MVP Ransomware":["misp-galaxy:ransomware=\"MVP Ransomware\""],"Mabouia":["misp-galaxy:ransomware=\"Mabouia\""],"MacAndChess":["misp-galaxy:ransomware=\"MacAndChess\""],"MafiaWare Ransomware":["misp-galaxy:ransomware=\"MafiaWare Ransomware\""],"Depsex Ransomware":["misp-galaxy:ransomware=\"MafiaWare Ransomware\""],"Magic":["misp-galaxy:ransomware=\"Magic\""],"Magniber Ransomware":["misp-galaxy:ransomware=\"Magniber Ransomware\""],"MaktubLocker":["misp-galaxy:ransomware=\"MaktubLocker\""],"Manifestus Ransomware ":["misp-galaxy:ransomware=\"Manifestus Ransomware \""],"Marlboro Ransomware":["misp-galaxy:ransomware=\"Marlboro Ransomware\""],"MarsJoke":["misp-galaxy:ransomware=\"MarsJoke\""],"MasterBuster Ransomware":["misp-galaxy:ransomware=\"MasterBuster Ransomware\""],"Matrix":["misp-galaxy:ransomware=\"Matrix\""],"Malta Ransomware":["misp-galaxy:ransomware=\"Matrix\""],"Matrix Ransomware":["misp-galaxy:ransomware=\"Matrix\""],"Meister":["misp-galaxy:ransomware=\"Meister\""],"Mercury Ransomware":["misp-galaxy:ransomware=\"Mercury Ransomware\""],"Merry Christmas":["misp-galaxy:ransomware=\"Merry Christmas\""],"Merry X-Mas":["misp-galaxy:ransomware=\"Merry Christmas\""],"MRCR":["misp-galaxy:ransomware=\"Merry Christmas\""],"Meteoritan":["misp-galaxy:ransomware=\"Meteoritan\""],"MireWare":["misp-galaxy:ransomware=\"MireWare\""],"Mischa":["misp-galaxy:ransomware=\"Mischa\""],"\"Petya's little brother\"":["misp-galaxy:ransomware=\"Mischa\""],"Mobef":["misp-galaxy:ransomware=\"Mobef\""],"Yakes":["misp-galaxy:ransomware=\"Mobef\""],"Mongo Lock":["misp-galaxy:ransomware=\"Mongo Lock\""],"Monument":["misp-galaxy:ransomware=\"Monument\""],"N-Splitter":["misp-galaxy:ransomware=\"N-Splitter\""],"NCrypt Ransomware":["misp-galaxy:ransomware=\"NCrypt Ransomware\""],"NMCRYPT Ransomware":["misp-galaxy:ransomware=\"NMCRYPT Ransomware\""],"NMoreia 2.0 Ransomware":["misp-galaxy:ransomware=\"NMoreia 2.0 Ransomware\""],"HakunaMatataRansomware":["misp-galaxy:ransomware=\"NMoreia 2.0 Ransomware\""],"NMoreira Ransomware":["misp-galaxy:ransomware=\"NMoreira Ransomware\""],"Fake Maktub Ransomware":["misp-galaxy:ransomware=\"NMoreira Ransomware\""],"NMoreira":["misp-galaxy:ransomware=\"NMoreira\""],"XRatTeam":["misp-galaxy:ransomware=\"NMoreira\""],"XPan":["misp-galaxy:ransomware=\"NMoreira\""],"Nagini Ransomware":["misp-galaxy:ransomware=\"Nagini Ransomware\""],"Voldemort Ransomware":["misp-galaxy:ransomware=\"Nagini Ransomware\""],"NemeS1S Ransomware":["misp-galaxy:ransomware=\"NemeS1S Ransomware\""],"Nemesis Ransomware":["misp-galaxy:ransomware=\"Nemesis Ransomware\""],"Nemucod":["misp-galaxy:ransomware=\"Nemucod\""],"Netflix Ransomware":["misp-galaxy:ransomware=\"Netflix Ransomware\""],"Netix":["misp-galaxy:ransomware=\"Netix\""],"RANSOM_NETIX.A":["misp-galaxy:ransomware=\"Netix\""],"Nhtnwcuf Ransomware (Fake)":["misp-galaxy:ransomware=\"Nhtnwcuf Ransomware (Fake)\""],"Nhtnwcuf":["misp-galaxy:ransomware=\"Nhtnwcuf\""],"NoobCrypt":["misp-galaxy:ransomware=\"NoobCrypt\""],"Nuke":["misp-galaxy:ransomware=\"Nuke\""],"Nullbyte":["misp-galaxy:ransomware=\"Nullbyte\""],"ODCODC":["misp-galaxy:ransomware=\"ODCODC\""],"OMG! Ransomware":["misp-galaxy:ransomware=\"OMG! Ransomware\""],"ONYX Ransomeware":["misp-galaxy:ransomware=\"ONYX Ransomeware\""],"OXAR":["misp-galaxy:ransomware=\"OXAR\""],"Ocelot Ransomware (FAKE RANSOMWARE)":["misp-galaxy:ransomware=\"Ocelot Ransomware (FAKE RANSOMWARE)\""],"Ocelot Locker Ransomware":["misp-galaxy:ransomware=\"Ocelot Ransomware (FAKE RANSOMWARE)\""],"Offline ransomware":["misp-galaxy:ransomware=\"Offline ransomware\""],"Vipasana":["misp-galaxy:ransomware=\"Offline ransomware\""],"Operation Global III":["misp-galaxy:ransomware=\"Operation Global III\""],"Outsider":["misp-galaxy:ransomware=\"Outsider\""],"Owl":["misp-galaxy:ransomware=\"Owl\""],"OzozaLocker Ransomware":["misp-galaxy:ransomware=\"OzozaLocker Ransomware\""],"PClock3 Ransomware":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"PClock SuppTeam Ransomware":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"WinPlock":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"CryptoLocker clone":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"PClock4 Ransomware":["misp-galaxy:ransomware=\"PClock4 Ransomware\""],"PClock SysGop Ransomware":["misp-galaxy:ransomware=\"PClock4 Ransomware\""],"PGPSnippet Ransomware":["misp-galaxy:ransomware=\"PGPSnippet Ransomware\""],"PICO Ransomware":["misp-galaxy:ransomware=\"PICO Ransomware\""],"Pico Ransomware":["misp-galaxy:ransomware=\"PICO Ransomware\""],"PRISM":["misp-galaxy:ransomware=\"PRISM\""],"PUBG Ransomware":["misp-galaxy:ransomware=\"PUBG Ransomware\""],"Padlock Screenlocker":["misp-galaxy:ransomware=\"Padlock Screenlocker\""],"Paradise Ransomware":["misp-galaxy:ransomware=\"Paradise Ransomware\""],"PayDOS Ransomware":["misp-galaxy:ransomware=\"PayDOS Ransomware\""],"Serpent Ransomware":["misp-galaxy:ransomware=\"PayDOS Ransomware\""],"PayDay Ransomware ":["misp-galaxy:ransomware=\"PayDay Ransomware \""],"PaySafeGen (German) Ransomware":["misp-galaxy:ransomware=\"PaySafeGen (German) Ransomware\""],"Paysafecard Generator 2016":["misp-galaxy:ransomware=\"PaySafeGen (German) Ransomware\""],"Pedcont":["misp-galaxy:ransomware=\"Pedcont\""],"PetrWrap Ransomware":["misp-galaxy:ransomware=\"PetrWrap Ransomware\""],"Goldeneye":["misp-galaxy:ransomware=\"Petya\""],"Philadelphia":["misp-galaxy:ransomware=\"Philadelphia\""],"Phobos":["misp-galaxy:ransomware=\"Phobos\""],"PicklesRansomware":["misp-galaxy:ransomware=\"PicklesRansomware\""],"PizzaCrypts":["misp-galaxy:ransomware=\"PizzaCrypts\""],"Planetary":["misp-galaxy:ransomware=\"Planetary\""],"PleaseRead Ransomware":["misp-galaxy:ransomware=\"PleaseRead Ransomware\""],"VHDLocker Ransomware":["misp-galaxy:ransomware=\"PleaseRead Ransomware\""],"PokemonGO":["misp-galaxy:ransomware=\"PokemonGO\""],"Polski Ransomware":["misp-galaxy:ransomware=\"Polski Ransomware\""],"PopCorn Time Ransomware":["misp-galaxy:ransomware=\"PopCorn Time Ransomware\""],"Potato Ransomware":["misp-galaxy:ransomware=\"Potato Ransomware\""],"PoshCoder":["misp-galaxy:ransomware=\"PowerWare\""],"PowerWorm":["misp-galaxy:ransomware=\"PowerWorm\""],"Princess Evolution":["misp-galaxy:ransomware=\"Princess Evolution\""],"Princess Locker":["misp-galaxy:ransomware=\"Princess Locker\""],"Project34 Ransomware":["misp-galaxy:ransomware=\"Project34 Ransomware\""],"ProposalCrypt Ransomware":["misp-galaxy:ransomware=\"ProposalCrypt Ransomware\""],"Ps2exe":["misp-galaxy:ransomware=\"Ps2exe\""],"PyCL Ransomware":["misp-galaxy:ransomware=\"PyCL Ransomware\""],"PyL33T Ransomware":["misp-galaxy:ransomware=\"PyL33T Ransomware\""],"Qwerty Ransomware":["misp-galaxy:ransomware=\"Qwerty Ransomware\""],"R":["misp-galaxy:ransomware=\"R\""],"R980":["misp-galaxy:ransomware=\"R980\""],"RAA encryptor":["misp-galaxy:ransomware=\"RAA encryptor\""],"RAA":["misp-galaxy:ransomware=\"RAA encryptor\""],"RASTAKHIZ":["misp-galaxy:ransomware=\"RASTAKHIZ\""],"RIP (Phoenix) Ransomware":["misp-galaxy:ransomware=\"RIP (Phoenix) Ransomware\""],"RSAUtil":["misp-galaxy:ransomware=\"RSAUtil\""],"Vagger":["misp-galaxy:ransomware=\"RSAUtil\""],"DONTSLIP":["misp-galaxy:ransomware=\"RSAUtil\""],"Rabion":["misp-galaxy:ransomware=\"Rabion\""],"Agent.iih":["misp-galaxy:ransomware=\"Rakhni\""],"Aura":["misp-galaxy:ransomware=\"Rakhni\""],"Autoit":["misp-galaxy:ransomware=\"Rakhni\""],"Pletor":["misp-galaxy:ransomware=\"Rakhni\""],"Lamer":["misp-galaxy:ransomware=\"Rakhni\""],"Isda":["misp-galaxy:ransomware=\"Rakhni\""],"Cryptokluchen":["misp-galaxy:ransomware=\"Rakhni\""],"Ramsomeer":["misp-galaxy:ransomware=\"Ramsomeer\""],"RanRan":["misp-galaxy:ransomware=\"RanRan\""],"Ranion RaasRansomware":["misp-galaxy:ransomware=\"Ranion RaasRansomware\""],"Rannoh":["misp-galaxy:ransomware=\"Rannoh\""],"Ransom32":["misp-galaxy:ransomware=\"Ransom32\""],"RansomLock":["misp-galaxy:ransomware=\"RansomLock\""],"RansomPlus":["misp-galaxy:ransomware=\"RansomPlus\""],"RarVault":["misp-galaxy:ransomware=\"RarVault\""],"Razy":["misp-galaxy:ransomware=\"Razy\""],"Rector":["misp-galaxy:ransomware=\"Rector\""],"RedAnts Ransomware":["misp-galaxy:ransomware=\"RedAnts Ransomware\""],"RedEye":["misp-galaxy:ransomware=\"RedEye\""],"RektLocker":["misp-galaxy:ransomware=\"RektLocker\""],"Rektware":["misp-galaxy:ransomware=\"Rektware\""],"RemindMe":["misp-galaxy:ransomware=\"RemindMe\""],"RenLocker Ransomware (FAKE)":["misp-galaxy:ransomware=\"RenLocker Ransomware (FAKE)\""],"Revenge Ransomware":["misp-galaxy:ransomware=\"Revenge Ransomware\""],"Reveton ransomware":["misp-galaxy:ransomware=\"Reveton ransomware\""],"RoshaLock":["misp-galaxy:ransomware=\"RoshaLock\""],"RotorCrypt(RotoCrypt, Tar) Ransomware":["misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"Tar Ransomware":["misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"RozaLocker Ransomware":["misp-galaxy:ransomware=\"RozaLocker Ransomware\""],"Runsomewere":["misp-galaxy:ransomware=\"Runsomewere\""],"Russian Globe Ransomware":["misp-galaxy:ransomware=\"Russian Globe Ransomware\""],"RussianRoulette":["misp-galaxy:ransomware=\"RussianRoulette\""],"Ryuk ransomware":["misp-galaxy:ransomware=\"Ryuk ransomware\""],"SADStory":["misp-galaxy:ransomware=\"SADStory\""],"SAVEfiles":["misp-galaxy:ransomware=\"SAVEfiles\""],"SNSLocker":["misp-galaxy:ransomware=\"SNSLocker\""],"SOREBRECT":["misp-galaxy:ransomware=\"SOREBRECT\""],"SQ_ Ransomware":["misp-galaxy:ransomware=\"SQ_ Ransomware\""],"VO_ Ransomware":["misp-galaxy:ransomware=\"SQ_ Ransomware\""],"SZFLocker":["misp-galaxy:ransomware=\"SZFLocker\""],"Sage 2.0 Ransomware":["misp-galaxy:ransomware=\"Sage 2.0 Ransomware\""],"Sage 2.2":["misp-galaxy:ransomware=\"Sage 2.2\""],"Sage Ransomware":["misp-galaxy:ransomware=\"Sage Ransomware\""],"Samas-Samsam":["misp-galaxy:ransomware=\"Samas-Samsam\""],"samsam.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"MIKOPONI.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"RikiRafael.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"showmehowto.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"SamSam Ransomware":["misp-galaxy:ransomware=\"Samas-Samsam\""],"Samsam":["misp-galaxy:ransomware=\"Samas-Samsam\""],"Sanction":["misp-galaxy:ransomware=\"Sanction\""],"Sanctions":["misp-galaxy:ransomware=\"Sanctions\""],"Sardoninir":["misp-galaxy:ransomware=\"Sardoninir\""],"Satan666 Ransomware":["misp-galaxy:ransomware=\"Satan666 Ransomware\""],"Scarab":["misp-galaxy:ransomware=\"Scarab\""],"Scraper":["misp-galaxy:ransomware=\"Scraper\""],"Seoirse Ransomware":["misp-galaxy:ransomware=\"Seoirse Ransomware\""],"SerbRansom 2017 Ransomware":["misp-galaxy:ransomware=\"SerbRansom 2017 Ransomware\""],"Serpent 2017 Ransomware":["misp-galaxy:ransomware=\"Serpent 2017 Ransomware\""],"Serpent Danish Ransomware":["misp-galaxy:ransomware=\"Serpent 2017 Ransomware\""],"Shark":["misp-galaxy:ransomware=\"Shark\"","misp-galaxy:rat=\"SharK\""],"Atom":["misp-galaxy:ransomware=\"Shark\""],"ShellLocker Ransomware":["misp-galaxy:ransomware=\"ShellLocker Ransomware\""],"ShinoLocker":["misp-galaxy:ransomware=\"ShinoLocker\""],"KinCrypt":["misp-galaxy:ransomware=\"Shujin\""],"ShurL0ckr":["misp-galaxy:ransomware=\"ShurL0ckr\""],"Sigma Ransomware":["misp-galaxy:ransomware=\"Sigma Ransomware\""],"Sigrun Ransomware":["misp-galaxy:ransomware=\"Sigrun Ransomware\""],"Simple_Encoder":["misp-galaxy:ransomware=\"Simple_Encoder\""],"SkidLocker":["misp-galaxy:ransomware=\"SkidLocker\""],"Pompous":["misp-galaxy:ransomware=\"SkidLocker\""],"SkyFile":["misp-galaxy:ransomware=\"SkyFile\""],"SkyName Ransomware":["misp-galaxy:ransomware=\"SkyName Ransomware\""],"Blablabla Ransomware":["misp-galaxy:ransomware=\"SkyName Ransomware\""],"Slimhem Ransomware":["misp-galaxy:ransomware=\"Slimhem Ransomware\""],"Smash!":["misp-galaxy:ransomware=\"Smash!\""],"Smrss32":["misp-galaxy:ransomware=\"Smrss32\""],"Sodinokibi":["misp-galaxy:ransomware=\"Sodinokibi\""],"Spartacus Ransomware":["misp-galaxy:ransomware=\"Spartacus Ransomware\""],"Spora Ransomware":["misp-galaxy:ransomware=\"Spora Ransomware\""],"Sport":["misp-galaxy:ransomware=\"Sport\"","misp-galaxy:sector=\"Sport\""],"Stampado":["misp-galaxy:ransomware=\"Stampado\""],"StorageCrypt":["misp-galaxy:ransomware=\"StorageCrypt\""],"StorageCrypter":["misp-galaxy:ransomware=\"StorageCrypter\""],"Strictor":["misp-galaxy:ransomware=\"Strictor\""],"SuchSecurity Ransomware":["misp-galaxy:ransomware=\"SuchSecurity Ransomware\""],"SureRansom Ransomeware (Fake)":["misp-galaxy:ransomware=\"SureRansom Ransomeware (Fake)\""],"Surprise":["misp-galaxy:ransomware=\"Surprise\""],"Survey":["misp-galaxy:ransomware=\"Survey\""],"Syn Ack":["misp-galaxy:ransomware=\"SynAck\""],"SynoLocker":["misp-galaxy:ransomware=\"SynoLocker\""],"TYRANT":["misp-galaxy:ransomware=\"TYRANT\""],"Crypto Tyrant":["misp-galaxy:ransomware=\"TYRANT\""],"TeamXrat":["misp-galaxy:ransomware=\"TeamXrat\""],"Telecrypt Ransomware":["misp-galaxy:ransomware=\"Telecrypt Ransomware\""],"Tellyouthepass":["misp-galaxy:ransomware=\"Tellyouthepass\""],"Termite Ransomware":["misp-galaxy:ransomware=\"Termite Ransomware\""],"TeslaCrypt 0.x - 2.2.0":["misp-galaxy:ransomware=\"TeslaCrypt 0.x - 2.2.0\""],"AlphaCrypt":["misp-galaxy:ransomware=\"TeslaCrypt 0.x - 2.2.0\""],"TeslaCrypt 3.0+":["misp-galaxy:ransomware=\"TeslaCrypt 3.0+\""],"TeslaCrypt 4.1A":["misp-galaxy:ransomware=\"TeslaCrypt 4.1A\""],"TeslaCrypt 4.2":["misp-galaxy:ransomware=\"TeslaCrypt 4.2\""],"Thanksgiving Ransomware":["misp-galaxy:ransomware=\"Thanksgiving Ransomware\""],"Threat Finder":["misp-galaxy:ransomware=\"Threat Finder\""],"Crypt0L0cker":["misp-galaxy:ransomware=\"TorrentLocker\""],"Teerac":["misp-galaxy:ransomware=\"TorrentLocker\""],"TowerWeb":["misp-galaxy:ransomware=\"TowerWeb\""],"Toxcrypt":["misp-galaxy:ransomware=\"Toxcrypt\""],"Trojan Dz":["misp-galaxy:ransomware=\"Trojan Dz\""],"Trojan":["misp-galaxy:ransomware=\"Trojan\""],"BrainCrypt":["misp-galaxy:ransomware=\"Trojan\""],"Troldesh orShade, XTBL":["misp-galaxy:ransomware=\"Troldesh orShade, XTBL\""],"Tron ransomware":["misp-galaxy:ransomware=\"Tron ransomware\""],"TrueCrypter":["misp-galaxy:ransomware=\"TrueCrypter\""],"TrumpLocker Ransomware":["misp-galaxy:ransomware=\"TrumpLocker Ransomware\""],"Turkish FileEncryptor Ransomware":["misp-galaxy:ransomware=\"Turkish FileEncryptor Ransomware\""],"Fake CTB-Locker":["misp-galaxy:ransomware=\"Turkish FileEncryptor Ransomware\""],"Turkish Ransom":["misp-galaxy:ransomware=\"Turkish Ransom\""],"Turkish":["misp-galaxy:ransomware=\"Turkish\""],"Uiwix Ransomware":["misp-galaxy:ransomware=\"Uiwix Ransomware\""],"UltraLocker Ransomware":["misp-galaxy:ransomware=\"UltraLocker Ransomware\""],"UmbreCrypt":["misp-galaxy:ransomware=\"UmbreCrypt\""],"UnblockUPC":["misp-galaxy:ransomware=\"UnblockUPC\""],"Ungluk":["misp-galaxy:ransomware=\"Ungluk\""],"Unlock26 Ransomware":["misp-galaxy:ransomware=\"Unlock26 Ransomware\""],"Unlock92 ":["misp-galaxy:ransomware=\"Unlock92 \""],"Unnamed Android Ransomware":["misp-galaxy:ransomware=\"Unnamed Android Ransomware\""],"Unnamed ramsomware 1":["misp-galaxy:ransomware=\"Unnamed ramsomware 1\""],"Unnamed ramsomware 2":["misp-galaxy:ransomware=\"Unnamed ramsomware 2\""],"UpdateHost Ransomware":["misp-galaxy:ransomware=\"UpdateHost Ransomware\""],"UserFilesLocker Ransomware":["misp-galaxy:ransomware=\"UserFilesLocker Ransomware\""],"CzechoSlovak Ransomware":["misp-galaxy:ransomware=\"UserFilesLocker Ransomware\""],"V8Locker Ransomware":["misp-galaxy:ransomware=\"V8Locker Ransomware\""],"VBRANSOM 7":["misp-galaxy:ransomware=\"VBRANSOM 7\""],"Vanguard Ransomware":["misp-galaxy:ransomware=\"Vanguard Ransomware\""],"VapeLauncher":["misp-galaxy:ransomware=\"VapeLauncher\""],"Vapor Ransomware":["misp-galaxy:ransomware=\"Vapor Ransomware\""],"VaultCrypt":["misp-galaxy:ransomware=\"VaultCrypt\"","misp-galaxy:ransomware=\"Zlader\""],"CrypVault":["misp-galaxy:ransomware=\"VaultCrypt\"","misp-galaxy:ransomware=\"Zlader\""],"Zlader":["misp-galaxy:ransomware=\"VaultCrypt\"","misp-galaxy:ransomware=\"Zlader\""],"Venis Ransomware":["misp-galaxy:ransomware=\"Venis Ransomware\""],"VenusLocker":["misp-galaxy:ransomware=\"VenusLocker\""],"VindowsLocker Ransomware":["misp-galaxy:ransomware=\"VindowsLocker Ransomware\""],"Virlock":["misp-galaxy:ransomware=\"Virlock\""],"Virus-Encoder":["misp-galaxy:ransomware=\"Virus-Encoder\""],"CrySiS":["misp-galaxy:ransomware=\"Virus-Encoder\""],"Vortex Ransomware":["misp-galaxy:ransomware=\"Vortex Ransomware\""],"\u0166l\u0e4ft\u0454\u0433\u0e04 \u0433\u0e04\u0e20\u0e23\u0e4f\u0e53\u0e2c\u0e04\u0433\u0454":["misp-galaxy:ransomware=\"Vortex Ransomware\""],"Vurten":["misp-galaxy:ransomware=\"Vurten\""],"VxLock Ransomware":["misp-galaxy:ransomware=\"VxLock Ransomware\""],"WannaCrypt":["misp-galaxy:ransomware=\"WannaCry\""],"WCrypt":["misp-galaxy:ransomware=\"WannaCry\""],"WCRY":["misp-galaxy:ransomware=\"WannaCry\""],"WannaSmile":["misp-galaxy:ransomware=\"WannaSmile\""],"Wcry Ransomware":["misp-galaxy:ransomware=\"Wcry Ransomware\""],"WeChat Ransom":["misp-galaxy:ransomware=\"WeChat Ransom\""],"UNNAMED1989":["misp-galaxy:ransomware=\"WeChat Ransom\""],"WhiteRose":["misp-galaxy:ransomware=\"WhiteRose\""],"WickedLocker HT Ransomware":["misp-galaxy:ransomware=\"WickedLocker HT Ransomware\""],"WildFire Locker":["misp-galaxy:ransomware=\"WildFire Locker\""],"Hades Locker":["misp-galaxy:ransomware=\"WildFire Locker\""],"WinRarer Ransomware":["misp-galaxy:ransomware=\"WinRarer Ransomware\""],"Windows_Security Ransonware":["misp-galaxy:ransomware=\"Windows_Security Ransonware\""],"WS Go Ransonware":["misp-galaxy:ransomware=\"Windows_Security Ransonware\""],"Winnix Cryptor Ransomware":["misp-galaxy:ransomware=\"Winnix Cryptor Ransomware\""],"X-Files":["misp-galaxy:ransomware=\"X-Files\""],"X3M Ransomware":["misp-galaxy:ransomware=\"X3M Ransomware\""],"XCrypt Ransomware":["misp-galaxy:ransomware=\"XCrypt Ransomware\""],"XRTN ":["misp-galaxy:ransomware=\"XRTN \""],"XTPLocker 5.0 Ransomware":["misp-galaxy:ransomware=\"XTPLocker 5.0 Ransomware\""],"XYZWare Ransomware":["misp-galaxy:ransomware=\"XYZWare Ransomware\""],"XiaoBa ransomware":["misp-galaxy:ransomware=\"XiaoBa ransomware\""],"Xolzsec":["misp-galaxy:ransomware=\"Xolzsec\""],"Xorist":["misp-galaxy:ransomware=\"Xorist\""],"YYTO Ransomware":["misp-galaxy:ransomware=\"YYTO Ransomware\""],"You Have Been Hacked!!!":["misp-galaxy:ransomware=\"You Have Been Hacked!!!\""],"YouAreFucked Ransomware":["misp-galaxy:ransomware=\"YouAreFucked Ransomware\""],"YourRansom Ransomware":["misp-galaxy:ransomware=\"YourRansom Ransomware\""],"ZXZ Ramsomware":["misp-galaxy:ransomware=\"ZXZ Ramsomware\""],"Zcrypt":["misp-galaxy:ransomware=\"Zcrypt\""],"Zcryptor":["misp-galaxy:ransomware=\"Zcrypt\""],"ZekwaCrypt Ransomware":["misp-galaxy:ransomware=\"ZekwaCrypt Ransomware\""],"Zenis Ransomware":["misp-galaxy:ransomware=\"Zenis Ransomware\""],"ZeroCrypt Ransomware":["misp-galaxy:ransomware=\"ZeroCrypt Ransomware\""],"Zimbra":["misp-galaxy:ransomware=\"Zimbra\""],"ZinoCrypt Ransomware":["misp-galaxy:ransomware=\"ZinoCrypt Ransomware\""],"Russian":["misp-galaxy:ransomware=\"Zlader\""],"Zorro":["misp-galaxy:ransomware=\"Zorro\""],"Zyka Ransomware":["misp-galaxy:ransomware=\"Zyka Ransomware\""],"encryptoJJS":["misp-galaxy:ransomware=\"encryptoJJS\""],"garrantydecrypt":["misp-galaxy:ransomware=\"garrantydecrypt\""],"iLock":["misp-galaxy:ransomware=\"iLock\""],"iLockLight":["misp-galaxy:ransomware=\"iLockLight\""],"iRansom":["misp-galaxy:ransomware=\"iRansom\""],"n1n1n1":["misp-galaxy:ransomware=\"n1n1n1\""],"of Ransomware: OpenToYou (Formerly known as OpenToDecrypt)":["misp-galaxy:ransomware=\"of Ransomware: OpenToYou (Formerly known as OpenToDecrypt)\""],"qkG":["misp-galaxy:ransomware=\"qkG\""],"vxLock":["misp-galaxy:ransomware=\"vxLock\""],"zScreenLocker Ransomware":["misp-galaxy:ransomware=\"zScreenLocker Ransomware\""],"5p00f3r.N$ RAT":["misp-galaxy:rat=\"5p00f3r.N$ RAT\""],"9002":["misp-galaxy:rat=\"9002\""],"A32s RAT":["misp-galaxy:rat=\"A32s RAT\""],"A4Zeta":["misp-galaxy:rat=\"A4Zeta\""],"Adwind RAT":["misp-galaxy:rat=\"Adwind RAT\""],"UNiversal REmote COntrol Multi-Platform":["misp-galaxy:rat=\"Adwind RAT\""],"Adzok":["misp-galaxy:rat=\"Adzok\""],"AeroAdmin":["misp-galaxy:rat=\"AeroAdmin\""],"AhNyth Android":["misp-galaxy:rat=\"AhNyth Android\""],"Ahtapod":["misp-galaxy:rat=\"Ahtapod\""],"Albertino Advanced RAT":["misp-galaxy:rat=\"Albertino Advanced RAT\""],"Ammyy Admin":["misp-galaxy:rat=\"Ammyy Admin\""],"Ammyy":["misp-galaxy:rat=\"Ammyy Admin\""],"Androrat":["misp-galaxy:rat=\"Androrat\""],"AnyDesk":["misp-galaxy:rat=\"AnyDesk\""],"Arabian-Attacker RAT":["misp-galaxy:rat=\"Arabian-Attacker RAT\""],"Archelaus Beta":["misp-galaxy:rat=\"Archelaus Beta\""],"Arcom":["misp-galaxy:rat=\"Arcom\""],"Arctic R.A.T.":["misp-galaxy:rat=\"Arctic R.A.T.\""],"Artic":["misp-galaxy:rat=\"Arctic R.A.T.\""],"Assassin":["misp-galaxy:rat=\"Assassin\""],"Atelier Web Remote Commander":["misp-galaxy:rat=\"Atelier Web Remote Commander\""],"BBS RAT":["misp-galaxy:rat=\"BBS RAT\""],"BD Y3K RAT":["misp-galaxy:rat=\"BD Y3K RAT\""],"Back Door Y3K RAT":["misp-galaxy:rat=\"BD Y3K RAT\""],"Y3k":["misp-galaxy:rat=\"BD Y3K RAT\""],"BX":["misp-galaxy:rat=\"BX\""],"Babylon":["misp-galaxy:rat=\"Babylon\""],"Back Orifice 2000":["misp-galaxy:rat=\"Back Orifice 2000\""],"BO2k":["misp-galaxy:rat=\"Back Orifice 2000\""],"Back Orifice":["misp-galaxy:rat=\"Back Orifice\""],"BO":["misp-galaxy:rat=\"Back Orifice\""],"Bandook RAT":["misp-galaxy:rat=\"Bandook RAT\""],"Batch NET":["misp-galaxy:rat=\"Batch NET\""],"BeamYourScreen":["misp-galaxy:rat=\"BeamYourScreen\""],"Beast Trojan":["misp-galaxy:rat=\"Beast Trojan\""],"Bifrost":["misp-galaxy:rat=\"Bifrost\""],"Biodox":["misp-galaxy:rat=\"Biodox\""],"BlackNix":["misp-galaxy:rat=\"BlackNix\""],"Blackshades":["misp-galaxy:rat=\"Blackshades\"","misp-galaxy:tool=\"Blackshades\""],"Blizzard":["misp-galaxy:rat=\"Blizzard\""],"Blue Banana":["misp-galaxy:rat=\"Blue Banana\""],"Brat":["misp-galaxy:rat=\"Brat\""],"CIA RAT":["misp-galaxy:rat=\"CIA RAT\""],"CTOS":["misp-galaxy:rat=\"CTOS\""],"Caesar RAT":["misp-galaxy:rat=\"Caesar RAT\""],"Cardinal":["misp-galaxy:rat=\"Cardinal\""],"Casa RAT":["misp-galaxy:rat=\"Casa RAT\""],"Cerberus RAT":["misp-galaxy:rat=\"Cerberus RAT\""],"Char0n":["misp-galaxy:rat=\"Char0n\""],"Chrome Remote Desktop":["misp-galaxy:rat=\"Chrome Remote Desktop\""],"ClientMesh":["misp-galaxy:rat=\"ClientMesh\""],"Coldroot":["misp-galaxy:rat=\"Coldroot\""],"Comodo Unite":["misp-galaxy:rat=\"Comodo Unite\""],"CrossRat":["misp-galaxy:rat=\"CrossRat\""],"Cyber Eye RAT":["misp-galaxy:rat=\"Cyber Eye RAT\""],"DameWare Mini Remote Control":["misp-galaxy:rat=\"DameWare Mini Remote Control\""],"dameware":["misp-galaxy:rat=\"DameWare Mini Remote Control\""],"Dark DDoSeR":["misp-galaxy:rat=\"Dark DDoSeR\""],"Dark Comet":["misp-galaxy:rat=\"DarkComet\"","misp-galaxy:tool=\"Dark Comet\""],"DarkMoon":["misp-galaxy:rat=\"DarkMoon\""],"Dark Moon":["misp-galaxy:rat=\"DarkMoon\""],"DarkRat":["misp-galaxy:rat=\"DarkRat\""],"DarkRAT":["misp-galaxy:rat=\"DarkRat\""],"DarkTrack":["misp-galaxy:rat=\"DarkTrack\""],"Darknet RAT":["misp-galaxy:rat=\"Darknet RAT\""],"Dark NET RAT":["misp-galaxy:rat=\"Darknet RAT\""],"Deeper RAT":["misp-galaxy:rat=\"Deeper RAT\""],"DesktopNow":["misp-galaxy:rat=\"DesktopNow\""],"Erebus":["misp-galaxy:rat=\"Erebus\""],"FINSPY":["misp-galaxy:rat=\"FINSPY\"","misp-galaxy:tool=\"FINSPY\""],"Felipe":["misp-galaxy:rat=\"Felipe\""],"Felismus RAT":["misp-galaxy:rat=\"Felismus RAT\""],"FlawedAmmy":["misp-galaxy:rat=\"FlawedAmmy\""],"GOlden Phoenix":["misp-galaxy:rat=\"GOlden Phoenix\""],"Ucul":["misp-galaxy:rat=\"Ghost\""],"GraphicBooting":["misp-galaxy:rat=\"GraphicBooting\""],"Greame":["misp-galaxy:rat=\"Greame\""],"Greek Hackers RAT":["misp-galaxy:rat=\"Greek Hackers RAT\""],"H-w0rm":["misp-galaxy:rat=\"H-w0rm\""],"H-worm":["misp-galaxy:rat=\"H-worm\""],"HTTP WEB BACKDOOR":["misp-galaxy:rat=\"HTTP WEB BACKDOOR\""],"Hallaj PRO RAT":["misp-galaxy:rat=\"Hallaj PRO RAT\""],"Hav-RAT":["misp-galaxy:rat=\"Hav-RAT\""],"HawkEye":["misp-galaxy:rat=\"HawkEye\""],"Heseber":["misp-galaxy:rat=\"Heseber\""],"Imminent Monitor":["misp-galaxy:rat=\"Imminent Monitor\""],"Indetectables RAT":["misp-galaxy:rat=\"Indetectables RAT\""],"JCage":["misp-galaxy:rat=\"JCage\""],"Jfect":["misp-galaxy:rat=\"Jfect\""],"Kazybot":["misp-galaxy:rat=\"Kazybot\""],"KhRAT":["misp-galaxy:rat=\"KhRAT\""],"Kiler RAT":["misp-galaxy:rat=\"Kiler RAT\""],"Njw0rm":["misp-galaxy:rat=\"Kiler RAT\"","misp-galaxy:rat=\"NJRat\""],"Killer RAT":["misp-galaxy:rat=\"Killer RAT\""],"KjW0rm":["misp-galaxy:rat=\"KjW0rm\"","misp-galaxy:tool=\"KjW0rm\""],"Lanfiltrator":["misp-galaxy:rat=\"Lanfiltrator\""],"LeGeNd":["misp-galaxy:rat=\"LeGeNd\""],"LiteManager":["misp-galaxy:rat=\"LiteManager\""],"Loki RAT":["misp-galaxy:rat=\"Loki RAT\""],"LokiTech":["misp-galaxy:rat=\"LokiTech\""],"Lost Door":["misp-galaxy:rat=\"Lost Door\""],"LostDoor":["misp-galaxy:rat=\"Lost Door\""],"Luminosity Link":["misp-galaxy:rat=\"Luminosity Link\""],"LuxNET":["misp-galaxy:rat=\"LuxNET\""],"MINI-MO":["misp-galaxy:rat=\"MINI-MO\""],"MLRat":["misp-galaxy:rat=\"MLRat\""],"MRA RAT":["misp-galaxy:rat=\"MRA RAT\""],"MadRAT":["misp-galaxy:rat=\"MadRAT\""],"Mangit":["misp-galaxy:rat=\"Mangit\""],"Matryoshka":["misp-galaxy:rat=\"Matryoshka\"","misp-galaxy:tool=\"Matryoshka\""],"Mega":["misp-galaxy:rat=\"Mega\""],"MegaTrojan":["misp-galaxy:rat=\"MegaTrojan\""],"Minimo":["misp-galaxy:rat=\"Minimo\""],"MoSucker":["misp-galaxy:rat=\"MoSucker\""],"MofoTro":["misp-galaxy:rat=\"MofoTro\""],"NET-MONITOR PRO":["misp-galaxy:rat=\"NET-MONITOR PRO\""],"NJRat":["misp-galaxy:rat=\"NJRat\""],"Net Devil":["misp-galaxy:rat=\"Net Devil\""],"NetDevil":["misp-galaxy:rat=\"Net Devil\"","misp-galaxy:rat=\"NetDevil\""],"Netbus":["misp-galaxy:rat=\"Netbus\""],"NetBus":["misp-galaxy:rat=\"Netbus\""],"Netsupport Manager":["misp-galaxy:rat=\"Netsupport Manager\""],"Netwire":["misp-galaxy:rat=\"Netwire\""],"NewCore":["misp-galaxy:rat=\"NewCore\""],"Nova":["misp-galaxy:rat=\"Nova\""],"Nuclear RAT":["misp-galaxy:rat=\"Nuclear RAT\""],"NukeSped":["misp-galaxy:rat=\"NukeSped\""],"Nytro":["misp-galaxy:rat=\"Nytro\""],"Offence":["misp-galaxy:rat=\"Offence\""],"Optix Pro":["misp-galaxy:rat=\"Optix Pro\""],"Orcus":["misp-galaxy:rat=\"Orcus\""],"Ozone":["misp-galaxy:rat=\"Ozone\""],"P. Storrie RAT":["misp-galaxy:rat=\"P. Storrie RAT\""],"P.Storrie RAT":["misp-galaxy:rat=\"P. Storrie RAT\""],"Pain RAT":["misp-galaxy:rat=\"Pain RAT\""],"Pandora":["misp-galaxy:rat=\"Pandora\""],"Paradox":["misp-galaxy:rat=\"Paradox\""],"Parasite-HTTP-RAT":["misp-galaxy:rat=\"Parasite-HTTP-RAT\""],"PentagonRAT":["misp-galaxy:rat=\"PentagonRAT\""],"Plasma RAT":["misp-galaxy:rat=\"Plasma RAT\""],"Pocket RAT":["misp-galaxy:rat=\"Pocket RAT\""],"Backdoor.Win32.PoisonIvy":["misp-galaxy:rat=\"PoisonIvy\"","misp-galaxy:tool=\"Poison Ivy\""],"Gen:Trojan.Heur.PT":["misp-galaxy:rat=\"PoisonIvy\"","misp-galaxy:tool=\"Poison Ivy\""],"PowerRAT":["misp-galaxy:rat=\"PowerRAT\""],"PredatorPain":["misp-galaxy:rat=\"Predator Pain\""],"ProRat":["misp-galaxy:rat=\"ProRat\""],"Punisher RAT":["misp-galaxy:rat=\"Punisher RAT\""],"Qarallax":["misp-galaxy:rat=\"Qarallax\""],"qrat":["misp-galaxy:rat=\"Qarallax\"","misp-galaxy:tool=\"qrat\""],"Quaverse":["misp-galaxy:rat=\"Quaverse\""],"QRAT":["misp-galaxy:rat=\"Quaverse\""],"RATAttack":["misp-galaxy:rat=\"RATAttack\""],"RWX RAT":["misp-galaxy:rat=\"RWX RAT\""],"RaTRon":["misp-galaxy:rat=\"RaTRon\""],"RealVNC":["misp-galaxy:rat=\"RealVNC\""],"VNC Connect":["misp-galaxy:rat=\"RealVNC\""],"VNC Viewer":["misp-galaxy:rat=\"RealVNC\""],"Remote Utilities":["misp-galaxy:rat=\"Remote Utilities\""],"RemotePC":["misp-galaxy:rat=\"RemotePC\""],"RevCode":["misp-galaxy:rat=\"RevCode\""],"Revenge-RAT":["misp-galaxy:rat=\"Revenge-RAT\""],"Rottie3":["misp-galaxy:rat=\"Rottie3\""],"Sandro RAT":["misp-galaxy:rat=\"Sandro RAT\""],"Schwarze-Sonne-RAT":["misp-galaxy:rat=\"Schwarze-Sonne-RAT\""],"SS-RAT":["misp-galaxy:rat=\"Schwarze-Sonne-RAT\""],"Schwarze Sonne":["misp-galaxy:rat=\"Schwarze-Sonne-RAT\""],"Seecreen":["misp-galaxy:rat=\"Seecreen\""],"Firnass":["misp-galaxy:rat=\"Seecreen\""],"Seed RAT":["misp-galaxy:rat=\"Seed RAT\""],"Setro":["misp-galaxy:rat=\"Setro\""],"SharK":["misp-galaxy:rat=\"SharK\""],"SHARK":["misp-galaxy:rat=\"SharK\""],"SharpBot":["misp-galaxy:rat=\"SharpBot\""],"SharpEye":["misp-galaxy:rat=\"SharpEye\""],"ShowMyPC":["misp-galaxy:rat=\"ShowMyPC\""],"Sky Wyder":["misp-galaxy:rat=\"Sky Wyder\""],"Small-Net":["misp-galaxy:rat=\"Small-Net\""],"SmallNet":["misp-galaxy:rat=\"Small-Net\""],"Snoopy":["misp-galaxy:rat=\"Snoopy\""],"Snowdoor":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor.Blizzard":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor.Fxdoor":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor.Snowdoor":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor:Win32\/Snowdoor":["misp-galaxy:rat=\"Snowdoor\""],"Socket23":["misp-galaxy:rat=\"Socket23\""],"SocketPlayer":["misp-galaxy:rat=\"SocketPlayer\""],"Sparta RAT":["misp-galaxy:rat=\"Sparta RAT\""],"SpyCronic":["misp-galaxy:rat=\"SpyCronic\""],"SpyGate":["misp-galaxy:rat=\"SpyGate\""],"Spymaster Pro":["misp-galaxy:rat=\"Spymaster Pro\""],"Spynet":["misp-galaxy:rat=\"Spynet\""],"Sub7":["misp-galaxy:rat=\"Sub7\""],"SubSeven":["misp-galaxy:rat=\"Sub7\""],"Sub7Server":["misp-galaxy:rat=\"Sub7\""],"Syla":["misp-galaxy:rat=\"Syla\""],"Syndrome RAT":["misp-galaxy:rat=\"Syndrome RAT\""],"TINY":["misp-galaxy:rat=\"TINY\""],"TSCookieRAT":["misp-galaxy:rat=\"TSCookieRAT\""],"TeamViewer":["misp-galaxy:rat=\"TeamViewer\""],"Tequila Bandita":["misp-galaxy:rat=\"Tequila Bandita\""],"TheFat RAT":["misp-galaxy:rat=\"TheFat RAT\""],"TheOneSpy":["misp-galaxy:rat=\"TheOneSpy\""],"Theef":["misp-galaxy:rat=\"Theef\""],"Toquito Bandito":["misp-galaxy:rat=\"Toquito Bandito\""],"TorCT PHP RAT":["misp-galaxy:rat=\"TorCT PHP RAT\""],"Trochilus":["misp-galaxy:rat=\"Trochilus\"","misp-galaxy:tool=\"Trochilus\""],"Turkojan":["misp-galaxy:rat=\"Turkojan\""],"UNITEDRAKE":["misp-galaxy:rat=\"UNITEDRAKE\""],"Ultra VNC":["misp-galaxy:rat=\"Ultra VNC\""],"Vanguard":["misp-galaxy:rat=\"Vanguard\""],"Vantom":["misp-galaxy:rat=\"Vantom\""],"Venomous Ivy":["misp-galaxy:rat=\"Venomous Ivy\""],"Virus RAT":["misp-galaxy:rat=\"Virus RAT\""],"VorteX":["misp-galaxy:rat=\"VorteX\""],"Vortex":["misp-galaxy:rat=\"Vortex\""],"WiRAT":["misp-galaxy:rat=\"WiRAT\""],"Win32.HsIdir":["misp-galaxy:rat=\"Win32.HsIdir\""],"Windows Remote Desktop":["misp-galaxy:rat=\"Windows Remote Desktop\""],"Xanity":["misp-galaxy:rat=\"Xanity\""],"Xena":["misp-galaxy:rat=\"Xena\""],"Xpert":["misp-galaxy:rat=\"Xpert\""],"Xploit":["misp-galaxy:rat=\"Xploit\""],"Xsser":["misp-galaxy:rat=\"Xsser\""],"mRAT":["misp-galaxy:rat=\"Xsser\""],"XtremeRAT":["misp-galaxy:rat=\"XtremeRAT\""],"Xyligan":["misp-galaxy:rat=\"Xyligan\""],"ZOMBIE SLAYER":["misp-galaxy:rat=\"ZOMBIE SLAYER\""],"death":["misp-galaxy:rat=\"death\""],"drat":["misp-galaxy:rat=\"drat\""],"JacksBot":["misp-galaxy:rat=\"jRAT\""],"joanap":["misp-galaxy:rat=\"joanap\""],"join.me":["misp-galaxy:rat=\"join.me\""],"miniRAT":["misp-galaxy:rat=\"miniRAT\""],"rokrat":["misp-galaxy:rat=\"rokrat\""],"vjw0rm 0.1":["misp-galaxy:rat=\"vjw0rm 0.1\""],"xHacker Pro RAT":["misp-galaxy:rat=\"xHacker Pro RAT\""],"Academia - University":["misp-galaxy:sector=\"Academia - University\""],"Accounting":["misp-galaxy:sector=\"Accounting\""],"Activists":["misp-galaxy:sector=\"Activists\""],"Advertising":["misp-galaxy:sector=\"Advertising\""],"Aerospace":["misp-galaxy:sector=\"Aerospace\""],"Agriculture":["misp-galaxy:sector=\"Agriculture\""],"Arts":["misp-galaxy:sector=\"Arts\""],"Automotive":["misp-galaxy:sector=\"Automotive\""],"Bank":["misp-galaxy:sector=\"Bank\""],"Biomedical":["misp-galaxy:sector=\"Biomedical\""],"Casino":["misp-galaxy:sector=\"Casino\""],"Chemical":["misp-galaxy:sector=\"Chemical\""],"Citizens":["misp-galaxy:sector=\"Citizens\""],"Civil Aviation":["misp-galaxy:sector=\"Civil Aviation\""],"Civil society":["misp-galaxy:sector=\"Civil society\""],"Communication equipment":["misp-galaxy:sector=\"Communication equipment\""],"Construction":["misp-galaxy:sector=\"Construction\""],"Consulting":["misp-galaxy:sector=\"Consulting\""],"Country":["misp-galaxy:sector=\"Country\""],"Culture":["misp-galaxy:sector=\"Culture\""],"DNS service provider":["misp-galaxy:sector=\"DNS service provider\""],"Data Broker":["misp-galaxy:sector=\"Data Broker\""],"Defense":["misp-galaxy:sector=\"Defense\""],"Development":["misp-galaxy:sector=\"Development\""],"Digital infrastructure":["misp-galaxy:sector=\"Digital infrastructure\""],"Digital services":["misp-galaxy:sector=\"Digital services\""],"Diplomacy":["misp-galaxy:sector=\"Diplomacy\""],"Dissidents":["misp-galaxy:sector=\"Dissidents\""],"Education":["misp-galaxy:sector=\"Education\""],"Electric":["misp-galaxy:sector=\"Electric\""],"Electronic":["misp-galaxy:sector=\"Electronic\""],"Employment":["misp-galaxy:sector=\"Employment\""],"Energy":["misp-galaxy:sector=\"Energy\""],"Entertainment":["misp-galaxy:sector=\"Entertainment\""],"Environment":["misp-galaxy:sector=\"Environment\""],"Finance":["misp-galaxy:sector=\"Finance\""],"Food":["misp-galaxy:sector=\"Food\""],"Game":["misp-galaxy:sector=\"Game\""],"Gas":["misp-galaxy:sector=\"Gas\""],"Government, Administration":["misp-galaxy:sector=\"Government, Administration\""],"Health":["misp-galaxy:sector=\"Health\""],"High tech":["misp-galaxy:sector=\"High tech\""],"Higher education":["misp-galaxy:sector=\"Higher education\""],"Hospitality":["misp-galaxy:sector=\"Hospitality\""],"Hotels":["misp-galaxy:sector=\"Hotels\""],"IT - Hacker":["misp-galaxy:sector=\"IT - Hacker\""],"IT - ISP":["misp-galaxy:sector=\"IT - ISP\""],"IT - Security":["misp-galaxy:sector=\"IT - Security\""],"IT":["misp-galaxy:sector=\"IT\""],"Immigration":["misp-galaxy:sector=\"Immigration\""],"Industrial":["misp-galaxy:sector=\"Industrial\""],"Infrastructure":["misp-galaxy:sector=\"Infrastructure\""],"Insurance":["misp-galaxy:sector=\"Insurance\""],"Intelligence":["misp-galaxy:sector=\"Intelligence\""],"Investment":["misp-galaxy:sector=\"Investment\""],"Islamic forums":["misp-galaxy:sector=\"Islamic forums\""],"Islamic organisation":["misp-galaxy:sector=\"Islamic organisation\""],"Journalist":["misp-galaxy:sector=\"Journalist\""],"Justice":["misp-galaxy:sector=\"Justice\""],"Lawyers":["misp-galaxy:sector=\"Lawyers\""],"Legal":["misp-galaxy:sector=\"Legal\""],"Life science":["misp-galaxy:sector=\"Life science\""],"Logistic":["misp-galaxy:sector=\"Logistic\""],"Managed Services Provider":["misp-galaxy:sector=\"Managed Services Provider\""],"Manufacturing":["misp-galaxy:sector=\"Manufacturing\""],"Maritime":["misp-galaxy:sector=\"Maritime\""],"Marketing":["misp-galaxy:sector=\"Marketing\""],"Metal":["misp-galaxy:sector=\"Metal\""],"Military":["misp-galaxy:sector=\"Military\""],"Mining":["misp-galaxy:sector=\"Mining\""],"Multi-sector":["misp-galaxy:sector=\"Multi-sector\""],"NGO":["misp-galaxy:sector=\"NGO\""],"News - Media":["misp-galaxy:sector=\"News - Media\""],"Oil":["misp-galaxy:sector=\"Oil\""],"Online marketplace":["misp-galaxy:sector=\"Online marketplace\""],"Opposition":["misp-galaxy:sector=\"Opposition\""],"Other":["misp-galaxy:sector=\"Other\""],"Payment":["misp-galaxy:sector=\"Payment\""],"Petrochemical":["misp-galaxy:sector=\"Petrochemical\""],"Pharmacy":["misp-galaxy:sector=\"Pharmacy\""],"Police - Law enforcement":["misp-galaxy:sector=\"Police - Law enforcement\""],"Political party":["misp-galaxy:sector=\"Political party\""],"Programming":["misp-galaxy:sector=\"Programming\""],"Publishing industry":["misp-galaxy:sector=\"Publishing industry\""],"Railway":["misp-galaxy:sector=\"Railway\""],"Research - Innovation":["misp-galaxy:sector=\"Research - Innovation\""],"Restaurant":["misp-galaxy:sector=\"Restaurant\""],"Retail":["misp-galaxy:sector=\"Retail\""],"Satellite navigation":["misp-galaxy:sector=\"Satellite navigation\""],"Security Service":["misp-galaxy:sector=\"Security Service\""],"Security actors":["misp-galaxy:sector=\"Security actors\""],"Security systems":["misp-galaxy:sector=\"Security systems\""],"Semi-conductors":["misp-galaxy:sector=\"Semi-conductors\""],"Separatists":["misp-galaxy:sector=\"Separatists\""],"Shipping":["misp-galaxy:sector=\"Shipping\""],"Smart meter":["misp-galaxy:sector=\"Smart meter\""],"Social networks":["misp-galaxy:sector=\"Social networks\""],"Space":["misp-galaxy:sector=\"Space\""],"Steel":["misp-galaxy:sector=\"Steel\""],"Streaming service":["misp-galaxy:sector=\"Streaming service\""],"Tax firm":["misp-galaxy:sector=\"Tax firm\""],"Technology":["misp-galaxy:sector=\"Technology\""],"Telecoms":["misp-galaxy:sector=\"Telecoms\""],"Television broadcast":["misp-galaxy:sector=\"Television broadcast\""],"Think Tanks":["misp-galaxy:sector=\"Think Tanks\""],"Tourism":["misp-galaxy:sector=\"Tourism\""],"Trade":["misp-galaxy:sector=\"Trade\""],"Transport":["misp-galaxy:sector=\"Transport\""],"Travel":["misp-galaxy:sector=\"Travel\""],"Turbine":["misp-galaxy:sector=\"Turbine\""],"Veterinary":["misp-galaxy:sector=\"Veterinary\""],"Video Sharing":["misp-galaxy:sector=\"Video Sharing\""],"Water":["misp-galaxy:sector=\"Water\""],"eCommerce":["misp-galaxy:sector=\"eCommerce\""],"engineering":["misp-galaxy:sector=\"engineering\""],"AZORult":["misp-galaxy:stealer=\"AZORult\""],"TeleGrab":["misp-galaxy:stealer=\"TeleGrab\""],"Vidar":["misp-galaxy:stealer=\"Vidar\""],"BlackHat TDS":["misp-galaxy:tds=\"BlackHat TDS\""],"BlackTDS":["misp-galaxy:tds=\"BlackTDS\""],"BossTDS":["misp-galaxy:tds=\"BossTDS\""],"Futuristic TDS":["misp-galaxy:tds=\"Futuristic TDS\""],"Keitaro":["misp-galaxy:tds=\"Keitaro\""],"Orchid TDS":["misp-galaxy:tds=\"Orchid TDS\""],"ShadowTDS":["misp-galaxy:tds=\"ShadowTDS\""],"SimpleTDS":["misp-galaxy:tds=\"SimpleTDS\""],"Stds":["misp-galaxy:tds=\"SimpleTDS\""],"Sutra":["misp-galaxy:tds=\"Sutra\""],"zTDS":["misp-galaxy:tds=\"zTDS\""]," Stealth Mango and Tangelo ":["misp-galaxy:threat-actor=\" Stealth Mango and Tangelo \""],"ALLANITE":["misp-galaxy:threat-actor=\"ALLANITE\""],"Palmetto Fusion":["misp-galaxy:threat-actor=\"ALLANITE\""],"Allanite":["misp-galaxy:threat-actor=\"ALLANITE\""],"APT 16":["misp-galaxy:threat-actor=\"APT 16\""],"SVCMONDR":["misp-galaxy:threat-actor=\"APT 16\"","misp-galaxy:threat-actor=\"SVCMONDR\""],"APT 22":["misp-galaxy:threat-actor=\"APT 22\""],"APT22":["misp-galaxy:threat-actor=\"APT 22\""],"APT 26":["misp-galaxy:threat-actor=\"APT 26\""],"APT26":["misp-galaxy:threat-actor=\"APT 26\""],"Hippo Team":["misp-galaxy:threat-actor=\"APT 26\"","misp-galaxy:threat-actor=\"Turla Group\""],"JerseyMikes":["misp-galaxy:threat-actor=\"APT 26\""],"Turbine Panda":["misp-galaxy:threat-actor=\"APT 26\""],"APT 29":["misp-galaxy:threat-actor=\"APT 29\""],"Dukes":["misp-galaxy:threat-actor=\"APT 29\""],"Group 100":["misp-galaxy:threat-actor=\"APT 29\""],"Cozy Duke":["misp-galaxy:threat-actor=\"APT 29\""],"Office Monkeys":["misp-galaxy:threat-actor=\"APT 29\""],"OfficeMonkeys":["misp-galaxy:threat-actor=\"APT 29\""],"Minidionis":["misp-galaxy:threat-actor=\"APT 29\""],"Hammer Toss":["misp-galaxy:threat-actor=\"APT 29\""],"Iron Hemlock":["misp-galaxy:threat-actor=\"APT 29\""],"Grizzly Steppe":["misp-galaxy:threat-actor=\"APT 29\"","misp-galaxy:threat-actor=\"Sofacy\""],"APT 30":["misp-galaxy:threat-actor=\"APT 30\"","misp-galaxy:threat-actor=\"Naikon\""],"APT 6":["misp-galaxy:threat-actor=\"APT 6\""],"1.php Group":["misp-galaxy:threat-actor=\"APT 6\""],"APT6":["misp-galaxy:threat-actor=\"APT 6\""],"APT-C-27":["misp-galaxy:threat-actor=\"APT-C-27\""],"GoldMouse":["misp-galaxy:threat-actor=\"APT-C-27\""],"APT-C-35":["misp-galaxy:threat-actor=\"APT-C-35\"","misp-galaxy:threat-actor=\"APT-C-35\""],"DoNot Team":["misp-galaxy:threat-actor=\"APT-C-35\""],"Donot Team":["misp-galaxy:threat-actor=\"APT-C-35\""],"APT-C-36":["misp-galaxy:threat-actor=\"APT-C-36\""],"Blind Eagle":["misp-galaxy:threat-actor=\"APT-C-36\""],"APT.3102":["misp-galaxy:threat-actor=\"APT.3102\""],"APT31":["misp-galaxy:threat-actor=\"APT31\"","misp-galaxy:threat-actor=\"Hurricane Panda\""],"APT 31":["misp-galaxy:threat-actor=\"APT31\"","misp-galaxy:threat-actor=\"Hurricane Panda\""],"Ocean Lotus":["misp-galaxy:threat-actor=\"APT32\""],"Cobalt Kitty":["misp-galaxy:threat-actor=\"APT32\""],"Sea Lotus":["misp-galaxy:threat-actor=\"APT32\""],"APT-32":["misp-galaxy:threat-actor=\"APT32\""],"APT 32":["misp-galaxy:threat-actor=\"APT32\""],"Ocean Buffalo":["misp-galaxy:threat-actor=\"APT32\""],"APT 33":["misp-galaxy:threat-actor=\"APT33\""],"MAGNALLIUM":["misp-galaxy:threat-actor=\"APT33\"","misp-galaxy:threat-actor=\"MAGNALLIUM\""],"Refined Kitten":["misp-galaxy:threat-actor=\"APT33\""],"APT 34":["misp-galaxy:threat-actor=\"APT34\"","misp-galaxy:threat-actor=\"OilRig\""],"APT 35":["misp-galaxy:threat-actor=\"APT35\"","misp-galaxy:threat-actor=\"Cleaver\""],"Newscaster Team":["misp-galaxy:threat-actor=\"APT35\""],"APT 37":["misp-galaxy:threat-actor=\"APT37\""],"Group 123":["misp-galaxy:threat-actor=\"APT37\""],"Starcruft":["misp-galaxy:threat-actor=\"APT37\""],"Reaper Group":["misp-galaxy:threat-actor=\"APT37\""],"Red Eyes":["misp-galaxy:threat-actor=\"APT37\""],"Ricochet Chollima":["misp-galaxy:threat-actor=\"APT37\""],"Operation Daybreak":["misp-galaxy:threat-actor=\"APT37\"","misp-galaxy:threat-actor=\"ScarCruft\""],"Operation Erebus":["misp-galaxy:threat-actor=\"APT37\"","misp-galaxy:threat-actor=\"ScarCruft\""],"Venus 121":["misp-galaxy:threat-actor=\"APT37\""],"APT 39":["misp-galaxy:threat-actor=\"APT39\""],"APT5":["misp-galaxy:threat-actor=\"APT5\""],"Anchor Panda":["misp-galaxy:threat-actor=\"Anchor Panda\"","misp-galaxy:tool=\"Torn RAT\""],"APT14":["misp-galaxy:threat-actor=\"Anchor Panda\""],"APT 14":["misp-galaxy:threat-actor=\"Anchor Panda\""],"QAZTeam":["misp-galaxy:threat-actor=\"Anchor Panda\""],"ALUMINUM":["misp-galaxy:threat-actor=\"Anchor Panda\""],"Andromeda Spider":["misp-galaxy:threat-actor=\"Andromeda Spider\""],"AridViper":["misp-galaxy:threat-actor=\"AridViper\""],"Desert Falcon":["misp-galaxy:threat-actor=\"AridViper\""],"Arid Viper":["misp-galaxy:threat-actor=\"AridViper\""],"APT-C-23":["misp-galaxy:threat-actor=\"AridViper\""],"Aslan Neferler Tim":["misp-galaxy:threat-actor=\"Aslan Neferler Tim\""],"Lion Soldiers Team":["misp-galaxy:threat-actor=\"Aslan Neferler Tim\""],"Phantom Turk":["misp-galaxy:threat-actor=\"Aslan Neferler Tim\""],"Aurora Panda":["misp-galaxy:threat-actor=\"Aurora Panda\""],"APT 17":["misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Group 8":["misp-galaxy:threat-actor=\"Aurora Panda\""],"Hidden Lynx":["misp-galaxy:threat-actor=\"Aurora Panda\""],"Tailgater Team":["misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Dogfish":["misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Group72":["misp-galaxy:threat-actor=\"Axiom\""],"Tailgater":["misp-galaxy:threat-actor=\"Axiom\""],"Ragebeast":["misp-galaxy:threat-actor=\"Axiom\""],"Lead":["misp-galaxy:threat-actor=\"Axiom\""],"Wicked Spider":["misp-galaxy:threat-actor=\"Axiom\""],"Wicked Panda":["misp-galaxy:threat-actor=\"Axiom\""],"Barium":["misp-galaxy:threat-actor=\"Axiom\""],"Ayy\u0131ld\u0131z Tim":["misp-galaxy:threat-actor=\"Ayy\u0131ld\u0131z Tim\""],"Crescent and Star":["misp-galaxy:threat-actor=\"Ayy\u0131ld\u0131z Tim\""],"Bahamut":["misp-galaxy:threat-actor=\"Bahamut\""],"SIG22":["misp-galaxy:threat-actor=\"Beijing Group\""],"Big Panda":["misp-galaxy:threat-actor=\"Big Panda\""],"BlackTech":["misp-galaxy:threat-actor=\"BlackTech\""],"Blackgear":["misp-galaxy:threat-actor=\"Blackgear\""],"Topgear":["misp-galaxy:threat-actor=\"Blackgear\""],"BLACKGEAR":["misp-galaxy:threat-actor=\"Blackgear\""],"Blue Termite":["misp-galaxy:threat-actor=\"Blue Termite\""],"Cloudy Omega":["misp-galaxy:threat-actor=\"Blue Termite\""],"Boss Spider":["misp-galaxy:threat-actor=\"Boss Spider\""],"Boulder Bear":["misp-galaxy:threat-actor=\"Boulder Bear\""],"BuhTrap":["misp-galaxy:threat-actor=\"BuhTrap\""],"CHRYSENE":["misp-galaxy:threat-actor=\"CHRYSENE\""],"Greenbug":["misp-galaxy:threat-actor=\"CHRYSENE\"","misp-galaxy:threat-actor=\"Greenbug\""],"COBALT DICKENS":["misp-galaxy:threat-actor=\"COBALT DICKENS\"","misp-galaxy:threat-actor=\"Silent Librarian\""],"Cobalt Dickens":["misp-galaxy:threat-actor=\"COBALT DICKENS\""],"COVELLITE":["misp-galaxy:threat-actor=\"COVELLITE\""],"Lazarus":["misp-galaxy:threat-actor=\"COVELLITE\""],"Hidden Cobra":["misp-galaxy:threat-actor=\"COVELLITE\"","misp-galaxy:threat-actor=\"Lazarus Group\""],"Callisto":["misp-galaxy:threat-actor=\"Callisto\""],"The Mask":["misp-galaxy:threat-actor=\"Careto\""],"Ugly Face":["misp-galaxy:threat-actor=\"Careto\""],"Parastoo":["misp-galaxy:threat-actor=\"Charming Kitten\""],"iKittens":["misp-galaxy:threat-actor=\"Charming Kitten\""],"Group 83":["misp-galaxy:threat-actor=\"Charming Kitten\""],"Newsbeef":["misp-galaxy:threat-actor=\"Charming Kitten\""],"NewsBeef":["misp-galaxy:threat-actor=\"Charming Kitten\""],"Operation Cleaver":["misp-galaxy:threat-actor=\"Cleaver\""],"Tarh Andishan":["misp-galaxy:threat-actor=\"Cleaver\""],"Alibaba":["misp-galaxy:threat-actor=\"Cleaver\""],"2889":["misp-galaxy:threat-actor=\"Cleaver\""],"Rocket_Kitten":["misp-galaxy:threat-actor=\"Cleaver\""],"Cutting Kitten":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"Group 41":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Clever Kitten\""],"TEMP.Beanie":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Rocket Kitten\""],"Ghambar":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"Clever Kitten":["misp-galaxy:threat-actor=\"Clever Kitten\""],"Cloud Atlas":["misp-galaxy:threat-actor=\"Cloud Atlas\""],"Cobalt":["misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt group":["misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt gang":["misp-galaxy:threat-actor=\"Cobalt\""],"GOLD KINGSWOOD":["misp-galaxy:threat-actor=\"Cobalt\""],"C0d0so":["misp-galaxy:threat-actor=\"Codoso\""],"APT 19":["misp-galaxy:threat-actor=\"Codoso\"","misp-galaxy:threat-actor=\"Shell Crew\""],"Cold River":["misp-galaxy:threat-actor=\"Cold River\""],"Nahr Elbard":["misp-galaxy:threat-actor=\"Cold River\""],"Nahr el bared":["misp-galaxy:threat-actor=\"Cold River\""],"PLA Unit 61398":["misp-galaxy:threat-actor=\"Comment Crew\""],"APT 1":["misp-galaxy:threat-actor=\"Comment Crew\""],"Advanced Persistent Threat 1":["misp-galaxy:threat-actor=\"Comment Crew\""],"Byzantine Candor":["misp-galaxy:threat-actor=\"Comment Crew\""],"Group 3":["misp-galaxy:threat-actor=\"Comment Crew\""],"TG-8223":["misp-galaxy:threat-actor=\"Comment Crew\""],"Brown Fox":["misp-galaxy:threat-actor=\"Comment Crew\""],"GIF89a":["misp-galaxy:threat-actor=\"Comment Crew\""],"ShadyRAT":["misp-galaxy:threat-actor=\"Comment Crew\""],"Shanghai Group":["misp-galaxy:threat-actor=\"Comment Crew\""],"Slayer Kitten":["misp-galaxy:threat-actor=\"CopyKittens\""],"Corsair Jackal":["misp-galaxy:threat-actor=\"Corsair Jackal\""],"TunisianCyberArmy":["misp-galaxy:threat-actor=\"Corsair Jackal\""],"ITSecTeam":["misp-galaxy:threat-actor=\"Cutting Kitten\""],"Cyber Berkut":["misp-galaxy:threat-actor=\"Cyber Berkut\""],"Cyber Caliphate Army":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"Islamic State Hacking Division":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"CCA":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"United Cyber Caliphate":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"UUC":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"CyberCaliphate":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"Cyber fighters of Izz Ad-Din Al Qassam":["misp-galaxy:threat-actor=\"Cyber fighters of Izz Ad-Din Al Qassam\""],"Fraternal Jackal":["misp-galaxy:threat-actor=\"Cyber fighters of Izz Ad-Din Al Qassam\""],"DYMALLOY":["misp-galaxy:threat-actor=\"DYMALLOY\""],"Dragonfly2":["misp-galaxy:threat-actor=\"DYMALLOY\""],"Berserker Bear":["misp-galaxy:threat-actor=\"DYMALLOY\""],"Danti":["misp-galaxy:threat-actor=\"Danti\""],"Fallout Team":["misp-galaxy:threat-actor=\"DarkHotel\""],"Karba":["misp-galaxy:threat-actor=\"DarkHotel\""],"Luder":["misp-galaxy:threat-actor=\"DarkHotel\""],"Nemin":["misp-galaxy:threat-actor=\"DarkHotel\""],"Pioneer":["misp-galaxy:threat-actor=\"DarkHotel\""],"Shadow Crane":["misp-galaxy:threat-actor=\"DarkHotel\""],"APT-C-06":["misp-galaxy:threat-actor=\"DarkHotel\""],"SIG25":["misp-galaxy:threat-actor=\"DarkHotel\""],"LazyMeerkat":["misp-galaxy:threat-actor=\"DarkHydrus\""],"DarkVishnya":["misp-galaxy:threat-actor=\"DarkVishnya\""],"Deadeye Jackal":["misp-galaxy:threat-actor=\"Deadeye Jackal\""],"SyrianElectronicArmy":["misp-galaxy:threat-actor=\"Deadeye Jackal\""],"SEA":["misp-galaxy:threat-actor=\"Deadeye Jackal\""],"Dextorous Spider":["misp-galaxy:threat-actor=\"Dextorous Spider\""],"Dizzy Panda":["misp-galaxy:threat-actor=\"Dizzy Panda\""],"LadyBoyle":["misp-galaxy:threat-actor=\"Dizzy Panda\""],"Domestic Kitten":["misp-galaxy:threat-actor=\"Domestic Kitten\""],"Monsoon":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"Sarit":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"Quilted Tiger":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"APT-C-09":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"Dungeon Spider":["misp-galaxy:threat-actor=\"Dungeon Spider\""],"ELECTRUM":["misp-galaxy:threat-actor=\"ELECTRUM\""],"Sandworm":["misp-galaxy:threat-actor=\"ELECTRUM\"","misp-galaxy:threat-actor=\"Sandworm\"","misp-galaxy:threat-actor=\"TeleBots\""],"Electric Panda":["misp-galaxy:threat-actor=\"Electric Panda\""],"Eloquent Panda":["misp-galaxy:threat-actor=\"Eloquent Panda\""],"APT 27":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"TEMP.Hippo":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Group 35":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Bronze Union":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"ZipToken":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"HIPPOTeam":["misp-galaxy:threat-actor=\"Emissary Panda\""],"Operation Iron Tiger":["misp-galaxy:threat-actor=\"Emissary Panda\""],"Iron Tiger APT":["misp-galaxy:threat-actor=\"Emissary Panda\""],"Crouching Yeti":["misp-galaxy:threat-actor=\"Energetic Bear\""],"Group 24":["misp-galaxy:threat-actor=\"Energetic Bear\""],"CrouchingYeti":["misp-galaxy:threat-actor=\"Energetic Bear\""],"Koala Team":["misp-galaxy:threat-actor=\"Energetic Bear\""],"Equation Group":["misp-galaxy:threat-actor=\"Equation Group\""],"Tilded Team":["misp-galaxy:threat-actor=\"Equation Group\""],"Lamberts":["misp-galaxy:threat-actor=\"Equation Group\"","misp-galaxy:threat-actor=\"Longhorn\""],"EQGRP":["misp-galaxy:threat-actor=\"Equation Group\""],"Longhorn":["misp-galaxy:threat-actor=\"Equation Group\"","misp-galaxy:threat-actor=\"Longhorn\""],"EvilPost":["misp-galaxy:threat-actor=\"EvilPost\""],"EvilTraffic":["misp-galaxy:threat-actor=\"EvilTraffic\""],"Operation EvilTraffic":["misp-galaxy:threat-actor=\"EvilTraffic\""],"FASTCash":["misp-galaxy:threat-actor=\"FASTCash\"","misp-galaxy:tool=\"FASTCash\""],"Skeleton Spider":["misp-galaxy:threat-actor=\"FIN6\"","misp-galaxy:threat-actor=\"Skeleton Spider\""],"Flash Kitten":["misp-galaxy:threat-actor=\"Flash Kitten\""],"Flying Kitten":["misp-galaxy:threat-actor=\"Flying Kitten\""],"SaffronRose":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Saffron Rose":["misp-galaxy:threat-actor=\"Flying Kitten\""],"AjaxSecurityTeam":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Group 26":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Sayad":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Foxy Panda":["misp-galaxy:threat-actor=\"Foxy Panda\""],"Fxmsp":["misp-galaxy:threat-actor=\"Fxmsp\""],"GC01":["misp-galaxy:threat-actor=\"GC01\""],"Golden Chickens":["misp-galaxy:threat-actor=\"GC01\"","misp-galaxy:threat-actor=\"GC02\""],"Golden Chickens01":["misp-galaxy:threat-actor=\"GC01\""],"Golden Chickens 01":["misp-galaxy:threat-actor=\"GC01\""],"GC02":["misp-galaxy:threat-actor=\"GC02\""],"Golden Chickens02":["misp-galaxy:threat-actor=\"GC02\""],"Golden Chickens 02":["misp-galaxy:threat-actor=\"GC02\""],"GRIM SPIDER":["misp-galaxy:threat-actor=\"GRIM SPIDER\""],"Ghost Jackal":["misp-galaxy:threat-actor=\"Ghost Jackal\""],"GhostNet":["misp-galaxy:threat-actor=\"GhostNet\""],"Snooping Dragon":["misp-galaxy:threat-actor=\"GhostNet\""],"Gibberish Panda":["misp-galaxy:threat-actor=\"Gibberish Panda\""],"Gnosticplayers":["misp-galaxy:threat-actor=\"Gnosticplayers\""],"Groundbait":["misp-galaxy:threat-actor=\"Groundbait\""],"Group 27":["misp-galaxy:threat-actor=\"Group 27\""],"Guru Spider":["misp-galaxy:threat-actor=\"Guru Spider\""],"Hacking Team":["misp-galaxy:threat-actor=\"Hacking Team\""],"Hammer Panda":["misp-galaxy:threat-actor=\"Hammer Panda\""],"Zhenbao":["misp-galaxy:threat-actor=\"Hammer Panda\""],"TEMP.Zhenbao":["misp-galaxy:threat-actor=\"Hammer Panda\""],"Hellsing":["misp-galaxy:threat-actor=\"Hellsing\"","misp-galaxy:threat-actor=\"Naikon\""],"Goblin Panda":["misp-galaxy:threat-actor=\"Hellsing\""],"Cycldek":["misp-galaxy:threat-actor=\"Hellsing\""],"HookAds":["misp-galaxy:threat-actor=\"HookAds\""],"Hurricane Panda":["misp-galaxy:threat-actor=\"Hurricane Panda\""],"TEMP.Avengers":["misp-galaxy:threat-actor=\"Hurricane Panda\""],"Zirconium":["misp-galaxy:threat-actor=\"Hurricane Panda\""],"INDRIK SPIDER":["misp-galaxy:threat-actor=\"INDRIK SPIDER\""],"IRIDIUM":["misp-galaxy:threat-actor=\"IRIDIUM\""],"TG-2754":["misp-galaxy:threat-actor=\"IXESHE\""],"BeeBus":["misp-galaxy:threat-actor=\"IXESHE\""],"Group 22":["misp-galaxy:threat-actor=\"IXESHE\""],"Calc Team":["misp-galaxy:threat-actor=\"IXESHE\""],"DNSCalc":["misp-galaxy:threat-actor=\"IXESHE\""],"Crimson Iron":["misp-galaxy:threat-actor=\"IXESHE\""],"APT 12":["misp-galaxy:threat-actor=\"IXESHE\""],"Ice Fog":["misp-galaxy:threat-actor=\"Ice Fog\""],"IceFog":["misp-galaxy:threat-actor=\"Ice Fog\""],"Dagger Panda":["misp-galaxy:threat-actor=\"Ice Fog\""],"Impersonating Panda":["misp-galaxy:threat-actor=\"Impersonating Panda\""],"Inception Framework":["misp-galaxy:threat-actor=\"Inception Framework\""],"Operation Mermaid":["misp-galaxy:threat-actor=\"Infy\""],"Prince of Persia":["misp-galaxy:threat-actor=\"Infy\""],"Iron Group":["misp-galaxy:threat-actor=\"Iron Group\""],"Iron Cyber Group":["misp-galaxy:threat-actor=\"Iron Group\""],"Judgment Panda":["misp-galaxy:threat-actor=\"Judgment Panda\""],"Karma Panda":["misp-galaxy:threat-actor=\"Karma Panda\""],"Keyhole Panda":["misp-galaxy:threat-actor=\"Keyhole Panda\""],"temp.bottle":["misp-galaxy:threat-actor=\"Keyhole Panda\""],"Kimsuki":["misp-galaxy:threat-actor=\"Kimsuki\""],"Kimsuky":["misp-galaxy:threat-actor=\"Kimsuki\""],"Velvet Chollima":["misp-galaxy:threat-actor=\"Kimsuki\""],"Kryptonite Panda":["misp-galaxy:threat-actor=\"Kryptonite Panda\""],"Operation DarkSeoul":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Dark Seoul":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Hastati Group":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Andariel":["misp-galaxy:threat-actor=\"Lazarus Group\"","misp-galaxy:threat-actor=\"Silent Chollima\""],"Unit 121":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Bureau 121":["misp-galaxy:threat-actor=\"Lazarus Group\""],"NewRomanic Cyber Army Team":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Bluenoroff":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Subgroup: Bluenoroff":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Group 77":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Labyrinth Chollima":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Operation Troy":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Operation GhostSecret":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Operation AppleJeus":["misp-galaxy:threat-actor=\"Lazarus Group\""],"APT 38":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Stardust Chollima":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Whois Hacking Team":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Zinc":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Appleworm":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Nickel Academy":["misp-galaxy:threat-actor=\"Lazarus Group\""],"APT-C-26":["misp-galaxy:threat-actor=\"Lazarus Group\""],"APT 40":["misp-galaxy:threat-actor=\"Leviathan\""],"BRONZE MOHAWK":["misp-galaxy:threat-actor=\"Leviathan\""],"Libyan Scorpions":["misp-galaxy:threat-actor=\"Libyan Scorpions\""],"the Lamberts":["misp-galaxy:threat-actor=\"Longhorn\""],"ST Group":["misp-galaxy:threat-actor=\"Lotus Blossom\""],"Esile":["misp-galaxy:threat-actor=\"Lotus Blossom\""],"Lotus Panda":["misp-galaxy:threat-actor=\"Lotus Panda\"","misp-galaxy:threat-actor=\"Naikon\""],"Lucky Cat":["misp-galaxy:threat-actor=\"Lucky Cat\""],"Threat Group 3390":["misp-galaxy:threat-actor=\"LuckyMouse\""],"Lunar Spider":["misp-galaxy:threat-actor=\"Lunar Spider\""],"MUMMY SPIDER":["misp-galaxy:threat-actor=\"MUMMY SPIDER\""],"TA542":["misp-galaxy:threat-actor=\"MUMMY SPIDER\""],"Mummy Spider":["misp-galaxy:threat-actor=\"MUMMY SPIDER\""],"Madi":["misp-galaxy:threat-actor=\"Madi\""],"MageCart":["misp-galaxy:threat-actor=\"MageCart\""],"Magic Kitten":["misp-galaxy:threat-actor=\"Magic Kitten\""],"Group 42":["misp-galaxy:threat-actor=\"Magic Kitten\""],"Magnetic Spider":["misp-galaxy:threat-actor=\"Magnetic Spider\""],"Malware reusers":["misp-galaxy:threat-actor=\"Malware reusers\"","misp-galaxy:threat-actor=\"Volatile Cedar\""],"Reuse team":["misp-galaxy:threat-actor=\"Malware reusers\"","misp-galaxy:threat-actor=\"Volatile Cedar\""],"Dancing Salome":["misp-galaxy:threat-actor=\"Malware reusers\"","misp-galaxy:threat-actor=\"Volatile Cedar\""],"Mana Team":["misp-galaxy:threat-actor=\"Mana Team\""],"Maverick Panda":["misp-galaxy:threat-actor=\"Maverick Panda\""],"PLA Navy":["misp-galaxy:threat-actor=\"Maverick Panda\"","misp-galaxy:threat-actor=\"Samurai Panda\"","misp-galaxy:threat-actor=\"Wekby\""],"Ke3Chang":["misp-galaxy:threat-actor=\"Mirage\""],"APT 15":["misp-galaxy:threat-actor=\"Mirage\""],"Metushy":["misp-galaxy:threat-actor=\"Mirage\""],"Social Network Team":["misp-galaxy:threat-actor=\"Mirage\""],"Royal APT":["misp-galaxy:threat-actor=\"Mirage\""],"Mofang":["misp-galaxy:threat-actor=\"Mofang\""],"Superman":["misp-galaxy:threat-actor=\"Mofang\""],"Gaza Hackers Team":["misp-galaxy:threat-actor=\"Molerats\""],"Gaza cybergang":["misp-galaxy:threat-actor=\"Molerats\""],"Extreme Jackal":["misp-galaxy:threat-actor=\"Molerats\""],"Moonlight":["misp-galaxy:threat-actor=\"Molerats\""],"MoneyTaker":["misp-galaxy:threat-actor=\"MoneyTaker\""],"Static Kitten":["misp-galaxy:threat-actor=\"MuddyWater\""],"Mustang Panda":["misp-galaxy:threat-actor=\"Mustang Panda\""],"PLA Unit 78020":["misp-galaxy:threat-actor=\"Naikon\""],"Override Panda":["misp-galaxy:threat-actor=\"Naikon\""],"Camerashy":["misp-galaxy:threat-actor=\"Naikon\""],"APT.Naikon":["misp-galaxy:threat-actor=\"Naikon\""],"APT 21":["misp-galaxy:threat-actor=\"NetTraveler\""],"APT21":["misp-galaxy:threat-actor=\"NetTraveler\""],"Nexus Zeta":["misp-galaxy:threat-actor=\"Nexus Zeta\""],"Nightshade Panda":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"APT 9":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Flowerlady\/Flowershow":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Flowerlady":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Flowershow":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Nitro":["misp-galaxy:threat-actor=\"Nitro\""],"Covert Grove":["misp-galaxy:threat-actor=\"Nitro\""],"Nomad Panda":["misp-galaxy:threat-actor=\"Nomad Panda\""],"Twisted Kitten":["misp-galaxy:threat-actor=\"OilRig\""],"Crambus":["misp-galaxy:threat-actor=\"OilRig\""],"Helix Kitten":["misp-galaxy:threat-actor=\"OilRig\""],"OnionDog":["misp-galaxy:threat-actor=\"OnionDog\""],"Operation BugDrop":["misp-galaxy:threat-actor=\"Operation BugDrop\""],"Operation C-Major":["misp-galaxy:threat-actor=\"Operation C-Major\""],"Mythic Leopard":["misp-galaxy:threat-actor=\"Operation C-Major\""],"ProjectM":["misp-galaxy:threat-actor=\"Operation C-Major\""],"APT36":["misp-galaxy:threat-actor=\"Operation C-Major\""],"APT 36":["misp-galaxy:threat-actor=\"Operation C-Major\""],"TMP.Lapis":["misp-galaxy:threat-actor=\"Operation C-Major\""],"Operation Comando":["misp-galaxy:threat-actor=\"Operation Comando\""],"Operation Kabar Cobra":["misp-galaxy:threat-actor=\"Operation Kabar Cobra\""],"Operation Parliament":["misp-galaxy:threat-actor=\"Operation Parliament\""],"Operation Poison Needles":["misp-galaxy:threat-actor=\"Operation Poison Needles\""],"Operation ShadowHammer":["misp-galaxy:threat-actor=\"Operation ShadowHammer\""],"Operation Sharpshooter":["misp-galaxy:threat-actor=\"Operation Sharpshooter\""],"OurMine":["misp-galaxy:threat-actor=\"OurMine\""],"TwoForOne":["misp-galaxy:threat-actor=\"PLATINUM\""],"Pacha Group":["misp-galaxy:threat-actor=\"Pacha Group\""],"Pacifier APT":["misp-galaxy:threat-actor=\"Pacifier APT\"","misp-galaxy:threat-actor=\"Turla Group\""],"Skipper":["misp-galaxy:threat-actor=\"Pacifier APT\""],"Popeye":["misp-galaxy:threat-actor=\"Pacifier APT\"","misp-galaxy:threat-actor=\"Turla Group\""],"Packrat":["misp-galaxy:threat-actor=\"Packrat\""],"Pale Panda":["misp-galaxy:threat-actor=\"Pale Panda\""],"PassCV":["misp-galaxy:threat-actor=\"PassCV\""],"Pinchy Spider":["misp-galaxy:threat-actor=\"Pinchy Spider\""],"Pirate Panda":["misp-galaxy:threat-actor=\"Pirate Panda\""],"APT23":["misp-galaxy:threat-actor=\"Pirate Panda\""],"APT 23":["misp-galaxy:threat-actor=\"Pirate Panda\""],"Pitty Panda":["misp-galaxy:threat-actor=\"Pitty Panda\""],"MANGANESE":["misp-galaxy:threat-actor=\"Pitty Panda\""],"Pizzo Spider":["misp-galaxy:threat-actor=\"Pizzo Spider\""],"DD4BC":["misp-galaxy:threat-actor=\"Pizzo Spider\""],"Ambiorx":["misp-galaxy:threat-actor=\"Pizzo Spider\""],"Poisonous Panda":["misp-galaxy:threat-actor=\"Poisonous Panda\""],"Predator Panda":["misp-galaxy:threat-actor=\"Predator Panda\""],"Sauron":["misp-galaxy:threat-actor=\"ProjectSauron\""],"Project Sauron":["misp-galaxy:threat-actor=\"ProjectSauron\""],"PLA Unit 61486":["misp-galaxy:threat-actor=\"Putter Panda\""],"APT 2":["misp-galaxy:threat-actor=\"Putter Panda\""],"Group 36":["misp-galaxy:threat-actor=\"Putter Panda\""],"APT-2":["misp-galaxy:threat-actor=\"Putter Panda\""],"4HCrew":["misp-galaxy:threat-actor=\"Putter Panda\""],"SULPHUR":["misp-galaxy:threat-actor=\"Putter Panda\""],"SearchFire":["misp-galaxy:threat-actor=\"Putter Panda\""],"TG-6952":["misp-galaxy:threat-actor=\"Putter Panda\""],"RANCOR":["misp-galaxy:threat-actor=\"RANCOR\""],"Rancor group":["misp-galaxy:threat-actor=\"RANCOR\""],"Rancor Group":["misp-galaxy:threat-actor=\"RANCOR\""],"RASPITE":["misp-galaxy:threat-actor=\"RASPITE\""],"LeafMiner":["misp-galaxy:threat-actor=\"RASPITE\""],"Radio Panda":["misp-galaxy:threat-actor=\"Radio Panda\""],"Shrouded Crossbow":["misp-galaxy:threat-actor=\"Radio Panda\""],"Ratpak Spider":["misp-galaxy:threat-actor=\"Ratpak Spider\""],"Rebel Jackal":["misp-galaxy:threat-actor=\"Rebel Jackal\""],"FallagaTeam":["misp-galaxy:threat-actor=\"Rebel Jackal\""],"Red October":["misp-galaxy:threat-actor=\"Red October\""],"the Rocra":["misp-galaxy:threat-actor=\"Red October\""],"Roaming Mantis Group":["misp-galaxy:threat-actor=\"Roaming Mantis\""],"Roaming Tiger":["misp-galaxy:threat-actor=\"Roaming Tiger\""],"Rocke":["misp-galaxy:threat-actor=\"Rocke\""],"Operation Woolen Goldfish":["misp-galaxy:threat-actor=\"Rocket Kitten\""],"Thamar Reservoir":["misp-galaxy:threat-actor=\"Rocket Kitten\""],"Timberworm":["misp-galaxy:threat-actor=\"Rocket Kitten\""],"SNOWGLOBE":["misp-galaxy:threat-actor=\"SNOWGLOBE\""],"Animal Farm":["misp-galaxy:threat-actor=\"SNOWGLOBE\""],"Snowglobe":["misp-galaxy:threat-actor=\"SNOWGLOBE\""],"STARDUST CHOLLIMA":["misp-galaxy:threat-actor=\"STARDUST CHOLLIMA\""],"STOLEN PENCIL":["misp-galaxy:threat-actor=\"STOLEN PENCIL\""],"Sabre Panda":["misp-galaxy:threat-actor=\"Sabre Panda\""],"Salty Spider":["misp-galaxy:threat-actor=\"Salty Spider\""],"Samurai Panda":["misp-galaxy:threat-actor=\"Samurai Panda\""],"APT4":["misp-galaxy:threat-actor=\"Samurai Panda\""],"APT 4":["misp-galaxy:threat-actor=\"Samurai Panda\""],"Wisp Team":["misp-galaxy:threat-actor=\"Samurai Panda\""],"Getkys":["misp-galaxy:threat-actor=\"Samurai Panda\""],"SykipotGroup":["misp-galaxy:threat-actor=\"Samurai Panda\""],"Wkysol":["misp-galaxy:threat-actor=\"Samurai Panda\""],"SandCat":["misp-galaxy:threat-actor=\"SandCat\""],"Sands Casino":["misp-galaxy:threat-actor=\"Sands Casino\""],"Voodoo Bear":["misp-galaxy:threat-actor=\"Sandworm\""],"TEMP.Noble":["misp-galaxy:threat-actor=\"Sandworm\""],"Iron Viking":["misp-galaxy:threat-actor=\"Sandworm\""],"Sath-\u0131 M\u00fcdafaa":["misp-galaxy:threat-actor=\"Sath-\u0131 M\u00fcdafaa\""],"Sea Turtle":["misp-galaxy:threat-actor=\"Sea Turtle\""],"Shadow Network":["misp-galaxy:threat-actor=\"Shadow Network\""],"Shark Spider":["misp-galaxy:threat-actor=\"Shark Spider\""],"Group 13":["misp-galaxy:threat-actor=\"Shell Crew\""],"Sh3llCr3w":["misp-galaxy:threat-actor=\"Shell Crew\""],"Siesta":["misp-galaxy:threat-actor=\"Siesta\""],"Silence group":["misp-galaxy:threat-actor=\"Silence group\""],"Silent Chollima":["misp-galaxy:threat-actor=\"Silent Chollima\""],"OperationTroy":["misp-galaxy:threat-actor=\"Silent Chollima\""],"Guardian of Peace":["misp-galaxy:threat-actor=\"Silent Chollima\""],"GOP":["misp-galaxy:threat-actor=\"Silent Chollima\""],"WHOis Team":["misp-galaxy:threat-actor=\"Silent Chollima\""],"Subgroup: Andariel":["misp-galaxy:threat-actor=\"Silent Chollima\""],"Silent Librarian":["misp-galaxy:threat-actor=\"Silent Librarian\""],"Mabna Institute":["misp-galaxy:threat-actor=\"Silent Librarian\""],"Sima":["misp-galaxy:threat-actor=\"Sima\""],"Singing Spider":["misp-galaxy:threat-actor=\"Singing Spider\""],"Snake Wine":["misp-galaxy:threat-actor=\"Snake Wine\""],"PawnStorm":["misp-galaxy:threat-actor=\"Sofacy\""],"TAG_0700":["misp-galaxy:threat-actor=\"Sofacy\""],"IRON TWILIGHT":["misp-galaxy:threat-actor=\"Sofacy\""],"SIG40":["misp-galaxy:threat-actor=\"Sofacy\""],"Spicy Panda":["misp-galaxy:threat-actor=\"Spicy Panda\""],"Stalker Panda":["misp-galaxy:threat-actor=\"Stalker Panda\""],"FruityArmor":["misp-galaxy:threat-actor=\"Stealth Falcon\""],"APT 10":["misp-galaxy:threat-actor=\"Stone Panda\""],"MenuPass":["misp-galaxy:threat-actor=\"Stone Panda\""],"Menupass Team":["misp-galaxy:threat-actor=\"Stone Panda\""],"menuPass Team":["misp-galaxy:threat-actor=\"Stone Panda\""],"happyyongzi":["misp-galaxy:threat-actor=\"Stone Panda\""],"POTASSIUM":["misp-galaxy:threat-actor=\"Stone Panda\""],"DustStorm":["misp-galaxy:threat-actor=\"Stone Panda\""],"Cloud Hopper":["misp-galaxy:threat-actor=\"Stone Panda\""],"Subaat":["misp-galaxy:threat-actor=\"Subaat\"","misp-galaxy:threat-actor=\"The Gorgon Group\""],"TA505":["misp-galaxy:threat-actor=\"TA505\""],"TA530":["misp-galaxy:threat-actor=\"TA530\""],"TEMP.Hermit":["misp-galaxy:threat-actor=\"TEMP.Hermit\""],"Xenotime":["misp-galaxy:threat-actor=\"TEMP.Veles\""],"TeamSpy Crew":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"TeamSpy":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"Team Bear":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"Anger Bear":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"TeamXRat":["misp-galaxy:threat-actor=\"TeamXRat\""],"CorporacaoXRat":["misp-galaxy:threat-actor=\"TeamXRat\""],"CorporationXRat":["misp-galaxy:threat-actor=\"TeamXRat\""],"TeleBots":["misp-galaxy:threat-actor=\"TeleBots\""],"TempTick":["misp-galaxy:threat-actor=\"TempTick\""],"Temper Panda":["misp-galaxy:threat-actor=\"Temper Panda\""],"Admin338":["misp-galaxy:threat-actor=\"Temper Panda\""],"Team338":["misp-galaxy:threat-actor=\"Temper Panda\""],"MAGNESIUM":["misp-galaxy:threat-actor=\"Temper Panda\""],"Test Panda":["misp-galaxy:threat-actor=\"Test Panda\""],"The Big Bang":["misp-galaxy:threat-actor=\"The Big Bang\""],"The Gorgon Group":["misp-galaxy:threat-actor=\"The Gorgon Group\""],"The Shadow Brokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"The ShadowBrokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"TSB":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"Shadow Brokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"ShadowBrokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"Bronze Butler":["misp-galaxy:threat-actor=\"Tick\""],"RedBaldKnight":["misp-galaxy:threat-actor=\"Tick\""],"Tiny Spider":["misp-galaxy:threat-actor=\"Tiny Spider\""],"Tonto Team":["misp-galaxy:threat-actor=\"Tonto Team\""],"Toxic Panda":["misp-galaxy:threat-actor=\"Toxic Panda\""],"Operation Tropic Trooper":["misp-galaxy:threat-actor=\"Tropic Trooper\""],"Operation TropicTrooper":["misp-galaxy:threat-actor=\"Tropic Trooper\""],"TropicTrooper":["misp-galaxy:threat-actor=\"Tropic Trooper\""],"TurkHackTeam":["misp-galaxy:threat-actor=\"TurkHackTeam\""],"Turk Hack Team":["misp-galaxy:threat-actor=\"TurkHackTeam\""],"Turla Group":["misp-galaxy:threat-actor=\"Turla Group\""],"Venomous Bear":["misp-galaxy:threat-actor=\"Turla Group\""],"Group 88":["misp-galaxy:threat-actor=\"Turla Group\""],"WRAITH":["misp-galaxy:threat-actor=\"Turla Group\""],"Turla Team":["misp-galaxy:threat-actor=\"Turla Group\""],"Pfinet":["misp-galaxy:threat-actor=\"Turla Group\""],"TAG_0530":["misp-galaxy:threat-actor=\"Turla Group\""],"KRYPTON":["misp-galaxy:threat-actor=\"Turla Group\""],"SIG23":["misp-galaxy:threat-actor=\"Turla Group\""],"Iron Hunter":["misp-galaxy:threat-actor=\"Turla Group\""],"UPS":["misp-galaxy:threat-actor=\"UPS\""],"APT 3":["misp-galaxy:threat-actor=\"UPS\""],"Group 6":["misp-galaxy:threat-actor=\"UPS\""],"Boyusec":["misp-galaxy:threat-actor=\"UPS\""],"Union Panda":["misp-galaxy:threat-actor=\"Union Panda\""],"Union Spider":["misp-galaxy:threat-actor=\"Union Spider\""],"Unit 8200":["misp-galaxy:threat-actor=\"Unit 8200\""],"Duqu Group":["misp-galaxy:threat-actor=\"Unit 8200\""],"Unnamed Actor":["misp-galaxy:threat-actor=\"Unnamed Actor\""],"Viceroy Tiger":["misp-galaxy:threat-actor=\"Viceroy Tiger\""],"Appin":["misp-galaxy:threat-actor=\"Viceroy Tiger\""],"OperationHangover":["misp-galaxy:threat-actor=\"Viceroy Tiger\""],"Viking Jackal":["misp-galaxy:threat-actor=\"Viking Jackal\""],"Vikingdom":["misp-galaxy:threat-actor=\"Viking Jackal\""],"Violin Panda":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT20":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT 20":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT8":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT 8":["misp-galaxy:threat-actor=\"Violin Panda\""],"TH3Bug":["misp-galaxy:threat-actor=\"Violin Panda\""],"Volatile Cedar":["misp-galaxy:threat-actor=\"Volatile Cedar\""],"WIZARD SPIDER":["misp-galaxy:threat-actor=\"WIZARD SPIDER\""],"Wekby":["misp-galaxy:threat-actor=\"Wekby\""],"APT 18":["misp-galaxy:threat-actor=\"Wekby\""],"SCANDIUM":["misp-galaxy:threat-actor=\"Wekby\""],"Wet Panda":["misp-galaxy:threat-actor=\"Wet Panda\""],"White Bear":["misp-galaxy:threat-actor=\"White Bear\""],"Skipper Turla":["misp-galaxy:threat-actor=\"White Bear\""],"Whitefly":["misp-galaxy:threat-actor=\"Whitefly\""],"WildNeutron":["misp-galaxy:threat-actor=\"WildNeutron\""],"Butterfly":["misp-galaxy:threat-actor=\"WildNeutron\""],"Morpho":["misp-galaxy:threat-actor=\"WildNeutron\""],"Sphinx Moth":["misp-galaxy:threat-actor=\"WildNeutron\""],"WindShift":["misp-galaxy:threat-actor=\"WindShift\""],"Winnti Umbrella":["misp-galaxy:threat-actor=\"Winnti Umbrella\""],"Wolf Spider":["misp-galaxy:threat-actor=\"Wolf Spider\""],"Zombie Spider":["misp-galaxy:threat-actor=\"Zombie Spider\""],"[Unnamed group]":["misp-galaxy:threat-actor=\"[Unnamed group]\""],"[Vault 7\/8]":["misp-galaxy:threat-actor=\"[Vault 7\/8]\""],"ALMA Communicator":["misp-galaxy:tool=\"ALMA Communicator\""],"AURIGA":["misp-galaxy:tool=\"AURIGA\""],"Agent ORM":["misp-galaxy:tool=\"Agent ORM\""],"Tosliph":["misp-galaxy:tool=\"Agent ORM\""],"ComRat":["misp-galaxy:tool=\"Agent.BTZ\""],"Agent.dne":["misp-galaxy:tool=\"Agent.dne\""],"PinkSlipBot":["misp-galaxy:tool=\"Akbot\""],"AmmyAdmin":["misp-galaxy:tool=\"AmmyAdmin\""],"August":["misp-galaxy:tool=\"August\""],"Aumlib":["misp-galaxy:tool=\"Aumlib\""],"Yayih":["misp-galaxy:tool=\"Aumlib\""],"mswab":["misp-galaxy:tool=\"Aumlib\""],"BANGAT":["misp-galaxy:tool=\"BANGAT\""],"BASHLITE":["misp-galaxy:tool=\"BASHLITE\""],"BISKVIT":["misp-galaxy:tool=\"BISKVIT\""],"BOUNCER":["misp-galaxy:tool=\"BOUNCER\""],"BabaYaga":["misp-galaxy:tool=\"BabaYaga\""],"BabyShark":["misp-galaxy:tool=\"BabyShark\""],"Backdoor.Dripion":["misp-galaxy:tool=\"Backdoor.Dripion\""],"Dripion":["misp-galaxy:tool=\"Backdoor.Dripion\""],"Backdoor.Tinybaron":["misp-galaxy:tool=\"Backdoor.Tinybaron\""],"Backspace":["misp-galaxy:tool=\"Backspace\""],"Badnews":["misp-galaxy:tool=\"Badnews\""],"Bookworm":["misp-galaxy:tool=\"Bookworm\""],"Brushaloader":["misp-galaxy:tool=\"Brushaloader\""],"Bunny":["misp-galaxy:tool=\"Bunny\""],"Bushaloader":["misp-galaxy:tool=\"Bushaloader\""],"(.v2 fysbis)":["misp-galaxy:tool=\"CHOPSTICK\""],"CMStar":["misp-galaxy:tool=\"CMStar\""],"COMBOS":["misp-galaxy:tool=\"COMBOS\""],"COOKIEBAG":["misp-galaxy:tool=\"COOKIEBAG\""],"TROJAN.COOKIES":["misp-galaxy:tool=\"COOKIEBAG\""],"APT.InfoStealer.Win.CORALDECK":["misp-galaxy:tool=\"CORALDECK\""],"FE_APT_InfoStealer_Win_CORALDECK_1":["misp-galaxy:tool=\"CORALDECK\""],"CTRat":["misp-galaxy:tool=\"CTRat\""],"CUTLET MAKER":["misp-galaxy:tool=\"CUTLET MAKER\""],"CWoolger":["misp-galaxy:tool=\"CWoolger\""],"Cadelspy":["misp-galaxy:tool=\"Cadelspy\""],"WinSpy":["misp-galaxy:tool=\"Cadelspy\""],"Carp Downloader":["misp-galaxy:tool=\"Carp Downloader\""],"Cheshire Cat":["misp-galaxy:tool=\"Cheshire Cat\""],"Pegasus spyware":["misp-galaxy:tool=\"Chrysaor\""],"ClipboardWalletHijacker":["misp-galaxy:tool=\"ClipboardWalletHijacker\""],"Cowboy":["misp-galaxy:tool=\"Cowboy\""],"CowerSnail":["misp-galaxy:tool=\"CowerSnail\""],"Cromptui":["misp-galaxy:tool=\"Cromptui\""],"CroniX":["misp-galaxy:tool=\"CroniX\""],"DAIRY":["misp-galaxy:tool=\"DAIRY\""],"DHS2015":["misp-galaxy:tool=\"DHS2015\""],"iRAT":["misp-galaxy:tool=\"DHS2015\""],"FE_APT_RAT_DOGCALL":["misp-galaxy:tool=\"DOGCALL\""],"FE_APT_Backdoor_Win32_DOGCALL_1":["misp-galaxy:tool=\"DOGCALL\""],"APT.Backdoor.Win.DOGCALL":["misp-galaxy:tool=\"DOGCALL\""],"DOPU":["misp-galaxy:tool=\"DOPU\""],"DanderSpritz":["misp-galaxy:tool=\"DanderSpritz\""],"Dander Spritz":["misp-galaxy:tool=\"DanderSpritz\""],"Dark Pulsar":["misp-galaxy:tool=\"DarkPulsar\""],"TROJ_DLLSERV.BE":["misp-galaxy:tool=\"Derusbi\""],"Digmine":["misp-galaxy:tool=\"Digmine\""],"Disgufa":["misp-galaxy:tool=\"Disgufa\""],"DoubleFantasy":["misp-galaxy:tool=\"DoubleFantasy\""],"DownRage":["misp-galaxy:tool=\"DownRage\""],"Carberplike":["misp-galaxy:tool=\"DownRage\""],"DownRange":["misp-galaxy:tool=\"DownRange\""],"Downloader-FGO":["misp-galaxy:tool=\"Downloader-FGO\""],"Win32:Malware-gen":["misp-galaxy:tool=\"Downloader-FGO\""],"Generic30.ASYL (Trojan horse)":["misp-galaxy:tool=\"Downloader-FGO\""],"TR\/Agent.84480.85":["misp-galaxy:tool=\"Downloader-FGO\""],"Trojan.Generic.8627031":["misp-galaxy:tool=\"Downloader-FGO\""],"Trojan:Win32\/Sisproc":["misp-galaxy:tool=\"Downloader-FGO\""],"SB\/Malware":["misp-galaxy:tool=\"Downloader-FGO\""],"Trj\/CI.A":["misp-galaxy:tool=\"Downloader-FGO\""],"Mal\/Behav-112":["misp-galaxy:tool=\"Downloader-FGO\""],"Trojan.Spuler":["misp-galaxy:tool=\"Downloader-FGO\""],"TROJ_KAZY.SM1":["misp-galaxy:tool=\"Downloader-FGO\""],"Win32\/FakePPT_i":["misp-galaxy:tool=\"Downloader-FGO\""],"EAGERLEVER":["misp-galaxy:tool=\"EAGERLEVER\""],"EARLYSHOVEL":["misp-galaxy:tool=\"EARLYSHOVEL\""],"EASYBEE":["misp-galaxy:tool=\"EASYBEE\""],"EASYFUN":["misp-galaxy:tool=\"EASYFUN\""],"EASYPI":["misp-galaxy:tool=\"EASYPI\""],"EBBISLAND (EBBSHAVE)":["misp-galaxy:tool=\"EBBISLAND (EBBSHAVE)\""],"ECHOWRECKER":["misp-galaxy:tool=\"ECHOWRECKER\""],"ECLIPSEDWING":["misp-galaxy:tool=\"ECLIPSEDWING\""],"EDUCATEDSCHOLAR":["misp-galaxy:tool=\"EDUCATEDSCHOLAR\""],"ELF_IMEIJ":["misp-galaxy:tool=\"ELF_IMEIJ\""],"EMERALDTHREAD":["misp-galaxy:tool=\"EMERALDTHREAD\""],"EMPHASISMINE":["misp-galaxy:tool=\"EMPHASISMINE\""],"ENGLISHMANSDENTIST":["misp-galaxy:tool=\"ENGLISHMANSDENTIST\""],"EPICHERO":["misp-galaxy:tool=\"EPICHERO\""],"ERRATICGOPHER":["misp-galaxy:tool=\"ERRATICGOPHER\""],"ERRATICGOPHERTOUCH":["misp-galaxy:tool=\"ERRATICGOPHERTOUCH\""],"ESKIMOROLL":["misp-galaxy:tool=\"ESKIMOROLL\""],"ESSAYKEYNOTE":["misp-galaxy:tool=\"ESSAYKEYNOTE\""],"ESTEEMAUDIT":["misp-galaxy:tool=\"ESTEEMAUDIT\""],"ETCETERABLUE":["misp-galaxy:tool=\"ETCETERABLUE\""],"ETERNALBLUE":["misp-galaxy:tool=\"ETERNALBLUE\""],"ETERNALCHAMPION":["misp-galaxy:tool=\"ETERNALCHAMPION\""],"ETERNALROMANCE":["misp-galaxy:tool=\"ETERNALROMANCE\""],"ETERNALSYNERGY":["misp-galaxy:tool=\"ETERNALSYNERGY\""],"ETRE":["misp-galaxy:tool=\"ETRE\""],"EVADEFRED":["misp-galaxy:tool=\"EVADEFRED\""],"EVILNUM":["misp-galaxy:tool=\"EVILNUM\""],"EWOKFRENZY":["misp-galaxy:tool=\"EWOKFRENZY\""],"EXPIREDPAYCHECK":["misp-galaxy:tool=\"EXPIREDPAYCHECK\""],"EXPLODINGCAN":["misp-galaxy:tool=\"EXPLODINGCAN\""],"Elise Backdoor":["misp-galaxy:tool=\"Elise Backdoor\""],"Newsripper":["misp-galaxy:tool=\"Emdivi\""],"Empyre":["misp-galaxy:tool=\"Empyre\""],"Empye":["misp-galaxy:tool=\"Empyre\""],"EngineBox Malware":["misp-galaxy:tool=\"EngineBox Malware\""],"EquationLaser":["misp-galaxy:tool=\"EquationLaser\""],"Escad":["misp-galaxy:tool=\"Escad\""],"Etumbot":["misp-galaxy:tool=\"Etumbot\""],"Exploz":["misp-galaxy:tool=\"Etumbot\""],"Specfix":["misp-galaxy:tool=\"Etumbot\""],"BKDR_HGDER":["misp-galaxy:tool=\"EvilGrab\""],"BKDR_EVILOGE":["misp-galaxy:tool=\"EvilGrab\""],"BKDR_NVICM":["misp-galaxy:tool=\"EvilGrab\""],"Wmonder":["misp-galaxy:tool=\"EvilGrab\""],"Exforel":["misp-galaxy:tool=\"Exforel\""],"Explosive":["misp-galaxy:tool=\"Explosive\""],"EyePyramid Malware":["misp-galaxy:tool=\"EyePyramid Malware\""],"FUZZBUNCH":["misp-galaxy:tool=\"FUZZBUNCH\""],"FacexWorm":["misp-galaxy:tool=\"FacexWorm\""],"Fadok":["misp-galaxy:tool=\"Fadok\""],"Win32\/Fadok":["misp-galaxy:tool=\"Fadok\""],"FAKEM":["misp-galaxy:tool=\"Fakem RAT\""],"Fexel":["misp-galaxy:tool=\"Fexel\""],"Loneagent":["misp-galaxy:tool=\"Fexel\""],"FlexSpy":["misp-galaxy:tool=\"FlexSpy\""],"Flokibot":["misp-galaxy:tool=\"Flokibot\""],"Floki Bot":["misp-galaxy:tool=\"Flokibot\""],"Floki":["misp-galaxy:tool=\"Flokibot\""],"Foozer":["misp-galaxy:tool=\"Foozer\""],"FormBook":["misp-galaxy:tool=\"FormBook\""],"Fysbis":["misp-galaxy:tool=\"Fysbis\""],"GDOCUPLOAD":["misp-galaxy:tool=\"GDOCUPLOAD\""],"GELCAPSULE":["misp-galaxy:tool=\"GELCAPSULE\""],"FE_APT_Downloader_Win32_GELCAPSULE_1":["misp-galaxy:tool=\"GELCAPSULE\""],"GETMAIL":["misp-galaxy:tool=\"GETMAIL\""],"GHOLE":["misp-galaxy:tool=\"GHOLE\""],"GHOTEX":["misp-galaxy:tool=\"GHOTEX\""],"TROJAN.GTALK":["misp-galaxy:tool=\"GLOOXMAIL\""],"GOGGLES":["misp-galaxy:tool=\"GOGGLES\""],"TROJAN.FOXY":["misp-galaxy:tool=\"GOGGLES\""],"GREENCAT":["misp-galaxy:tool=\"GREENCAT\""],"Gamut Botnet":["misp-galaxy:tool=\"Gamut Botnet\""],"Gh0st Rat":["misp-galaxy:tool=\"Gh0st Rat\""],"Gh0stRat, GhostRat":["misp-galaxy:tool=\"Gh0st Rat\""],"GoScanSSH":["misp-galaxy:tool=\"GoScanSSH\""],"Gootkit":["misp-galaxy:tool=\"GootKit\""],"GrayFish":["misp-galaxy:tool=\"GrayFish\""],"HACKFASE":["misp-galaxy:tool=\"HACKFASE\""],"FE_APT_Downloader_HAPPYWORK":["misp-galaxy:tool=\"HAPPYWORK\""],"FE_APT_Exploit_HWP_Happy":["misp-galaxy:tool=\"HAPPYWORK\""],"Downloader.APT.HAPPYWORK":["misp-galaxy:tool=\"HAPPYWORK\""],"HDRoot":["misp-galaxy:tool=\"HDRoot\""],"HELAUTO":["misp-galaxy:tool=\"HELAUTO\""],"TokenControl":["misp-galaxy:tool=\"HTTPBrowser\""],"Hackshit":["misp-galaxy:tool=\"Hackshit\""],"Tordal":["misp-galaxy:tool=\"Hancitor\""],"Helminth backdoor":["misp-galaxy:tool=\"Helminth backdoor\""],"HerHer Trojan":["misp-galaxy:tool=\"HerHer Trojan\""],"Heseber BOT":["misp-galaxy:tool=\"Heseber BOT\""],"Hi-ZOR":["misp-galaxy:tool=\"Hi-ZOR\""],"Hoardy":["misp-galaxy:tool=\"Hoardy\""],"Hoarde":["misp-galaxy:tool=\"Hoardy\""],"Phindolp":["misp-galaxy:tool=\"Hoardy\""],"Htran":["misp-galaxy:tool=\"Htran\""],"HUC Packet Transmitter":["misp-galaxy:tool=\"Htran\""],"Huigezi malware":["misp-galaxy:tool=\"Huigezi malware\""],"Houdini":["misp-galaxy:tool=\"Hworm\""],"Hyena":["misp-galaxy:tool=\"Hyena\""],"IISTOUCH":["misp-galaxy:tool=\"IISTOUCH\""],"IRONGATE":["misp-galaxy:tool=\"IRONGATE\""],"Incognito RAT":["misp-galaxy:tool=\"Incognito RAT\""],"IntrudingDivisor":["misp-galaxy:tool=\"IntrudingDivisor\""],"IoT_reaper":["misp-galaxy:tool=\"IoT_reaper\""],"Iron Backdoor":["misp-galaxy:tool=\"Iron Backdoor\""],"JS Flash":["misp-galaxy:tool=\"JS Flash\""],"JavaScript variant of HALFBAKED":["misp-galaxy:tool=\"JS Flash\""],"JS_POWMET":["misp-galaxy:tool=\"JS_POWMET\""],"JasperLoader":["misp-galaxy:tool=\"JasperLoader\""],"JexBoss":["misp-galaxy:tool=\"JexBoss\""],"Jripbot":["misp-galaxy:tool=\"Jripbot\""],"Jiripbot":["misp-galaxy:tool=\"Jripbot\""],"FE_APT_Backdoor_Karae_enc":["misp-galaxy:tool=\"KARAE\""],"FE_APT_Backdoor_Karae":["misp-galaxy:tool=\"KARAE\""],"Backdoor.APT.Karae":["misp-galaxy:tool=\"KARAE\""],"KURTON":["misp-galaxy:tool=\"KURTON\""],"KillDisk Wiper":["misp-galaxy:tool=\"KillDisk Wiper\""],"KimJongRAT":["misp-galaxy:tool=\"KimJongRAT\""],"KingMiner":["misp-galaxy:tool=\"KingMiner\""],"LATENTBOT":["misp-galaxy:tool=\"LATENTBOT\""],"LIGHTBOLT":["misp-galaxy:tool=\"LIGHTBOLT\""],"LIGHTDART":["misp-galaxy:tool=\"LIGHTDART\""],"LONGRUN":["misp-galaxy:tool=\"LONGRUN\""],"LURK":["misp-galaxy:tool=\"LURK\""],"LamePyre":["misp-galaxy:tool=\"LamePyre\""],"OSX.LamePyre":["misp-galaxy:tool=\"LamePyre\""],"Lazagne":["misp-galaxy:tool=\"Lazagne\""],"LockPoS":["misp-galaxy:tool=\"LockPoS\""],"Loki Bot":["misp-galaxy:tool=\"Loki Bot\""],"Lost Door RAT":["misp-galaxy:tool=\"Lost Door RAT\""],"LostDoor RAT":["misp-galaxy:tool=\"Lost Door RAT\""],"BKDR_LODORAT":["misp-galaxy:tool=\"Lost Door RAT\""],"LuminosityLink":["misp-galaxy:tool=\"LuminosityLink\""],"MANITSME":["misp-galaxy:tool=\"MANITSME\""],"MAPIGET":["misp-galaxy:tool=\"MAPIGET\""],"MFC Huner":["misp-galaxy:tool=\"MFC Huner\""],"Hupigon":["misp-galaxy:tool=\"MFC Huner\""],"BKDR_HUPIGON":["misp-galaxy:tool=\"MFC Huner\""],"MILKDROP":["misp-galaxy:tool=\"MILKDROP\""],"FE_Trojan_Win32_MILKDROP_1":["misp-galaxy:tool=\"MILKDROP\""],"MINIASP":["misp-galaxy:tool=\"MINIASP\""],"MM Core backdoor":["misp-galaxy:tool=\"MM Core\""],"BigBoss":["misp-galaxy:tool=\"MM Core\""],"SillyGoose":["misp-galaxy:tool=\"MM Core\""],"BaneChant":["misp-galaxy:tool=\"MM Core\""],"StrangeLove":["misp-galaxy:tool=\"MM Core\""],"MagentoCore Malware":["misp-galaxy:tool=\"MagentoCore Malware\""],"Maikspy":["misp-galaxy:tool=\"Maikspy\""],"Mikatz":["misp-galaxy:tool=\"Mimikatz\""],"Linux\/Mirai":["misp-galaxy:tool=\"Mirai\""],"MoneyTaker 5.0":["misp-galaxy:tool=\"MoneyTaker 5.0\""],"Moneygram Adwind":["misp-galaxy:tool=\"Moneygram Adwind\""],"Mongall":["misp-galaxy:tool=\"Mongall\""],"Moudoor":["misp-galaxy:tool=\"Moudoor\""],"SCAR":["misp-galaxy:tool=\"Moudoor\""],"KillProc.14145":["misp-galaxy:tool=\"Moudoor\""],"NAMEDPIPETOUCH":["misp-galaxy:tool=\"NAMEDPIPETOUCH\""],"NBot":["misp-galaxy:tool=\"NBot\""],"NEWSREELS":["misp-galaxy:tool=\"NEWSREELS\""],"NLBrute":["misp-galaxy:tool=\"NLBrute\""],"NanoCoreRAT":["misp-galaxy:tool=\"NanoCoreRAT\""],"Nancrat":["misp-galaxy:tool=\"NanoCoreRAT\""],"Zurten":["misp-galaxy:tool=\"NanoCoreRAT\""],"Atros2.CKPN":["misp-galaxy:tool=\"NanoCoreRAT\""],"Netfile":["misp-galaxy:tool=\"NetTraveler\""],"Neteagle":["misp-galaxy:tool=\"Neteagle\""],"scout":["misp-galaxy:tool=\"Neteagle\""],"norton":["misp-galaxy:tool=\"Neteagle\""],"Nflog":["misp-galaxy:tool=\"Nflog\""],"Not Petya":["misp-galaxy:tool=\"NotPetya\""],"ODDJOB":["misp-galaxy:tool=\"ODDJOB\""],"BackDoor-FDU":["misp-galaxy:tool=\"OLDBAIT\""],"IEChecker":["misp-galaxy:tool=\"OLDBAIT\""],"OSX.BadWord":["misp-galaxy:tool=\"OSX.BadWord\""],"OSX.Pirrit":["misp-galaxy:tool=\"OSX.Pirrit\""],"OSX\/Pirrit":["misp-galaxy:tool=\"OSX.Pirrit\""],"OSX\/Shlayer":["misp-galaxy:tool=\"OSX\/Shlayer\""],"Oldrea":["misp-galaxy:tool=\"Oldrea\""],"HSDFSDCrypt":["misp-galaxy:tool=\"Ordinypt\""],"OzoneRAT":["misp-galaxy:tool=\"OzoneRAT\""],"Ozone RAT":["misp-galaxy:tool=\"OzoneRAT\""],"ozonercp":["misp-galaxy:tool=\"OzoneRAT\""],"PAExec":["misp-galaxy:tool=\"PAExec\""],"PASSFREELY":["misp-galaxy:tool=\"PASSFREELY\""],"PCClient RAT":["misp-galaxy:tool=\"PCClient RAT\""],"PLEAD Downloader":["misp-galaxy:tool=\"PLEAD Downloader\""],"PNG Dropper":["misp-galaxy:tool=\"PNG Dropper\""],"PNG_Dropper":["misp-galaxy:tool=\"PNG Dropper\""],"PNGDropper":["misp-galaxy:tool=\"PNG Dropper\""],"Backdoor.APT.POORAIM":["misp-galaxy:tool=\"POORAIM\""],"PRILEX":["misp-galaxy:tool=\"PRILEX\""],"PWOBot":["misp-galaxy:tool=\"PWOBot\""],"PWOLauncher":["misp-galaxy:tool=\"PWOBot\""],"PWOHTTPD":["misp-galaxy:tool=\"PWOBot\""],"PWOKeyLogger":["misp-galaxy:tool=\"PWOBot\""],"PWOMiner":["misp-galaxy:tool=\"PWOBot\""],"PWOPyExec":["misp-galaxy:tool=\"PWOBot\""],"PWOQuery":["misp-galaxy:tool=\"PWOBot\""],"Palevo":["misp-galaxy:tool=\"Palevo\""],"Badey":["misp-galaxy:tool=\"Pirpi\""],"EXL":["misp-galaxy:tool=\"Pirpi\""],"Backdoor.FSZO-5117":["misp-galaxy:tool=\"PlugX\""],"Trojan.Heur.JP.juW@ayZZvMb":["misp-galaxy:tool=\"PlugX\""],"Trojan.Inject1.6386":["misp-galaxy:tool=\"PlugX\""],"Agent.dhwf":["misp-galaxy:tool=\"PlugX\""],"Preshin":["misp-galaxy:tool=\"Preshin\""],"PupyRAT":["misp-galaxy:tool=\"PupyRAT\""],"QUASARRAT":["misp-galaxy:tool=\"QUASARRAT\""],"RCS Galileo":["misp-galaxy:tool=\"RCS Galileo\""],"RDPWrap":["misp-galaxy:tool=\"RDPWrap\""],"REDLEAVES":["misp-galaxy:tool=\"REDLEAVES\""],"RICECURRY":["misp-galaxy:tool=\"RICECURRY\""],"Exploit.APT.RICECURRY":["misp-galaxy:tool=\"RICECURRY\""],"RPCOUTCH":["misp-galaxy:tool=\"RPCOUTCH\""],"RUHAPPY":["misp-galaxy:tool=\"RUHAPPY\""],"FE_APT_Trojan_Win32_RUHAPPY_1":["misp-galaxy:tool=\"RUHAPPY\""],"Ratankba":["misp-galaxy:tool=\"Ratankba\""],"Prax":["misp-galaxy:tool=\"Regin\""],"WarriorPride":["misp-galaxy:tool=\"Regin\""],"Rekaf":["misp-galaxy:tool=\"Rekaf\""],"Rotexy":["misp-galaxy:tool=\"Rotexy\""],"SMSThief":["misp-galaxy:tool=\"Rotexy\""],"Rotinom":["misp-galaxy:tool=\"Rotinom\""],"ROVNIX":["misp-galaxy:tool=\"Rovnix\""],"RoyalDNS":["misp-galaxy:tool=\"RoyalDNS\""],"Rubella Macro Builder":["misp-galaxy:tool=\"Rubella Macro Builder\""],"SEASALT":["misp-galaxy:tool=\"SEASALT\""],"FE_APT_Backdoor_SHUTTERSPEED":["misp-galaxy:tool=\"SHUTTERSPEED\""],"APT.Backdoor.SHUTTERSPEED":["misp-galaxy:tool=\"SHUTTERSPEED\""],"FE_APT_Downloader_Win_SLOWDRIFT_1":["misp-galaxy:tool=\"SLOWDRIFT\""],"FE_APT_Downloader_Win_SLOWDRIFT_2":["misp-galaxy:tool=\"SLOWDRIFT\""],"APT.Downloader.SLOWDRIFT":["misp-galaxy:tool=\"SLOWDRIFT\""],"SLUB Backdoor":["misp-galaxy:tool=\"SLUB Backdoor\""],"SMBTOUCH":["misp-galaxy:tool=\"SMBTOUCH\""],"SOUNDWAVE":["misp-galaxy:tool=\"SOUNDWAVE\""],"FE_APT_HackTool_Win32_SOUNDWAVE_1":["misp-galaxy:tool=\"SOUNDWAVE\""],"SPIVY":["misp-galaxy:tool=\"SPIVY\""],"STARSYPOUND":["misp-galaxy:tool=\"STARSYPOUND\""],"SURTR":["misp-galaxy:tool=\"SURTR\""],"SWORD":["misp-galaxy:tool=\"SWORD\""],"Scieron":["misp-galaxy:tool=\"Scieron\""],"Scranos":["misp-galaxy:tool=\"Scranos\""],"Sekur":["misp-galaxy:tool=\"Sekur\""],"ShimRAT":["misp-galaxy:tool=\"ShimRAT\""],"Shipup":["misp-galaxy:tool=\"Shipup\""],"Shiz":["misp-galaxy:tool=\"Shiz\""],"Win32\/Sirefef":["misp-galaxy:tool=\"Sirefef\""],"SkeletonKey":["misp-galaxy:tool=\"SkeletonKey\""],"Skyipot":["misp-galaxy:tool=\"Skyipot\""],"GM-Bot":["misp-galaxy:tool=\"Slempo\""],"Spindest":["misp-galaxy:tool=\"Spindest\""],"StalinLocker":["misp-galaxy:tool=\"StalinLocker\""],"StalinScreamer":["misp-galaxy:tool=\"StalinLocker\""],"StealthWorker":["misp-galaxy:tool=\"StealthWorker\""],"StrongPity2":["misp-galaxy:tool=\"StrongPity2\""],"Win32\/StrongPity2":["misp-galaxy:tool=\"StrongPity2\""],"trojan-banker.androidos.svpeng.ae":["misp-galaxy:tool=\"Svpeng\""],"Swisyn":["misp-galaxy:tool=\"Swisyn\""],"T5000":["misp-galaxy:tool=\"T5000\""],"Plat1":["misp-galaxy:tool=\"T5000\""],"TABMSGSQL":["misp-galaxy:tool=\"TABMSGSQL\""],"TROJAN LETSGO":["misp-galaxy:tool=\"TABMSGSQL\""],"TARSIP-ECLIPSE":["misp-galaxy:tool=\"TARSIP-ECLIPSE\""],"TARSIP-MOON":["misp-galaxy:tool=\"TARSIP-MOON\""],"TRISIS":["misp-galaxy:tool=\"TRISIS\""],"TRITON":["misp-galaxy:tool=\"TRISIS\""],"Tafacalou":["misp-galaxy:tool=\"Tafacalou\""],"Tartine":["misp-galaxy:tool=\"Tartine\""],"Taurus":["misp-galaxy:tool=\"Taurus\""],"Tdrop":["misp-galaxy:tool=\"Tdrop\""],"Tdrop2":["misp-galaxy:tool=\"Tdrop2\""],"Terra Loader":["misp-galaxy:tool=\"Terra Loader\""],"Torn RAT":["misp-galaxy:tool=\"Torn RAT\""],"Travle":["misp-galaxy:tool=\"Travle\""],"PYLOT":["misp-galaxy:tool=\"Travle\""],"Trick Bot":["misp-galaxy:tool=\"Trick Bot\""],"TripleFantasy":["misp-galaxy:tool=\"TripleFantasy\""],"Trojan.Laziok":["misp-galaxy:tool=\"Trojan.Laziok\""],"Trojan.Naid":["misp-galaxy:tool=\"Trojan.Naid\""],"Mdmbot.E":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.GUNZ":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.AQUP.DROPPER":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.BMZA":["misp-galaxy:tool=\"Trojan.Naid\""],"MCRAT.A":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.ABQMR":["misp-galaxy:tool=\"Trojan.Naid\""],"Trojan.Seaduke":["misp-galaxy:tool=\"Trojan.Seaduke\""],"Seaduke":["misp-galaxy:tool=\"Trojan.Seaduke\""],"Troy":["misp-galaxy:tool=\"Troy\""],"Urouros":["misp-galaxy:tool=\"Turla\""],"UselessDisk":["misp-galaxy:tool=\"UselessDisk\""],"DiskWriter":["misp-galaxy:tool=\"UselessDisk\""],"VB Flash":["misp-galaxy:tool=\"VB Flash\""],"VPNFilter":["misp-galaxy:tool=\"VPNFilter\""],"WARP":["misp-galaxy:tool=\"WARP\""],"WEBC2-ADSPACE":["misp-galaxy:tool=\"WEBC2-ADSPACE\""],"WEBC2-AUSOV":["misp-galaxy:tool=\"WEBC2-AUSOV\""],"WEBC2-BOLID":["misp-galaxy:tool=\"WEBC2-BOLID\""],"WEBC2-CLOVER":["misp-galaxy:tool=\"WEBC2-CLOVER\""],"WEBC2-CSON":["misp-galaxy:tool=\"WEBC2-CSON\""],"WEBC2-DIV":["misp-galaxy:tool=\"WEBC2-DIV\""],"WEBC2-GREENCAT":["misp-galaxy:tool=\"WEBC2-GREENCAT\""],"WEBC2-HEAD":["misp-galaxy:tool=\"WEBC2-HEAD\""],"WEBC2-KT3":["misp-galaxy:tool=\"WEBC2-KT3\""],"WEBC2-QBP":["misp-galaxy:tool=\"WEBC2-QBP\""],"WEBC2-RAVE":["misp-galaxy:tool=\"WEBC2-RAVE\""],"WEBC2-TABLE":["misp-galaxy:tool=\"WEBC2-TABLE\""],"WEBC2-TOCK":["misp-galaxy:tool=\"WEBC2-TOCK\""],"WEBC2-UGX":["misp-galaxy:tool=\"WEBC2-UGX\""],"WEBC2-Y21K":["misp-galaxy:tool=\"WEBC2-Y21K\""],"WEBC2-YAHOO":["misp-galaxy:tool=\"WEBC2-YAHOO\""],"FE_APT_Backdoor_WINERACK":["misp-galaxy:tool=\"WINERACK\""],"Backdoor.APT.WINERACK":["misp-galaxy:tool=\"WINERACK\""],"WinIDS":["misp-galaxy:tool=\"WinIDS\""],"Etso":["misp-galaxy:tool=\"Winnti\""],"SUQ":["misp-galaxy:tool=\"Winnti\""],"Agent.ALQHI":["misp-galaxy:tool=\"Winnti\""],"Epic Turla":["misp-galaxy:tool=\"Wipbot\""],"Wmiexec":["misp-galaxy:tool=\"Wmiexec\""],"XAgent":["misp-galaxy:tool=\"X-Agent\""],"XSControl":["misp-galaxy:tool=\"XSControl\""],"W32\/Seeav":["misp-galaxy:tool=\"Yahoyah\""],"ZUMKONG":["misp-galaxy:tool=\"ZUMKONG\""],"FE_APT_Trojan_Zumkong":["misp-galaxy:tool=\"ZUMKONG\""],"Trojan.APT.Zumkong":["misp-galaxy:tool=\"ZUMKONG\""],"Sensode":["misp-galaxy:tool=\"ZXShell\""],"ZeGhost":["misp-galaxy:tool=\"ZeGhost\""],"BackDoor-FBZT!52D84425CDF2":["misp-galaxy:tool=\"ZeGhost\""],"Trojan.Win32.Staser.ytq":["misp-galaxy:tool=\"ZeGhost\""],"Win32\/Zegost.BW":["misp-galaxy:tool=\"ZeGhost\""],"Trojan.Zbot":["misp-galaxy:tool=\"Zeus\""],"adzok":["misp-galaxy:tool=\"adzok\""],"albertino":["misp-galaxy:tool=\"albertino\""],"arcom":["misp-galaxy:tool=\"arcom\""],"blacknix":["misp-galaxy:tool=\"blacknix\""],"bluebanana":["misp-galaxy:tool=\"bluebanana\""],"bozok":["misp-galaxy:tool=\"bozok\""],"clientmesh":["misp-galaxy:tool=\"clientmesh\""],"csvde.exe":["misp-galaxy:tool=\"csvde.exe\""],"cybergate":["misp-galaxy:tool=\"cybergate\""],"da Vinci RCS":["misp-galaxy:tool=\"da Vinci RCS\""],"DaVinci":["misp-galaxy:tool=\"da Vinci RCS\""],"Morcut":["misp-galaxy:tool=\"da Vinci RCS\""],"darkcomet":["misp-galaxy:tool=\"darkcomet\""],"darkddoser":["misp-galaxy:tool=\"darkddoser\""],"darkrat":["misp-galaxy:tool=\"darkrat\""],"feodo":["misp-galaxy:tool=\"feodo\""],"greame":["misp-galaxy:tool=\"greame\""],"hawkeye":["misp-galaxy:tool=\"hawkeye\""],"javadropper":["misp-galaxy:tool=\"javadropper\""],"jspy":["misp-galaxy:tool=\"jspy\""],"kitty Malware":["misp-galaxy:tool=\"kitty Malware\""],"lostdoor":["misp-galaxy:tool=\"lostdoor\""],"luxnet":["misp-galaxy:tool=\"luxnet\""],"miniFlame":["misp-galaxy:tool=\"miniFlame\""],"njRAT":["misp-galaxy:tool=\"njRAT\""],"Jorik":["misp-galaxy:tool=\"njRAT\""],"pandora":["misp-galaxy:tool=\"pandora\""],"predatorpain":["misp-galaxy:tool=\"predatorpain\""],"punisher":["misp-galaxy:tool=\"punisher\""],"shadowtech":["misp-galaxy:tool=\"shadowtech\""],"smallnet":["misp-galaxy:tool=\"smallnet\""],"spygate":["misp-galaxy:tool=\"spygate\""],"tapaoux":["misp-galaxy:tool=\"tapaoux\""],"template":["misp-galaxy:tool=\"template\""],"vantom":["misp-galaxy:tool=\"vantom\""],"virusrat":["misp-galaxy:tool=\"virusrat\""],"wp-vcd":["misp-galaxy:tool=\"wp-vcd\""],"xDedic RDP Patch":["misp-galaxy:tool=\"xDedic RDP Patch\""],"xDedic SysScan":["misp-galaxy:tool=\"xDedic SysScan\""],"xena":["misp-galaxy:tool=\"xena\""],"xrat":["misp-galaxy:tool=\"xrat\""],"xtreme":["misp-galaxy:tool=\"xtreme\""]} \ No newline at end of file diff --git a/misp_modules/modules/import_mod/__init__.py b/misp_modules/modules/import_mod/__init__.py index 71ae7fa..a7d220d 100644 --- a/misp_modules/modules/import_mod/__init__.py +++ b/misp_modules/modules/import_mod/__init__.py @@ -15,4 +15,5 @@ __all__ = [ 'csvimport', 'cof2misp', 'joe_import', + 'taxii21' ] diff --git a/misp_modules/modules/import_mod/taxii21.py b/misp_modules/modules/import_mod/taxii21.py new file mode 100644 index 0000000..4993dbf --- /dev/null +++ b/misp_modules/modules/import_mod/taxii21.py @@ -0,0 +1,354 @@ +""" +Import content from a TAXII 2.1 server. +""" +import collections +import itertools +import json +import misp_modules.lib.stix2misp +from pathlib import Path +import re +import stix2.v20 +import taxii2client +import taxii2client.exceptions +import requests + + +class ConfigError(Exception): + """ + Represents an error in the config settings for one invocation of this + module. + """ + pass + + +misperrors = {'error': 'Error'} + +moduleinfo = {'version': '0.1', 'author': 'Abc', + 'description': 'Import content from a TAXII 2.1 server', + 'module-type': ['import']} + +mispattributes = { + 'inputSource': [], + 'output': ['MISP objects'], + 'format': 'misp_standard', +} + + +userConfig = { + "url": { + "type": "String", + "message": "A TAXII 2.1 collection URL", + }, + "added_after": { + "type": "String", + "message": "Lower bound on time the object was uploaded to the TAXII server" + }, + "stix_id": { + "type": "String", + "message": "STIX ID(s) of objects" + }, + "spec_version": { # TAXII 2.1 specific + "type": "String", + "message": "STIX version(s) of objects" + }, + "type": { + "type": "String", + "message": "STIX type(s) of objects" + }, + "version": { + "type": "String", + "message": 'Version timestamp(s), or "first"/"last"/"all"' + }, + # Should we give some user control over this? It will not be allowed to + # exceed the admin setting. + "STIX object limit": { + "type": "Integer", + "message": "Maximum number of STIX objects to process" + }, + "username": { + "type": "String", + "message": "Username for TAXII server authentication, if necessary" + }, + "password": { + "type": "String", + "message": "Password for TAXII server authentication, if necessary" + } +} + +# Paging will be handled transparently by this module, so user-defined +# paging-related filtering parameters will not be supported. + + +# This module will not process more than this number of STIX objects in total +# from a TAXII server in one module invocation (across all pages), to limit +# resource consumption. +moduleconfig = [ + "stix_object_limit" +] + + +# In case there is neither an admin nor user setting given. +_DEFAULT_STIX_OBJECT_LIMIT = 1000 + + +# Page size to use when paging TAXII results. Trades off the amount of +# hammering on TAXII servers and overhead of repeated requests, with the +# resource consumption of a single page. (Should be an admin setting too?) +_PAGE_SIZE = 100 + + +_synonymsToTagNames_path = Path(__file__).parent / "../../lib/synonymsToTagNames.json" + + +# Collects module config information necessary to perform the TAXII query. +Config = collections.namedtuple("Config", [ + "url", + "added_after", + "id", + "spec_version", + "type", + "version", + "stix_object_limit", + "username", + "password" +]) + + +def _normalize_multi_values(value): + """ + Some TAXII filters may contain multiple values separated by commas, + without spaces around the commas. Maybe give MISP users a little more + flexibility? This function normalizes a possible multi-valued value + (e.g. multiple values delimited by commas or spaces, all in the same + string) to TAXII-required format. + + :param value: A MISP config value + :return: A normalized value + """ + + if "," in value: + value = re.sub(r"\s*,\s*", ",", value) + else: + # Assume space delimiting; replace spaces with commas. + # I don't think we need to worry about spaces embedded in values. + value = re.sub(r"\s+", ",", value) + + value = value.strip(",") + + return value + + +def _get_config(config): + """ + Combine user, admin, and default config settings to produce a config + object with all settings together. + + :param config: The misp-modules request's "config" value. + :return: A Config object + :raises ConfigError: if any config errors are detected + """ + + # Strip whitespace from all config settings... except for password? + for key, val in config.items(): + if isinstance(val, str) and key != "password": + config[key] = val.strip() + + url = config.get("url") + added_after = config.get("added_after") + id_ = config.get("stix_id") + spec_version = config.get("spec_version") + type_ = config.get("type") + version_ = config.get("version") + username = config.get("username") + password = config.get("password") + admin_stix_object_limit = config.get("stix_object_limit") + user_stix_object_limit = config.get("STIX object limit") + + if admin_stix_object_limit: + admin_stix_object_limit = int(admin_stix_object_limit) + else: + admin_stix_object_limit = _DEFAULT_STIX_OBJECT_LIMIT + + if user_stix_object_limit: + user_stix_object_limit = int(user_stix_object_limit) + stix_object_limit = min(user_stix_object_limit, admin_stix_object_limit) + else: + stix_object_limit = admin_stix_object_limit + + # How much of this should we sanity-check here before passing it off to the + # TAXII client (and thence, to the TAXII server)? + + if not url: + raise ConfigError("A TAXII 2.1 collection URL is required.") + + if admin_stix_object_limit < 1: + raise ConfigError( + "Invalid admin object limit: must be positive: " + + str(admin_stix_object_limit) + ) + + if stix_object_limit < 1: + raise ConfigError( + "Invalid object limit: must be positive: " + + str(stix_object_limit) + ) + + if id_: + id_ = _normalize_multi_values(id_) + if spec_version: + spec_version = _normalize_multi_values(spec_version) + if type_: + type_ = _normalize_multi_values(type_) + if version_: + version_ = _normalize_multi_values(version_) + + # STIX->MISP converter currently only supports STIX 2.0, so let's force + # spec_version="2.0". + if not spec_version: + spec_version = "2.0" + elif spec_version != "2.0": + raise ConfigError('Only spec_version="2.0" is supported for now.') + + if (username and not password) or (not username and password): + raise ConfigError( + 'Both or neither of "username" and "password" are required.' + ) + + config_obj = Config( + url, added_after, id_, spec_version, type_, version_, stix_object_limit, + username, password + ) + + return config_obj + + +def _query_taxii(config): + """ + Query the TAXII server according to the given config, convert the STIX + results to MISP, and return a standard misp-modules response. + + :param config: Module config information as a Config object + :return: A dict containing a misp-modules response + """ + + collection = taxii2client.Collection( + config.url, user=config.username, password=config.password + ) + + # No point in asking for more than our overall limit. + page_size = min(_PAGE_SIZE, config.stix_object_limit) + + kwargs = { + "per_request": page_size + } + + if config.spec_version: + kwargs["spec_version"] = config.spec_version + if config.version: + kwargs["version"] = config.version + if config.id: + kwargs["id"] = config.id + if config.type: + kwargs["type"] = config.type + if config.added_after: + kwargs["added_after"] = config.added_after + + pages = taxii2client.as_pages( + collection.get_objects, + **kwargs + ) + + # Chain all the objects from all pages together... + all_stix_objects = itertools.chain.from_iterable( + taxii_envelope.get("objects", []) + for taxii_envelope in pages + ) + + # And only take the first N objects from that. + limited_stix_objects = itertools.islice( + all_stix_objects, 0, config.stix_object_limit + ) + + # Collect into a list. This is... unfortunate, but I don't think the + # converter will work incrementally (will it?). It expects all objects to + # be given at once. + # + # It may also be desirable to have all objects available at once so that + # cross-references can be made where possible, but it results in increased + # memory usage. + stix_objects = list(limited_stix_objects) + + # The STIX 2.0 converter wants a 2.0 bundle. (Hope the TAXII server isn't + # returning 2.1 objects!) + bundle20 = stix2.v20.Bundle(stix_objects, allow_custom=True) + + converter = misp_modules.lib.stix2misp.ExternalStixParser() + converter.handler( + bundle20, None, [0, "event", str(_synonymsToTagNames_path)] + ) + + attributes = [ + attr.to_dict(json_format=True) + for attr in converter.misp_event.attributes + ] + + objects = [ + obj.to_dict(json_format=True) + for obj in converter.misp_event.objects + ] + + tags = [ + tag.to_dict(json_format=True) + for tag in converter.misp_event.tags + ] + + result = { + "results": { + "Attribute": attributes, + "Object": objects, + "Tag": tags + } + } + + return result + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + + result = None + config = None + + try: + config = _get_config(request["config"]) + except ConfigError as e: + result = misperrors + result["error"] = e.args[0] + + if not result: + try: + result = _query_taxii(config) + except taxii2client.exceptions.TAXIIServiceException as e: + result = misperrors + result["error"] = str(e) + except requests.HTTPError as e: + # Let's give a better error message for auth issues. + if e.response.status_code in (401, 403): + result = misperrors + result["error"] = "Access was denied." + else: + raise + + return result + + +def introspection(): + mispattributes["userConfig"] = userConfig + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 24070bfab7d7f0d8be51f452f4d2241eaf6e6b07 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Tue, 14 Dec 2021 01:02:35 -0500 Subject: [PATCH 089/132] Add workaround for PyMISP bug regarding conversion of objects to JSON-serializable values. --- misp_modules/modules/import_mod/taxii21.py | 25 +++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/import_mod/taxii21.py b/misp_modules/modules/import_mod/taxii21.py index 4993dbf..d03b85c 100644 --- a/misp_modules/modules/import_mod/taxii21.py +++ b/misp_modules/modules/import_mod/taxii21.py @@ -114,6 +114,25 @@ Config = collections.namedtuple("Config", [ ]) +def _pymisp_to_json_serializable(obj): + """ + Work around a possible bug with PyMISP's + AbstractMisp.to_dict(json_format=True) method, which doesn't always produce + a JSON-serializable value (i.e. a value which is serializable with the + default JSON encoder). + + :param obj: A PyMISP object + :return: A JSON-serializable version of the object + """ + + # The workaround creates a JSON string and then parses it back to a + # JSON-serializable value. + json_ = obj.to_json() + json_serializable = json.loads(json_) + + return json_serializable + + def _normalize_multi_values(value): """ Some TAXII filters may contain multiple values separated by commas, @@ -288,17 +307,17 @@ def _query_taxii(config): ) attributes = [ - attr.to_dict(json_format=True) + _pymisp_to_json_serializable(attr) for attr in converter.misp_event.attributes ] objects = [ - obj.to_dict(json_format=True) + _pymisp_to_json_serializable(obj) for obj in converter.misp_event.objects ] tags = [ - tag.to_dict(json_format=True) + _pymisp_to_json_serializable(tag) for tag in converter.misp_event.tags ] From 2874c41f7f34d1233c6f266af83f0d291100fee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 14 Jan 2022 10:23:08 +0100 Subject: [PATCH 090/132] fix: required parameters for Recorded Future object --- misp_modules/modules/expansion/recordedfuture.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/misp_modules/modules/expansion/recordedfuture.py b/misp_modules/modules/expansion/recordedfuture.py index 9894968..8056bfa 100644 --- a/misp_modules/modules/expansion/recordedfuture.py +++ b/misp_modules/modules/expansion/recordedfuture.py @@ -242,6 +242,10 @@ class RFEnricher: def __init__(self, attribute_props: dict): self.event = MISPEvent() self.enrichment_object = MISPObject("Recorded Future Enrichment") + self.enrichment_object.template_uuid = "cbe0ffda-75e5-4c49-833f-093f057652ba" + self.enrichment_object.template_id = "1" + self.enrichment_object.description = "Recorded Future Enrichment" + setattr(self.enrichment_object, 'meta-category', 'network') description = ( "An object containing the enriched attribute and " "related entities from Recorded Future." From 549f937b1e03276b14101c6e5b8a38ea379343aa Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 14 Jan 2022 11:48:49 -0500 Subject: [PATCH 091/132] Added some library requirements for the taxii21 import module. --- REQUIREMENTS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/REQUIREMENTS b/REQUIREMENTS index c0b5326..4c76aba 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -128,9 +128,11 @@ socialscan==1.4.2 socketio-client==0.5.7.4 soupsieve==2.2.1; python_version >= '3' sparqlwrapper==1.8.5 +stix2==3.0.1 stix2-patterns==1.3.2 tabulate==0.8.9 tau-clients==0.1.3 +taxii2-client==2.3.0 tldextract==3.1.0; python_version >= '3.5' tornado==6.1; python_version >= '3.5' tqdm==4.62.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' From ed2d14c956c9e08e96dc7a20b2c00447865fbfab Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Thu, 3 Feb 2022 10:44:13 +0100 Subject: [PATCH 092/132] Add hashlookup to expansion init.py --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 7591d7d..d20fe34 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb'] + 'qintel_qsentry', 'mwdb', 'hashlookup'] minimum_required_fields = ('type', 'uuid', 'value') From 323ca67a6c5689319e4b7da195ae148877f2bf2d Mon Sep 17 00:00:00 2001 From: Daniel Pascual Date: Thu, 3 Feb 2022 13:25:29 +0100 Subject: [PATCH 093/132] MISP exportmodule to create a VT Collection form an event --- misp_modules/modules/export_mod/__init__.py | 3 +- .../export_mod/virustotal_collections.py | 134 ++++++++++++++++++ 2 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 misp_modules/modules/export_mod/virustotal_collections.py diff --git a/misp_modules/modules/export_mod/__init__.py b/misp_modules/modules/export_mod/__init__.py index 5b69d02..ea90d19 100644 --- a/misp_modules/modules/export_mod/__init__.py +++ b/misp_modules/modules/export_mod/__init__.py @@ -1,2 +1,3 @@ __all__ = ['cef_export', 'mass_eql_export', 'liteexport', 'goamlexport', 'threat_connect_export', 'pdfexport', - 'threatStream_misp_export', 'osqueryexport', 'nexthinkexport', 'vt_graph', 'defender_endpoint_export'] + 'threatStream_misp_export', 'osqueryexport', 'nexthinkexport', 'vt_graph', 'defender_endpoint_export', + 'virustotal_collections'] diff --git a/misp_modules/modules/export_mod/virustotal_collections.py b/misp_modules/modules/export_mod/virustotal_collections.py new file mode 100644 index 0000000..fa2929c --- /dev/null +++ b/misp_modules/modules/export_mod/virustotal_collections.py @@ -0,0 +1,134 @@ +#!/usr/bin/env python3 + +# Copyright 2022 Google Inc. All Rights Reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Creates a VT Collection with indicators present in a given event.""" + +import base64 +import json +import requests + +misperrors = { + 'error': 'Error' +} + +mispattributes = { + 'input': [ + 'hostname', + 'domain', + 'ip-src', + 'ip-dst', + 'md5', + 'sha1', + 'sha256', + 'url' + ], + 'format': 'misp_standard', + 'responseType': 'application/txt', + 'outputFileExtension': 'txt', +} + +moduleinfo = { + 'version': '1.0', + 'author': 'VirusTotal', + 'description': 'Creates a VT Collection from an event iocs.', + 'module-type': ['export'] +} + +moduleconfig = [ + 'vt_api_key', + 'proxy_host', + 'proxy_port', + 'proxy_username', + 'proxy_password' +] + + +class VTError(Exception): + "Exception class to map vt api response errors." + pass + + +def create_collection(api_key, event_data): + headers = { + 'x-apikey': api_key, + 'content-type': 'application/json', + 'x-tool': 'MISPModuleVirusTotalCollectionExport', + } + + response = requests.post('https://www.virustotal.com/api/v3/integrations/misp/collections', + headers=headers, + json=event_data) + + uuid = event_data['Event']['uuid'] + response_data = response.json() + + if response.status_code == 200: + link = response_data['data']['links']['self'] + return f'{uuid}: {link}' + + error = response_data['error']['message'] + if response.status_code == 400: + return f'{uuid}: {error}' + else: + misperrors['error'] = error + raise VTError(error) + + +def normalize_misp_data(data): + normalized_data = {'Event': data.pop('Event', {})} + for attr_key in data: + if isinstance(data[attr_key], list) or isinstance(data[attr_key], dict): + if attr_key == 'EventTag': + normalized_data['Event']['Tag'] = [tag['Tag'] for tag in data[attr_key]] + else: + normalized_data['Event'][attr_key] = data[attr_key] + + return normalized_data + + +def handler(q=False): + request = json.loads(q) + + if not request.get('config') or not request['config'].get('vt_api_key'): + misperrors['error'] = 'A VirusTotal api key is required for this module.' + return misperrors + + config = request['config'] + data = request['data'] + responses = [] + + try: + for event_data in data: + normalized_event = normalize_misp_data(event_data) + responses.append(create_collection(config.get('vt_api_key'), + normalized_event)) + + output = '\n'.join(responses) + return { + "response": [], + "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8'), + } + except VTError: + return misperrors + + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From c20c4072831e3251baf3ed0f5ba61637ff7f9ef3 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 3 Feb 2022 19:38:42 +0100 Subject: [PATCH 094/132] fix: [test] cache url test --- tests/test_expansions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index b8764f7..23ddad2 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -494,7 +494,7 @@ class TestExpansions(unittest.TestCase): query = {"module": "sourcecache", "link": input_value} response = self.misp_modules_post(query) self.assertEqual(self.get_values(response), input_value) - self.assertTrue(self.get_data(response).startswith('PCFET0NUWVBFIEhUTUw+CjwhLS0KCUFyY2FuYSBieSBIVE1MN')) + self.assertTrue(self.get_data(response)) def test_stix2_pattern_validator(self): query = {"module": "stix2_pattern_syntax_validator", "stix2-pattern": "[ipv4-addr:value = '8.8.8.8']"} From 01d09355b4bd383dd743c3152b01f63d11230806 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 4 Feb 2022 12:00:05 +0100 Subject: [PATCH 095/132] new: [doc] virustotal_collections modules added --- .../website/export_mod/virustotal_collections.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 documentation/website/export_mod/virustotal_collections.json diff --git a/documentation/website/export_mod/virustotal_collections.json b/documentation/website/export_mod/virustotal_collections.json new file mode 100644 index 0000000..1ecdbe9 --- /dev/null +++ b/documentation/website/export_mod/virustotal_collections.json @@ -0,0 +1,14 @@ +{ + "description": "Creates a VT Collection from an event iocs.", + "logo": "virustotal.png", + "requirements": [ + "An access to the VirusTotal API (apikey)." + ], + "input": "A domain, hash (md5, sha1, sha256 or sha512), hostname, url or IP address attribute.", + "output": "A VirusTotal collection in VT.", + "references": [ + "https://www.virustotal.com/", + "https://blog.virustotal.com/2021/11/introducing-virustotal-collections.html" + ], + "features": "This export module which takes advantage of a new endpoint in VT APIv3 to create VT Collections from IOCs contained in a MISP event. With this module users will be able to create a collection just using the Download as... button." +} From 27d7e19c15297cb4e77bb2454f8e5f7c66cdb830 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 4 Feb 2022 12:00:49 +0100 Subject: [PATCH 096/132] chg: [doc] updated --- documentation/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/documentation/README.md b/documentation/README.md index c9fd62e..88670b0 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -2045,6 +2045,25 @@ Module to export a structured CSV file for uploading to ThreatConnect. ----- +#### [virustotal_collections](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/virustotal_collections.py) + + + +Creates a VT Collection from an event iocs. +- **features**: +>This export module which takes advantage of a new endpoint in VT APIv3 to create VT Collections from IOCs contained in a MISP event. With this module users will be able to create a collection just using the Download as... button. +- **input**: +>A domain, hash (md5, sha1, sha256 or sha512), hostname, url or IP address attribute. +- **output**: +>A VirusTotal collection in VT. +- **references**: +> - https://www.virustotal.com/ +> - https://blog.virustotal.com/2021/11/introducing-virustotal-collections.html +- **requirements**: +>An access to the VirusTotal API (apikey). + +----- + #### [vt_graph](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/vt_graph.py) From 91235b8cef714be42b4e2d9ba210141038579223 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 4 Feb 2022 12:43:11 +0100 Subject: [PATCH 097/132] Update dependencies, require Python 3.7 --- .github/workflows/python-package.yml | 2 + Pipfile | 24 ++-- REQUIREMENTS | 181 ++++++++++++++------------- 3 files changed, 113 insertions(+), 94 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index a444958..510a469 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -46,5 +46,7 @@ jobs: # Run server in background misp-modules -l 127.0.0.1 -s & sleep 5 + # Check if modules are running + curl -sS localhost:6666/modules # Run tests pytest tests diff --git a/Pipfile b/Pipfile index 85226be..bdf2c98 100644 --- a/Pipfile +++ b/Pipfile @@ -17,9 +17,9 @@ passivetotal = "*" pypdns = "*" pypssl = "*" pyeupi = "*" -pymisp = { extras = ["fileobjects,openioc,pdfexport,email"], version = "*" } -pyonyphe = { editable = true, git = "https://github.com/sebdraven/pyonyphe" } -pydnstrails = { editable = true, git = "https://github.com/sebdraven/pydnstrails" } +pymisp = { extras = ["fileobjects,openioc,pdfexport,email,url"], version = "*" } +pyonyphe = { git = "https://github.com/sebdraven/pyonyphe" } +pydnstrails = { git = "https://github.com/sebdraven/pydnstrails" } pytesseract = "*" pygeoip = "*" beautifulsoup4 = "*" @@ -31,20 +31,20 @@ maclookup = "*" vulners = "*" blockchain = "*" reportlab = "*" -pyintel471 = { editable = true, git = "https://github.com/MISP/PyIntel471.git" } +pyintel471 = { git = "https://github.com/MISP/PyIntel471.git" } shodan = "*" Pillow = ">=8.2.0" Wand = "*" SPARQLWrapper = "*" domaintools_api = "*" -misp-modules = { editable = true, path = "." } -pybgpranking = { editable = true, git = "https://github.com/D4-project/BGP-Ranking.git/", subdirectory = "client" } -pyipasnhistory = { editable = true, git = "https://github.com/D4-project/IPASN-History.git/", subdirectory = "client" } +misp-modules = { path = "." } +pybgpranking = { git = "https://github.com/D4-project/BGP-Ranking.git/", subdirectory = "client", ref = "68de39f6c5196f796055c1ac34504054d688aa59" } +pyipasnhistory = { git = "https://github.com/D4-project/IPASN-History.git/", subdirectory = "client", ref = "a2853c39265cecdd0c0d16850bd34621c0551b87" } backscatter = "*" pyzbar = "*" opencv-python = "*" np = "*" -ODTReader = { editable = true, git = "https://github.com/cartertemm/ODTReader.git/" } +ODTReader = { git = "https://github.com/cartertemm/ODTReader.git/" } python-pptx = "*" python-docx = "*" ezodf = "*" @@ -59,7 +59,7 @@ geoip2 = "*" apiosintDS = "*" assemblyline_client = "*" vt-graph-api = "*" -trustar = { editable = true, git = "https://github.com/SteveClement/trustar-python.git" } +trustar = { git = "https://github.com/SteveClement/trustar-python.git" } markdownify = "==0.5.3" socialscan = "*" dnsdb2 = "*" @@ -67,6 +67,10 @@ clamd = "*" aiohttp = ">=3.7.4" tau-clients = "*" vt-py = ">=0.7.1" +crowdstrike-falconpy = "0.9.0" +censys = "2.0.9" +mwdblib = "3.4.1" +ndjson = "0.3.1" [requires] -python_version = "3.6" +python_version = "3.7" diff --git a/REQUIREMENTS b/REQUIREMENTS index c0b5326..3953daa 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -6,150 +6,163 @@ # -i https://pypi.org/simple --e . --e git+https://github.com/D4-project/BGP-Ranking.git/@68de39f6c5196f796055c1ac34504054d688aa59#egg=pybgpranking&subdirectory=client --e git+https://github.com/D4-project/IPASN-History.git/@a2853c39265cecdd0c0d16850bd34621c0551b87#egg=pyipasnhistory&subdirectory=client --e git+https://github.com/MISP/PyIntel471.git@917272fafa8e12102329faca52173e90c5256968#egg=pyintel471 --e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader --e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails --e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe -git+https://github.com/SteveClement/trustar-python.git -aiohttp==3.7.4 +. +aiohttp==3.8.1 +aiosignal==1.2.0; python_version >= '3.6' antlr4-python3-runtime==4.8; python_version >= '3' apiosintds==1.8.3 +appdirs==1.4.4 argparse==1.4.0 -assemblyline-client==4.1.0 -async-timeout==3.0.1; python_full_version >= '3.5.3' -attrs==21.2.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +assemblyline-client==4.2.2 +async-timeout==4.0.2; python_version >= '3.6' +asynctest==0.13.0; python_version < '3.8' +attrs==21.4.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +backoff==1.11.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' backports.zoneinfo==0.2.1; python_version < '3.9' backscatter==0.2.4 -beautifulsoup4==4.9.3 -bidict==0.21.2; python_version >= '3.6' +beautifulsoup4==4.10.0 +bidict==0.21.4; python_version >= '3.6' blockchain==1.4.4 -certifi==2021.5.30 -censys==2.0.9 -cffi==1.14.6 -#chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -chardet -charset-normalizer==2.0.4; python_version >= '3' +censys==2.1.2 +certifi==2021.10.8 +cffi==1.15.0 +chardet==4.0.0 +charset-normalizer==2.0.11; python_version >= '3' clamd==1.0.2 click-plugins==1.1.1 -click==8.0.1; python_version >= '3.6' +click==8.0.3; python_version >= '3.6' colorama==0.4.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -colorclass==2.2.0 +colorclass==2.2.2; python_version >= '2.6' +commonmark==0.9.1 compressed-rtf==1.0.6 -configparser==5.0.2; python_version >= '3.6' -crowdstrike-falconpy==0.9.0 -cryptography==3.4.7; python_version >= '3.6' -decorator==5.0.9; python_version >= '3.5' -deprecated==1.2.12; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +configparser==5.2.0; python_version >= '3.6' +crowdstrike-falconpy==1.0.0 +cryptography==36.0.1; python_version >= '3.6' +decorator==5.1.1; python_version >= '3.5' +deprecated==1.2.13; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' dnsdb2==1.1.3 -dnspython==2.1.0 -domaintools-api==0.5.4 +dnspython==2.2.0 +domaintools-api==0.6.1 easygui==0.98.2 ebcdic==1.1.1 enum-compat==0.0.3 extract-msg==0.28.7 -ez-setup==0.9 ezodf==0.3.2 -filelock==3.0.12 +filelock==3.4.2; python_version >= '3.7' +frozenlist==1.3.0; python_version >= '3.7' future==0.18.2; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -futures==3.1.1 -geoip2==4.2.0 -httplib2==0.19.1 +geoip2==4.5.0 +git+https://github.com/D4-project/BGP-Ranking.git/@68de39f6c5196f796055c1ac34504054d688aa59#egg=pybgpranking&subdirectory=client +git+https://github.com/D4-project/IPASN-History.git/@a2853c39265cecdd0c0d16850bd34621c0551b87#egg=pyipasnhistory&subdirectory=client +git+https://github.com/MISP/PyIntel471.git@917272fafa8e12102329faca52173e90c5256968#egg=pyintel471 +git+https://github.com/SteveClement/trustar-python.git@6954eae38e0c77eaeef26084b6c5fd033925c1c7#egg=trustar +git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader +git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails +git+https://github.com/sebdraven/pyonyphe@aed008ee5a27e3a5e4afbb3e5cbfc47170108452#egg=pyonyphe +httplib2==0.20.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' idna-ssl==1.1.0; python_version < '3.7' -idna==3.2; python_version >= '3' +idna==3.3; python_version >= '3' imapclient==2.1.0 -isodate==0.6.0 +importlib-metadata==4.10.1; python_version < '3.8' +isodate==0.6.1 itsdangerous==2.0.1; python_version >= '3.6' jbxapi==3.17.2 -json-log-formatter==0.4.0 +jeepney==0.7.1; sys_platform == 'linux' +json-log-formatter==0.5.1 jsonschema==3.2.0 -lark-parser==0.11.3 +keyring==23.5.0; python_version >= '3.7' +lark-parser==0.12.0 lief==0.11.5 lxml==4.7.1 maclookup==1.0.3 markdownify==0.5.3 -maxminddb==2.0.3; python_version >= '3.6' -more-itertools==8.8.0; python_version >= '3.5' -msoffcrypto-tool==4.12.0; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin') -multidict==5.1.0; python_version >= '3.6' +maxminddb==2.2.0; python_version >= '3.6' +more-itertools==8.12.0; python_version >= '3.5' +msoffcrypto-tool==5.0.0; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin') +multidict==6.0.2; python_version >= '3.7' +mwdblib==4.0.0 +ndjson==0.3.1 np==1.0.2 -numpy==1.21.2; python_version < '3.11' and python_version >= '3.7' +numpy==1.21.5; python_version < '3.10' and platform_machine != 'aarch64' and platform_machine != 'arm64' oauth2==1.9.0.post1 olefile==0.46; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -oletools==0.56.2 -opencv-python==4.5.3.56 +oletools==0.60 +opencv-python==4.5.5.62 +packaging==21.3; python_version >= '3.6' pandas-ods-reader==0.1.2 pandas==1.3.5 -passivetotal==2.5.4 +passivetotal==2.5.8 pcodedmp==1.2.6 -pdftotext==2.2.0 -pillow==8.3.2 -progressbar2==3.53.1 -psutil==5.8.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -pycparser==2.20; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -pycryptodome==3.10.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -pycryptodomex==3.10.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pdftotext==2.2.2 +pillow==9.0.1 +progressbar2==4.0.0; python_version >= '3.7' +psutil==5.9.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' +pycparser==2.21 +pycryptodome==3.14.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pycryptodomex==3.14.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' pydeep==0.4 pyeupi==1.1 +pyfaup==1.2 pygeoip==0.3.2 -pymisp[email,fileobjects,openioc,pdfexport]==2.4.148 +pygments==2.11.2; python_version >= '3.5' +pymisp[email,fileobjects,openioc,pdfexport,url]==2.4.152 pyparsing==2.4.7; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pypdns==1.5.2 pypssl==2.2 -pyrsistent==0.18.0; python_version >= '3.6' +pyrsistent==0.18.1; python_version >= '3.7' pytesseract==0.3.8 python-baseconv==1.2.2 python-dateutil==2.8.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' python-docx==0.8.11 -python-engineio==4.2.1; python_version >= '3.6' -python-magic==0.4.24 -python-pptx==0.6.19 -python-socketio[client]==5.4.0; python_version >= '3.6' -python-utils==2.5.6 +python-engineio==4.3.1; python_version >= '3.6' +python-magic==0.4.25 +python-pptx==0.6.21 +python-socketio[client]==5.5.1; python_version >= '3.6' +python-utils==3.1.0; python_version >= '3.7' +pytz-deprecation-shim==0.1.0.post0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' pytz==2019.3 -pyyaml==5.4.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' +pyyaml==6.0; python_version >= '3.6' pyzbar==0.1.8 pyzipper==0.3.5; python_version >= '3.5' -rdflib==6.0.0; python_version >= '3.7' -redis==3.5.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -reportlab==3.6.1 +rdflib==6.1.1; python_version >= '3.7' +redis==4.1.2; python_version >= '3.6' +reportlab==3.6.6 requests-cache==0.6.4; python_version >= '3.6' requests-file==1.5.1 -requests[security]==2.26.0 +requests[security]==2.27.1 +rich==11.1.0; python_full_version >= '3.6.2' and python_full_version < '4.0.0' rtfde==0.0.2 -ruamel.yaml.clib==0.2.6; python_version < '3.10' and platform_python_implementation == 'CPython' -ruamel.yaml==0.17.13; python_version >= '3' -shodan==1.25.0 +secretstorage==3.3.1; sys_platform == 'linux' +setuptools==60.7.1; python_version >= '3.7' +shodan==1.26.1 sigmatools==0.19.1 six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' socialscan==1.4.2 socketio-client==0.5.7.4 -soupsieve==2.2.1; python_version >= '3' +soupsieve==2.3.1; python_version >= '3.6' sparqlwrapper==1.8.5 stix2-patterns==1.3.2 tabulate==0.8.9 -tau-clients==0.1.3 -tldextract==3.1.0; python_version >= '3.5' +tau-clients==0.1.9 +tldextract==3.1.2; python_version >= '3.6' tornado==6.1; python_version >= '3.5' -tqdm==4.62.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -typing-extensions==3.10.0.0 -tzlocal==3.0; python_version >= '3.6' +tqdm==4.62.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +typing-extensions==4.0.1; python_version < '3.8' +tzdata==2021.5; python_version >= '3.6' +tzlocal==4.1; python_version >= '3.6' unicodecsv==0.14.1 url-normalize==1.4.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' urlarchiver==0.2 -urllib3==1.26.6; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' +urllib3==1.26.8; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_full_version < '4.0.0' validators==0.14.0 -vt-graph-api==1.1.2 -vt-py==0.7.2 -vulners==1.5.12 +vt-graph-api==1.1.3 +vt-py==0.13.1 +vulners==2.0.0 wand==0.6.7 -websocket-client==1.2.1 -wrapt==1.12.1 +websocket-client==1.2.3; python_version >= '3.6' +wrapt==1.13.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' xlrd==2.0.1 -xlsxwriter==3.0.1; python_version >= '3.4' +xlsxwriter==3.0.2; python_version >= '3.4' yara-python==3.8.1 -yarl==1.6.3; python_version >= '3.6' -ndjson==0.3.1 -mwdblib==3.4.1 +yarl==1.7.2; python_version >= '3.6' +zipp==3.7.0; python_version >= '3.7' From cf7b8318a46d4a31c627a7ecec77824ba7c5b94c Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 5 Feb 2022 11:32:46 +0530 Subject: [PATCH 098/132] Initial Commit for IPQualityScore Expansion Module --- .../modules/expansion/ipqualityscore.py | 128 ++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 misp_modules/modules/expansion/ipqualityscore.py diff --git a/misp_modules/modules/expansion/ipqualityscore.py b/misp_modules/modules/expansion/ipqualityscore.py new file mode 100644 index 0000000..ebdb395 --- /dev/null +++ b/misp_modules/modules/expansion/ipqualityscore.py @@ -0,0 +1,128 @@ +import json +import logging +import requests +import urllib.parse +from . import check_input_attribute, standard_error_message +from pymisp import MISPAttribute, MISPEvent, MISPTag, MISPObject, Distribution + +logger = logging.getLogger('ipqualityscore') +logger.setLevel(logging.DEBUG) + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['hostname', 'domain', 'url', 'uri', 'ip-src', 'ip-dst', 'email', 'email-src', 'email-dst', 'target-email', 'whois-registrant-email', 'phone-number','whois-registrant-phone'], 'output': ['text'], 'format': 'misp_standard'} +moduleinfo = {'version': '0.1', 'author': 'David Mackler', 'description': 'Query IPQualityScore for IP reputation, Email Validation, Phone Number Validation and Malicious Domain/URL Scanner.', + 'module-type': ['hover', 'expansion']} +moduleconfig = ['apikey'] + +BASE_URL = 'https://ipqualityscore.com/api/json' +DEFAULT_DISTRIBUTION_SETTING = Distribution.your_organisation_only.value + +IP_API_ATTRIBUTE_TYPES = ['ip-src', 'ip-dst'] +URL_API_ATTRIBUTE_TYPES = ['hostname', 'domain', 'url', 'uri'] +EMAIL_API_ATTRIBUTE_TYPES = ['email', 'email-src', 'email-dst', 'target-email', 'whois-registrant-email'] +PHONE_API_ATTRIBUTE_TYPES = ['phone-number','whois-registrant-phone'] + +def _format_result(attribute, result, enrichment_type): + + event = MISPEvent() + + orig_attr = MISPAttribute() + orig_attr.from_dict(**attribute) + + event = _make_enriched_attr(event, result, orig_attr) + + return event + +def _make_enriched_attr(event, result, orig_attr): + + enriched_object = MISPObject('IPQualityScore Enrichment') + enriched_object.add_reference(orig_attr.uuid, 'related-to') + + enriched_attr = MISPAttribute() + enriched_attr.from_dict(**{ + 'value': orig_attr.value, + 'type': orig_attr.type, + 'distribution': 0, + 'object_relation': 'enriched-attr', + 'to_ids': orig_attr.to_ids + }) + + # enriched_attr = _make_tags(enriched_attr, result) + # enriched_object.add_attribute(**enriched_attr) + + + fraud_score_attr = MISPAttribute() + fraud_score_attr.from_dict(**{ + 'value': result.get('fraud_score'), + 'type': 'text', + 'object_relation': 'fraud_score', + 'distribution': 0 + }) + enriched_object.add_attribute(**fraud_score_attr) + + latitude = MISPAttribute() + latitude.from_dict(**{ + 'value': result.get('latitude'), + 'type': 'text', + 'object_relation': 'latitude', + 'distribution': 0 + }) + enriched_object.add_attribute(**latitude) + + event.add_attribute(**orig_attr) + event.add_object(**enriched_object) + + longitude = MISPAttribute() + longitude.from_dict(**{ + 'value': result.get('longitude'), + 'type': 'text', + 'object_relation': 'longitude', + 'distribution': 0 + }) + enriched_object.add_attribute(**longitude) + + return event + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + + # check if the apikey is pprovided + if not request.get('config') or not request['config'].get('apikey'): + misperrors['error'] = 'IPQualityScore apikey is missing' + return misperrors + apikey = request['config'].get('apikey') + # check attribute is added to the event + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + + input_attribute = request['attribute'] + input_attribute_type = input_attribute['type'] + input_attribute_value = attribute['value'] + # check if the attribute type is supported by IPQualityScore + if input_attribute_type not in mispattributes['input']: + return {'error': 'Unsupported attributes type for IPqualityScore Enrichment'} + + if input_attribute_type in IP_API_ATTRIBUTE_TYPES: + url = f"{BASE_URL}/ip/{input_attribute_value}" + headers = {"IPQS-KEY": apikey} + response = self.get(url, headers) + data = response.data + if str(data.get('success')) == "True": + event = _format_result(input_attribute, data, "ip") + event = json.loads(event.to_json()) + ret_result = {key: event[key] for key in ('Attribute', 'Object') if key + in event} + return {'results': ret_result} + else: + return {'error', str(data.get('message')) + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo + \ No newline at end of file From 17541e29386938cd8a7ba1a61aabef809a9e6630 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 5 Feb 2022 11:33:43 +0530 Subject: [PATCH 099/132] Added ipqualityscore to All list --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 7591d7d..23f3d32 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb'] + 'qintel_qsentry', 'mwdb', 'ipqualityscore'] minimum_required_fields = ('type', 'uuid', 'value') From 267824a6df04c8da29e99cb0ffdfcffe4d4b1e74 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Sat, 5 Feb 2022 20:23:28 +0100 Subject: [PATCH 100/132] new: Add mmdb lookup expansion module --- README.md | 1 + misp_modules/modules/expansion/__init__.py | 2 +- misp_modules/modules/expansion/mmdb_lookup.py | 112 ++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 misp_modules/modules/expansion/mmdb_lookup.py diff --git a/README.md b/README.md index 6b96be2..e1e5a0f 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [macvendors](misp_modules/modules/expansion/macvendors.py) - a hover module to retrieve mac vendor information. * [MALWAREbazaar](misp_modules/modules/expansion/malwarebazaar.py) - an expansion module to query MALWAREbazaar with some payload. * [McAfee MVISION Insights](misp_modules/modules/expansion/mcafee_insights_enrich.py) - an expansion module enrich IOCs with McAfee MVISION Insights. +* [Mmdb server lookup](misp_modules/modules/expansion/mmdb_lookup.py) - an expansion module to enrich an ip with geolocation information from an mmdb server such as ip.circl.lu. * [ocr-enrich](misp_modules/modules/expansion/ocr_enrich.py) - an enrichment module to get OCRized data from images into MISP. * [ods-enrich](misp_modules/modules/expansion/ods_enrich.py) - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser). * [odt-enrich](misp_modules/modules/expansion/odt_enrich.py) - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser). diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index d20fe34..63ae8e3 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb', 'hashlookup'] + 'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup'] minimum_required_fields = ('type', 'uuid', 'value') diff --git a/misp_modules/modules/expansion/mmdb_lookup.py b/misp_modules/modules/expansion/mmdb_lookup.py new file mode 100644 index 0000000..731acd4 --- /dev/null +++ b/misp_modules/modules/expansion/mmdb_lookup.py @@ -0,0 +1,112 @@ +import json +import requests +from . import check_input_attribute, standard_error_message +from pymisp import MISPEvent, MISPObject + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'], 'format': 'misp_standard'} +moduleinfo = {'version': '1', 'author': 'Jeroen Pinoy', + 'description': "An expansion module to enrich an ip with geolocation information from an mmdb server " + "such as ip.circl.lu", + 'module-type': ['expansion', 'hover']} +moduleconfig = ["custom_API"] +mmdblookup_url = 'https://ip.circl.lu/' + + +class MmdbLookupParser(): + def __init__(self, attribute, mmdblookupresult, api_url): + self.attribute = attribute + self.mmdblookupresult = mmdblookupresult + self.api_url = api_url + self.misp_event = MISPEvent() + self.misp_event.add_attribute(**attribute) + + def get_result(self): + event = json.loads(self.misp_event.to_json()) + results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} + return {'results': results} + + def parse_mmdblookup_information(self): + # There is a chance some db's have a hit while others don't so we have to check if entry is empty each time + for result_entry in self.mmdblookupresult: + if result_entry['country_info']: + mmdblookup_object = MISPObject('geolocation') + mmdblookup_object.add_attribute('country', + **{'type': 'text', 'value': result_entry['country_info']['Country']}) + mmdblookup_object.add_attribute('countrycode', + **{'type': 'text', 'value': result_entry['country']['iso_code']}) + mmdblookup_object.add_attribute('latitude', + **{'type': 'float', + 'value': result_entry['country_info']['Latitude (average)']}) + mmdblookup_object.add_attribute('longitude', + **{'type': 'float', + 'value': result_entry['country_info']['Longitude (average)']}) + mmdblookup_object.add_attribute('text', + **{'type': 'text', + 'value': 'db_source: {}. build_db: {}. Latitude and longitude are country average.'.format( + result_entry['meta']['db_source'], + result_entry['meta']['build_db'])}) + mmdblookup_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(mmdblookup_object) + + +def check_url(url): + return "{}/".format(url) if not url.endswith('/') else url + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + attribute = request['attribute'] + if attribute.get('type') == 'ip-src': + toquery = attribute['value'] + pass + elif attribute.get('type') == 'ip-src|port': + toquery = attribute['value'].split('|')[0] + pass + elif attribute.get('type') == 'ip-dst': + toquery = attribute['value'] + pass + elif attribute.get('type') == 'ip-dst|port': + toquery = attribute['value'].split('|')[0] + pass + else: + misperrors['error'] = 'There is no attribute of type ip-src or ip-dst provided as input' + return misperrors + api_url = check_url(request['config']['custom_API']) if 'config' in request and request['config'].get( + 'custom_API') else mmdblookup_url + r = requests.get("{}/geolookup/{}".format(api_url, toquery)) + if r.status_code == 200: + mmdblookupresult = r.json() + if not mmdblookupresult or len(mmdblookupresult) == 0: + misperrors['error'] = 'Empty result returned by server' + return misperrors + # Server might return one or multiple entries which could all be empty, we check if there is at least one + # non-empty result below + empty_result = True + for lookup_result_entry in mmdblookupresult: + if lookup_result_entry['country_info']: + empty_result = False + break + if empty_result: + misperrors['error'] = 'Empty result returned by server' + return misperrors + else: + misperrors['error'] = 'API not accessible - http status code {} was returned'.format(r.status_code) + return misperrors + parser = MmdbLookupParser(attribute, mmdblookupresult, api_url) + parser.parse_mmdblookup_information() + result = parser.get_result() + return result + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 4408f24714ba5d1743e77a55b1b82b94537647f5 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Sun, 6 Feb 2022 15:51:54 +0100 Subject: [PATCH 101/132] chg: [mmdb_lookup] Add handling of ASN details. --- misp_modules/modules/expansion/mmdb_lookup.py | 29 +++++++++++++++---- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/misp_modules/modules/expansion/mmdb_lookup.py b/misp_modules/modules/expansion/mmdb_lookup.py index 731acd4..0c54ba8 100644 --- a/misp_modules/modules/expansion/mmdb_lookup.py +++ b/misp_modules/modules/expansion/mmdb_lookup.py @@ -7,9 +7,9 @@ misperrors = {'error': 'Error'} mispattributes = {'input': ['ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'], 'format': 'misp_standard'} moduleinfo = {'version': '1', 'author': 'Jeroen Pinoy', 'description': "An expansion module to enrich an ip with geolocation information from an mmdb server " - "such as ip.circl.lu", + "such as ip.circl.lu.", 'module-type': ['expansion', 'hover']} -moduleconfig = ["custom_API"] +moduleconfig = ["custom_API", "db_source_filter"] mmdblookup_url = 'https://ip.circl.lu/' @@ -48,6 +48,21 @@ class MmdbLookupParser(): result_entry['meta']['build_db'])}) mmdblookup_object.add_reference(self.attribute['uuid'], 'related-to') self.misp_event.add_object(mmdblookup_object) + if 'AutonomousSystemNumber' in result_entry['country']: + mmdblookup_object_asn = MISPObject('asn') + mmdblookup_object_asn.add_attribute('asn', + **{'type': 'text', + 'value': result_entry['country'][ + 'AutonomousSystemNumber']}) + mmdblookup_object_asn.add_attribute('description', + **{'type': 'text', + 'value': 'ASNOrganization: {}. db_source: {}. build_db: {}.'.format( + result_entry['country'][ + 'AutonomousSystemOrganization'], + result_entry['meta']['db_source'], + result_entry['meta']['build_db'])}) + mmdblookup_object_asn.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(mmdblookup_object_asn) def check_url(url): @@ -63,16 +78,12 @@ def handler(q=False): attribute = request['attribute'] if attribute.get('type') == 'ip-src': toquery = attribute['value'] - pass elif attribute.get('type') == 'ip-src|port': toquery = attribute['value'].split('|')[0] - pass elif attribute.get('type') == 'ip-dst': toquery = attribute['value'] - pass elif attribute.get('type') == 'ip-dst|port': toquery = attribute['value'].split('|')[0] - pass else: misperrors['error'] = 'There is no attribute of type ip-src or ip-dst provided as input' return misperrors @@ -84,6 +95,12 @@ def handler(q=False): if not mmdblookupresult or len(mmdblookupresult) == 0: misperrors['error'] = 'Empty result returned by server' return misperrors + if 'config' in request and request['config'].get('db_source_filter'): + db_source_filter = request['config'].get('db_source_filter') + mmdblookupresult = [entry for entry in mmdblookupresult if entry['meta']['db_source'] == db_source_filter] + if not mmdblookupresult or len(mmdblookupresult) == 0: + misperrors['error'] = 'There was no result with the selected db_source' + return misperrors # Server might return one or multiple entries which could all be empty, we check if there is at least one # non-empty result below empty_result = True From 0072a45aabf11c4b67e3e8a70bcecf89e476f3f9 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Mon, 7 Feb 2022 17:41:15 +0100 Subject: [PATCH 102/132] chg:[apivoid] Add handling with email verify API --- misp_modules/modules/expansion/apivoid.py | 34 +++++++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/apivoid.py b/misp_modules/modules/expansion/apivoid.py index a71b5e6..3b0ce72 100755 --- a/misp_modules/modules/expansion/apivoid.py +++ b/misp_modules/modules/expansion/apivoid.py @@ -4,8 +4,8 @@ from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject misperrors = {'error': 'Error'} -mispattributes = {'input': ['domain', 'hostname'], 'format': 'misp_standard'} -moduleinfo = {'version': '0.1', 'author': 'Christian Studer', +mispattributes = {'input': ['domain', 'hostname', 'email'], 'format': 'misp_standard'} +moduleinfo = {'version': '0.2', 'author': 'Christian Studer', 'description': 'On demand query API for APIVoid.', 'module-type': ['expansion', 'hover']} moduleconfig = ['apikey'] @@ -43,6 +43,31 @@ class APIVoidParser(): ssl = requests.get(f'{self.url.format("sslinfo", apikey)}host={self.attribute.value}').json() self._parse_ssl_certificate(ssl['data']['certificate']) + def handle_email(self, apikey): + feature = 'emailverify' + if requests.get(f'{self.url.format(feature, apikey)}stats').json()['credits_remained'] < 0.06: + self.result = {'error': 'You do not have enough APIVoid credits to proceed your request.'} + return + emaillookup = requests.get(f'{self.url.format(feature, apikey)}email={self.attribute.value}').json() + email_verification = MISPObject('apivoid-email-verification') + boolean_attributes = ['valid_format', 'suspicious_username', 'suspicious_email', 'dirty_words_username', + 'suspicious_email', 'valid_tld', 'disposable', 'has_a_records', 'has_mx_records', + 'has_spf_records', 'is_spoofable', 'dmarc_configured', 'dmarc_enforced', 'free_email', + 'russian_free_email', 'china_free_email', 'suspicious_domain', 'dirty_words_domain', + 'domain_popular', 'risky_tld', 'police_domain', 'government_domain', 'educational_domain', + 'should_block'] + for boolean_attribute in boolean_attributes: + email_verification.add_attribute(boolean_attribute, + **{'type': 'boolean', 'value': emaillookup['data'][boolean_attribute]}) + email_verification.add_attribute('email', **{'type': 'email', 'value': emaillookup['data']['email']}) + email_verification.add_attribute('username', **{'type': 'text', 'value': emaillookup['data']['username']}) + email_verification.add_attribute('role_address', + **{'type': 'boolean', 'value': emaillookup['data']['role_address']}) + email_verification.add_attribute('domain', **{'type': 'domain', 'value': emaillookup['data']['domain']}) + email_verification.add_attribute('score', **{'type': 'float', 'value': emaillookup['data']['score']}) + email_verification.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(email_verification) + def _handle_dns_record(self, item, record_type, relationship): dns_record = MISPObject('dns-record') dns_record.add_attribute('queried-domain', type='domain', value=item['host']) @@ -82,7 +107,10 @@ def handler(q=False): return {'error': 'Unsupported attribute type.'} apikey = request['config']['apikey'] apivoid_parser = APIVoidParser(attribute) - apivoid_parser.parse_domain(apikey) + if attribute['type'] in ['domain', 'hostname']: + apivoid_parser.parse_domain(apikey) + else: + apivoid_parser.handle_email(apikey) return apivoid_parser.get_results() From 47dde7943b95e6dc796d9fee2765b80e610b192f Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Wed, 9 Feb 2022 10:20:42 +0530 Subject: [PATCH 103/132] delete --- .../modules/expansion/ipqualityscore.py | 128 ------------------ 1 file changed, 128 deletions(-) delete mode 100644 misp_modules/modules/expansion/ipqualityscore.py diff --git a/misp_modules/modules/expansion/ipqualityscore.py b/misp_modules/modules/expansion/ipqualityscore.py deleted file mode 100644 index ebdb395..0000000 --- a/misp_modules/modules/expansion/ipqualityscore.py +++ /dev/null @@ -1,128 +0,0 @@ -import json -import logging -import requests -import urllib.parse -from . import check_input_attribute, standard_error_message -from pymisp import MISPAttribute, MISPEvent, MISPTag, MISPObject, Distribution - -logger = logging.getLogger('ipqualityscore') -logger.setLevel(logging.DEBUG) - -misperrors = {'error': 'Error'} -mispattributes = {'input': ['hostname', 'domain', 'url', 'uri', 'ip-src', 'ip-dst', 'email', 'email-src', 'email-dst', 'target-email', 'whois-registrant-email', 'phone-number','whois-registrant-phone'], 'output': ['text'], 'format': 'misp_standard'} -moduleinfo = {'version': '0.1', 'author': 'David Mackler', 'description': 'Query IPQualityScore for IP reputation, Email Validation, Phone Number Validation and Malicious Domain/URL Scanner.', - 'module-type': ['hover', 'expansion']} -moduleconfig = ['apikey'] - -BASE_URL = 'https://ipqualityscore.com/api/json' -DEFAULT_DISTRIBUTION_SETTING = Distribution.your_organisation_only.value - -IP_API_ATTRIBUTE_TYPES = ['ip-src', 'ip-dst'] -URL_API_ATTRIBUTE_TYPES = ['hostname', 'domain', 'url', 'uri'] -EMAIL_API_ATTRIBUTE_TYPES = ['email', 'email-src', 'email-dst', 'target-email', 'whois-registrant-email'] -PHONE_API_ATTRIBUTE_TYPES = ['phone-number','whois-registrant-phone'] - -def _format_result(attribute, result, enrichment_type): - - event = MISPEvent() - - orig_attr = MISPAttribute() - orig_attr.from_dict(**attribute) - - event = _make_enriched_attr(event, result, orig_attr) - - return event - -def _make_enriched_attr(event, result, orig_attr): - - enriched_object = MISPObject('IPQualityScore Enrichment') - enriched_object.add_reference(orig_attr.uuid, 'related-to') - - enriched_attr = MISPAttribute() - enriched_attr.from_dict(**{ - 'value': orig_attr.value, - 'type': orig_attr.type, - 'distribution': 0, - 'object_relation': 'enriched-attr', - 'to_ids': orig_attr.to_ids - }) - - # enriched_attr = _make_tags(enriched_attr, result) - # enriched_object.add_attribute(**enriched_attr) - - - fraud_score_attr = MISPAttribute() - fraud_score_attr.from_dict(**{ - 'value': result.get('fraud_score'), - 'type': 'text', - 'object_relation': 'fraud_score', - 'distribution': 0 - }) - enriched_object.add_attribute(**fraud_score_attr) - - latitude = MISPAttribute() - latitude.from_dict(**{ - 'value': result.get('latitude'), - 'type': 'text', - 'object_relation': 'latitude', - 'distribution': 0 - }) - enriched_object.add_attribute(**latitude) - - event.add_attribute(**orig_attr) - event.add_object(**enriched_object) - - longitude = MISPAttribute() - longitude.from_dict(**{ - 'value': result.get('longitude'), - 'type': 'text', - 'object_relation': 'longitude', - 'distribution': 0 - }) - enriched_object.add_attribute(**longitude) - - return event - -def handler(q=False): - if q is False: - return False - request = json.loads(q) - - # check if the apikey is pprovided - if not request.get('config') or not request['config'].get('apikey'): - misperrors['error'] = 'IPQualityScore apikey is missing' - return misperrors - apikey = request['config'].get('apikey') - # check attribute is added to the event - if not request.get('attribute') or not check_input_attribute(request['attribute']): - return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} - - input_attribute = request['attribute'] - input_attribute_type = input_attribute['type'] - input_attribute_value = attribute['value'] - # check if the attribute type is supported by IPQualityScore - if input_attribute_type not in mispattributes['input']: - return {'error': 'Unsupported attributes type for IPqualityScore Enrichment'} - - if input_attribute_type in IP_API_ATTRIBUTE_TYPES: - url = f"{BASE_URL}/ip/{input_attribute_value}" - headers = {"IPQS-KEY": apikey} - response = self.get(url, headers) - data = response.data - if str(data.get('success')) == "True": - event = _format_result(input_attribute, data, "ip") - event = json.loads(event.to_json()) - ret_result = {key: event[key] for key in ('Attribute', 'Object') if key - in event} - return {'results': ret_result} - else: - return {'error', str(data.get('message')) - -def introspection(): - return mispattributes - - -def version(): - moduleinfo['config'] = moduleconfig - return moduleinfo - \ No newline at end of file From 85bd1b69ad791ada6ebaed73fe7462e0ff5c0be3 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Wed, 9 Feb 2022 10:21:40 +0530 Subject: [PATCH 104/132] Initial Commit for IPQualityScore Expansion Module --- .../expansion/ipqs_fraud_and_risk_scoring.py | 635 ++++++++++++++++++ 1 file changed, 635 insertions(+) create mode 100644 misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py diff --git a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py new file mode 100644 index 0000000..f3b2afb --- /dev/null +++ b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py @@ -0,0 +1,635 @@ +import json +import logging +import requests +from requests.exceptions import ( + HTTPError, + ProxyError, + InvalidURL, + ConnectTimeout +) +from . import check_input_attribute, standard_error_message +from pymisp import MISPEvent, MISPAttribute, MISPObject, MISPTag, Distribution + +ip_query_input_type = [ + 'ip-src', + 'ip-dst' +] +url_query_input_type = [ + 'hostname', + 'domain', + 'url', + 'uri' +] +email_query_input_type = [ + 'email', + 'email-src', + 'email-dst', + 'target-email', + 'whois-registrant-email' +] +phone_query_input_type = [ + 'phone-number', + 'whois-registrant-phone' +] + +misperrors = { + 'error': 'Error' +} +mispattributes = { + 'input': ip_query_input_type + url_query_input_type + email_query_input_type + phone_query_input_type, + 'format': 'misp_standard' +} +moduleinfo = { + 'version': '0.1', + 'author': 'David Mackler', + 'description': 'Query IPQualityScore for IP reputation, Email Validation, Phone Number Validation and Malicious ' + 'Domain/URL Scanner.', + 'module-type': ['expansion', 'hover'] +} +moduleconfig = ['apikey'] + +logger = logging.getLogger('ipqualityscore') +logger.setLevel(logging.DEBUG) +BASE_URL = 'https://ipqualityscore.com/api/json' +DEFAULT_DISTRIBUTION_SETTING = Distribution.your_organisation_only.value +IP_ENRICH = 'ip' +URL_ENRICH = 'url' +EMAIL_ENRICH = 'email' +PHONE_ENRICH = 'phone' + + +class RequestHandler: + """A class for handling any outbound requests from this module.""" + + def __init__(self, apikey): + self.session = requests.Session() + self.api_key = apikey + + def get(self, url: str, headers: dict = None, params: dict = None) -> requests.Response: + """General get method to fetch the response from IPQualityScore.""" + try: + response = self.session.get( + url, headers=headers, params=params + ).json() + if str(response["success"]) != "True": + msg = response["message"] + logger.error(f"Error: {msg}") + misperrors["error"] = msg + else: + return response + except (ConnectTimeout, ProxyError, InvalidURL) as error: + msg = "Error connecting with the IPQualityScore." + logger.error(f"{msg} Error: {error}") + misperrors["error"] = msg + + def ipqs_lookup(self, reputation_type: str, ioc: str) -> requests.Response: + """Do a lookup call.""" + url = f"{BASE_URL}/{reputation_type}" + payload = {reputation_type: ioc} + headers = {"IPQS-KEY": self.api_key} + try: + response = self.get(url, headers, payload) + except HTTPError as error: + msg = f"Error when requesting data from IPQualityScore. {error.response}: {error.response.reason}" + logger.error(msg) + misperrors["error"] = msg + raise + return response + + +def parse_attribute(comment, feature, value): + """Generic Method for parsing the attributes in the object""" + attribute = { + 'type': 'text', + 'value': value, + 'comment': comment, + 'distribution': DEFAULT_DISTRIBUTION_SETTING, + 'object_relation': feature + } + return attribute + + +class IPQualityScoreParser: + """A class for handling the enrichment objects""" + + def __init__(self, attribute): + self.rf_white = "#CCCCCC" + self.rf_grey = " #CDCDCD" + self.rf_yellow = "#FFCF00" + self.rf_red = "#D10028" + self.clean = "CLEAN" + self.low = "LOW RISK" + self.medium = "MODERATE RISK" + self.high = "HIGH RISK" + self.critical = "CRITICAL" + self.invalid = "INVALID" + self.suspicious = "SUSPICIOUS" + self.malware = "MALWARE" + self.phishing = "PHISHING" + self.disposable = "DISPOSABLE" + self.attribute = attribute + self.misp_event = MISPEvent() + self.misp_event.add_attribute(**attribute) + self.ipqs_object = MISPObject('IPQS Fraud ans Risk Scoring Object') + self.ipqs_object.template_uuid = "57d066e6-6d66-42a7-a1ad-e075e39b2b5e" + self.ipqs_object.template_id = "1" + self.ipqs_object.description = "IPQS Fraud ans Risk Scoring Data" + setattr(self.ipqs_object, 'meta-category', 'network') + description = ( + "An object containing the enriched attribute and " + "related entities from IPQualityScore." + ) + self.ipqs_object.from_dict( + **{"meta-category": "misc", "description": description, "distribution": DEFAULT_DISTRIBUTION_SETTING} + ) + + temp_attr = MISPAttribute() + temp_attr.from_dict(**attribute) + self.enriched_attribute = MISPAttribute() + self.enriched_attribute.from_dict( + **{"value": temp_attr.value, "type": temp_attr.type, "distribution": DEFAULT_DISTRIBUTION_SETTING} + ) + self.ipqs_object.distribution = DEFAULT_DISTRIBUTION_SETTING + self.ip_data_items = [ + 'fraud_score', + 'country_code', + 'region', + 'city', + 'zip_code', + 'ISP', + 'ASN', + 'organization', + 'is_crawler', + 'timezone', + 'mobile', + 'host', + 'proxy', + 'vpn', + 'tor', + 'active_vpn', + 'active_tor', + 'recent_abuse', + 'bot_status', + 'connection_type', + 'abuse_velocity', + 'latitude', + 'longitude' + ] + self.ip_data_items_friendly_names = { + 'fraud_score': 'IPQS: Fraud Score', + 'country_code': 'IPQS: Country Code', + 'region': 'IPQS: Region', + 'city': 'IPQS: City', + 'zip_code': 'IPQS: Zip Code', + 'ISP': 'IPQS: ISP', + 'ASN': 'IPQS: ASN', + 'organization': 'IPQS: Organization', + 'is_crawler': 'IPQS: Is Crawler', + 'timezone': 'IPQS: Timezone', + 'mobile': 'IPQS: Mobile', + 'host': 'IPQS: Host', + 'proxy': 'IPQS: Proxy', + 'vpn': 'IPQS: VPN', + 'tor': 'IPQS: TOR', + 'active_vpn': 'IPQS: Active VPN', + 'active_tor': 'IPQS: Active TOR', + 'recent_abuse': 'IPQS: Recent Abuse', + 'bot_status': 'IPQS: Bot Status', + 'connection_type': 'IPQS: Connection Type', + 'abuse_velocity': 'IPQS: Abuse Velocity', + 'latitude': 'IPQS: Latitude', + 'longitude': 'IPQS: Longitude' + } + self.url_data_items = [ + 'unsafe', + 'domain', + 'ip_address', + 'server', + 'domain_rank', + 'dns_valid', + 'parking', + 'spamming', + 'malware', + 'phishing', + 'suspicious', + 'adult', + 'risk_score', + 'category', + 'domain_age' + ] + self.url_data_items_friendly_names = { + 'unsafe': 'IPQS: Unsafe', + 'domain': 'IPQS: Domain', + 'ip_address': 'IPQS: IP Address', + 'server': 'IPQS: Server', + 'domain_rank': 'IPQS: Domain Rank', + 'dns_valid': 'IPQS: DNS Valid', + 'parking': 'IPQS: Parking', + 'spamming': 'IPQS: Spamming', + 'malware': 'IPQS: Malware', + 'phishing': 'IPQS: Phishing', + 'suspicious': 'IPQS: Suspicious', + 'adult': 'IPQS: Adult', + 'risk_score': 'IPQS: Risk Score', + 'category': 'IPQS: Category', + 'domain_age': 'IPQS: Domain Age' + } + self.email_data_items = [ + 'valid', + 'disposable', + 'smtp_score', + 'overall_score', + 'first_name', + 'generic', + 'common', + 'dns_valid', + 'honeypot', + 'deliverability', + 'frequent_complainer', + 'spam_trap_score', + 'catch_all', + 'timed_out', + 'suspect', + 'recent_abuse', + 'fraud_score', + 'suggested_domain', + 'leaked', + 'sanitized_email', + 'domain_age', + 'first_seen' + ] + self.email_data_items_friendly_names = { + 'valid': 'IPQS: Valid', + 'disposable': 'IPQS: Disposable', + 'smtp_score': 'IPQS: SMTP Score', + 'overall_score': 'IPQS: Overall Score', + 'first_name': 'IPQS: First Name', + 'generic': 'IPQS: Generic', + 'common': 'IPQS: Common', + 'dns_valid': 'IPQS: DNS Valid', + 'honeypot': 'IPQS: Honeypot', + 'deliverability': 'IPQS: Deliverability', + 'frequent_complainer': 'IPQS: Frequent Complainer', + 'spam_trap_score': 'IPQS: Spam Trap Score', + 'catch_all': 'IPQS: Catch All', + 'timed_out': 'IPQS: Timed Out', + 'suspect': 'IPQS: Suspect', + 'recent_abuse': 'IPQS: Recent Abuse', + 'fraud_score': 'IPQS: Fraud Score', + 'suggested_domain': 'IPQS: Suggested Domain', + 'leaked': 'IPQS: Leaked', + 'sanitized_email': 'IPQS: Sanitized Email', + 'domain_age': 'IPQS: Domain Age', + 'first_seen': 'IPQS: First Seen' + } + self.phone_data_items = [ + 'formatted', + 'local_format', + 'valid', + 'fraud_score', + 'recent_abuse', + 'VOIP', + 'prepaid', + 'risky', + 'active', + 'carrier', + 'line_type', + 'country', + 'city', + 'zip_code', + 'region', + 'dialing_code', + 'active_status', + 'leaked', + 'name', + 'timezone', + 'do_not_call', + ] + self.phone_data_items_friendly_names = { + 'formatted': 'IPQS: Formatted', + 'local_format': 'IPQS: Local Format', + 'valid': 'IPQS: Valid', + 'fraud_score': 'IPQS: Fraud Score', + 'recent_abuse': 'IPQS: Recent Abuse', + 'VOIP': 'IPQS: VOIP', + 'prepaid': 'IPQS: Prepaid', + 'risky': 'IPQS: Risky', + 'active': 'IPQS: Active', + 'carrier': 'IPQS: Carrier', + 'line_type': 'IPQS: Line Type', + 'country': 'IPQS: Country', + 'city': 'IPQS: City', + 'zip_code': 'IPQS: Zip Code', + 'region': 'IPQS: Region', + 'dialing_code': 'IPQS: Dialing Code', + 'active_status': 'IPQS: Active Status', + 'leaked': 'IPQS: Leaked', + 'name': 'IPQS: Name', + 'timezone': 'IPQS: Timezone', + 'do_not_call': 'IPQS: Do Not Call', + } + self.timestamp_items_friendly_name = { + 'human': ' Human', + 'timestamp': ' Timestamp', + 'iso': ' ISO' + } + self.timestamp_items = [ + 'human', + 'timestamp', + 'iso' + ] + + def criticality_color(self, criticality) -> str: + """method which maps the color to the criticality level""" + mapper = { + self.clean: self.rf_grey, + self.low: self.rf_grey, + self.medium: self.rf_yellow, + self.suspicious: self.rf_yellow, + self.high: self.rf_red, + self.critical: self.rf_red, + self.invalid: self.rf_red, + self.disposable: self.rf_red, + self.malware: self.rf_red, + self.phishing: self.rf_red + } + return mapper.get(criticality, self.rf_white) + + def add_tag(self, tag_name: str, hex_color: str = None) -> None: + """Helper method for adding a tag to the enriched attribute.""" + tag = MISPTag() + tag_properties = {"name": tag_name} + if hex_color: + tag_properties["colour"] = hex_color + tag.from_dict(**tag_properties) + self.enriched_attribute.add_tag(tag) + + def ipqs_parser(self, query_response, enrich_type): + """ helper method to call the enrichment function according to the type""" + if enrich_type == IP_ENRICH: + self.ip_reputation_data(query_response) + elif enrich_type == URL_ENRICH: + self.url_reputation_data(query_response) + elif enrich_type == EMAIL_ENRICH: + self.email_reputation_data(query_response) + elif enrich_type == PHONE_ENRICH: + self.phone_reputation_data(query_response) + + def ip_reputation_data(self, query_response): + """method to create object for IP address""" + comment = "Results from IPQualityScore IP Reputation API" + for ip_data_item in self.ip_data_items: + if ip_data_item in query_response: + data_item = self.ip_data_items_friendly_names[ip_data_item] + data_item_value = str(query_response[ip_data_item]) + self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) + if ip_data_item == "fraud_score": + fraud_score = int(data_item_value) + tag_name = f'IPQS:Fraud Score="{fraud_score}"' + self.add_tag(tag_name) + self.ip_address_risk_scoring(fraud_score) + + self.ipqs_object.add_attribute( + "Enriched attribute", **self.enriched_attribute + ) + self.ipqs_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(self.ipqs_object) + + def ip_address_risk_scoring(self, score): + """method to create calculate verdict for IP Address""" + risk_criticality = "" + if score == 100: + risk_criticality = self.critical + elif 85 <= score <= 99: + risk_criticality = self.high + elif 75 <= score <= 84: + risk_criticality = self.medium + elif 60 <= score <= 74: + risk_criticality = self.suspicious + elif score <= 59: + risk_criticality = self.clean + + hex_color = self.criticality_color(risk_criticality) + tag_name = f'IPQS:VERDICT="{risk_criticality}"' + self.add_tag(tag_name, hex_color) + + def url_reputation_data(self, query_response): + """method to create object for URL/Domain""" + malware = False + phishing = False + risk_score = 0 + comment = "Results from IPQualityScore Malicious URL Scanner API" + for url_data_item in self.url_data_items: + if url_data_item in query_response: + data_item_value = "" + if url_data_item == "domain_age": + for timestamp_item in self.timestamp_items: + data_item = self.url_data_items_friendly_names[url_data_item] + \ + self.timestamp_items_friendly_name[timestamp_item] + data_item_value = str(query_response[url_data_item][timestamp_item]) + self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) + else: + data_item = self.url_data_items_friendly_names[url_data_item] + data_item_value = str(query_response[url_data_item]) + self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) + + if url_data_item == "malware": + malware = data_item_value + if url_data_item == "phishing": + phishing = data_item_value + if url_data_item == "risk_score": + risk_score = int(data_item_value) + tag_name = f'IPQS:Risk Score="{risk_score}"' + self.add_tag(tag_name) + + self.url_risk_scoring(risk_score, malware, phishing) + self.ipqs_object.add_attribute( + "Enriched attribute", **self.enriched_attribute + ) + self.ipqs_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(self.ipqs_object) + + def url_risk_scoring(self, score, malware, phishing): + """method to create calculate verdict for URL/Domain""" + risk_criticality = "" + if malware == 'True': + risk_criticality = self.malware + elif phishing == 'True': + risk_criticality = self.phishing + elif score >= 90: + risk_criticality = self.high + elif 80 <= score <= 89: + risk_criticality = self.medium + elif 70 <= score <= 79: + risk_criticality = self.low + elif 55 <= score <= 69: + risk_criticality = self.suspicious + elif score <= 54: + risk_criticality = self.clean + + hex_color = self.criticality_color(risk_criticality) + tag_name = f'IPQS:VERDICT="{risk_criticality}"' + self.add_tag(tag_name, hex_color) + + def email_reputation_data(self, query_response): + """method to create object for Email Address""" + comment = "Results from IPQualityScore Email Verification API" + disposable = False + valid = False + fraud_score = 0 + for email_data_item in self.email_data_items: + if email_data_item in query_response: + data_item_value = "" + if email_data_item not in ("domain_age", "first_seen"): + data_item = self.email_data_items_friendly_names[email_data_item] + data_item_value = str(query_response[email_data_item]) + self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) + else: + for timestamp_item in self.timestamp_items: + data_item = self.email_data_items_friendly_names[email_data_item] + \ + self.timestamp_items_friendly_name[timestamp_item] + data_item_value = str(query_response[email_data_item][timestamp_item]) + self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) + + if email_data_item == "disposable": + disposable = data_item_value + if email_data_item == "valid": + valid = data_item_value + if email_data_item == "fraud_score": + fraud_score = int(data_item_value) + tag_name = f'IPQS:Fraud Score="{fraud_score}"' + self.add_tag(tag_name) + + self.email_address_risk_scoring(fraud_score, disposable, valid) + self.ipqs_object.add_attribute( + "Enriched attribute", **self.enriched_attribute + ) + self.ipqs_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(self.ipqs_object) + + def email_address_risk_scoring(self, score, disposable, valid): + """method to create calculate verdict for Email Address""" + risk_criticality = "" + if valid == "False": + risk_criticality = self.invalid + elif disposable == "True": + risk_criticality = self.disposable + elif score == 100: + risk_criticality = self.high + elif 88 <= score <= 99: + risk_criticality = self.medium + elif 80 <= score <= 87: + risk_criticality = self.low + elif score <= 79: + risk_criticality = self.clean + hex_color = self.criticality_color(risk_criticality) + tag_name = f'IPQS:VERDICT="{risk_criticality}"' + + self.add_tag(tag_name, hex_color) + + def phone_reputation_data(self, query_response): + """method to create object for Phone Number""" + fraud_score = 0 + valid = False + active = False + comment = "Results from IPQualityScore Phone Number Validation API" + for phone_data_item in self.phone_data_items: + if phone_data_item in query_response: + data_item = self.phone_data_items_friendly_names[phone_data_item] + data_item_value = str(query_response[phone_data_item]) + self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) + if phone_data_item == "active": + active = data_item_value + if phone_data_item == "valid": + valid = data_item_value + if phone_data_item == "fraud_score": + fraud_score = int(data_item_value) + tag_name = f'IPQS:Fraud Score="{fraud_score}"' + self.add_tag(tag_name) + + self.phone_address_risk_scoring(fraud_score, valid, active) + self.ipqs_object.add_attribute( + "Enriched attribute", **self.enriched_attribute + ) + self.ipqs_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(self.ipqs_object) + + def phone_address_risk_scoring(self, score, valid, active): + """method to create calculate verdict for Phone Number""" + risk_criticality = "" + if valid == "False": + risk_criticality = self.medium + elif active == "False": + risk_criticality = self.medium + elif 90 <= score <= 100: + risk_criticality = self.high + elif 80 <= score <= 89: + risk_criticality = self.low + elif 50 <= score <= 79: + risk_criticality = self.suspicious + elif score <= 49: + risk_criticality = self.clean + hex_color = self.criticality_color(risk_criticality) + tag_name = f'IPQS:VERDICT="{risk_criticality}"' + self.add_tag(tag_name, hex_color) + + def get_results(self): + """returns the dictionary object to MISP Instance""" + event = json.loads(self.misp_event.to_json()) + results = {key: event[key] for key in ('Attribute', 'Object')} + return {'results': results} + + +def handler(q=False): + """The function which accepts a JSON document to expand the values and return a dictionary of the expanded + values. """ + if q is False: + return False + request = json.loads(q) + # check if the apikey is provided + if not request.get('config') or not request['config'].get('apikey'): + misperrors['error'] = 'IPQualityScore apikey is missing' + return misperrors + apikey = request['config'].get('apikey') + # check attribute is added to the event + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + + attribute = request['attribute'] + attribute_type = attribute['type'] + attribute_value = attribute['value'] + + # check if the attribute type is supported by IPQualityScore + if attribute_type not in mispattributes['input']: + return {'error': 'Unsupported attributes type for IPqualityScore Enrichment'} + request_handler = RequestHandler(apikey) + enrich_type = "" + if attribute_type in ip_query_input_type: + enrich_type = IP_ENRICH + json_response = request_handler.ipqs_lookup(IP_ENRICH, attribute_value) + elif attribute_type in url_query_input_type: + enrich_type = URL_ENRICH + json_response = request_handler.ipqs_lookup(URL_ENRICH, attribute_value) + elif attribute_type in email_query_input_type: + enrich_type = EMAIL_ENRICH + json_response = request_handler.ipqs_lookup(EMAIL_ENRICH, attribute_value) + elif attribute_type in phone_query_input_type: + enrich_type = PHONE_ENRICH + json_response = request_handler.ipqs_lookup(PHONE_ENRICH, attribute_value) + + parser = IPQualityScoreParser(attribute) + parser.ipqs_parser(json_response, enrich_type) + return parser.get_results() + + +def introspection(): + """The function that returns a dict of the supported attributes (input and output) by your expansion module.""" + return mispattributes + + +def version(): + """The function that returns a dict with the version and the associated meta-data including potential + configurations required of the module. """ + moduleinfo['config'] = moduleconfig + return moduleinfo + From fedf731e074d2f34c58a3ed6578b4a631841b324 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Wed, 9 Feb 2022 10:22:16 +0530 Subject: [PATCH 105/132] added ipqs_fraud_and_risk_scoring to modules list --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 23f3d32..15eb8d6 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb', 'ipqualityscore'] + 'qintel_qsentry', 'mwdb', 'ipqs_fraud_and_risk_scoring'] minimum_required_fields = ('type', 'uuid', 'value') From 430a838332aaa3e95d682ec6784669e7cf524307 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 10:20:48 +0530 Subject: [PATCH 106/132] Update ipqs_fraud_and_risk_scoring.py --- .../expansion/ipqs_fraud_and_risk_scoring.py | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py index f3b2afb..754f94a 100644 --- a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py +++ b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py @@ -130,10 +130,10 @@ class IPQualityScoreParser: self.attribute = attribute self.misp_event = MISPEvent() self.misp_event.add_attribute(**attribute) - self.ipqs_object = MISPObject('IPQS Fraud ans Risk Scoring Object') + self.ipqs_object = MISPObject('IPQS Fraud and Risk Scoring Object') self.ipqs_object.template_uuid = "57d066e6-6d66-42a7-a1ad-e075e39b2b5e" self.ipqs_object.template_id = "1" - self.ipqs_object.description = "IPQS Fraud ans Risk Scoring Data" + self.ipqs_object.description = "IPQS Fraud and Risk Scoring Data" setattr(self.ipqs_object, 'meta-category', 'network') description = ( "An object containing the enriched attribute and " @@ -385,8 +385,8 @@ class IPQualityScoreParser: self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) if ip_data_item == "fraud_score": fraud_score = int(data_item_value) - tag_name = f'IPQS:Fraud Score="{fraud_score}"' - self.add_tag(tag_name) + # tag_name = f'IPQS:Fraud Score="{fraud_score}"' + # self.add_tag(tag_name) self.ip_address_risk_scoring(fraud_score) self.ipqs_object.add_attribute( @@ -439,8 +439,8 @@ class IPQualityScoreParser: phishing = data_item_value if url_data_item == "risk_score": risk_score = int(data_item_value) - tag_name = f'IPQS:Risk Score="{risk_score}"' - self.add_tag(tag_name) + #tag_name = f'IPQS:Risk Score="{risk_score}"' + #self.add_tag(tag_name) self.url_risk_scoring(risk_score, malware, phishing) self.ipqs_object.add_attribute( @@ -497,8 +497,8 @@ class IPQualityScoreParser: valid = data_item_value if email_data_item == "fraud_score": fraud_score = int(data_item_value) - tag_name = f'IPQS:Fraud Score="{fraud_score}"' - self.add_tag(tag_name) + #tag_name = f'IPQS:Fraud Score="{fraud_score}"' + #self.add_tag(tag_name) self.email_address_risk_scoring(fraud_score, disposable, valid) self.ipqs_object.add_attribute( @@ -544,8 +544,8 @@ class IPQualityScoreParser: valid = data_item_value if phone_data_item == "fraud_score": fraud_score = int(data_item_value) - tag_name = f'IPQS:Fraud Score="{fraud_score}"' - self.add_tag(tag_name) + #tag_name = f'IPQS:Fraud Score="{fraud_score}"' + #self.add_tag(tag_name) self.phone_address_risk_scoring(fraud_score, valid, active) self.ipqs_object.add_attribute( @@ -632,4 +632,3 @@ def version(): configurations required of the module. """ moduleinfo['config'] = moduleconfig return moduleinfo - From 9e0849b7935a7d6c9ebf91a862fe9438080a624d Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 10:21:36 +0530 Subject: [PATCH 107/132] added IPQS logo --- documentation/logos/ipqualityscore.png | Bin 0 -> 6769 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 documentation/logos/ipqualityscore.png diff --git a/documentation/logos/ipqualityscore.png b/documentation/logos/ipqualityscore.png new file mode 100644 index 0000000000000000000000000000000000000000..da52d96680f76ed4c92b0b6aaab0ecc0121bfa68 GIT binary patch literal 6769 zcmaJ`2UJtrwnaoKN^epEAw+tY8Ujc!(nOll3=jb!g(N_bCcSqQ5CpM-S3rtDkP@nZ zG!>;pE1taYoD>^Tx;(=$2eom6K`p5$jHFUKt)BxXl$fs zbuwiVCWQN5kB_;W(fx+`|j00U|XJK|n8e4UnCZnVcC~ z7w+k0bO!^!cE{Y>?T)vbnmb5K69~maP6!Zi91Ms@_#m+myawnGUdT!O^R+Ap_(uxP zTLbj3rtHlufx0LR9H=5AFYP8LCkIqflW~W+!rWY4rGN@@3i7gYin8*G(sFW;OKK2B zMc|(o=%gIR{T9SZ&*0BuCo>I@Ck}^($jSx;1jqzjl0jiSWaZV=)MVupWEB*oPco#j zfk+$-FO9?s|6CtaTt7E^7tHqWmy!CntAH_-83JL>B{x;ZPWB z6w2qDP zibcsynC>-GESlYp*VaNd)N)PjDRsj{%m&ZiSWp<{_1>8A(;=@XmSW?gRj(O17%o=m z6j@SB{wtud72`0u8LdV} z)@OpwuW8Ig5k}@SOu;{-jp3KFi*x3)!GO&m-X6o0otX4PZe!lIZjrGoRZ;Vm(;aPk zZEL2*{e&uoYR!8JPRlB378u5!I^#QOU}M{~KG1b8tG8Fd*)TGDMq#|$HRH37OzSdA z>Fb%bD98+G2FE*!%%s-&u5`z6kF^$cy;fj`IGFx5-^dhlHUCw*sZQX>0y0{yFv4g; z=cC|WSopl}>V6H_#o)`p`4@9o;{j2%^Td%1=nBEb{%aC&*{JH_d|-yU@oykUid)7O zp1J(Vp0R*Ppz=H~lGtDbDVn5iw>PuWQD9zQ(GAFwoq2&RC+SZ+oCfbE34FcqvOl^Z ze7^RU2wE$HadwZG**LF?qVCBQ+6zpc=L3_WG#ffqjyN_xkH@o4(@e)Nn6Zf*N8ZYE>d=3RkaY zXw0gx2iD9rm;PS92i?iOU-i26`_bdYQFY5kvTnJ{WlYB6C`VR*^Z@u7&&sMHm^n&p zxQ3_P#YmyH-f@Y;$ParCPg8nPvV#;-u(Rt<7~BFAnbb6gK&W?+5B=_@FkT(!NblH~O_&Ew^vD!eDuKJ9PR;dZXpi$~D8oJFK3`{A&xT>@%pYX% zT&Y1Li%fkob-v(Drisa+GN#~L=dy#0`i{!Ne}FxTWJGU(i7E4n8Kl50;fBBlDN;|3 z#?;PQV#jXRrsdhzYnX?^z6#@?TNsxO+& zF+T1Z53}u96@4OWeit1w^~su=!g`O@x`k`Te0-WASR*p=OTN+LVE*EKH!sEP2sP7= zQ7=L=-wbuL)PQLAQgH$I{TOy&d-%^%%1txM|59e-vxb z7|L|un&vTm5Lzuxqj@eq+Nvl$B1WSN5}^8eH}AbbcAZXfuK_!MdyZ zh{^c{NcsBw7%KL5AnR%w@fpk9H;HBr6`^}CSSd;CPLEy5=gO2F(|#a|w0ZV&$Iqj@ zg{JNlubfXtsF)&+94GRZfOLmKY+{I3Y86gdh}232-9~lg#AkX}GRjimw2tFaRx#tw zP1v(Gefrk({k->Zd;C(x`%iy}n<7a8Rcwe%x zGsQPQb|H$tflXHMQQ`|erVC!zm&>2~LnXV@kas)3d8;-JM)oHMlBC~rJy~S+~G5!ma$yB@ougapD!y+ zzVli{zJ6T=Wn)QV#QN7MM1llR>vMYJ@b$GL(&Z(BNk?_#k!i;&ogoBL>SraW%}}Eal8`8P(ymP13WBf1%YntIW*u!N!6{E9RENrgx$`pGfZId!VBx(eH7LO+PqMtgfNYXiH~?T zOj?$v=Xd-`ZDJ?ks;(b`MvXAsN!rg@;sb?6AIC@T%CoaM<+R z|DAUb4PVm>`GLh5N%M)Os0!?LN9x%6hEhP6zEn5FzLSc!=8?z({RKF%J=4g((K%BG z+)K9BkM2RK58JV2WoovrmED`&pIOgu8N5!+?lcAVM|z0LkLU@$OP{d`5ZjM5T?H$7 zw5&5jnFjc_ayIQi&V%eK=JGY|Xwh2?TI<{g;qjW&Yi*ZT_lTua((*?c>~@B^<9#yB zs4c>G3{wfFy1HLdZ?afI(u`OtMOr(wHE@}c?oI^^-;u%vb@VfE1xss&} z3A2}kt@i6Hnu!v!D)a|=?CZ{Dty`_OM`+r)t(`)LMVwC;jZEF_bQx=T?)g=v(+q0e zo!x8eb#Apnd&|zGC~9uUjCRPsizQFB-A+3z010n@iwVd{HaDTLJV48r)z4%?pzxEl_$8OT5?k)QiS5OAW z#29{M@;84|*D=;7VoxYsewC(;>alvQXwy_W1n5gzmvaD!>3h0d?|9+wJ}PgI1{jwm z`-gv=cKn*O*EITxLaiTh>7$ExPeFT)ZGlN{LuStd?$#*xW z-0r~*=kDLu00V}S%YE8uQu1*4UWPH8{?mAyk04T25Z*yVBB*gR+MY#!bx-AI!(iraMm@nyO;#3_F-VsZCn z>Dh0COZeI`ujj|m;XPsd>1wkh6i#hb6=DE-DG4oBg!ppR7Rs%oKt}N;6fe5?oW|?~ zZ16d7qiAhlcZ_J-rdW4ag8w%j^Fq~fGmrt(#O@a}L{&`#C-xPxL)}=I#gDhmUF^G0 zk>&moR}Aa^iiq`{qIj*TKz@m(q5Dhp&}n}b);%=lpu94VT)P+6QQwScSyx$JJ!GoCgw4|v! z8RGoC0B-B!ECOo>zUE1c^(DM>qTI?NU`B(u)qWPs+x9E+ysYyCtw?RfBF^j&O zc{SyhH^pTw^Vy2*&^@t~3VAIY-uUhG_bq+`zwgJ@M19%?g9ZAzRNXIq$-aUG zJ3r!TP%4h&Ol@rq6*ue)G_)IgtQW>?$H3>rk3$|mZu`Ce-F9bXSL8bUqN*USi)VSke$_SgIM&P=9bVqEV0E!Ku3WVEm(Y;W0iDD$g18$ zo0u$lq{Dtoxu+bsUTjurt!J}~1!BCye3i`sX!4MMigPpB|v%dH^HgoadpUvU4=R8ro=V0$Pdts#`7mL0EzG0s+rq+UA5w9%(~TRql~I$9Zt#@EKq8_o z;@ge*LNj@~zVZ57`>{PE@eDb1Mk_5u3CVt2Of2&=!tVS0{ONvE&h;w{+s?#*SM?8_ z(JT+`I0_q+7KAol>U>z4?|by6GLRNOcbtP>XWp`JTKWW|`=keO7hTF36>wlwOe zH>tiPpc_9O_#owQ2kLh+CpLy67PCJOwyf-`1syEvIla0lHwSbB5`Kr#h0aupw|*AH9FxkaBUEz4?5 zIDI~z#axbAIaqt)H-LR{+fh0lAyUd425NnIdK=wZm=q>%CO|v_q~n;HhUE%M?`k$>xl6fnUyFVM_2VjP_9)vL@7k^X1FS&EkATXJ^En87YD(<{gn6Q16&7 z9<_c{n0jx!I;!O|cJ3fXZXhaSvn>CIT*^+`kc(;iiy}Y~>@%T~%@BL0^BD6xQbz zBrEOhAk+5xw!K+?kudI9wl|&ohD@QZE1KGT$tf)Gq)_N&c41F-@39X+_AKjx?sAiN zfQZ;Vz7K|PR42WYUJ#e42k%ykvijy0&mOoMHeo`xAM~~oAHk|zTpzYSY~mXr-;dXf z(O_Q?-~2=lS-Mv0jz9aAr-0noR_&C4je0?J{@(N)$z^{x@A7ur%E}7u_Rdam2FIgh zf=hm?G9gikW)MH-<)_F;%6s!7ycMS`Vjw6P|D6wKQr>dylJ#(;qxv&F=K`OrmWB+@ z>hZB9c>PG5rSovmR;M@tYsnFSJI2GQIW-xwo&%a$DQj zI62tc@vUUfsz*6Hgt-`swFCE=^EP=4?{EfU`8krsF}mL))T$g+yzp- zXa&I)wE;&jvyhvv2Z2Vjyg7@qh=I4eVsiz!bmbZ2-(PPHLS{L&Gb^B_PX!W2110q% zFnlYLSF(hq9VgguZyvKm)Nd-U1cEte*zv}FL7Uvz-kBMG`skSl{TzLaB*fz<<58(k zt@GaGqVqIJT4$e1>GJjUy_a=d&(SMf*bfk{fA0|A@~wJMbIuqfB{+R#645q^I?N=E zC@Q>l62PogJ^CcsbFlH-Ij*XXbAafxlio@`7fTQAwjS5Mw3Fdgv>*L)ob{5H*Po$u zr?S9=$+4x7Z!hCA{VIw>ifyI~I9C8Bp7H&Z9I@uRNmDA9O$m=1>AvnFY$+@La_9LY zj<*rhJAj3aQ+2x{hO`#CYW&f)Fwr%?)qH^Go|ha|6QJna-sfyqt?Zx`qCDbSLbFmE zfx_OdnYC`z@g(&Q-Jv+NZl*s?Qlhk^#OV9l*iaf@6L+vZZDe}J_}j(7MWyZ5uTb*X zV%W29rz3IWQbOk(?YqXMJ%Rq@0>dgjHUc$q%rAuTL5Y0t=Ylw>f>$UYE9OrsWj-Hb=c*1sK-X6N9;B(9KO#9bQ`~)9ttkhLPkG+!%uU4t;c%c?pb0p z>!AH@g;(u9PuR1@_}yb)`E_)U#fhitH>LV!k=^Vo=90-fO?Ir9eAooVwwk$|FNI8i zX6a7Dtc#d^kk4ypWLpYau_!dZAl1vD^MtvB)Yw)cqKpHU@s%6F4M}nn7clq@T(CJ6 ze)>cX#ZENJC0RRe9l|2I`68|58v)c@!~5$!?q-kjT(pL+hxe@|3aH5Pf$_}aK}k=9 zMfCXd*71V_OHqlIt>X_6BaPI(l^@3Gzqupc8Qk;4=` zo;a(tnP7?gbp}~SaQCV~wvL@CT>jAMata2o zeZ((-NU?bpD74*v5+RDd;6O{pGC{@1=p;)Xag^ki^%R9_`1tCQs`Z*#7~|1V$<=M zGX;A`NRxlQe#(mQK6r8pI=B)K5%lC`vRTM^bI($MJzm=70=FoQ)H_Sshx(pN2N5W# z-Rf-2#o14Z03kirtSPbIUwuvqSc}x`i*Zw7yHS|AA19nLoim!}8$^q2GwsM#O9rBO z9~SV<%8b3N?=mlr$hvxdq7s%6;t&&5&JFOm7YXEl(%&g>PJI*$k59O%v7vn)%FgLd zv1_S*1hZ=ene7lp`84j!&`a8{FL&4!?5kMn%*_Z%`DY=-=^E)|UaUrDF^Wt|HCVB0 zz9{A$`!LH?Y^SbIWYw46Ep-VaiydWZ$$ebp(-M^UXK${16 z=j@uf`A$=gkw`BX9pG?R`A!FnY6K|$hDD)Y(UC4pd}9BioK*-_79v!2e$} g*mrt{a^?cnU8S%e09d*F&!0fX`sRA&IyWQ!2MwNZ?*IS* literal 0 HcmV?d00001 From cfc70ec1768181ea1f85f5e41db916709b6ff126 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 10:22:19 +0530 Subject: [PATCH 108/132] added documentation --- .../expansion/ipqs_fraud_and_risk_scoring.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 documentation/website/expansion/ipqs_fraud_and_risk_scoring.json diff --git a/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json b/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json new file mode 100644 index 0000000..8a1c097 --- /dev/null +++ b/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json @@ -0,0 +1,13 @@ +{ + "description": "IPQualityScore MISP Expansion Module.", + "logo": "ipqualityscore.png", + "requirements": [ + "A IPQualityScore API Key." + ], + "input": "A MISP attribute of type IP Address(ip-src, ip-dst), Domain(hostname, domain), URL(url, uri), Email Address(email, email-src, email-dst, target-email, whois-registrant-email) and Phone Number(phone-number, whois-registrant-phone).", + "output": "IPQualityScore object, resulting from the query on the IPQualityScore API.", + "references": [ + "https://www.ipqualityscore.com/" + ], + "features": "This Module takes the IP Address, Domain, URL, Email and Phone Number MISP Attributes as input to query the IPQualityScore API.\n The results of the IPQualityScore API are than returned as IPQS Fraud and Risk Scoring Object. \n The object contains a copy of the enriched attribute with added tags presenting the verdict based on fraud score,risk score and other attributes from IPQualityScore." +} \ No newline at end of file From 023f6653b9d378a2b6fed12f5235e2f9ceeeba37 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 10:36:03 +0530 Subject: [PATCH 109/132] Update ipqs_fraud_and_risk_scoring.json --- .../website/expansion/ipqs_fraud_and_risk_scoring.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json b/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json index 8a1c097..d0d4665 100644 --- a/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json +++ b/documentation/website/expansion/ipqs_fraud_and_risk_scoring.json @@ -1,5 +1,5 @@ { - "description": "IPQualityScore MISP Expansion Module.", + "description": "IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation, Malicious Domain and Malicious URL Scanner.", "logo": "ipqualityscore.png", "requirements": [ "A IPQualityScore API Key." @@ -10,4 +10,4 @@ "https://www.ipqualityscore.com/" ], "features": "This Module takes the IP Address, Domain, URL, Email and Phone Number MISP Attributes as input to query the IPQualityScore API.\n The results of the IPQualityScore API are than returned as IPQS Fraud and Risk Scoring Object. \n The object contains a copy of the enriched attribute with added tags presenting the verdict based on fraud score,risk score and other attributes from IPQualityScore." -} \ No newline at end of file +} From 3856f9fe1d1160673b5c5f94d352e5216f0c30b6 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 10:38:48 +0530 Subject: [PATCH 110/132] Update ipqs_fraud_and_risk_scoring.py --- misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py index 754f94a..9cb50a3 100644 --- a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py +++ b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py @@ -42,8 +42,8 @@ mispattributes = { moduleinfo = { 'version': '0.1', 'author': 'David Mackler', - 'description': 'Query IPQualityScore for IP reputation, Email Validation, Phone Number Validation and Malicious ' - 'Domain/URL Scanner.', + 'description': 'Query IPQualityScore for IP reputation, Email Validation, Phone Number Validation,' + 'Malicious Domain and Malicious URL Scanner.', 'module-type': ['expansion', 'hover'] } moduleconfig = ['apikey'] From e7645a195aa18c98bbc50eca45f2873c4aa80fb1 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 11:01:54 +0530 Subject: [PATCH 111/132] Update test_expansions.py --- tests/test_expansions.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index b8764f7..7459e99 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -293,6 +293,29 @@ class TestExpansions(unittest.TestCase): response = self.misp_modules_post(query) self.assertEqual(self.get_object(response), 'asn') + def test_ipqs_fraud_and_risk_scoring(self): + module_name = "ipqs_fraud_and_risk_scoring" + query = {"module": module_name, + "attribute": {"type": "domain", + "value": "noreply@ipqualityscore.com", + "uuid": "ea89a33b-4ab7-4515-9f02-922a0bee333d"}, + "config": {}} + if module_name in self.configs: + query['config'] = self.configs[module_name] + response = self.misp_modules_post(query) + try: + self.assertEqual(self.get_object(response), 'IPQS:) + except Exception: + self.assertIn( + self.get_errors(response), + ( + "Invalid or unauthorized key. Please check the API key and try again." + ) + ) + else: + response = self.misp_modules_post(query) + self.assertEqual(self.get_errors(response), 'An API key for IPQualityScore is required.') + def test_macaddess_io(self): module_name = 'macaddress_io' query = {"module": module_name, "mac-address": "44:38:39:ff:ef:57"} From 8c1db02a655dcc27da3a87e3e5dcfe3d723b5c8d Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 11:06:38 +0530 Subject: [PATCH 112/132] Update test_expansions.py --- tests/test_expansions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 7459e99..649c05a 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -304,7 +304,7 @@ class TestExpansions(unittest.TestCase): query['config'] = self.configs[module_name] response = self.misp_modules_post(query) try: - self.assertEqual(self.get_object(response), 'IPQS:) + self.assertEqual(self.get_object(response), 'IPQS:') except Exception: self.assertIn( self.get_errors(response), From 0d63c5e0a2a197221ca77d63cf17d5434f2c5ac7 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 11:14:57 +0530 Subject: [PATCH 113/132] Update test_expansions.py --- tests/test_expansions.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 649c05a..db5d160 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -296,22 +296,14 @@ class TestExpansions(unittest.TestCase): def test_ipqs_fraud_and_risk_scoring(self): module_name = "ipqs_fraud_and_risk_scoring" query = {"module": module_name, - "attribute": {"type": "domain", + "attribute": {"type": "email", "value": "noreply@ipqualityscore.com", "uuid": "ea89a33b-4ab7-4515-9f02-922a0bee333d"}, "config": {}} if module_name in self.configs: query['config'] = self.configs[module_name] response = self.misp_modules_post(query) - try: - self.assertEqual(self.get_object(response), 'IPQS:') - except Exception: - self.assertIn( - self.get_errors(response), - ( - "Invalid or unauthorized key. Please check the API key and try again." - ) - ) + self.assertEqual(self.get_values(response), 'noreply@ipqualityscore.com') else: response = self.misp_modules_post(query) self.assertEqual(self.get_errors(response), 'An API key for IPQualityScore is required.') From 59a6ca2fb43067afb89b1e678d522758cceff197 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 11:34:42 +0530 Subject: [PATCH 114/132] Update test_expansions.py --- tests/test_expansions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index db5d160..35e384d 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -303,10 +303,10 @@ class TestExpansions(unittest.TestCase): if module_name in self.configs: query['config'] = self.configs[module_name] response = self.misp_modules_post(query) - self.assertEqual(self.get_values(response), 'noreply@ipqualityscore.com') + self.assertEqual(self.get_values(response)['message'], 'Success.') else: response = self.misp_modules_post(query) - self.assertEqual(self.get_errors(response), 'An API key for IPQualityScore is required.') + self.assertEqual(self.get_errors(response), 'Invalid or unauthorized key. Please check the API key and try again.') def test_macaddess_io(self): module_name = 'macaddress_io' From f5577aac78e25df5f19b86566534b7537ff917d3 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Sat, 12 Feb 2022 11:45:45 +0530 Subject: [PATCH 115/132] Update test_expansions.py --- tests/test_expansions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index 35e384d..d75756f 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -306,7 +306,7 @@ class TestExpansions(unittest.TestCase): self.assertEqual(self.get_values(response)['message'], 'Success.') else: response = self.misp_modules_post(query) - self.assertEqual(self.get_errors(response), 'Invalid or unauthorized key. Please check the API key and try again.') + self.assertEqual(self.get_errors(response), 'IPQualityScore apikey is missing') def test_macaddess_io(self): module_name = 'macaddress_io' From 30287e3b03198800d8e8f3e0fe7548e3de04fce2 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 14 Feb 2022 09:35:40 +0100 Subject: [PATCH 116/132] chg: [lib] latest stix2misp.py updated --- misp_modules/lib/stix2misp.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/misp_modules/lib/stix2misp.py b/misp_modules/lib/stix2misp.py index ed875b5..0e92aed 100644 --- a/misp_modules/lib/stix2misp.py +++ b/misp_modules/lib/stix2misp.py @@ -22,15 +22,19 @@ import os import time import io import pymisp -import stix2 -import misp_modules.lib.stix2misp_mapping as stix2misp_mapping +import stix2misp_mapping from collections import defaultdict from copy import deepcopy from pathlib import Path -_misp_objects_path = Path(__file__).parent / 'misp-objects' / 'objects' +_misp_dir = Path(os.path.realpath(__file__)).parents[4] +_misp_objects_path = _misp_dir / 'app' / 'files' / 'misp-objects' / 'objects' _misp_types = pymisp.AbstractMISP().describe_types.get('types') from pymisp import MISPEvent, MISPObject, MISPAttribute +_scripts_path = Path(__file__).resolve().parents[1] +sys.path.insert(0, str(_scripts_path / 'cti-python-stix2')) +import stix2 + class StixParser(): _galaxy_types = ('intrusion-set', 'malware', 'threat-actor', 'tool') @@ -471,7 +475,7 @@ class StixFromMISPParser(StixParser): if hasattr(galaxy, 'labels'): return [label for label in galaxy.labels if label.startswith('misp-galaxy:')] try: - return self._synonyms_to_tag_names[name] + return self._synonyms_to_tag_names[galaxy.name] except KeyError: print(f'Unknown {galaxy._type} name: {galaxy.name}', file=sys.stderr) return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] @@ -1097,6 +1101,8 @@ class StixFromMISPParser(StixParser): if tags: attribute['Tag'] = tags attribute.update(self.parse_timeline(stix_object)) + if hasattr(stix_object, 'description') and stix_object.description: + attribute['comment'] = stix_object.description if hasattr(stix_object, 'object_marking_refs'): self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs) return attribute @@ -1107,6 +1113,8 @@ class StixFromMISPParser(StixParser): misp_object = MISPObject('file' if object_type == 'WindowsPEBinaryFile' else object_type, misp_objects_path_custom=_misp_objects_path) misp_object.uuid = stix_object.id.split('--')[1] + if hasattr(stix_object, 'description') and stix_object.description: + misp_object.comment = stix_object.description misp_object.update(self.parse_timeline(stix_object)) return misp_object, object_type @@ -1984,6 +1992,8 @@ class ExternalStixParser(StixParser): misp_object = MISPObject(name if name is not None else stix_object.type, misp_objects_path_custom=_misp_objects_path) misp_object.uuid = stix_object.id.split('--')[1] + if hasattr(stix_object, 'description') and stix_object.description: + misp_object.comment = stix_object.description misp_object.update(self.parse_timeline(stix_object)) return misp_object @@ -2057,7 +2067,7 @@ def from_misp(stix_objects): def main(args): - filename = Path(os.path.dirname(args[0]), args[1]) + filename = args[1] if args[1][0] == '/' else Path(os.path.dirname(args[0]), args[1]) with open(filename, 'rt', encoding='utf-8') as f: event = stix2.parse(f.read(), allow_custom=True, interoperability=True) stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser() From 2f1d35774d6a3a90f6a76e0b48fdf5609c37286d Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Tue, 15 Feb 2022 18:52:14 +0530 Subject: [PATCH 117/132] Update ipqs_fraud_and_risk_scoring.py --- .../expansion/ipqs_fraud_and_risk_scoring.py | 23 +++++++------------ 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py index 9cb50a3..bb58284 100644 --- a/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py +++ b/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py @@ -42,7 +42,7 @@ mispattributes = { moduleinfo = { 'version': '0.1', 'author': 'David Mackler', - 'description': 'Query IPQualityScore for IP reputation, Email Validation, Phone Number Validation,' + 'description': 'IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation,' 'Malicious Domain and Malicious URL Scanner.', 'module-type': ['expansion', 'hover'] } @@ -124,9 +124,9 @@ class IPQualityScoreParser: self.critical = "CRITICAL" self.invalid = "INVALID" self.suspicious = "SUSPICIOUS" - self.malware = "MALWARE" - self.phishing = "PHISHING" - self.disposable = "DISPOSABLE" + self.malware = "CRITICAL" + self.phishing = "CRITICAL" + self.disposable = "CRITICAL" self.attribute = attribute self.misp_event = MISPEvent() self.misp_event.add_attribute(**attribute) @@ -385,8 +385,6 @@ class IPQualityScoreParser: self.ipqs_object.add_attribute(**parse_attribute(comment, data_item, data_item_value)) if ip_data_item == "fraud_score": fraud_score = int(data_item_value) - # tag_name = f'IPQS:Fraud Score="{fraud_score}"' - # self.add_tag(tag_name) self.ip_address_risk_scoring(fraud_score) self.ipqs_object.add_attribute( @@ -439,8 +437,6 @@ class IPQualityScoreParser: phishing = data_item_value if url_data_item == "risk_score": risk_score = int(data_item_value) - #tag_name = f'IPQS:Risk Score="{risk_score}"' - #self.add_tag(tag_name) self.url_risk_scoring(risk_score, malware, phishing) self.ipqs_object.add_attribute( @@ -497,8 +493,6 @@ class IPQualityScoreParser: valid = data_item_value if email_data_item == "fraud_score": fraud_score = int(data_item_value) - #tag_name = f'IPQS:Fraud Score="{fraud_score}"' - #self.add_tag(tag_name) self.email_address_risk_scoring(fraud_score, disposable, valid) self.ipqs_object.add_attribute( @@ -510,10 +504,10 @@ class IPQualityScoreParser: def email_address_risk_scoring(self, score, disposable, valid): """method to create calculate verdict for Email Address""" risk_criticality = "" - if valid == "False": - risk_criticality = self.invalid - elif disposable == "True": + if disposable == "True": risk_criticality = self.disposable + elif valid == "False": + risk_criticality = self.invalid elif score == 100: risk_criticality = self.high elif 88 <= score <= 99: @@ -544,8 +538,7 @@ class IPQualityScoreParser: valid = data_item_value if phone_data_item == "fraud_score": fraud_score = int(data_item_value) - #tag_name = f'IPQS:Fraud Score="{fraud_score}"' - #self.add_tag(tag_name) + self.phone_address_risk_scoring(fraud_score, valid, active) self.ipqs_object.add_attribute( From 9b4b1a1c4f06d59d4a167b4838e7bb1e9d4fea76 Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Tue, 15 Feb 2022 19:01:13 +0530 Subject: [PATCH 118/132] Update __init__.py --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 15eb8d6..1142252 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb', 'ipqs_fraud_and_risk_scoring'] + 'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring'] minimum_required_fields = ('type', 'uuid', 'value') From 82eee0074b2a408ef8eeefc9816422b0dd9c34ab Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Tue, 15 Feb 2022 19:11:36 +0530 Subject: [PATCH 119/132] Update __init__.py --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 1142252..15eb8d6 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring'] + 'qintel_qsentry', 'mwdb', 'ipqs_fraud_and_risk_scoring'] minimum_required_fields = ('type', 'uuid', 'value') From 4a19d35da028719e707641fe4de481517384dace Mon Sep 17 00:00:00 2001 From: Rambatla Venkat Rao <68921481+RamboV@users.noreply.github.com> Date: Tue, 15 Feb 2022 19:19:51 +0530 Subject: [PATCH 120/132] updated to add the latest modules --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 15eb8d6..1142252 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb', 'ipqs_fraud_and_risk_scoring'] + 'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring'] minimum_required_fields = ('type', 'uuid', 'value') From 077576971452a00fa08af542471b220340f54cef Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 15 Feb 2022 15:27:36 +0100 Subject: [PATCH 121/132] chg: [doc] updated --- documentation/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/documentation/README.md b/documentation/README.md index 88670b0..9d2d7cc 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -754,6 +754,26 @@ Module to query an IP ASN history service (https://github.com/D4-project/IPASN-H ----- +#### [ipqs_fraud_and_risk_scoring](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipqs_fraud_and_risk_scoring.py) + + + +IPQualityScore MISP Expansion Module for IP reputation, Email Validation, Phone Number Validation, Malicious Domain and Malicious URL Scanner. +- **features**: +>This Module takes the IP Address, Domain, URL, Email and Phone Number MISP Attributes as input to query the IPQualityScore API. +> The results of the IPQualityScore API are than returned as IPQS Fraud and Risk Scoring Object. +> The object contains a copy of the enriched attribute with added tags presenting the verdict based on fraud score,risk score and other attributes from IPQualityScore. +- **input**: +>A MISP attribute of type IP Address(ip-src, ip-dst), Domain(hostname, domain), URL(url, uri), Email Address(email, email-src, email-dst, target-email, whois-registrant-email) and Phone Number(phone-number, whois-registrant-phone). +- **output**: +>IPQualityScore object, resulting from the query on the IPQualityScore API. +- **references**: +>https://www.ipqualityscore.com/ +- **requirements**: +>A IPQualityScore API Key. + +----- + #### [iprep](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/iprep.py) Module to query IPRep data for IP addresses. From a1e468f7bf22f46de7ec0d41e37d75299cc205a7 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Tue, 22 Feb 2022 23:33:55 +0100 Subject: [PATCH 122/132] fix: Allow email-src and email-dst as input for apivoid module --- misp_modules/modules/expansion/apivoid.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/apivoid.py b/misp_modules/modules/expansion/apivoid.py index 3b0ce72..3d29d85 100755 --- a/misp_modules/modules/expansion/apivoid.py +++ b/misp_modules/modules/expansion/apivoid.py @@ -4,7 +4,7 @@ from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject misperrors = {'error': 'Error'} -mispattributes = {'input': ['domain', 'hostname', 'email'], 'format': 'misp_standard'} +mispattributes = {'input': ['domain', 'hostname', 'email', 'email-src', 'email-dst'], 'format': 'misp_standard'} moduleinfo = {'version': '0.2', 'author': 'Christian Studer', 'description': 'On demand query API for APIVoid.', 'module-type': ['expansion', 'hover']} From c5a9a973549f1e62326e7f410ad09a646b67bc9c Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Wed, 23 Feb 2022 00:54:13 +0100 Subject: [PATCH 123/132] chg:[doc] update mmdb_lookup documentation --- documentation/website/expansion/mmdb_lookup.json | 11 +++++++++++ misp_modules/modules/expansion/mmdb_lookup.py | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 documentation/website/expansion/mmdb_lookup.json diff --git a/documentation/website/expansion/mmdb_lookup.json b/documentation/website/expansion/mmdb_lookup.json new file mode 100644 index 0000000..ebfbf49 --- /dev/null +++ b/documentation/website/expansion/mmdb_lookup.json @@ -0,0 +1,11 @@ +{ + "description": "A hover and expansion module to enrich an ip with geolocation and ASN information from an mmdb server instance, such as CIRCL's ip.circl.lu.", + "logo": "circl.png", + "input": "An IP address attribute (for example ip-src or ip-src|port).", + "output": "Geolocation and asn objects.", + "references": [ + "https://data.public.lu/fr/datasets/geo-open-ip-address-geolocation-per-country-in-mmdb-format/", + "https://github.com/adulau/mmdb-server" + ], + "features": "The module takes an IP address related attribute as input.\n It queries the public CIRCL.lu mmdb-server instance, available at ip.circl.lu, by default. The module can be configured with a custom mmdb server url if required.\n It is also possible to filter results on 1 db_source by configuring db_source_filter." +} \ No newline at end of file diff --git a/misp_modules/modules/expansion/mmdb_lookup.py b/misp_modules/modules/expansion/mmdb_lookup.py index 0c54ba8..e3a0eff 100644 --- a/misp_modules/modules/expansion/mmdb_lookup.py +++ b/misp_modules/modules/expansion/mmdb_lookup.py @@ -6,7 +6,7 @@ from pymisp import MISPEvent, MISPObject misperrors = {'error': 'Error'} mispattributes = {'input': ['ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'], 'format': 'misp_standard'} moduleinfo = {'version': '1', 'author': 'Jeroen Pinoy', - 'description': "An expansion module to enrich an ip with geolocation information from an mmdb server " + 'description': "An expansion module to enrich an ip with geolocation and asn information from an mmdb server " "such as ip.circl.lu.", 'module-type': ['expansion', 'hover']} moduleconfig = ["custom_API", "db_source_filter"] From c1b46bb2c45e2f9d603f22b9c33a5e32ea67633e Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 23 Feb 2022 07:37:57 +0100 Subject: [PATCH 124/132] chg: [doc] mmdb documention updated --- documentation/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/documentation/README.md b/documentation/README.md index 9d2d7cc..a455c79 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -936,6 +936,25 @@ Query the MALWAREbazaar API to get additional information about the input hash a ----- +#### [mmdb_lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/mmdb_lookup.py) + + + +A hover and expansion module to enrich an ip with geolocation and ASN information from an mmdb server instance, such as CIRCL's ip.circl.lu. +- **features**: +>The module takes an IP address related attribute as input. +> It queries the public CIRCL.lu mmdb-server instance, available at ip.circl.lu, by default. The module can be configured with a custom mmdb server url if required. +> It is also possible to filter results on 1 db_source by configuring db_source_filter. +- **input**: +>An IP address attribute (for example ip-src or ip-src|port). +- **output**: +>Geolocation and asn objects. +- **references**: +> - https://data.public.lu/fr/datasets/geo-open-ip-address-geolocation-per-country-in-mmdb-format/ +> - https://github.com/adulau/mmdb-server + +----- + #### [mwdb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/mwdb.py) Module to push malware samples to a MWDB instance From 799541e9de6bcdbbe8a259b9946390986abbb9be Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 3 Mar 2022 17:49:19 +0100 Subject: [PATCH 125/132] chg: [internal] Update deps --- .github/workflows/python-package.yml | 2 +- Pipfile | 2 + REQUIREMENTS | 69 +++++++++++++++------------- 3 files changed, 39 insertions(+), 34 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 510a469..6e65048 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -17,7 +17,7 @@ jobs: steps: - run: | - sudo apt-get install libfuzzy-dev libpoppler-cpp-dev libzbar0 tesseract-ocr + sudo apt-get install libpoppler-cpp-dev libzbar0 tesseract-ocr - uses: actions/checkout@v2 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v2 diff --git a/Pipfile b/Pipfile index bdf2c98..b7ec209 100644 --- a/Pipfile +++ b/Pipfile @@ -26,7 +26,9 @@ beautifulsoup4 = "*" oauth2 = "*" yara-python = "==3.8.1" sigmatools = "*" +stix2 = "*" stix2-patterns = "*" +taxii2-client = "*" maclookup = "*" vulners = "*" blockchain = "*" diff --git a/REQUIREMENTS b/REQUIREMENTS index 5d4e50e..4a22e45 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -27,28 +27,28 @@ censys==2.1.2 certifi==2021.10.8 cffi==1.15.0 chardet==4.0.0 -charset-normalizer==2.0.11; python_version >= '3' +charset-normalizer==2.0.12; python_version >= '3' clamd==1.0.2 click-plugins==1.1.1 -click==8.0.3; python_version >= '3.6' +click==8.0.4; python_version >= '3.6' colorama==0.4.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' colorclass==2.2.2; python_version >= '2.6' commonmark==0.9.1 compressed-rtf==1.0.6 configparser==5.2.0; python_version >= '3.6' -crowdstrike-falconpy==1.0.0 +crowdstrike-falconpy==1.0.5 cryptography==36.0.1; python_version >= '3.6' decorator==5.1.1; python_version >= '3.5' deprecated==1.2.13; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -dnsdb2==1.1.3 +dnsdb2==1.1.4 dnspython==2.2.0 domaintools-api==0.6.1 easygui==0.98.2 ebcdic==1.1.1 enum-compat==0.0.3 -extract-msg==0.28.7 +extract-msg==0.30.8 ezodf==0.3.2 -filelock==3.4.2; python_version >= '3.7' +filelock==3.6.0; python_version >= '3.7' frozenlist==1.3.0; python_version >= '3.7' future==0.18.2; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' geoip2==4.5.0 @@ -62,25 +62,26 @@ git+https://github.com/sebdraven/pyonyphe@aed008ee5a27e3a5e4afbb3e5cbfc471701084 httplib2==0.20.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' idna-ssl==1.1.0; python_version < '3.7' idna==3.3; python_version >= '3' -imapclient==2.1.0 -importlib-metadata==4.10.1; python_version < '3.8' +imapclient==2.2.0 +importlib-metadata==4.11.2; python_version < '3.8' +importlib-resources==5.4.0; python_version < '3.9' isodate==0.6.1 -itsdangerous==2.0.1; python_version >= '3.6' +itsdangerous==2.1.0; python_version >= '3.7' jbxapi==3.17.2 jeepney==0.7.1; sys_platform == 'linux' json-log-formatter==0.5.1 -jsonschema==3.2.0 +jsonschema==4.4.0; python_version >= '3.7' keyring==23.5.0; python_version >= '3.7' lark-parser==0.12.0 lief==0.11.5 -lxml==4.7.1 +lxml==4.8.0 maclookup==1.0.3 markdownify==0.5.3 maxminddb==2.2.0; python_version >= '3.6' more-itertools==8.12.0; python_version >= '3.5' msoffcrypto-tool==5.0.0; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin') multidict==6.0.2; python_version >= '3.7' -mwdblib==4.0.0 +mwdblib==4.1.0 ndjson==0.3.1 np==1.0.2 numpy==1.21.5; python_version < '3.10' and platform_machine != 'aarch64' and platform_machine != 'arm64' @@ -98,26 +99,26 @@ pillow==9.0.1 progressbar2==4.0.0; python_version >= '3.7' psutil==5.9.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pycparser==2.21 -pycryptodome==3.14.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -pycryptodomex==3.14.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -pydeep==0.4 +pycryptodome==3.14.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pycryptodomex==3.14.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pydeep2==0.5.1 pyeupi==1.1 pyfaup==1.2 pygeoip==0.3.2 pygments==2.11.2; python_version >= '3.5' -pymisp[email,fileobjects,openioc,pdfexport,url]==2.4.152 +pymisp[email,fileobjects,openioc,pdfexport,url]==2.4.155.1 pyparsing==2.4.7; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pypdns==1.5.2 pypssl==2.2 pyrsistent==0.18.1; python_version >= '3.7' -pytesseract==0.3.8 +pytesseract==0.3.9 python-baseconv==1.2.2 python-dateutil==2.8.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' python-docx==0.8.11 python-engineio==4.3.1; python_version >= '3.6' python-magic==0.4.25 python-pptx==0.6.21 -python-socketio[client]==5.5.1; python_version >= '3.6' +python-socketio[client]==5.5.2; python_version >= '3.6' python-utils==3.1.0; python_version >= '3.7' pytz-deprecation-shim==0.1.0.post0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' pytz==2019.3 @@ -125,46 +126,48 @@ pyyaml==6.0; python_version >= '3.6' pyzbar==0.1.8 pyzipper==0.3.5; python_version >= '3.5' rdflib==6.1.1; python_version >= '3.7' -redis==4.1.2; python_version >= '3.6' -reportlab==3.6.6 +redis==4.1.4; python_version >= '3.6' +reportlab==3.6.8 requests-cache==0.6.4; python_version >= '3.6' requests-file==1.5.1 -requests[security]==2.27.1 -rich==11.1.0; python_full_version >= '3.6.2' and python_full_version < '4.0.0' +requests==2.27.1 +rich==11.2.0; python_version < '4.0' and python_full_version >= '3.6.2' rtfde==0.0.2 secretstorage==3.3.1; sys_platform == 'linux' -setuptools==60.7.1; python_version >= '3.7' -shodan==1.26.1 +setuptools==60.9.3; python_version >= '3.7' +shodan==1.27.0 sigmatools==0.19.1 +simplejson==3.17.6; python_version >= '2.5' and python_version not in '3.0, 3.1, 3.2, 3.3' six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' socialscan==1.4.2 socketio-client==0.5.7.4 soupsieve==2.3.1; python_version >= '3.6' sparqlwrapper==1.8.5 -stix2==3.0.1 stix2-patterns==1.3.2 +stix2==3.0.1 tabulate==0.8.9 -tau-clients==0.1.9 +tau-clients==0.2.1 taxii2-client==2.3.0 -tldextract==3.1.2; python_version >= '3.6' +tldextract==3.2.0; python_version >= '3.7' tornado==6.1; python_version >= '3.5' -tqdm==4.62.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -typing-extensions==4.0.1; python_version < '3.8' +tqdm==4.63.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +typing-extensions==4.1.1; python_version < '3.8' tzdata==2021.5; python_version >= '3.6' tzlocal==4.1; python_version >= '3.6' unicodecsv==0.14.1 url-normalize==1.4.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' urlarchiver==0.2 -urllib3==1.26.8; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_full_version < '4.0.0' +urllib3==1.26.8; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4.0' validators==0.14.0 vt-graph-api==1.1.3 vt-py==0.13.1 -vulners==2.0.0 +vulners==2.0.2 wand==0.6.7 -websocket-client==1.2.3; python_version >= '3.6' +websocket-client==1.3.1; python_version >= '3.6' wrapt==1.13.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' xlrd==2.0.1 -xlsxwriter==3.0.2; python_version >= '3.4' +xlsxwriter==3.0.3; python_version >= '3.4' yara-python==3.8.1 yarl==1.7.2; python_version >= '3.6' zipp==3.7.0; python_version >= '3.7' + From 79de89657ca57138b8ce3c77cd548668985e482c Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 4 Mar 2022 10:07:53 +0100 Subject: [PATCH 126/132] fix: [wiki] Change User-Agent to avoid 403 error --- misp_modules/modules/expansion/wiki.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/wiki.py b/misp_modules/modules/expansion/wiki.py index 90dd547..110e8f8 100755 --- a/misp_modules/modules/expansion/wiki.py +++ b/misp_modules/modules/expansion/wiki.py @@ -17,7 +17,7 @@ def handler(q=False): misperrors['error'] = 'Query text missing' return misperrors - sparql = SPARQLWrapper(wiki_api_url) + sparql = SPARQLWrapper(wiki_api_url, agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36') query_string = \ "SELECT ?item \n" \ "WHERE { \n" \ @@ -26,7 +26,6 @@ def handler(q=False): sparql.setQuery(query_string) sparql.setReturnFormat(JSON) results = sparql.query().convert() - summary = '' try: result = results["results"]["bindings"] summary = result[0]["item"]["value"] if result else 'No additional data found on Wikidata' From 0295268c43033ef921cb0085bb1acf73badde415 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 5 Mar 2022 15:12:25 +0100 Subject: [PATCH 127/132] chg: [requirements] dnspython3 is required --- REQUIREMENTS | 1 + 1 file changed, 1 insertion(+) diff --git a/REQUIREMENTS b/REQUIREMENTS index 4a22e45..d0294e9 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -42,6 +42,7 @@ decorator==5.1.1; python_version >= '3.5' deprecated==1.2.13; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' dnsdb2==1.1.4 dnspython==2.2.0 +dnspython3 domaintools-api==0.6.1 easygui==0.98.2 ebcdic==1.1.1 From db902275b314b8d3c7cf1be9a22407cee7cbf744 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 5 Mar 2022 15:24:29 +0100 Subject: [PATCH 128/132] chg: [joe] skip not existing system in behavior --- misp_modules/lib/joe_parser.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misp_modules/lib/joe_parser.py b/misp_modules/lib/joe_parser.py index 22a4918..8b400fe 100644 --- a/misp_modules/lib/joe_parser.py +++ b/misp_modules/lib/joe_parser.py @@ -167,6 +167,8 @@ class JoeParser(): self.misp_event.add_attribute(**attribute) def parse_system_behavior(self): + if not 'system' in self.data['behavior']: + return system = self.data['behavior']['system'] if system.get('processes'): process_activities = {'fileactivities': self.parse_fileactivities, From cba06ab3722fdb03658bbaca1b9765c68568a2e1 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Mon, 7 Mar 2022 17:53:43 +0100 Subject: [PATCH 129/132] fix: [joe parser] Some clean-up on the Joe parser --- misp_modules/lib/__init__.py | 1 + misp_modules/lib/joe_mapping.py | 114 +++++++++ misp_modules/lib/joe_parser.py | 405 +++++++++++++++++++++----------- 3 files changed, 386 insertions(+), 134 deletions(-) create mode 100644 misp_modules/lib/joe_mapping.py diff --git a/misp_modules/lib/__init__.py b/misp_modules/lib/__init__.py index 2939e75..dffa255 100644 --- a/misp_modules/lib/__init__.py +++ b/misp_modules/lib/__init__.py @@ -1,3 +1,4 @@ +import joe_mapping from .vt_graph_parser import * # noqa all = ['joe_parser', 'lastline_api', 'cof2misp', 'qintel_helper'] diff --git a/misp_modules/lib/joe_mapping.py b/misp_modules/lib/joe_mapping.py new file mode 100644 index 0000000..eda961e --- /dev/null +++ b/misp_modules/lib/joe_mapping.py @@ -0,0 +1,114 @@ +arch_type_mapping = { + 'ANDROID': 'parse_apk', + 'LINUX': 'parse_elf', + 'WINDOWS': 'parse_pe' +} +domain_object_mapping = { + '@ip': {'type': 'ip-dst', 'object_relation': 'ip'}, + '@name': {'type': 'domain', 'object_relation': 'domain'} +} +dropped_file_mapping = { + '@entropy': {'type': 'float', 'object_relation': 'entropy'}, + '@file': {'type': 'filename', 'object_relation': 'filename'}, + '@size': {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'}, + '@type': {'type': 'mime-type', 'object_relation': 'mimetype'} +} +dropped_hash_mapping = { + 'MD5': 'md5', + 'SHA': 'sha1', + 'SHA-256': 'sha256', + 'SHA-512': 'sha512' +} +elf_object_mapping = { + 'epaddr': 'entrypoint-address', + 'machine': 'arch', + 'osabi': 'os_abi' +} +elf_section_flags_mapping = { + 'A': 'ALLOC', + 'I': 'INFO_LINK', + 'M': 'MERGE', + 'S': 'STRINGS', + 'T': 'TLS', + 'W': 'WRITE', + 'X': 'EXECINSTR' +} +file_object_fields = ( + 'filename', + 'md5', + 'sha1', + 'sha256', + 'sha512', + 'ssdeep' +) +file_object_mapping = { + 'entropy': {'type': 'float', 'object_relation': 'entropy'}, + 'filesize': {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'}, + 'filetype': {'type': 'mime-type', 'object_relation': 'mimetype'} +} +file_references_mapping = { + 'fileCreated': 'creates', + 'fileDeleted': 'deletes', + 'fileMoved': 'moves', + 'fileRead': 'reads', + 'fileWritten': 'writes' +} +network_behavior_fields = ('srcip', 'dstip', 'srcport', 'dstport') +network_connection_object_mapping = { + 'srcip': {'type': 'ip-src', 'object_relation': 'ip-src'}, + 'dstip': {'type': 'ip-dst', 'object_relation': 'ip-dst'}, + 'srcport': {'type': 'port', 'object_relation': 'src-port'}, + 'dstport': {'type': 'port', 'object_relation': 'dst-port'} +} +pe_object_fields = { + 'entrypoint': {'type': 'text', 'object_relation': 'entrypoint-address'}, + 'imphash': {'type': 'imphash', 'object_relation': 'imphash'} +} +pe_object_mapping = { + 'CompanyName': 'company-name', + 'FileDescription': 'file-description', + 'FileVersion': 'file-version', + 'InternalName': 'internal-filename', + 'LegalCopyright': 'legal-copyright', + 'OriginalFilename': 'original-filename', + 'ProductName': 'product-filename', + 'ProductVersion': 'product-version', + 'Translation': 'lang-id' +} +pe_section_object_mapping = { + 'characteristics': {'type': 'text', 'object_relation': 'characteristic'}, + 'entropy': {'type': 'float', 'object_relation': 'entropy'}, + 'name': {'type': 'text', 'object_relation': 'name'}, + 'rawaddr': {'type': 'hex', 'object_relation': 'offset'}, + 'rawsize': {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'}, + 'virtaddr': {'type': 'hex', 'object_relation': 'virtual_address'}, + 'virtsize': {'type': 'size-in-bytes', 'object_relation': 'virtual_size'} +} +process_object_fields = { + 'cmdline': 'command-line', + 'name': 'name', + 'parentpid': 'parent-pid', + 'pid': 'pid', + 'path': 'current-directory' +} +protocols = { + 'tcp': 4, + 'udp': 4, + 'icmp': 3, + 'http': 7, + 'https': 7, + 'ftp': 7 +} +registry_references_mapping = { + 'keyValueCreated': 'creates', + 'keyValueModified': 'modifies' +} +regkey_object_mapping = { + 'name': {'type': 'text', 'object_relation': 'name'}, + 'newdata': {'type': 'text', 'object_relation': 'data'}, + 'path': {'type': 'regkey', 'object_relation': 'key'} +} +signerinfo_object_mapping = { + 'sigissuer': {'type': 'text', 'object_relation': 'issuer'}, + 'version': {'type': 'text', 'object_relation': 'version'} +} diff --git a/misp_modules/lib/joe_parser.py b/misp_modules/lib/joe_parser.py index 8b400fe..8ae57a9 100644 --- a/misp_modules/lib/joe_parser.py +++ b/misp_modules/lib/joe_parser.py @@ -1,53 +1,15 @@ # -*- coding: utf-8 -*- +import json from collections import defaultdict from datetime import datetime from pymisp import MISPAttribute, MISPEvent, MISPObject -import json - - -arch_type_mapping = {'ANDROID': 'parse_apk', 'LINUX': 'parse_elf', 'WINDOWS': 'parse_pe'} -domain_object_mapping = {'@ip': ('ip-dst', 'ip'), '@name': ('domain', 'domain')} -dropped_file_mapping = {'@entropy': ('float', 'entropy'), - '@file': ('filename', 'filename'), - '@size': ('size-in-bytes', 'size-in-bytes'), - '@type': ('mime-type', 'mimetype')} -dropped_hash_mapping = {'MD5': 'md5', 'SHA': 'sha1', 'SHA-256': 'sha256', 'SHA-512': 'sha512'} -elf_object_mapping = {'epaddr': 'entrypoint-address', 'machine': 'arch', 'osabi': 'os_abi'} -elf_section_flags_mapping = {'A': 'ALLOC', 'I': 'INFO_LINK', 'M': 'MERGE', - 'S': 'STRINGS', 'T': 'TLS', 'W': 'WRITE', - 'X': 'EXECINSTR'} -file_object_fields = ['filename', 'md5', 'sha1', 'sha256', 'sha512', 'ssdeep'] -file_object_mapping = {'entropy': ('float', 'entropy'), - 'filesize': ('size-in-bytes', 'size-in-bytes'), - 'filetype': ('mime-type', 'mimetype')} -file_references_mapping = {'fileCreated': 'creates', 'fileDeleted': 'deletes', - 'fileMoved': 'moves', 'fileRead': 'reads', 'fileWritten': 'writes'} -network_behavior_fields = ('srcip', 'dstip', 'srcport', 'dstport') -network_connection_object_mapping = {'srcip': ('ip-src', 'ip-src'), 'dstip': ('ip-dst', 'ip-dst'), - 'srcport': ('port', 'src-port'), 'dstport': ('port', 'dst-port')} -pe_object_fields = {'entrypoint': ('text', 'entrypoint-address'), - 'imphash': ('imphash', 'imphash')} -pe_object_mapping = {'CompanyName': 'company-name', 'FileDescription': 'file-description', - 'FileVersion': 'file-version', 'InternalName': 'internal-filename', - 'LegalCopyright': 'legal-copyright', 'OriginalFilename': 'original-filename', - 'ProductName': 'product-filename', 'ProductVersion': 'product-version', - 'Translation': 'lang-id'} -pe_section_object_mapping = {'characteristics': ('text', 'characteristic'), - 'entropy': ('float', 'entropy'), - 'name': ('text', 'name'), 'rawaddr': ('hex', 'offset'), - 'rawsize': ('size-in-bytes', 'size-in-bytes'), - 'virtaddr': ('hex', 'virtual_address'), - 'virtsize': ('size-in-bytes', 'virtual_size')} -process_object_fields = {'cmdline': 'command-line', 'name': 'name', - 'parentpid': 'parent-pid', 'pid': 'pid', - 'path': 'current-directory'} -protocols = {'tcp': 4, 'udp': 4, 'icmp': 3, - 'http': 7, 'https': 7, 'ftp': 7} -registry_references_mapping = {'keyValueCreated': 'creates', 'keyValueModified': 'modifies'} -regkey_object_mapping = {'name': ('text', 'name'), 'newdata': ('text', 'data'), - 'path': ('regkey', 'key')} -signerinfo_object_mapping = {'sigissuer': ('text', 'issuer'), - 'version': ('text', 'version')} +from joe_mapping import (arch_type_mapping, domain_object_mapping, + dropped_file_mapping, dropped_hash_mapping, elf_object_mapping, + elf_section_flags_mapping, file_object_fields, file_object_mapping, + file_references_mapping, network_behavior_fields, + network_connection_object_mapping, pe_object_fields, pe_object_mapping, + pe_section_object_mapping, process_object_fields, protocols, + registry_references_mapping, regkey_object_mapping, signerinfo_object_mapping) class JoeParser(): @@ -57,7 +19,7 @@ class JoeParser(): self.attributes = defaultdict(lambda: defaultdict(set)) self.process_references = {} - self.import_pe = config["import_pe"] + self.import_executable = config["import_executable"] self.create_mitre_attack = config["mitre_attack"] def parse_data(self, data): @@ -101,26 +63,46 @@ class JoeParser(): for droppedfile in droppedinfo['hash']: file_object = MISPObject('file') for key, mapping in dropped_file_mapping.items(): - attribute_type, object_relation = mapping - file_object.add_attribute(object_relation, **{'type': attribute_type, 'value': droppedfile[key], 'to_ids': False}) + if droppedfile.get(key) is not None: + attribute = {'value': droppedfile[key], 'to_ids': False} + attribute.update(mapping) + file_object.add_attribute(**attribute) if droppedfile['@malicious'] == 'true': - file_object.add_attribute('state', **{'type': 'text', 'value': 'Malicious', 'to_ids': False}) + file_object.add_attribute( + **{ + 'type': 'text', + 'object_relation': 'state', + 'value': 'Malicious', + 'to_ids': False + } + ) for h in droppedfile['value']: hash_type = dropped_hash_mapping[h['@algo']] - file_object.add_attribute(hash_type, **{'type': hash_type, 'value': h['$'], 'to_ids': False}) - self.misp_event.add_object(**file_object) - self.references[self.process_references[(int(droppedfile['@targetid']), droppedfile['@process'])]].append({ - 'referenced_uuid': file_object.uuid, - 'relationship_type': 'drops' - }) + file_object.add_attribute( + **{ + 'type': hash_type, + 'object_relation': hash_type, + 'value': h['$'], + 'to_ids': False + } + ) + self.misp_event.add_object(file_object) + reference_key = (int(droppedfile['@targetid']), droppedfile['@process']) + if reference_key in self.process_references: + self.references[self.process_references[reference_key]].append( + { + 'referenced_uuid': file_object.uuid, + 'relationship_type': 'drops' + } + ) def parse_mitre_attack(self): - mitreattack = self.data['mitreattack'] + mitreattack = self.data.get('mitreattack', {}) if mitreattack: for tactic in mitreattack['tactic']: if tactic.get('technique'): for technique in tactic['technique']: - self.misp_event.add_tag('misp-galaxy:mitre-attack-pattern="{} - {}"'.format(technique['name'], technique['id'])) + self.misp_event.add_tag(f'misp-galaxy:mitre-attack-pattern="{technique["name"]} - {technique["id"]}"') def parse_network_behavior(self): network = self.data['behavior']['network'] @@ -134,37 +116,65 @@ class JoeParser(): attributes = self.prefetch_attributes_data(connection) if len(data.keys()) == len(set(protocols[protocol] for protocol in data.keys())): network_connection_object = MISPObject('network-connection') - for object_relation, attribute in attributes.items(): - network_connection_object.add_attribute(object_relation, **attribute) - network_connection_object.add_attribute('first-packet-seen', - **{'type': 'datetime', - 'value': min(tuple(min(timestamp) for timestamp in data.values())), - 'to_ids': False}) + for attribute in attributes: + network_connection_object.add_attribute(**attribute) + network_connection_object.add_attribute( + **{ + 'type': 'datetime', + 'object_relation': 'first-packet-seen', + 'value': min(tuple(min(timestamp) for timestamp in data.values())), + 'to_ids': False + } + ) for protocol in data.keys(): - network_connection_object.add_attribute('layer{}-protocol'.format(protocols[protocol]), - **{'type': 'text', 'value': protocol, 'to_ids': False}) - self.misp_event.add_object(**network_connection_object) + network_connection_object.add_attribute( + **{ + 'type': 'text', + 'object_relation': f'layer{protocols[protocol]}-protocol', + 'value': protocol, + 'to_ids': False + } + ) + self.misp_event.add_object(network_connection_object) self.references[self.analysisinfo_uuid].append(dict(referenced_uuid=network_connection_object.uuid, relationship_type='initiates')) else: for protocol, timestamps in data.items(): network_connection_object = MISPObject('network-connection') - for object_relation, attribute in attributes.items(): - network_connection_object.add_attribute(object_relation, **attribute) - network_connection_object.add_attribute('first-packet-seen', **{'type': 'datetime', 'value': min(timestamps), 'to_ids': False}) - network_connection_object.add_attribute('layer{}-protocol'.format(protocols[protocol]), **{'type': 'text', 'value': protocol, 'to_ids': False}) - self.misp_event.add_object(**network_connection_object) + for attribute in attributes: + network_connection_object.add_attribute(**attribute) + network_connection_object.add_attribute( + **{ + 'type': 'datetime', + 'object_relation': 'first-packet-seen', + 'value': min(timestamps), + 'to_ids': False + } + ) + network_connection_object.add_attribute( + **{ + 'type': 'text', + 'object_relation': f'layer{protocols[protocol]}-protocol', + 'value': protocol, + 'to_ids': False + } + ) + self.misp_event.add_object(network_connection_object) self.references[self.analysisinfo_uuid].append(dict(referenced_uuid=network_connection_object.uuid, relationship_type='initiates')) def parse_screenshot(self): - screenshotdata = self.data['behavior']['screenshotdata'] - if screenshotdata: - screenshotdata = screenshotdata['interesting']['$'] - attribute = {'type': 'attachment', 'value': 'screenshot.jpg', - 'data': screenshotdata, 'disable_correlation': True, - 'to_ids': False} - self.misp_event.add_attribute(**attribute) + if self.data['behavior'].get('screenshotdata', {}).get('interesting') is not None: + screenshotdata = self.data['behavior']['screenshotdata']['interesting']['$'] + self.misp_event.add_attribute( + **{ + 'type': 'attachment', + 'value': 'screenshot.jpg', + 'data': screenshotdata, + 'disable_correlation': True, + 'to_ids': False + } + ) def parse_system_behavior(self): if not 'system' in self.data['behavior']: @@ -177,10 +187,24 @@ class JoeParser(): general = process['general'] process_object = MISPObject('process') for feature, relation in process_object_fields.items(): - process_object.add_attribute(relation, **{'type': 'text', 'value': general[feature], 'to_ids': False}) - start_time = datetime.strptime('{} {}'.format(general['date'], general['time']), '%d/%m/%Y %H:%M:%S') - process_object.add_attribute('start-time', **{'type': 'datetime', 'value': start_time, 'to_ids': False}) - self.misp_event.add_object(**process_object) + process_object.add_attribute( + **{ + 'type': 'text', + 'object_relation': relation, + 'value': general[feature], + 'to_ids': False + } + ) + start_time = datetime.strptime(f"{general['date']} {general['time']}", '%d/%m/%Y %H:%M:%S') + process_object.add_attribute( + **{ + 'type': 'datetime', + 'object_relation': 'start-time', + 'value': start_time, + 'to_ids': False + } + ) + self.misp_event.add_object(process_object) for field, to_call in process_activities.items(): if process.get(field): to_call(process_object.uuid, process[field]) @@ -213,9 +237,15 @@ class JoeParser(): url_object = MISPObject("url") self.analysisinfo_uuid = url_object.uuid - - url_object.add_attribute("url", generalinfo["target"]["url"], to_ids=False) - self.misp_event.add_object(**url_object) + url_object.add_attribute( + **{ + 'type': 'url', + 'object_relation': 'url', + 'value': generalinfo["target"]["url"], + 'to_ids': False + } + ) + self.misp_event.add_object(url_object) def parse_fileinfo(self): fileinfo = self.data['fileinfo'] @@ -224,20 +254,29 @@ class JoeParser(): self.analysisinfo_uuid = file_object.uuid for field in file_object_fields: - file_object.add_attribute(field, **{'type': field, 'value': fileinfo[field], 'to_ids': False}) + file_object.add_attribute( + **{ + 'type': field, + 'object_relation': field, + 'value': fileinfo[field], + 'to_ids': False + } + ) for field, mapping in file_object_mapping.items(): - attribute_type, object_relation = mapping - file_object.add_attribute(object_relation, **{'type': attribute_type, 'value': fileinfo[field], 'to_ids': False}) + if fileinfo.get(field) is not None: + attribute = {'value': fileinfo[field], 'to_ids': False} + attribute.update(mapping) + file_object.add_attribute(**attribute) arch = self.data['generalinfo']['arch'] - if arch in arch_type_mapping: + if self.import_executable and arch in arch_type_mapping: to_call = arch_type_mapping[arch] getattr(self, to_call)(fileinfo, file_object) else: - self.misp_event.add_object(**file_object) + self.misp_event.add_object(file_object) def parse_apk(self, fileinfo, file_object): apkinfo = fileinfo['apk'] - self.misp_event.add_object(**file_object) + self.misp_event.add_object(file_object) permission_lists = defaultdict(list) for permission in apkinfo['requiredpermissions']['permission']: permission = permission['@name'].split('.') @@ -245,16 +284,30 @@ class JoeParser(): attribute_type = 'text' for comment, permissions in permission_lists.items(): permission_object = MISPObject('android-permission') - permission_object.add_attribute('comment', **dict(type=attribute_type, value=comment, to_ids=False)) + permission_object.add_attribute( + **{ + 'type': attribute_type, + 'object_relation': 'comment', + 'value': comment, + 'to_ids': False + } + ) for permission in permissions: - permission_object.add_attribute('permission', **dict(type=attribute_type, value=permission, to_ids=False)) - self.misp_event.add_object(**permission_object) + permission_object.add_attribute( + **{ + 'type': attribute_type, + 'object_relation': 'permission', + 'value': permission, + 'to_ids': False + } + ) + self.misp_event.add_object(permission_object) self.references[file_object.uuid].append(dict(referenced_uuid=permission_object.uuid, relationship_type='grants')) def parse_elf(self, fileinfo, file_object): elfinfo = fileinfo['elf'] - self.misp_event.add_object(**file_object) + self.misp_event.add_object(file_object) attribute_type = 'text' relationship = 'includes' size = 'size-in-bytes' @@ -266,47 +319,96 @@ class JoeParser(): if elf.get('type'): # Haven't seen anything but EXEC yet in the files I tested attribute_value = "EXECUTABLE" if elf['type'] == "EXEC (Executable file)" else elf['type'] - elf_object.add_attribute('type', **dict(type=attribute_type, value=attribute_value, to_ids=False)) + elf_object.add_attribute( + **{ + 'type': attribute_type, + 'object_relation': 'type', + 'value': attribute_value, + 'to_ids': False + } + ) for feature, relation in elf_object_mapping.items(): if elf.get(feature): - elf_object.add_attribute(relation, **dict(type=attribute_type, value=elf[feature], to_ids=False)) + elf_object.add_attribute( + **{ + 'type': attribute_type, + 'object_relation': relation, + 'value': elf[feature], + 'to_ids': False + } + ) sections_number = len(fileinfo['sections']['section']) - elf_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number, 'to_ids': False}) - self.misp_event.add_object(**elf_object) + elf_object.add_attribute( + **{ + 'type': 'counter', + 'object_relation': 'number-sections', + 'value': sections_number, + 'to_ids': False + } + ) + self.misp_event.add_object(elf_object) for section in fileinfo['sections']['section']: section_object = MISPObject('elf-section') for feature in ('name', 'type'): if section.get(feature): - section_object.add_attribute(feature, **dict(type=attribute_type, value=section[feature], to_ids=False)) + section_object.add_attribute( + **{ + 'type': attribute_type, + 'object_relation': feature, + 'value': section[feature], + 'to_ids': False + } + ) if section.get('size'): - section_object.add_attribute(size, **dict(type=size, value=int(section['size'], 16), to_ids=False)) + section_object.add_attribute( + **{ + 'type': size, + 'object_relation': size, + 'value': int(section['size'], 16), + 'to_ids': False + } + ) for flag in section['flagsdesc']: try: attribute_value = elf_section_flags_mapping[flag] - section_object.add_attribute('flag', **dict(type=attribute_type, value=attribute_value, to_ids=False)) + section_object.add_attribute( + **{ + 'type': attribute_type, + 'object_relation': 'flag', + 'value': attribute_value, + 'to_ids': False + } + ) except KeyError: print(f'Unknown elf section flag: {flag}') continue - self.misp_event.add_object(**section_object) + self.misp_event.add_object(section_object) self.references[elf_object.uuid].append(dict(referenced_uuid=section_object.uuid, relationship_type=relationship)) def parse_pe(self, fileinfo, file_object): - if not self.import_pe: - return try: peinfo = fileinfo['pe'] except KeyError: - self.misp_event.add_object(**file_object) + self.misp_event.add_object(file_object) return pe_object = MISPObject('pe') relationship = 'includes' file_object.add_reference(pe_object.uuid, relationship) - self.misp_event.add_object(**file_object) + self.misp_event.add_object(file_object) for field, mapping in pe_object_fields.items(): - attribute_type, object_relation = mapping - pe_object.add_attribute(object_relation, **{'type': attribute_type, 'value': peinfo[field], 'to_ids': False}) - pe_object.add_attribute('compilation-timestamp', **{'type': 'datetime', 'value': int(peinfo['timestamp'].split()[0], 16), 'to_ids': False}) + if peinfo.get(field) is not None: + attribute = {'value': peinfo[field], 'to_ids': False} + attribute.update(mapping) + pe_object.add_attribute(**attribute) + pe_object.add_attribute( + **{ + 'type': 'datetime', + 'object_relation': 'compilation-timestamp', + 'value': int(peinfo['timestamp'].split()[0], 16), + 'to_ids': False + } + ) program_name = fileinfo['filename'] if peinfo['versions']: for feature in peinfo['versions']['version']: @@ -314,33 +416,57 @@ class JoeParser(): if name == 'InternalName': program_name = feature['value'] if name in pe_object_mapping: - pe_object.add_attribute(pe_object_mapping[name], **{'type': 'text', 'value': feature['value'], 'to_ids': False}) + pe_object.add_attribute( + **{ + 'type': 'text', + 'object_relation': pe_object_mapping[name], + 'value': feature['value'], + 'to_ids': False + } + ) sections_number = len(peinfo['sections']['section']) - pe_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number, 'to_ids': False}) + pe_object.add_attribute( + **{ + 'type': 'counter', + 'object_relation': 'number-sections', + 'value': sections_number, + 'to_ids': False + } + ) signatureinfo = peinfo['signature'] if signatureinfo['signed']: signerinfo_object = MISPObject('authenticode-signerinfo') pe_object.add_reference(signerinfo_object.uuid, 'signed-by') - self.misp_event.add_object(**pe_object) - signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name, 'to_ids': False}) + self.misp_event.add_object(pe_object) + signerinfo_object.add_attribute( + **{ + 'type': 'text', + 'object_relation': 'program-name', + 'value': program_name, + 'to_ids': False + } + ) for feature, mapping in signerinfo_object_mapping.items(): - attribute_type, object_relation = mapping - signerinfo_object.add_attribute(object_relation, **{'type': attribute_type, 'value': signatureinfo[feature], 'to_ids': False}) - self.misp_event.add_object(**signerinfo_object) + if signatureinfo.get(feature) is not None: + attribute = {'value': signatureinfo[feature], 'to_ids': False} + attribute.update(mapping) + signerinfo_object.add_attribute(**attribute) + self.misp_event.add_object(signerinfo_object) else: - self.misp_event.add_object(**pe_object) + self.misp_event.add_object(pe_object) for section in peinfo['sections']['section']: section_object = self.parse_pe_section(section) self.references[pe_object.uuid].append(dict(referenced_uuid=section_object.uuid, relationship_type=relationship)) - self.misp_event.add_object(**section_object) + self.misp_event.add_object(section_object) def parse_pe_section(self, section): section_object = MISPObject('pe-section') for feature, mapping in pe_section_object_mapping.items(): - if section.get(feature): - attribute_type, object_relation = mapping - section_object.add_attribute(object_relation, **{'type': attribute_type, 'value': section[feature], 'to_ids': False}) + if section.get(feature) is not None: + attribute = {'value': section[feature], 'to_ids': False} + attribute.update(mapping) + section_object.add_attribute(**attribute) return section_object def parse_network_interactions(self): @@ -350,10 +476,11 @@ class JoeParser(): if domain['@ip'] != 'unknown': domain_object = MISPObject('domain-ip') for key, mapping in domain_object_mapping.items(): - attribute_type, object_relation = mapping - domain_object.add_attribute(object_relation, - **{'type': attribute_type, 'value': domain[key], 'to_ids': False}) - self.misp_event.add_object(**domain_object) + if domain.get(key) is not None: + attribute = {'value': domain[key], 'to_ids': False} + attribute.update(mapping) + domain_object.add_attribute(**attribute) + self.misp_event.add_object(domain_object) reference = dict(referenced_uuid=domain_object.uuid, relationship_type='contacts') self.add_process_reference(domain['@targetid'], domain['@currentpath'], reference) else: @@ -396,10 +523,19 @@ class JoeParser(): for call in registryactivities[feature]['call']: registry_key = MISPObject('registry-key') for field, mapping in regkey_object_mapping.items(): - attribute_type, object_relation = mapping - registry_key.add_attribute(object_relation, **{'type': attribute_type, 'value': call[field], 'to_ids': False}) - registry_key.add_attribute('data-type', **{'type': 'text', 'value': 'REG_{}'.format(call['type'].upper()), 'to_ids': False}) - self.misp_event.add_object(**registry_key) + if call.get(field) is not None: + attribute = {'value': call[field], 'to_ids': False} + attribute.update(mapping) + registry_key.add_attribute(**attribute) + registry_key.add_attribute( + **{ + 'type': 'text', + 'object_relation': 'data-type', + 'value': f"REG_{call['type'].upper()}", + 'to_ids': False + } + ) + self.misp_event.add_object(registry_key) self.references[process_uuid].append(dict(referenced_uuid=registry_key.uuid, relationship_type=relationship)) @@ -429,8 +565,9 @@ class JoeParser(): @staticmethod def prefetch_attributes_data(connection): - attributes = {} + attributes = [] for field, value in zip(network_behavior_fields, connection): - attribute_type, object_relation = network_connection_object_mapping[field] - attributes[object_relation] = {'type': attribute_type, 'value': value, 'to_ids': False} + attribute = {'value': value, 'to_ids': False} + attribute.update(network_connection_object_mapping[field]) + attributes.append(attribute) return attributes From c5b6d218bb9300ba1bfe349bb98b77b6de032966 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Mon, 7 Mar 2022 23:01:49 +0100 Subject: [PATCH 130/132] chg: [joesandbox_query] Changed the `import_pe` param to `import_executable` --- misp_modules/modules/expansion/joesandbox_query.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misp_modules/modules/expansion/joesandbox_query.py b/misp_modules/modules/expansion/joesandbox_query.py index b9c4987..f90d5db 100644 --- a/misp_modules/modules/expansion/joesandbox_query.py +++ b/misp_modules/modules/expansion/joesandbox_query.py @@ -11,7 +11,7 @@ inputSource = ['link'] moduleinfo = {'version': '0.2', 'author': 'Christian Studer', 'description': 'Query Joe Sandbox API with a report URL to get the parsed data.', 'module-type': ['expansion']} -moduleconfig = ['apiurl', 'apikey', 'import_pe', 'import_mitre_attack'] +moduleconfig = ['apiurl', 'apikey', 'import_executable', 'import_mitre_attack'] def handler(q=False): @@ -21,7 +21,7 @@ def handler(q=False): apiurl = request['config'].get('apiurl') or 'https://jbxcloud.joesecurity.org/api' apikey = request['config'].get('apikey') parser_config = { - "import_pe": request["config"].get('import_pe', "false") == "true", + "import_pe": request["config"].get('import_executable', "false") == "true", "mitre_attack": request["config"].get('import_mitre_attack', "false") == "true", } From 38047f27187b9ab219ca6c2563a306a74b36ca11 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Mon, 7 Mar 2022 23:04:37 +0100 Subject: [PATCH 131/132] chg: [joe_import] Changed the user configuration param `Import PE` into `Import Executable` --- misp_modules/modules/import_mod/joe_import.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/import_mod/joe_import.py b/misp_modules/modules/import_mod/joe_import.py index 0753167..ce56698 100644 --- a/misp_modules/modules/import_mod/joe_import.py +++ b/misp_modules/modules/import_mod/joe_import.py @@ -5,9 +5,9 @@ from joe_parser import JoeParser misperrors = {'error': 'Error'} userConfig = { - "Import PE": { + "Import Executable": { "type": "Boolean", - "message": "Import PE Information", + "message": "Import Executable Information (PE, elf or apk for instance)", }, "Mitre Att&ck": { "type": "Boolean", @@ -29,7 +29,7 @@ def handler(q=False): return False q = json.loads(q) config = { - "import_pe": bool(int(q["config"]["Import PE"])), + "import_executable": bool(int(q["config"]["Import Executable"])), "mitre_attack": bool(int(q["config"]["Mitre Att&ck"])), } From ac704c8c9943a2c288812dc6851204f9ee5bace6 Mon Sep 17 00:00:00 2001 From: Daniel Pascual Date: Wed, 16 Mar 2022 18:05:13 +0100 Subject: [PATCH 132/132] VirusTotal modules migration to API v3 --- misp_modules/modules/expansion/virustotal.py | 370 +++++++++--------- .../modules/expansion/virustotal_public.py | 363 ++++++++--------- 2 files changed, 368 insertions(+), 365 deletions(-) diff --git a/misp_modules/modules/expansion/virustotal.py b/misp_modules/modules/expansion/virustotal.py index 2c82787..7f18b54 100644 --- a/misp_modules/modules/expansion/virustotal.py +++ b/misp_modules/modules/expansion/virustotal.py @@ -1,6 +1,6 @@ import json -import requests from urllib.parse import urlparse +import vt from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject @@ -9,20 +9,23 @@ mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sh 'format': 'misp_standard'} # possible module-types: 'expansion', 'hover' or both -moduleinfo = {'version': '4', 'author': 'Hannah Ward', - 'description': 'Get information from VirusTotal', +moduleinfo = {'version': '5', 'author': 'Hannah Ward', + 'description': 'Enrich observables with the VirusTotal v3 API', 'module-type': ['expansion']} # config fields that your code expects from the site admin moduleconfig = ["apikey", "event_limit", 'proxy_host', 'proxy_port', 'proxy_username', 'proxy_password'] -class VirusTotalParser(object): - def __init__(self, apikey, limit): - self.apikey = apikey - self.limit = limit - self.base_url = "https://www.virustotal.com/vtapi/v2/{}/report" +DEFAULT_RESULTS_LIMIT = 10 + + +class VirusTotalParser: + def __init__(self, client: vt.Client, limit: int) -> None: + self.client = client + self.limit = limit or DEFAULT_RESULTS_LIMIT self.misp_event = MISPEvent() + self.attribute = MISPAttribute() self.parsed_objects = {} self.input_types_mapping = {'ip-src': self.parse_ip, 'ip-dst': self.parse_ip, 'domain': self.parse_domain, 'hostname': self.parse_domain, @@ -30,196 +33,187 @@ class VirusTotalParser(object): 'sha256': self.parse_hash, 'url': self.parse_url} self.proxies = None - def query_api(self, attribute): - self.attribute = MISPAttribute() - self.attribute.from_dict(**attribute) - return self.input_types_mapping[self.attribute.type](self.attribute.value, recurse=True) + @staticmethod + def get_total_analysis(analysis: dict, known_distributors: dict = None) -> int: + if not analysis: + return 0 + count = sum([analysis['undetected'], analysis['suspicious'], analysis['harmless']]) + return count if known_distributors else count + analysis['malicious'] - def get_result(self): + def query_api(self, attribute: dict) -> None: + self.attribute.from_dict(**attribute) + self.input_types_mapping[self.attribute.type](self.attribute.value) + + def get_result(self) -> dict: event = json.loads(self.misp_event.to_json()) results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} return {'results': results} + def add_vt_report(self, report: vt.Object) -> str: + analysis = report.get('last_analysis_stats') + total = self.get_total_analysis(analysis, report.get('known_distributors')) + permalink = f'https://www.virustotal.com/gui/{report.type}/{report.id}' + + vt_object = MISPObject('virustotal-report') + vt_object.add_attribute('permalink', type='link', value=permalink) + detection_ratio = f"{analysis['malicious']}/{total}" if analysis else '-/-' + vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio, disable_correlation=True) + self.misp_event.add_object(**vt_object) + return vt_object.uuid + + def create_misp_object(self, report: vt.Object) -> MISPObject: + misp_object = None + vt_uuid = self.add_vt_report(report) + if report.type == 'file': + misp_object = MISPObject('file') + for hash_type in ('md5', 'sha1', 'sha256'): + misp_object.add_attribute(**{'type': hash_type, + 'object_relation': hash_type, + 'value': report.get(hash_type)}) + elif report.type == 'domain': + misp_object = MISPObject('domain-ip') + misp_object.add_attribute('domain', type='domain', value=report.id) + elif report.type == 'ip_address': + misp_object = MISPObject('domain-ip') + misp_object.add_attribute('ip', type='ip-dst', value=report.id) + elif report.type == 'url': + misp_object = MISPObject('url') + misp_object.add_attribute('url', type='url', value=report.url) + misp_object.add_reference(vt_uuid, 'analyzed-with') + return misp_object + ################################################################################ #### Main parsing functions #### # noqa ################################################################################ - def parse_domain(self, domain, recurse=False): - req = requests.get(self.base_url.format('domain'), params={'apikey': self.apikey, 'domain': domain}, proxies=self.proxies) - if req.status_code != 200: - return req.status_code - req = req.json() - hash_type = 'sha256' - whois = 'whois' - feature_types = {'communicating': 'communicates-with', - 'downloaded': 'downloaded-from', - 'referrer': 'referring'} - siblings = (self.parse_siblings(domain) for domain in req['domain_siblings']) - uuid = self.parse_resolutions(req['resolutions'], req['subdomains'] if 'subdomains' in req else None, siblings) - for feature_type, relationship in feature_types.items(): - for feature in ('undetected_{}_samples', 'detected_{}_samples'): - for sample in req.get(feature.format(feature_type), [])[:self.limit]: - status_code = self.parse_hash(sample[hash_type], False, uuid, relationship) - if status_code != 200: - return status_code - if req.get(whois): - whois_object = MISPObject(whois) - whois_object.add_attribute('text', type='text', value=req[whois]) + def parse_domain(self, domain: str) -> str: + domain_report = self.client.get_object(f'/domains/{domain}') + + # DOMAIN + domain_object = self.create_misp_object(domain_report) + + # WHOIS + if domain_report.whois: + whois_object = MISPObject('whois') + whois_object.add_attribute('text', type='text', value=domain_report.whois) self.misp_event.add_object(**whois_object) - return self.parse_related_urls(req, recurse, uuid) - def parse_hash(self, sample, recurse=False, uuid=None, relationship=None): - req = requests.get(self.base_url.format('file'), params={'apikey': self.apikey, 'resource': sample}, proxies=self.proxies) - status_code = req.status_code - if req.status_code == 200: - req = req.json() - vt_uuid = self.parse_vt_object(req) - file_attributes = [] - for hash_type in ('md5', 'sha1', 'sha256'): - if req.get(hash_type): - file_attributes.append({'type': hash_type, 'object_relation': hash_type, - 'value': req[hash_type]}) - if file_attributes: - file_object = MISPObject('file') - for attribute in file_attributes: - file_object.add_attribute(**attribute) - file_object.add_reference(vt_uuid, 'analyzed-with') - if uuid and relationship: - file_object.add_reference(uuid, relationship) + # SIBLINGS AND SUBDOMAINS + for relationship_name, misp_name in [('siblings', 'sibling-of'), ('subdomains', 'subdomain')]: + rel_iterator = self.client.iterator(f'/domains/{domain_report.id}/{relationship_name}', limit=self.limit) + for item in rel_iterator: + attr = MISPAttribute() + attr.from_dict(**dict(type='domain', value=item.id)) + self.misp_event.add_attribute(**attr) + domain_object.add_reference(attr.uuid, misp_name) + + # RESOLUTIONS + resolutions_iterator = self.client.iterator(f'/domains/{domain_report.id}/resolutions', limit=self.limit) + for resolution in resolutions_iterator: + domain_object.add_attribute('ip', type='ip-dst', value=resolution.ip_address) + + # COMMUNICATING, DOWNLOADED AND REFERRER FILES + for relationship_name, misp_name in [ + ('communicating_files', 'communicates-with'), + ('downloaded_files', 'downloaded-from'), + ('referrer_files', 'referring') + ]: + files_iterator = self.client.iterator(f'/domains/{domain_report.id}/{relationship_name}', limit=self.limit) + for file in files_iterator: + file_object = self.create_misp_object(file) + file_object.add_reference(domain_object.uuid, misp_name) self.misp_event.add_object(**file_object) - return status_code - def parse_ip(self, ip, recurse=False): - req = requests.get(self.base_url.format('ip-address'), params={'apikey': self.apikey, 'ip': ip}, proxies=self.proxies) - if req.status_code != 200: - return req.status_code - req = req.json() - if req.get('asn'): - asn_mapping = {'network': ('ip-src', 'subnet-announced'), - 'country': ('text', 'country')} - asn_object = MISPObject('asn') - asn_object.add_attribute('asn', type='AS', value=req['asn']) - for key, value in asn_mapping.items(): - if req.get(key): - attribute_type, relation = value - asn_object.add_attribute(relation, type=attribute_type, value=req[key]) - self.misp_event.add_object(**asn_object) - uuid = self.parse_resolutions(req['resolutions']) if req.get('resolutions') else None - return self.parse_related_urls(req, recurse, uuid) + # URLS + urls_iterator = self.client.iterator(f'/domains/{domain_report.id}/urls', limit=self.limit) + for url in urls_iterator: + url_object = self.create_misp_object(url) + url_object.add_reference(domain_object.uuid, 'hosted-in') + self.misp_event.add_object(**url_object) - def parse_url(self, url, recurse=False, uuid=None): - req = requests.get(self.base_url.format('url'), params={'apikey': self.apikey, 'resource': url}, proxies=self.proxies) - status_code = req.status_code - if req.status_code == 200: - req = req.json() - vt_uuid = self.parse_vt_object(req) - if not recurse: - feature = 'url' - url_object = MISPObject(feature) - url_object.add_attribute(feature, type=feature, value=url) - url_object.add_reference(vt_uuid, 'analyzed-with') - if uuid: - url_object.add_reference(uuid, 'hosted-in') - self.misp_event.add_object(**url_object) - return status_code + self.misp_event.add_object(**domain_object) + return domain_object.uuid - ################################################################################ - #### Additional parsing functions #### # noqa - ################################################################################ + def parse_hash(self, file_hash: str) -> str: + file_report = self.client.get_object(f'files/{file_hash}') + file_object = self.create_misp_object(file_report) + self.misp_event.add_object(**file_object) + return file_object.uuid - def parse_related_urls(self, query_result, recurse, uuid=None): - if recurse: - for feature in ('detected_urls', 'undetected_urls'): - if feature in query_result: - for url in query_result[feature]: - value = url['url'] if isinstance(url, dict) else url[0] - status_code = self.parse_url(value, False, uuid) - if status_code != 200: - return status_code + def parse_ip(self, ip: str) -> str: + ip_report = self.client.get_object(f'/ip_addresses/{ip}') + + # IP + ip_object = self.create_misp_object(ip_report) + + # ASN + asn_object = MISPObject('asn') + asn_object.add_attribute('asn', type='AS', value=ip_report.asn) + asn_object.add_attribute('subnet-announced', type='ip-src', value=ip_report.network) + asn_object.add_attribute('country', type='text', value=ip_report.country) + self.misp_event.add_object(**asn_object) + + # RESOLUTIONS + resolutions_iterator = self.client.iterator(f'/ip_addresses/{ip_report.id}/resolutions', limit=self.limit) + for resolution in resolutions_iterator: + ip_object.add_attribute('domain', type='domain', value=resolution.host_name) + + # URLS + urls_iterator = self.client.iterator(f'/ip_addresses/{ip_report.id}/urls', limit=self.limit) + for url in urls_iterator: + url_object = self.create_misp_object(url) + url_object.add_reference(ip_object.uuid, 'hosted-in') + self.misp_event.add_object(**url_object) + + self.misp_event.add_object(**ip_object) + return ip_object.uuid + + def parse_url(self, url: str) -> str: + url_id = vt.url_id(url) + url_report = self.client.get_object(f'/urls/{url_id}') + url_object = self.create_misp_object(url_report) + self.misp_event.add_object(**url_object) + return url_object.uuid + + +def get_proxy_settings(config: dict) -> dict: + """Returns proxy settings in the requests format. + If no proxy settings are set, return None.""" + proxies = None + host = config.get('proxy_host') + port = config.get('proxy_port') + username = config.get('proxy_username') + password = config.get('proxy_password') + + if host: + if not port: + misperrors['error'] = 'The virustotal_proxy_host config is set, ' \ + 'please also set the virustotal_proxy_port.' + raise KeyError + parsed = urlparse(host) + if 'http' in parsed.scheme: + scheme = 'http' else: - for feature in ('detected_urls', 'undetected_urls'): - if feature in query_result: - for url in query_result[feature]: - value = url['url'] if isinstance(url, dict) else url[0] - self.misp_event.add_attribute('url', value) - return 200 + scheme = parsed.scheme + netloc = parsed.netloc + host = f'{netloc}:{port}' - def parse_resolutions(self, resolutions, subdomains=None, uuids=None): - domain_ip_object = MISPObject('domain-ip') - if self.attribute.type in ('domain', 'hostname'): - domain_ip_object.add_attribute('domain', type='domain', value=self.attribute.value) - attribute_type, relation, key = ('ip-dst', 'ip', 'ip_address') - else: - domain_ip_object.add_attribute('ip', type='ip-dst', value=self.attribute.value) - attribute_type, relation, key = ('domain', 'domain', 'hostname') - for resolution in resolutions: - domain_ip_object.add_attribute(relation, type=attribute_type, value=resolution[key]) - if subdomains: - for subdomain in subdomains: - attribute = MISPAttribute() - attribute.from_dict(**dict(type='domain', value=subdomain)) - self.misp_event.add_attribute(**attribute) - domain_ip_object.add_reference(attribute.uuid, 'subdomain') - if uuids: - for uuid in uuids: - domain_ip_object.add_reference(uuid, 'sibling-of') - self.misp_event.add_object(**domain_ip_object) - return domain_ip_object.uuid - - def parse_siblings(self, domain): - attribute = MISPAttribute() - attribute.from_dict(**dict(type='domain', value=domain)) - self.misp_event.add_attribute(**attribute) - return attribute.uuid - - def parse_vt_object(self, query_result): - if query_result['response_code'] == 1: - vt_object = MISPObject('virustotal-report') - vt_object.add_attribute('permalink', type='link', value=query_result['permalink']) - detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total']) - vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio, disable_correlation=True) - self.misp_event.add_object(**vt_object) - return vt_object.uuid - - def set_proxy_settings(self, config: dict) -> dict: - """Returns proxy settings in the requests format. - If no proxy settings are set, return None.""" - proxies = None - host = config.get('proxy_host') - port = config.get('proxy_port') - username = config.get('proxy_username') - password = config.get('proxy_password') - - if host: - if not port: - misperrors['error'] = 'The virustotal_proxy_host config is set, ' \ - 'please also set the virustotal_proxy_port.' + if username: + if not password: + misperrors['error'] = 'The virustotal_proxy_username config is set, ' \ + 'please also set the virustotal_proxy_password.' raise KeyError - parsed = urlparse(host) - if 'http' in parsed.scheme: - scheme = 'http' - else: - scheme = parsed.scheme - netloc = parsed.netloc - host = f'{netloc}:{port}' + auth = f'{username}:{password}' + host = auth + '@' + host - if username: - if not password: - misperrors['error'] = 'The virustotal_proxy_username config is set, ' \ - 'please also set the virustotal_proxy_password.' - raise KeyError - auth = f'{username}:{password}' - host = auth + '@' + host - - proxies = { - 'http': f'{scheme}://{host}', - 'https': f'{scheme}://{host}' - } - self.proxies = proxies - return True + proxies = { + 'http': f'{scheme}://{host}', + 'https': f'{scheme}://{host}' + } + return proxies -def parse_error(status_code): +def parse_error(status_code: int) -> str: status_mapping = {204: 'VirusTotal request rate limit exceeded.', 400: 'Incorrect request, please check the arguments.', 403: 'You don\'t have enough privileges to make the request.'} @@ -233,7 +227,7 @@ def handler(q=False): return False request = json.loads(q) if not request.get('config') or not request['config'].get('apikey'): - misperrors['error'] = "A VirusTotal api key is required for this module." + misperrors['error'] = 'A VirusTotal api key is required for this module.' return misperrors if not request.get('attribute') or not check_input_attribute(request['attribute']): return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} @@ -241,15 +235,21 @@ def handler(q=False): return {'error': 'Unsupported attribute type.'} event_limit = request['config'].get('event_limit') - if not isinstance(event_limit, int): - event_limit = 5 - parser = VirusTotalParser(request['config']['apikey'], event_limit) - parser.set_proxy_settings(request.get('config')) attribute = request['attribute'] - status = parser.query_api(attribute) - if status != 200: - misperrors['error'] = parse_error(status) + proxy_settings = get_proxy_settings(request.get('config')) + + try: + client = vt.Client(request['config']['apikey'], + headers={ + 'x-tool': 'MISPModuleVirusTotalExpansion', + }, + proxy=proxy_settings['http'] if proxy_settings else None) + parser = VirusTotalParser(client, int(event_limit) if event_limit else None) + parser.query_api(attribute) + except vt.APIError as ex: + misperrors['error'] = ex.message return misperrors + return parser.get_result() @@ -259,4 +259,4 @@ def introspection(): def version(): moduleinfo['config'] = moduleconfig - return moduleinfo + return moduleinfo \ No newline at end of file diff --git a/misp_modules/modules/expansion/virustotal_public.py b/misp_modules/modules/expansion/virustotal_public.py index c10f4d2..f72bda4 100644 --- a/misp_modules/modules/expansion/virustotal_public.py +++ b/misp_modules/modules/expansion/virustotal_public.py @@ -1,6 +1,6 @@ import json import logging -import requests +import vt from . import check_input_attribute, standard_error_message from urllib.parse import urlparse from pymisp import MISPAttribute, MISPEvent, MISPObject @@ -8,8 +8,8 @@ from pymisp import MISPAttribute, MISPEvent, MISPObject misperrors = {'error': 'Error'} mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"], 'format': 'misp_standard'} -moduleinfo = {'version': '1', 'author': 'Christian Studer', - 'description': 'Get information from VirusTotal public API v2.', +moduleinfo = {'version': '2', 'author': 'Christian Studer', + 'description': 'Enrich observables with the VirusTotal v3 public API', 'module-type': ['expansion', 'hover']} moduleconfig = ['apikey', 'proxy_host', 'proxy_port', 'proxy_username', 'proxy_password'] @@ -18,191 +18,188 @@ LOGGER = logging.getLogger('virus_total_public') LOGGER.setLevel(logging.INFO) -class VirusTotalParser(): - def __init__(self): - super(VirusTotalParser, self).__init__() +DEFAULT_RESULTS_LIMIT = 10 + + +class VirusTotalParser: + def __init__(self, client: vt.Client, limit: int) -> None: + self.client = client + self.limit = limit or DEFAULT_RESULTS_LIMIT self.misp_event = MISPEvent() + self.attribute = MISPAttribute() + self.parsed_objects = {} + self.input_types_mapping = {'ip-src': self.parse_ip, 'ip-dst': self.parse_ip, + 'domain': self.parse_domain, 'hostname': self.parse_domain, + 'md5': self.parse_hash, 'sha1': self.parse_hash, + 'sha256': self.parse_hash, 'url': self.parse_url} self.proxies = None - def declare_variables(self, apikey, attribute): - self.attribute = MISPAttribute() - self.attribute.from_dict(**attribute) - self.apikey = apikey + @staticmethod + def get_total_analysis(analysis: dict, known_distributors: dict = None) -> int: + if not analysis: + return 0 + count = sum([analysis['undetected'], analysis['suspicious'], analysis['harmless']]) + return count if known_distributors else count + analysis['malicious'] - def get_result(self): + def query_api(self, attribute: dict) -> None: + self.attribute.from_dict(**attribute) + self.input_types_mapping[self.attribute.type](self.attribute.value) + + def get_result(self) -> dict: event = json.loads(self.misp_event.to_json()) results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} return {'results': results} - def parse_urls(self, query_result): - for feature in ('detected_urls', 'undetected_urls'): - if feature in query_result: - for url in query_result[feature]: - value = url['url'] if isinstance(url, dict) else url[0] - self.misp_event.add_attribute('url', value) + def add_vt_report(self, report: vt.Object) -> str: + analysis = report.get('last_analysis_stats') + total = self.get_total_analysis(analysis, report.get('known_distributors')) + permalink = f'https://www.virustotal.com/gui/{report.type}/{report.id}' - def parse_resolutions(self, resolutions, subdomains=None, uuids=None): - domain_ip_object = MISPObject('domain-ip') - if self.attribute.type in ('domain', 'hostname'): - domain_ip_object.add_attribute('domain', type='domain', value=self.attribute.value) - attribute_type, relation, key = ('ip-dst', 'ip', 'ip_address') - else: - domain_ip_object.add_attribute('ip', type='ip-dst', value=self.attribute.value) - attribute_type, relation, key = ('domain', 'domain', 'hostname') - for resolution in resolutions: - domain_ip_object.add_attribute(relation, type=attribute_type, value=resolution[key]) - if subdomains: - for subdomain in subdomains: - attribute = MISPAttribute() - attribute.from_dict(**dict(type='domain', value=subdomain)) - self.misp_event.add_attribute(**attribute) - domain_ip_object.add_reference(attribute.uuid, 'subdomain') - if uuids: - for uuid in uuids: - domain_ip_object.add_reference(uuid, 'sibling-of') - self.misp_event.add_object(**domain_ip_object) + vt_object = MISPObject('virustotal-report') + vt_object.add_attribute('permalink', type='link', value=permalink) + detection_ratio = f"{analysis['malicious']}/{total}" if analysis else '-/-' + vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio, disable_correlation=True) + self.misp_event.add_object(**vt_object) + return vt_object.uuid - def parse_vt_object(self, query_result): - if query_result['response_code'] == 1: - vt_object = MISPObject('virustotal-report') - vt_object.add_attribute('permalink', type='link', value=query_result['permalink']) - detection_ratio = '{}/{}'.format(query_result['positives'], query_result['total']) - vt_object.add_attribute('detection-ratio', type='text', value=detection_ratio) - self.misp_event.add_object(**vt_object) + def create_misp_object(self, report: vt.Object) -> MISPObject: + misp_object = None + vt_uuid = self.add_vt_report(report) + if report.type == 'file': + misp_object = MISPObject('file') + for hash_type in ('md5', 'sha1', 'sha256'): + misp_object.add_attribute(**{'type': hash_type, + 'object_relation': hash_type, + 'value': report.get(hash_type)}) + elif report.type == 'domain': + misp_object = MISPObject('domain-ip') + misp_object.add_attribute('domain', type='domain', value=report.id) + elif report.type == 'ip_address': + misp_object = MISPObject('domain-ip') + misp_object.add_attribute('ip', type='ip-dst', value=report.id) + elif report.type == 'url': + misp_object = MISPObject('url') + misp_object.add_attribute('url', type='url', value=report.url) + misp_object.add_reference(vt_uuid, 'analyzed-with') + return misp_object - def get_query_result(self, query_type): - params = {query_type: self.attribute.value, 'apikey': self.apikey} - return requests.get(self.base_url, params=params, proxies=self.proxies) + ################################################################################ + #### Main parsing functions #### # noqa + ################################################################################ - def set_proxy_settings(self, config: dict) -> dict: - """Returns proxy settings in the requests format. - If no proxy settings are set, return None.""" - proxies = None - host = config.get('proxy_host') - port = config.get('proxy_port') - username = config.get('proxy_username') - password = config.get('proxy_password') + def parse_domain(self, domain: str) -> str: + domain_report = self.client.get_object(f'/domains/{domain}') - if host: - if not port: - misperrors['error'] = 'The virustotal_public_proxy_host config is set, ' \ - 'please also set the virustotal_public_proxy_port.' - raise KeyError - parsed = urlparse(host) - if 'http' in parsed.scheme: - scheme = 'http' - else: - scheme = parsed.scheme - netloc = parsed.netloc - host = f'{netloc}:{port}' + # DOMAIN + domain_object = self.create_misp_object(domain_report) - if username: - if not password: - misperrors['error'] = 'The virustotal_public_proxy_username config is set, ' \ - 'please also set the virustotal_public_proxy_password.' - raise KeyError - auth = f'{username}:{password}' - host = auth + '@' + host - - proxies = { - 'http': f'{scheme}://{host}', - 'https': f'{scheme}://{host}' - } - self.proxies = proxies - return True - - -class DomainQuery(VirusTotalParser): - def __init__(self, apikey, attribute): - super(DomainQuery, self).__init__() - self.base_url = "https://www.virustotal.com/vtapi/v2/domain/report" - self.declare_variables(apikey, attribute) - - def parse_report(self, query_result): - hash_type = 'sha256' - whois = 'whois' - for feature_type in ('referrer', 'downloaded', 'communicating'): - for feature in ('undetected_{}_samples', 'detected_{}_samples'): - for sample in query_result.get(feature.format(feature_type), []): - self.misp_event.add_attribute(hash_type, sample[hash_type]) - if query_result.get(whois): - whois_object = MISPObject(whois) - whois_object.add_attribute('text', type='text', value=query_result[whois]) + # WHOIS + if domain_report.whois: + whois_object = MISPObject('whois') + whois_object.add_attribute('text', type='text', value=domain_report.whois) self.misp_event.add_object(**whois_object) - if 'domain_siblings' in query_result: - siblings = (self.parse_siblings(domain) for domain in query_result['domain_siblings']) - if 'subdomains' in query_result: - self.parse_resolutions(query_result['resolutions'], query_result['subdomains'], siblings) - self.parse_urls(query_result) - def parse_siblings(self, domain): - attribute = MISPAttribute() - attribute.from_dict(**dict(type='domain', value=domain)) - self.misp_event.add_attribute(**attribute) - return attribute.uuid + # SIBLINGS AND SUBDOMAINS + for relationship_name, misp_name in [('siblings', 'sibling-of'), ('subdomains', 'subdomain')]: + rel_iterator = self.client.iterator(f'/domains/{domain_report.id}/{relationship_name}', limit=self.limit) + for item in rel_iterator: + attr = MISPAttribute() + attr.from_dict(**dict(type='domain', value=item.id)) + self.misp_event.add_attribute(**attr) + domain_object.add_reference(attr.uuid, misp_name) + + # RESOLUTIONS + resolutions_iterator = self.client.iterator(f'/domains/{domain_report.id}/resolutions', limit=self.limit) + for resolution in resolutions_iterator: + domain_object.add_attribute('ip', type='ip-dst', value=resolution.ip_address) + + # COMMUNICATING AND REFERRER FILES + for relationship_name, misp_name in [ + ('communicating_files', 'communicates-with'), + ('referrer_files', 'referring') + ]: + files_iterator = self.client.iterator(f'/domains/{domain_report.id}/{relationship_name}', limit=self.limit) + for file in files_iterator: + file_object = self.create_misp_object(file) + file_object.add_reference(domain_object.uuid, misp_name) + self.misp_event.add_object(**file_object) + + self.misp_event.add_object(**domain_object) + return domain_object.uuid + + def parse_hash(self, file_hash: str) -> str: + file_report = self.client.get_object(f'files/{file_hash}') + file_object = self.create_misp_object(file_report) + self.misp_event.add_object(**file_object) + return file_object.uuid + + def parse_ip(self, ip: str) -> str: + ip_report = self.client.get_object(f'/ip_addresses/{ip}') + + # IP + ip_object = self.create_misp_object(ip_report) + + # ASN + asn_object = MISPObject('asn') + asn_object.add_attribute('asn', type='AS', value=ip_report.asn) + asn_object.add_attribute('subnet-announced', type='ip-src', value=ip_report.network) + asn_object.add_attribute('country', type='text', value=ip_report.country) + self.misp_event.add_object(**asn_object) + + # RESOLUTIONS + resolutions_iterator = self.client.iterator(f'/ip_addresses/{ip_report.id}/resolutions', limit=self.limit) + for resolution in resolutions_iterator: + ip_object.add_attribute('domain', type='domain', value=resolution.host_name) + + self.misp_event.add_object(**ip_object) + return ip_object.uuid + + def parse_url(self, url: str) -> str: + url_id = vt.url_id(url) + url_report = self.client.get_object(f'/urls/{url_id}') + url_object = self.create_misp_object(url_report) + self.misp_event.add_object(**url_object) + return url_object.uuid -class HashQuery(VirusTotalParser): - def __init__(self, apikey, attribute): - super(HashQuery, self).__init__() - self.base_url = "https://www.virustotal.com/vtapi/v2/file/report" - self.declare_variables(apikey, attribute) +def get_proxy_settings(config: dict) -> dict: + """Returns proxy settings in the requests format. + If no proxy settings are set, return None.""" + proxies = None + host = config.get('proxy_host') + port = config.get('proxy_port') + username = config.get('proxy_username') + password = config.get('proxy_password') - def parse_report(self, query_result): - file_attributes = [] - for hash_type in ('md5', 'sha1', 'sha256'): - if query_result.get(hash_type): - file_attributes.append({'type': hash_type, 'object_relation': hash_type, - 'value': query_result[hash_type]}) - if file_attributes: - file_object = MISPObject('file') - for attribute in file_attributes: - file_object.add_attribute(**attribute) - self.misp_event.add_object(**file_object) - self.parse_vt_object(query_result) + if host: + if not port: + misperrors['error'] = 'The virustotal_proxy_host config is set, ' \ + 'please also set the virustotal_proxy_port.' + raise KeyError + parsed = urlparse(host) + if 'http' in parsed.scheme: + scheme = 'http' + else: + scheme = parsed.scheme + netloc = parsed.netloc + host = f'{netloc}:{port}' + + if username: + if not password: + misperrors['error'] = 'The virustotal_proxy_username config is set, ' \ + 'please also set the virustotal_proxy_password.' + raise KeyError + auth = f'{username}:{password}' + host = auth + '@' + host + + proxies = { + 'http': f'{scheme}://{host}', + 'https': f'{scheme}://{host}' + } + return proxies -class IpQuery(VirusTotalParser): - def __init__(self, apikey, attribute): - super(IpQuery, self).__init__() - self.base_url = "https://www.virustotal.com/vtapi/v2/ip-address/report" - self.declare_variables(apikey, attribute) - - def parse_report(self, query_result): - if query_result.get('asn'): - asn_mapping = {'network': ('ip-src', 'subnet-announced'), - 'country': ('text', 'country')} - asn_object = MISPObject('asn') - asn_object.add_attribute('asn', type='AS', value=query_result['asn']) - for key, value in asn_mapping.items(): - if query_result.get(key): - attribute_type, relation = value - asn_object.add_attribute(relation, type=attribute_type, value=query_result[key]) - self.misp_event.add_object(**asn_object) - self.parse_urls(query_result) - if query_result.get('resolutions'): - self.parse_resolutions(query_result['resolutions']) - - -class UrlQuery(VirusTotalParser): - def __init__(self, apikey, attribute): - super(UrlQuery, self).__init__() - self.base_url = "https://www.virustotal.com/vtapi/v2/url/report" - self.declare_variables(apikey, attribute) - - def parse_report(self, query_result): - self.parse_vt_object(query_result) - - -domain = ('domain', DomainQuery) -ip = ('ip', IpQuery) -file = ('resource', HashQuery) -misp_type_mapping = {'domain': domain, 'hostname': domain, 'ip-src': ip, - 'ip-dst': ip, 'md5': file, 'sha1': file, 'sha256': file, - 'url': ('resource', UrlQuery)} - - -def parse_error(status_code): +def parse_error(status_code: int) -> str: status_mapping = {204: 'VirusTotal request rate limit exceeded.', 400: 'Incorrect request, please check the arguments.', 403: 'You don\'t have enough privileges to make the request.'} @@ -216,23 +213,29 @@ def handler(q=False): return False request = json.loads(q) if not request.get('config') or not request['config'].get('apikey'): - misperrors['error'] = "A VirusTotal api key is required for this module." + misperrors['error'] = 'A VirusTotal api key is required for this module.' return misperrors if not request.get('attribute') or not check_input_attribute(request['attribute']): return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} - attribute = request['attribute'] - if attribute['type'] not in mispattributes['input']: + if request['attribute']['type'] not in mispattributes['input']: return {'error': 'Unsupported attribute type.'} - query_type, to_call = misp_type_mapping[attribute['type']] - parser = to_call(request['config']['apikey'], attribute) - parser.set_proxy_settings(request.get('config')) - query_result = parser.get_query_result(query_type) - status_code = query_result.status_code - if status_code == 200: - parser.parse_report(query_result.json()) - else: - misperrors['error'] = parse_error(status_code) + + event_limit = request['config'].get('event_limit') + attribute = request['attribute'] + proxy_settings = get_proxy_settings(request.get('config')) + + try: + client = vt.Client(request['config']['apikey'], + headers={ + 'x-tool': 'MISPModuleVirusTotalPublicExpansion', + }, + proxy=proxy_settings['http'] if proxy_settings else None) + parser = VirusTotalParser(client, int(event_limit) if event_limit else None) + parser.query_api(attribute) + except vt.APIError as ex: + misperrors['error'] = ex.message return misperrors + return parser.get_result() @@ -242,4 +245,4 @@ def introspection(): def version(): moduleinfo['config'] = moduleconfig - return moduleinfo + return moduleinfo \ No newline at end of file