diff --git a/a.4-best-practices/content.tex b/a.4-best-practices/content.tex index dde9d78..06bd331 100644 --- a/a.4-best-practices/content.tex +++ b/a.4-best-practices/content.tex @@ -10,6 +10,7 @@ \begin{itemize} \item Explanation of the CSIRT use case for information sharing and what CIRCL does \item Building an information sharing community and best practices\footnote{We published the complete guidelines in \url{https://www.x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf}} + \item Quick demo of MISP capabilities \end{itemize} \end{frame} @@ -176,15 +177,15 @@ \end{frame} \begin{frame} -\frametitle{A quick note on compliance...} +\frametitle{A quick note on legal compliance...} \begin{itemize} - \item Collaboration with Deloitte and legal advisors as part of a CEF project for creating compliance documents + \item Collaboration with legal advisors as part of a CEF project for creating compliance documents \begin{itemize} - \item Information sharing and cooperation {\bf enabled by GDPR} + \item Information sharing and cooperation {\bf such as GDPR} \item How MISP enables stakeholders identified by the {\bf NISD} to perform key activities \item {\bf AIL} and MISP \end{itemize} -\item For more information: \url{https://github.com/CIRCL/compliance} +\item For more information: \url{https://github.com/CIRCL/compliance} about DORA, GDPR, ISO 27010 and MISP compliance \end{itemize} \end{frame} @@ -437,7 +438,7 @@ \begin{itemize} \item Getting started with building a new community can be daunting. Feel free to get in touch with us if you have any questions! \item Contact: info@circl.lu -\item \url{https://www.circl.lu/} +\item \url{https://www.circl.lu/} \url{https://www.misp-project.org/} \item \url{https://github.com/MISP} \url{https://gitter.im/MISP/MISP} \url{https://twitter.com/MISPProject} \end{itemize} \end{frame} diff --git a/a.7-rest-API/Training - Using the API in MISP.ipynb b/a.7-rest-API/Training - Using the API in MISP.ipynb index a17da53..e83d757 100644 --- a/a.7-rest-API/Training - Using the API in MISP.ipynb +++ b/a.7-rest-API/Training - Using the API in MISP.ipynb @@ -52,14 +52,14 @@ }, { "cell_type": "code", - "execution_count": 38, + "execution_count": 6, "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ - "The version of PyMISP recommended by the MISP instance (2.4.183) is newer than the one you're using now (2.4.168). Please upgrade PyMISP.\n" + "The version of PyMISP recommended by the MISP instance (2.4.188) is newer than the one you're using now (2.4.168). Please upgrade PyMISP.\n" ] } ], @@ -84,7 +84,7 @@ " if 'Attribute' in result:\n", " print(\"Count: %s\" % len(result['Attribute']))\n", " flag_printed = True\n", - " elif 'Event' in result and 'Attribute' in result['Event']['Attribute']:\n", + " elif 'Event' in result and 'Attribute' in result['Event']:\n", " print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n", " flag_printed = True\n", " if flag_printed:\n", @@ -697,186 +697,38 @@ }, { "cell_type": "code", - "execution_count": 58, + "execution_count": 7, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ - "{'Event': {'Attribute': [{'Galaxy': [],\n", - " 'ShadowAttribute': [],\n", - " 'category': 'Network activity',\n", - " 'comment': '',\n", - " 'deleted': False,\n", - " 'disable_correlation': False,\n", - " 'distribution': '5',\n", - " 'event_id': '126',\n", - " 'first_seen': None,\n", - " 'id': '56142',\n", - " 'last_seen': None,\n", - " 'object_id': '0',\n", - " 'object_relation': None,\n", - " 'sharing_group_id': '0',\n", - " 'timestamp': '1705581872',\n", - " 'to_ids': True,\n", - " 'type': 'ip-src',\n", - " 'uuid': '6938d503-7d96-48b6-9a18-f8e6f95f04dd',\n", - " 'value': '9.9.9.9'},\n", - " {'Galaxy': [],\n", - " 'ShadowAttribute': [],\n", - " 'category': 'Network activity',\n", - " 'comment': 'Comment added via the API',\n", - " 'deleted': False,\n", - " 'disable_correlation': False,\n", - " 'distribution': '5',\n", - " 'event_id': '126',\n", - " 'first_seen': None,\n", - " 'id': '56143',\n", - " 'last_seen': None,\n", - " 'object_id': '0',\n", - " 'object_relation': None,\n", - " 'sharing_group_id': '0',\n", - " 'timestamp': '1705582453',\n", - " 'to_ids': False,\n", - " 'type': 'ip-dst',\n", - " 'uuid': '8153fcad-cd37-45d9-a1d1-a509942116f8',\n", - " 'value': '127.2.2.2'}],\n", - " 'CryptographicKey': [],\n", - " 'EventReport': [],\n", - " 'Galaxy': [],\n", - " 'Object': [{'Attribute': [{'Galaxy': [],\n", - " 'ShadowAttribute': [],\n", - " 'category': 'Other',\n", - " 'comment': '',\n", - " 'deleted': False,\n", - " 'disable_correlation': False,\n", - " 'distribution': '5',\n", - " 'event_id': '126',\n", - " 'first_seen': None,\n", - " 'id': '56144',\n", - " 'last_seen': None,\n", - " 'object_id': '645',\n", - " 'object_relation': 'post',\n", - " 'sharing_group_id': '0',\n", - " 'timestamp': '1558702173',\n", - " 'to_ids': False,\n", - " 'type': 'text',\n", - " 'uuid': '7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5',\n", - " 'value': 'post'}],\n", - " 'ObjectReference': [],\n", - " 'comment': '',\n", - " 'deleted': False,\n", - " 'description': 'Microblog post like a Twitter tweet or '\n", - " 'a post on a Facebook wall.',\n", - " 'distribution': '5',\n", - " 'event_id': '126',\n", - " 'first_seen': None,\n", - " 'id': '645',\n", - " 'last_seen': None,\n", - " 'meta-category': 'misc',\n", - " 'name': 'microblog',\n", - " 'sharing_group_id': '0',\n", - " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", - " 'template_version': '5',\n", - " 'timestamp': '1558702173',\n", - " 'uuid': '838aefb1-0f6e-4967-9a99-e7414887ae9a'}],\n", - " 'Org': {'id': '1',\n", - " 'local': True,\n", - " 'name': 'ORGNAME',\n", - " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", - " 'Orgc': {'id': '1',\n", - " 'local': True,\n", - " 'name': 'ORGNAME',\n", - " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", - " 'RelatedEvent': [{'Event': {'Org': {'id': '1',\n", - " 'name': 'ORGNAME',\n", - " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", - " 'Orgc': {'id': '1',\n", - " 'name': 'ORGNAME',\n", - " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", - " 'analysis': '0',\n", - " 'date': '2024-01-16',\n", - " 'distribution': '3',\n", - " 'id': '122',\n", - " 'info': 'Event created via the API as '\n", - " 'an example',\n", - " 'org_id': '1',\n", - " 'orgc_id': '1',\n", - " 'published': False,\n", - " 'threat_level_id': '1',\n", - " 'timestamp': '1705581786',\n", - " 'uuid': 'de96c637-2282-4fc0-9c4e-ca7db60bace1'}},\n", - " {'Event': {'Org': {'id': '1',\n", - " 'name': 'ORGNAME',\n", - " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", - " 'Orgc': {'id': '1',\n", - " 'name': 'ORGNAME',\n", - " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", - " 'analysis': '0',\n", - " 'date': '2023-09-28',\n", - " 'distribution': '0',\n", - " 'id': '87',\n", - " 'info': 'Event created via the API as '\n", - " 'an example',\n", - " 'org_id': '1',\n", - " 'orgc_id': '1',\n", - " 'published': True,\n", - " 'threat_level_id': '1',\n", - " 'timestamp': '1695907402',\n", - " 'uuid': 'a1348888-5a3e-4e18-acd5-b5015c9621ed'}}],\n", - " 'ShadowAttribute': [],\n", - " 'Tag': [{'colour': '#FF2B2B',\n", - " 'exportable': True,\n", - " 'hide_tag': False,\n", - " 'id': '16',\n", - " 'is_custom_galaxy': False,\n", - " 'is_galaxy': False,\n", - " 'local': 0,\n", - " 'local_only': False,\n", - " 'name': 'tlp:red',\n", - " 'numerical_value': None,\n", - " 'relationship_type': None,\n", - " 'user_id': '0'},\n", - " {'colour': '#33FF00',\n", - " 'exportable': True,\n", - " 'hide_tag': False,\n", - " 'id': '79',\n", - " 'is_custom_galaxy': False,\n", - " 'is_galaxy': False,\n", - " 'local': 0,\n", - " 'local_only': False,\n", - " 'name': 'tlp:green',\n", - " 'numerical_value': None,\n", - " 'relationship_type': None,\n", - " 'user_id': '0'}],\n", - " 'analysis': '0',\n", - " 'attribute_count': '3',\n", - " 'date': '2024-01-18',\n", - " 'disable_correlation': False,\n", - " 'distribution': '0',\n", - " 'event_creator_email': 'admin@admin.test',\n", - " 'extends_uuid': '',\n", - " 'id': '126',\n", - " 'info': 'Event created via the API as an example',\n", - " 'locked': False,\n", + "{'Event': {'Org': {'id': '1', 'name': 'ORGNAME'},\n", + " 'Orgc': {'id': '1', 'name': 'ORGNAME'},\n", + " 'date': '2023-12-11',\n", + " 'id': '119',\n", + " 'info': 'testtest',\n", " 'org_id': '1',\n", " 'orgc_id': '1',\n", - " 'proposal_email_lock': False,\n", - " 'protected': None,\n", - " 'publish_timestamp': '0',\n", - " 'published': False,\n", - " 'sharing_group_id': '0',\n", - " 'threat_level_id': '1',\n", - " 'timestamp': '1705582663',\n", - " 'uuid': 'b3cc1ea2-892f-48e1-a6dc-20279818a724'}}\n" + " 'user_id': '6'},\n", + " 'EventReport': {'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '119',\n", + " 'id': '52',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1712818726',\n", + " 'uuid': '9b6a2be2-127a-4c61-875b-a9eeba3b1139'},\n", + " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n" ] } ], "source": [ "# Edition 2 - tagging 2\n", "endpoint = '/events/edit/'\n", - "relative_path = '126'\n", + "relative_path = str(event_id)\n", "\n", "body = {\n", " \"distribution\": 0,\n", @@ -889,6 +741,272 @@ "print_result(res)" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Event reports" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "endpoint = '/eventReports/add/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"name\": \"Report from API\",\n", + " \"distribution\": 5,\n", + " \"sharing_group_id\": 0,\n", + " \"content\": \"Body\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "event_report_id = res['EventReport']['id']\n", + "\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Download HTML, convert it into markdown then save it as Event Report.\n", + "endpoint = '/eventReports/importReportFromUrl/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"url\": \"https://domain.example/blogpost/123.pdf\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 20, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'report': {'Event': {'Org': {'id': '1', 'name': 'ORGNAME'},\n", + " 'Orgc': {'id': '1', 'name': 'ORGNAME'},\n", + " 'date': '2023-12-11',\n", + " 'id': '119',\n", + " 'info': 'testtest',\n", + " 'org_id': '1',\n", + " 'orgc_id': '1',\n", + " 'user_id': '6'},\n", + " 'EventReport': {'content': 'Body @[tag](tlp:red) '\n", + " '@[attribute](bffa5ba8-7040-4f38-979f-7386f5a3a251)',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '119',\n", + " 'id': '50',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1712821134',\n", + " 'uuid': '972d3aeb-a60e-4bab-9db9-a76ef0551188'},\n", + " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}}\n" + ] + } + ], + "source": [ + " # Extract all entities, tag Event with tag found\n", + "endpoint = '/eventReports/extractAllFromReport/'\n", + "relative_path = str(50)\n", + "\n", + "body = {\n", + " \"tag_event\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Analyst Data" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Analyst Note" + ] + }, + { + "cell_type": "code", + "execution_count": 22, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Note': {'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '2021-09-30 13:28:31',\n", + " 'date_modified': '2023-09-07 07:40:54',\n", + " 'description': 'Automatically generated admin organisation',\n", + " 'id': '1',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'ORGNAME',\n", + " 'nationality': 'Belgium',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': 'ADMIN',\n", + " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '2021-09-30 13:28:31',\n", + " 'date_modified': '2023-09-07 07:40:54',\n", + " 'description': 'Automatically generated admin organisation',\n", + " 'id': '1',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'ORGNAME',\n", + " 'nationality': 'Belgium',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': 'ADMIN',\n", + " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", + " '_canEdit': True,\n", + " 'authors': 'john.doe@admin.test',\n", + " 'created': '2024-04-11 07:54:06',\n", + " 'distribution': '1',\n", + " 'id': '80',\n", + " 'language': 'fr-BE',\n", + " 'locked': False,\n", + " 'modified': '2024-04-11 07:54:06',\n", + " 'note': 'Ceci est une note',\n", + " 'note_type': 0,\n", + " 'note_type_name': 'Note',\n", + " 'object_type': 'Event50',\n", + " 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n", + " 'org_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n", + " 'orgc_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n", + " 'sharing_group_id': None,\n", + " 'uuid': 'b6362eab-b232-4d7b-867f-52c6971a743b'}}\n" + ] + } + ], + "source": [ + "analystType = 'Note'\n", + "objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n", + "# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n", + "# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n", + "objectType = 'Event'\n", + "endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n", + "\n", + "body = {\n", + " \"note\": \"Ceci est une note\",\n", + " \"language\": \"fr-BE\",\n", + " \"authors\": \"john.doe@admin.test\",\n", + " \"distribution\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Analyst Opinion" + ] + }, + { + "cell_type": "code", + "execution_count": 23, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Opinion': {'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '2021-09-30 13:28:31',\n", + " 'date_modified': '2023-09-07 07:40:54',\n", + " 'description': 'Automatically generated admin '\n", + " 'organisation',\n", + " 'id': '1',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'ORGNAME',\n", + " 'nationality': 'Belgium',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': 'ADMIN',\n", + " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '2021-09-30 13:28:31',\n", + " 'date_modified': '2023-09-07 07:40:54',\n", + " 'description': 'Automatically generated admin '\n", + " 'organisation',\n", + " 'id': '1',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'ORGNAME',\n", + " 'nationality': 'Belgium',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': 'ADMIN',\n", + " 'uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6'},\n", + " '_canEdit': True,\n", + " 'authors': 'john.doe@admin.test',\n", + " 'comment': 'This is an opinion',\n", + " 'created': '2024-04-11 07:54:12',\n", + " 'distribution': '1',\n", + " 'id': '64',\n", + " 'locked': False,\n", + " 'modified': '2024-04-11 07:54:12',\n", + " 'note_type': 1,\n", + " 'note_type_name': 'Opinion',\n", + " 'object_type': 'Event50',\n", + " 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n", + " 'opinion': '75',\n", + " 'org_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n", + " 'orgc_uuid': 'c5de83b4-36ba-49d6-9530-2a315caeece6',\n", + " 'sharing_group_id': None,\n", + " 'uuid': 'eea00f1d-71aa-4763-9489-bd137cae2a57'}}\n" + ] + } + ], + "source": [ + "analystType = 'Opinion'\n", + "objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n", + "# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n", + "# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n", + "objectType = 'Event'\n", + "endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n", + "\n", + "body = {\n", + " \"opinion\": 75,\n", + " \"comment\": \"This is an opinion\",\n", + " \"authors\": \"john.doe@admin.test\",\n", + " \"distribution\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, { "cell_type": "markdown", "metadata": {}, diff --git a/cheatsheets/cheatsheet-data-model.tex b/cheatsheets/cheatsheet-data-model.tex index 8875ee7..1693d7e 100644 --- a/cheatsheets/cheatsheet-data-model.tex +++ b/cheatsheets/cheatsheet-data-model.tex @@ -136,4 +136,56 @@ \end{itemize} \end{itemize} } -\end{multicols*} \ No newline at end of file +\end{multicols*} + +\newpage + +\begin{multicols*}{3} + % Analyst Note + \cheatbox[\faicon{sticky-note}] + [Share and add an analysis to any MISP data] + [Describe information about specific details, annotate elements] + [\distributable \synchronisable] + [Text element that can be attached to many element] + {\linkdest{note}Analyst Notes} + { + $\blacktriangleright$ Any user can attach \notes to data they don't own. + For example: \events, \attributes, \clusters, $\cdots$\\ + $\blacktriangleright$ The note is actually attached to the target's UUID + } + + % Analyst Opinion + \cheatbox[\faicon{gavel}] + [Share and add an opinion to any MISP data] + [Provide feedback to third-parties, Coordinate and Collaborate] + [\distributable \synchronisable] + [Text element with a numerical opinion that can be attached to many element] + {\linkdest{opinion}Analyst Opinions} + { + $\blacktriangleright$ Basically the same as a \note\\ + $\blacktriangleright$ The numerical value of the \opinion is $\in [0, 100]$. where $50$ is the neutral point. Any values $<50$ are considered negatives, values $>50$ are considered positives. + } + + % Analyst Relationship + \cheatbox[\faicon{arrow-up}] + [Create a relationship between elements] + [Manually create correlation link, add similarities] + [\distributable \synchronisable] + [Link between two entities using a verb] + {\linkdest{opinion}Analyst Relationships} + { + $\blacktriangleright$ Basically the same as a \note but includes the target element\\ + $\blacktriangleright$ Example could be an \event $\rightarrow$ \event relationship where one is \textit{Suspected to be part of the same campaign based on HUMINT sources} + } + + % Element Collection + \cheatbox[\faicon{object-group}] + [Allow groupping multiple elements into a single collection] + [Grouping \events together if they are part of the same campaing] + [\distributable] + [Group element into collection] + {\linkdest{collection}Element Collection} + { + } + +\end{multicols*} diff --git a/cheatsheets/utils.tex b/cheatsheets/utils.tex index 4a88fde..ca6e014 100644 --- a/cheatsheets/utils.tex +++ b/cheatsheets/utils.tex @@ -25,6 +25,14 @@ \newcommand{\cluster}{\hyperlink{cluster}{\texttt{Galaxy Cluster}} } \newcommand{\sharinggroups}{\hyperlink{sharinggroup}{\texttt{Sharing Groups}} } \newcommand{\sharinggroup}{\hyperlink{sharinggroup}{\texttt{Sharing Group}} } +\newcommand{\notes}{\hyperlink{note}{\texttt{Analyst Notes}} } +\newcommand{\note}{\hyperlink{note}{\texttt{Analyst Note}} } +\newcommand{\opinions}{\hyperlink{opinion}{\texttt{Analyst Opinions}} } +\newcommand{\opinion}{\hyperlink{opinion}{\texttt{Analyst Opinion}} } +\newcommand{\relationships}{\hyperlink{relationship}{\texttt{Analyst Relationships}} } +\newcommand{\relationship}{\hyperlink{relationship}{\texttt{Analyst Relationship}} } +\newcommand{\collections}{\hyperlink{collection}{\texttt{Element Collections}} } +\newcommand{\collection}{\hyperlink{collection}{\texttt{Element Collection}} } \newcommand{\taggable}{\faicon{tags}\hspace*{0.3em}} \newcommand{\distributable}{\faicon{eye-slash}\hspace*{0.3em}} diff --git a/complementary/jupyter-notebooks/Training - Using the API in MISP-public.ipynb b/complementary/jupyter-notebooks/Training - Using the API in MISP-public.ipynb new file mode 100644 index 0000000..f3e254f --- /dev/null +++ b/complementary/jupyter-notebooks/Training - Using the API in MISP-public.ipynb @@ -0,0 +1,15517 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Notebook trainer cheatsheet: API and CLI" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "- Automation page\n", + "- Recovering the API KEY (Automation page, User page, RestClient)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Important notice\n", + "\n", + "This notebook various usage of the MISP restAPI.\n", + "\n", + "It should be noted that PyMISP is not required to use the MISP restAPI. We are using PyMISP only to parse the response and inspect the data. So any HTTP client such as curl could do the job a described below.\n", + "\n", + "This command:\n", + "```\n", + "misp_url = URL + '/events/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"info\": \"Event\"\n", + "}\n", + "\n", + "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", + "res = misp.direct_call(relative_path, body)\n", + "print_result(res)\n", + "```\n", + "\n", + "Will yield the same result as this command:\n", + "```\n", + "!curl \\\n", + " -d '{\"info\": \"Event\"}' \\\n", + " -H \"Authorization: ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\" \\\n", + " -H \"Accept: application/json\" \\\n", + " -H \"Content-type: application/json\" \\\n", + " -X POST 127.0.0.1:8080/events/restSearch\n", + " ```" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": {}, + "outputs": [ + { + "name": "stderr", + "output_type": "stream", + "text": [ + "/home/adulau/.pyenv/versions/3.10.12/lib/python3.10/site-packages/pymisp/__init__.py:67: FutureWarning: This class is deprecated, use PyMISP instead\n", + " warnings.warn('This class is deprecated, use PyMISP instead', FutureWarning)\n" + ] + } + ], + "source": [ + "from pymisp import ExpandedPyMISP\n", + "from pprint import pprint\n", + "AUTHKEY = \"YOURAPIKEY\"\n", + "URL = \"https://training.misp-community.org/\"\n", + "import urllib3\n", + "urllib3.disable_warnings()\n", + "misp = ExpandedPyMISP(URL, AUTHKEY, False)\n", + "\n", + "def print_result(result):\n", + " flag_printed = False\n", + " if isinstance(result, list):\n", + " print(\"Count: %s\" % len(result))\n", + " flag_printed = True\n", + " for i in res:\n", + " if 'Event' in i and 'Attribute' in i['Event']:\n", + " print(\" - Attribute count: %s\" % len(i['Event']['Attribute']))\n", + " elif isinstance(result, dict):\n", + " if 'Attribute' in result:\n", + " print(\"Count: %s\" % len(result['Attribute']))\n", + " flag_printed = True\n", + " elif 'Event' in result and 'Attribute' in result['Event']:\n", + " print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n", + " flag_printed = True\n", + " if flag_printed:\n", + " print('----------')\n", + " pprint(result)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Events" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Creation and Edition" + ] + }, + { + "cell_type": "code", + "execution_count": 5, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Attribute count: 0\n", + "----------\n", + "{'Event': {'Attribute': [],\n", + " 'CryptographicKey': [],\n", + " 'EventReport': [],\n", + " 'Galaxy': [],\n", + " 'Object': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'ShadowAttribute': [],\n", + " 'analysis': '0',\n", + " 'attribute_count': '0',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153774',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n" + ] + } + ], + "source": [ + "# Creation\n", + "endpoint = '/events/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"info\": \"Event created via the API as an example\",\n", + " \"threat_level_id\": 1,\n", + " \"distribution\": 0\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 7, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Attribute count: 0\n", + "----------\n", + "{'Event': {'Attribute': [],\n", + " 'CryptographicKey': [],\n", + " 'EventReport': [],\n", + " 'Galaxy': [],\n", + " 'Object': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'ShadowAttribute': [],\n", + " 'analysis': '0',\n", + " 'attribute_count': '0',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '3',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153806',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n" + ] + } + ], + "source": [ + "# Edition 1\n", + "endpoint = '/events/edit/'\n", + "relative_path = '64'\n", + "\n", + "body = {\n", + " \"distribution\": 3,\n", + "# \"sharing_group_id\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "metadata": {}, + "outputs": [ + { + "name": "stderr", + "output_type": "stream", + "text": [ + "Something went wrong (404): {'name': 'Invalid event', 'message': 'Invalid event', 'url': '/events/edit/126'}\n" + ] + }, + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'errors': (404,\n", + " {'message': 'Invalid event',\n", + " 'name': 'Invalid event',\n", + " 'url': '/events/edit/126'})}\n" + ] + } + ], + "source": [ + "# Edition 2 - Adding Attribute\n", + "endpoint = '/events/edit/'\n", + "relative_path = '126'\n", + "\n", + "body = {\n", + " \"distribution\": 0,\n", + " \"Attribute\": [\n", + " {\n", + " \"value\": \"9.9.9.9\",\n", + " \"type\": \"ip-src\"\n", + " }\n", + " ]\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 47, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'message': 'Global tag tlp:red123(400) successfully attached to Event(126).',\n", + " 'name': 'Global tag tlp:red123(400) successfully attached to Event(126).',\n", + " 'saved': True,\n", + " 'success': True,\n", + " 'url': '/tags/attachTagToObject'}\n" + ] + } + ], + "source": [ + "# Edition 2 - tagging 1\n", + "endpoint = '/tags/attachTagToObject'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"uuid\": \"b3cc1ea2-892f-48e1-a6dc-20279818a724\", # can be anything: event or attribute\n", + " \"tag\": \"tlp:red\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Attributes" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Creation and edition" + ] + }, + { + "cell_type": "code", + "execution_count": 8, + "metadata": {}, + "outputs": [], + "source": [ + "event_id = 64" + ] + }, + { + "cell_type": "code", + "execution_count": 9, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 19\n", + "----------\n", + "{'Attribute': {'category': 'Network activity',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713153845',\n", + " 'to_ids': True,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '8.8.8.9',\n", + " 'value1': '8.8.8.9',\n", + " 'value2': ''},\n", + " 'AttributeTag': []}\n" + ] + } + ], + "source": [ + "# Adding\n", + "endpoint = '/attributes/add/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"value\": \"8.8.8.9\",\n", + " \"type\": \"ip-dst\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 21, + "metadata": {}, + "outputs": [ + { + "name": "stderr", + "output_type": "stream", + "text": [ + "Something went wrong (403): {'saved': False, 'name': 'Could not add Attribute', 'message': 'Could not add Attribute', 'url': '/attributes/add', 'errors': {'value': ['Checksum has an invalid length or format (expected: 32 hexadecimal characters). Please double check the value or select type \"other\".']}}\n" + ] + }, + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'errors': (403,\n", + " {'errors': {'value': ['Checksum has an invalid length or format '\n", + " '(expected: 32 hexadecimal characters). '\n", + " 'Please double check the value or select '\n", + " 'type \"other\".']},\n", + " 'message': 'Could not add Attribute',\n", + " 'name': 'Could not add Attribute',\n", + " 'saved': False,\n", + " 'url': '/attributes/add'})}\n" + ] + } + ], + "source": [ + "# Adding invalid attribute type\n", + "endpoint = '/attributes/add/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"value\": \"8.8.8.9\",\n", + " \"type\": \"md5\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 22, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 17\n", + "----------\n", + "{'Attribute': {'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'}}\n" + ] + } + ], + "source": [ + "# Editing\n", + "endpoint = '/attributes/edit/' # /attributes/edit/[attribute_id]\n", + "relative_path = '3362'\n", + "\n", + "body = {\n", + " \"value\": \"127.0.0.1\",\n", + " \"to_ids\": 0,\n", + " \"comment\": \"Comment added via the API\",\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 54, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 17\n", + "----------\n", + "{'Attribute': {'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '126',\n", + " 'first_seen': None,\n", + " 'id': '56143',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1705582332',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '8153fcad-cd37-45d9-a1d1-a509942116f8',\n", + " 'value': '127.1.1.1'}}\n" + ] + } + ], + "source": [ + "# Editing with data taken from JSON views. \n", + "# (timestamp) contrast the difference with *PyMISP*\n", + "endpoint = '/attributes/edit/'\n", + "relative_path = '56143'\n", + "\n", + "body = {\n", + " \"id\": \"56143\",\n", + " \"type\": \"ip-dst\",\n", + " \"category\": \"Network activity\",\n", + " \"to_ids\": False,\n", + " \"uuid\": \"8153fcad-cd37-45d9-a1d1-a509942116f8\",\n", + " \"event_id\": \"126\",\n", + " \"distribution\": \"5\",\n", + " \"comment\": \"Comment added via the API\",\n", + " \"sharing_group_id\": \"0\",\n", + " \"deleted\": False,\n", + " \"disable_correlation\": False,\n", + " \"object_id\": \"0\",\n", + " \"object_relation\": None,\n", + " \"first_seen\": None,\n", + " \"last_seen\": None,\n", + " \"value\": \"127.1.1.1\",\n", + " \"Galaxy\": [],\n", + " \"ShadowAttribute\": []\n", + " }\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Objects" + ] + }, + { + "cell_type": "code", + "execution_count": 23, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Object': {'Attribute': [{'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post',\n", + " 'value1': 'post',\n", + " 'value2': ''}],\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'description': 'Microblog post like a Twitter tweet or a post on a '\n", + " 'Facebook wall.',\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '537',\n", + " 'last_seen': None,\n", + " 'meta-category': 'misc',\n", + " 'name': 'microblog',\n", + " 'sharing_group_id': '0',\n", + " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", + " 'template_version': '5',\n", + " 'timestamp': '1558702173',\n", + " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}}\n" + ] + } + ], + "source": [ + "endpoint = '/objects/add/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"name\": \"microblog\",\n", + " \"meta-category\": \"misc\",\n", + " \"description\": \"Microblog post like a Twitter tweet or a post on a Facebook wall.\",\n", + " \"template_uuid\": \"8ec8c911-ddbe-4f5b-895b-fbff70c42a60\",\n", + " \"template_version\": \"5\",\n", + " \"event_id\": event_id,\n", + " \"timestamp\": \"1558702173\",\n", + " \"distribution\": \"5\",\n", + " \"sharing_group_id\": \"0\",\n", + " \"comment\": \"\",\n", + " \"deleted\": False,\n", + " \"ObjectReference\": [],\n", + " \"Attribute\": [\n", + " {\n", + " \"type\": \"text\",\n", + " \"category\": \"Other\",\n", + " \"to_ids\": False,\n", + " \"event_id\": event_id,\n", + " \"distribution\": \"5\",\n", + " \"timestamp\": \"1558702173\",\n", + " \"comment\": \"\",\n", + " \"sharing_group_id\": \"0\",\n", + " \"deleted\": False,\n", + " \"disable_correlation\": False,\n", + " \"object_relation\": \"post\",\n", + " \"value\": \"post\",\n", + " \"Galaxy\": [],\n", + " \"ShadowAttribute\": []\n", + " }\n", + " ]\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 24, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Attribute count: 1\n", + "----------\n", + "{'Event': {'Attribute': [{'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'}],\n", + " 'CryptographicKey': [],\n", + " 'EventReport': [{'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '55',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713153904',\n", + " 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n", + " {'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '56',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154575',\n", + " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n", + " 'Galaxy': [],\n", + " 'Object': [{'Attribute': [{'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}],\n", + " 'ObjectReference': [],\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'description': 'Microblog post like a Twitter tweet or '\n", + " 'a post on a Facebook wall.',\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '537',\n", + " 'last_seen': None,\n", + " 'meta-category': 'misc',\n", + " 'name': 'microblog',\n", + " 'sharing_group_id': '0',\n", + " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", + " 'template_version': '5',\n", + " 'timestamp': '1558702173',\n", + " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'ShadowAttribute': [],\n", + " 'Tag': [{'colour': '#33FF00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '12',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:green',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '2',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713154741',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n" + ] + } + ], + "source": [ + "# Edition 2 - tagging 2\n", + "endpoint = '/events/edit/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"distribution\": 0,\n", + " \"Tag\": [\n", + " {\"name\":\"tlp:green\"}\n", + " ]\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Event reports" + ] + }, + { + "cell_type": "code", + "execution_count": 20, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Event': {'Org': {'id': '15', 'name': 'CIRCL'},\n", + " 'Orgc': {'id': '15', 'name': 'CIRCL'},\n", + " 'date': '2024-04-15',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'user_id': '626'},\n", + " 'EventReport': {'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '56',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154575',\n", + " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'},\n", + " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n" + ] + } + ], + "source": [ + "endpoint = '/eventReports/add/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"name\": \"Report from API\",\n", + " \"distribution\": 5,\n", + " \"sharing_group_id\": 0,\n", + " \"content\": \"Body\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "event_report_id = res['EventReport']['id']\n", + "\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 66, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Event': {'Org': {'id': '15', 'name': 'CIRCL'},\n", + " 'Orgc': {'id': '15', 'name': 'CIRCL'},\n", + " 'date': '2024-04-15',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'user_id': '626'},\n", + " 'EventReport': {'content': 'html # TR-84 - PAN-OS (Palo Alto Networks) OS '\n", + " 'Command Injection Vulnerability in GlobalProtect '\n", + " 'Gateway - CVE-2024-3400\\n'\n", + " '\\n'\n", + " ' ### TR-84 - PAN-OS (Palo Alto Networks) OS '\n", + " 'Command Injection Vulnerability in GlobalProtect '\n", + " 'Gateway - CVE-2024-3400\\n'\n", + " '\\n'\n", + " ' â\\x86\\x91 Back to Publications and '\n", + " 'Presentations\\n'\n", + " '\\n'\n", + " ' \\n'\n", + " ' 2. Fixes\\n'\n", + " ' 4. Detection\\n'\n", + " ' 6. Known affected software\\n'\n", + " ' 8. References\\n'\n", + " ' 10. Classification of this document\\n'\n", + " ' 12. Revision\\n'\n", + " ' \\n'\n", + " ' You can report incidents via our official '\n", + " 'contact including e-mail, phone or use the '\n", + " 'Anonymous reporting form.\\n'\n", + " '\\n'\n", + " ' Search\\n'\n", + " '\\n'\n", + " ' \\n'\n", + " ' A command injection vulnerability in the '\n", + " 'GlobalProtect feature of Palo Alto Networks '\n", + " 'PAN-OS software for specific PAN-OS versions and '\n", + " 'distinct feature configurations may enable an '\n", + " 'unauthenticated attacker to execute arbitrary '\n", + " 'code with root privileges on the firewall. Fixes '\n", + " 'for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are '\n", + " 'in development and are expected to be released by '\n", + " 'April 14, 2024. Cloud NGFW, Panorama appliances, '\n", + " 'and Prisma Access are not impacted by this '\n", + " 'vulnerability. All other versions of PAN-OS are '\n", + " 'also not impacted.\\n'\n", + " '\\n'\n", + " ' The vulnerability is currently exploited in the '\n", + " 'wild as mentioned by Volexity and itâ\\x80\\x99s '\n", + " 'referenced as CVE-2024-3400.\\n'\n", + " '\\n'\n", + " ' ## Fixes\\n'\n", + " '\\n'\n", + " ' Palo Alto Networks mention a patch will be '\n", + " 'released by April 14, 2024. This issue will be '\n", + " 'fixed in hotfix releases of PAN-OS 10.2.9-h1 '\n", + " '(ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), '\n", + " 'and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all '\n", + " 'later PAN-OS versions.\\n'\n", + " '\\n'\n", + " ' There are workarounds proposed by the vendor to '\n", + " 'fix the vulnerability before the hotfix will be '\n", + " 'released.\\n'\n", + " '\\n'\n", + " ' ## Detection\\n'\n", + " '\\n'\n", + " ' \\n'\n", + " ' * Indicators shared by Volexity are available in '\n", + " 'a MISP event with UUID '\n", + " '9802116c-3ec3-4a8e-8b39-5c69b08df5ab, shared in '\n", + " 'the OSINT feed and the MISP private sector '\n", + " 'community.\\n'\n", + " ' \\n'\n", + " ' ## Known affected software\\n'\n", + " '\\n'\n", + " ' \\n'\n", + " ' * PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 used '\n", + " 'as GlobalProtect gateway with device telemetry '\n", + " 'enabled. (other versions are not impacted).\\n'\n", + " ' \\n'\n", + " ' ## References\\n'\n", + " '\\n'\n", + " ' \\n'\n", + " ' * Palo Alto Networks - CVE-2024-3400 PAN-OS: OS '\n", + " 'Command Injection Vulnerability in GlobalProtect '\n", + " 'Gateway.\\n'\n", + " ' * Volexity - 0day exploited in the wild..\\n'\n", + " ' * Volexity - []Zero-Day Exploitation of '\n", + " 'Unauthenticated Remote Code Execution '\n", + " 'Vulnerability in GlobalProtect '\n", + " '(CVE-2024-3400)(https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/)\\n'\n", + " ' \\n'\n", + " ' ## Classification of this document\\n'\n", + " '\\n'\n", + " ' TLP:CLEAR information may be distributed without '\n", + " 'restriction, subject to copyright controls.\\n'\n", + " '\\n'\n", + " ' ## Revision\\n'\n", + " '\\n'\n", + " ' \\n'\n", + " ' * Version 1.0 - TLP:CLEAR - First version - 12th '\n", + " 'April 2024\\n'\n", + " ' * Version 1.1 - TLP:CLEAR - Second version - '\n", + " '13rd April 2024 - IoCs added\\n'\n", + " ' \\n'\n", + " ' ',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '57',\n", + " 'name': 'Report from - https://www.circl.lu/pub/tr-84/ '\n", + " '(1713160991)',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713160991',\n", + " 'uuid': '53c2eaf6-43f6-4789-8c47-99445877c7e5'},\n", + " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n" + ] + } + ], + "source": [ + "# Download HTML, convert it into markdown then save it as Event Report.\n", + "endpoint = '/eventReports/importReportFromUrl/'\n", + "relative_path = str(event_id)\n", + "\n", + "body = {\n", + " \"url\": \"https://www.circl.lu/pub/tr-84/\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 68, + "metadata": {}, + "outputs": [ + { + "name": "stderr", + "output_type": "stream", + "text": [ + "Something went wrong (404): {'name': 'Invalid report', 'message': 'Invalid report', 'url': '/eventReports/extractAllFromReport/64'}\n" + ] + }, + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'errors': (404,\n", + " {'message': 'Invalid report',\n", + " 'name': 'Invalid report',\n", + " 'url': '/eventReports/extractAllFromReport/64'})}\n" + ] + } + ], + "source": [ + " # Extract all entities, tag Event with tag found\n", + "endpoint = '/eventReports/extractAllFromReport/'\n", + "relative_path = str(64)\n", + "\n", + "body = {\n", + " \"tag_event\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Analyst Data" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Analyst Note" + ] + }, + { + "cell_type": "code", + "execution_count": 67, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Note': {'Org': {'contacts': None,\n", + " 'created_by': '0',\n", + " 'date_created': '2023-09-29 06:47:38',\n", + " 'date_modified': '2023-09-29 06:47:38',\n", + " 'description': 'CIRCL is the CERT (Computer Emergency '\n", + " 'Response Team/Computer Security Incident '\n", + " 'Response Team) for the private sector, '\n", + " 'communes and non-governmental entities in '\n", + " 'Luxembourg.',\n", + " 'id': '15',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'nationality': '',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'contacts': None,\n", + " 'created_by': '0',\n", + " 'date_created': '2023-09-29 06:47:38',\n", + " 'date_modified': '2023-09-29 06:47:38',\n", + " 'description': 'CIRCL is the CERT (Computer Emergency '\n", + " 'Response Team/Computer Security Incident '\n", + " 'Response Team) for the private sector, '\n", + " 'communes and non-governmental entities in '\n", + " 'Luxembourg.',\n", + " 'id': '15',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'nationality': '',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " '_canEdit': True,\n", + " 'authors': 'john.doe@admin.test',\n", + " 'created': '2024-04-15 06:04:52',\n", + " 'distribution': '1',\n", + " 'id': '1',\n", + " 'language': 'fr-BE',\n", + " 'locked': False,\n", + " 'modified': '2024-04-15 06:04:52',\n", + " 'note': 'Ceci est une note',\n", + " 'note_type': 0,\n", + " 'note_type_name': 'Note',\n", + " 'object_type': 'Event64',\n", + " 'object_uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'org_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", + " 'orgc_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", + " 'sharing_group_id': None,\n", + " 'uuid': 'bdccb0a3-6cd1-4562-88d7-f4f67007195b'}}\n" + ] + } + ], + "source": [ + "analystType = 'Note'\n", + "objectUUID = '501fd194-8b98-40d9-91e6-1c3d56d9c36a'\n", + "# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n", + "# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n", + "objectType = 'Event'\n", + "endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n", + "\n", + "body = {\n", + " \"note\": \"Ceci est une note\",\n", + " \"language\": \"fr-BE\",\n", + " \"authors\": \"john.doe@admin.test\",\n", + " \"distribution\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Analyst Opinion" + ] + }, + { + "cell_type": "code", + "execution_count": 69, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Opinion': {'Org': {'contacts': None,\n", + " 'created_by': '0',\n", + " 'date_created': '2023-09-29 06:47:38',\n", + " 'date_modified': '2023-09-29 06:47:38',\n", + " 'description': 'CIRCL is the CERT (Computer Emergency '\n", + " 'Response Team/Computer Security Incident '\n", + " 'Response Team) for the private sector, '\n", + " 'communes and non-governmental entities in '\n", + " 'Luxembourg.',\n", + " 'id': '15',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'nationality': '',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'contacts': None,\n", + " 'created_by': '0',\n", + " 'date_created': '2023-09-29 06:47:38',\n", + " 'date_modified': '2023-09-29 06:47:38',\n", + " 'description': 'CIRCL is the CERT (Computer Emergency '\n", + " 'Response Team/Computer Security Incident '\n", + " 'Response Team) for the private sector, '\n", + " 'communes and non-governmental entities '\n", + " 'in Luxembourg.',\n", + " 'id': '15',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'nationality': '',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " '_canEdit': True,\n", + " 'authors': 'john.doe@admin.test',\n", + " 'comment': 'This is an opinion',\n", + " 'created': '2024-04-15 06:09:58',\n", + " 'distribution': '1',\n", + " 'id': '1',\n", + " 'locked': False,\n", + " 'modified': '2024-04-15 06:09:58',\n", + " 'note_type': 1,\n", + " 'note_type_name': 'Opinion',\n", + " 'object_type': 'Event64',\n", + " 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n", + " 'opinion': '75',\n", + " 'org_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", + " 'orgc_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", + " 'sharing_group_id': None,\n", + " 'uuid': '94f0f534-4287-4612-972b-0c95e57938e5'}}\n" + ] + } + ], + "source": [ + "analystType = 'Opinion'\n", + "objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n", + "# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n", + "# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n", + "objectType = 'Event'\n", + "endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n", + "\n", + "body = {\n", + " \"opinion\": 75,\n", + " \"comment\": \"This is an opinion\",\n", + " \"authors\": \"john.doe@admin.test\",\n", + " \"distribution\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Searches" + ] + }, + { + "cell_type": "code", + "execution_count": 28, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "[{'EventTag': [],\n", + " 'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'attribute_count': '0',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'extends_uuid': '',\n", + " 'id': '63',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'sighting_timestamp': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153707',\n", + " 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'},\n", + " {'EventTag': [{'Tag': {'colour': '#33FF00',\n", + " 'id': '12',\n", + " 'is_galaxy': False,\n", + " 'name': 'tlp:green'},\n", + " 'event_id': '64',\n", + " 'id': '348',\n", + " 'local': False,\n", + " 'relationship_type': None,\n", + " 'tag_id': '12'}],\n", + " 'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'attribute_count': '2',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'sighting_timestamp': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713154741',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}]\n" + ] + } + ], + "source": [ + "# Searching the Event index (Move it to the search topic)\n", + "endpoint = '/events/index'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"eventinfo\": \"Event created via the API as an example\",\n", + "# \"publish_timestamp\": \"2024-04-15\",\n", + "# \"org\": \"ORGNAME\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 29, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Event number: 0\n", + "Count: 0\n", + "----------\n", + "[]\n" + ] + } + ], + "source": [ + "# Searching the Event index\n", + "misp_url = '/events/index'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + "# \"hasproposal\": 1,\n", + " \"tag\": [\"tlp:amber\"]\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "\n", + "print('Event number: %s' % len(res))\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## RestSearch\n", + "**Aka: Most powerful search tool in MISP**" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### RestSearch - Attributes" + ] + }, + { + "cell_type": "code", + "execution_count": 30, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '537',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 69, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 1\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '126',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '1',\n", + " 'orgc_id': '1',\n", + " 'uuid': 'b3cc1ea2-892f-48e1-a6dc-20279818a724'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '645',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '126',\n", + " 'first_seen': None,\n", + " 'id': '56144',\n", + " 'last_seen': None,\n", + " 'object_id': '645',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "# Searches on Attribute's data\n", + "misp_url = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + " \"type\": \"ip-dst\",\n", + "# \"value\": \"127.0.%\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 31, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '537',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "# Searches on Attribute's data\n", + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + " \"deleted\": [0, 1] # Consider both deleted AND not deleted\n", + "}\n", + "\n", + "# [] == {\"OR\": []}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 33, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '537',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "# Searches on Attribute's data\n", + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + "# \"tags\": \"tlp:white\",\n", + "# \"tags\": [\"tlp:white\", \"tlp:green\"]\n", + "# \"tags\": [\"!tlp:green\"]\n", + "# \"tags\": \"tlp:%\",\n", + "# \"includeEventTags\": 1\n", + "# BRAND NEW (only tag)! Prefered way (Most accurate): Distinction between OR and AND!\n", + "# \"tags\": {\"AND\": [\"tlp:green\", \"Malware\"], \"NOT\": [\"%ransomware%\"]}\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 35, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '537',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "# Paginating\n", + "endpoint = '/attributes/restSearch/'\n", + "#relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + "# \"page\": 0,\n", + "# \"limit\": 10000\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 37, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '537',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "# Searches based on time: Absolute\n", + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "event_id = 64\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + " \"from\": \"2019/05/21\" # or \"2019-05-21\"\n", + " # from and to NOT REALLY USEFUL.. \n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 40, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Object': {'distribution': '5',\n", + " 'id': '537',\n", + " 'sharing_group_id': '0'},\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}]}\n" + ] + } + ], + "source": [ + "# Searches based on time: Relative\n", + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "# /!\\ Last: works on the publish_timestamp -> may be confusing\n", + "# Units: days, hours, minutes and secondes\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + "# \"to_ids\": 1,\n", + "# \"publish_timestamp\": \"2024-04-15\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Precision regarding the different timestamps\n", + "- ``publish_timestamp`` = Time at which the event was published\n", + " - Usage: get data that arrived in my system since x\n", + " - E.g.: New data from a feed\n", + "- ``timestamp`` = Time of the last modification on the data\n", + " - data was modified in the last x hours\n", + " - E.g.: Last updated data from a feed\n", + "- ``event_timestamp``: Used in the Attribute scope\n", + " - Event modified in the last x hours" + ] + }, + { + "cell_type": "code", + "execution_count": 44, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 1\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Payload delivery',\n", + " 'comment': '',\n", + " 'data': 'iVBORw0KGgoAAAANSUhEUgAAAG8AAABvAQAAAADKvqPNAAABJklEQVQ4jdXUMY6FIBAG4N9Y0K0XIOEadF5JL4B6Ad+V6LiGiRfAjoI4O5oX87ZhKDabLKH5CsPPMCPox8L/YASm0EZkwIg8KI9hX/s8UQW9nkhPKQ+qioMCel1J1+fR15HyYNv5I2SBfN8xaN7P9QvkdYIPMk9hC4zQsJvr99XKPG37usqO8U4lEFsXaAm5uw8qM3JyMkeCsxVU2nHZLZ1K5gl++v1IW/NOVSIFjB5QcPe3ZfJ9KeUm0CvJjNi+cOV/hyzyILMEbkI0wcj0/EBmVtdZMkO79hwJU6qgz07tp0XjjUheR2o5W4RMbpJB6S7xLJBIngUHzaccycj0eqR9Vk9xBA7gzW1Qx75dCADJvP45V9NGK/MeGR6xayJE/tkf+Nf4DXMqFobLZDuHAAAAAElFTkSuQmCC',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3364',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155138',\n", + " 'to_ids': False,\n", + " 'type': 'attachment',\n", + " 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n", + " 'value': 'cti-2024.png'}]}\n" + ] + } + ], + "source": [ + "# Searches with attachments\n", + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + " \"type\": \"attachment\",\n", + " \"withAttachments\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 48, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + "----------\n", + "{'Attribute': [{'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Event': {'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'category': 'Network activity',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3366',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155243',\n", + " 'to_ids': True,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", + " 'value': '127.0.0.2'}]}\n" + ] + } + ], + "source": [ + "# Searches - Others\n", + "endpoint = '/attributes/restSearch/'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": event_id,\n", + " \"type\": [\"ip-src\", \"ip-dst\"],\n", + " \"enforceWarninglist\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### RestSearch - Events" + ] + }, + { + "cell_type": "code", + "execution_count": 49, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 1\n", + " - Attribute count: 4\n", + "----------\n", + "[{'Event': {'Attribute': [{'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Payload delivery',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3364',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155138',\n", + " 'to_ids': False,\n", + " 'type': 'attachment',\n", + " 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n", + " 'value': 'cti-2024.png'},\n", + " {'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3365',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155215',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '1ce6d7c3-a3cf-4bf7-b0fe-a054b7a06342',\n", + " 'value': '8.8.8.8'},\n", + " {'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3366',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155243',\n", + " 'to_ids': True,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", + " 'value': '127.0.0.2'}],\n", + " 'CryptographicKey': [],\n", + " 'EventReport': [{'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '55',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713153904',\n", + " 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n", + " {'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '56',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154575',\n", + " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n", + " 'Galaxy': [],\n", + " 'Object': [{'Attribute': [{'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}],\n", + " 'ObjectReference': [],\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'description': 'Microblog post like a Twitter tweet or '\n", + " 'a post on a Facebook wall.',\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '537',\n", + " 'last_seen': None,\n", + " 'meta-category': 'misc',\n", + " 'name': 'microblog',\n", + " 'sharing_group_id': '0',\n", + " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", + " 'template_version': '5',\n", + " 'timestamp': '1558702173',\n", + " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'date': '2024-04-15',\n", + " 'distribution': '0',\n", + " 'id': '62',\n", + " 'info': 'Test event with some sample '\n", + " 'indicator to match on Jupyter '\n", + " 'notebook',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'published': False,\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153254',\n", + " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n", + " 'ShadowAttribute': [],\n", + " 'Tag': [{'colour': '#33FF00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '12',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:green',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '5',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713155243',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n" + ] + } + ], + "source": [ + "# Searching using the RestSearch\n", + "endpoint = '/events/restSearch'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventid\": 64,\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 51, + "metadata": {}, + "outputs": [], + "source": [ + "# Searching using the RestSearch - Other return format\n", + "!curl \\\n", + " -d '{\"returnFormat\":\"rpz\",\"eventid\":64}' \\\n", + " -H \"Authorization: tzcU6V4IdOdNsQy9LkD3yBHaIkg64n7oeKpaQNyf\" \\\n", + " -H \"Accept: application/json\" \\\n", + " -H \"Content-type: application/json\" \\\n", + " -k \\\n", + " -X POST https://localhost:8443/events/restSearch 2> /dev/null" + ] + }, + { + "cell_type": "code", + "execution_count": 96, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "uuid,event_id,category,type,value,comment,to_ids,date,object_relation,attribute_tag,object_uuid,object_name,object_meta_category\r\n", + "\"6938d503-7d96-48b6-9a18-f8e6f95f04dd\",126,\"Network activity\",\"ip-src\",\"9.9.9.9\",\"\",1,1705581872,\"\",\"\",\"\",\"\",\"\"\r\n", + "\"8153fcad-cd37-45d9-a1d1-a509942116f8\",126,\"Network activity\",\"ip-dst\",\"127.2.2.2\",\"Comment added via the API!\",0,1705583914,\"\",\"tlp:white\",\"\",\"\",\"\"\r\n", + "\"1b436ea7-5fc3-485f-b059-9bfff544925f\",126,\"Payload delivery\",\"attachment\",\"test.txt\",\"\",0,1705584018,\"\",\"\",\"\",\"\",\"\"\r\n", + "\"7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5\",126,\"Other\",\"text\",\"post\",\"\",0,1558702173,\"post\",\"\",\"838aefb1-0f6e-4967-9a99-e7414887ae9a\",\"microblog\",\"misc\"\r\n", + "\r\n" + ] + } + ], + "source": [ + "# Searching using the RestSearch - Other return format\n", + "!curl \\\n", + " -d '{\"returnFormat\":\"csv\",\"eventid\":126}' \\\n", + " -H \"Authorization: AaRwZVxZqE8peVet1LGfTYMOkOfFfa7rlS5i5xfL\" \\\n", + " -H \"Accept: application/json\" \\\n", + " -H \"Content-type: application/json\" \\\n", + " -k \\\n", + " -X POST https://localhost:8443/events/restSearch 2> /dev/null" + ] + }, + { + "cell_type": "code", + "execution_count": 52, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 0\n", + "----------\n", + "[]\n" + ] + } + ], + "source": [ + "# Searching using the RestSearch - Filtering\n", + "endpoint = '/events/restSearch'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"value\": \"parsed-ail.json\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 53, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 14\n", + "----------\n", + "[{'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '278',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '59',\n", + " 'id': '13207',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'calling-code': ['+33'],\n", + " 'capital': ['Paris'],\n", + " 'currency': ['€',\n", + " 'EUR',\n", + " 'EURO'],\n", + " 'iso-code': ['FR', 'FRA'],\n", + " 'member-of': ['NATO'],\n", + " 'official-languages': ['French'],\n", + " 'synonyms': ['French '\n", + " 'Republic',\n", + " 'République '\n", + " 'française'],\n", + " 'territory-type': ['Country'],\n", + " 'top-level-domain': ['.fr']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 167,\n", + " 'tag_name': 'misp-galaxy:target-information=\"France\"',\n", + " 'type': 'target-information',\n", + " 'uuid': '0cc6ad08-fac6-42bc-a7c7-09a53ea6b968',\n", + " 'value': 'France',\n", + " 'version': '7'}],\n", + " 'description': 'Description of targets of threat '\n", + " 'actors.',\n", + " 'enabled': True,\n", + " 'icon': 'bullseye',\n", + " 'id': '59',\n", + " 'local_only': False,\n", + " 'name': 'Target Information',\n", + " 'namespace': 'misp',\n", + " 'type': 'target-information',\n", + " 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n", + " 'version': '1'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9554',\n", + " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'id': '17887',\n", + " 'referenced_galaxy_cluster_id': '9652',\n", + " 'referenced_galaxy_cluster_type': 'parent-of',\n", + " 'referenced_galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9554',\n", + " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'id': '17888',\n", + " 'referenced_galaxy_cluster_id': '9653',\n", + " 'referenced_galaxy_cluster_type': 'parent-of',\n", + " 'referenced_galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9554',\n", + " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'id': '17889',\n", + " 'referenced_galaxy_cluster_id': '9654',\n", + " 'referenced_galaxy_cluster_type': 'parent-of',\n", + " 'referenced_galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9652',\n", + " 'galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", + " 'id': '17916',\n", + " 'referenced_galaxy_cluster_id': '9554',\n", + " 'referenced_galaxy_cluster_type': 'successor-of',\n", + " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9653',\n", + " 'galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", + " 'id': '17917',\n", + " 'referenced_galaxy_cluster_id': '9554',\n", + " 'referenced_galaxy_cluster_type': 'successor-of',\n", + " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9654',\n", + " 'galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", + " 'id': '17919',\n", + " 'referenced_galaxy_cluster_id': '9554',\n", + " 'referenced_galaxy_cluster_type': 'successor-of',\n", + " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", + " 'http://pastebin.com/raw/GHgpWjar',\n", + " 'MISP Project',\n", + " 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n", + " 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Conti ransomware is '\n", + " 'a RaaS and has been '\n", + " 'observed encrypting '\n", + " 'networks since '\n", + " 'mid-2020.\\n'\n", + " 'Conti was developed '\n", + " 'by the “TrickBot” '\n", + " 'group, an organized '\n", + " 'Russian '\n", + " 'cybercriminal '\n", + " 'operation. Their '\n", + " 'reputation has '\n", + " 'allowed the group '\n", + " 'to create a strong '\n", + " 'brand name, '\n", + " 'attracting many '\n", + " 'affiliates which '\n", + " 'has made Conti one '\n", + " 'of the most '\n", + " 'widespread '\n", + " 'ransomware strains '\n", + " 'in the world.\\n'\n", + " 'One of the last '\n", + " 'known “Conti” '\n", + " 'attacks was against '\n", + " 'the government of '\n", + " 'Costa Rica in April '\n", + " '2022 causing the '\n", + " 'country to declare '\n", + " 'a state of '\n", + " 'emergency.\\n'\n", + " 'Shortly after this '\n", + " 'final attack, the '\n", + " '“Conti” brand '\n", + " 'disappeared. The '\n", + " 'group behind it '\n", + " 'likely switched to '\n", + " 'a different brand '\n", + " 'to avoid sanctions '\n", + " 'and start over with '\n", + " 'a new, clean '\n", + " 'reputation.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '279',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '49',\n", + " 'id': '9554',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'attribution-confidence': ['100'],\n", + " 'country': ['RU'],\n", + " 'extensions': ['.conti'],\n", + " 'links': ['http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/',\n", + " 'http://continews.click'],\n", + " 'ransomnotes': ['All of '\n", + " 'your '\n", + " 'files are '\n", + " 'currently '\n", + " 'encrypted '\n", + " 'by CONTI '\n", + " 'ransomware.'],\n", + " 'refs': ['https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-010-acsc-ransomware-profile-conti',\n", + " 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098',\n", + " 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 166,\n", + " 'tag_name': 'misp-galaxy:ransomware=\"Conti\"',\n", + " 'type': 'ransomware',\n", + " 'uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'value': 'Conti',\n", + " 'version': '118'}],\n", + " 'description': 'Ransomware galaxy based on '\n", + " 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", + " 'enabled': True,\n", + " 'icon': 'btc',\n", + " 'id': '49',\n", + " 'local_only': False,\n", + " 'name': 'Ransomware',\n", + " 'namespace': 'misp',\n", + " 'type': 'ransomware',\n", + " 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n", + " 'version': '4'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'date': '2022-03-22',\n", + " 'distribution': '2',\n", + " 'id': '55',\n", + " 'info': 'Network relationship with '\n", + " 'Conti BTC address',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'published': False,\n", + " 'threat_level_id': '4',\n", + " 'timestamp': '1695040739',\n", + " 'uuid': 'd1a18f98-4efb-4238-b608-8783e626b95f'}}],\n", + " 'Tag': [{'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '16',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:white',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '167',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:target-information=\"France\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '166',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:ransomware=\"Conti\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#075200',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '138',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'admiralty-scale:source-reliability=\"b\"',\n", + " 'numerical_value': '75',\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '13',\n", + " 'date': '2022-03-21',\n", + " 'disable_correlation': False,\n", + " 'distribution': '1',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '50',\n", + " 'info': 'Ransomware Attack against a French organization',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1695041268',\n", + " 'uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#33FF00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '12',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:green',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '28',\n", + " 'date': '2021-12-22',\n", + " 'disable_correlation': False,\n", + " 'distribution': '1',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '51',\n", + " 'info': 'Dirty harry example',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1693922674',\n", + " 'uuid': '339b8437-13e8-4ae6-97dc-47cf909aa78d'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5881',\n", + " 'galaxy_cluster_uuid': '590777b3-b475-4c7c-aaf8-f4a73b140312',\n", + " 'id': '2339',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7107',\n", + " 'galaxy_cluster_uuid': 'e401d4fe-f0c9-44f0-98e6-f93487678808',\n", + " 'id': '9763',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7262',\n", + " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", + " 'id': '11748',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7476',\n", + " 'galaxy_cluster_uuid': 'd6b3fcd0-1c86-4350-96f0-965ed02fcc51',\n", + " 'id': '14674',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7516',\n", + " 'galaxy_cluster_uuid': '4c6d62c2-89f5-4159-8fab-0190b1f9d328',\n", + " 'id': '15343',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7524',\n", + " 'galaxy_cluster_uuid': 'c984b414-b766-44c5-814a-2fe96c913c12',\n", + " 'id': '15474',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7535',\n", + " 'galaxy_cluster_uuid': '727afb95-3d0f-4451-b297-362a43909923',\n", + " 'id': '15629',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7541',\n", + " 'galaxy_cluster_uuid': 'e14085cb-0e8d-4be6-92ba-e3b93ee5978f',\n", + " 'id': '15744',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14906',\n", + " 'galaxy_cluster_uuid': '0ee4d8a5-4e67-4faf-acfa-62a78457d1f2',\n", + " 'id': '22387',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15094',\n", + " 'galaxy_cluster_uuid': 'b55d23e5-6821-44ff-8a6e-67218891e49f',\n", + " 'id': '22582',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15893',\n", + " 'galaxy_cluster_uuid': '7bd3902d-8b8b-4dd4-838a-c6862d40150d',\n", + " 'id': '23482',\n", + " 'referenced_galaxy_cluster_id': '4806',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'modify client '\n", + " 'software binaries '\n", + " 'to establish '\n", + " 'persistent access '\n", + " 'to systems. Client '\n", + " 'software enables '\n", + " 'users to access '\n", + " 'services provided '\n", + " 'by a server. Common '\n", + " 'client software '\n", + " 'types are SSH '\n", + " 'clients, FTP '\n", + " 'clients, email '\n", + " 'clients, and web '\n", + " 'browsers.\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'make modifications '\n", + " 'to client software '\n", + " 'binaries to carry '\n", + " 'out malicious tasks '\n", + " 'when those '\n", + " 'applications are in '\n", + " 'use. For example, '\n", + " 'an adversary may '\n", + " 'copy source code '\n", + " 'for the client '\n", + " 'software, add a '\n", + " 'backdoor, compile '\n", + " 'for the target, and '\n", + " 'replace the '\n", + " 'legitimate '\n", + " 'application binary '\n", + " '(or support files) '\n", + " 'with the backdoored '\n", + " 'one. Since these '\n", + " 'applications may be '\n", + " 'routinely executed '\n", + " 'by the user, the '\n", + " 'adversary can '\n", + " 'leverage this for '\n", + " 'persistent access '\n", + " 'to the host.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '282',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '4806',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1554'],\n", + " 'kill_chain': ['mitre-attack:persistence'],\n", + " 'mitre_data_sources': ['File: '\n", + " 'File '\n", + " 'Creation',\n", + " 'File: '\n", + " 'File '\n", + " 'Deletion',\n", + " 'File: '\n", + " 'File '\n", + " 'Metadata',\n", + " 'File: '\n", + " 'File '\n", + " 'Modification'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1554']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 23,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Compromise '\n", + " 'Client Software Binary '\n", + " '- T1554\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", + " 'value': 'Compromise Client '\n", + " 'Software Binary - T1554',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may use '\n", + " 'traffic signaling '\n", + " 'to hide open ports '\n", + " 'or other malicious '\n", + " 'functionality used '\n", + " 'for persistence or '\n", + " 'command and '\n", + " 'control. Traffic '\n", + " 'signaling involves '\n", + " 'the use of a magic '\n", + " 'value or sequence '\n", + " 'that must be sent '\n", + " 'to a system to '\n", + " 'trigger a special '\n", + " 'response, such as '\n", + " 'opening a closed '\n", + " 'port or executing a '\n", + " 'malicious task. '\n", + " 'This may take the '\n", + " 'form of sending a '\n", + " 'series of packets '\n", + " 'with certain '\n", + " 'characteristics '\n", + " 'before a port will '\n", + " 'be opened that the '\n", + " 'adversary can use '\n", + " 'for command and '\n", + " 'control. Usually '\n", + " 'this series of '\n", + " 'packets consists of '\n", + " 'attempted '\n", + " 'connections to a '\n", + " 'predefined sequence '\n", + " 'of closed ports '\n", + " '(i.e. [Port '\n", + " 'Knocking](https://attack.mitre.org/techniques/T1205/001)), '\n", + " 'but can involve '\n", + " 'unusual flags, '\n", + " 'specific strings, '\n", + " 'or other unique '\n", + " 'characteristics. '\n", + " 'After the sequence '\n", + " 'is completed, '\n", + " 'opening a port may '\n", + " 'be accomplished by '\n", + " 'the host-based '\n", + " 'firewall, but could '\n", + " 'also be implemented '\n", + " 'by custom '\n", + " 'software.\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'also communicate '\n", + " 'with an already '\n", + " 'open port, but the '\n", + " 'service listening '\n", + " 'on that port will '\n", + " 'only respond to '\n", + " 'commands or trigger '\n", + " 'other malicious '\n", + " 'functionality if '\n", + " 'passed the '\n", + " 'appropriate magic '\n", + " 'value(s).\\n'\n", + " '\\n'\n", + " 'The observation of '\n", + " 'the signal packets '\n", + " 'to trigger the '\n", + " 'communication can '\n", + " 'be conducted '\n", + " 'through different '\n", + " 'methods. One means, '\n", + " 'originally '\n", + " 'implemented by '\n", + " 'Cd00r (Citation: '\n", + " 'Hartrell cd00r '\n", + " '2002), is to use '\n", + " 'the libpcap '\n", + " 'libraries to sniff '\n", + " 'for the packets in '\n", + " 'question. Another '\n", + " 'method leverages '\n", + " 'raw sockets, which '\n", + " 'enables the malware '\n", + " 'to use ports that '\n", + " 'are already open '\n", + " 'for use by other '\n", + " 'programs.\\n'\n", + " '\\n'\n", + " 'On network devices, '\n", + " 'adversaries may use '\n", + " 'crafted packets to '\n", + " 'enable [Network '\n", + " 'Device '\n", + " 'Authentication](https://attack.mitre.org/techniques/T1556/004) '\n", + " 'for standard '\n", + " 'services offered by '\n", + " 'the device such as '\n", + " 'telnet. Such '\n", + " 'signaling may also '\n", + " 'be used to open a '\n", + " 'closed service port '\n", + " 'such as telnet, or '\n", + " 'to trigger module '\n", + " 'modification of '\n", + " 'malware implants on '\n", + " 'the device, adding, '\n", + " 'removing, or '\n", + " 'changing malicious '\n", + " 'capabilities. '\n", + " 'Adversaries may use '\n", + " 'crafted packets to '\n", + " 'attempt to connect '\n", + " 'to one or more '\n", + " '(open or closed) '\n", + " 'ports, but may also '\n", + " 'attempt to connect '\n", + " 'to a router '\n", + " 'interface, '\n", + " 'broadcast, and '\n", + " 'network address IP '\n", + " 'on the same port in '\n", + " 'order to achieve '\n", + " 'their goals and '\n", + " 'objectives.(Citation: '\n", + " 'Cisco Synful Knock '\n", + " 'Evolution)(Citation: '\n", + " 'Mandiant - Synful '\n", + " 'Knock)(Citation: '\n", + " 'Cisco Blog Legacy '\n", + " 'Device Attacks) To '\n", + " 'enable this traffic '\n", + " 'signaling on '\n", + " 'embedded devices, '\n", + " 'adversaries must '\n", + " 'first achieve and '\n", + " 'leverage [Patch '\n", + " 'System '\n", + " 'Image](https://attack.mitre.org/techniques/T1601/001) '\n", + " 'due to the '\n", + " 'monolithic nature '\n", + " 'of the '\n", + " 'architecture.\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'also use the '\n", + " 'Wake-on-LAN feature '\n", + " 'to turn on powered '\n", + " 'off systems. '\n", + " 'Wake-on-LAN is a '\n", + " 'hardware feature '\n", + " 'that allows a '\n", + " 'powered down system '\n", + " 'to be powered on, '\n", + " 'or woken up, by '\n", + " 'sending a magic '\n", + " 'packet to it. Once '\n", + " 'the system is '\n", + " 'powered on, it may '\n", + " 'become a target for '\n", + " 'lateral '\n", + " 'movement.(Citation: '\n", + " 'Bleeping Computer - '\n", + " 'Ryuk WoL)(Citation: '\n", + " 'AMD Magic Packet)',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '283',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5396',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1205'],\n", + " 'kill_chain': ['mitre-attack:defense-evasion',\n", + " 'mitre-attack:persistence',\n", + " 'mitre-attack:command-and-control'],\n", + " 'mitre_data_sources': ['Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Connection '\n", + " 'Creation',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Flow',\n", + " 'Process: '\n", + " 'Process '\n", + " 'Creation'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows',\n", + " 'Network'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1205',\n", + " 'https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices',\n", + " 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n", + " 'https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN',\n", + " 'https://www.amd.com/system/files/TechDocs/20213.pdf',\n", + " 'https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/',\n", + " 'https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631',\n", + " 'https://www.mandiant.com/resources/synful-knock-acis']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 24,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Traffic '\n", + " 'Signaling - T1205\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '451a9977-d255-43c9-b431-66de80130c8c',\n", + " 'value': 'Traffic Signaling - T1205',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '4842',\n", + " 'galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'id': '674',\n", + " 'referenced_galaxy_cluster_id': '6067',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': '799ace7f-e227-4411-baa0-8868704f2a69',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5058',\n", + " 'galaxy_cluster_uuid': 'd3046a90-580c-4004-8208-66915bc29830',\n", + " 'id': '827',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'revoked-by',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5645',\n", + " 'galaxy_cluster_uuid': '987988f0-cf86-4680-a875-2f6456ab2448',\n", + " 'id': '1304',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5789',\n", + " 'galaxy_cluster_uuid': '20a2baeb-98c2-4901-bad7-dc62d0a03dea',\n", + " 'id': '1856',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5801',\n", + " 'galaxy_cluster_uuid': '609191bf-7d06-40e4-b1f8-9e11eb3ff8a6',\n", + " 'id': '1928',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6782',\n", + " 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n", + " 'id': '3869',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6790',\n", + " 'galaxy_cluster_uuid': 'f9d6633a-55e6-4adc-9263-6ae080421a13',\n", + " 'id': '4168',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6841',\n", + " 'galaxy_cluster_uuid': '18854f55-ac7c-4634-bd9a-352dd07613b7',\n", + " 'id': '5562',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6876',\n", + " 'galaxy_cluster_uuid': '222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f',\n", + " 'id': '6381',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6913',\n", + " 'galaxy_cluster_uuid': '35d1b3be-49d4-42f1-aaa6-ef159c880bca',\n", + " 'id': '7335',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7027',\n", + " 'galaxy_cluster_uuid': '40a1b8ec-7295-416c-a6b1-68181d86f120',\n", + " 'id': '8788',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7262',\n", + " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", + " 'id': '11742',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14705',\n", + " 'galaxy_cluster_uuid': 'ceb407f6-8277-439b-951f-e4210e3ed956',\n", + " 'id': '22146',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15467',\n", + " 'galaxy_cluster_uuid': 'f99276ad-d122-4989-a09a-d00904a5f9d2',\n", + " 'id': '23003',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15520',\n", + " 'galaxy_cluster_uuid': '602f5669-6927-4688-84db-0d4b7afb2150',\n", + " 'id': '23074',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15620',\n", + " 'galaxy_cluster_uuid': '26b692dc-1722-49b2-b496-a8258aa6371d',\n", + " 'id': '23177',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15626',\n", + " 'galaxy_cluster_uuid': 'bde47d4b-9987-405c-94c7-b080410e8ea7',\n", + " 'id': '23192',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15646',\n", + " 'galaxy_cluster_uuid': '70ad982f-67c8-40e0-a955-b920c2fa05cb',\n", + " 'id': '23216',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '17301',\n", + " 'galaxy_cluster_uuid': 'fdc88d25-96fb-4b7c-9633-c0e417fdbd4e',\n", + " 'id': '25085',\n", + " 'referenced_galaxy_cluster_id': '4842',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'In addition to '\n", + " 'clearing system '\n", + " 'logs, an adversary '\n", + " 'may clear the '\n", + " 'command history of '\n", + " 'a compromised '\n", + " 'account to conceal '\n", + " 'the actions '\n", + " 'undertaken during '\n", + " 'an intrusion. '\n", + " 'Various command '\n", + " 'interpreters keep '\n", + " 'track of the '\n", + " 'commands users type '\n", + " 'in their terminal '\n", + " 'so that users can '\n", + " 'retrace what '\n", + " \"they've done.\\n\"\n", + " '\\n'\n", + " 'On Linux and macOS, '\n", + " 'these command '\n", + " 'histories can be '\n", + " 'accessed in a few '\n", + " 'different ways. '\n", + " 'While logged in, '\n", + " 'this command '\n", + " 'history is tracked '\n", + " 'in a file pointed '\n", + " 'to by the '\n", + " 'environment '\n", + " 'variable '\n", + " 'HISTFILE. '\n", + " 'When a user logs '\n", + " 'off a system, this '\n", + " 'information is '\n", + " 'flushed to a file '\n", + " \"in the user's home \"\n", + " 'directory called '\n", + " '~/.bash_history. '\n", + " 'The benefit of this '\n", + " 'is that it allows '\n", + " 'users to go back to '\n", + " \"commands they've \"\n", + " 'used before in '\n", + " 'different '\n", + " 'sessions.\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'delete their '\n", + " 'commands from these '\n", + " 'logs by manually '\n", + " 'clearing the '\n", + " 'history '\n", + " '(history '\n", + " '-c) or '\n", + " 'deleting the bash '\n", + " 'history file '\n", + " 'rm '\n", + " '~/.bash_history. \\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'also leverage a '\n", + " '[Network Device '\n", + " 'CLI](https://attack.mitre.org/techniques/T1059/008) '\n", + " 'on network devices '\n", + " 'to clear command '\n", + " 'history data '\n", + " '(clear '\n", + " 'logging '\n", + " 'and/or clear '\n", + " 'history).(Citation: '\n", + " 'US-CERT-TA18-106A)\\n'\n", + " '\\n'\n", + " 'On Windows hosts, '\n", + " 'PowerShell has two '\n", + " 'different command '\n", + " 'history providers: '\n", + " 'the built-in '\n", + " 'history and the '\n", + " 'command history '\n", + " 'managed by the '\n", + " 'PSReadLine '\n", + " 'module. The '\n", + " 'built-in history '\n", + " 'only tracks the '\n", + " 'commands used in '\n", + " 'the current '\n", + " 'session. This '\n", + " 'command history is '\n", + " 'not available to '\n", + " 'other sessions and '\n", + " 'is deleted when the '\n", + " 'session ends.\\n'\n", + " '\\n'\n", + " 'The '\n", + " 'PSReadLine '\n", + " 'command history '\n", + " 'tracks the commands '\n", + " 'used in all '\n", + " 'PowerShell sessions '\n", + " 'and writes them to '\n", + " 'a file '\n", + " '($env:APPDATA\\\\Microsoft\\\\Windows\\\\PowerShell\\\\PSReadLine\\\\ConsoleHost_history.txt '\n", + " 'by default). This '\n", + " 'history file is '\n", + " 'available to all '\n", + " 'sessions and '\n", + " 'contains all past '\n", + " 'history since the '\n", + " 'file is not deleted '\n", + " 'when the session '\n", + " 'ends.(Citation: '\n", + " 'Microsoft '\n", + " 'PowerShell Command '\n", + " 'History)\\n'\n", + " '\\n'\n", + " 'Adversaries may run '\n", + " 'the PowerShell '\n", + " 'command '\n", + " 'Clear-History '\n", + " 'to flush the entire '\n", + " 'command history '\n", + " 'from a current '\n", + " 'PowerShell session. '\n", + " 'This, however, will '\n", + " 'not delete/flush '\n", + " 'the '\n", + " 'ConsoleHost_history.txt '\n", + " 'file. Adversaries '\n", + " 'may also delete the '\n", + " 'ConsoleHost_history.txt '\n", + " 'file or edit its '\n", + " 'contents to hide '\n", + " 'PowerShell commands '\n", + " 'they have '\n", + " 'run.(Citation: '\n", + " 'Sophos PowerShell '\n", + " 'command '\n", + " 'audit)(Citation: '\n", + " 'Sophos PowerShell '\n", + " 'Command History '\n", + " 'Forensics)',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '284',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '4842',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1070.003'],\n", + " 'kill_chain': ['mitre-attack:defense-evasion'],\n", + " 'mitre_data_sources': ['Command: '\n", + " 'Command '\n", + " 'Execution',\n", + " 'File: '\n", + " 'File '\n", + " 'Deletion',\n", + " 'File: '\n", + " 'File '\n", + " 'Modification',\n", + " 'User '\n", + " 'Account: '\n", + " 'User '\n", + " 'Account '\n", + " 'Authentication'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows',\n", + " 'Network'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1070/003',\n", + " 'https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit',\n", + " 'https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics',\n", + " 'https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7',\n", + " 'https://www.us-cert.gov/ncas/alerts/TA18-106A']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 25,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Clear '\n", + " 'Command History - '\n", + " 'T1070.003\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", + " 'value': 'Clear Command History - '\n", + " 'T1070.003',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5528',\n", + " 'galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'id': '1121',\n", + " 'referenced_galaxy_cluster_id': '6067',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': '799ace7f-e227-4411-baa0-8868704f2a69',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5605',\n", + " 'galaxy_cluster_uuid': '128c55d3-aeba-469f-bd3e-c8996ab4112a',\n", + " 'id': '1192',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'revoked-by',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6782',\n", + " 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n", + " 'id': '3878',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6809',\n", + " 'galaxy_cluster_uuid': '9538b1a4-4120-4e2d-bf59-3b11fcab05a4',\n", + " 'id': '4563',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6817',\n", + " 'galaxy_cluster_uuid': '247cb30b-955f-42eb-97a5-a89fef69341e',\n", + " 'id': '4826',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6819',\n", + " 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n", + " 'id': '4980',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6849',\n", + " 'galaxy_cluster_uuid': '44102191-3a31-45f8-acbe-34bdb441d5ad',\n", + " 'id': '5726',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6857',\n", + " 'galaxy_cluster_uuid': '00f67a77-86a4-4adf-be26-1a54fc713340',\n", + " 'id': '5921',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6881',\n", + " 'galaxy_cluster_uuid': '0ec2f388-bf0f-4b5c-97b1-fc736d26c25f',\n", + " 'id': '6544',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6901',\n", + " 'galaxy_cluster_uuid': '8c1f0187-0826-4320-bddc-5f326cfcfe2c',\n", + " 'id': '7082',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6920',\n", + " 'galaxy_cluster_uuid': 'd3afa961-a80c-4043-9509-282cdf69ab21',\n", + " 'id': '7428',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6927',\n", + " 'galaxy_cluster_uuid': '5a3a31fe-5a8f-48e1-bff0-a753e5b1be70',\n", + " 'id': '7528',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6935',\n", + " 'galaxy_cluster_uuid': '7bec698a-7e20-4fd3-bb6a-12787770fb1a',\n", + " 'id': '7602',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6949',\n", + " 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n", + " 'id': '7825',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6970',\n", + " 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n", + " 'id': '8136',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6990',\n", + " 'galaxy_cluster_uuid': 'b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29',\n", + " 'id': '8332',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7010',\n", + " 'galaxy_cluster_uuid': '94379dec-5c87-49db-b36e-66abc0b81344',\n", + " 'id': '8536',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7020',\n", + " 'galaxy_cluster_uuid': '8901ac23-6b50-410c-b0dd-d8174a86f9b3',\n", + " 'id': '8704',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7023',\n", + " 'galaxy_cluster_uuid': '5e595477-2e78-4ce7-ae42-e0b059b17808',\n", + " 'id': '8734',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7033',\n", + " 'galaxy_cluster_uuid': '7551188b-8f91-4d34-8350-0d0c57b2b913',\n", + " 'id': '8904',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7053',\n", + " 'galaxy_cluster_uuid': '01dbc71d-0ee8-420d-abb4-3dfb6a4bf725',\n", + " 'id': '9143',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7060',\n", + " 'galaxy_cluster_uuid': '47afe41c-4c08-485e-b062-c3bd209a1cce',\n", + " 'id': '9230',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7062',\n", + " 'galaxy_cluster_uuid': 'a60657fa-e2e7-4f8f-8128-a882534ae8c5',\n", + " 'id': '9278',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7087',\n", + " 'galaxy_cluster_uuid': '088f1d6e-0783-47c6-9923-9c79b2af43d4',\n", + " 'id': '9493',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7093',\n", + " 'galaxy_cluster_uuid': '0db09158-6e48-4e7c-8ce7-2b10b9c0c039',\n", + " 'id': '9574',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7121',\n", + " 'galaxy_cluster_uuid': 'fa766a65-5136-4ff3-8429-36d08eaa0100',\n", + " 'id': '10014',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7139',\n", + " 'galaxy_cluster_uuid': 'dfb5fa9b-3051-4b97-8035-08f80aef945b',\n", + " 'id': '10204',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7151',\n", + " 'galaxy_cluster_uuid': '3a0f6128-0a01-421d-8eca-e57d8671b1f1',\n", + " 'id': '10317',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7167',\n", + " 'galaxy_cluster_uuid': 'bdee9574-7479-4073-a7dc-e86d8acd073a',\n", + " 'id': '10547',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7171',\n", + " 'galaxy_cluster_uuid': 'fece06b7-d4b1-42cf-b81a-5323c917546e',\n", + " 'id': '10599',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7231',\n", + " 'galaxy_cluster_uuid': 'af2ad3b7-ab6a-4807-91fd-51bcaff9acbb',\n", + " 'id': '11340',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7260',\n", + " 'galaxy_cluster_uuid': '0b32ec39-ba61-4864-9ebe-b4b0b73caf9a',\n", + " 'id': '11727',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7262',\n", + " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", + " 'id': '11745',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7287',\n", + " 'galaxy_cluster_uuid': '0998045d-f96e-4284-95ce-3c8219707486',\n", + " 'id': '12071',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7292',\n", + " 'galaxy_cluster_uuid': 'df350889-4de9-44e5-8cb3-888b8343e97c',\n", + " 'id': '12113',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7305',\n", + " 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n", + " 'id': '12281',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7356',\n", + " 'galaxy_cluster_uuid': '1f6e3702-7ca1-4582-b2e7-4591297d05a8',\n", + " 'id': '12922',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7427',\n", + " 'galaxy_cluster_uuid': 'dcac85c1-6485-4790-84f6-de5e6f6b91dd',\n", + " 'id': '13854',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7445',\n", + " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", + " 'id': '14120',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7477',\n", + " 'galaxy_cluster_uuid': '5dd649c0-bca4-488b-bd85-b180474ec62e',\n", + " 'id': '14685',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7540',\n", + " 'galaxy_cluster_uuid': '7f4bbe05-1674-4087-8a16-8f1ad61b6152',\n", + " 'id': '15712',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7542',\n", + " 'galaxy_cluster_uuid': '7cdfccda-2950-4167-981a-60872ff5d0db',\n", + " 'id': '15759',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7555',\n", + " 'galaxy_cluster_uuid': 'efa7c4d6-8e30-41d9-a8fd-26dc337f4a1b',\n", + " 'id': '15936',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7943',\n", + " 'galaxy_cluster_uuid': '3433a9e8-1c47-4320-b9bf-ed449061d1c3',\n", + " 'id': '16867',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14868',\n", + " 'galaxy_cluster_uuid': 'faa031b5-21ed-4e02-8881-2591f98d82ed',\n", + " 'id': '22336',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15576',\n", + " 'galaxy_cluster_uuid': 'c6438007-e081-42ce-9483-b067fbef33c3',\n", + " 'id': '23134',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15891',\n", + " 'galaxy_cluster_uuid': '558eebe5-f2ba-4104-b339-36f7902bcc1a',\n", + " 'id': '23480',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '17212',\n", + " 'galaxy_cluster_uuid': '88c0f9d8-30a8-4120-bb6b-ebb54abcf2a0',\n", + " 'id': '24993',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '17264',\n", + " 'galaxy_cluster_uuid': 'b3cec4e7-6901-4b0d-a02d-8ab2d8eb818b',\n", + " 'id': '25049',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '17375',\n", + " 'galaxy_cluster_uuid': '31545105-3444-4584-bebf-c466353230d2',\n", + " 'id': '25155',\n", + " 'referenced_galaxy_cluster_id': '5528',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'modify file time '\n", + " 'attributes to hide '\n", + " 'new or changes to '\n", + " 'existing files. '\n", + " 'Timestomping is a '\n", + " 'technique that '\n", + " 'modifies the '\n", + " 'timestamps of a '\n", + " 'file (the modify, '\n", + " 'access, create, and '\n", + " 'change times), '\n", + " 'often to mimic '\n", + " 'files that are in '\n", + " 'the same folder. '\n", + " 'This is done, for '\n", + " 'example, on files '\n", + " 'that have been '\n", + " 'modified or created '\n", + " 'by the adversary so '\n", + " 'that they do not '\n", + " 'appear conspicuous '\n", + " 'to forensic '\n", + " 'investigators or '\n", + " 'file analysis '\n", + " 'tools.\\n'\n", + " '\\n'\n", + " 'Timestomping may be '\n", + " 'used along with '\n", + " 'file name '\n", + " '[Masquerading](https://attack.mitre.org/techniques/T1036) '\n", + " 'to hide malware and '\n", + " 'tools.(Citation: '\n", + " 'WindowsIR '\n", + " 'Anti-Forensic '\n", + " 'Techniques)',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '285',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5528',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1070.006'],\n", + " 'kill_chain': ['mitre-attack:defense-evasion'],\n", + " 'mitre_data_sources': ['File: '\n", + " 'File '\n", + " 'Metadata',\n", + " 'File: '\n", + " 'File '\n", + " 'Modification'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows'],\n", + " 'refs': ['http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html',\n", + " 'https://attack.mitre.org/techniques/T1070/006']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 26,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Timestomp '\n", + " '- T1070.006\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", + " 'value': 'Timestomp - T1070.006',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5271',\n", + " 'galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'id': '979',\n", + " 'referenced_galaxy_cluster_id': '5501',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': 'b8902400-e6c5-4ba2-95aa-2d35b442b118',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5763',\n", + " 'galaxy_cluster_uuid': '12241367-a8b7-49b4-b86e-2236901ba50c',\n", + " 'id': '1488',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6769',\n", + " 'galaxy_cluster_uuid': '93f52415-0fe4-4d3d-896c-fc9b8e88ab90',\n", + " 'id': '3482',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6782',\n", + " 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n", + " 'id': '3860',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6787',\n", + " 'galaxy_cluster_uuid': '894aab42-3371-47b1-8859-a4a074c804c8',\n", + " 'id': '4070',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6802',\n", + " 'galaxy_cluster_uuid': '420ac20b-f2b9-42b8-aa1a-6d4b72895ca4',\n", + " 'id': '4415',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6815',\n", + " 'galaxy_cluster_uuid': 'ead23196-d7b6-4ce6-a124-4ab4b67d81bd',\n", + " 'id': '4679',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6819',\n", + " 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n", + " 'id': '4960',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6835',\n", + " 'galaxy_cluster_uuid': '9e729a7e-0dd6-4097-95bf-db8d64911383',\n", + " 'id': '5430',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6862',\n", + " 'galaxy_cluster_uuid': 'fbd29c89-18ba-4c2d-b792-51c0adee049f',\n", + " 'id': '5985',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6891',\n", + " 'galaxy_cluster_uuid': '269e8108-68c6-4f99-b911-14b2e765dec2',\n", + " 'id': '6852',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6908',\n", + " 'galaxy_cluster_uuid': '54dfec3e-6464-4f74-9d69-b7c817b7e5a3',\n", + " 'id': '7225',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6909',\n", + " 'galaxy_cluster_uuid': '4283ae19-69c7-4347-a35e-b56f08eb660b',\n", + " 'id': '7251',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6918',\n", + " 'galaxy_cluster_uuid': '8787e86d-8475-4f13-acea-d33eb83b6105',\n", + " 'id': '7409',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6920',\n", + " 'galaxy_cluster_uuid': 'd3afa961-a80c-4043-9509-282cdf69ab21',\n", + " 'id': '7423',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6926',\n", + " 'galaxy_cluster_uuid': '88c621a7-aef9-4ae0-94e3-1fc87123eb24',\n", + " 'id': '7507',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6935',\n", + " 'galaxy_cluster_uuid': '7bec698a-7e20-4fd3-bb6a-12787770fb1a',\n", + " 'id': '7601',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6937',\n", + " 'galaxy_cluster_uuid': '8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc',\n", + " 'id': '7614',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6949',\n", + " 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n", + " 'id': '7813',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6951',\n", + " 'galaxy_cluster_uuid': '3bc7e862-5610-4c02-9c48-15b2e2dc1ddb',\n", + " 'id': '7892',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6962',\n", + " 'galaxy_cluster_uuid': 'b879758f-bbc4-4cab-b5ba-177ac9b009b4',\n", + " 'id': '8018',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6976',\n", + " 'galaxy_cluster_uuid': '5967cc93-57c9-404a-8ffd-097edfa7bdfc',\n", + " 'id': '8193',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6994',\n", + " 'galaxy_cluster_uuid': '7f8730af-f683-423f-9ee1-5f6875a80481',\n", + " 'id': '8378',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6995',\n", + " 'galaxy_cluster_uuid': '251fbae2-78f6-4de7-84f6-194c727a64ad',\n", + " 'id': '8384',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6996',\n", + " 'galaxy_cluster_uuid': 'e170995d-4f61-4f17-b60e-04f9a06ee517',\n", + " 'id': '8388',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6998',\n", + " 'galaxy_cluster_uuid': '72f54d66-675d-4587-9bd3-4ed09f9522e4',\n", + " 'id': '8400',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6999',\n", + " 'galaxy_cluster_uuid': 'ad4f146f-e3ec-444a-ba71-24bffd7f0f8e',\n", + " 'id': '8414',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7002',\n", + " 'galaxy_cluster_uuid': '2eb9b131-d333-4a48-9eb4-d8dec46c19ee',\n", + " 'id': '8439',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7006',\n", + " 'galaxy_cluster_uuid': '95047f03-4811-4300-922e-1ba937d53a61',\n", + " 'id': '8484',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7008',\n", + " 'galaxy_cluster_uuid': 'b143dfa4-e944-43ff-8429-bfffc308c517',\n", + " 'id': '8506',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7010',\n", + " 'galaxy_cluster_uuid': '94379dec-5c87-49db-b36e-66abc0b81344',\n", + " 'id': '8534',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7012',\n", + " 'galaxy_cluster_uuid': 'b42378e0-f147-496f-992a-26a49705395b',\n", + " 'id': '8574',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7017',\n", + " 'galaxy_cluster_uuid': '64fa0de0-6240-41f4-8638-f4ca7ed528fd',\n", + " 'id': '8640',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7025',\n", + " 'galaxy_cluster_uuid': '8393dac0-0583-456a-9372-fd81691bca20',\n", + " 'id': '8761',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7028',\n", + " 'galaxy_cluster_uuid': '3be1fb7a-0f7e-415e-8e3a-74a80d596e68',\n", + " 'id': '8814',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7029',\n", + " 'galaxy_cluster_uuid': 'df4cd566-ff2f-4d08-976d-8c86e95782de',\n", + " 'id': '8846',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7031',\n", + " 'galaxy_cluster_uuid': 'eff1a885-6f90-42a1-901f-eef6e7a1905e',\n", + " 'id': '8875',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7033',\n", + " 'galaxy_cluster_uuid': '7551188b-8f91-4d34-8350-0d0c57b2b913',\n", + " 'id': '8898',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7035',\n", + " 'galaxy_cluster_uuid': '495b6cdb-7b5a-4fbc-8d33-e7ef68806d08',\n", + " 'id': '8928',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7036',\n", + " 'galaxy_cluster_uuid': '6b62e336-176f-417b-856a-8552dd8c44e1',\n", + " 'id': '8949',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7038',\n", + " 'galaxy_cluster_uuid': '5bcd5511-6756-4824-a692-e8bb109364af',\n", + " 'id': '8983',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7041',\n", + " 'galaxy_cluster_uuid': 'ccd61dfc-b03f-4689-8c18-7c97eab08472',\n", + " 'id': '9001',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7043',\n", + " 'galaxy_cluster_uuid': '73a4793a-ce55-4159-b2a6-208ef29b326f',\n", + " 'id': '9023',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7044',\n", + " 'galaxy_cluster_uuid': '4ab44516-ad75-4e43-a280-705dc0420e2f',\n", + " 'id': '9044',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7053',\n", + " 'galaxy_cluster_uuid': '01dbc71d-0ee8-420d-abb4-3dfb6a4bf725',\n", + " 'id': '9137',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7060',\n", + " 'galaxy_cluster_uuid': '47afe41c-4c08-485e-b062-c3bd209a1cce',\n", + " 'id': '9215',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7067',\n", + " 'galaxy_cluster_uuid': '0f862b01-99da-47cc-9bdb-db4a86a95bb1',\n", + " 'id': '9312',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7075',\n", + " 'galaxy_cluster_uuid': '53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2',\n", + " 'id': '9351',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7079',\n", + " 'galaxy_cluster_uuid': '67e6d66b-1b82-4699-b47a-e2efb6268d14',\n", + " 'id': '9397',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7086',\n", + " 'galaxy_cluster_uuid': '22b17791-45bf-45c0-9322-ff1a0af5cf2b',\n", + " 'id': '9460',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7087',\n", + " 'galaxy_cluster_uuid': '088f1d6e-0783-47c6-9923-9c79b2af43d4',\n", + " 'id': '9482',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7088',\n", + " 'galaxy_cluster_uuid': '2daa14d6-cbf3-4308-bb8e-213c324a08e4',\n", + " 'id': '9518',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7092',\n", + " 'galaxy_cluster_uuid': '68dca94f-c11d-421e-9287-7c501108e18c',\n", + " 'id': '9550',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7098',\n", + " 'galaxy_cluster_uuid': 'fb575479-14ef-41e9-bfab-0b7cf10bec73',\n", + " 'id': '9636',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7110',\n", + " 'galaxy_cluster_uuid': '96b08451-b27a-4ff6-893f-790e26393a8e',\n", + " 'id': '9804',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7114',\n", + " 'galaxy_cluster_uuid': '35cd1d01-1ede-44d2-b073-a264d727bc04',\n", + " 'id': '9856',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7120',\n", + " 'galaxy_cluster_uuid': 'edc5e045-5401-42bb-ad92-52b5b2ee0de9',\n", + " 'id': '9951',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7128',\n", + " 'galaxy_cluster_uuid': 'fde19a18-e502-467f-be14-58c71b4e7f4b',\n", + " 'id': '10109',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7130',\n", + " 'galaxy_cluster_uuid': 'bb3c1098-d654-4620-bf40-694386d28921',\n", + " 'id': '10148',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7135',\n", + " 'galaxy_cluster_uuid': 'e8268361-a599-4e45-bd3f-71c8c7e700c0',\n", + " 'id': '10190',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7138',\n", + " 'galaxy_cluster_uuid': 'cb7bcf6f-085f-41db-81ee-4b68481661b5',\n", + " 'id': '10200',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7143',\n", + " 'galaxy_cluster_uuid': 'f8dfbc54-b070-4224-b560-79aaa5f835bd',\n", + " 'id': '10256',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7151',\n", + " 'galaxy_cluster_uuid': '3a0f6128-0a01-421d-8eca-e57d8671b1f1',\n", + " 'id': '10312',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7152',\n", + " 'galaxy_cluster_uuid': '37cc7eb6-12e3-467b-82e8-f20f2cc73c69',\n", + " 'id': '10333',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7168',\n", + " 'galaxy_cluster_uuid': '196f1f32-e0c2-4d46-99cd-234d4b6befe1',\n", + " 'id': '10564',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7171',\n", + " 'galaxy_cluster_uuid': 'fece06b7-d4b1-42cf-b81a-5323c917546e',\n", + " 'id': '10596',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7177',\n", + " 'galaxy_cluster_uuid': 'dd889a55-fb2c-4ec7-8e9f-c399939a49e1',\n", + " 'id': '10639',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7196',\n", + " 'galaxy_cluster_uuid': '54a01db0-9fab-4d5f-8209-53cef8425f4a',\n", + " 'id': '10847',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7203',\n", + " 'galaxy_cluster_uuid': 'f108215f-3487-489d-be8b-80e346d32518',\n", + " 'id': '10977',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7205',\n", + " 'galaxy_cluster_uuid': '6fb36c6f-bb3d-4ed6-9471-cb9933e5c154',\n", + " 'id': '11009',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7206',\n", + " 'galaxy_cluster_uuid': '64d76fa5-cf8f-469c-b78c-1a4f7c5bad80',\n", + " 'id': '11020',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7207',\n", + " 'galaxy_cluster_uuid': '11e36d5b-6a92-4bf9-8eb7-85eb24f59e22',\n", + " 'id': '11036',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7210',\n", + " 'galaxy_cluster_uuid': 'e9595678-d269-469e-ae6b-75e49259de63',\n", + " 'id': '11070',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7218',\n", + " 'galaxy_cluster_uuid': 'aad11e34-02ca-4220-91cd-2ed420af4db3',\n", + " 'id': '11158',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7219',\n", + " 'galaxy_cluster_uuid': '08d20cd2-f084-45ee-8558-fa6ef5a18519',\n", + " 'id': '11175',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7221',\n", + " 'galaxy_cluster_uuid': 'fb78294a-7d7a-4d38-8ad0-92e67fddc9f0',\n", + " 'id': '11194',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7230',\n", + " 'galaxy_cluster_uuid': '17b40f60-729f-4fe8-8aea-cc9ee44a95d5',\n", + " 'id': '11315',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7235',\n", + " 'galaxy_cluster_uuid': '60c18d06-7b91-4742-bae3-647845cd9d81',\n", + " 'id': '11398',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7237',\n", + " 'galaxy_cluster_uuid': 'e85cae1a-bce3-4ac4-b36b-b00acac0567b',\n", + " 'id': '11409',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7241',\n", + " 'galaxy_cluster_uuid': '432555de-63bf-4f2a-a3fa-f720a4561078',\n", + " 'id': '11441',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7244',\n", + " 'galaxy_cluster_uuid': '04378e79-4387-468a-a8f7-f974b8254e44',\n", + " 'id': '11479',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7247',\n", + " 'galaxy_cluster_uuid': 'dc5d1a33-62aa-4a0c-aa8c-589b87beb11e',\n", + " 'id': '11542',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7254',\n", + " 'galaxy_cluster_uuid': '3a4197ae-ec63-4162-907b-9a073d1157e4',\n", + " 'id': '11653',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7262',\n", + " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", + " 'id': '11740',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7269',\n", + " 'galaxy_cluster_uuid': '92ec0cbd-2c30-44a2-b270-73f4ec949841',\n", + " 'id': '11840',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7272',\n", + " 'galaxy_cluster_uuid': '9ea525fa-b0a9-4dde-84f2-bcea0137b3c1',\n", + " 'id': '11881',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7278',\n", + " 'galaxy_cluster_uuid': '425771c5-48b4-4ecd-9f95-74ed3fc9da59',\n", + " 'id': '11975',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7291',\n", + " 'galaxy_cluster_uuid': '3240cbe4-c550-443b-aa76-cc2a7058b870',\n", + " 'id': '12097',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7292',\n", + " 'galaxy_cluster_uuid': 'df350889-4de9-44e5-8cb3-888b8343e97c',\n", + " 'id': '12107',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7296',\n", + " 'galaxy_cluster_uuid': '72911fe3-f085-40f7-b4f2-f25a4221fe44',\n", + " 'id': '12173',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7305',\n", + " 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n", + " 'id': '12277',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7311',\n", + " 'galaxy_cluster_uuid': 'b6b3dfc7-9a81-43ff-ac04-698bad48973a',\n", + " 'id': '12365',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7315',\n", + " 'galaxy_cluster_uuid': '2a70812b-f1ef-44db-8578-a496a227aef2',\n", + " 'id': '12392',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7326',\n", + " 'galaxy_cluster_uuid': 'd1183cb9-258e-4f2f-8415-50ac8252c49e',\n", + " 'id': '12553',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7334',\n", + " 'galaxy_cluster_uuid': '835a79f1-842d-472d-b8f4-d54b545c341b',\n", + " 'id': '12626',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7337',\n", + " 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n", + " 'id': '12667',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7342',\n", + " 'galaxy_cluster_uuid': '54a73038-1937-4d71-a253-316e76d5413c',\n", + " 'id': '12712',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7344',\n", + " 'galaxy_cluster_uuid': 'c9b99d03-ff11-4a48-95f0-82660d582c25',\n", + " 'id': '12750',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7359',\n", + " 'galaxy_cluster_uuid': 'f4c80d39-ce10-4f74-9b50-a7e3f5df1f2e',\n", + " 'id': '12951',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7361',\n", + " 'galaxy_cluster_uuid': '9dbdadb6-fdbf-490f-a35f-38762d06a0d2',\n", + " 'id': '12977',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7362',\n", + " 'galaxy_cluster_uuid': '21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b',\n", + " 'id': '12986',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7372',\n", + " 'galaxy_cluster_uuid': '8be7c69e-d8e3-4970-9668-61de08e508cc',\n", + " 'id': '13090',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7375',\n", + " 'galaxy_cluster_uuid': 'bfd2738c-8b43-43c3-bc9f-d523c8e88bf4',\n", + " 'id': '13160',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7385',\n", + " 'galaxy_cluster_uuid': '92b55426-109f-4d93-899f-1833ce91ff90',\n", + " 'id': '13314',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7387',\n", + " 'galaxy_cluster_uuid': 'fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa',\n", + " 'id': '13340',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7389',\n", + " 'galaxy_cluster_uuid': 'c9ccc4df-1f56-49e7-ad57-b383e1451688',\n", + " 'id': '13368',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7397',\n", + " 'galaxy_cluster_uuid': '00806466-754d-44ea-ad6f-0caf59cb8556',\n", + " 'id': '13447',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7401',\n", + " 'galaxy_cluster_uuid': '94d6d788-07bb-4dcc-b62f-e02626b00108',\n", + " 'id': '13543',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7406',\n", + " 'galaxy_cluster_uuid': '65ffc206-d7c1-45b3-b543-f6b726e7840d',\n", + " 'id': '13577',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7408',\n", + " 'galaxy_cluster_uuid': '29231689-5837-4a7a-aafc-1b65b3f50cc7',\n", + " 'id': '13628',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7418',\n", + " 'galaxy_cluster_uuid': '44c75271-0e4d-496f-ae0a-a6d883a42a65',\n", + " 'id': '13713',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7422',\n", + " 'galaxy_cluster_uuid': 'b4d80f8b-d2b9-4448-8844-4bef777ed676',\n", + " 'id': '13778',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7429',\n", + " 'galaxy_cluster_uuid': 'f9b05f33-d45d-4e4d-aafe-c208d38a0080',\n", + " 'id': '13869',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7430',\n", + " 'galaxy_cluster_uuid': 'b57f419e-8b12-49d3-886b-145383725dcd',\n", + " 'id': '13884',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7431',\n", + " 'galaxy_cluster_uuid': '99fdf3b4-96ef-4ab9-b191-fc683441cad0',\n", + " 'id': '13905',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7437',\n", + " 'galaxy_cluster_uuid': '76ac7989-c5cc-42e2-93e3-d6c476f01ace',\n", + " 'id': '14019',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7445',\n", + " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", + " 'id': '14111',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7447',\n", + " 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n", + " 'id': '14158',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7449',\n", + " 'galaxy_cluster_uuid': 'fc774af4-533b-4724-96d2-ac1026316794',\n", + " 'id': '14185',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7450',\n", + " 'galaxy_cluster_uuid': '4b6ec280-7bbb-48ff-ae59-b189520ebe83',\n", + " 'id': '14200',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7453',\n", + " 'galaxy_cluster_uuid': '21583311-6321-4891-8a37-3eb4e57b0fb1',\n", + " 'id': '14252',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7455',\n", + " 'galaxy_cluster_uuid': '86b92f6c-9c05-4c51-b361-4c7bb13e21a1',\n", + " 'id': '14287',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7456',\n", + " 'galaxy_cluster_uuid': '2cf7dec3-66fc-423f-b2c7-58f1de243b4e',\n", + " 'id': '14317',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7462',\n", + " 'galaxy_cluster_uuid': '6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb',\n", + " 'id': '14409',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7465',\n", + " 'galaxy_cluster_uuid': 'c009560a-f097-45a3-8f9f-78ec1440a783',\n", + " 'id': '14456',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7476',\n", + " 'galaxy_cluster_uuid': 'd6b3fcd0-1c86-4350-96f0-965ed02fcc51',\n", + " 'id': '14665',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7495',\n", + " 'galaxy_cluster_uuid': '81c57a96-fc8c-4f91-af8e-63e24c2927c2',\n", + " 'id': '14958',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7499',\n", + " 'galaxy_cluster_uuid': '805480f1-6caa-4a67-8ca9-b2b39650d986',\n", + " 'id': '15021',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7506',\n", + " 'galaxy_cluster_uuid': '4b346d12-7f91-48d2-8f06-b26ffa0d825b',\n", + " 'id': '15161',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7510',\n", + " 'galaxy_cluster_uuid': 'a545456a-f9a7-47ad-9ea6-8b017def38d1',\n", + " 'id': '15210',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7512',\n", + " 'galaxy_cluster_uuid': '7acb15b6-fe2c-4319-b136-6ab36ff0b2d4',\n", + " 'id': '15240',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7516',\n", + " 'galaxy_cluster_uuid': '4c6d62c2-89f5-4159-8fab-0190b1f9d328',\n", + " 'id': '15338',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7519',\n", + " 'galaxy_cluster_uuid': '7e0f8b0f-716e-494d-827e-310bd6ed709e',\n", + " 'id': '15374',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7534',\n", + " 'galaxy_cluster_uuid': 'a8839c95-029f-44cf-8f3d-a3cf2039e927',\n", + " 'id': '15592',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7540',\n", + " 'galaxy_cluster_uuid': '7f4bbe05-1674-4087-8a16-8f1ad61b6152',\n", + " 'id': '15710',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7541',\n", + " 'galaxy_cluster_uuid': 'e14085cb-0e8d-4be6-92ba-e3b93ee5978f',\n", + " 'id': '15729',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7545',\n", + " 'galaxy_cluster_uuid': '6a21e3a4-5ffe-4581-af9a-6a54c7536f44',\n", + " 'id': '15794',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7561',\n", + " 'galaxy_cluster_uuid': '0715560d-4299-4e84-9e20-6e80ab57e4f2',\n", + " 'id': '16038',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7935',\n", + " 'galaxy_cluster_uuid': 'da04ac30-27da-4959-a67d-450ce47d9470',\n", + " 'id': '16714',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7944',\n", + " 'galaxy_cluster_uuid': '11f8d7eb-1927-4806-9267-3a11d4d4d6be',\n", + " 'id': '16921',\n", + " 'referenced_galaxy_cluster_id': '5271',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'employ a known '\n", + " 'symmetric '\n", + " 'encryption '\n", + " 'algorithm to '\n", + " 'conceal command and '\n", + " 'control traffic '\n", + " 'rather than relying '\n", + " 'on any inherent '\n", + " 'protections '\n", + " 'provided by a '\n", + " 'communication '\n", + " 'protocol. Symmetric '\n", + " 'encryption '\n", + " 'algorithms use the '\n", + " 'same key for '\n", + " 'plaintext '\n", + " 'encryption and '\n", + " 'ciphertext '\n", + " 'decryption. Common '\n", + " 'symmetric '\n", + " 'encryption '\n", + " 'algorithms include '\n", + " 'AES, DES, 3DES, '\n", + " 'Blowfish, and RC4.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '286',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5271',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1573.001'],\n", + " 'kill_chain': ['mitre-attack:command-and-control'],\n", + " 'mitre_data_sources': ['Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'Windows',\n", + " 'macOS'],\n", + " 'refs': ['https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf',\n", + " 'https://attack.mitre.org/techniques/T1573/001']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 27,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Symmetric '\n", + " 'Cryptography - '\n", + " 'T1573.001\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", + " 'value': 'Symmetric Cryptography - '\n", + " 'T1573.001',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5291',\n", + " 'galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'id': '999',\n", + " 'referenced_galaxy_cluster_id': '5501',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': 'b8902400-e6c5-4ba2-95aa-2d35b442b118',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5763',\n", + " 'galaxy_cluster_uuid': '12241367-a8b7-49b4-b86e-2236901ba50c',\n", + " 'id': '1518',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5856',\n", + " 'galaxy_cluster_uuid': '7bb5fae9-53ad-4424-866b-f0ea2a8b731d',\n", + " 'id': '1987',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6771',\n", + " 'galaxy_cluster_uuid': 'dc6fe6ee-04c2-49be-ba3d-f38d2463c02a',\n", + " 'id': '3566',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6780',\n", + " 'galaxy_cluster_uuid': '56319646-eb6e-41fc-ae53-aadfa7adb924',\n", + " 'id': '3807',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6848',\n", + " 'galaxy_cluster_uuid': 'fd19bd82-1b14-49a1-a176-6cdc46b8a826',\n", + " 'id': '5703',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6868',\n", + " 'galaxy_cluster_uuid': '2a7914cf-dff3-428d-ab0f-1014d1c28aeb',\n", + " 'id': '6194',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6882',\n", + " 'galaxy_cluster_uuid': '4ca1929c-7d64-4aab-b849-badbfc0c760d',\n", + " 'id': '6668',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6948',\n", + " 'galaxy_cluster_uuid': 'ff41b9b6-4c1d-407b-a7e2-835109c8dbc5',\n", + " 'id': '7796',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6949',\n", + " 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n", + " 'id': '7851',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6951',\n", + " 'galaxy_cluster_uuid': '3bc7e862-5610-4c02-9c48-15b2e2dc1ddb',\n", + " 'id': '7909',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6966',\n", + " 'galaxy_cluster_uuid': '56e6b6c2-e573-4969-8bab-783205cebbbf',\n", + " 'id': '8094',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6970',\n", + " 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n", + " 'id': '8147',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6976',\n", + " 'galaxy_cluster_uuid': '5967cc93-57c9-404a-8ffd-097edfa7bdfc',\n", + " 'id': '8197',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6988',\n", + " 'galaxy_cluster_uuid': '82cb34ba-02b5-432b-b2d2-07f55cbf674d',\n", + " 'id': '8310',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7003',\n", + " 'galaxy_cluster_uuid': '4f1c389e-a80e-4a3e-9b0e-9be8c91df64f',\n", + " 'id': '8462',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7023',\n", + " 'galaxy_cluster_uuid': '5e595477-2e78-4ce7-ae42-e0b059b17808',\n", + " 'id': '8739',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7030',\n", + " 'galaxy_cluster_uuid': 'b8eb28e4-48a6-40ae-951a-328714f75eda',\n", + " 'id': '8864',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7034',\n", + " 'galaxy_cluster_uuid': '6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9',\n", + " 'id': '8922',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7035',\n", + " 'galaxy_cluster_uuid': '495b6cdb-7b5a-4fbc-8d33-e7ef68806d08',\n", + " 'id': '8942',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7040',\n", + " 'galaxy_cluster_uuid': '0f1ad2ef-41d4-4b7a-9304-ddae68ea3005',\n", + " 'id': '8993',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7041',\n", + " 'galaxy_cluster_uuid': 'ccd61dfc-b03f-4689-8c18-7c97eab08472',\n", + " 'id': '9010',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7098',\n", + " 'galaxy_cluster_uuid': 'fb575479-14ef-41e9-bfab-0b7cf10bec73',\n", + " 'id': '9650',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7114',\n", + " 'galaxy_cluster_uuid': '35cd1d01-1ede-44d2-b073-a264d727bc04',\n", + " 'id': '9879',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7162',\n", + " 'galaxy_cluster_uuid': '6c575670-d14c-4c7f-9b9d-fd1b363e255d',\n", + " 'id': '10461',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7170',\n", + " 'galaxy_cluster_uuid': '7343e208-7cab-45f2-a47b-41ba5e2f0fab',\n", + " 'id': '10591',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7199',\n", + " 'galaxy_cluster_uuid': 'a4f57468-fbd5-49e4-8476-52088220b92d',\n", + " 'id': '10924',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7200',\n", + " 'galaxy_cluster_uuid': 'da5880b4-f7da-4869-85f2-e0aba84b8565',\n", + " 'id': '10948',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7229',\n", + " 'galaxy_cluster_uuid': '958b5d06-8bb0-4c5b-a2e7-0130fe654ac7',\n", + " 'id': '11303',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7254',\n", + " 'galaxy_cluster_uuid': '3a4197ae-ec63-4162-907b-9a073d1157e4',\n", + " 'id': '11660',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7262',\n", + " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", + " 'id': '11754',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7273',\n", + " 'galaxy_cluster_uuid': '20945359-3b39-4542-85ef-08ecb4e1c174',\n", + " 'id': '11915',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7277',\n", + " 'galaxy_cluster_uuid': '959f3b19-2dc8-48d5-8942-c66813a5101a',\n", + " 'id': '11967',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7278',\n", + " 'galaxy_cluster_uuid': '425771c5-48b4-4ecd-9f95-74ed3fc9da59',\n", + " 'id': '11987',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7305',\n", + " 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n", + " 'id': '12286',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7319',\n", + " 'galaxy_cluster_uuid': 'e8545794-b98c-492b-a5b3-4b5a02682e37',\n", + " 'id': '12463',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7337',\n", + " 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n", + " 'id': '12676',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7344',\n", + " 'galaxy_cluster_uuid': 'c9b99d03-ff11-4a48-95f0-82660d582c25',\n", + " 'id': '12762',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7353',\n", + " 'galaxy_cluster_uuid': 'aae22730-e571-4d17-b037-65f2a3e26213',\n", + " 'id': '12889',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7373',\n", + " 'galaxy_cluster_uuid': 'cc5497f7-a9e8-436f-94da-b2b4a9b9ad3c',\n", + " 'id': '13123',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7379',\n", + " 'galaxy_cluster_uuid': '77ca1aa3-280c-4b67-abaa-e8fb891a8f83',\n", + " 'id': '13207',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7401',\n", + " 'galaxy_cluster_uuid': '94d6d788-07bb-4dcc-b62f-e02626b00108',\n", + " 'id': '13550',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7420',\n", + " 'galaxy_cluster_uuid': 'b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f',\n", + " 'id': '13753',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7431',\n", + " 'galaxy_cluster_uuid': '99fdf3b4-96ef-4ab9-b191-fc683441cad0',\n", + " 'id': '13932',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7445',\n", + " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", + " 'id': '14131',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7446',\n", + " 'galaxy_cluster_uuid': '5147ef15-1cae-4707-8ea1-bee8d98b7f1d',\n", + " 'id': '14151',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7447',\n", + " 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n", + " 'id': '14166',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7463',\n", + " 'galaxy_cluster_uuid': '75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661',\n", + " 'id': '14439',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7466',\n", + " 'galaxy_cluster_uuid': '63686509-069b-4143-99ea-4e59cad6cb2a',\n", + " 'id': '14502',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7467',\n", + " 'galaxy_cluster_uuid': '32066e94-3112-48ca-b9eb-ba2b59d2f023',\n", + " 'id': '14534',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7495',\n", + " 'galaxy_cluster_uuid': '81c57a96-fc8c-4f91-af8e-63e24c2927c2',\n", + " 'id': '14981',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7521',\n", + " 'galaxy_cluster_uuid': 'ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5',\n", + " 'id': '15425',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7549',\n", + " 'galaxy_cluster_uuid': 'd18cb958-f4ad-4fb3-bb4f-e8994d206550',\n", + " 'id': '15851',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7552',\n", + " 'galaxy_cluster_uuid': '5c747acd-47f0-4c5a-b9e5-213541fc01e0',\n", + " 'id': '15882',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7558',\n", + " 'galaxy_cluster_uuid': '2a7c1bb7-cd12-456e-810d-ab3bf8457bab',\n", + " 'id': '15986',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7900',\n", + " 'galaxy_cluster_uuid': 'c8655260-9f4b-44e3-85e1-6538a5f6e4f4',\n", + " 'id': '16508',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7920',\n", + " 'galaxy_cluster_uuid': 'cb69b20d-56d0-41ab-8440-4a4b251614d4',\n", + " 'id': '16638',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7923',\n", + " 'galaxy_cluster_uuid': 'ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68',\n", + " 'id': '16654',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7943',\n", + " 'galaxy_cluster_uuid': '3433a9e8-1c47-4320-b9bf-ed449061d1c3',\n", + " 'id': '16901',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7944',\n", + " 'galaxy_cluster_uuid': '11f8d7eb-1927-4806-9267-3a11d4d4d6be',\n", + " 'id': '16928',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7958',\n", + " 'galaxy_cluster_uuid': 'd505fc8b-2e64-46eb-96d6-9ef7ffca5b66',\n", + " 'id': '17066',\n", + " 'referenced_galaxy_cluster_id': '5291',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'employ a known '\n", + " 'asymmetric '\n", + " 'encryption '\n", + " 'algorithm to '\n", + " 'conceal command and '\n", + " 'control traffic '\n", + " 'rather than relying '\n", + " 'on any inherent '\n", + " 'protections '\n", + " 'provided by a '\n", + " 'communication '\n", + " 'protocol. '\n", + " 'Asymmetric '\n", + " 'cryptography, also '\n", + " 'known as public key '\n", + " 'cryptography, uses '\n", + " 'a keypair per '\n", + " 'party: one public '\n", + " 'that can be freely '\n", + " 'distributed, and '\n", + " 'one private. Due to '\n", + " 'how the keys are '\n", + " 'generated, the '\n", + " 'sender encrypts '\n", + " 'data with the '\n", + " 'receiver’s public '\n", + " 'key and the '\n", + " 'receiver decrypts '\n", + " 'the data with their '\n", + " 'private key. This '\n", + " 'ensures that only '\n", + " 'the intended '\n", + " 'recipient can read '\n", + " 'the encrypted data. '\n", + " 'Common public key '\n", + " 'encryption '\n", + " 'algorithms include '\n", + " 'RSA and ElGamal.\\n'\n", + " '\\n'\n", + " 'For efficiency, '\n", + " 'many protocols '\n", + " '(including SSL/TLS) '\n", + " 'use symmetric '\n", + " 'cryptography once a '\n", + " 'connection is '\n", + " 'established, but '\n", + " 'use asymmetric '\n", + " 'cryptography to '\n", + " 'establish or '\n", + " 'transmit a key. As '\n", + " 'such, these '\n", + " 'protocols are '\n", + " 'classified as '\n", + " '[Asymmetric '\n", + " 'Cryptography](https://attack.mitre.org/techniques/T1573/002).',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '287',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5291',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1573.002'],\n", + " 'kill_chain': ['mitre-attack:command-and-control'],\n", + " 'mitre_data_sources': ['Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows'],\n", + " 'refs': ['http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840',\n", + " 'https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf',\n", + " 'https://attack.mitre.org/techniques/T1573/002',\n", + " 'https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 28,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Asymmetric '\n", + " 'Cryptography - '\n", + " 'T1573.002\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", + " 'value': 'Asymmetric Cryptography - '\n", + " 'T1573.002',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5153',\n", + " 'galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'id': '869',\n", + " 'referenced_galaxy_cluster_id': '6010',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': '731f4f55-b6d0-41d1-a7a9-072a66389aea',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5171',\n", + " 'galaxy_cluster_uuid': '7d751199-05fa-4a72-920f-85df4506c76c',\n", + " 'id': '883',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'revoked-by',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5799',\n", + " 'galaxy_cluster_uuid': '20f6a9df-37c4-4e20-9e47-025983b1b39d',\n", + " 'id': '1916',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6815',\n", + " 'galaxy_cluster_uuid': 'ead23196-d7b6-4ce6-a124-4ab4b67d81bd',\n", + " 'id': '4694',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6819',\n", + " 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n", + " 'id': '5015',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6833',\n", + " 'galaxy_cluster_uuid': '899ce53f-13a0-479b-a0e4-67d46e241542',\n", + " 'id': '5373',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6875',\n", + " 'galaxy_cluster_uuid': 'd0b3393b-3bec-4ba3-bda9-199d30db47b6',\n", + " 'id': '6348',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6885',\n", + " 'galaxy_cluster_uuid': '7113eaa5-ba79-4fb3-b68a-398ee9cd698e',\n", + " 'id': '6749',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6970',\n", + " 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n", + " 'id': '8144',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7107',\n", + " 'galaxy_cluster_uuid': 'e401d4fe-f0c9-44f0-98e6-f93487678808',\n", + " 'id': '9764',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7212',\n", + " 'galaxy_cluster_uuid': 'f36b2598-515f-4345-84e5-5ccde253edbe',\n", + " 'id': '11097',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7262',\n", + " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", + " 'id': '11750',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7273',\n", + " 'galaxy_cluster_uuid': '20945359-3b39-4542-85ef-08ecb4e1c174',\n", + " 'id': '11911',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7328',\n", + " 'galaxy_cluster_uuid': 'f72251cb-2be5-421f-a081-99c29a1209e7',\n", + " 'id': '12574',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7337',\n", + " 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n", + " 'id': '12674',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7347',\n", + " 'galaxy_cluster_uuid': '4fbd565b-bf55-4ac7-80b4-b183a7b64b9c',\n", + " 'id': '12809',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7400',\n", + " 'galaxy_cluster_uuid': '4b072c90-bc7a-432b-940e-016fc1c01761',\n", + " 'id': '13536',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7445',\n", + " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", + " 'id': '14129',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7447',\n", + " 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n", + " 'id': '14164',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7463',\n", + " 'galaxy_cluster_uuid': '75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661',\n", + " 'id': '14437',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7472',\n", + " 'galaxy_cluster_uuid': '1492d0f8-7e14-4af3-9239-bc3fe10d3407',\n", + " 'id': '14617',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '7923',\n", + " 'galaxy_cluster_uuid': 'ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68',\n", + " 'id': '16653',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9643',\n", + " 'galaxy_cluster_uuid': 'e6c09b63-a424-4d9e-b7f7-b752cbbca02a',\n", + " 'id': '17912',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15101',\n", + " 'galaxy_cluster_uuid': '8384bd26-bde6-4da9-8e5d-4174a7a47ca2',\n", + " 'id': '22589',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '15901',\n", + " 'galaxy_cluster_uuid': 'b55ca2a3-7cff-4dda-8bdd-c7bfa63bf544',\n", + " 'id': '23491',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '16698',\n", + " 'galaxy_cluster_uuid': '62f7c9bf-9135-49b2-8aeb-1e54a6ecc13c',\n", + " 'id': '24429',\n", + " 'referenced_galaxy_cluster_id': '5153',\n", + " 'referenced_galaxy_cluster_type': 'related-to',\n", + " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'To disguise the '\n", + " 'source of malicious '\n", + " 'traffic, '\n", + " 'adversaries may '\n", + " 'chain together '\n", + " 'multiple proxies. '\n", + " 'Typically, a '\n", + " 'defender will be '\n", + " 'able to identify '\n", + " 'the last proxy '\n", + " 'traffic traversed '\n", + " 'before it enters '\n", + " 'their network; the '\n", + " 'defender may or may '\n", + " 'not be able to '\n", + " 'identify any '\n", + " 'previous proxies '\n", + " 'before the last-hop '\n", + " 'proxy. This '\n", + " 'technique makes '\n", + " 'identifying the '\n", + " 'original source of '\n", + " 'the malicious '\n", + " 'traffic even more '\n", + " 'difficult by '\n", + " 'requiring the '\n", + " 'defender to trace '\n", + " 'malicious traffic '\n", + " 'through several '\n", + " 'proxies to identify '\n", + " 'its source. A '\n", + " 'particular variant '\n", + " 'of this behavior is '\n", + " 'to use onion '\n", + " 'routing networks, '\n", + " 'such as the '\n", + " 'publicly available '\n", + " 'TOR network. '\n", + " '(Citation: Onion '\n", + " 'Routing)\\n'\n", + " '\\n'\n", + " 'In the case of '\n", + " 'network '\n", + " 'infrastructure, '\n", + " 'particularly '\n", + " 'routers, it is '\n", + " 'possible for an '\n", + " 'adversary to '\n", + " 'leverage multiple '\n", + " 'compromised devices '\n", + " 'to create a '\n", + " 'multi-hop proxy '\n", + " 'chain within the '\n", + " 'Wide-Area Network '\n", + " '(WAN) of the '\n", + " 'enterprise. By '\n", + " 'leveraging [Patch '\n", + " 'System '\n", + " 'Image](https://attack.mitre.org/techniques/T1601/001), '\n", + " 'adversaries can add '\n", + " 'custom code to the '\n", + " 'affected network '\n", + " 'devices that will '\n", + " 'implement onion '\n", + " 'routing between '\n", + " 'those nodes. This '\n", + " 'custom onion '\n", + " 'routing network '\n", + " 'will transport the '\n", + " 'encrypted C2 '\n", + " 'traffic through the '\n", + " 'compromised '\n", + " 'population, '\n", + " 'allowing '\n", + " 'adversaries to '\n", + " 'communicate with '\n", + " 'any device within '\n", + " 'the onion routing '\n", + " 'network. This '\n", + " 'method is dependent '\n", + " 'upon the [Network '\n", + " 'Boundary '\n", + " 'Bridging](https://attack.mitre.org/techniques/T1599) '\n", + " 'method in order to '\n", + " 'allow the '\n", + " 'adversaries to '\n", + " 'cross the protected '\n", + " 'network boundary of '\n", + " 'the Internet '\n", + " 'perimeter and into '\n", + " 'the organization’s '\n", + " 'WAN. Protocols such '\n", + " 'as ICMP may be used '\n", + " 'as a transport.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '288',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5153',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1090.003'],\n", + " 'kill_chain': ['mitre-attack:command-and-control'],\n", + " 'mitre_data_sources': ['Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Connection '\n", + " 'Creation',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Flow'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows',\n", + " 'Network'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1090/003',\n", + " 'https://en.wikipedia.org/wiki/Onion_routing']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 29,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Multi-hop '\n", + " 'Proxy - T1090.003\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", + " 'value': 'Multi-hop Proxy - '\n", + " 'T1090.003',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'attempt to make an '\n", + " 'executable or file '\n", + " 'difficult to '\n", + " 'discover or analyze '\n", + " 'by encrypting, '\n", + " 'encoding, or '\n", + " 'otherwise '\n", + " 'obfuscating its '\n", + " 'contents on the '\n", + " 'system or in '\n", + " 'transit. This is '\n", + " 'common behavior '\n", + " 'that can be used '\n", + " 'across different '\n", + " 'platforms and the '\n", + " 'network to evade '\n", + " 'defenses. \\n'\n", + " '\\n'\n", + " 'Payloads may be '\n", + " 'compressed, '\n", + " 'archived, or '\n", + " 'encrypted in order '\n", + " 'to avoid detection. '\n", + " 'These payloads may '\n", + " 'be used during '\n", + " 'Initial Access or '\n", + " 'later to mitigate '\n", + " 'detection. '\n", + " \"Sometimes a user's \"\n", + " 'action may be '\n", + " 'required to open '\n", + " 'and '\n", + " '[Deobfuscate/Decode '\n", + " 'Files or '\n", + " 'Information](https://attack.mitre.org/techniques/T1140) '\n", + " 'for [User '\n", + " 'Execution](https://attack.mitre.org/techniques/T1204). '\n", + " 'The user may also '\n", + " 'be required to '\n", + " 'input a password to '\n", + " 'open a password '\n", + " 'protected '\n", + " 'compressed/encrypted '\n", + " 'file that was '\n", + " 'provided by the '\n", + " 'adversary. '\n", + " '(Citation: Volexity '\n", + " 'PowerDuke November '\n", + " '2016) Adversaries '\n", + " 'may also use '\n", + " 'compressed or '\n", + " 'archived scripts, '\n", + " 'such as '\n", + " 'JavaScript. \\n'\n", + " '\\n'\n", + " 'Portions of files '\n", + " 'can also be encoded '\n", + " 'to hide the '\n", + " 'plain-text strings '\n", + " 'that would '\n", + " 'otherwise help '\n", + " 'defenders with '\n", + " 'discovery. '\n", + " '(Citation: '\n", + " 'Linux/Cdorked.A We '\n", + " 'Live Security '\n", + " 'Analysis) Payloads '\n", + " 'may also be split '\n", + " 'into separate, '\n", + " 'seemingly benign '\n", + " 'files that only '\n", + " 'reveal malicious '\n", + " 'functionality when '\n", + " 'reassembled. '\n", + " '(Citation: Carbon '\n", + " 'Black Obfuscation '\n", + " 'Sept 2016)\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'also abuse [Command '\n", + " 'Obfuscation](https://attack.mitre.org/techniques/T1027/010) '\n", + " 'to obscure commands '\n", + " 'executed from '\n", + " 'payloads or '\n", + " 'directly via '\n", + " '[Command and '\n", + " 'Scripting '\n", + " 'Interpreter](https://attack.mitre.org/techniques/T1059). '\n", + " 'Environment '\n", + " 'variables, aliases, '\n", + " 'characters, and '\n", + " 'other '\n", + " 'platform/language '\n", + " 'specific semantics '\n", + " 'can be used to '\n", + " 'evade signature '\n", + " 'based detections '\n", + " 'and application '\n", + " 'control mechanisms. '\n", + " '(Citation: FireEye '\n", + " 'Obfuscation June '\n", + " '2017) (Citation: '\n", + " 'FireEye '\n", + " 'Revoke-Obfuscation '\n", + " 'July '\n", + " '2017)(Citation: '\n", + " 'PaloAlto '\n", + " 'EncodedCommand '\n", + " 'March 2017) ',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '289',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '4727',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1027'],\n", + " 'kill_chain': ['mitre-attack:defense-evasion'],\n", + " 'mitre_data_sources': ['Command: '\n", + " 'Command '\n", + " 'Execution',\n", + " 'File: '\n", + " 'File '\n", + " 'Creation',\n", + " 'File: '\n", + " 'File '\n", + " 'Metadata',\n", + " 'Module: '\n", + " 'Module '\n", + " 'Load',\n", + " 'Process: '\n", + " 'OS '\n", + " 'API '\n", + " 'Execution',\n", + " 'Process: '\n", + " 'Process '\n", + " 'Creation',\n", + " 'Script: '\n", + " 'Script '\n", + " 'Execution',\n", + " 'WMI: '\n", + " 'WMI '\n", + " 'Creation',\n", + " 'Windows '\n", + " 'Registry: '\n", + " 'Windows '\n", + " 'Registry '\n", + " 'Key '\n", + " 'Creation'],\n", + " 'mitre_platforms': ['Linux',\n", + " 'macOS',\n", + " 'Windows'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1027',\n", + " 'https://github.com/danielbohannon/Revoke-Obfuscation',\n", + " 'https://github.com/itsreallynick/office-crackros',\n", + " 'https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/',\n", + " 'https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html',\n", + " 'https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/',\n", + " 'https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf',\n", + " 'https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/',\n", + " 'https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 30,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Obfuscated '\n", + " 'Files or Information - '\n", + " 'T1027\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'b3d682b6-98f2-4fb0-aa3b-b4df007ca70a',\n", + " 'value': 'Obfuscated Files or '\n", + " 'Information - T1027',\n", + " 'version': '25'}],\n", + " 'description': 'ATT&CK Tactic',\n", + " 'enabled': True,\n", + " 'icon': 'map',\n", + " 'id': '23',\n", + " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", + " 'resource-development',\n", + " 'initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact'],\n", + " 'mitre-mobile-attack': ['initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact',\n", + " 'network-effects',\n", + " 'remote-service-effects'],\n", + " 'mitre-pre-attack': ['priority-definition-planning',\n", + " 'priority-definition-direction',\n", + " 'target-selection',\n", + " 'technical-information-gathering',\n", + " 'people-information-gathering',\n", + " 'organizational-information-gathering',\n", + " 'technical-weakness-identification',\n", + " 'people-weakness-identification',\n", + " 'organizational-weakness-identification',\n", + " 'adversary-opsec',\n", + " 'establish-&-maintain-infrastructure',\n", + " 'persona-development',\n", + " 'build-capabilities',\n", + " 'test-capabilities',\n", + " 'stage-capabilities']},\n", + " 'local_only': False,\n", + " 'name': 'Attack Pattern',\n", + " 'namespace': 'mitre-attack',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", + " 'version': '9'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Various'],\n", + " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '290',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '53',\n", + " 'id': '18422',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'CERT-EU',\n", + " 'tag_id': 31,\n", + " 'tag_name': 'misp-galaxy:sector=\"Academia '\n", + " '- University\"',\n", + " 'type': 'sector',\n", + " 'uuid': '98821a86-3c11-474b-afab-3c84af061407',\n", + " 'value': 'Academia - University',\n", + " 'version': '5'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Various'],\n", + " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '291',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '53',\n", + " 'id': '18448',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'synonyms': ['Government',\n", + " 'Administration']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'CERT-EU',\n", + " 'tag_id': 32,\n", + " 'tag_name': 'misp-galaxy:sector=\"Government, '\n", + " 'Administration\"',\n", + " 'type': 'sector',\n", + " 'uuid': '6012ecea-dcc8-490c-b368-e2e06b2cb62f',\n", + " 'value': 'Government, '\n", + " 'Administration',\n", + " 'version': '5'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Various'],\n", + " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '292',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '53',\n", + " 'id': '18456',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'CERT-EU',\n", + " 'tag_id': 33,\n", + " 'tag_name': 'misp-galaxy:sector=\"IT '\n", + " '- ISP\"',\n", + " 'type': 'sector',\n", + " 'uuid': '872de996-e069-4cd9-b227-d5ca01dc020c',\n", + " 'value': 'IT - ISP',\n", + " 'version': '5'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Various'],\n", + " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '293',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '53',\n", + " 'id': '18526',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'CERT-EU',\n", + " 'tag_id': 34,\n", + " 'tag_name': 'misp-galaxy:sector=\"Marketing\"',\n", + " 'type': 'sector',\n", + " 'uuid': 'ee5720bb-c638-46f8-bdf2-55579bf37eb2',\n", + " 'value': 'Marketing',\n", + " 'version': '5'}],\n", + " 'description': 'Activity sectors',\n", + " 'enabled': True,\n", + " 'icon': 'industry',\n", + " 'id': '53',\n", + " 'local_only': False,\n", + " 'name': 'Sector',\n", + " 'namespace': 'misp',\n", + " 'type': 'sector',\n", + " 'uuid': 'e1bb134c-ae4d-11e7-8aa9-f78a37325439',\n", + " 'version': '2'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14458',\n", + " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2424d55',\n", + " 'id': '21874',\n", + " 'referenced_galaxy_cluster_id': '10024',\n", + " 'referenced_galaxy_cluster_type': 'located-in',\n", + " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14469',\n", + " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b243414e',\n", + " 'id': '21885',\n", + " 'referenced_galaxy_cluster_id': '10024',\n", + " 'referenced_galaxy_cluster_type': 'located-in',\n", + " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14515',\n", + " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b247524c',\n", + " 'id': '21931',\n", + " 'referenced_galaxy_cluster_id': '10024',\n", + " 'referenced_galaxy_cluster_type': 'located-in',\n", + " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14612',\n", + " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b253504d',\n", + " 'id': '22028',\n", + " 'referenced_galaxy_cluster_id': '10024',\n", + " 'referenced_galaxy_cluster_type': 'located-in',\n", + " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14665',\n", + " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2555341',\n", + " 'id': '22081',\n", + " 'referenced_galaxy_cluster_id': '10024',\n", + " 'referenced_galaxy_cluster_type': 'located-in',\n", + " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '294',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '51',\n", + " 'id': '10024',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'subregions': ['060 - '\n", + " 'Bermuda',\n", + " '124 - '\n", + " 'Canada',\n", + " '304 - '\n", + " 'Greenland',\n", + " '666 - '\n", + " 'Saint '\n", + " 'Pierre and '\n", + " 'Miquelon',\n", + " '840 - '\n", + " 'United '\n", + " 'States of '\n", + " 'America']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n", + " 'tag_id': 35,\n", + " 'tag_name': 'misp-galaxy:region=\"021 '\n", + " '- Northern America\"',\n", + " 'type': 'region',\n", + " 'uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", + " 'value': '021 - Northern America',\n", + " 'version': '1'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '295',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '51',\n", + " 'id': '10034',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'subregions': ['030 - '\n", + " 'Eastern '\n", + " 'Asia',\n", + " '034 - '\n", + " 'Southern '\n", + " 'Asia',\n", + " '035 - '\n", + " 'South-eastern '\n", + " 'Asia',\n", + " '143 - '\n", + " 'Central '\n", + " 'Asia',\n", + " '145 - '\n", + " 'Western '\n", + " 'Asia']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n", + " 'tag_id': 36,\n", + " 'tag_name': 'misp-galaxy:region=\"142 '\n", + " '- Asia\"',\n", + " 'type': 'region',\n", + " 'uuid': '4b09b683-5650-4a6c-a383-d8f3b686ebc2',\n", + " 'value': '142 - Asia',\n", + " 'version': '1'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '296',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '51',\n", + " 'id': '10037',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'subregions': ['039 - '\n", + " 'Southern '\n", + " 'Europe',\n", + " '151 - '\n", + " 'Eastern '\n", + " 'Europe',\n", + " '154 - '\n", + " 'Northern '\n", + " 'Europe',\n", + " '155 - '\n", + " 'Western '\n", + " 'Europe']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n", + " 'tag_id': 37,\n", + " 'tag_name': 'misp-galaxy:region=\"150 '\n", + " '- Europe\"',\n", + " 'type': 'region',\n", + " 'uuid': '739c285c-fe59-4540-b323-bf713af30347',\n", + " 'value': '150 - Europe',\n", + " 'version': '1'}],\n", + " 'description': 'Regions based on UN M49.',\n", + " 'enabled': True,\n", + " 'icon': 'globe-europe',\n", + " 'id': '51',\n", + " 'local_only': False,\n", + " 'name': 'Regions UN M49',\n", + " 'namespace': 'misp',\n", + " 'type': 'region',\n", + " 'uuid': 'd151a79a-e029-11e9-9409-f3e0cf3d93aa',\n", + " 'version': '2'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1944',\n", + " 'referenced_galaxy_cluster_id': '4945',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '06c00069-771a-4d57-8ef5-d3718c1a8771',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1945',\n", + " 'referenced_galaxy_cluster_id': '5189',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1946',\n", + " 'referenced_galaxy_cluster_id': '6081',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '10d51417-ee35-4589-b1ff-b6df1c334e8d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1947',\n", + " 'referenced_galaxy_cluster_id': '4799',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '10ffac09-e42d-4f56-ab20-db94c67d76ff',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1948',\n", + " 'referenced_galaxy_cluster_id': '5982',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '1608f3e1-598a-42f4-a01a-2e252e81728f',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1949',\n", + " 'referenced_galaxy_cluster_id': '5190',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '1d24cdee-9ea2-4189-b08e-af110bf2435d',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1950',\n", + " 'referenced_galaxy_cluster_id': '5529',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '2db31dcd-54da-405d-acef-b9129b816ed6',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1951',\n", + " 'referenced_galaxy_cluster_id': '4880',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1952',\n", + " 'referenced_galaxy_cluster_id': '6090',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '3257eb21-f9a7-4430-8de1-d8b6e288f529',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1953',\n", + " 'referenced_galaxy_cluster_id': '4731',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '3298ce88-1628-43b1-87d9-0b5336b193d7',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1954',\n", + " 'referenced_galaxy_cluster_id': '4692',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '4ffc1794-ec3b-45be-9e52-42dbcb2af2de',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1955',\n", + " 'referenced_galaxy_cluster_id': '6077',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '54a649ff-439a-41a4-9856-8d144a2551ba',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1956',\n", + " 'referenced_galaxy_cluster_id': '5344',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '54ca26f3-c172-4231-93e5-ccebcac2161f',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1957',\n", + " 'referenced_galaxy_cluster_id': '5247',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '635cbe30-392d-4e27-978e-66774357c762',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1958',\n", + " 'referenced_galaxy_cluster_id': '5191',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '692074ae-bb62-4a5e-a735-02cb6bde458c',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1959',\n", + " 'referenced_galaxy_cluster_id': '5252',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '7610cada-1499-41a4-b3dd-46467b68d177',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1960',\n", + " 'referenced_galaxy_cluster_id': '5241',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '7decb26c-715c-40cf-b7e0-026f7d7cc215',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1961',\n", + " 'referenced_galaxy_cluster_id': '5199',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '8861073d-d1b8-4941-82ce-dce621d398f0',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1962',\n", + " 'referenced_galaxy_cluster_id': '4859',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '8a2f40cf-8325-47f9-96e4-b1ca4c7389bd',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1963',\n", + " 'referenced_galaxy_cluster_id': '6106',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '92a78814-b191-47ca-909c-1ccfe3777414',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1964',\n", + " 'referenced_galaxy_cluster_id': '4668',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '954a1639-f2d6-407d-aef3-4917622ca493',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1965',\n", + " 'referenced_galaxy_cluster_id': '5956',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '9fa07bef-9c81-421e-a8e5-ad4366c5a925',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1966',\n", + " 'referenced_galaxy_cluster_id': '5262',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'a009cb25-4801-4116-9105-80a91cf15c1b',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1967',\n", + " 'referenced_galaxy_cluster_id': '6059',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'a10641f4-87b4-45a3-a906-92a149cb2c27',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1968',\n", + " 'referenced_galaxy_cluster_id': '5973',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'a93494bb-4b80-4ea1-8695-3236a49916fd',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1969',\n", + " 'referenced_galaxy_cluster_id': '4993',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'ae7f3575-0a5e-427e-991b-fe03ad44c754',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1970',\n", + " 'referenced_galaxy_cluster_id': '5192',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'b2d03cea-aec1-45ca-9744-9ee583c1e1cc',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1971',\n", + " 'referenced_galaxy_cluster_id': '5162',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'b4409cd8-0da9-46e1-a401-a241afd4d1cc',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1972',\n", + " 'referenced_galaxy_cluster_id': '4891',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'b4694861-542c-48ea-9eb1-10d356e7140a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1973',\n", + " 'referenced_galaxy_cluster_id': '5149',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'b8017880-4b1e-42de-ad10-ae7ac6705166',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1974',\n", + " 'referenced_galaxy_cluster_id': '5220',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1975',\n", + " 'referenced_galaxy_cluster_id': '5251',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'cff94884-3b1c-4987-a70b-6d5643c621c3',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1976',\n", + " 'referenced_galaxy_cluster_id': '4848',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'd245808a-7086-4310-984a-a84aaaa43f8f',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1977',\n", + " 'referenced_galaxy_cluster_id': '4918',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'd4b96d2c-1032-4b22-9235-2b5b649d0605',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1978',\n", + " 'referenced_galaxy_cluster_id': '6014',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'e01be9c5-e763-4caf-aeb7-000b416aef67',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1979',\n", + " 'referenced_galaxy_cluster_id': '4676',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'e74de37c-a829-446c-937d-56a44f0e9306',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1980',\n", + " 'referenced_galaxy_cluster_id': '4846',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'eb062747-2193-45de-8fa2-e62549c37ddf',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1981',\n", + " 'referenced_galaxy_cluster_id': '5235',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'f232fa7a-025c-4d43-abc7-318e81a73d65',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1982',\n", + " 'referenced_galaxy_cluster_id': '5144',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'f4c1826f-a322-41cd-9557-562100848c84',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1983',\n", + " 'referenced_galaxy_cluster_id': '4953',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'fa44a152-ac48-441e-a524-dd7b04b8adcd',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001fc2',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '3',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", + " 'numerical_value': '95',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5854',\n", + " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'id': '1984',\n", + " 'referenced_galaxy_cluster_id': '4850',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': 'fc74ba38-dc98-461f-8611-b3dbf9978e3d',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'a8825ae8-6dea-11e7-8d57-7728f3cfe086',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Use two or more '\n", + " 'pieces of evidence '\n", + " 'to authenticate to '\n", + " 'a system; such as '\n", + " 'username and '\n", + " 'password in '\n", + " 'addition to a token '\n", + " 'from a physical '\n", + " 'smart card or token '\n", + " 'generator.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '303',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '24',\n", + " 'id': '5854',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['M1032'],\n", + " 'refs': ['https://attack.mitre.org/mitigations/M1032']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 43,\n", + " 'tag_name': 'misp-galaxy:mitre-course-of-action=\"Multi-factor '\n", + " 'Authentication - '\n", + " 'M1032\"',\n", + " 'type': 'mitre-course-of-action',\n", + " 'uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", + " 'value': 'Multi-factor '\n", + " 'Authentication - M1032',\n", + " 'version': '26'}],\n", + " 'description': 'ATT&CK Mitigation',\n", + " 'enabled': True,\n", + " 'icon': 'link',\n", + " 'id': '24',\n", + " 'local_only': False,\n", + " 'name': 'Course of Action',\n", + " 'namespace': 'mitre-attack',\n", + " 'type': 'mitre-course-of-action',\n", + " 'uuid': '6fcb4472-6de4-11e7-b5f7-37771619e14e',\n", + " 'version': '7'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '23',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Compromise '\n", + " 'Client Software Binary - T1554\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '24',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Traffic '\n", + " 'Signaling - T1205\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '25',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Clear Command '\n", + " 'History - T1070.003\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '26',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Timestomp - '\n", + " 'T1070.006\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '27',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Symmetric '\n", + " 'Cryptography - T1573.001\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '28',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Asymmetric '\n", + " 'Cryptography - T1573.002\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '29',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Multi-hop '\n", + " 'Proxy - T1090.003\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '30',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Obfuscated '\n", + " 'Files or Information - T1027\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '31',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:sector=\"Academia - University\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '32',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:sector=\"Government, Administration\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '33',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:sector=\"IT - ISP\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '34',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:sector=\"Marketing\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '35',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:region=\"021 - Northern America\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '36',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:region=\"142 - Asia\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '37',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:region=\"150 - Europe\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#996e00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '38',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'access-method:stolen-credentials',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '16',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:white',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#002b4a',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '39',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'osint:source-type=\"technical-report\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#007ed9',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '40',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'osint:certainty=\"93\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#00c0eb',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '41',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'veris:action:hacking:vector=\"Backdoor or C2\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '42',\n", + " 'is_custom_galaxy': True,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:backdoor=\"c070c1c8-8939-4e66-bf4d-b91e8392a7a4\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '43',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-course-of-action=\"Multi-factor '\n", + " 'Authentication - M1032\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '44',\n", + " 'is_custom_galaxy': True,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-course-of-action=\"08c0a23d-ed11-41b9-85ae-7cd86181b254\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '2',\n", + " 'attribute_count': '24',\n", + " 'date': '2021-02-03',\n", + " 'disable_correlation': False,\n", + " 'distribution': '1',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '52',\n", + " 'info': 'Kobalos - Linux threat to high performance computing '\n", + " 'infrastructure',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '2',\n", + " 'timestamp': '1617972935',\n", + " 'uuid': '83a7add9-76d7-47ef-9f4b-ebd07fbe880d'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Francesco Bigarella',\n", + " 'Christophe Vandeplas'],\n", + " 'collection_uuid': 'cc0c8ae9-aec2-42c6-9939-f4f82b051836',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Type of Jackpotting '\n", + " 'attack. Connection '\n", + " 'of an unauthorized '\n", + " 'device which sends '\n", + " 'dispense commands '\n", + " 'directly to the ATM '\n", + " 'cash dispenser in '\n", + " 'order to “cash out” '\n", + " 'the ATM.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '308',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '4',\n", + " 'id': '575',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'kill_chain': ['fraud-tactics:Target '\n", + " 'Compromise'],\n", + " 'refs': ['https://www.association-secure-transactions.eu/industry-information/fraud-definitions/'],\n", + " 'synonyms': ['Black Box '\n", + " 'Attack']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Open Sources',\n", + " 'tag_id': 19,\n", + " 'tag_name': 'misp-galaxy:financial-fraud=\"ATM '\n", + " 'Black Box Attack\"',\n", + " 'type': 'financial-fraud',\n", + " 'uuid': '6bec22cb-9aed-426a-bffc-b0a78db6527a',\n", + " 'value': 'ATM Black Box Attack',\n", + " 'version': '6'}],\n", + " 'description': 'attck4fraud - Principles of MITRE '\n", + " 'ATT&CK in the fraud domain',\n", + " 'enabled': True,\n", + " 'icon': 'map',\n", + " 'id': '4',\n", + " 'kill_chain_order': {'fraud-tactics': ['Initiation',\n", + " 'Target '\n", + " 'Compromise',\n", + " 'Perform Fraud',\n", + " 'Obtain '\n", + " 'Fraudulent '\n", + " 'Assets',\n", + " 'Assets '\n", + " 'Transfer',\n", + " 'Monetisation',\n", + " 'Due '\n", + " 'Diligence']},\n", + " 'local_only': False,\n", + " 'name': 'attck4fraud',\n", + " 'namespace': 'misp',\n", + " 'type': 'financial-fraud',\n", + " 'uuid': 'cc0c8ae9-aec2-42c6-9939-f4f82b051836',\n", + " 'version': '2'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", + " 'http://pastebin.com/raw/GHgpWjar',\n", + " 'MISP Project',\n", + " 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n", + " 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Ransomware Based on '\n", + " 'HiddenTear',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '309',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '49',\n", + " 'id': '8410',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'encryption': ['AES-256'],\n", + " 'extensions': ['.암호화됨'],\n", + " 'payment-method': ['Bitcoin'],\n", + " 'price': ['0.5'],\n", + " 'ransomnotes-filenames': ['ReadMe.txt'],\n", + " 'refs': ['http://www.nyxbone.com/malware/koreanRansom.html',\n", + " 'http://id-ransomware.blogspot.com/2016/08/korean-ransomware.html']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 20,\n", + " 'tag_name': 'misp-galaxy:ransomware=\"Korean\"',\n", + " 'type': 'ransomware',\n", + " 'uuid': '4febffe0-3837-41d7-b95f-e26d126275e4',\n", + " 'value': 'Korean',\n", + " 'version': '118'}],\n", + " 'description': 'Ransomware galaxy based on '\n", + " 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", + " 'enabled': True,\n", + " 'icon': 'btc',\n", + " 'id': '49',\n", + " 'local_only': False,\n", + " 'name': 'Ransomware',\n", + " 'namespace': 'misp',\n", + " 'type': 'ransomware',\n", + " 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n", + " 'version': '4'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5584',\n", + " 'galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", + " 'id': '1176',\n", + " 'referenced_galaxy_cluster_id': '5520',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': 'ce0687a0-e692-4b77-964a-0784a8e54ff1',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5899',\n", + " 'galaxy_cluster_uuid': '78bb71be-92b4-46de-acd6-5f998fedf1cc',\n", + " 'id': '2378',\n", + " 'referenced_galaxy_cluster_id': '5584',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '6786',\n", + " 'galaxy_cluster_uuid': '381fcf73-60f6-4ab2-9991-6af3cbc35192',\n", + " 'id': '3998',\n", + " 'referenced_galaxy_cluster_id': '5584',\n", + " 'referenced_galaxy_cluster_type': 'uses',\n", + " 'referenced_galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'acquire information '\n", + " 'about '\n", + " 'vulnerabilities '\n", + " 'that can be used '\n", + " 'during targeting. A '\n", + " 'vulnerability is a '\n", + " 'weakness in '\n", + " 'computer hardware '\n", + " 'or software that '\n", + " 'can, potentially, '\n", + " 'be exploited by an '\n", + " 'adversary to cause '\n", + " 'unintended or '\n", + " 'unanticipated '\n", + " 'behavior to occur. '\n", + " 'Adversaries may '\n", + " 'find vulnerability '\n", + " 'information by '\n", + " 'searching open '\n", + " 'databases or '\n", + " 'gaining access to '\n", + " 'closed '\n", + " 'vulnerability '\n", + " 'databases.(Citation: '\n", + " 'National '\n", + " 'Vulnerability '\n", + " 'Database)\\n'\n", + " '\\n'\n", + " 'An adversary may '\n", + " 'monitor '\n", + " 'vulnerability '\n", + " 'disclosures/databases '\n", + " 'to understand the '\n", + " 'state of existing, '\n", + " 'as well as newly '\n", + " 'discovered, '\n", + " 'vulnerabilities. '\n", + " 'There is usually a '\n", + " 'delay between when '\n", + " 'a vulnerability is '\n", + " 'discovered and when '\n", + " 'it is made public. '\n", + " 'An adversary may '\n", + " 'target the systems '\n", + " 'of those known to '\n", + " 'conduct '\n", + " 'vulnerability '\n", + " 'research (including '\n", + " 'commercial '\n", + " 'vendors). Knowledge '\n", + " 'of a vulnerability '\n", + " 'may cause an '\n", + " 'adversary to search '\n", + " 'for an existing '\n", + " 'exploit (i.e. '\n", + " '[Exploits](https://attack.mitre.org/techniques/T1588/005)) '\n", + " 'or to attempt to '\n", + " 'develop one '\n", + " 'themselves (i.e. '\n", + " '[Exploits](https://attack.mitre.org/techniques/T1587/004)).',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '310',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5584',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1588.006'],\n", + " 'kill_chain': ['mitre-attack:resource-development'],\n", + " 'mitre_platforms': ['PRE'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1588/006',\n", + " 'https://nvd.nist.gov/']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 21,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Vulnerabilities '\n", + " '- T1588.006\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", + " 'value': 'Vulnerabilities - '\n", + " 'T1588.006',\n", + " 'version': '25'}],\n", + " 'description': 'ATT&CK Tactic',\n", + " 'enabled': True,\n", + " 'icon': 'map',\n", + " 'id': '23',\n", + " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", + " 'resource-development',\n", + " 'initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact'],\n", + " 'mitre-mobile-attack': ['initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact',\n", + " 'network-effects',\n", + " 'remote-service-effects'],\n", + " 'mitre-pre-attack': ['priority-definition-planning',\n", + " 'priority-definition-direction',\n", + " 'target-selection',\n", + " 'technical-information-gathering',\n", + " 'people-information-gathering',\n", + " 'organizational-information-gathering',\n", + " 'technical-weakness-identification',\n", + " 'people-weakness-identification',\n", + " 'organizational-weakness-identification',\n", + " 'adversary-opsec',\n", + " 'establish-&-maintain-infrastructure',\n", + " 'persona-development',\n", + " 'build-capabilities',\n", + " 'test-capabilities',\n", + " 'stage-capabilities']},\n", + " 'local_only': False,\n", + " 'name': 'Attack Pattern',\n", + " 'namespace': 'mitre-attack',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", + " 'version': '9'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#004646',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '9',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'type:OSINT',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '16',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:white',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#db0076',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '18',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'workflow:state=\"incomplete\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '19',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:financial-fraud=\"ATM Black Box '\n", + " 'Attack\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ca957b',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '20',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:ransomware=\"Korean\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#5dc0e0',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '21',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Vulnerabilities '\n", + " '- T1588.006\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#418100',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '22',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'circl:incident-classification=\"vulnerability\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '1',\n", + " 'attribute_count': '64',\n", + " 'date': '2021-02-16',\n", + " 'disable_correlation': False,\n", + " 'distribution': '3',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '53',\n", + " 'info': 'ATM Vulnerabilities Allow Deposit Forgery Attacks',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '2',\n", + " 'timestamp': '1682497911',\n", + " 'uuid': '848a3172-1301-4cbd-8398-435b00904c20'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Alexandre Dulaunoy',\n", + " 'Florian Roth',\n", + " 'Thomas Schreck',\n", + " 'Timo Steffens',\n", + " 'Various'],\n", + " 'collection_uuid': '7cdff317-a673-4474-84ec-4f1754947823',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'The Syrian '\n", + " 'Electronic Army '\n", + " '(SEA) is a group of '\n", + " 'computer hackers '\n", + " 'which first '\n", + " 'surfaced online in '\n", + " '2011 to support the '\n", + " 'government of '\n", + " 'Syrian President '\n", + " 'Bashar al-Assad. '\n", + " 'Using spamming, '\n", + " 'website defacement, '\n", + " 'malware, phishing, '\n", + " 'and denial of '\n", + " 'service attacks, it '\n", + " 'has targeted '\n", + " 'political '\n", + " 'opposition groups, '\n", + " 'western news '\n", + " 'organizations, '\n", + " 'human rights groups '\n", + " 'and websites that '\n", + " 'are seemingly '\n", + " 'neutral to the '\n", + " 'Syrian conflict. It '\n", + " 'has also hacked '\n", + " 'government websites '\n", + " 'in the Middle East '\n", + " 'and Europe, as well '\n", + " 'as US defense '\n", + " 'contractors. As of '\n", + " '2011 the SEA has '\n", + " 'been *the first '\n", + " 'Arab country to '\n", + " 'have a public '\n", + " 'Internet Army '\n", + " 'hosted on its '\n", + " 'national networks '\n", + " 'to openly launch '\n", + " 'cyber attacks on '\n", + " 'its enemies*. The '\n", + " 'precise nature of '\n", + " \"SEA's relationship \"\n", + " 'with the Syrian '\n", + " 'government has '\n", + " 'changed over time '\n", + " 'and is unclear',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '312',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '62',\n", + " 'id': '18607',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'attribution-confidence': ['50'],\n", + " 'country': ['SY'],\n", + " 'refs': ['https://en.wikipedia.org/wiki/Syrian_Electronic_Army'],\n", + " 'synonyms': ['SyrianElectronicArmy',\n", + " 'SEA']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'MISP Project',\n", + " 'tag_id': 14,\n", + " 'tag_name': 'misp-galaxy:threat-actor=\"Deadeye '\n", + " 'Jackal\"',\n", + " 'type': 'threat-actor',\n", + " 'uuid': '4265d44e-8372-4ed0-b428-b331a5443d7d',\n", + " 'value': 'Deadeye Jackal',\n", + " 'version': '281'}],\n", + " 'description': 'Threat actors are characteristics of '\n", + " 'malicious actors (or adversaries) '\n", + " 'representing a cyber attack threat '\n", + " 'including presumed intent and '\n", + " 'historically observed behaviour.',\n", + " 'enabled': True,\n", + " 'icon': 'user-secret',\n", + " 'id': '62',\n", + " 'local_only': False,\n", + " 'name': 'Threat Actor',\n", + " 'namespace': 'misp',\n", + " 'type': 'threat-actor',\n", + " 'uuid': '698774c7-8022-42c4-917f-8d6e4f06ada3',\n", + " 'version': '3'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5248',\n", + " 'galaxy_cluster_uuid': '8c41090b-aa47-4331-986b-8c9a51a91103',\n", + " 'id': '956',\n", + " 'referenced_galaxy_cluster_id': '5614',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5258',\n", + " 'galaxy_cluster_uuid': '0cfe31a7-81fc-472c-bc45-e2808d1066a3',\n", + " 'id': '966',\n", + " 'referenced_galaxy_cluster_id': '5614',\n", + " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", + " 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", + " 'sharing_group_id': None},\n", + " {'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '5877',\n", + " 'galaxy_cluster_uuid': '3efe43d1-6f3f-4fcb-ab39-4a730971f70b',\n", + " 'id': '2233',\n", + " 'referenced_galaxy_cluster_id': '5614',\n", + " 'referenced_galaxy_cluster_type': 'mitigates',\n", + " 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'modify visual '\n", + " 'content available '\n", + " 'internally or '\n", + " 'externally to an '\n", + " 'enterprise network, '\n", + " 'thus affecting the '\n", + " 'integrity of the '\n", + " 'original content. '\n", + " 'Reasons for '\n", + " '[Defacement](https://attack.mitre.org/techniques/T1491) '\n", + " 'include delivering '\n", + " 'messaging, '\n", + " 'intimidation, or '\n", + " 'claiming (possibly '\n", + " 'false) credit for '\n", + " 'an intrusion. '\n", + " 'Disturbing or '\n", + " 'offensive images '\n", + " 'may be used as a '\n", + " 'part of '\n", + " '[Defacement](https://attack.mitre.org/techniques/T1491) '\n", + " 'in order to cause '\n", + " 'user discomfort, or '\n", + " 'to pressure '\n", + " 'compliance with '\n", + " 'accompanying '\n", + " 'messages. \\n',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '315',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5614',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1491'],\n", + " 'kill_chain': ['mitre-attack:impact'],\n", + " 'mitre_data_sources': ['Application '\n", + " 'Log: '\n", + " 'Application '\n", + " 'Log '\n", + " 'Content',\n", + " 'File: '\n", + " 'File '\n", + " 'Creation',\n", + " 'File: '\n", + " 'File '\n", + " 'Modification',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content'],\n", + " 'mitre_platforms': ['Windows',\n", + " 'IaaS',\n", + " 'Linux',\n", + " 'macOS'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1491']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 17,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Defacement '\n", + " '- T1491\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", + " 'value': 'Defacement - T1491',\n", + " 'version': '25'}],\n", + " 'description': 'ATT&CK Tactic',\n", + " 'enabled': True,\n", + " 'icon': 'map',\n", + " 'id': '23',\n", + " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", + " 'resource-development',\n", + " 'initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact'],\n", + " 'mitre-mobile-attack': ['initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact',\n", + " 'network-effects',\n", + " 'remote-service-effects'],\n", + " 'mitre-pre-attack': ['priority-definition-planning',\n", + " 'priority-definition-direction',\n", + " 'target-selection',\n", + " 'technical-information-gathering',\n", + " 'people-information-gathering',\n", + " 'organizational-information-gathering',\n", + " 'technical-weakness-identification',\n", + " 'people-weakness-identification',\n", + " 'organizational-weakness-identification',\n", + " 'adversary-opsec',\n", + " 'establish-&-maintain-infrastructure',\n", + " 'persona-development',\n", + " 'build-capabilities',\n", + " 'test-capabilities',\n", + " 'stage-capabilities']},\n", + " 'local_only': False,\n", + " 'name': 'Attack Pattern',\n", + " 'namespace': 'mitre-attack',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", + " 'version': '9'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '14',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:threat-actor=\"Deadeye Jackal\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ee4700',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '15',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'domain-abuse:domain-access-method=\"compromised-domain-name-registrar\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '16',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:white',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '17',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Defacement - '\n", + " 'T1491\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '1',\n", + " 'attribute_count': '242',\n", + " 'date': '2013-08-27',\n", + " 'disable_correlation': False,\n", + " 'distribution': '3',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '54',\n", + " 'info': 'Investigation Syrian Electronic Army Activities - '\n", + " 'Domain(s) Take over via Melbourne IT registrar',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '2',\n", + " 'timestamp': '1693924239',\n", + " 'uuid': 'c54869a6-0123-405f-b1a0-0ba3cfd759b9'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9554',\n", + " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'id': '17887',\n", + " 'referenced_galaxy_cluster_id': '9652',\n", + " 'referenced_galaxy_cluster_type': 'parent-of',\n", + " 'referenced_galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9554',\n", + " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'id': '17888',\n", + " 'referenced_galaxy_cluster_id': '9653',\n", + " 'referenced_galaxy_cluster_type': 'parent-of',\n", + " 'referenced_galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9554',\n", + " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'id': '17889',\n", + " 'referenced_galaxy_cluster_id': '9654',\n", + " 'referenced_galaxy_cluster_type': 'parent-of',\n", + " 'referenced_galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9652',\n", + " 'galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", + " 'id': '17916',\n", + " 'referenced_galaxy_cluster_id': '9554',\n", + " 'referenced_galaxy_cluster_type': 'successor-of',\n", + " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9653',\n", + " 'galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", + " 'id': '17917',\n", + " 'referenced_galaxy_cluster_id': '9554',\n", + " 'referenced_galaxy_cluster_type': 'successor-of',\n", + " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'sharing_group_id': None},\n", + " {'Tag': [{'colour': '#001899',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '1',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", + " 'numerical_value': '55',\n", + " 'org_id': '0',\n", + " 'user_id': '0'}],\n", + " 'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '9654',\n", + " 'galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", + " 'id': '17919',\n", + " 'referenced_galaxy_cluster_id': '9554',\n", + " 'referenced_galaxy_cluster_type': 'successor-of',\n", + " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'sharing_group_id': None}],\n", + " 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", + " 'http://pastebin.com/raw/GHgpWjar',\n", + " 'MISP Project',\n", + " 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n", + " 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Conti ransomware is '\n", + " 'a RaaS and has been '\n", + " 'observed encrypting '\n", + " 'networks since '\n", + " 'mid-2020.\\n'\n", + " 'Conti was developed '\n", + " 'by the “TrickBot” '\n", + " 'group, an organized '\n", + " 'Russian '\n", + " 'cybercriminal '\n", + " 'operation. Their '\n", + " 'reputation has '\n", + " 'allowed the group '\n", + " 'to create a strong '\n", + " 'brand name, '\n", + " 'attracting many '\n", + " 'affiliates which '\n", + " 'has made Conti one '\n", + " 'of the most '\n", + " 'widespread '\n", + " 'ransomware strains '\n", + " 'in the world.\\n'\n", + " 'One of the last '\n", + " 'known “Conti” '\n", + " 'attacks was against '\n", + " 'the government of '\n", + " 'Costa Rica in April '\n", + " '2022 causing the '\n", + " 'country to declare '\n", + " 'a state of '\n", + " 'emergency.\\n'\n", + " 'Shortly after this '\n", + " 'final attack, the '\n", + " '“Conti” brand '\n", + " 'disappeared. The '\n", + " 'group behind it '\n", + " 'likely switched to '\n", + " 'a different brand '\n", + " 'to avoid sanctions '\n", + " 'and start over with '\n", + " 'a new, clean '\n", + " 'reputation.',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '317',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '49',\n", + " 'id': '9554',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'attribution-confidence': ['100'],\n", + " 'country': ['RU'],\n", + " 'extensions': ['.conti'],\n", + " 'links': ['http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/',\n", + " 'http://continews.click'],\n", + " 'ransomnotes': ['All of '\n", + " 'your '\n", + " 'files are '\n", + " 'currently '\n", + " 'encrypted '\n", + " 'by CONTI '\n", + " 'ransomware.'],\n", + " 'refs': ['https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-010-acsc-ransomware-profile-conti',\n", + " 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098',\n", + " 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 166,\n", + " 'tag_name': 'misp-galaxy:ransomware=\"Conti\"',\n", + " 'type': 'ransomware',\n", + " 'uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", + " 'value': 'Conti',\n", + " 'version': '118'}],\n", + " 'description': 'Ransomware galaxy based on '\n", + " 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", + " 'enabled': True,\n", + " 'icon': 'btc',\n", + " 'id': '49',\n", + " 'local_only': False,\n", + " 'name': 'Ransomware',\n", + " 'namespace': 'misp',\n", + " 'type': 'ransomware',\n", + " 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n", + " 'version': '4'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'date': '2022-03-21',\n", + " 'distribution': '1',\n", + " 'id': '50',\n", + " 'info': 'Ransomware Attack against a '\n", + " 'French organization',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'published': False,\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1695041268',\n", + " 'uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80'}}],\n", + " 'Tag': [{'colour': '#001cad',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '2',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'estimative-language:likelihood-probability=\"very-likely\"',\n", + " 'numerical_value': '80',\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '166',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:ransomware=\"Conti\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '13',\n", + " 'date': '2022-03-22',\n", + " 'disable_correlation': False,\n", + " 'distribution': '2',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80',\n", + " 'id': '55',\n", + " 'info': 'Network relationship with Conti BTC address',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '4',\n", + " 'timestamp': '1695040739',\n", + " 'uuid': 'd1a18f98-4efb-4238-b608-8783e626b95f'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#0fc000',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '45',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'admiralty-scale:information-credibility=\"2\"',\n", + " 'numerical_value': '75',\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#038e00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '46',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'economical-impact:loss=\"less-than-1B-euro\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '7',\n", + " 'date': '2021-05-28',\n", + " 'disable_correlation': False,\n", + " 'distribution': '1',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '56',\n", + " 'info': 'Decaying example',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '4',\n", + " 'timestamp': '1695024030',\n", + " 'uuid': 'e6f83d22-248c-4286-91d2-8dd97b637560'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '321',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '59',\n", + " 'id': '13281',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'calling-code': ['+31'],\n", + " 'capital': ['Amsterdam'],\n", + " 'currency': ['€',\n", + " 'EUR',\n", + " 'EURO',\n", + " '$',\n", + " 'USD',\n", + " 'United '\n", + " 'States '\n", + " 'dollar'],\n", + " 'iso-code': ['NL', 'NLD'],\n", + " 'member-of': ['NATO'],\n", + " 'official-languages': ['Dutch'],\n", + " 'synonyms': ['Nederland',\n", + " 'Holland'],\n", + " 'territory-type': ['Country'],\n", + " 'top-level-domain': ['.nl']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 50,\n", + " 'tag_name': 'misp-galaxy:target-information=\"Netherlands\"',\n", + " 'type': 'target-information',\n", + " 'uuid': '1c016908-33df-485c-ba9a-3e629e6f92d9',\n", + " 'value': 'Netherlands',\n", + " 'version': '7'}],\n", + " 'description': 'Description of targets of threat '\n", + " 'actors.',\n", + " 'enabled': True,\n", + " 'icon': 'bullseye',\n", + " 'id': '59',\n", + " 'local_only': False,\n", + " 'name': 'Target Information',\n", + " 'namespace': 'misp',\n", + " 'type': 'target-information',\n", + " 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n", + " 'version': '1'},\n", + " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'default': True,\n", + " 'distribution': '3',\n", + " 'galaxy_cluster_id': '14623',\n", + " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2525553',\n", + " 'id': '22039',\n", + " 'referenced_galaxy_cluster_id': '10038',\n", + " 'referenced_galaxy_cluster_type': 'located-in',\n", + " 'referenced_galaxy_cluster_uuid': 'c7cb0859-5680-4bdb-9c78-46cab3504a62',\n", + " 'sharing_group_id': None}],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['geonames.org'],\n", + " 'collection_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Russia',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '322',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '14',\n", + " 'id': '14623',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'Capital': ['Moscow'],\n", + " 'Continent': ['EU'],\n", + " 'CurrencyCode': ['RUB'],\n", + " 'CurrencyName': ['Ruble'],\n", + " 'ISO': ['RU'],\n", + " 'ISO3': ['RUS'],\n", + " 'Languages': ['ru,tt,xal,cau,ady,kv,ce,tyv,cv,udm,tut,mns,bua,myv,mdf,chm,ba,inh,tut,kbd,krc,av,sah,nog'],\n", + " 'Population': ['140702000'],\n", + " 'tld': ['.ru']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'MISP Project',\n", + " 'tag_id': 51,\n", + " 'tag_name': 'misp-galaxy:country=\"russia\"',\n", + " 'type': 'country',\n", + " 'uuid': '84668357-5a8c-4bdd-9f0f-6b50b2525553',\n", + " 'value': 'russia',\n", + " 'version': '2'}],\n", + " 'description': 'Country meta information based on the '\n", + " 'database provided by geonames.org.',\n", + " 'enabled': True,\n", + " 'icon': 'globe',\n", + " 'id': '14',\n", + " 'local_only': False,\n", + " 'name': 'Country',\n", + " 'namespace': 'misp',\n", + " 'type': 'country',\n", + " 'uuid': '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',\n", + " 'version': '1'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#e9007e',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '49',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'workflow:state=\"draft\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '50',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:target-information=\"Netherlands\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '51',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:country=\"russia\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#FFC000',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '52',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:amber+strict',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '65',\n", + " 'date': '2023-01-27',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '57',\n", + " 'info': 'GRU close access cyber operation against OPCW',\n", + " 'locked': True,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '4',\n", + " 'timestamp': '1693470062',\n", + " 'uuid': 'f438b116-58db-44d5-b37f-167d1b3a2f41'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [],\n", + " 'Org': {'id': '6',\n", + " 'local': True,\n", + " 'name': 'ORG_4',\n", + " 'uuid': '9e913344-3e2d-4cd2-8403-8888dfe0ad1e'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'analysis': '0',\n", + " 'attribute_count': '1',\n", + " 'date': '2024-04-14',\n", + " 'disable_correlation': False,\n", + " 'distribution': '3',\n", + " 'event_creator_email': 'user1@sync-user.4.test',\n", + " 'extends_uuid': '',\n", + " 'id': '59',\n", + " 'info': 'Test Pull From Docker',\n", + " 'locked': True,\n", + " 'org_id': '6',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '1713083090',\n", + " 'published': True,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713083076',\n", + " 'uuid': 'fc1ef566-44a5-4d98-9c85-dc0f75467100'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'attempt to exploit '\n", + " 'a weakness in an '\n", + " 'Internet-facing '\n", + " 'host or system to '\n", + " 'initially access a '\n", + " 'network. The '\n", + " 'weakness in the '\n", + " 'system can be a '\n", + " 'software bug, a '\n", + " 'temporary glitch, '\n", + " 'or a '\n", + " 'misconfiguration.\\n'\n", + " '\\n'\n", + " 'Exploited '\n", + " 'applications are '\n", + " 'often websites/web '\n", + " 'servers, but can '\n", + " 'also include '\n", + " 'databases (like '\n", + " 'SQL), standard '\n", + " 'services (like SMB '\n", + " 'or SSH), network '\n", + " 'device '\n", + " 'administration and '\n", + " 'management '\n", + " 'protocols (like '\n", + " 'SNMP and Smart '\n", + " 'Install), and any '\n", + " 'other system with '\n", + " 'Internet accessible '\n", + " 'open '\n", + " 'sockets.(Citation: '\n", + " 'NVD '\n", + " 'CVE-2016-6662)(Citation: '\n", + " 'CIS Multiple SMB '\n", + " 'Vulnerabilities)(Citation: '\n", + " 'US-CERT TA18-106A '\n", + " 'Network '\n", + " 'Infrastructure '\n", + " 'Devices '\n", + " '2018)(Citation: '\n", + " 'Cisco Blog Legacy '\n", + " 'Device '\n", + " 'Attacks)(Citation: '\n", + " 'NVD CVE-2014-7169) '\n", + " 'Depending on the '\n", + " 'flaw being '\n", + " 'exploited this may '\n", + " 'also involve '\n", + " '[Exploitation for '\n", + " 'Defense '\n", + " 'Evasion](https://attack.mitre.org/techniques/T1211). \\n'\n", + " '\\n'\n", + " 'If an application '\n", + " 'is hosted on '\n", + " 'cloud-based '\n", + " 'infrastructure '\n", + " 'and/or is '\n", + " 'containerized, then '\n", + " 'exploiting it may '\n", + " 'lead to compromise '\n", + " 'of the underlying '\n", + " 'instance or '\n", + " 'container. This can '\n", + " 'allow an adversary '\n", + " 'a path to access '\n", + " 'the cloud or '\n", + " 'container APIs, '\n", + " 'exploit container '\n", + " 'host access via '\n", + " '[Escape to '\n", + " 'Host](https://attack.mitre.org/techniques/T1611), '\n", + " 'or take advantage '\n", + " 'of weak identity '\n", + " 'and access '\n", + " 'management '\n", + " 'policies.\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'also exploit edge '\n", + " 'network '\n", + " 'infrastructure and '\n", + " 'related appliances, '\n", + " 'specifically '\n", + " 'targeting devices '\n", + " 'that do not support '\n", + " 'robust host-based '\n", + " 'defenses.(Citation: '\n", + " 'Mandiant Fortinet '\n", + " 'Zero Day)(Citation: '\n", + " 'Wired Russia '\n", + " 'Cyberwar)\\n'\n", + " '\\n'\n", + " 'For websites and '\n", + " 'databases, the '\n", + " 'OWASP top 10 and '\n", + " 'CWE top 25 '\n", + " 'highlight the most '\n", + " 'common web-based '\n", + " 'vulnerabilities.(Citation: '\n", + " 'OWASP Top '\n", + " '10)(Citation: CWE '\n", + " 'top 25)',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '332',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '4825',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1190'],\n", + " 'kill_chain': ['mitre-attack:initial-access'],\n", + " 'mitre_data_sources': ['Application '\n", + " 'Log: '\n", + " 'Application '\n", + " 'Log '\n", + " 'Content',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content'],\n", + " 'mitre_platforms': ['Windows',\n", + " 'IaaS',\n", + " 'Network',\n", + " 'Linux',\n", + " 'macOS',\n", + " 'Containers'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1190',\n", + " 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n", + " 'https://cwe.mitre.org/top25/index.html',\n", + " 'https://nvd.nist.gov/vuln/detail/CVE-2014-7169',\n", + " 'https://nvd.nist.gov/vuln/detail/CVE-2016-6662',\n", + " 'https://us-cert.cisa.gov/ncas/alerts/TA18-106A',\n", + " 'https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/',\n", + " 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem',\n", + " 'https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project',\n", + " 'https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 170,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", + " 'Public-Facing '\n", + " 'Application - T1190\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '3f886f2a-874f-4333-b794-aa6075009b1c',\n", + " 'value': 'Exploit Public-Facing '\n", + " 'Application - T1190',\n", + " 'version': '25'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'leverage '\n", + " 'external-facing '\n", + " 'remote services to '\n", + " 'initially access '\n", + " 'and/or persist '\n", + " 'within a network. '\n", + " 'Remote services '\n", + " 'such as VPNs, '\n", + " 'Citrix, and other '\n", + " 'access mechanisms '\n", + " 'allow users to '\n", + " 'connect to internal '\n", + " 'enterprise network '\n", + " 'resources from '\n", + " 'external locations. '\n", + " 'There are often '\n", + " 'remote service '\n", + " 'gateways that '\n", + " 'manage connections '\n", + " 'and credential '\n", + " 'authentication for '\n", + " 'these services. '\n", + " 'Services such as '\n", + " '[Windows Remote '\n", + " 'Management](https://attack.mitre.org/techniques/T1021/006) '\n", + " 'and '\n", + " '[VNC](https://attack.mitre.org/techniques/T1021/005) '\n", + " 'can also be used '\n", + " 'externally.(Citation: '\n", + " 'MacOS VNC software '\n", + " 'for Remote '\n", + " 'Desktop)\\n'\n", + " '\\n'\n", + " 'Access to [Valid '\n", + " 'Accounts](https://attack.mitre.org/techniques/T1078) '\n", + " 'to use the service '\n", + " 'is often a '\n", + " 'requirement, which '\n", + " 'could be obtained '\n", + " 'through credential '\n", + " 'pharming or by '\n", + " 'obtaining the '\n", + " 'credentials from '\n", + " 'users after '\n", + " 'compromising the '\n", + " 'enterprise '\n", + " 'network.(Citation: '\n", + " 'Volexity Virtual '\n", + " 'Private Keylogging) '\n", + " 'Access to remote '\n", + " 'services may be '\n", + " 'used as a redundant '\n", + " 'or persistent '\n", + " 'access mechanism '\n", + " 'during an '\n", + " 'operation.\\n'\n", + " '\\n'\n", + " 'Access may also be '\n", + " 'gained through an '\n", + " 'exposed service '\n", + " 'that doesn’t '\n", + " 'require '\n", + " 'authentication. In '\n", + " 'containerized '\n", + " 'environments, this '\n", + " 'may include an '\n", + " 'exposed Docker API, '\n", + " 'Kubernetes API '\n", + " 'server, kubelet, or '\n", + " 'web application '\n", + " 'such as the '\n", + " 'Kubernetes '\n", + " 'dashboard.(Citation: '\n", + " 'Trend Micro Exposed '\n", + " 'Docker '\n", + " 'Server)(Citation: '\n", + " 'Unit 42 Hildegard '\n", + " 'Malware)',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '333',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '5048',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1133'],\n", + " 'kill_chain': ['mitre-attack:persistence',\n", + " 'mitre-attack:initial-access'],\n", + " 'mitre_data_sources': ['Application '\n", + " 'Log: '\n", + " 'Application '\n", + " 'Log '\n", + " 'Content',\n", + " 'Logon '\n", + " 'Session: '\n", + " 'Logon '\n", + " 'Session '\n", + " 'Metadata',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Connection '\n", + " 'Creation',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Flow'],\n", + " 'mitre_platforms': ['Windows',\n", + " 'Linux',\n", + " 'Containers',\n", + " 'macOS'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1133',\n", + " 'https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac',\n", + " 'https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/',\n", + " 'https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html',\n", + " 'https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 171,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"External '\n", + " 'Remote Services - '\n", + " 'T1133\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '10d51417-ee35-4589-b1ff-b6df1c334e8d',\n", + " 'value': 'External Remote Services '\n", + " '- T1133',\n", + " 'version': '25'}],\n", + " 'description': 'ATT&CK Tactic',\n", + " 'enabled': True,\n", + " 'icon': 'map',\n", + " 'id': '23',\n", + " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", + " 'resource-development',\n", + " 'initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact'],\n", + " 'mitre-mobile-attack': ['initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact',\n", + " 'network-effects',\n", + " 'remote-service-effects'],\n", + " 'mitre-pre-attack': ['priority-definition-planning',\n", + " 'priority-definition-direction',\n", + " 'target-selection',\n", + " 'technical-information-gathering',\n", + " 'people-information-gathering',\n", + " 'organizational-information-gathering',\n", + " 'technical-weakness-identification',\n", + " 'people-weakness-identification',\n", + " 'organizational-weakness-identification',\n", + " 'adversary-opsec',\n", + " 'establish-&-maintain-infrastructure',\n", + " 'persona-development',\n", + " 'build-capabilities',\n", + " 'test-capabilities',\n", + " 'stage-capabilities']},\n", + " 'local_only': False,\n", + " 'name': 'Attack Pattern',\n", + " 'namespace': 'mitre-attack',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", + " 'version': '9'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '170',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", + " 'Public-Facing Application - T1190\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '171',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"External '\n", + " 'Remote Services - T1133\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#004646',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '9',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'type:OSINT',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0071c3',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '10',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'osint:lifetime=\"perpetual\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '16',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:white',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '55',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:clear',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '2',\n", + " 'attribute_count': '27',\n", + " 'date': '2024-04-13',\n", + " 'disable_correlation': False,\n", + " 'distribution': '3',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '60',\n", + " 'info': 'OSINT - Zero-Day Exploitation of Unauthenticated Remote '\n", + " 'Code Execution Vulnerability in GlobalProtect '\n", + " '(CVE-2024-3400)',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '1713149736',\n", + " 'published': True,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713023036',\n", + " 'uuid': '9802116c-3ec3-4a8e-8b39-5c69b08df5ab'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['MITRE'],\n", + " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': 'Adversaries may '\n", + " 'attempt to exploit '\n", + " 'a weakness in an '\n", + " 'Internet-facing '\n", + " 'host or system to '\n", + " 'initially access a '\n", + " 'network. The '\n", + " 'weakness in the '\n", + " 'system can be a '\n", + " 'software bug, a '\n", + " 'temporary glitch, '\n", + " 'or a '\n", + " 'misconfiguration.\\n'\n", + " '\\n'\n", + " 'Exploited '\n", + " 'applications are '\n", + " 'often websites/web '\n", + " 'servers, but can '\n", + " 'also include '\n", + " 'databases (like '\n", + " 'SQL), standard '\n", + " 'services (like SMB '\n", + " 'or SSH), network '\n", + " 'device '\n", + " 'administration and '\n", + " 'management '\n", + " 'protocols (like '\n", + " 'SNMP and Smart '\n", + " 'Install), and any '\n", + " 'other system with '\n", + " 'Internet accessible '\n", + " 'open '\n", + " 'sockets.(Citation: '\n", + " 'NVD '\n", + " 'CVE-2016-6662)(Citation: '\n", + " 'CIS Multiple SMB '\n", + " 'Vulnerabilities)(Citation: '\n", + " 'US-CERT TA18-106A '\n", + " 'Network '\n", + " 'Infrastructure '\n", + " 'Devices '\n", + " '2018)(Citation: '\n", + " 'Cisco Blog Legacy '\n", + " 'Device '\n", + " 'Attacks)(Citation: '\n", + " 'NVD CVE-2014-7169) '\n", + " 'Depending on the '\n", + " 'flaw being '\n", + " 'exploited this may '\n", + " 'also involve '\n", + " '[Exploitation for '\n", + " 'Defense '\n", + " 'Evasion](https://attack.mitre.org/techniques/T1211). \\n'\n", + " '\\n'\n", + " 'If an application '\n", + " 'is hosted on '\n", + " 'cloud-based '\n", + " 'infrastructure '\n", + " 'and/or is '\n", + " 'containerized, then '\n", + " 'exploiting it may '\n", + " 'lead to compromise '\n", + " 'of the underlying '\n", + " 'instance or '\n", + " 'container. This can '\n", + " 'allow an adversary '\n", + " 'a path to access '\n", + " 'the cloud or '\n", + " 'container APIs, '\n", + " 'exploit container '\n", + " 'host access via '\n", + " '[Escape to '\n", + " 'Host](https://attack.mitre.org/techniques/T1611), '\n", + " 'or take advantage '\n", + " 'of weak identity '\n", + " 'and access '\n", + " 'management '\n", + " 'policies.\\n'\n", + " '\\n'\n", + " 'Adversaries may '\n", + " 'also exploit edge '\n", + " 'network '\n", + " 'infrastructure and '\n", + " 'related appliances, '\n", + " 'specifically '\n", + " 'targeting devices '\n", + " 'that do not support '\n", + " 'robust host-based '\n", + " 'defenses.(Citation: '\n", + " 'Mandiant Fortinet '\n", + " 'Zero Day)(Citation: '\n", + " 'Wired Russia '\n", + " 'Cyberwar)\\n'\n", + " '\\n'\n", + " 'For websites and '\n", + " 'databases, the '\n", + " 'OWASP top 10 and '\n", + " 'CWE top 25 '\n", + " 'highlight the most '\n", + " 'common web-based '\n", + " 'vulnerabilities.(Citation: '\n", + " 'OWASP Top '\n", + " '10)(Citation: CWE '\n", + " 'top 25)',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '342',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '23',\n", + " 'id': '4825',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'external_id': ['T1190'],\n", + " 'kill_chain': ['mitre-attack:initial-access'],\n", + " 'mitre_data_sources': ['Application '\n", + " 'Log: '\n", + " 'Application '\n", + " 'Log '\n", + " 'Content',\n", + " 'Network '\n", + " 'Traffic: '\n", + " 'Network '\n", + " 'Traffic '\n", + " 'Content'],\n", + " 'mitre_platforms': ['Windows',\n", + " 'IaaS',\n", + " 'Network',\n", + " 'Linux',\n", + " 'macOS',\n", + " 'Containers'],\n", + " 'refs': ['https://attack.mitre.org/techniques/T1190',\n", + " 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n", + " 'https://cwe.mitre.org/top25/index.html',\n", + " 'https://nvd.nist.gov/vuln/detail/CVE-2014-7169',\n", + " 'https://nvd.nist.gov/vuln/detail/CVE-2016-6662',\n", + " 'https://us-cert.cisa.gov/ncas/alerts/TA18-106A',\n", + " 'https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/',\n", + " 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem',\n", + " 'https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project',\n", + " 'https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'https://github.com/mitre/cti',\n", + " 'tag_id': 170,\n", + " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", + " 'Public-Facing '\n", + " 'Application - T1190\"',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': '3f886f2a-874f-4333-b794-aa6075009b1c',\n", + " 'value': 'Exploit Public-Facing '\n", + " 'Application - T1190',\n", + " 'version': '25'}],\n", + " 'description': 'ATT&CK Tactic',\n", + " 'enabled': True,\n", + " 'icon': 'map',\n", + " 'id': '23',\n", + " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", + " 'resource-development',\n", + " 'initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact'],\n", + " 'mitre-mobile-attack': ['initial-access',\n", + " 'execution',\n", + " 'persistence',\n", + " 'privilege-escalation',\n", + " 'defense-evasion',\n", + " 'credential-access',\n", + " 'discovery',\n", + " 'lateral-movement',\n", + " 'collection',\n", + " 'command-and-control',\n", + " 'exfiltration',\n", + " 'impact',\n", + " 'network-effects',\n", + " 'remote-service-effects'],\n", + " 'mitre-pre-attack': ['priority-definition-planning',\n", + " 'priority-definition-direction',\n", + " 'target-selection',\n", + " 'technical-information-gathering',\n", + " 'people-information-gathering',\n", + " 'organizational-information-gathering',\n", + " 'technical-weakness-identification',\n", + " 'people-weakness-identification',\n", + " 'organizational-weakness-identification',\n", + " 'adversary-opsec',\n", + " 'establish-&-maintain-infrastructure',\n", + " 'persona-development',\n", + " 'build-capabilities',\n", + " 'test-capabilities',\n", + " 'stage-capabilities']},\n", + " 'local_only': False,\n", + " 'name': 'Attack Pattern',\n", + " 'namespace': 'mitre-attack',\n", + " 'type': 'mitre-attack-pattern',\n", + " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", + " 'version': '9'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'Tag': [{'colour': '#004646',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '9',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'type:OSINT',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0071c3',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '10',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'osint:lifetime=\"perpetual\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '16',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:white',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ffffff',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '55',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:clear',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '170',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", + " 'Public-Facing Application - T1190\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '172',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:producer=\"Sophos\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '2',\n", + " 'attribute_count': '12',\n", + " 'date': '2024-02-23',\n", + " 'disable_correlation': False,\n", + " 'distribution': '3',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '61',\n", + " 'info': 'OSINT - ConnectWise ScreenConnect attacks deliver malware',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '1713149927',\n", + " 'published': True,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '2',\n", + " 'timestamp': '1708699989',\n", + " 'uuid': 'f8912a82-2870-4de2-9663-5fdbee0ed401'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '346',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '59',\n", + " 'id': '13134',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'calling-code': ['+352'],\n", + " 'capital': ['Luxembourg'],\n", + " 'currency': ['€',\n", + " 'EUR',\n", + " 'EURO'],\n", + " 'iso-code': ['LU', 'LUX'],\n", + " 'member-of': ['NATO'],\n", + " 'official-languages': ['French',\n", + " 'Luxembourgish',\n", + " 'German'],\n", + " 'synonyms': ['Grand Duchy '\n", + " 'of '\n", + " 'Luxembourg',\n", + " 'Grand-Duché '\n", + " 'de '\n", + " 'Luxembourg',\n", + " 'Lëtzebuerg',\n", + " 'Groussherzogtum '\n", + " 'Lëtzebuerg',\n", + " 'Luxemburg',\n", + " 'Großherzogtum '\n", + " 'Luxemburg'],\n", + " 'territory-type': ['Country'],\n", + " 'top-level-domain': ['lu']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 173,\n", + " 'tag_name': 'misp-galaxy:target-information=\"Luxembourg\"',\n", + " 'type': 'target-information',\n", + " 'uuid': 'f9a1d7f4-980a-11e9-a8b6-23162ddc4255',\n", + " 'value': 'Luxembourg',\n", + " 'version': '7'},\n", + " {'GalaxyClusterRelation': [],\n", + " 'Org': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'Orgc': {'contacts': '',\n", + " 'created_by': '0',\n", + " 'date_created': '',\n", + " 'date_modified': '',\n", + " 'description': 'Automatically '\n", + " 'generated '\n", + " 'MISP '\n", + " 'organisation',\n", + " 'id': '0',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'MISP',\n", + " 'nationality': 'Not '\n", + " 'specified',\n", + " 'restricted_to_domain': [],\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': '0'},\n", + " 'authors': ['Unknown'],\n", + " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", + " 'default': True,\n", + " 'deleted': False,\n", + " 'description': '',\n", + " 'distribution': '3',\n", + " 'event_tag_id': '347',\n", + " 'extends_uuid': '',\n", + " 'extends_version': '0',\n", + " 'galaxy_id': '59',\n", + " 'id': '13207',\n", + " 'local': False,\n", + " 'locked': False,\n", + " 'meta': {'calling-code': ['+33'],\n", + " 'capital': ['Paris'],\n", + " 'currency': ['€',\n", + " 'EUR',\n", + " 'EURO'],\n", + " 'iso-code': ['FR', 'FRA'],\n", + " 'member-of': ['NATO'],\n", + " 'official-languages': ['French'],\n", + " 'synonyms': ['French '\n", + " 'Republic',\n", + " 'République '\n", + " 'française'],\n", + " 'territory-type': ['Country'],\n", + " 'top-level-domain': ['.fr']},\n", + " 'org_id': '0',\n", + " 'orgc_id': '0',\n", + " 'published': False,\n", + " 'relationship_type': False,\n", + " 'sharing_group_id': None,\n", + " 'source': 'Various',\n", + " 'tag_id': 167,\n", + " 'tag_name': 'misp-galaxy:target-information=\"France\"',\n", + " 'type': 'target-information',\n", + " 'uuid': '0cc6ad08-fac6-42bc-a7c7-09a53ea6b968',\n", + " 'value': 'France',\n", + " 'version': '7'}],\n", + " 'description': 'Description of targets of threat '\n", + " 'actors.',\n", + " 'enabled': True,\n", + " 'icon': 'bullseye',\n", + " 'id': '59',\n", + " 'local_only': False,\n", + " 'name': 'Target Information',\n", + " 'namespace': 'misp',\n", + " 'type': 'target-information',\n", + " 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n", + " 'version': '1'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'date': '2024-04-15',\n", + " 'distribution': '0',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as '\n", + " 'an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'published': False,\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713155243',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}],\n", + " 'Tag': [{'colour': '#FF2B2B',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '53',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:red',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#ff0000',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '84',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'PAP:RED',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '173',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:target-information=\"Luxembourg\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'},\n", + " {'colour': '#0088cc',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '167',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': True,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'misp-galaxy:target-information=\"France\"',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '4',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '62',\n", + " 'info': 'Test event with some sample indicator to match on Jupyter '\n", + " 'notebook',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153254',\n", + " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'analysis': '0',\n", + " 'attribute_count': '0',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '63',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153707',\n", + " 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'}},\n", + " {'Event': {'CryptographicKey': [],\n", + " 'Galaxy': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'date': '2024-04-15',\n", + " 'distribution': '0',\n", + " 'id': '62',\n", + " 'info': 'Test event with some sample '\n", + " 'indicator to match on Jupyter '\n", + " 'notebook',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'published': False,\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153254',\n", + " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n", + " 'Tag': [{'colour': '#33FF00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '12',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:green',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '5',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713155243',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n" + ] + } + ], + "source": [ + "# Searching using the RestSearch\n", + "endpoint = '/events/restSearch'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"org\": \"CIRCL\",\n", + "# \"id\": 33,\n", + " \"metadata\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 55, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 2\n", + " - Attribute count: 0\n", + " - Attribute count: 4\n", + "----------\n", + "[{'Event': {'Attribute': [],\n", + " 'CryptographicKey': [],\n", + " 'EventReport': [],\n", + " 'Galaxy': [],\n", + " 'Object': [],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [],\n", + " 'ShadowAttribute': [],\n", + " 'analysis': '0',\n", + " 'attribute_count': '0',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '63',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153707',\n", + " 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'}},\n", + " {'Event': {'Attribute': [{'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': 'Comment added via the API',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3362',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154698',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", + " 'value': '127.0.0.1'},\n", + " {'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Payload delivery',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3364',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155138',\n", + " 'to_ids': False,\n", + " 'type': 'attachment',\n", + " 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n", + " 'value': 'cti-2024.png'},\n", + " {'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3365',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155215',\n", + " 'to_ids': False,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '1ce6d7c3-a3cf-4bf7-b0fe-a054b7a06342',\n", + " 'value': '8.8.8.8'},\n", + " {'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Network activity',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3366',\n", + " 'last_seen': None,\n", + " 'object_id': '0',\n", + " 'object_relation': None,\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713155243',\n", + " 'to_ids': True,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", + " 'value': '127.0.0.2'}],\n", + " 'CryptographicKey': [],\n", + " 'EventReport': [{'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '55',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713153904',\n", + " 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n", + " {'content': 'Body',\n", + " 'deleted': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'id': '56',\n", + " 'name': 'Report from API',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1713154575',\n", + " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n", + " 'Galaxy': [],\n", + " 'Object': [{'Attribute': [{'Galaxy': [],\n", + " 'ShadowAttribute': [],\n", + " 'category': 'Other',\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'disable_correlation': False,\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '3363',\n", + " 'last_seen': None,\n", + " 'object_id': '537',\n", + " 'object_relation': 'post',\n", + " 'sharing_group_id': '0',\n", + " 'timestamp': '1558702173',\n", + " 'to_ids': False,\n", + " 'type': 'text',\n", + " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", + " 'value': 'post'}],\n", + " 'ObjectReference': [],\n", + " 'comment': '',\n", + " 'deleted': False,\n", + " 'description': 'Microblog post like a Twitter tweet or '\n", + " 'a post on a Facebook wall.',\n", + " 'distribution': '5',\n", + " 'event_id': '64',\n", + " 'first_seen': None,\n", + " 'id': '537',\n", + " 'last_seen': None,\n", + " 'meta-category': 'misc',\n", + " 'name': 'microblog',\n", + " 'sharing_group_id': '0',\n", + " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", + " 'template_version': '5',\n", + " 'timestamp': '1558702173',\n", + " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n", + " 'Org': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'local': True,\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'Orgc': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'analysis': '0',\n", + " 'date': '2024-04-15',\n", + " 'distribution': '0',\n", + " 'id': '62',\n", + " 'info': 'Test event with some sample '\n", + " 'indicator to match on Jupyter '\n", + " 'notebook',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'published': False,\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713153254',\n", + " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n", + " 'ShadowAttribute': [],\n", + " 'Tag': [{'colour': '#33FF00',\n", + " 'exportable': True,\n", + " 'hide_tag': False,\n", + " 'id': '12',\n", + " 'is_custom_galaxy': False,\n", + " 'is_galaxy': False,\n", + " 'local': False,\n", + " 'local_only': False,\n", + " 'name': 'tlp:green',\n", + " 'numerical_value': None,\n", + " 'relationship_type': None,\n", + " 'user_id': '0'}],\n", + " 'analysis': '0',\n", + " 'attribute_count': '5',\n", + " 'date': '2024-04-15',\n", + " 'disable_correlation': False,\n", + " 'distribution': '0',\n", + " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", + " 'extends_uuid': '',\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'locked': False,\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'proposal_email_lock': False,\n", + " 'protected': None,\n", + " 'publish_timestamp': '0',\n", + " 'published': False,\n", + " 'sharing_group_id': '0',\n", + " 'threat_level_id': '1',\n", + " 'timestamp': '1713155243',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n" + ] + } + ], + "source": [ + "# Searching using the RestSearch\n", + "endpoint = '/events/restSearch'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"eventinfo\": \"%via the API%\",\n", + "# \"published\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Sightings" + ] + }, + { + "cell_type": "code", + "execution_count": 60, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Sighting': {'attribute_id': '3366',\n", + " 'date_sighting': '1713155573',\n", + " 'event_id': '64',\n", + " 'id': '102',\n", + " 'org_id': '15',\n", + " 'source': '',\n", + " 'type': '0',\n", + " 'uuid': '53eb767b-b54a-4d7d-b3d8-6809703a3975'}}\n" + ] + } + ], + "source": [ + "# Creating sightings\n", + "endpoint = '/sightings/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"id\": \"3366\"\n", + "# \"value\": \"127.2.2.2\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 63, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Count: 1\n", + "----------\n", + "[{'Sighting': {'Attribute': {'category': 'Network activity',\n", + " 'id': '3366',\n", + " 'to_ids': True,\n", + " 'type': 'ip-dst',\n", + " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", + " 'value': '127.0.0.2'},\n", + " 'Event': {'Orgc': {'name': 'CIRCL'},\n", + " 'id': '64',\n", + " 'info': 'Event created via the API as an example',\n", + " 'org_id': '15',\n", + " 'orgc_id': '15',\n", + " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", + " 'Organisation': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'attribute_id': '3366',\n", + " 'date_sighting': '1713155573',\n", + " 'event_id': '64',\n", + " 'id': '102',\n", + " 'org_id': '15',\n", + " 'source': '',\n", + " 'type': '0',\n", + " 'uuid': '53eb767b-b54a-4d7d-b3d8-6809703a3975',\n", + " 'value': '127.0.0.2'}}]\n" + ] + } + ], + "source": [ + "# Searching for sighted elements\n", + "endpoint = '/sightings/restSearch/event'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"returnFormat\": \"json\",\n", + " \"id\": 64,\n", + " \"includeAttribute\": 1,\n", + " \"includeEvent\": 1\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Warning lists" + ] + }, + { + "cell_type": "code", + "execution_count": 64, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'8.8.8.8': [{'id': '54',\n", + " 'matched': '8.8.8.8/32',\n", + " 'name': 'List of known IPv4 public DNS resolvers'}]}\n" + ] + } + ], + "source": [ + "# Checking values against the warining list\n", + "endpoint = '/warninglists/checkValue'\n", + "relative_path = ''\n", + "\n", + "body = [\"8.8.8.8\", \"yolo\", \"test\"]\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Instance management" + ] + }, + { + "cell_type": "code", + "execution_count": 65, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'Organisation': {'contacts': None,\n", + " 'created_by': '626',\n", + " 'date_created': '2024-04-15 04:34:16',\n", + " 'date_modified': '2024-04-15 04:34:16',\n", + " 'description': None,\n", + " 'id': '17',\n", + " 'landingpage': None,\n", + " 'local': True,\n", + " 'name': 'TEMP_ORG2',\n", + " 'nationality': '',\n", + " 'restricted_to_domain': None,\n", + " 'sector': '',\n", + " 'type': '',\n", + " 'uuid': 'c9a0a3d6-2698-4535-9bf3-782667e8779b'}}\n" + ] + } + ], + "source": [ + "# Creating Organisation\n", + "endpoint = '/admin/organisations/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"name\": \"TEMP_ORG2\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Creating Users\n", + "endpoint = '/admin/users/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"email\": \"from_api2@admin.test\",\n", + " \"org_id\": 1009,\n", + " \"role_id\": 3,\n", + " \"termsaccepted\": 1,\n", + " \"change_pw\": 0, # User prompted to change the psswd once logged in\n", + " \"password\": \"~~UlTrA_SeCuRe_PaSsWoRd~~\"\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Creating Sharing Groups\n", + "endpoint = '/sharing_groups/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"name\": \"TEMP_SG2\",\n", + " \"releasability\": \"To nobody\",\n", + " \"SharingGroupOrg\": [\n", + " {\n", + " \"name\": \"ORGNAME\",\n", + " \"extend\": 1\n", + " },\n", + " {\n", + " \"name\": \"CIRCL\",\n", + " \"extend\": 1\n", + " }\n", + " ]\n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "scrolled": true + }, + "outputs": [], + "source": [ + "# Server\n", + "endpoint = '/servers/add'\n", + "relative_path = ''\n", + "\n", + "body = {\n", + " \"url\": \"http://127.0.0.1:80/\",\n", + " \"name\": \"Myself\",\n", + " \"remote_org_id\": \"2\",\n", + " \"authkey\": \"UHwmZCH4QdSKqPVunxTzfSes8n7ibBhUlsd0dmx9\"\n", + " \n", + "}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Server settings\n", + "endpoint = '/servers/serverSettings'\n", + "relative_path = ''\n", + "\n", + "body = {}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "code", + "execution_count": 99, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{'stats': {'attribute_count': 51848,\n", + " 'attribute_count_month': 11,\n", + " 'attributes_per_event': 701,\n", + " 'average_user_per_org': 2.6,\n", + " 'contributing_org_count': 6,\n", + " 'correlation_count': 63,\n", + " 'event_count': 74,\n", + " 'event_count_month': 7,\n", + " 'local_org_count': 7,\n", + " 'org_count': 16,\n", + " 'post_count': 14,\n", + " 'post_count_month': 0,\n", + " 'proposal_count': 1,\n", + " 'thread_count': 2,\n", + " 'thread_count_month': 0,\n", + " 'user_count': 18,\n", + " 'user_count_pgp': 0}}\n" + ] + } + ], + "source": [ + "# Statistics\n", + "endpoint = '/users/statistics'\n", + "relative_path = ''\n", + "\n", + "body = {}\n", + "\n", + "res = misp.direct_call(endpoint + relative_path, body)\n", + "print_result(res)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Not Available:\n", + "- misp-module" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3 (ipykernel)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.10.12" + } + }, + "nbformat": 4, + "nbformat_minor": 4 +} diff --git a/complementary/jupyter-notebooks/query-misp-public.ipynb b/complementary/jupyter-notebooks/query-misp-public.ipynb new file mode 100644 index 0000000..5884c76 --- /dev/null +++ b/complementary/jupyter-notebooks/query-misp-public.ipynb @@ -0,0 +1,1354 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Extracting data from MISP using PyMISP" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Recovering the API KEY" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "- Go to `Global Actions` then `My Profile`\n", + "- Access the `/users/view/me` URL" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": {}, + "outputs": [], + "source": [ + "from pymisp import PyMISP\n", + "import urllib3\n", + "urllib3.disable_warnings()\n", + "\n", + "misp_url = 'https://training.misp-community.org/'\n", + "misp_key = 'YOURAPIKEY'\n", + "# Should PyMISP verify the MISP certificate\n", + "misp_verifycert = False\n", + "\n", + "misp = PyMISP(misp_url, misp_key, misp_verifycert)" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "metadata": {}, + "outputs": [], + "source": [ + "import datetime\n", + "from pprint import pprint\n", + "import base64\n", + "import subprocess" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Retrieving an Event" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\n", + "OSINT - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)\n" + ] + } + ], + "source": [ + "r1 = misp.get_event('9802116c-3ec3-4a8e-8b39-5c69b08df5ab', pythonify=True)\n", + "print(r1)\n", + "r2 = misp.get_event(60, pythonify=False)\n", + "print(type(r2))\n", + "print(r2['Event']['info'])" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Searching the Event index" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "339b8437-13e8-4ae6-97dc-47cf909aa78d\n" + ] + } + ], + "source": [ + "r = misp.search_index(pythonify=True)\n", + "print(r[1].uuid)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "#### Only published Events" + ] + }, + { + "cell_type": "code", + "execution_count": 5, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "[PAP:RED\n", + "\n", + " - **RED**: (PAP:RED) Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.\n", + "#### access-method\n", + "*The access method used to remotely access a system.*\n", + "- access-method:stolen-credentials\n", + "\n", + " - **stolen-credentials**: Stolen credentials\n", + "#### admiralty-scale\n", + "*The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.*\n", + "- admiralty-scale:information-credibility="1"\n", + "\n", + " - **information-credibility**: Information Credibility\n", + " - **1**: Confirmed by other sources\n", + "- admiralty-scale:information-credibility="2"\n", + "\n", + " - **information-credibility**: Information Credibility\n", + " - **2**: Probably true\n", + "- admiralty-scale:source-reliability="a"\n", + "\n", + " - **source-reliability**: Source Reliability\n", + " - **a**: Completely reliable\n", + "- admiralty-scale:source-reliability="b"\n", + "\n", + " - **source-reliability**: Source Reliability\n", + " - **b**: Usually reliable\n", + "#### circl\n", + "*CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection*\n", + "- circl:incident-classification="vulnerability"\n", + "\n", + " - **incident-classification**: Incident Classification\n", + " - **vulnerability**: Vulnerability\n", + "#### domain-abuse\n", + "*Domain Name Abuse - taxonomy to tag domain names used for cybercrime.*\n", + "- domain-abuse:domain-access-method="compromised-domain-name-registrar"\n", + "\n", + " - **domain-access-method**: Domain access method\n", + " - **compromised-domain-name-registrar**: Compromised domain name registrar\n", + "#### economical-impact\n", + "*Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).*\n", + "- economical-impact:loss="less-than-1B-euro"\n", + "\n", + " - **loss**: Loss\n", + " - **less-than-1B-euro**: Less than 1 billion EUR\n", + "#### enisa\n", + "*The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.*\n", + "- enisa:nefarious-activity-abuse="spear-phishing-attacks"\n", + "\n", + " - **nefarious-activity-abuse**: Nefarious Activity/ Abuse\n", + " - **spear-phishing-attacks**: Spear phishing attacks\n", + "#### estimative-language\n", + "*Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence*\n", + "- estimative-language:likelihood-probability="almost-certain"\n", + "\n", + " - **likelihood-probability**: Likelihood or probability\n", + " - **almost-certain**: Almost certain(ly) - nearly certain - 95-99%\n", + "- estimative-language:likelihood-probability="very-likely"\n", + "\n", + " - **likelihood-probability**: Likelihood or probability\n", + " - **very-likely**: Very likely - highly probable - 80-95%\n", + "#### infoleak\n", + "*A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.*\n", + "- infoleak:automatic-detection="bitcoin-address"\n", + "\n", + " - **automatic-detection**: Type of information leak detected from automatic analysis\n", + " - **bitcoin-address**: Bitcoin address\n", + "#### osint\n", + "*Open Source Intelligence - Classification (MISP taxonomies)*\n", + "- osint:certainty="50"\n", + "\n", + " - **certainty**: Certainty of the elements mentioned in this Open Source Intelligence\n", + " - **50**: Chances about even (probability equals 0.50 - 50%)\n", + "- osint:certainty="93"\n", + "\n", + " - **certainty**: Certainty of the elements mentioned in this Open Source Intelligence\n", + " - **93**: Almost certain (probability equals 0.93 - 93%)\n", + "- osint:lifetime="perpetual"\n", + "\n", + " - **lifetime**: Lifetime of the information as Open Source Intelligence\n", + " - **perpetual**: Perpetual\n", + "- osint:source-type="technical-report"\n", + "\n", + " - **source-type**: Source Type\n", + " - **technical-report**: Technical or analysis report\n", + "#### tlp\n", + "*The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.*\n", + "- tlp:amber+strict\n", + "\n", + " - **amber+strict**: Limited disclosure, recipients can only spread this on a need-to-know basis within their organization.\n", + "- tlp:clear\n", + "\n", + " - **clear**: (TLP:CLEAR) Recipients can spread this to the world, there is no limit on disclosure.\n", + "- tlp:green\n", + "\n", + " - **green**: (TLP:GREEN) Limited disclosure, recipients can spread this within their community.\n", + "- tlp:red\n", + "\n", + " - **red**: (TLP:RED) For the eyes and ears of individual recipients only, no further disclosure.\n", + "- tlp:white\n", + "\n", + " - **white**: (TLP:WHITE) Information can be shared publicly in accordance with the law.\n", + "#### type\n", + "*Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence.*\n", + "- type:OSINT\n", + "\n", + " - **OSINT**: Open Source Intelligence\n", + "#### workflow\n", + "*Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.*\n", + "- workflow:state="draft"\n", + "\n", + " - **state**: State\n", + " - **draft**: Draft means the information tagged can be released as a preliminary version or outline.\n", + "- workflow:state="incomplete"\n", + "\n", + " - **state**: State\n", + " - **incomplete**: Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis.\n", + "## Galaxy Clusters\n", + "#### Country\n", + "*Country meta information based on the database provided by geonames.org.*\n", + "- *[russia](https://training.misp-community.org/galaxy_clusters/view/14623)*\n", + "Russia\n", + "#### attck4fraud\n", + "*attck4fraud - Principles of MITRE ATT&CK in the fraud domain*\n", + "- *[ATM Black Box Attack](https://training.misp-community.org/galaxy_clusters/view/575)*\n", + "Type of Jackpotting attack. Connection of an unauthorized device which sends dispense commands directly to the ATM cash dispenser in order to “cash out” the ATM.\n", + "#### Attack Pattern\n", + "*ATT&CK Tactic*\n", + "- *[Asymmetric Cryptography - T1573.002](https://training.misp-community.org/galaxy_clusters/view/5291)*\n", + "Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Asymmetric cryptography, also known as public key cryptography, uses a keypair per party: one public that can be...\n", + "- *[Clear Command History - T1070.003](https://training.misp-community.org/galaxy_clusters/view/4842)*\n", + "In addition to clearing system logs, an adversary may clear the command history of a compromised account to conceal the actions undertaken during an intrusion. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they've done.\n", + "\n", + "On L...\n", + "- *[Compromise Client Software Binary - T1554](https://training.misp-community.org/galaxy_clusters/view/4806)*\n", + "Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server. Common client software types are SSH clients, FTP clients, email clients, and web browsers.\n", + "\n", + "Adversaries may make modifications to client ...\n", + "- *[Defacement - T1491](https://training.misp-community.org/galaxy_clusters/view/5614)*\n", + "Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reasons for [Defacement](https://attack.mitre.org/techniques/T1491) include delivering messaging, intimidation, or claiming (possibly false) credit...\n", + "- *[Exploit Public-Facing Application - T1190](https://training.misp-community.org/galaxy_clusters/view/4825)*\n", + "Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration.\n", + "\n", + "Exploited applications are often websites/web servers, but can also include databases (like ...\n", + "- *[External Remote Services - T1133](https://training.misp-community.org/galaxy_clusters/view/5048)*\n", + "Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gate...\n", + "- *[Multi-hop Proxy - T1090.003](https://training.misp-community.org/galaxy_clusters/view/5153)*\n", + "To disguise the source of malicious traffic, adversaries may chain together multiple proxies. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network; the defender may or may not be able to identify any previous proxies before the last-hop proxy...\n", + "- *[Obfuscated Files or Information - T1027](https://training.misp-community.org/galaxy_clusters/view/4727)*\n", + "Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses. \n", + "\n", + "Payloads may be ...\n", + "- *[Spearphishing Attachment - T1193](https://training.misp-community.org/galaxy_clusters/view/5453)*\n", + "Spearphishing attachment is a specific variant of spearphishing. Spearphishing attachment is different from other forms of spearphishing in that it employs the use of malware attached to an email. All forms of spearphishing are electronically delivered social engineering targeted at a specific indiv...\n", + "- *[Spearphishing Link - T1192](https://training.misp-community.org/galaxy_clusters/view/5444)*\n", + "Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachmen...\n", + "- *[Symmetric Cryptography - T1573.001](https://training.misp-community.org/galaxy_clusters/view/5271)*\n", + "Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symme...\n", + "- *[Timestomp - T1070.006](https://training.misp-community.org/galaxy_clusters/view/5528)*\n", + "Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have bee...\n", + "- *[Traffic Signaling - T1205](https://training.misp-community.org/galaxy_clusters/view/5396)*\n", + "Adversaries may use traffic signaling to hide open ports or other malicious functionality used for persistence or command and control. Traffic signaling involves the use of a magic value or sequence that must be sent to a system to trigger a special response, such as opening a closed port or executi...\n", + "- *[Vulnerabilities - T1588.006](https://training.misp-community.org/galaxy_clusters/view/5584)*\n", + "Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an adversary to cause unintended or unanticipated behavior to occur. Adversaries may find vulnerability i...\n", + "#### Course of Action\n", + "*ATT&CK Mitigation*\n", + "- *[Multi-factor Authentication - M1032](https://training.misp-community.org/galaxy_clusters/view/5854)*\n", + "Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.\n", + "#### Techniques\n", + "*ATT&CK for ICS Techniques*\n", + "- *[Spearphishing Attachment](https://training.misp-community.org/galaxy_clusters/view/6753)*\n", + "Adversaries may use a spearphishing attachment, a variant of spearphishing, as a form of a social engineering attack against specific targets. Spearphishing attachments are different from other forms of spearphishing in that they employ malware attached to an email. All forms of spearphishing are el...\n", + "#### Ransomware\n", + "*Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml*\n", + "- *[Conti](https://training.misp-community.org/galaxy_clusters/view/9554)*\n", + "Conti ransomware is a RaaS and has been observed encrypting networks since mid-2020.\n", + "Conti was developed by the “TrickBot” group, an organized Russian cybercriminal operation. Their reputation has allowed the group to create a strong brand name, attracting many affiliates which has made Conti on...\n", + "- *[Korean](https://training.misp-community.org/galaxy_clusters/view/8410)*\n", + "Ransomware Based on HiddenTear\n", + "#### Regions UN M49\n", + "*Regions based on UN M49.*\n", + "- *[021 - Northern America](https://training.misp-community.org/galaxy_clusters/view/10024)*\n", + "\n", + "- *[142 - Asia](https://training.misp-community.org/galaxy_clusters/view/10034)*\n", + "\n", + "- *[150 - Europe](https://training.misp-community.org/galaxy_clusters/view/10037)*\n", + "\n", + "#### Sector\n", + "*Activity sectors*\n", + "- *[Academia - University](https://training.misp-community.org/galaxy_clusters/view/18422)*\n", + "\n", + "- *[Government, Administration](https://training.misp-community.org/galaxy_clusters/view/18448)*\n", + "\n", + "- *[IT - ISP](https://training.misp-community.org/galaxy_clusters/view/18456)*\n", + "\n", + "- *[Marketing](https://training.misp-community.org/galaxy_clusters/view/18526)*\n", + "\n", + "#### Target Information\n", + "*Description of targets of threat actors.*\n", + "- *[France](https://training.misp-community.org/galaxy_clusters/view/13207)*\n", + "\n", + "- *[Luxembourg](https://training.misp-community.org/galaxy_clusters/view/13134)*\n", + "\n", + "- *[Netherlands](https://training.misp-community.org/galaxy_clusters/view/13281)*\n", + "\n", + "#### Threat Actor\n", + "*Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.*\n", + "- *[Deadeye Jackal](https://training.misp-community.org/galaxy_clusters/view/18607)*\n", + "The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial of service attacks, it has targeted political opposition groups, wester...\n" + ] + } + ], + "source": [ + "# Get the context of Events that were created by organisations from the financial sector\n", + "\n", + "body = {\n", + " 'returnFormat': 'context-markdown',\n", + " 'org.sector': ['financial'],\n", + "}\n", + "\n", + "r2 = misp.direct_call('/events/restSearch', body)\n", + "print(r2)" + ] + }, + { + "cell_type": "code", + "execution_count": 7, + "metadata": {}, + "outputs": [], + "source": [ + "# Get the context of Events that had the threat actor APT-29 attached\n", + "\n", + "body = {\n", + " 'returnFormat': 'context',\n", + " 'tags': ['misp-galaxy:threat-actor=\\\"APT 29\\\"'],\n", + " 'staticHtml': 1, # If you want a JS-free HTML\n", + "}\n", + "\n", + "r2 = misp.direct_call('/events/restSearch', body)\n", + "with open('/tmp/attackOutput.html', 'w') as f:\n", + " f.write(r2)\n", + " # subprocess.run(['google-chrome', '--incognito', '/tmp/attackOutput.html'])\n" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "#### Be carefull with the amount of data you ask, use `pagination` if needed\n", + "\n", + "- `limit`: Specify the amount of data to be returned\n", + "- `page`: Specify the start of the rolling window. Is **not** zero-indexed\n", + "\n", + "If the size of the returned data is larger than the memory enveloppe you might get a different behavior based on your MISP setting:\n", + "- Nothing returned. Allowed memeory by PHP process exausted\n", + "- Data returned but slow. MISP will concatenante the returned data in a temporary file on disk\n", + " - This behavior is only applicable for `/*/restSearch` endpoints" + ] + }, + { + "cell_type": "code", + "execution_count": 8, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Amount of Attributes 615\n", + "Amount of paginated Attributes 5\n" + ] + } + ], + "source": [ + "r1 = misp.search(controller='attributes', pythonify=True)\n", + "print('Amount of Attributes', len(r1))\n", + "\n", + "r2 = misp.search(\n", + " controller='attributes',\n", + " page=1,\n", + " limit=5,\n", + " pythonify=True)\n", + "print('Amount of paginated Attributes', len(r2))" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Searching for Sightings" + ] + }, + { + "cell_type": "code", + "execution_count": 10, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "[{'Sighting': {'Organisation': {'id': '15',\n", + " 'name': 'CIRCL',\n", + " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", + " 'attribute_id': '3361',\n", + " 'date_sighting': '1713153547',\n", + " 'event_id': '62',\n", + " 'id': '101',\n", + " 'org_id': '15',\n", + " 'source': '',\n", + " 'type': '0',\n", + " 'uuid': 'f80e5d2b-d6a0-4127-9c09-654722470a44',\n", + " 'value': 'John'}}]\n" + ] + } + ], + "source": [ + "body = {\n", + " 'last': '7d'\n", + "}\n", + "\n", + "sightings = misp.direct_call('/sightings/restSearch', body)\n", + "pprint(sightings)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Plotting data" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "#### Sightings over time" + ] + }, + { + "cell_type": "code", + "execution_count": 11, + "metadata": {}, + "outputs": [], + "source": [ + "import pandas as pd\n", + "import matplotlib.pyplot as plt" + ] + }, + { + "cell_type": "code", + "execution_count": 12, + "metadata": {}, + "outputs": [ + { + "name": "stderr", + "output_type": "stream", + "text": [ + "/tmp/ipykernel_169481/2015836940.py:4: FutureWarning: The behavior of 'to_datetime' with 'unit' when parsing strings is deprecated. In a future version, strings will be parsed as datetime strings, matching the behavior without a 'unit'. To retain the old behavior, explicitly cast ints or floats to numeric type before calling to_datetime.\n", + " df[\"date_sighting\"] = pd.to_datetime(df[\"date_sighting\"], unit='s')\n" + ] + }, + { + "data": { + "text/html": [ + "
\n", + "\n", + "\n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + "
idattribute_idevent_idorg_iddate_sightinguuidsourcetypevalueOrganisationone
0101336162152024-04-15 03:58:56f80e5d2b-d6a0-4127-9c09-654722470a440John{'id': '15', 'uuid': '55f6ea5e-2c60-40e5-964f-...1
\n", + "
" + ], + "text/plain": [ + " id attribute_id event_id org_id date_sighting \\\n", + "0 101 3361 62 15 2024-04-15 03:58:56 \n", + "\n", + " uuid source type value \\\n", + "0 f80e5d2b-d6a0-4127-9c09-654722470a44 0 John \n", + "\n", + " Organisation one \n", + "0 {'id': '15', 'uuid': '55f6ea5e-2c60-40e5-964f-... 1 " + ] + }, + "execution_count": 12, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "# Converting our data to Panda DataFrame\n", + "sighting_rearranged = [sighting['Sighting'] for sighting in sightings]\n", + "df = pd.DataFrame.from_dict(sighting_rearranged)\n", + "df[\"date_sighting\"] = pd.to_datetime(df[\"date_sighting\"], unit='s')\n", + "df['one'] = 1\n", + "df" + ] + }, + { + "cell_type": "code", + "execution_count": 13, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "Min and Max: 2024-04-15 03:58:56 2024-04-15 03:58:56\n", + "Time delta: 0 days 00:00:00\n", + "Unique Event IDs: ['62']\n" + ] + } + ], + "source": [ + "print('Min and Max:', df['date_sighting'].min(), df['date_sighting'].max())\n", + "print('Time delta:', df['date_sighting'].max() - df['date_sighting'].min())\n", + "print('Unique Event IDs:', df.event_id.unique())" + ] + }, + { + "cell_type": "code", + "execution_count": 14, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "attribute_id\n", + "3361 1\n", + "Name: count, dtype: int64\n" + ] + }, + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 14, + "metadata": {}, + "output_type": "execute_result" + }, + { + "data": { + "image/png": "iVBORw0KGgoAAAANSUhEUgAAAiMAAAHFCAYAAAAg3/mzAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMywgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/H5lhTAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAhh0lEQVR4nO3de1CVBf7H8Q8H4uIqaF5A6BiaZd5FTaI0daOwlF0321hr87Kpq1maTLOCJqap2LYak5csN8eaWQeqaa0WB0fZNTMpN5VcJ29oBqmg6MQxNFAOvz8aTz/yxlHgK/B+zZw/eHgu3+POLu99Luf4VFZWVgoAAMCIw3oAAADQuBEjAADAFDECAABMESMAAMAUMQIAAEwRIwAAwBQxAgAATPlZD1AdbrdbR48eVbNmzeTj42M9DgAAqIbKykqdPn1a4eHhcjguf/6jXsTI0aNH5XQ6rccAAADXoKCgQLfccstlf18vYqRZs2aSfnozwcHBxtMAAIDqcLlccjqdnr/jl1MvYuTCpZng4GBiBACAeuZqt1hwAysAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAw5XWMbN68WfHx8QoPD5ePj4/Wrl171W02bdqk3r17KyAgQB07dtTq1auvYVQAANAQeR0jpaWl6tmzp5YtW1at9b/55hsNHTpUgwcPVm5urp577jmNGzdO69ev93pYAADQ8Hj9rb0PPfSQHnrooWqvv2LFCrVv316LFi2SJHXu3FlbtmzRq6++qri4OG8PDwAAGphav2ckJydHsbGxVZbFxcUpJyfnstuUlZXJ5XJVeQEAgIbJ6zMj3iosLFRoaGiVZaGhoXK5XDp79qyCgoIu2iY1NVVz5syp7dFwA4tMyrQeAUAtObxwqPUIuMHckE/TJCcnq6SkxPMqKCiwHgkAANSSWj8zEhYWpqKioirLioqKFBwcfMmzIpIUEBCggICA2h4NAADcAGr9zEhMTIyys7OrLNuwYYNiYmJq+9AAAKAe8DpGfvjhB+Xm5io3N1fST4/u5ubmKj8/X9JPl1hGjRrlWX/ixIk6dOiQ/vKXv2jv3r1avny53n33XU2bNq1m3gEAAKjXvI6RL7/8UlFRUYqKipIkJSYmKioqSikpKZKkY8eOecJEktq3b6/MzExt2LBBPXv21KJFi/T3v/+dx3oBAIAkyaeysrLSeoircblcCgkJUUlJiYKDg63HQR3gaRqg4eJpmsajun+/b8inaQAAQONBjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwdU0xsmzZMkVGRiowMFDR0dHatm3bFddPS0tTp06dFBQUJKfTqWnTpunHH3+8poEBAEDD4nWMZGRkKDExUbNnz9aOHTvUs2dPxcXF6fjx45dcf82aNUpKStLs2bO1Z88evfXWW8rIyNCMGTOue3gAAFD/eR0jixcv1vjx4zV27Fh16dJFK1asUJMmTbRq1apLrr9161bde++9evzxxxUZGakHH3xQI0eOvOrZFAAA0Dh4FSPl5eXavn27YmNjf96Bw6HY2Fjl5ORccpt77rlH27dv98THoUOHtG7dOj388MOXPU5ZWZlcLleVFwAAaJj8vFm5uLhYFRUVCg0NrbI8NDRUe/fuveQ2jz/+uIqLi9W/f39VVlbq/Pnzmjhx4hUv06SmpmrOnDnejAYAAOqpWn+aZtOmTVqwYIGWL1+uHTt26IMPPlBmZqZeeumly26TnJyskpISz6ugoKC2xwQAAEa8OjPSqlUr+fr6qqioqMryoqIihYWFXXKbWbNm6cknn9S4ceMkSd27d1dpaakmTJigmTNnyuG4uIcCAgIUEBDgzWgAAKCe8urMiL+/v/r06aPs7GzPMrfbrezsbMXExFxymzNnzlwUHL6+vpKkyspKb+cFAAANjFdnRiQpMTFRo0ePVt++fdWvXz+lpaWptLRUY8eOlSSNGjVKERERSk1NlSTFx8dr8eLFioqKUnR0tPLy8jRr1izFx8d7ogQAADReXsdIQkKCTpw4oZSUFBUWFqpXr17Kysry3NSan59f5UzICy+8IB8fH73wwgs6cuSIWrdurfj4eM2fP7/m3gUAAKi3fCrrwbUSl8ulkJAQlZSUKDg42Hoc1IHIpEzrEQDUksMLh1qPgDpS3b/ffDcNAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU9cUI8uWLVNkZKQCAwMVHR2tbdu2XXH977//XpMnT1bbtm0VEBCgO+64Q+vWrbumgQEAQMPi5+0GGRkZSkxM1IoVKxQdHa20tDTFxcVp3759atOmzUXrl5eX64EHHlCbNm30/vvvKyIiQt9++62aN29eE/MDAIB6zusYWbx4scaPH6+xY8dKklasWKHMzEytWrVKSUlJF62/atUqnTp1Slu3btVNN90kSYqMjLy+qQEAQIPh1WWa8vJybd++XbGxsT/vwOFQbGyscnJyLrnNRx99pJiYGE2ePFmhoaHq1q2bFixYoIqKissep6ysTC6Xq8oLAAA0TF7FSHFxsSoqKhQaGlpleWhoqAoLCy+5zaFDh/T++++roqJC69at06xZs7Ro0SLNmzfvssdJTU1VSEiI5+V0Or0ZEwAA1CO1/jSN2+1WmzZt9Oabb6pPnz5KSEjQzJkztWLFistuk5ycrJKSEs+roKCgtscEAABGvLpnpFWrVvL19VVRUVGV5UVFRQoLC7vkNm3bttVNN90kX19fz7LOnTursLBQ5eXl8vf3v2ibgIAABQQEeDMaAACop7w6M+Lv768+ffooOzvbs8ztdis7O1sxMTGX3Obee+9VXl6e3G63Z9n+/fvVtm3bS4YIAABoXLy+TJOYmKiVK1fq7bff1p49ezRp0iSVlpZ6nq4ZNWqUkpOTPetPmjRJp06d0tSpU7V//35lZmZqwYIFmjx5cs29CwAAUG95/WhvQkKCTpw4oZSUFBUWFqpXr17Kysry3NSan58vh+PnxnE6nVq/fr2mTZumHj16KCIiQlOnTtX06dNr7l0AAIB6y6eysrLSeoircblcCgkJUUlJiYKDg63HQR2ITMq0HgFALTm8cKj1CKgj1f37zXfTAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPXFCPLli1TZGSkAgMDFR0drW3btlVru/T0dPn4+Gj48OHXclgAANAAeR0jGRkZSkxM1OzZs7Vjxw717NlTcXFxOn78+BW3O3z4sJ5//nkNGDDgmocFAAANj9cxsnjxYo0fP15jx45Vly5dtGLFCjVp0kSrVq267DYVFRV64oknNGfOHHXo0OG6BgYAAA2LVzFSXl6u7du3KzY29ucdOByKjY1VTk7OZbebO3eu2rRpo6eeeqpaxykrK5PL5aryAgAADZNXMVJcXKyKigqFhoZWWR4aGqrCwsJLbrNlyxa99dZbWrlyZbWPk5qaqpCQEM/L6XR6MyYAAKhHavVpmtOnT+vJJ5/UypUr1apVq2pvl5ycrJKSEs+roKCgFqcEAACW/LxZuVWrVvL19VVRUVGV5UVFRQoLC7to/YMHD+rw4cOKj4/3LHO73T8d2M9P+/bt02233XbRdgEBAQoICPBmNAAAUE95dWbE399fffr0UXZ2tmeZ2+1Wdna2YmJiLlr/zjvv1P/+9z/l5uZ6Xr/5zW80ePBg5ebmcvkFAAB4d2ZEkhITEzV69Gj17dtX/fr1U1pamkpLSzV27FhJ0qhRoxQREaHU1FQFBgaqW7duVbZv3ry5JF20HAAANE5ex0hCQoJOnDihlJQUFRYWqlevXsrKyvLc1Jqfny+Hgw92BQAA1eNTWVlZaT3E1bhcLoWEhKikpETBwcHW46AORCZlWo8AoJYcXjjUegTUker+/eYUBgAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPXFCPLli1TZGSkAgMDFR0drW3btl123ZUrV2rAgAFq0aKFWrRoodjY2CuuDwAAGhevYyQjI0OJiYmaPXu2duzYoZ49eyouLk7Hjx+/5PqbNm3SyJEj9Z///Ec5OTlyOp168MEHdeTIkeseHgAA1H8+lZWVld5sEB0drbvuuktLly6VJLndbjmdTj377LNKSkq66vYVFRVq0aKFli5dqlGjRl1ynbKyMpWVlXl+drlccjqdKikpUXBwsDfjop6KTMq0HgFALTm8cKj1CKgjLpdLISEhV/377dWZkfLycm3fvl2xsbE/78DhUGxsrHJycqq1jzNnzujcuXO6+eabL7tOamqqQkJCPC+n0+nNmAAAoB7xKkaKi4tVUVGh0NDQKstDQ0NVWFhYrX1Mnz5d4eHhVYLml5KTk1VSUuJ5FRQUeDMmAACoR/zq8mALFy5Uenq6Nm3apMDAwMuuFxAQoICAgDqcDAAAWPEqRlq1aiVfX18VFRVVWV5UVKSwsLArbvu3v/1NCxcu1MaNG9WjRw/vJwUAAA2SV5dp/P391adPH2VnZ3uWud1uZWdnKyYm5rLb/fWvf9VLL72krKws9e3b99qnBQAADY7Xl2kSExM1evRo9e3bV/369VNaWppKS0s1duxYSdKoUaMUERGh1NRUSdLLL7+slJQUrVmzRpGRkZ57S5o2baqmTZvW4FsBAAD1kdcxkpCQoBMnTiglJUWFhYXq1auXsrKyPDe15ufny+H4+YTL66+/rvLycj366KNV9jN79my9+OKL1zc9AACo97z+nBEL1X1OGQ0HnzMCNFx8zkjjUSufMwIAAFDTiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApq4pRpYtW6bIyEgFBgYqOjpa27Ztu+L67733nu68804FBgaqe/fuWrdu3TUNCwAAGh6vYyQjI0OJiYmaPXu2duzYoZ49eyouLk7Hjx+/5Ppbt27VyJEj9dRTT2nnzp0aPny4hg8frt27d1/38AAAoP7zqaysrPRmg+joaN11111aunSpJMntdsvpdOrZZ59VUlLSResnJCSotLRU//rXvzzL7r77bvXq1UsrVqyo1jFdLpdCQkJUUlKi4OBgb8ZFPRWZlGk9AoBacnjhUOsRUEeq+/fbz5udlpeXa/v27UpOTvYsczgcio2NVU5OziW3ycnJUWJiYpVlcXFxWrt27WWPU1ZWprKyMs/PJSUlkn56U2gc3GVnrEcAUEv43/LG48J/1lc77+FVjBQXF6uiokKhoaFVloeGhmrv3r2X3KawsPCS6xcWFl72OKmpqZozZ85Fy51OpzfjAgBuQCFp1hOgrp0+fVohISGX/b1XMVJXkpOTq5xNcbvdOnXqlFq2bCkfHx/DyQDUNJfLJafTqYKCAi7DAg1MZWWlTp8+rfDw8Cuu51WMtGrVSr6+vioqKqqyvKioSGFhYZfcJiwszKv1JSkgIEABAQFVljVv3tybUQHUM8HBwcQI0ABd6YzIBV49TePv768+ffooOzvbs8ztdis7O1sxMTGX3CYmJqbK+pK0YcOGy64PAAAaF68v0yQmJmr06NHq27ev+vXrp7S0NJWWlmrs2LGSpFGjRikiIkKpqamSpKlTp2rgwIFatGiRhg4dqvT0dH355Zd68803a/adAACAesnrGElISNCJEyeUkpKiwsJC9erVS1lZWZ6bVPPz8+Vw/HzC5Z577tGaNWv0wgsvaMaMGbr99tu1du1adevWrebeBYB6KyAgQLNnz77o0iyAxsPrzxkBAACoSXw3DQAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMALhhud1u6xEA1AFiBMANJS8vT3PmzNGZM2fkcDgIEqAR8Prj4AGgtuTl5enee+9VRUWFXC6XXnrpJTVp0kRut7vK10wAaFj4OHgAN4SSkhKNGTNGfn5+at++vTZv3qyYmBjNnz+fIAEaOP6bDeCG0LRpU3Xp0kWPPvqo5s2bp6FDhyonJ0czZsy45CUb/n8U0HBwZgSAqcrKSvn4+EiSzp8/Lz+/n64enz17Vq+88orWrVunu+++W6mpqQoKClJZWRnf8As0MJwZAWAmLy9PL7/8slwulyR5QuT8+fMKCgrS9OnT9fDDD+uLL77QjBkz9P3332vy5MkaMWKE5dgAahg3sAIwsWvXLt1///36wx/+oIKCAnXt2tVz6cXPz08VFRUKCAjQ9OnTJUnr169Xv379dOzYMW3YsMFydAA1jMs0AOpcYWGh+vfvr/j4eL366que5eXl5fL39/f8XFFRIV9fX7lcLvXv31/fffedPvnkE3Xv3t1ibAC1hMs0AOrcnj17FB4erldffVVut1tPP/20hg0bpt69e+vtt99WUVGRJMnX11fl5eWaPXu2Dh48SIgADRQxAqDOnTp1SmfPnlV5ebkGDx6sQ4cO6e6779agQYM0ZcoULV26VGfOnJEk+fv7q6KiQps3byZEgAaKe0YA1Lng4GAdOHBAGzduVEREhNLS0tSmTRtJUo8ePfTMM88oPj5e/fr1kyS99tprluMCqGWcGQFQ5x544AH1799fI0eOVE5OjqSfPzdkwoQJ6tKlCzepAo0IZ0YA1Kq8vDy98847+uabbzRw4ECNGzdOkvTss8/K5XIpNzdX+fn5njMj586dU/PmzRUREWE5NoA6RIwAqDW7du3SkCFD1Lt3b/n5+WnixIk6f/68Jk6cqAceeECnT5/W3LlzNWTIEC1fvlxNmzbV559/rry8PN13333W4wOoI8QIgFqRl5en+Ph4jRkzRvPmzZPD4dCECRN05MgRSZLD4dCIESPUtWtXpaamaurUqWrevLmCgoL08ccfq0OHDsbvAEBd4XNGANS48+fPKykpSSUlJVqyZIkCAwMlSU8++aROnjypyspKRUVF6YknnlDXrl0lSQcOHFBISIj8/Px08803W44PoI5xZgRAjbtwSebIkSOeEJk/f77WrFmjSZMmqU2bNlqyZIn27t2r9PR0+fv7q2PHjp7vqAHQuBAjAGrMqVOnVFRUJIfDoU6dOqljx46SpMOHD2vPnj3KzMzUkCFDJElxcXGKiYnRzp07FR0dTYgAjRiP9gKoEbt371ZsbKwSEhLUo0cPzZs3TxUVFZKkyMhILVmyREOGDFFlZaXcbrfOnTun7t27KywszHhyANaIEQDX7euvv9agQYN0//33Kz09XQsWLFBKSoqOHj3qWad58+aSJB8fHzkcDmVmZqpFixYKDg42mhrAjYLLNACuS3FxsSZNmqQ//vGPeuWVVyRJnTt31saNG/Xdd9/p5MmTatmypZxOpyTp4MGDWr16tZYtW6bPPvtMLVq0sBwfwA2AGAFwXXx8fDRkyBA9+uijnmXz5s3T+vXrVVhYqOLiYnXt2lWzZs1S27ZtNXPmTO3cuZPvmgHgwaO9AK7b6dOn1axZM0lSenq6Hn/8caWnpys2Nla7d+/W888/r2HDhik5OVlffPGF2rVrp3bt2hlPDeBGQYwAqFHffvutTp48qd69e3uWDRs2TA6HQx999JHhZABuVFymAVCjbr31Vt16662SJLfbrfLycjVt2lQ9evQwngzAjYqnaQDUGofDoQULFignJ0e///3vrccBcIPizAiAWvHee+/pk08+UXp6ujZs2KDbb7/deiQANyjOjACoFV26dNGJEyf06aefKioqynocADcwbmAFUGvOnTunm266yXoMADc4YgQAAJjiMg0AADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAiAGrF69Wo1b97c8/OLL76oXr16mc1zJZGRkUpLS7viOj4+Plq7dm2dzAM0dsQIAB0+fFg+Pj7Kzc2tsnzMmDEaPnx4tfaRkJCg/fv31/hs1QkHb/33v//VhAkTanSfAK4d300D4LqdO3dOQUFBCgoKsh6lWlq3bm09AoD/hzMjQCORlZWl/v37q3nz5mrZsqWGDRumgwcPSpLat28vSYqKipKPj48GDRqkF198UW+//bY+/PBD+fj4yMfHR5s2bfKcRcnIyNDAgQMVGBiof/zjHxddprngjTfekNPpVJMmTfTYY4+ppKTE87tBgwbpueeeq7L+8OHDNWbMGM/vv/32W02bNs0zwwVbtmzRgAEDFBQUJKfTqSlTpqi0tLRa/xa/PNty4MAB3XfffQoMDFSXLl20YcOGau0HQM0gRoBGorS0VImJifryyy+VnZ0th8Oh3/3ud3K73dq2bZskaePGjTp27Jg++OADPf/883rsscc0ZMgQHTt2TMeOHdM999zj2V9SUpKmTp2qPXv2KC4u7pLHzMvL07vvvquPP/5YWVlZ2rlzp55++ulqz/zBBx/olltu0dy5cz0zSNLBgwc1ZMgQjRgxQrt27VJGRoa2bNmiZ555xut/F7fbrUceeUT+/v764osvtGLFCk2fPt3r/QC4dlymARqJESNGVPl51apVat26tb7++mvPZYuWLVsqLCzMs05QUJDKysqqLLvgueee0yOPPHLFY/7444965513FBERIUlasmSJhg4dqkWLFl1yn7908803y9fXV82aNauyfmpqqp544gnPWZXbb79dr732mgYOHKjXX39dgYGBV933BRs3btTevXu1fv16hYeHS5IWLFighx56qNr7AHB9ODMCNBIHDhzQyJEj1aFDBwUHBysyMlKSlJ+ff03769u371XXadeunSdEJCkmJkZut1v79u27pmNe8NVXX2n16tVq2rSp5xUXFye3261vvvnGq33t2bNHTqfTEyIX5gRQdzgzAjQS8fHxuvXWW7Vy5UqFh4fL7XarW7duKi8vv6b9/epXv7rumRwOh375xeHnzp276nY//PCD/vznP2vKlCkX/a5du3bXPReAukWMAI3AyZMntW/fPq1cuVIDBgyQ9NMNoBf4+/tLkioqKqps5+/vf9Eyb+Tn5+vo0aOesw6ff/65HA6HOnXqJOmnp1ou3Ady4fi7d+/W4MGDrzhD79699fXXX6tjx47XPNsFnTt3VkFBgY4dO6a2bdt65gRQd7hMAzQCLVq0UMuWLfXmm28qLy9P//73v5WYmOj5fZs2bRQUFKSsrCwVFRV5nniJjIzUrl27tG/fPhUXF1frrMX/FxgYqNGjR+urr77Sp59+qilTpuixxx7z3P/x61//WpmZmcrMzNTevXs1adIkff/991X2ERkZqc2bN+vIkSMqLi6WJE2fPl1bt27VM888o9zcXB04cEAffvjhNd3AGhsbqzvuuKPKnDNnzvR6PwCuHTECNAIOh0Pp6enavn27unXrpmnTpumVV17x/N7Pz0+vvfaa3njjDYWHh+u3v/2tJGn8+PHq1KmT+vbtq9atW+uzzz7z6rgdO3bUI488oocfflgPPvigevTooeXLl3t+/6c//UmjR4/WqFGjNHDgQHXo0KHKWRFJmjt3rg4fPqzbbrvNc6Ntjx499Mknn2j//v0aMGCAoqKilJKSUuW+D2/+bf75z3/q7Nmz6tevn8aNG6f58+d7vR8A186n8pcXbAEAAOoQZ0YAAIApYgRAg/Lpp59WeeT3ly8ANx4u0wBoUM6ePasjR45c9vc18QQOgJpFjAAAAFNcpgEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKb+D83zydI8hBb4AAAAAElFTkSuQmCC", + "text/plain": [ + "
" + ] + }, + "metadata": {}, + "output_type": "display_data" + } + ], + "source": [ + "# Grouping by Attribute value\n", + "value_count = df['attribute_id'].value_counts()\n", + "print(value_count)\n", + "value_count.plot(kind='bar', rot=45)" + ] + }, + { + "cell_type": "code", + "execution_count": 15, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "date_sighting\n", + "0 1\n", + "Name: count, dtype: int64\n" + ] + }, + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 15, + "metadata": {}, + "output_type": "execute_result" + }, + { + "data": { + "image/png": "iVBORw0KGgoAAAANSUhEUgAAAiMAAAGxCAYAAACwbLZkAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMywgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/H5lhTAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAetElEQVR4nO3dbZCV5X3H8d+CsuDAohFZlK5dY6wPNYIB2eJDUqdrNsZhwotMGbUBqdroqKNuTYSgoCW6pBFLpqKMNkZjYyUxqUmFYnUnJBNlSoSQNq1ifSAwibtANLsEEkjZ0xdO1m4B5aBwlfXzmTkvzr3Xde7/GWfcL/d52JpKpVIJAEAhA0oPAAC8t4kRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAo6pDSA+yNnp6e/PznP8+wYcNSU1NTehwAYC9UKpVs2bIlxxxzTAYM2PP1j4MiRn7+85+noaGh9BgAwD7YsGFDfu/3fm+PPz8oYmTYsGFJ3ngydXV1hacBAPZGd3d3Ghoaen+P78lBESO/e2mmrq5OjADAQebt3mLhDawAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKKrqGPn+97+fSZMm5ZhjjklNTU0ee+yxt92zfPnyfOhDH0ptbW0+8IEP5IEHHtiHUQGA/qjqGNm6dWvGjBmThQsX7tX6V155JRdccEHOPffcrFmzJtddd10uu+yyPPHEE1UPCwD0P1X/obzzzz8/559//l6vX7RoUY477rjMnz8/SXLyySfnBz/4Qf7mb/4mLS0t1Z4eAOhn9vt7RlasWJHm5uY+x1paWrJixYr9fWoA4CBQ9ZWRanV0dKS+vr7Psfr6+nR3d+fXv/51hgwZssue7du3Z/v27b33u7u79/eYAEAh+z1G9kVbW1tuvfXW0mNQUOOMJaVHAPaTdfMuKD0C/8/s95dpRo0alc7Ozj7HOjs7U1dXt9urIkkyc+bMdHV19d42bNiwv8cEAArZ71dGJk6cmKVLl/Y59uSTT2bixIl73FNbW5va2tr9PRoA8P9A1VdGfvWrX2XNmjVZs2ZNkjc+urtmzZqsX78+yRtXNaZOndq7/oorrsjLL7+cz372s3n++edz99135+tf/3quv/76d+cZAAAHtapj5Nlnn83pp5+e008/PUnS2tqa008/PbNnz06SvPrqq71hkiTHHXdclixZkieffDJjxozJ/Pnz83d/93c+1gsAJElqKpVKpfQQb6e7uzvDhw9PV1dX6urqSo/DAeANrNB/eQPre8fe/v72t2kAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFH7FCMLFy5MY2NjBg8enKampqxcufIt1y9YsCAnnnhihgwZkoaGhlx//fX5zW9+s08DAwD9S9Uxsnjx4rS2tmbOnDlZvXp1xowZk5aWlmzcuHG36x9++OHMmDEjc+bMyXPPPZcvf/nLWbx4cT73uc+94+EBgINf1TFy55135vLLL8/06dNzyimnZNGiRTnssMNy//3373b9M888k7POOisXXXRRGhsb89GPfjQXXnjh215NAQDeG6qKkR07dmTVqlVpbm5+8wEGDEhzc3NWrFix2z1nnnlmVq1a1RsfL7/8cpYuXZqPf/zjezzP9u3b093d3ecGAPRPh1SzePPmzdm5c2fq6+v7HK+vr8/zzz+/2z0XXXRRNm/enLPPPjuVSiX//d//nSuuuOItX6Zpa2vLrbfeWs1oAMBBar9/mmb58uW5/fbbc/fdd2f16tX51re+lSVLlmTu3Ll73DNz5sx0dXX13jZs2LC/xwQACqnqysiIESMycODAdHZ29jne2dmZUaNG7XbPzTffnE996lO57LLLkiQf/OAHs3Xr1vzFX/xFZs2alQEDdu2h2tra1NbWVjMaAHCQqurKyKBBgzJu3Li0t7f3Huvp6Ul7e3smTpy42z3btm3bJTgGDhyYJKlUKtXOCwD0M1VdGUmS1tbWTJs2LePHj8+ECROyYMGCbN26NdOnT0+STJ06NaNHj05bW1uSZNKkSbnzzjtz+umnp6mpKS+++GJuvvnmTJo0qTdKAID3rqpjZMqUKdm0aVNmz56djo6OjB07NsuWLet9U+v69ev7XAm56aabUlNTk5tuuik/+9nPctRRR2XSpEm57bbb3r1nAQActGoqB8FrJd3d3Rk+fHi6urpSV1dXehwOgMYZS0qPAOwn6+ZdUHoEDpC9/f3tb9MAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUtU8xsnDhwjQ2Nmbw4MFpamrKypUr33L9L3/5y1x11VU5+uijU1tbmz/4gz/I0qVL92lgAKB/OaTaDYsXL05ra2sWLVqUpqamLFiwIC0tLVm7dm1Gjhy5y/odO3bkvPPOy8iRI/Poo49m9OjR+elPf5rDDz/83ZgfADjIVR0jd955Zy6//PJMnz49SbJo0aIsWbIk999/f2bMmLHL+vvvvz+vvfZannnmmRx66KFJksbGxnc2NQDQb1T1Ms2OHTuyatWqNDc3v/kAAwakubk5K1as2O2e73znO5k4cWKuuuqq1NfX59RTT83tt9+enTt37vE827dvT3d3d58bANA/VRUjmzdvzs6dO1NfX9/neH19fTo6Ona75+WXX86jjz6anTt3ZunSpbn55pszf/78fP7zn9/jedra2jJ8+PDeW0NDQzVjAgAHkf3+aZqenp6MHDky9957b8aNG5cpU6Zk1qxZWbRo0R73zJw5M11dXb23DRs27O8xAYBCqnrPyIgRIzJw4MB0dnb2Od7Z2ZlRo0btds/RRx+dQw89NAMHDuw9dvLJJ6ejoyM7duzIoEGDdtlTW1ub2traakYDAA5SVV0ZGTRoUMaNG5f29vbeYz09PWlvb8/EiRN3u+ess87Kiy++mJ6ent5jL7zwQo4++ujdhggA8N5S9cs0ra2tue+++/Lggw/mueeey5VXXpmtW7f2frpm6tSpmTlzZu/6K6+8Mq+99lquvfbavPDCC1myZEluv/32XHXVVe/eswAADlpVf7R3ypQp2bRpU2bPnp2Ojo6MHTs2y5Yt631T6/r16zNgwJuN09DQkCeeeCLXX399TjvttIwePTrXXnttbrzxxnfvWQAAB62aSqVSKT3E2+nu7s7w4cPT1dWVurq60uNwADTOWFJ6BGA/WTfvgtIjcIDs7e9vf5sGAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgqH2KkYULF6axsTGDBw9OU1NTVq5cuVf7HnnkkdTU1GTy5Mn7cloAoB+qOkYWL16c1tbWzJkzJ6tXr86YMWPS0tKSjRs3vuW+devW5YYbbsg555yzz8MCAP1P1TFy55135vLLL8/06dNzyimnZNGiRTnssMNy//3373HPzp07c/HFF+fWW2/N+9///nc0MADQv1QVIzt27MiqVavS3Nz85gMMGJDm5uasWLFij/v+6q/+KiNHjsyll16675MCAP3SIdUs3rx5c3bu3Jn6+vo+x+vr6/P888/vds8PfvCDfPnLX86aNWv2+jzbt2/P9u3be+93d3dXMyYAcBDZr5+m2bJlSz71qU/lvvvuy4gRI/Z6X1tbW4YPH957a2ho2I9TAgAlVXVlZMSIERk4cGA6Ozv7HO/s7MyoUaN2Wf/SSy9l3bp1mTRpUu+xnp6eN058yCFZu3Ztjj/++F32zZw5M62trb33u7u7BQkA9FNVxcigQYMybty4tLe39348t6enJ+3t7bn66qt3WX/SSSfl3//93/scu+mmm7Jly5Z86Utf2mNg1NbWpra2tprRAICDVFUxkiStra2ZNm1axo8fnwkTJmTBggXZunVrpk+fniSZOnVqRo8enba2tgwePDinnnpqn/2HH354kuxyHAB4b6o6RqZMmZJNmzZl9uzZ6ejoyNixY7Ns2bLeN7WuX78+Awb4YlcAYO/UVCqVSukh3k53d3eGDx+erq6u1NXVlR6HA6BxxpLSIwD7ybp5F5QegQNkb39/u4QBABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIrapxhZuHBhGhsbM3jw4DQ1NWXlypV7XHvfffflnHPOyRFHHJEjjjgizc3Nb7keAHhvqTpGFi9enNbW1syZMyerV6/OmDFj0tLSko0bN+52/fLly3PhhRfmu9/9blasWJGGhoZ89KMfzc9+9rN3PDwAcPCrqVQqlWo2NDU15Ywzzshdd92VJOnp6UlDQ0OuueaazJgx423379y5M0cccUTuuuuuTJ06da/O2d3dneHDh6erqyt1dXXVjMtBqnHGktIjAPvJunkXlB6BA2Rvf39XdWVkx44dWbVqVZqbm998gAED0tzcnBUrVuzVY2zbti2//e1v8773vW+Pa7Zv357u7u4+NwCgf6oqRjZv3pydO3emvr6+z/H6+vp0dHTs1WPceOONOeaYY/oEzf/V1taW4cOH994aGhqqGRMAOIgc0E/TzJs3L4888kj+8R//MYMHD97jupkzZ6arq6v3tmHDhgM4JQBwIB1SzeIRI0Zk4MCB6ezs7HO8s7Mzo0aNesu9d9xxR+bNm5ennnoqp5122luura2tTW1tbTWjAQAHqaqujAwaNCjjxo1Le3t777Genp60t7dn4sSJe9z313/915k7d26WLVuW8ePH7/u0AEC/U9WVkSRpbW3NtGnTMn78+EyYMCELFizI1q1bM3369CTJ1KlTM3r06LS1tSVJvvCFL2T27Nl5+OGH09jY2PvekqFDh2bo0KHv4lMBAA5GVcfIlClTsmnTpsyePTsdHR0ZO3Zsli1b1vum1vXr12fAgDcvuNxzzz3ZsWNHPvnJT/Z5nDlz5uSWW255Z9MDAAe9qr9npATfM/Le43tGoP/yPSPvHfvle0YAAN5tYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARe1TjCxcuDCNjY0ZPHhwmpqasnLlyrdc/41vfCMnnXRSBg8enA9+8INZunTpPg0LAPQ/VcfI4sWL09ramjlz5mT16tUZM2ZMWlpasnHjxt2uf+aZZ3LhhRfm0ksvzY9+9KNMnjw5kydPzk9+8pN3PDwAcPCrqVQqlWo2NDU15Ywzzshdd92VJOnp6UlDQ0OuueaazJgxY5f1U6ZMydatW/P444/3HvujP/qjjB07NosWLdqrc3Z3d2f48OHp6upKXV1dNeNykGqcsaT0CMB+sm7eBaVH4ADZ29/fVV0Z2bFjR1atWpXm5uY3H2DAgDQ3N2fFihW73bNixYo+65OkpaVlj+sBgPeWQ6pZvHnz5uzcuTP19fV9jtfX1+f555/f7Z6Ojo7dru/o6NjjebZv357t27f33u/q6kryRmHx3tCzfVvpEYD9xP/L3zt+99/67V6EqSpGDpS2trbceuutuxxvaGgoMA0A76bhC0pPwIG2ZcuWDB8+fI8/rypGRowYkYEDB6azs7PP8c7OzowaNWq3e0aNGlXV+iSZOXNmWltbe+/39PTktddey5FHHpmamppqRgb+n+vu7k5DQ0M2bNjgPWHQz1QqlWzZsiXHHHPMW66rKkYGDRqUcePGpb29PZMnT07yRii0t7fn6quv3u2eiRMnpr29Pdddd13vsSeffDITJ07c43lqa2tTW1vb59jhhx9ezajAQaaurk6MQD/0VldEfqfql2laW1szbdq0jB8/PhMmTMiCBQuydevWTJ8+PUkyderUjB49Om1tbUmSa6+9Nh/5yEcyf/78XHDBBXnkkUfy7LPP5t5776321ABAP1R1jEyZMiWbNm3K7Nmz09HRkbFjx2bZsmW9b1Jdv359Bgx480M6Z555Zh5++OHcdNNN+dznPpcTTjghjz32WE499dR371kAAAetqr9nBODdtH379rS1tWXmzJm7vDwLvDeIEQCgKH8oDwAoSowAAEWJEQCgKDECFLNw4cI0NjZm8ODBaWpqysqVK0uPBBQgRoAiFi9enNbW1syZMyerV6/OmDFj0tLSko0bN5YeDTjAfJoGKKKpqSlnnHFG7rrrriRvfJtzQ0NDrrnmmsyYMaPwdMCB5MoIcMDt2LEjq1atSnNzc++xAQMGpLm5OStWrCg4GVCCGAEOuM2bN2fnzp2939z8O/X19eno6Cg0FVCKGAEAihIjwAE3YsSIDBw4MJ2dnX2Od3Z2ZtSoUYWmAkoRI8ABN2jQoIwbNy7t7e29x3p6etLe3p6JEycWnAwooeq/2gvwbmhtbc20adMyfvz4TJgwIQsWLMjWrVszffr00qMBB5gYAYqYMmVKNm3alNmzZ6ejoyNjx47NsmXLdnlTK9D/+Z4RAKAo7xkBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYgX7uj//4j3PdddeVHmO31q1bl5qamqxZs2av9zzwwAM5/PDDD8i5gANDjAC9li9fnpqamvzyl788IOdraGjIq6++mlNPPfVdfdxLLrkkkydPPiDnAt45f5sGKGbgwIEZNWpUvzsXUB1XRqAf2bp1a6ZOnZqhQ4fm6KOPzvz58/v8/KGHHsr48eMzbNiwjBo1KhdddFE2btyY5I2XMc4999wkyRFHHJGamppccsklSZKenp60tbXluOOOy5AhQzJmzJg8+uijezXT66+/nosvvjhHHXVUhgwZkhNOOCFf+cpXes/5f186+c53vpMTTjghgwcPzrnnnpsHH3xwt1drnnjiiZx88skZOnRoPvaxj+XVV19Nktxyyy158MEH8+1vfzs1NTWpqanJ8uXLdznX764Ctbe3Z/z48TnssMNy5plnZu3atX3O8/nPfz4jR47MsGHDctlll2XGjBkZO3bsXj13YO+IEehHPvOZz+R73/tevv3tb+df/uVfsnz58qxevbr357/97W8zd+7c/PjHP85jjz2WdevW9QZHQ0NDvvnNbyZJ1q5dm1dffTVf+tKXkiRtbW356le/mkWLFuU//uM/cv311+fP/uzP8r3vfe9tZ7r55pvzn//5n/nnf/7nPPfcc7nnnnsyYsSI3a595ZVX8slPfjKTJ0/Oj3/843z605/OrFmzdlm3bdu23HHHHXnooYfy/e9/P+vXr88NN9yQJLnhhhvyp3/6p72B8uqrr+bMM8/c43yzZs3K/Pnz8+yzz+aQQw7Jn//5n/f+7Gtf+1puu+22fOELX8iqVaty7LHH5p577nnb5wxUqQL0C1u2bKkMGjSo8vWvf7332C9+8YvKkCFDKtdee+1u9/zwhz+sJKls2bKlUqlUKt/97ncrSSqvv/5675rf/OY3lcMOO6zyzDPP9Nl76aWXVi688MK3nWvSpEmV6dOn7/Znr7zySiVJ5Uc/+lGlUqlUbrzxxsqpp57aZ82sWbP6zPSVr3ylkqTy4osv9q5ZuHBhpb6+vvf+tGnTKp/4xCfe8ly/e65PPfVU75olS5ZUklR+/etfVyqVSqWpqaly1VVX9Xmcs846qzJmzJi3fd7A3nNlBPqJl156KTt27EhTU1Pvsfe973058cQTe++vWrUqkyZNyrHHHpthw4blIx/5SJJk/fr1e3zcF198Mdu2bct5552XoUOH9t6++tWv5qWXXnrbua688so88sgjGTt2bD772c/mmWee2ePatWvX5owzzuhzbMKECbusO+yww3L88cf33j/66KN7X26q1mmnndbncZL0PtbatWt3Of/u5gHeGW9ghfeIrVu3pqWlJS0tLfna176Wo446KuvXr09LS0t27Nixx32/+tWvkiRLlizJ6NGj+/ystrb2bc97/vnn56c//WmWLl2aJ598Mn/yJ3+Sq666Knfcccc+P5dDDz20z/2amppUKpV3/Fg1NTVJ3niPDHDguDIC/cTxxx+fQw89NP/6r//ae+z111/PCy+8kCR5/vnn84tf/CLz5s3LOeeck5NOOmmXqwmDBg1KkuzcubP32CmnnJLa2tqsX78+H/jAB/rcGhoa9mq2o446KtOmTcvf//3fZ8GCBbn33nt3u+7EE0/Ms88+2+fYD3/4w706x/99Hv/7OeyrE088cZfz78s8wFtzZQT6iaFDh+bSSy/NZz7zmRx55JEZOXJkZs2alQED3vg3x7HHHptBgwblb//2b3PFFVfkJz/5SebOndvnMX7/938/NTU1efzxx/Pxj388Q4YMybBhw3LDDTfk+uuvT09PT84+++x0dXXl6aefTl1dXaZNm/aWc82ePTvjxo3LH/7hH2b79u15/PHHc/LJJ+927ac//enceeedufHGG3PppZdmzZo1eeCBB5K8edVibzQ2NuaJJ57I2rVrc+SRR2b48OF7vfd/u+aaa3L55Zdn/PjxOfPMM7N48eL827/9W97//vfv0+MBu+fKCPQjX/ziF3POOedk0qRJaW5uztlnn51x48YleePqxAMPPJBvfOMbOeWUUzJv3rxdXioZPXp0br311syYMSP19fW5+uqrkyRz587NzTffnLa2tpx88sn52Mc+liVLluS4445725kGDRqUmTNn5rTTTsuHP/zhDBw4MI888shu1x533HF59NFH861vfSunnXZa7rnnnt5P0+zNS0K/c/nll+fEE0/M+PHjc9RRR+Xpp5/e673/28UXX5yZM2fmhhtuyIc+9KG88sorueSSSzJ48OB9ejxg92oq+/pCK8ABcNttt2XRokXZsGFD6VGSJOedd15GjRqVhx56qPQo0G94mQb4f+Xuu+/OGWeckSOPPDJPP/10vvjFL/ZeoTnQtm3blkWLFqWlpSUDBw7MP/zDP+Spp57Kk08+WWQe6K+8TAO8I1dccUWfj/z+79sVV1xR9eP913/9Vz7xiU/klFNOydy5c/OXf/mXueWWW979wfdCTU1Nli5dmg9/+MMZN25c/umf/inf/OY309zcXGQe6K+8TAO8Ixs3bkx3d/duf1ZXV5eRI0ce4ImAg40YAQCK8jINAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKL+B0qcp9CP82ZUAAAAAElFTkSuQmCC", + "text/plain": [ + "
" + ] + }, + "metadata": {}, + "output_type": "display_data" + } + ], + "source": [ + "# Grouping by weekday (0-indexed)\n", + "amount_per_weekday = df['date_sighting'].dt.weekday.value_counts()\n", + "print(amount_per_weekday)\n", + "amount_per_weekday.plot(kind='bar', rot=0)" + ] + }, + { + "cell_type": "code", + "execution_count": 16, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "date_sighting\n", + "3 1\n", + "Name: one, dtype: int64\n" + ] + }, + { + "data": { + "text/plain": [ + "" + ] + }, + "execution_count": 16, + "metadata": {}, + "output_type": "execute_result" + }, + { + "data": { + "image/png": "iVBORw0KGgoAAAANSUhEUgAAAiMAAAGxCAYAAACwbLZkAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMywgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/H5lhTAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAeuElEQVR4nO3df3TV9X3H8VdACXgg8QcSlMVhrVOpBSwowx/tPItNrYdT/ugZR11Bhq561KNmtkJR0FENneLomSjT1mpdnVTb2lYoTHOKPVXOrCBduynOHxROC0GqTSjW0JG7PzyNywAlKHxKfDzOuX/km8/nft/3eI558v3em1RVKpVKAAAK6VN6AADg/U2MAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUQeUHmB3dHZ25le/+lUGDRqUqqqq0uMAALuhUqlky5YtOfLII9Onz66vf+wXMfKrX/0q9fX1pccAAPbA+vXr8yd/8ie7/P5+ESODBg1K8uaLqampKTwNALA72tvbU19f3/VzfFf2ixj5w62ZmpoaMQIA+5l3eouFN7ACAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoKgex8iPfvSjTJgwIUceeWSqqqry8MMPv+Oe5cuX5yMf+Uiqq6vzwQ9+MPfcc88ejAoA9EY9jpGtW7dm1KhRWbBgwW6tf/nll3POOefkzDPPzOrVq3PllVfmwgsvzLJly3o8LADQ+/T4D+WdffbZOfvss3d7/cKFC3P00Udn3rx5SZITTjghP/7xj/OP//iPaWxs7OnpAYBeZq+/Z2TFihVpaGjodqyxsTErVqzY26cGAPYDPb4y0lMbN25MXV1dt2N1dXVpb2/P7373uwwYMGCHPR0dHeno6Oj6ur29fW+PCQAUstdjZE80NzfnhhtuKD0GBQ2fvrj0CMBesnbuOaVH4I/MXr9NM3To0LS2tnY71trampqamp1eFUmSGTNmpK2treuxfv36vT0mAFDIXr8yMn78+CxZsqTbsUcffTTjx4/f5Z7q6upUV1fv7dEAgD8CPb4y8tvf/jarV6/O6tWrk7z50d3Vq1dn3bp1Sd68qjF58uSu9RdffHFeeumlfP7zn89zzz2X22+/Pd/85jdz1VVXvTevAADYr/U4Rp5++umcdNJJOemkk5IkTU1NOemkkzJr1qwkyYYNG7rCJEmOPvroLF68OI8++mhGjRqVefPm5Stf+YqP9QIASZKqSqVSKT3EO2lvb09tbW3a2tpSU1NTehz2AW9ghd7LG1jfP3b357e/TQMAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAitqjGFmwYEGGDx+e/v37Z9y4cXnqqafedv38+fNz3HHHZcCAAamvr89VV12VN954Y48GBgB6lx7HyKJFi9LU1JTZs2dn1apVGTVqVBobG7Np06adrr///vszffr0zJ49O88++2y++tWvZtGiRfnCF77wrocHAPZ/PY6RW2+9NRdddFGmTp2aESNGZOHChTnooINy991373T9k08+mdNOOy3nnXdehg8fno9//OM599xz3/FqCgDw/tCjGNm2bVtWrlyZhoaGt56gT580NDRkxYoVO91z6qmnZuXKlV3x8dJLL2XJkiX55Cc/ucvzdHR0pL29vdsDAOidDujJ4s2bN2f79u2pq6vrdryuri7PPffcTvecd9552bx5c04//fRUKpX8z//8Ty6++OK3vU3T3NycG264oSejAQD7qb3+aZrly5fnpptuyu23355Vq1bl29/+dhYvXpw5c+bscs+MGTPS1tbW9Vi/fv3eHhMAKKRHV0YGDx6cvn37prW1tdvx1tbWDB06dKd7rrvuunzmM5/JhRdemCT58Ic/nK1bt+Zv//ZvM3PmzPTps2MPVVdXp7q6uiejAQD7qR5dGenXr1/GjBmTlpaWrmOdnZ1paWnJ+PHjd7rn9ddf3yE4+vbtmySpVCo9nRcA6GV6dGUkSZqamjJlypSMHTs2p5xySubPn5+tW7dm6tSpSZLJkydn2LBhaW5uTpJMmDAht956a0466aSMGzcuL7zwQq677rpMmDChK0oAgPevHsfIpEmT8sorr2TWrFnZuHFjRo8enaVLl3a9qXXdunXdroRce+21qaqqyrXXXptf/vKXOfzwwzNhwoTceOON792rAAD2W1WV/eBeSXt7e2pra9PW1paamprS47APDJ++uPQIwF6ydu45pUdgH9ndn9/+Ng0AUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRexQjCxYsyPDhw9O/f/+MGzcuTz311Nuu/81vfpNLL700RxxxRKqrq/Nnf/ZnWbJkyR4NDAD0Lgf0dMOiRYvS1NSUhQsXZty4cZk/f34aGxuzZs2aDBkyZIf127Zty1lnnZUhQ4bkoYceyrBhw/KLX/wiBx988HsxPwCwn+txjNx666256KKLMnXq1CTJwoULs3jx4tx9992ZPn36DuvvvvvuvPrqq3nyySdz4IEHJkmGDx/+7qYGAHqNHt2m2bZtW1auXJmGhoa3nqBPnzQ0NGTFihU73fO9730v48ePz6WXXpq6urqceOKJuemmm7J9+/ZdnqejoyPt7e3dHgBA79SjGNm8eXO2b9+eurq6bsfr6uqycePGne556aWX8tBDD2X79u1ZsmRJrrvuusybNy9f/OIXd3me5ubm1NbWdj3q6+t7MiYAsB/Z65+m6ezszJAhQ3LnnXdmzJgxmTRpUmbOnJmFCxfucs+MGTPS1tbW9Vi/fv3eHhMAKKRH7xkZPHhw+vbtm9bW1m7HW1tbM3To0J3uOeKII3LggQemb9++XcdOOOGEbNy4Mdu2bUu/fv122FNdXZ3q6uqejAYA7Kd6dGWkX79+GTNmTFpaWrqOdXZ2pqWlJePHj9/pntNOOy0vvPBCOjs7u449//zzOeKII3YaIgDA+0uPb9M0NTXlrrvuyr333ptnn302l1xySbZu3dr16ZrJkydnxowZXesvueSSvPrqq7niiivy/PPPZ/Hixbnpppty6aWXvnevAgDYb/X4o72TJk3KK6+8klmzZmXjxo0ZPXp0li5d2vWm1nXr1qVPn7cap76+PsuWLctVV12VkSNHZtiwYbniiityzTXXvHevAgDYb1VVKpVK6SHeSXt7e2pra9PW1paamprS47APDJ++uPQIwF6ydu45pUdgH9ndn9/+Ng0AUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRexQjCxYsyPDhw9O/f/+MGzcuTz311G7te+CBB1JVVZWJEyfuyWkBgF6oxzGyaNGiNDU1Zfbs2Vm1alVGjRqVxsbGbNq06W33rV27NldffXXOOOOMPR4WAOh9ehwjt956ay666KJMnTo1I0aMyMKFC3PQQQfl7rvv3uWe7du35/zzz88NN9yQD3zgA+9qYACgd+lRjGzbti0rV65MQ0PDW0/Qp08aGhqyYsWKXe77+7//+wwZMiTTpk3b80kBgF7pgJ4s3rx5c7Zv3566urpux+vq6vLcc8/tdM+Pf/zjfPWrX83q1at3+zwdHR3p6Ojo+rq9vb0nYwIA+5G9+mmaLVu25DOf+UzuuuuuDB48eLf3NTc3p7a2tutRX1+/F6cEAErq0ZWRwYMHp2/fvmltbe12vLW1NUOHDt1h/Ysvvpi1a9dmwoQJXcc6OzvfPPEBB2TNmjU55phjdtg3Y8aMNDU1dX3d3t4uSACgl+pRjPTr1y9jxoxJS0tL18dzOzs709LSkssuu2yH9ccff3x+9rOfdTt27bXXZsuWLfnyl7+8y8Corq5OdXV1T0YDAPZTPYqRJGlqasqUKVMyduzYnHLKKZk/f362bt2aqVOnJkkmT56cYcOGpbm5Of3798+JJ57Ybf/BBx+cJDscBwDen3ocI5MmTcorr7ySWbNmZePGjRk9enSWLl3a9abWdevWpU8fv9gVANg9VZVKpVJ6iHfS3t6e2tratLW1paampvQ47APDpy8uPQKwl6yde07pEdhHdvfnt0sYAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKCoPYqRBQsWZPjw4enfv3/GjRuXp556apdr77rrrpxxxhk55JBDcsghh6ShoeFt1wMA7y89jpFFixalqakps2fPzqpVqzJq1Kg0NjZm06ZNO12/fPnynHvuufnhD3+YFStWpL6+Ph//+Mfzy1/+8l0PDwDs/6oqlUqlJxvGjRuXk08+ObfddluSpLOzM/X19bn88sszffr0d9y/ffv2HHLIIbntttsyefLk3Tpne3t7amtr09bWlpqamp6My35q+PTFpUcA9pK1c88pPQL7yO7+/O7RlZFt27Zl5cqVaWhoeOsJ+vRJQ0NDVqxYsVvP8frrr+f3v/99Dj300F2u6ejoSHt7e7cHANA79ShGNm/enO3bt6eurq7b8bq6umzcuHG3nuOaa67JkUce2S1o/r/m5ubU1tZ2Perr63syJgCwH9mnn6aZO3duHnjggXznO99J//79d7luxowZaWtr63qsX79+H04JAOxLB/Rk8eDBg9O3b9+0trZ2O97a2pqhQ4e+7d5bbrklc+fOzWOPPZaRI0e+7drq6upUV1f3ZDQAYD/Voysj/fr1y5gxY9LS0tJ1rLOzMy0tLRk/fvwu9/3DP/xD5syZk6VLl2bs2LF7Pi0A0Ov06MpIkjQ1NWXKlCkZO3ZsTjnllMyfPz9bt27N1KlTkySTJ0/OsGHD0tzcnCT50pe+lFmzZuX+++/P8OHDu95bMnDgwAwcOPA9fCkAwP6oxzEyadKkvPLKK5k1a1Y2btyY0aNHZ+nSpV1val23bl369Hnrgssdd9yRbdu25dOf/nS355k9e3auv/76dzc9ALDf6/HvGSnB7xl5//F7RqD38ntG3j/2yu8ZAQB4r4kRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABS1RzGyYMGCDB8+PP3798+4cePy1FNPve36Bx98MMcff3z69++fD3/4w1myZMkeDQsA9D49jpFFixalqakps2fPzqpVqzJq1Kg0NjZm06ZNO13/5JNP5txzz820adPyzDPPZOLEiZk4cWJ+/vOfv+vhAYD9X1WlUqn0ZMO4ceNy8skn57bbbkuSdHZ2pr6+PpdffnmmT5++w/pJkyZl69ateeSRR7qO/fmf/3lGjx6dhQsX7tY529vbU1tbm7a2ttTU1PRkXPZTw6cvLj0CsJesnXtO6RHYR3b353eProxs27YtK1euTENDw1tP0KdPGhoasmLFip3uWbFiRbf1SdLY2LjL9QDA+8sBPVm8efPmbN++PXV1dd2O19XV5bnnntvpno0bN+50/caNG3d5no6OjnR0dHR93dbWluTNwuL9obPj9dIjAHuJ/5e/f/zhv/U73YTpUYzsK83Nzbnhhht2OF5fX19gGgDeS7XzS0/AvrZly5bU1tbu8vs9ipHBgwenb9++aW1t7Xa8tbU1Q4cO3emeoUOH9mh9ksyYMSNNTU1dX3d2dubVV1/NYYcdlqqqqp6MDPyRa29vT319fdavX+89YdDLVCqVbNmyJUceeeTbrutRjPTr1y9jxoxJS0tLJk6cmOTNUGhpaclll1220z3jx49PS0tLrrzyyq5jjz76aMaPH7/L81RXV6e6urrbsYMPPrgnowL7mZqaGjECvdDbXRH5gx7fpmlqasqUKVMyduzYnHLKKZk/f362bt2aqVOnJkkmT56cYcOGpbm5OUlyxRVX5GMf+1jmzZuXc845Jw888ECefvrp3HnnnT09NQDQC/U4RiZNmpRXXnkls2bNysaNGzN69OgsXbq0602q69atS58+b31I59RTT83999+fa6+9Nl/4whdy7LHH5uGHH86JJ5743r0KAGC/1ePfMwLwXuro6Ehzc3NmzJixw+1Z4P1BjAAARflDeQBAUWIEAChKjAAARYkRYJ+74447MnLkyK7fLTJ+/Pj84Ac/KD0WUIg3sAL73Pe///307ds3xx57bCqVSu69997cfPPNeeaZZ/KhD32o9HjAPiZGgD8Khx56aG6++eZMmzat9CjAPvZH+YfygPeP7du358EHH8zWrVvf9s9EAL2XGAGK+NnPfpbx48fnjTfeyMCBA/Od73wnI0aMKD0WUIDbNEAR27Zty7p169LW1paHHnooX/nKV/L4448LEngfEiPAH4WGhoYcc8wx+ed//ufSowD7mI/2An8UOjs709HRUXoMoADvGQH2uRkzZuTss8/OUUcdlS1btuT+++/P8uXLs2zZstKjAQWIEWCf27RpUyZPnpwNGzaktrY2I0eOzLJly3LWWWeVHg0owHtGAICivGcEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBHq5v/iLv8iVV15ZeoydWrt2baqqqrJ69erd3nPPPffk4IMP3ifnAvYNMQJ0Wb58eaqqqvKb3/xmn5yvvr4+GzZsyIknnviePu8FF1yQiRMn7pNzAe+ev00DFNO3b98MHTq0150L6BlXRqAX2bp1ayZPnpyBAwfmiCOOyLx587p9/7777svYsWMzaNCgDB06NOedd142bdqU5M3bGGeeeWaS5JBDDklVVVUuuOCCJElnZ2eam5tz9NFHZ8CAARk1alQeeuih3Zrptddey/nnn5/DDz88AwYMyLHHHpuvfe1rXef8/7dOvve97+XYY49N//79c+aZZ+bee+/d6dWaZcuW5YQTTsjAgQPziU98Ihs2bEiSXH/99bn33nvz3e9+N1VVVamqqsry5ct3ONcfrgK1tLRk7NixOeigg3LqqadmzZo13c7zxS9+MUOGDMmgQYNy4YUXZvr06Rk9evRuvXZg94gR6EU+97nP5fHHH893v/vd/Nu//VuWL1+eVatWdX3/97//febMmZOf/vSnefjhh7N27dqu4Kivr8+3vvWtJMmaNWuyYcOGfPnLX06SNDc35+tf/3oWLlyY//zP/8xVV12Vv/7rv87jjz/+jjNdd911+a//+q/84Ac/yLPPPps77rgjgwcP3unal19+OZ/+9KczceLE/PSnP81nP/vZzJw5c4d1r7/+em655Zbcd999+dGPfpR169bl6quvTpJcffXV+au/+quuQNmwYUNOPfXUXc43c+bMzJs3L08//XQOOOCA/M3f/E3X977xjW/kxhtvzJe+9KWsXLkyRx11VO644453fM1AD1WAXmHLli2Vfv36Vb75zW92Hfv1r39dGTBgQOWKK67Y6Z6f/OQnlSSVLVu2VCqVSuWHP/xhJUnltdde61rzxhtvVA466KDKk08+2W3vtGnTKueee+47zjVhwoTK1KlTd/q9l19+uZKk8swzz1QqlUrlmmuuqZx44ond1sycObPbTF/72tcqSSovvPBC15oFCxZU6urqur6eMmVK5VOf+tTbnusPr/Wxxx7rWrN48eJKksrvfve7SqVSqYwbN65y6aWXdnue0047rTJq1Kh3fN3A7nNlBHqJF198Mdu2bcu4ceO6jh166KE57rjjur5euXJlJkyYkKOOOiqDBg3Kxz72sSTJunXrdvm8L7zwQl5//fWcddZZGThwYNfj61//el588cV3nOuSSy7JAw88kNGjR+fzn/98nnzyyV2uXbNmTU4++eRux0455ZQd1h100EE55phjur4+4ogjum439dTIkSO7PU+Srudas2bNDuff2TzAu+MNrPA+sXXr1jQ2NqaxsTHf+MY3cvjhh2fdunVpbGzMtm3bdrnvt7/9bZJk8eLFGTZsWLfvVVdXv+N5zz777PziF7/IkiVL8uijj+Yv//Ivc+mll+aWW27Z49dy4IEHdvu6qqoqlUrlXT9XVVVVkjffIwPsO66MQC9xzDHH5MADD8y///u/dx177bXX8vzzzydJnnvuufz617/O3Llzc8YZZ+T444/f4WpCv379kiTbt2/vOjZixIhUV1dn3bp1+eAHP9jtUV9fv1uzHX744ZkyZUr+5V/+JfPnz8+dd96503XHHXdcnn766W7HfvKTn+zWOf7/6/i/r2FPHXfccTucf0/mAd6eKyPQSwwcODDTpk3L5z73uRx22GEZMmRIZs6cmT593vw3x1FHHZV+/frln/7pn3LxxRfn5z//eebMmdPtOf70T/80VVVVeeSRR/LJT34yAwYMyKBBg3L11VfnqquuSmdnZ04//fS0tbXliSeeSE1NTaZMmfK2c82aNStjxozJhz70oXR0dOSRRx7JCSecsNO1n/3sZ3PrrbfmmmuuybRp07J69ercc889Sd66arE7hg8fnmXLlmXNmjU57LDDUltbu9t7/6/LL788F110UcaOHZtTTz01ixYtyn/8x3/kAx/4wB49H7BzroxAL3LzzTfnjDPOyIQJE9LQ0JDTTz89Y8aMSfLm1Yl77rknDz74YEaMGJG5c+fucKtk2LBhueGGGzJ9+vTU1dXlsssuS5LMmTMn1113XZqbm3PCCSfkE5/4RBYvXpyjjz76HWfq169fZsyYkZEjR+ajH/1o+vbtmwceeGCna48++ug89NBD+fa3v52RI0fmjjvu6Po0ze7cEvqDiy66KMcdd1zGjh2bww8/PE888cRu7/2/zj///MyYMSNXX311PvKRj+Tll1/OBRdckP79++/R8wE7V1XZ0xutAPvAjTfemIULF2b9+vWlR0mSnHXWWRk6dGjuu+++0qNAr+E2DfBH5fbbb8/JJ5+cww47LE888URuvvnmris0+9rrr7+ehQsXprGxMX379s2//uu/5rHHHsujjz5aZB7ordymAd6Viy++uNtHfv/v4+KLL+7x8/33f/93PvWpT2XEiBGZM2dO/u7v/i7XX3/9ez/4bqiqqsqSJUvy0Y9+NGPGjMn3v//9fOtb30pDQ0OReaC3cpsGeFc2bdqU9vb2nX6vpqYmQ4YM2ccTAfsbMQIAFOU2DQBQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICi/hfwBrh+xbF5VQAAAABJRU5ErkJggg==", + "text/plain": [ + "
" + ] + }, + "metadata": {}, + "output_type": "display_data" + } + ], + "source": [ + "amount_per_weekday_for_each_attribute = df.groupby([df['date_sighting'].dt.hour])['one'].sum()\n", + "print(amount_per_weekday_for_each_attribute)\n", + "amount_per_weekday_for_each_attribute.plot(kind='bar', rot=0)" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3 (ipykernel)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.10.12" + }, + "vscode": { + "interpreter": { + "hash": "99e19f785595e5572f3a0434505ffd496bc893a60c3b4501be593ee9ddcf6bde" + } + } + }, + "nbformat": 4, + "nbformat_minor": 4 +} diff --git a/complementary/other-slides/MISP Data model overview-with-analyst-data.pdf b/complementary/other-slides/MISP Data model overview-with-analyst-data.pdf new file mode 100644 index 0000000..2181ea4 Binary files /dev/null and b/complementary/other-slides/MISP Data model overview-with-analyst-data.pdf differ