{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Notebook trainer cheatsheet: API and CLI" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "- Automation page\n", "- Recovering the API KEY (Automation page, User page, RestClient)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Important notice\n", "\n", "This notebook various usage of the MISP restAPI.\n", "\n", "It should be noted that PyMISP is not required to use the MISP restAPI. We are using PyMISP only to parse the response and inspect the data. So any HTTP client such as curl could do the job a described below.\n", "\n", "This command:\n", "```\n", "misp_url = URL + '/events/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"info\": \"Event\"\n", "}\n", "\n", "misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n", "res = misp.direct_call(relative_path, body)\n", "print_result(res)\n", "```\n", "\n", "Will yield the same result as this command:\n", "```\n", "!curl \\\n", " -d '{\"info\": \"Event\"}' \\\n", " -H \"Authorization: ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\" \\\n", " -H \"Accept: application/json\" \\\n", " -H \"Content-type: application/json\" \\\n", " -X POST 127.0.0.1:8080/events/restSearch\n", " ```" ] }, { "cell_type": "code", "execution_count": 2, "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ "/home/adulau/.pyenv/versions/3.10.12/lib/python3.10/site-packages/pymisp/__init__.py:67: FutureWarning: This class is deprecated, use PyMISP instead\n", " warnings.warn('This class is deprecated, use PyMISP instead', FutureWarning)\n" ] } ], "source": [ "from pymisp import ExpandedPyMISP\n", "from pprint import pprint\n", "AUTHKEY = \"YOURAPIKEY\"\n", "URL = \"https://training.misp-community.org/\"\n", "import urllib3\n", "urllib3.disable_warnings()\n", "misp = ExpandedPyMISP(URL, AUTHKEY, False)\n", "\n", "def print_result(result):\n", " flag_printed = False\n", " if isinstance(result, list):\n", " print(\"Count: %s\" % len(result))\n", " flag_printed = True\n", " for i in res:\n", " if 'Event' in i and 'Attribute' in i['Event']:\n", " print(\" - Attribute count: %s\" % len(i['Event']['Attribute']))\n", " elif isinstance(result, dict):\n", " if 'Attribute' in result:\n", " print(\"Count: %s\" % len(result['Attribute']))\n", " flag_printed = True\n", " elif 'Event' in result and 'Attribute' in result['Event']:\n", " print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n", " flag_printed = True\n", " if flag_printed:\n", " print('----------')\n", " pprint(result)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Events" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Creation and Edition" ] }, { "cell_type": "code", "execution_count": 5, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Attribute count: 0\n", "----------\n", "{'Event': {'Attribute': [],\n", " 'CryptographicKey': [],\n", " 'EventReport': [],\n", " 'Galaxy': [],\n", " 'Object': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'ShadowAttribute': [],\n", " 'analysis': '0',\n", " 'attribute_count': '0',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153774',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n" ] } ], "source": [ "# Creation\n", "endpoint = '/events/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"info\": \"Event created via the API as an example\",\n", " \"threat_level_id\": 1,\n", " \"distribution\": 0\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Attribute count: 0\n", "----------\n", "{'Event': {'Attribute': [],\n", " 'CryptographicKey': [],\n", " 'EventReport': [],\n", " 'Galaxy': [],\n", " 'Object': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'ShadowAttribute': [],\n", " 'analysis': '0',\n", " 'attribute_count': '0',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '3',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153806',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n" ] } ], "source": [ "# Edition 1\n", "endpoint = '/events/edit/'\n", "relative_path = '64'\n", "\n", "body = {\n", " \"distribution\": 3,\n", "# \"sharing_group_id\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 4, "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ "Something went wrong (404): {'name': 'Invalid event', 'message': 'Invalid event', 'url': '/events/edit/126'}\n" ] }, { "name": "stdout", "output_type": "stream", "text": [ "{'errors': (404,\n", " {'message': 'Invalid event',\n", " 'name': 'Invalid event',\n", " 'url': '/events/edit/126'})}\n" ] } ], "source": [ "# Edition 2 - Adding Attribute\n", "endpoint = '/events/edit/'\n", "relative_path = '126'\n", "\n", "body = {\n", " \"distribution\": 0,\n", " \"Attribute\": [\n", " {\n", " \"value\": \"9.9.9.9\",\n", " \"type\": \"ip-src\"\n", " }\n", " ]\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 47, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'message': 'Global tag tlp:red123(400) successfully attached to Event(126).',\n", " 'name': 'Global tag tlp:red123(400) successfully attached to Event(126).',\n", " 'saved': True,\n", " 'success': True,\n", " 'url': '/tags/attachTagToObject'}\n" ] } ], "source": [ "# Edition 2 - tagging 1\n", "endpoint = '/tags/attachTagToObject'\n", "relative_path = ''\n", "\n", "body = {\n", " \"uuid\": \"b3cc1ea2-892f-48e1-a6dc-20279818a724\", # can be anything: event or attribute\n", " \"tag\": \"tlp:red\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Attributes" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Creation and edition" ] }, { "cell_type": "code", "execution_count": 8, "metadata": {}, "outputs": [], "source": [ "event_id = 64" ] }, { "cell_type": "code", "execution_count": 9, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 19\n", "----------\n", "{'Attribute': {'category': 'Network activity',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713153845',\n", " 'to_ids': True,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '8.8.8.9',\n", " 'value1': '8.8.8.9',\n", " 'value2': ''},\n", " 'AttributeTag': []}\n" ] } ], "source": [ "# Adding\n", "endpoint = '/attributes/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", " \"value\": \"8.8.8.9\",\n", " \"type\": \"ip-dst\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 21, "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ "Something went wrong (403): {'saved': False, 'name': 'Could not add Attribute', 'message': 'Could not add Attribute', 'url': '/attributes/add', 'errors': {'value': ['Checksum has an invalid length or format (expected: 32 hexadecimal characters). Please double check the value or select type \"other\".']}}\n" ] }, { "name": "stdout", "output_type": "stream", "text": [ "{'errors': (403,\n", " {'errors': {'value': ['Checksum has an invalid length or format '\n", " '(expected: 32 hexadecimal characters). '\n", " 'Please double check the value or select '\n", " 'type \"other\".']},\n", " 'message': 'Could not add Attribute',\n", " 'name': 'Could not add Attribute',\n", " 'saved': False,\n", " 'url': '/attributes/add'})}\n" ] } ], "source": [ "# Adding invalid attribute type\n", "endpoint = '/attributes/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", " \"value\": \"8.8.8.9\",\n", " \"type\": \"md5\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 22, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 17\n", "----------\n", "{'Attribute': {'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'}}\n" ] } ], "source": [ "# Editing\n", "endpoint = '/attributes/edit/' # /attributes/edit/[attribute_id]\n", "relative_path = '3362'\n", "\n", "body = {\n", " \"value\": \"127.0.0.1\",\n", " \"to_ids\": 0,\n", " \"comment\": \"Comment added via the API\",\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 54, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 17\n", "----------\n", "{'Attribute': {'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '126',\n", " 'first_seen': None,\n", " 'id': '56143',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1705582332',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '8153fcad-cd37-45d9-a1d1-a509942116f8',\n", " 'value': '127.1.1.1'}}\n" ] } ], "source": [ "# Editing with data taken from JSON views. \n", "# (timestamp) contrast the difference with *PyMISP*\n", "endpoint = '/attributes/edit/'\n", "relative_path = '56143'\n", "\n", "body = {\n", " \"id\": \"56143\",\n", " \"type\": \"ip-dst\",\n", " \"category\": \"Network activity\",\n", " \"to_ids\": False,\n", " \"uuid\": \"8153fcad-cd37-45d9-a1d1-a509942116f8\",\n", " \"event_id\": \"126\",\n", " \"distribution\": \"5\",\n", " \"comment\": \"Comment added via the API\",\n", " \"sharing_group_id\": \"0\",\n", " \"deleted\": False,\n", " \"disable_correlation\": False,\n", " \"object_id\": \"0\",\n", " \"object_relation\": None,\n", " \"first_seen\": None,\n", " \"last_seen\": None,\n", " \"value\": \"127.1.1.1\",\n", " \"Galaxy\": [],\n", " \"ShadowAttribute\": []\n", " }\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Objects" ] }, { "cell_type": "code", "execution_count": 23, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Object': {'Attribute': [{'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post',\n", " 'value1': 'post',\n", " 'value2': ''}],\n", " 'comment': '',\n", " 'deleted': False,\n", " 'description': 'Microblog post like a Twitter tweet or a post on a '\n", " 'Facebook wall.',\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '537',\n", " 'last_seen': None,\n", " 'meta-category': 'misc',\n", " 'name': 'microblog',\n", " 'sharing_group_id': '0',\n", " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", " 'template_version': '5',\n", " 'timestamp': '1558702173',\n", " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}}\n" ] } ], "source": [ "endpoint = '/objects/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", " \"name\": \"microblog\",\n", " \"meta-category\": \"misc\",\n", " \"description\": \"Microblog post like a Twitter tweet or a post on a Facebook wall.\",\n", " \"template_uuid\": \"8ec8c911-ddbe-4f5b-895b-fbff70c42a60\",\n", " \"template_version\": \"5\",\n", " \"event_id\": event_id,\n", " \"timestamp\": \"1558702173\",\n", " \"distribution\": \"5\",\n", " \"sharing_group_id\": \"0\",\n", " \"comment\": \"\",\n", " \"deleted\": False,\n", " \"ObjectReference\": [],\n", " \"Attribute\": [\n", " {\n", " \"type\": \"text\",\n", " \"category\": \"Other\",\n", " \"to_ids\": False,\n", " \"event_id\": event_id,\n", " \"distribution\": \"5\",\n", " \"timestamp\": \"1558702173\",\n", " \"comment\": \"\",\n", " \"sharing_group_id\": \"0\",\n", " \"deleted\": False,\n", " \"disable_correlation\": False,\n", " \"object_relation\": \"post\",\n", " \"value\": \"post\",\n", " \"Galaxy\": [],\n", " \"ShadowAttribute\": []\n", " }\n", " ]\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 24, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Attribute count: 1\n", "----------\n", "{'Event': {'Attribute': [{'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'}],\n", " 'CryptographicKey': [],\n", " 'EventReport': [{'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '55',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713153904',\n", " 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n", " {'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '56',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154575',\n", " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n", " 'Galaxy': [],\n", " 'Object': [{'Attribute': [{'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}],\n", " 'ObjectReference': [],\n", " 'comment': '',\n", " 'deleted': False,\n", " 'description': 'Microblog post like a Twitter tweet or '\n", " 'a post on a Facebook wall.',\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '537',\n", " 'last_seen': None,\n", " 'meta-category': 'misc',\n", " 'name': 'microblog',\n", " 'sharing_group_id': '0',\n", " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", " 'template_version': '5',\n", " 'timestamp': '1558702173',\n", " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'ShadowAttribute': [],\n", " 'Tag': [{'colour': '#33FF00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '12',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:green',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '2',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713154741',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n" ] } ], "source": [ "# Edition 2 - tagging 2\n", "endpoint = '/events/edit/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", " \"distribution\": 0,\n", " \"Tag\": [\n", " {\"name\":\"tlp:green\"}\n", " ]\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Event reports" ] }, { "cell_type": "code", "execution_count": 20, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Event': {'Org': {'id': '15', 'name': 'CIRCL'},\n", " 'Orgc': {'id': '15', 'name': 'CIRCL'},\n", " 'date': '2024-04-15',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'user_id': '626'},\n", " 'EventReport': {'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '56',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154575',\n", " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'},\n", " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n" ] } ], "source": [ "endpoint = '/eventReports/add/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", " \"name\": \"Report from API\",\n", " \"distribution\": 5,\n", " \"sharing_group_id\": 0,\n", " \"content\": \"Body\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "event_report_id = res['EventReport']['id']\n", "\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 66, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Event': {'Org': {'id': '15', 'name': 'CIRCL'},\n", " 'Orgc': {'id': '15', 'name': 'CIRCL'},\n", " 'date': '2024-04-15',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'user_id': '626'},\n", " 'EventReport': {'content': 'html # TR-84 - PAN-OS (Palo Alto Networks) OS '\n", " 'Command Injection Vulnerability in GlobalProtect '\n", " 'Gateway - CVE-2024-3400\\n'\n", " '\\n'\n", " ' ### TR-84 - PAN-OS (Palo Alto Networks) OS '\n", " 'Command Injection Vulnerability in GlobalProtect '\n", " 'Gateway - CVE-2024-3400\\n'\n", " '\\n'\n", " ' â\\x86\\x91 Back to Publications and '\n", " 'Presentations\\n'\n", " '\\n'\n", " ' \\n'\n", " ' 2. Fixes\\n'\n", " ' 4. Detection\\n'\n", " ' 6. Known affected software\\n'\n", " ' 8. References\\n'\n", " ' 10. Classification of this document\\n'\n", " ' 12. Revision\\n'\n", " ' \\n'\n", " ' You can report incidents via our official '\n", " 'contact including e-mail, phone or use the '\n", " 'Anonymous reporting form.\\n'\n", " '\\n'\n", " ' Search\\n'\n", " '\\n'\n", " ' \\n'\n", " ' A command injection vulnerability in the '\n", " 'GlobalProtect feature of Palo Alto Networks '\n", " 'PAN-OS software for specific PAN-OS versions and '\n", " 'distinct feature configurations may enable an '\n", " 'unauthenticated attacker to execute arbitrary '\n", " 'code with root privileges on the firewall. Fixes '\n", " 'for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are '\n", " 'in development and are expected to be released by '\n", " 'April 14, 2024. Cloud NGFW, Panorama appliances, '\n", " 'and Prisma Access are not impacted by this '\n", " 'vulnerability. All other versions of PAN-OS are '\n", " 'also not impacted.\\n'\n", " '\\n'\n", " ' The vulnerability is currently exploited in the '\n", " 'wild as mentioned by Volexity and itâ\\x80\\x99s '\n", " 'referenced as CVE-2024-3400.\\n'\n", " '\\n'\n", " ' ## Fixes\\n'\n", " '\\n'\n", " ' Palo Alto Networks mention a patch will be '\n", " 'released by April 14, 2024. This issue will be '\n", " 'fixed in hotfix releases of PAN-OS 10.2.9-h1 '\n", " '(ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), '\n", " 'and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all '\n", " 'later PAN-OS versions.\\n'\n", " '\\n'\n", " ' There are workarounds proposed by the vendor to '\n", " 'fix the vulnerability before the hotfix will be '\n", " 'released.\\n'\n", " '\\n'\n", " ' ## Detection\\n'\n", " '\\n'\n", " ' \\n'\n", " ' * Indicators shared by Volexity are available in '\n", " 'a MISP event with UUID '\n", " '9802116c-3ec3-4a8e-8b39-5c69b08df5ab, shared in '\n", " 'the OSINT feed and the MISP private sector '\n", " 'community.\\n'\n", " ' \\n'\n", " ' ## Known affected software\\n'\n", " '\\n'\n", " ' \\n'\n", " ' * PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 used '\n", " 'as GlobalProtect gateway with device telemetry '\n", " 'enabled. (other versions are not impacted).\\n'\n", " ' \\n'\n", " ' ## References\\n'\n", " '\\n'\n", " ' \\n'\n", " ' * Palo Alto Networks - CVE-2024-3400 PAN-OS: OS '\n", " 'Command Injection Vulnerability in GlobalProtect '\n", " 'Gateway.\\n'\n", " ' * Volexity - 0day exploited in the wild..\\n'\n", " ' * Volexity - []Zero-Day Exploitation of '\n", " 'Unauthenticated Remote Code Execution '\n", " 'Vulnerability in GlobalProtect '\n", " '(CVE-2024-3400)(https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/)\\n'\n", " ' \\n'\n", " ' ## Classification of this document\\n'\n", " '\\n'\n", " ' TLP:CLEAR information may be distributed without '\n", " 'restriction, subject to copyright controls.\\n'\n", " '\\n'\n", " ' ## Revision\\n'\n", " '\\n'\n", " ' \\n'\n", " ' * Version 1.0 - TLP:CLEAR - First version - 12th '\n", " 'April 2024\\n'\n", " ' * Version 1.1 - TLP:CLEAR - Second version - '\n", " '13rd April 2024 - IoCs added\\n'\n", " ' \\n'\n", " ' ',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '57',\n", " 'name': 'Report from - https://www.circl.lu/pub/tr-84/ '\n", " '(1713160991)',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713160991',\n", " 'uuid': '53c2eaf6-43f6-4789-8c47-99445877c7e5'},\n", " 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n" ] } ], "source": [ "# Download HTML, convert it into markdown then save it as Event Report.\n", "endpoint = '/eventReports/importReportFromUrl/'\n", "relative_path = str(event_id)\n", "\n", "body = {\n", " \"url\": \"https://www.circl.lu/pub/tr-84/\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 68, "metadata": {}, "outputs": [ { "name": "stderr", "output_type": "stream", "text": [ "Something went wrong (404): {'name': 'Invalid report', 'message': 'Invalid report', 'url': '/eventReports/extractAllFromReport/64'}\n" ] }, { "name": "stdout", "output_type": "stream", "text": [ "{'errors': (404,\n", " {'message': 'Invalid report',\n", " 'name': 'Invalid report',\n", " 'url': '/eventReports/extractAllFromReport/64'})}\n" ] } ], "source": [ " # Extract all entities, tag Event with tag found\n", "endpoint = '/eventReports/extractAllFromReport/'\n", "relative_path = str(64)\n", "\n", "body = {\n", " \"tag_event\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Analyst Data" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Analyst Note" ] }, { "cell_type": "code", "execution_count": 67, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Note': {'Org': {'contacts': None,\n", " 'created_by': '0',\n", " 'date_created': '2023-09-29 06:47:38',\n", " 'date_modified': '2023-09-29 06:47:38',\n", " 'description': 'CIRCL is the CERT (Computer Emergency '\n", " 'Response Team/Computer Security Incident '\n", " 'Response Team) for the private sector, '\n", " 'communes and non-governmental entities in '\n", " 'Luxembourg.',\n", " 'id': '15',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'nationality': '',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'contacts': None,\n", " 'created_by': '0',\n", " 'date_created': '2023-09-29 06:47:38',\n", " 'date_modified': '2023-09-29 06:47:38',\n", " 'description': 'CIRCL is the CERT (Computer Emergency '\n", " 'Response Team/Computer Security Incident '\n", " 'Response Team) for the private sector, '\n", " 'communes and non-governmental entities in '\n", " 'Luxembourg.',\n", " 'id': '15',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'nationality': '',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " '_canEdit': True,\n", " 'authors': 'john.doe@admin.test',\n", " 'created': '2024-04-15 06:04:52',\n", " 'distribution': '1',\n", " 'id': '1',\n", " 'language': 'fr-BE',\n", " 'locked': False,\n", " 'modified': '2024-04-15 06:04:52',\n", " 'note': 'Ceci est une note',\n", " 'note_type': 0,\n", " 'note_type_name': 'Note',\n", " 'object_type': 'Event64',\n", " 'object_uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'org_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", " 'orgc_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", " 'sharing_group_id': None,\n", " 'uuid': 'bdccb0a3-6cd1-4562-88d7-f4f67007195b'}}\n" ] } ], "source": [ "analystType = 'Note'\n", "objectUUID = '501fd194-8b98-40d9-91e6-1c3d56d9c36a'\n", "# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n", "# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n", "objectType = 'Event'\n", "endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n", "\n", "body = {\n", " \"note\": \"Ceci est une note\",\n", " \"language\": \"fr-BE\",\n", " \"authors\": \"john.doe@admin.test\",\n", " \"distribution\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Analyst Opinion" ] }, { "cell_type": "code", "execution_count": 69, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Opinion': {'Org': {'contacts': None,\n", " 'created_by': '0',\n", " 'date_created': '2023-09-29 06:47:38',\n", " 'date_modified': '2023-09-29 06:47:38',\n", " 'description': 'CIRCL is the CERT (Computer Emergency '\n", " 'Response Team/Computer Security Incident '\n", " 'Response Team) for the private sector, '\n", " 'communes and non-governmental entities in '\n", " 'Luxembourg.',\n", " 'id': '15',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'nationality': '',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'contacts': None,\n", " 'created_by': '0',\n", " 'date_created': '2023-09-29 06:47:38',\n", " 'date_modified': '2023-09-29 06:47:38',\n", " 'description': 'CIRCL is the CERT (Computer Emergency '\n", " 'Response Team/Computer Security Incident '\n", " 'Response Team) for the private sector, '\n", " 'communes and non-governmental entities '\n", " 'in Luxembourg.',\n", " 'id': '15',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'nationality': '',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " '_canEdit': True,\n", " 'authors': 'john.doe@admin.test',\n", " 'comment': 'This is an opinion',\n", " 'created': '2024-04-15 06:09:58',\n", " 'distribution': '1',\n", " 'id': '1',\n", " 'locked': False,\n", " 'modified': '2024-04-15 06:09:58',\n", " 'note_type': 1,\n", " 'note_type_name': 'Opinion',\n", " 'object_type': 'Event64',\n", " 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n", " 'opinion': '75',\n", " 'org_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", " 'orgc_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n", " 'sharing_group_id': None,\n", " 'uuid': '94f0f534-4287-4612-972b-0c95e57938e5'}}\n" ] } ], "source": [ "analystType = 'Opinion'\n", "objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n", "# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n", "# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n", "objectType = 'Event'\n", "endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n", "\n", "body = {\n", " \"opinion\": 75,\n", " \"comment\": \"This is an opinion\",\n", " \"authors\": \"john.doe@admin.test\",\n", " \"distribution\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Searches" ] }, { "cell_type": "code", "execution_count": 28, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "[{'EventTag': [],\n", " 'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'attribute_count': '0',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'extends_uuid': '',\n", " 'id': '63',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'sighting_timestamp': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153707',\n", " 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'},\n", " {'EventTag': [{'Tag': {'colour': '#33FF00',\n", " 'id': '12',\n", " 'is_galaxy': False,\n", " 'name': 'tlp:green'},\n", " 'event_id': '64',\n", " 'id': '348',\n", " 'local': False,\n", " 'relationship_type': None,\n", " 'tag_id': '12'}],\n", " 'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'attribute_count': '2',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'sighting_timestamp': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713154741',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}]\n" ] } ], "source": [ "# Searching the Event index (Move it to the search topic)\n", "endpoint = '/events/index'\n", "relative_path = ''\n", "\n", "body = {\n", " \"eventinfo\": \"Event created via the API as an example\",\n", "# \"publish_timestamp\": \"2024-04-15\",\n", "# \"org\": \"ORGNAME\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 29, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Event number: 0\n", "Count: 0\n", "----------\n", "[]\n" ] } ], "source": [ "# Searching the Event index\n", "misp_url = '/events/index'\n", "relative_path = ''\n", "\n", "body = {\n", "# \"hasproposal\": 1,\n", " \"tag\": [\"tlp:amber\"]\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "\n", "print('Event number: %s' % len(res))\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## RestSearch\n", "**Aka: Most powerful search tool in MISP**" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### RestSearch - Attributes" ] }, { "cell_type": "code", "execution_count": 30, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Object': {'distribution': '5',\n", " 'id': '537',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 69, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 1\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '126',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '1',\n", " 'orgc_id': '1',\n", " 'uuid': 'b3cc1ea2-892f-48e1-a6dc-20279818a724'},\n", " 'Object': {'distribution': '5',\n", " 'id': '645',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '126',\n", " 'first_seen': None,\n", " 'id': '56144',\n", " 'last_seen': None,\n", " 'object_id': '645',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "# Searches on Attribute's data\n", "misp_url = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", " \"type\": \"ip-dst\",\n", "# \"value\": \"127.0.%\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 31, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Object': {'distribution': '5',\n", " 'id': '537',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "# Searches on Attribute's data\n", "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", " \"deleted\": [0, 1] # Consider both deleted AND not deleted\n", "}\n", "\n", "# [] == {\"OR\": []}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 33, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Object': {'distribution': '5',\n", " 'id': '537',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "# Searches on Attribute's data\n", "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", "# \"tags\": \"tlp:white\",\n", "# \"tags\": [\"tlp:white\", \"tlp:green\"]\n", "# \"tags\": [\"!tlp:green\"]\n", "# \"tags\": \"tlp:%\",\n", "# \"includeEventTags\": 1\n", "# BRAND NEW (only tag)! Prefered way (Most accurate): Distinction between OR and AND!\n", "# \"tags\": {\"AND\": [\"tlp:green\", \"Malware\"], \"NOT\": [\"%ransomware%\"]}\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 35, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Object': {'distribution': '5',\n", " 'id': '537',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "# Paginating\n", "endpoint = '/attributes/restSearch/'\n", "#relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", "# \"page\": 0,\n", "# \"limit\": 10000\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 37, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Object': {'distribution': '5',\n", " 'id': '537',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "# Searches based on time: Absolute\n", "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "event_id = 64\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", " \"from\": \"2019/05/21\" # or \"2019-05-21\"\n", " # from and to NOT REALLY USEFUL.. \n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 40, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Object': {'distribution': '5',\n", " 'id': '537',\n", " 'sharing_group_id': '0'},\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}]}\n" ] } ], "source": [ "# Searches based on time: Relative\n", "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "# /!\\ Last: works on the publish_timestamp -> may be confusing\n", "# Units: days, hours, minutes and secondes\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", "# \"to_ids\": 1,\n", "# \"publish_timestamp\": \"2024-04-15\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Precision regarding the different timestamps\n", "- ``publish_timestamp`` = Time at which the event was published\n", " - Usage: get data that arrived in my system since x\n", " - E.g.: New data from a feed\n", "- ``timestamp`` = Time of the last modification on the data\n", " - data was modified in the last x hours\n", " - E.g.: Last updated data from a feed\n", "- ``event_timestamp``: Used in the Attribute scope\n", " - Event modified in the last x hours" ] }, { "cell_type": "code", "execution_count": 44, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 1\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Payload delivery',\n", " 'comment': '',\n", " 'data': 'iVBORw0KGgoAAAANSUhEUgAAAG8AAABvAQAAAADKvqPNAAABJklEQVQ4jdXUMY6FIBAG4N9Y0K0XIOEadF5JL4B6Ad+V6LiGiRfAjoI4O5oX87ZhKDabLKH5CsPPMCPox8L/YASm0EZkwIg8KI9hX/s8UQW9nkhPKQ+qioMCel1J1+fR15HyYNv5I2SBfN8xaN7P9QvkdYIPMk9hC4zQsJvr99XKPG37usqO8U4lEFsXaAm5uw8qM3JyMkeCsxVU2nHZLZ1K5gl++v1IW/NOVSIFjB5QcPe3ZfJ9KeUm0CvJjNi+cOV/hyzyILMEbkI0wcj0/EBmVtdZMkO79hwJU6qgz07tp0XjjUheR2o5W4RMbpJB6S7xLJBIngUHzaccycj0eqR9Vk9xBA7gzW1Qx75dCADJvP45V9NGK/MeGR6xayJE/tkf+Nf4DXMqFobLZDuHAAAAAElFTkSuQmCC',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3364',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155138',\n", " 'to_ids': False,\n", " 'type': 'attachment',\n", " 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n", " 'value': 'cti-2024.png'}]}\n" ] } ], "source": [ "# Searches with attachments\n", "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", " \"type\": \"attachment\",\n", " \"withAttachments\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 48, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", "----------\n", "{'Attribute': [{'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Event': {'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'category': 'Network activity',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3366',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155243',\n", " 'to_ids': True,\n", " 'type': 'ip-dst',\n", " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", " 'value': '127.0.0.2'}]}\n" ] } ], "source": [ "# Searches - Others\n", "endpoint = '/attributes/restSearch/'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": event_id,\n", " \"type\": [\"ip-src\", \"ip-dst\"],\n", " \"enforceWarninglist\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### RestSearch - Events" ] }, { "cell_type": "code", "execution_count": 49, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 1\n", " - Attribute count: 4\n", "----------\n", "[{'Event': {'Attribute': [{'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Payload delivery',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3364',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155138',\n", " 'to_ids': False,\n", " 'type': 'attachment',\n", " 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n", " 'value': 'cti-2024.png'},\n", " {'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3365',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155215',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '1ce6d7c3-a3cf-4bf7-b0fe-a054b7a06342',\n", " 'value': '8.8.8.8'},\n", " {'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3366',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155243',\n", " 'to_ids': True,\n", " 'type': 'ip-dst',\n", " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", " 'value': '127.0.0.2'}],\n", " 'CryptographicKey': [],\n", " 'EventReport': [{'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '55',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713153904',\n", " 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n", " {'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '56',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154575',\n", " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n", " 'Galaxy': [],\n", " 'Object': [{'Attribute': [{'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}],\n", " 'ObjectReference': [],\n", " 'comment': '',\n", " 'deleted': False,\n", " 'description': 'Microblog post like a Twitter tweet or '\n", " 'a post on a Facebook wall.',\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '537',\n", " 'last_seen': None,\n", " 'meta-category': 'misc',\n", " 'name': 'microblog',\n", " 'sharing_group_id': '0',\n", " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", " 'template_version': '5',\n", " 'timestamp': '1558702173',\n", " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'date': '2024-04-15',\n", " 'distribution': '0',\n", " 'id': '62',\n", " 'info': 'Test event with some sample '\n", " 'indicator to match on Jupyter '\n", " 'notebook',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'published': False,\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153254',\n", " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n", " 'ShadowAttribute': [],\n", " 'Tag': [{'colour': '#33FF00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '12',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:green',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '5',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713155243',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n" ] } ], "source": [ "# Searching using the RestSearch\n", "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventid\": 64,\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 51, "metadata": {}, "outputs": [], "source": [ "# Searching using the RestSearch - Other return format\n", "!curl \\\n", " -d '{\"returnFormat\":\"rpz\",\"eventid\":64}' \\\n", " -H \"Authorization: tzcU6V4IdOdNsQy9LkD3yBHaIkg64n7oeKpaQNyf\" \\\n", " -H \"Accept: application/json\" \\\n", " -H \"Content-type: application/json\" \\\n", " -k \\\n", " -X POST https://localhost:8443/events/restSearch 2> /dev/null" ] }, { "cell_type": "code", "execution_count": 96, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "uuid,event_id,category,type,value,comment,to_ids,date,object_relation,attribute_tag,object_uuid,object_name,object_meta_category\r\n", "\"6938d503-7d96-48b6-9a18-f8e6f95f04dd\",126,\"Network activity\",\"ip-src\",\"9.9.9.9\",\"\",1,1705581872,\"\",\"\",\"\",\"\",\"\"\r\n", "\"8153fcad-cd37-45d9-a1d1-a509942116f8\",126,\"Network activity\",\"ip-dst\",\"127.2.2.2\",\"Comment added via the API!\",0,1705583914,\"\",\"tlp:white\",\"\",\"\",\"\"\r\n", "\"1b436ea7-5fc3-485f-b059-9bfff544925f\",126,\"Payload delivery\",\"attachment\",\"test.txt\",\"\",0,1705584018,\"\",\"\",\"\",\"\",\"\"\r\n", "\"7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5\",126,\"Other\",\"text\",\"post\",\"\",0,1558702173,\"post\",\"\",\"838aefb1-0f6e-4967-9a99-e7414887ae9a\",\"microblog\",\"misc\"\r\n", "\r\n" ] } ], "source": [ "# Searching using the RestSearch - Other return format\n", "!curl \\\n", " -d '{\"returnFormat\":\"csv\",\"eventid\":126}' \\\n", " -H \"Authorization: AaRwZVxZqE8peVet1LGfTYMOkOfFfa7rlS5i5xfL\" \\\n", " -H \"Accept: application/json\" \\\n", " -H \"Content-type: application/json\" \\\n", " -k \\\n", " -X POST https://localhost:8443/events/restSearch 2> /dev/null" ] }, { "cell_type": "code", "execution_count": 52, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 0\n", "----------\n", "[]\n" ] } ], "source": [ "# Searching using the RestSearch - Filtering\n", "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"value\": \"parsed-ail.json\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 53, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 14\n", "----------\n", "[{'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '278',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '59',\n", " 'id': '13207',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'calling-code': ['+33'],\n", " 'capital': ['Paris'],\n", " 'currency': ['€',\n", " 'EUR',\n", " 'EURO'],\n", " 'iso-code': ['FR', 'FRA'],\n", " 'member-of': ['NATO'],\n", " 'official-languages': ['French'],\n", " 'synonyms': ['French '\n", " 'Republic',\n", " 'République '\n", " 'française'],\n", " 'territory-type': ['Country'],\n", " 'top-level-domain': ['.fr']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 167,\n", " 'tag_name': 'misp-galaxy:target-information=\"France\"',\n", " 'type': 'target-information',\n", " 'uuid': '0cc6ad08-fac6-42bc-a7c7-09a53ea6b968',\n", " 'value': 'France',\n", " 'version': '7'}],\n", " 'description': 'Description of targets of threat '\n", " 'actors.',\n", " 'enabled': True,\n", " 'icon': 'bullseye',\n", " 'id': '59',\n", " 'local_only': False,\n", " 'name': 'Target Information',\n", " 'namespace': 'misp',\n", " 'type': 'target-information',\n", " 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n", " 'version': '1'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9554',\n", " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'id': '17887',\n", " 'referenced_galaxy_cluster_id': '9652',\n", " 'referenced_galaxy_cluster_type': 'parent-of',\n", " 'referenced_galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9554',\n", " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'id': '17888',\n", " 'referenced_galaxy_cluster_id': '9653',\n", " 'referenced_galaxy_cluster_type': 'parent-of',\n", " 'referenced_galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9554',\n", " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'id': '17889',\n", " 'referenced_galaxy_cluster_id': '9654',\n", " 'referenced_galaxy_cluster_type': 'parent-of',\n", " 'referenced_galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9652',\n", " 'galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", " 'id': '17916',\n", " 'referenced_galaxy_cluster_id': '9554',\n", " 'referenced_galaxy_cluster_type': 'successor-of',\n", " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9653',\n", " 'galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", " 'id': '17917',\n", " 'referenced_galaxy_cluster_id': '9554',\n", " 'referenced_galaxy_cluster_type': 'successor-of',\n", " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9654',\n", " 'galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", " 'id': '17919',\n", " 'referenced_galaxy_cluster_id': '9554',\n", " 'referenced_galaxy_cluster_type': 'successor-of',\n", " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'sharing_group_id': None}],\n", " 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", " 'http://pastebin.com/raw/GHgpWjar',\n", " 'MISP Project',\n", " 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n", " 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Conti ransomware is '\n", " 'a RaaS and has been '\n", " 'observed encrypting '\n", " 'networks since '\n", " 'mid-2020.\\n'\n", " 'Conti was developed '\n", " 'by the “TrickBot” '\n", " 'group, an organized '\n", " 'Russian '\n", " 'cybercriminal '\n", " 'operation. Their '\n", " 'reputation has '\n", " 'allowed the group '\n", " 'to create a strong '\n", " 'brand name, '\n", " 'attracting many '\n", " 'affiliates which '\n", " 'has made Conti one '\n", " 'of the most '\n", " 'widespread '\n", " 'ransomware strains '\n", " 'in the world.\\n'\n", " 'One of the last '\n", " 'known “Conti” '\n", " 'attacks was against '\n", " 'the government of '\n", " 'Costa Rica in April '\n", " '2022 causing the '\n", " 'country to declare '\n", " 'a state of '\n", " 'emergency.\\n'\n", " 'Shortly after this '\n", " 'final attack, the '\n", " '“Conti” brand '\n", " 'disappeared. The '\n", " 'group behind it '\n", " 'likely switched to '\n", " 'a different brand '\n", " 'to avoid sanctions '\n", " 'and start over with '\n", " 'a new, clean '\n", " 'reputation.',\n", " 'distribution': '3',\n", " 'event_tag_id': '279',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '49',\n", " 'id': '9554',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'attribution-confidence': ['100'],\n", " 'country': ['RU'],\n", " 'extensions': ['.conti'],\n", " 'links': ['http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/',\n", " 'http://continews.click'],\n", " 'ransomnotes': ['All of '\n", " 'your '\n", " 'files are '\n", " 'currently '\n", " 'encrypted '\n", " 'by CONTI '\n", " 'ransomware.'],\n", " 'refs': ['https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-010-acsc-ransomware-profile-conti',\n", " 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098',\n", " 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 166,\n", " 'tag_name': 'misp-galaxy:ransomware=\"Conti\"',\n", " 'type': 'ransomware',\n", " 'uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'value': 'Conti',\n", " 'version': '118'}],\n", " 'description': 'Ransomware galaxy based on '\n", " 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", " 'enabled': True,\n", " 'icon': 'btc',\n", " 'id': '49',\n", " 'local_only': False,\n", " 'name': 'Ransomware',\n", " 'namespace': 'misp',\n", " 'type': 'ransomware',\n", " 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n", " 'version': '4'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'date': '2022-03-22',\n", " 'distribution': '2',\n", " 'id': '55',\n", " 'info': 'Network relationship with '\n", " 'Conti BTC address',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'published': False,\n", " 'threat_level_id': '4',\n", " 'timestamp': '1695040739',\n", " 'uuid': 'd1a18f98-4efb-4238-b608-8783e626b95f'}}],\n", " 'Tag': [{'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '16',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:white',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '167',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:target-information=\"France\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '166',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:ransomware=\"Conti\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#075200',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '138',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'admiralty-scale:source-reliability=\"b\"',\n", " 'numerical_value': '75',\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '13',\n", " 'date': '2022-03-21',\n", " 'disable_correlation': False,\n", " 'distribution': '1',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '50',\n", " 'info': 'Ransomware Attack against a French organization',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1695041268',\n", " 'uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#33FF00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '12',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:green',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '28',\n", " 'date': '2021-12-22',\n", " 'disable_correlation': False,\n", " 'distribution': '1',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '51',\n", " 'info': 'Dirty harry example',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1693922674',\n", " 'uuid': '339b8437-13e8-4ae6-97dc-47cf909aa78d'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5881',\n", " 'galaxy_cluster_uuid': '590777b3-b475-4c7c-aaf8-f4a73b140312',\n", " 'id': '2339',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7107',\n", " 'galaxy_cluster_uuid': 'e401d4fe-f0c9-44f0-98e6-f93487678808',\n", " 'id': '9763',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7262',\n", " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", " 'id': '11748',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7476',\n", " 'galaxy_cluster_uuid': 'd6b3fcd0-1c86-4350-96f0-965ed02fcc51',\n", " 'id': '14674',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7516',\n", " 'galaxy_cluster_uuid': '4c6d62c2-89f5-4159-8fab-0190b1f9d328',\n", " 'id': '15343',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7524',\n", " 'galaxy_cluster_uuid': 'c984b414-b766-44c5-814a-2fe96c913c12',\n", " 'id': '15474',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7535',\n", " 'galaxy_cluster_uuid': '727afb95-3d0f-4451-b297-362a43909923',\n", " 'id': '15629',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7541',\n", " 'galaxy_cluster_uuid': 'e14085cb-0e8d-4be6-92ba-e3b93ee5978f',\n", " 'id': '15744',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14906',\n", " 'galaxy_cluster_uuid': '0ee4d8a5-4e67-4faf-acfa-62a78457d1f2',\n", " 'id': '22387',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15094',\n", " 'galaxy_cluster_uuid': 'b55d23e5-6821-44ff-8a6e-67218891e49f',\n", " 'id': '22582',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15893',\n", " 'galaxy_cluster_uuid': '7bd3902d-8b8b-4dd4-838a-c6862d40150d',\n", " 'id': '23482',\n", " 'referenced_galaxy_cluster_id': '4806',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'modify client '\n", " 'software binaries '\n", " 'to establish '\n", " 'persistent access '\n", " 'to systems. Client '\n", " 'software enables '\n", " 'users to access '\n", " 'services provided '\n", " 'by a server. Common '\n", " 'client software '\n", " 'types are SSH '\n", " 'clients, FTP '\n", " 'clients, email '\n", " 'clients, and web '\n", " 'browsers.\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'make modifications '\n", " 'to client software '\n", " 'binaries to carry '\n", " 'out malicious tasks '\n", " 'when those '\n", " 'applications are in '\n", " 'use. For example, '\n", " 'an adversary may '\n", " 'copy source code '\n", " 'for the client '\n", " 'software, add a '\n", " 'backdoor, compile '\n", " 'for the target, and '\n", " 'replace the '\n", " 'legitimate '\n", " 'application binary '\n", " '(or support files) '\n", " 'with the backdoored '\n", " 'one. Since these '\n", " 'applications may be '\n", " 'routinely executed '\n", " 'by the user, the '\n", " 'adversary can '\n", " 'leverage this for '\n", " 'persistent access '\n", " 'to the host.',\n", " 'distribution': '3',\n", " 'event_tag_id': '282',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '4806',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1554'],\n", " 'kill_chain': ['mitre-attack:persistence'],\n", " 'mitre_data_sources': ['File: '\n", " 'File '\n", " 'Creation',\n", " 'File: '\n", " 'File '\n", " 'Deletion',\n", " 'File: '\n", " 'File '\n", " 'Metadata',\n", " 'File: '\n", " 'File '\n", " 'Modification'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1554']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 23,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Compromise '\n", " 'Client Software Binary '\n", " '- T1554\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n", " 'value': 'Compromise Client '\n", " 'Software Binary - T1554',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may use '\n", " 'traffic signaling '\n", " 'to hide open ports '\n", " 'or other malicious '\n", " 'functionality used '\n", " 'for persistence or '\n", " 'command and '\n", " 'control. Traffic '\n", " 'signaling involves '\n", " 'the use of a magic '\n", " 'value or sequence '\n", " 'that must be sent '\n", " 'to a system to '\n", " 'trigger a special '\n", " 'response, such as '\n", " 'opening a closed '\n", " 'port or executing a '\n", " 'malicious task. '\n", " 'This may take the '\n", " 'form of sending a '\n", " 'series of packets '\n", " 'with certain '\n", " 'characteristics '\n", " 'before a port will '\n", " 'be opened that the '\n", " 'adversary can use '\n", " 'for command and '\n", " 'control. Usually '\n", " 'this series of '\n", " 'packets consists of '\n", " 'attempted '\n", " 'connections to a '\n", " 'predefined sequence '\n", " 'of closed ports '\n", " '(i.e. [Port '\n", " 'Knocking](https://attack.mitre.org/techniques/T1205/001)), '\n", " 'but can involve '\n", " 'unusual flags, '\n", " 'specific strings, '\n", " 'or other unique '\n", " 'characteristics. '\n", " 'After the sequence '\n", " 'is completed, '\n", " 'opening a port may '\n", " 'be accomplished by '\n", " 'the host-based '\n", " 'firewall, but could '\n", " 'also be implemented '\n", " 'by custom '\n", " 'software.\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'also communicate '\n", " 'with an already '\n", " 'open port, but the '\n", " 'service listening '\n", " 'on that port will '\n", " 'only respond to '\n", " 'commands or trigger '\n", " 'other malicious '\n", " 'functionality if '\n", " 'passed the '\n", " 'appropriate magic '\n", " 'value(s).\\n'\n", " '\\n'\n", " 'The observation of '\n", " 'the signal packets '\n", " 'to trigger the '\n", " 'communication can '\n", " 'be conducted '\n", " 'through different '\n", " 'methods. One means, '\n", " 'originally '\n", " 'implemented by '\n", " 'Cd00r (Citation: '\n", " 'Hartrell cd00r '\n", " '2002), is to use '\n", " 'the libpcap '\n", " 'libraries to sniff '\n", " 'for the packets in '\n", " 'question. Another '\n", " 'method leverages '\n", " 'raw sockets, which '\n", " 'enables the malware '\n", " 'to use ports that '\n", " 'are already open '\n", " 'for use by other '\n", " 'programs.\\n'\n", " '\\n'\n", " 'On network devices, '\n", " 'adversaries may use '\n", " 'crafted packets to '\n", " 'enable [Network '\n", " 'Device '\n", " 'Authentication](https://attack.mitre.org/techniques/T1556/004) '\n", " 'for standard '\n", " 'services offered by '\n", " 'the device such as '\n", " 'telnet. Such '\n", " 'signaling may also '\n", " 'be used to open a '\n", " 'closed service port '\n", " 'such as telnet, or '\n", " 'to trigger module '\n", " 'modification of '\n", " 'malware implants on '\n", " 'the device, adding, '\n", " 'removing, or '\n", " 'changing malicious '\n", " 'capabilities. '\n", " 'Adversaries may use '\n", " 'crafted packets to '\n", " 'attempt to connect '\n", " 'to one or more '\n", " '(open or closed) '\n", " 'ports, but may also '\n", " 'attempt to connect '\n", " 'to a router '\n", " 'interface, '\n", " 'broadcast, and '\n", " 'network address IP '\n", " 'on the same port in '\n", " 'order to achieve '\n", " 'their goals and '\n", " 'objectives.(Citation: '\n", " 'Cisco Synful Knock '\n", " 'Evolution)(Citation: '\n", " 'Mandiant - Synful '\n", " 'Knock)(Citation: '\n", " 'Cisco Blog Legacy '\n", " 'Device Attacks) To '\n", " 'enable this traffic '\n", " 'signaling on '\n", " 'embedded devices, '\n", " 'adversaries must '\n", " 'first achieve and '\n", " 'leverage [Patch '\n", " 'System '\n", " 'Image](https://attack.mitre.org/techniques/T1601/001) '\n", " 'due to the '\n", " 'monolithic nature '\n", " 'of the '\n", " 'architecture.\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'also use the '\n", " 'Wake-on-LAN feature '\n", " 'to turn on powered '\n", " 'off systems. '\n", " 'Wake-on-LAN is a '\n", " 'hardware feature '\n", " 'that allows a '\n", " 'powered down system '\n", " 'to be powered on, '\n", " 'or woken up, by '\n", " 'sending a magic '\n", " 'packet to it. Once '\n", " 'the system is '\n", " 'powered on, it may '\n", " 'become a target for '\n", " 'lateral '\n", " 'movement.(Citation: '\n", " 'Bleeping Computer - '\n", " 'Ryuk WoL)(Citation: '\n", " 'AMD Magic Packet)',\n", " 'distribution': '3',\n", " 'event_tag_id': '283',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5396',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1205'],\n", " 'kill_chain': ['mitre-attack:defense-evasion',\n", " 'mitre-attack:persistence',\n", " 'mitre-attack:command-and-control'],\n", " 'mitre_data_sources': ['Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Connection '\n", " 'Creation',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Flow',\n", " 'Process: '\n", " 'Process '\n", " 'Creation'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows',\n", " 'Network'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1205',\n", " 'https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices',\n", " 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n", " 'https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN',\n", " 'https://www.amd.com/system/files/TechDocs/20213.pdf',\n", " 'https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/',\n", " 'https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631',\n", " 'https://www.mandiant.com/resources/synful-knock-acis']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 24,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Traffic '\n", " 'Signaling - T1205\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '451a9977-d255-43c9-b431-66de80130c8c',\n", " 'value': 'Traffic Signaling - T1205',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '4842',\n", " 'galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'id': '674',\n", " 'referenced_galaxy_cluster_id': '6067',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': '799ace7f-e227-4411-baa0-8868704f2a69',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5058',\n", " 'galaxy_cluster_uuid': 'd3046a90-580c-4004-8208-66915bc29830',\n", " 'id': '827',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'revoked-by',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5645',\n", " 'galaxy_cluster_uuid': '987988f0-cf86-4680-a875-2f6456ab2448',\n", " 'id': '1304',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5789',\n", " 'galaxy_cluster_uuid': '20a2baeb-98c2-4901-bad7-dc62d0a03dea',\n", " 'id': '1856',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5801',\n", " 'galaxy_cluster_uuid': '609191bf-7d06-40e4-b1f8-9e11eb3ff8a6',\n", " 'id': '1928',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6782',\n", " 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n", " 'id': '3869',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6790',\n", " 'galaxy_cluster_uuid': 'f9d6633a-55e6-4adc-9263-6ae080421a13',\n", " 'id': '4168',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6841',\n", " 'galaxy_cluster_uuid': '18854f55-ac7c-4634-bd9a-352dd07613b7',\n", " 'id': '5562',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6876',\n", " 'galaxy_cluster_uuid': '222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f',\n", " 'id': '6381',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6913',\n", " 'galaxy_cluster_uuid': '35d1b3be-49d4-42f1-aaa6-ef159c880bca',\n", " 'id': '7335',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7027',\n", " 'galaxy_cluster_uuid': '40a1b8ec-7295-416c-a6b1-68181d86f120',\n", " 'id': '8788',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7262',\n", " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", " 'id': '11742',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14705',\n", " 'galaxy_cluster_uuid': 'ceb407f6-8277-439b-951f-e4210e3ed956',\n", " 'id': '22146',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15467',\n", " 'galaxy_cluster_uuid': 'f99276ad-d122-4989-a09a-d00904a5f9d2',\n", " 'id': '23003',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15520',\n", " 'galaxy_cluster_uuid': '602f5669-6927-4688-84db-0d4b7afb2150',\n", " 'id': '23074',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15620',\n", " 'galaxy_cluster_uuid': '26b692dc-1722-49b2-b496-a8258aa6371d',\n", " 'id': '23177',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15626',\n", " 'galaxy_cluster_uuid': 'bde47d4b-9987-405c-94c7-b080410e8ea7',\n", " 'id': '23192',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15646',\n", " 'galaxy_cluster_uuid': '70ad982f-67c8-40e0-a955-b920c2fa05cb',\n", " 'id': '23216',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '17301',\n", " 'galaxy_cluster_uuid': 'fdc88d25-96fb-4b7c-9633-c0e417fdbd4e',\n", " 'id': '25085',\n", " 'referenced_galaxy_cluster_id': '4842',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'In addition to '\n", " 'clearing system '\n", " 'logs, an adversary '\n", " 'may clear the '\n", " 'command history of '\n", " 'a compromised '\n", " 'account to conceal '\n", " 'the actions '\n", " 'undertaken during '\n", " 'an intrusion. '\n", " 'Various command '\n", " 'interpreters keep '\n", " 'track of the '\n", " 'commands users type '\n", " 'in their terminal '\n", " 'so that users can '\n", " 'retrace what '\n", " \"they've done.\\n\"\n", " '\\n'\n", " 'On Linux and macOS, '\n", " 'these command '\n", " 'histories can be '\n", " 'accessed in a few '\n", " 'different ways. '\n", " 'While logged in, '\n", " 'this command '\n", " 'history is tracked '\n", " 'in a file pointed '\n", " 'to by the '\n", " 'environment '\n", " 'variable '\n", " 'HISTFILE. '\n", " 'When a user logs '\n", " 'off a system, this '\n", " 'information is '\n", " 'flushed to a file '\n", " \"in the user's home \"\n", " 'directory called '\n", " '~/.bash_history. '\n", " 'The benefit of this '\n", " 'is that it allows '\n", " 'users to go back to '\n", " \"commands they've \"\n", " 'used before in '\n", " 'different '\n", " 'sessions.\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'delete their '\n", " 'commands from these '\n", " 'logs by manually '\n", " 'clearing the '\n", " 'history '\n", " '(history '\n", " '-c) or '\n", " 'deleting the bash '\n", " 'history file '\n", " 'rm '\n", " '~/.bash_history. \\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'also leverage a '\n", " '[Network Device '\n", " 'CLI](https://attack.mitre.org/techniques/T1059/008) '\n", " 'on network devices '\n", " 'to clear command '\n", " 'history data '\n", " '(clear '\n", " 'logging '\n", " 'and/or clear '\n", " 'history).(Citation: '\n", " 'US-CERT-TA18-106A)\\n'\n", " '\\n'\n", " 'On Windows hosts, '\n", " 'PowerShell has two '\n", " 'different command '\n", " 'history providers: '\n", " 'the built-in '\n", " 'history and the '\n", " 'command history '\n", " 'managed by the '\n", " 'PSReadLine '\n", " 'module. The '\n", " 'built-in history '\n", " 'only tracks the '\n", " 'commands used in '\n", " 'the current '\n", " 'session. This '\n", " 'command history is '\n", " 'not available to '\n", " 'other sessions and '\n", " 'is deleted when the '\n", " 'session ends.\\n'\n", " '\\n'\n", " 'The '\n", " 'PSReadLine '\n", " 'command history '\n", " 'tracks the commands '\n", " 'used in all '\n", " 'PowerShell sessions '\n", " 'and writes them to '\n", " 'a file '\n", " '($env:APPDATA\\\\Microsoft\\\\Windows\\\\PowerShell\\\\PSReadLine\\\\ConsoleHost_history.txt '\n", " 'by default). This '\n", " 'history file is '\n", " 'available to all '\n", " 'sessions and '\n", " 'contains all past '\n", " 'history since the '\n", " 'file is not deleted '\n", " 'when the session '\n", " 'ends.(Citation: '\n", " 'Microsoft '\n", " 'PowerShell Command '\n", " 'History)\\n'\n", " '\\n'\n", " 'Adversaries may run '\n", " 'the PowerShell '\n", " 'command '\n", " 'Clear-History '\n", " 'to flush the entire '\n", " 'command history '\n", " 'from a current '\n", " 'PowerShell session. '\n", " 'This, however, will '\n", " 'not delete/flush '\n", " 'the '\n", " 'ConsoleHost_history.txt '\n", " 'file. Adversaries '\n", " 'may also delete the '\n", " 'ConsoleHost_history.txt '\n", " 'file or edit its '\n", " 'contents to hide '\n", " 'PowerShell commands '\n", " 'they have '\n", " 'run.(Citation: '\n", " 'Sophos PowerShell '\n", " 'command '\n", " 'audit)(Citation: '\n", " 'Sophos PowerShell '\n", " 'Command History '\n", " 'Forensics)',\n", " 'distribution': '3',\n", " 'event_tag_id': '284',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '4842',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1070.003'],\n", " 'kill_chain': ['mitre-attack:defense-evasion'],\n", " 'mitre_data_sources': ['Command: '\n", " 'Command '\n", " 'Execution',\n", " 'File: '\n", " 'File '\n", " 'Deletion',\n", " 'File: '\n", " 'File '\n", " 'Modification',\n", " 'User '\n", " 'Account: '\n", " 'User '\n", " 'Account '\n", " 'Authentication'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows',\n", " 'Network'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1070/003',\n", " 'https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit',\n", " 'https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics',\n", " 'https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7',\n", " 'https://www.us-cert.gov/ncas/alerts/TA18-106A']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 25,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Clear '\n", " 'Command History - '\n", " 'T1070.003\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n", " 'value': 'Clear Command History - '\n", " 'T1070.003',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5528',\n", " 'galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'id': '1121',\n", " 'referenced_galaxy_cluster_id': '6067',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': '799ace7f-e227-4411-baa0-8868704f2a69',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5605',\n", " 'galaxy_cluster_uuid': '128c55d3-aeba-469f-bd3e-c8996ab4112a',\n", " 'id': '1192',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'revoked-by',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6782',\n", " 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n", " 'id': '3878',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6809',\n", " 'galaxy_cluster_uuid': '9538b1a4-4120-4e2d-bf59-3b11fcab05a4',\n", " 'id': '4563',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6817',\n", " 'galaxy_cluster_uuid': '247cb30b-955f-42eb-97a5-a89fef69341e',\n", " 'id': '4826',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6819',\n", " 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n", " 'id': '4980',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6849',\n", " 'galaxy_cluster_uuid': '44102191-3a31-45f8-acbe-34bdb441d5ad',\n", " 'id': '5726',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6857',\n", " 'galaxy_cluster_uuid': '00f67a77-86a4-4adf-be26-1a54fc713340',\n", " 'id': '5921',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6881',\n", " 'galaxy_cluster_uuid': '0ec2f388-bf0f-4b5c-97b1-fc736d26c25f',\n", " 'id': '6544',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6901',\n", " 'galaxy_cluster_uuid': '8c1f0187-0826-4320-bddc-5f326cfcfe2c',\n", " 'id': '7082',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6920',\n", " 'galaxy_cluster_uuid': 'd3afa961-a80c-4043-9509-282cdf69ab21',\n", " 'id': '7428',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6927',\n", " 'galaxy_cluster_uuid': '5a3a31fe-5a8f-48e1-bff0-a753e5b1be70',\n", " 'id': '7528',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6935',\n", " 'galaxy_cluster_uuid': '7bec698a-7e20-4fd3-bb6a-12787770fb1a',\n", " 'id': '7602',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6949',\n", " 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n", " 'id': '7825',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6970',\n", " 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n", " 'id': '8136',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6990',\n", " 'galaxy_cluster_uuid': 'b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29',\n", " 'id': '8332',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7010',\n", " 'galaxy_cluster_uuid': '94379dec-5c87-49db-b36e-66abc0b81344',\n", " 'id': '8536',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7020',\n", " 'galaxy_cluster_uuid': '8901ac23-6b50-410c-b0dd-d8174a86f9b3',\n", " 'id': '8704',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7023',\n", " 'galaxy_cluster_uuid': '5e595477-2e78-4ce7-ae42-e0b059b17808',\n", " 'id': '8734',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7033',\n", " 'galaxy_cluster_uuid': '7551188b-8f91-4d34-8350-0d0c57b2b913',\n", " 'id': '8904',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7053',\n", " 'galaxy_cluster_uuid': '01dbc71d-0ee8-420d-abb4-3dfb6a4bf725',\n", " 'id': '9143',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7060',\n", " 'galaxy_cluster_uuid': '47afe41c-4c08-485e-b062-c3bd209a1cce',\n", " 'id': '9230',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7062',\n", " 'galaxy_cluster_uuid': 'a60657fa-e2e7-4f8f-8128-a882534ae8c5',\n", " 'id': '9278',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7087',\n", " 'galaxy_cluster_uuid': '088f1d6e-0783-47c6-9923-9c79b2af43d4',\n", " 'id': '9493',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7093',\n", " 'galaxy_cluster_uuid': '0db09158-6e48-4e7c-8ce7-2b10b9c0c039',\n", " 'id': '9574',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7121',\n", " 'galaxy_cluster_uuid': 'fa766a65-5136-4ff3-8429-36d08eaa0100',\n", " 'id': '10014',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7139',\n", " 'galaxy_cluster_uuid': 'dfb5fa9b-3051-4b97-8035-08f80aef945b',\n", " 'id': '10204',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7151',\n", " 'galaxy_cluster_uuid': '3a0f6128-0a01-421d-8eca-e57d8671b1f1',\n", " 'id': '10317',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7167',\n", " 'galaxy_cluster_uuid': 'bdee9574-7479-4073-a7dc-e86d8acd073a',\n", " 'id': '10547',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7171',\n", " 'galaxy_cluster_uuid': 'fece06b7-d4b1-42cf-b81a-5323c917546e',\n", " 'id': '10599',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7231',\n", " 'galaxy_cluster_uuid': 'af2ad3b7-ab6a-4807-91fd-51bcaff9acbb',\n", " 'id': '11340',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7260',\n", " 'galaxy_cluster_uuid': '0b32ec39-ba61-4864-9ebe-b4b0b73caf9a',\n", " 'id': '11727',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7262',\n", " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", " 'id': '11745',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7287',\n", " 'galaxy_cluster_uuid': '0998045d-f96e-4284-95ce-3c8219707486',\n", " 'id': '12071',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7292',\n", " 'galaxy_cluster_uuid': 'df350889-4de9-44e5-8cb3-888b8343e97c',\n", " 'id': '12113',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7305',\n", " 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n", " 'id': '12281',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7356',\n", " 'galaxy_cluster_uuid': '1f6e3702-7ca1-4582-b2e7-4591297d05a8',\n", " 'id': '12922',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7427',\n", " 'galaxy_cluster_uuid': 'dcac85c1-6485-4790-84f6-de5e6f6b91dd',\n", " 'id': '13854',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7445',\n", " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", " 'id': '14120',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7477',\n", " 'galaxy_cluster_uuid': '5dd649c0-bca4-488b-bd85-b180474ec62e',\n", " 'id': '14685',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7540',\n", " 'galaxy_cluster_uuid': '7f4bbe05-1674-4087-8a16-8f1ad61b6152',\n", " 'id': '15712',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7542',\n", " 'galaxy_cluster_uuid': '7cdfccda-2950-4167-981a-60872ff5d0db',\n", " 'id': '15759',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7555',\n", " 'galaxy_cluster_uuid': 'efa7c4d6-8e30-41d9-a8fd-26dc337f4a1b',\n", " 'id': '15936',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7943',\n", " 'galaxy_cluster_uuid': '3433a9e8-1c47-4320-b9bf-ed449061d1c3',\n", " 'id': '16867',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14868',\n", " 'galaxy_cluster_uuid': 'faa031b5-21ed-4e02-8881-2591f98d82ed',\n", " 'id': '22336',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15576',\n", " 'galaxy_cluster_uuid': 'c6438007-e081-42ce-9483-b067fbef33c3',\n", " 'id': '23134',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15891',\n", " 'galaxy_cluster_uuid': '558eebe5-f2ba-4104-b339-36f7902bcc1a',\n", " 'id': '23480',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '17212',\n", " 'galaxy_cluster_uuid': '88c0f9d8-30a8-4120-bb6b-ebb54abcf2a0',\n", " 'id': '24993',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '17264',\n", " 'galaxy_cluster_uuid': 'b3cec4e7-6901-4b0d-a02d-8ab2d8eb818b',\n", " 'id': '25049',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '17375',\n", " 'galaxy_cluster_uuid': '31545105-3444-4584-bebf-c466353230d2',\n", " 'id': '25155',\n", " 'referenced_galaxy_cluster_id': '5528',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'modify file time '\n", " 'attributes to hide '\n", " 'new or changes to '\n", " 'existing files. '\n", " 'Timestomping is a '\n", " 'technique that '\n", " 'modifies the '\n", " 'timestamps of a '\n", " 'file (the modify, '\n", " 'access, create, and '\n", " 'change times), '\n", " 'often to mimic '\n", " 'files that are in '\n", " 'the same folder. '\n", " 'This is done, for '\n", " 'example, on files '\n", " 'that have been '\n", " 'modified or created '\n", " 'by the adversary so '\n", " 'that they do not '\n", " 'appear conspicuous '\n", " 'to forensic '\n", " 'investigators or '\n", " 'file analysis '\n", " 'tools.\\n'\n", " '\\n'\n", " 'Timestomping may be '\n", " 'used along with '\n", " 'file name '\n", " '[Masquerading](https://attack.mitre.org/techniques/T1036) '\n", " 'to hide malware and '\n", " 'tools.(Citation: '\n", " 'WindowsIR '\n", " 'Anti-Forensic '\n", " 'Techniques)',\n", " 'distribution': '3',\n", " 'event_tag_id': '285',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5528',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1070.006'],\n", " 'kill_chain': ['mitre-attack:defense-evasion'],\n", " 'mitre_data_sources': ['File: '\n", " 'File '\n", " 'Metadata',\n", " 'File: '\n", " 'File '\n", " 'Modification'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows'],\n", " 'refs': ['http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html',\n", " 'https://attack.mitre.org/techniques/T1070/006']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 26,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Timestomp '\n", " '- T1070.006\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n", " 'value': 'Timestomp - T1070.006',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5271',\n", " 'galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'id': '979',\n", " 'referenced_galaxy_cluster_id': '5501',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': 'b8902400-e6c5-4ba2-95aa-2d35b442b118',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5763',\n", " 'galaxy_cluster_uuid': '12241367-a8b7-49b4-b86e-2236901ba50c',\n", " 'id': '1488',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6769',\n", " 'galaxy_cluster_uuid': '93f52415-0fe4-4d3d-896c-fc9b8e88ab90',\n", " 'id': '3482',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6782',\n", " 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n", " 'id': '3860',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6787',\n", " 'galaxy_cluster_uuid': '894aab42-3371-47b1-8859-a4a074c804c8',\n", " 'id': '4070',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6802',\n", " 'galaxy_cluster_uuid': '420ac20b-f2b9-42b8-aa1a-6d4b72895ca4',\n", " 'id': '4415',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6815',\n", " 'galaxy_cluster_uuid': 'ead23196-d7b6-4ce6-a124-4ab4b67d81bd',\n", " 'id': '4679',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6819',\n", " 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n", " 'id': '4960',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6835',\n", " 'galaxy_cluster_uuid': '9e729a7e-0dd6-4097-95bf-db8d64911383',\n", " 'id': '5430',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6862',\n", " 'galaxy_cluster_uuid': 'fbd29c89-18ba-4c2d-b792-51c0adee049f',\n", " 'id': '5985',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6891',\n", " 'galaxy_cluster_uuid': '269e8108-68c6-4f99-b911-14b2e765dec2',\n", " 'id': '6852',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6908',\n", " 'galaxy_cluster_uuid': '54dfec3e-6464-4f74-9d69-b7c817b7e5a3',\n", " 'id': '7225',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6909',\n", " 'galaxy_cluster_uuid': '4283ae19-69c7-4347-a35e-b56f08eb660b',\n", " 'id': '7251',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6918',\n", " 'galaxy_cluster_uuid': '8787e86d-8475-4f13-acea-d33eb83b6105',\n", " 'id': '7409',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6920',\n", " 'galaxy_cluster_uuid': 'd3afa961-a80c-4043-9509-282cdf69ab21',\n", " 'id': '7423',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6926',\n", " 'galaxy_cluster_uuid': '88c621a7-aef9-4ae0-94e3-1fc87123eb24',\n", " 'id': '7507',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6935',\n", " 'galaxy_cluster_uuid': '7bec698a-7e20-4fd3-bb6a-12787770fb1a',\n", " 'id': '7601',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6937',\n", " 'galaxy_cluster_uuid': '8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc',\n", " 'id': '7614',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6949',\n", " 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n", " 'id': '7813',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6951',\n", " 'galaxy_cluster_uuid': '3bc7e862-5610-4c02-9c48-15b2e2dc1ddb',\n", " 'id': '7892',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6962',\n", " 'galaxy_cluster_uuid': 'b879758f-bbc4-4cab-b5ba-177ac9b009b4',\n", " 'id': '8018',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6976',\n", " 'galaxy_cluster_uuid': '5967cc93-57c9-404a-8ffd-097edfa7bdfc',\n", " 'id': '8193',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6994',\n", " 'galaxy_cluster_uuid': '7f8730af-f683-423f-9ee1-5f6875a80481',\n", " 'id': '8378',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6995',\n", " 'galaxy_cluster_uuid': '251fbae2-78f6-4de7-84f6-194c727a64ad',\n", " 'id': '8384',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6996',\n", " 'galaxy_cluster_uuid': 'e170995d-4f61-4f17-b60e-04f9a06ee517',\n", " 'id': '8388',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6998',\n", " 'galaxy_cluster_uuid': '72f54d66-675d-4587-9bd3-4ed09f9522e4',\n", " 'id': '8400',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6999',\n", " 'galaxy_cluster_uuid': 'ad4f146f-e3ec-444a-ba71-24bffd7f0f8e',\n", " 'id': '8414',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7002',\n", " 'galaxy_cluster_uuid': '2eb9b131-d333-4a48-9eb4-d8dec46c19ee',\n", " 'id': '8439',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7006',\n", " 'galaxy_cluster_uuid': '95047f03-4811-4300-922e-1ba937d53a61',\n", " 'id': '8484',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7008',\n", " 'galaxy_cluster_uuid': 'b143dfa4-e944-43ff-8429-bfffc308c517',\n", " 'id': '8506',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7010',\n", " 'galaxy_cluster_uuid': '94379dec-5c87-49db-b36e-66abc0b81344',\n", " 'id': '8534',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7012',\n", " 'galaxy_cluster_uuid': 'b42378e0-f147-496f-992a-26a49705395b',\n", " 'id': '8574',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7017',\n", " 'galaxy_cluster_uuid': '64fa0de0-6240-41f4-8638-f4ca7ed528fd',\n", " 'id': '8640',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7025',\n", " 'galaxy_cluster_uuid': '8393dac0-0583-456a-9372-fd81691bca20',\n", " 'id': '8761',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7028',\n", " 'galaxy_cluster_uuid': '3be1fb7a-0f7e-415e-8e3a-74a80d596e68',\n", " 'id': '8814',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7029',\n", " 'galaxy_cluster_uuid': 'df4cd566-ff2f-4d08-976d-8c86e95782de',\n", " 'id': '8846',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7031',\n", " 'galaxy_cluster_uuid': 'eff1a885-6f90-42a1-901f-eef6e7a1905e',\n", " 'id': '8875',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7033',\n", " 'galaxy_cluster_uuid': '7551188b-8f91-4d34-8350-0d0c57b2b913',\n", " 'id': '8898',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7035',\n", " 'galaxy_cluster_uuid': '495b6cdb-7b5a-4fbc-8d33-e7ef68806d08',\n", " 'id': '8928',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7036',\n", " 'galaxy_cluster_uuid': '6b62e336-176f-417b-856a-8552dd8c44e1',\n", " 'id': '8949',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7038',\n", " 'galaxy_cluster_uuid': '5bcd5511-6756-4824-a692-e8bb109364af',\n", " 'id': '8983',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7041',\n", " 'galaxy_cluster_uuid': 'ccd61dfc-b03f-4689-8c18-7c97eab08472',\n", " 'id': '9001',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7043',\n", " 'galaxy_cluster_uuid': '73a4793a-ce55-4159-b2a6-208ef29b326f',\n", " 'id': '9023',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7044',\n", " 'galaxy_cluster_uuid': '4ab44516-ad75-4e43-a280-705dc0420e2f',\n", " 'id': '9044',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7053',\n", " 'galaxy_cluster_uuid': '01dbc71d-0ee8-420d-abb4-3dfb6a4bf725',\n", " 'id': '9137',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7060',\n", " 'galaxy_cluster_uuid': '47afe41c-4c08-485e-b062-c3bd209a1cce',\n", " 'id': '9215',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7067',\n", " 'galaxy_cluster_uuid': '0f862b01-99da-47cc-9bdb-db4a86a95bb1',\n", " 'id': '9312',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7075',\n", " 'galaxy_cluster_uuid': '53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2',\n", " 'id': '9351',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7079',\n", " 'galaxy_cluster_uuid': '67e6d66b-1b82-4699-b47a-e2efb6268d14',\n", " 'id': '9397',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7086',\n", " 'galaxy_cluster_uuid': '22b17791-45bf-45c0-9322-ff1a0af5cf2b',\n", " 'id': '9460',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7087',\n", " 'galaxy_cluster_uuid': '088f1d6e-0783-47c6-9923-9c79b2af43d4',\n", " 'id': '9482',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7088',\n", " 'galaxy_cluster_uuid': '2daa14d6-cbf3-4308-bb8e-213c324a08e4',\n", " 'id': '9518',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7092',\n", " 'galaxy_cluster_uuid': '68dca94f-c11d-421e-9287-7c501108e18c',\n", " 'id': '9550',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7098',\n", " 'galaxy_cluster_uuid': 'fb575479-14ef-41e9-bfab-0b7cf10bec73',\n", " 'id': '9636',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7110',\n", " 'galaxy_cluster_uuid': '96b08451-b27a-4ff6-893f-790e26393a8e',\n", " 'id': '9804',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7114',\n", " 'galaxy_cluster_uuid': '35cd1d01-1ede-44d2-b073-a264d727bc04',\n", " 'id': '9856',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7120',\n", " 'galaxy_cluster_uuid': 'edc5e045-5401-42bb-ad92-52b5b2ee0de9',\n", " 'id': '9951',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7128',\n", " 'galaxy_cluster_uuid': 'fde19a18-e502-467f-be14-58c71b4e7f4b',\n", " 'id': '10109',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7130',\n", " 'galaxy_cluster_uuid': 'bb3c1098-d654-4620-bf40-694386d28921',\n", " 'id': '10148',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7135',\n", " 'galaxy_cluster_uuid': 'e8268361-a599-4e45-bd3f-71c8c7e700c0',\n", " 'id': '10190',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7138',\n", " 'galaxy_cluster_uuid': 'cb7bcf6f-085f-41db-81ee-4b68481661b5',\n", " 'id': '10200',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7143',\n", " 'galaxy_cluster_uuid': 'f8dfbc54-b070-4224-b560-79aaa5f835bd',\n", " 'id': '10256',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7151',\n", " 'galaxy_cluster_uuid': '3a0f6128-0a01-421d-8eca-e57d8671b1f1',\n", " 'id': '10312',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7152',\n", " 'galaxy_cluster_uuid': '37cc7eb6-12e3-467b-82e8-f20f2cc73c69',\n", " 'id': '10333',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7168',\n", " 'galaxy_cluster_uuid': '196f1f32-e0c2-4d46-99cd-234d4b6befe1',\n", " 'id': '10564',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7171',\n", " 'galaxy_cluster_uuid': 'fece06b7-d4b1-42cf-b81a-5323c917546e',\n", " 'id': '10596',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7177',\n", " 'galaxy_cluster_uuid': 'dd889a55-fb2c-4ec7-8e9f-c399939a49e1',\n", " 'id': '10639',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7196',\n", " 'galaxy_cluster_uuid': '54a01db0-9fab-4d5f-8209-53cef8425f4a',\n", " 'id': '10847',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7203',\n", " 'galaxy_cluster_uuid': 'f108215f-3487-489d-be8b-80e346d32518',\n", " 'id': '10977',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7205',\n", " 'galaxy_cluster_uuid': '6fb36c6f-bb3d-4ed6-9471-cb9933e5c154',\n", " 'id': '11009',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7206',\n", " 'galaxy_cluster_uuid': '64d76fa5-cf8f-469c-b78c-1a4f7c5bad80',\n", " 'id': '11020',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7207',\n", " 'galaxy_cluster_uuid': '11e36d5b-6a92-4bf9-8eb7-85eb24f59e22',\n", " 'id': '11036',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7210',\n", " 'galaxy_cluster_uuid': 'e9595678-d269-469e-ae6b-75e49259de63',\n", " 'id': '11070',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7218',\n", " 'galaxy_cluster_uuid': 'aad11e34-02ca-4220-91cd-2ed420af4db3',\n", " 'id': '11158',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7219',\n", " 'galaxy_cluster_uuid': '08d20cd2-f084-45ee-8558-fa6ef5a18519',\n", " 'id': '11175',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7221',\n", " 'galaxy_cluster_uuid': 'fb78294a-7d7a-4d38-8ad0-92e67fddc9f0',\n", " 'id': '11194',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7230',\n", " 'galaxy_cluster_uuid': '17b40f60-729f-4fe8-8aea-cc9ee44a95d5',\n", " 'id': '11315',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7235',\n", " 'galaxy_cluster_uuid': '60c18d06-7b91-4742-bae3-647845cd9d81',\n", " 'id': '11398',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7237',\n", " 'galaxy_cluster_uuid': 'e85cae1a-bce3-4ac4-b36b-b00acac0567b',\n", " 'id': '11409',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7241',\n", " 'galaxy_cluster_uuid': '432555de-63bf-4f2a-a3fa-f720a4561078',\n", " 'id': '11441',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7244',\n", " 'galaxy_cluster_uuid': '04378e79-4387-468a-a8f7-f974b8254e44',\n", " 'id': '11479',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7247',\n", " 'galaxy_cluster_uuid': 'dc5d1a33-62aa-4a0c-aa8c-589b87beb11e',\n", " 'id': '11542',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7254',\n", " 'galaxy_cluster_uuid': '3a4197ae-ec63-4162-907b-9a073d1157e4',\n", " 'id': '11653',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7262',\n", " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", " 'id': '11740',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7269',\n", " 'galaxy_cluster_uuid': '92ec0cbd-2c30-44a2-b270-73f4ec949841',\n", " 'id': '11840',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7272',\n", " 'galaxy_cluster_uuid': '9ea525fa-b0a9-4dde-84f2-bcea0137b3c1',\n", " 'id': '11881',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7278',\n", " 'galaxy_cluster_uuid': '425771c5-48b4-4ecd-9f95-74ed3fc9da59',\n", " 'id': '11975',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7291',\n", " 'galaxy_cluster_uuid': '3240cbe4-c550-443b-aa76-cc2a7058b870',\n", " 'id': '12097',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7292',\n", " 'galaxy_cluster_uuid': 'df350889-4de9-44e5-8cb3-888b8343e97c',\n", " 'id': '12107',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7296',\n", " 'galaxy_cluster_uuid': '72911fe3-f085-40f7-b4f2-f25a4221fe44',\n", " 'id': '12173',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7305',\n", " 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n", " 'id': '12277',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7311',\n", " 'galaxy_cluster_uuid': 'b6b3dfc7-9a81-43ff-ac04-698bad48973a',\n", " 'id': '12365',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7315',\n", " 'galaxy_cluster_uuid': '2a70812b-f1ef-44db-8578-a496a227aef2',\n", " 'id': '12392',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7326',\n", " 'galaxy_cluster_uuid': 'd1183cb9-258e-4f2f-8415-50ac8252c49e',\n", " 'id': '12553',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7334',\n", " 'galaxy_cluster_uuid': '835a79f1-842d-472d-b8f4-d54b545c341b',\n", " 'id': '12626',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7337',\n", " 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n", " 'id': '12667',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7342',\n", " 'galaxy_cluster_uuid': '54a73038-1937-4d71-a253-316e76d5413c',\n", " 'id': '12712',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7344',\n", " 'galaxy_cluster_uuid': 'c9b99d03-ff11-4a48-95f0-82660d582c25',\n", " 'id': '12750',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7359',\n", " 'galaxy_cluster_uuid': 'f4c80d39-ce10-4f74-9b50-a7e3f5df1f2e',\n", " 'id': '12951',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7361',\n", " 'galaxy_cluster_uuid': '9dbdadb6-fdbf-490f-a35f-38762d06a0d2',\n", " 'id': '12977',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7362',\n", " 'galaxy_cluster_uuid': '21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b',\n", " 'id': '12986',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7372',\n", " 'galaxy_cluster_uuid': '8be7c69e-d8e3-4970-9668-61de08e508cc',\n", " 'id': '13090',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7375',\n", " 'galaxy_cluster_uuid': 'bfd2738c-8b43-43c3-bc9f-d523c8e88bf4',\n", " 'id': '13160',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7385',\n", " 'galaxy_cluster_uuid': '92b55426-109f-4d93-899f-1833ce91ff90',\n", " 'id': '13314',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7387',\n", " 'galaxy_cluster_uuid': 'fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa',\n", " 'id': '13340',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7389',\n", " 'galaxy_cluster_uuid': 'c9ccc4df-1f56-49e7-ad57-b383e1451688',\n", " 'id': '13368',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7397',\n", " 'galaxy_cluster_uuid': '00806466-754d-44ea-ad6f-0caf59cb8556',\n", " 'id': '13447',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7401',\n", " 'galaxy_cluster_uuid': '94d6d788-07bb-4dcc-b62f-e02626b00108',\n", " 'id': '13543',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7406',\n", " 'galaxy_cluster_uuid': '65ffc206-d7c1-45b3-b543-f6b726e7840d',\n", " 'id': '13577',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7408',\n", " 'galaxy_cluster_uuid': '29231689-5837-4a7a-aafc-1b65b3f50cc7',\n", " 'id': '13628',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7418',\n", " 'galaxy_cluster_uuid': '44c75271-0e4d-496f-ae0a-a6d883a42a65',\n", " 'id': '13713',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7422',\n", " 'galaxy_cluster_uuid': 'b4d80f8b-d2b9-4448-8844-4bef777ed676',\n", " 'id': '13778',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7429',\n", " 'galaxy_cluster_uuid': 'f9b05f33-d45d-4e4d-aafe-c208d38a0080',\n", " 'id': '13869',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7430',\n", " 'galaxy_cluster_uuid': 'b57f419e-8b12-49d3-886b-145383725dcd',\n", " 'id': '13884',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7431',\n", " 'galaxy_cluster_uuid': '99fdf3b4-96ef-4ab9-b191-fc683441cad0',\n", " 'id': '13905',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7437',\n", " 'galaxy_cluster_uuid': '76ac7989-c5cc-42e2-93e3-d6c476f01ace',\n", " 'id': '14019',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7445',\n", " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", " 'id': '14111',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7447',\n", " 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n", " 'id': '14158',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7449',\n", " 'galaxy_cluster_uuid': 'fc774af4-533b-4724-96d2-ac1026316794',\n", " 'id': '14185',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7450',\n", " 'galaxy_cluster_uuid': '4b6ec280-7bbb-48ff-ae59-b189520ebe83',\n", " 'id': '14200',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7453',\n", " 'galaxy_cluster_uuid': '21583311-6321-4891-8a37-3eb4e57b0fb1',\n", " 'id': '14252',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7455',\n", " 'galaxy_cluster_uuid': '86b92f6c-9c05-4c51-b361-4c7bb13e21a1',\n", " 'id': '14287',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7456',\n", " 'galaxy_cluster_uuid': '2cf7dec3-66fc-423f-b2c7-58f1de243b4e',\n", " 'id': '14317',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7462',\n", " 'galaxy_cluster_uuid': '6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb',\n", " 'id': '14409',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7465',\n", " 'galaxy_cluster_uuid': 'c009560a-f097-45a3-8f9f-78ec1440a783',\n", " 'id': '14456',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7476',\n", " 'galaxy_cluster_uuid': 'd6b3fcd0-1c86-4350-96f0-965ed02fcc51',\n", " 'id': '14665',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7495',\n", " 'galaxy_cluster_uuid': '81c57a96-fc8c-4f91-af8e-63e24c2927c2',\n", " 'id': '14958',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7499',\n", " 'galaxy_cluster_uuid': '805480f1-6caa-4a67-8ca9-b2b39650d986',\n", " 'id': '15021',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7506',\n", " 'galaxy_cluster_uuid': '4b346d12-7f91-48d2-8f06-b26ffa0d825b',\n", " 'id': '15161',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7510',\n", " 'galaxy_cluster_uuid': 'a545456a-f9a7-47ad-9ea6-8b017def38d1',\n", " 'id': '15210',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7512',\n", " 'galaxy_cluster_uuid': '7acb15b6-fe2c-4319-b136-6ab36ff0b2d4',\n", " 'id': '15240',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7516',\n", " 'galaxy_cluster_uuid': '4c6d62c2-89f5-4159-8fab-0190b1f9d328',\n", " 'id': '15338',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7519',\n", " 'galaxy_cluster_uuid': '7e0f8b0f-716e-494d-827e-310bd6ed709e',\n", " 'id': '15374',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7534',\n", " 'galaxy_cluster_uuid': 'a8839c95-029f-44cf-8f3d-a3cf2039e927',\n", " 'id': '15592',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7540',\n", " 'galaxy_cluster_uuid': '7f4bbe05-1674-4087-8a16-8f1ad61b6152',\n", " 'id': '15710',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7541',\n", " 'galaxy_cluster_uuid': 'e14085cb-0e8d-4be6-92ba-e3b93ee5978f',\n", " 'id': '15729',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7545',\n", " 'galaxy_cluster_uuid': '6a21e3a4-5ffe-4581-af9a-6a54c7536f44',\n", " 'id': '15794',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7561',\n", " 'galaxy_cluster_uuid': '0715560d-4299-4e84-9e20-6e80ab57e4f2',\n", " 'id': '16038',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7935',\n", " 'galaxy_cluster_uuid': 'da04ac30-27da-4959-a67d-450ce47d9470',\n", " 'id': '16714',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7944',\n", " 'galaxy_cluster_uuid': '11f8d7eb-1927-4806-9267-3a11d4d4d6be',\n", " 'id': '16921',\n", " 'referenced_galaxy_cluster_id': '5271',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'employ a known '\n", " 'symmetric '\n", " 'encryption '\n", " 'algorithm to '\n", " 'conceal command and '\n", " 'control traffic '\n", " 'rather than relying '\n", " 'on any inherent '\n", " 'protections '\n", " 'provided by a '\n", " 'communication '\n", " 'protocol. Symmetric '\n", " 'encryption '\n", " 'algorithms use the '\n", " 'same key for '\n", " 'plaintext '\n", " 'encryption and '\n", " 'ciphertext '\n", " 'decryption. Common '\n", " 'symmetric '\n", " 'encryption '\n", " 'algorithms include '\n", " 'AES, DES, 3DES, '\n", " 'Blowfish, and RC4.',\n", " 'distribution': '3',\n", " 'event_tag_id': '286',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5271',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1573.001'],\n", " 'kill_chain': ['mitre-attack:command-and-control'],\n", " 'mitre_data_sources': ['Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content'],\n", " 'mitre_platforms': ['Linux',\n", " 'Windows',\n", " 'macOS'],\n", " 'refs': ['https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf',\n", " 'https://attack.mitre.org/techniques/T1573/001']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 27,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Symmetric '\n", " 'Cryptography - '\n", " 'T1573.001\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n", " 'value': 'Symmetric Cryptography - '\n", " 'T1573.001',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5291',\n", " 'galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'id': '999',\n", " 'referenced_galaxy_cluster_id': '5501',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': 'b8902400-e6c5-4ba2-95aa-2d35b442b118',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5763',\n", " 'galaxy_cluster_uuid': '12241367-a8b7-49b4-b86e-2236901ba50c',\n", " 'id': '1518',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5856',\n", " 'galaxy_cluster_uuid': '7bb5fae9-53ad-4424-866b-f0ea2a8b731d',\n", " 'id': '1987',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6771',\n", " 'galaxy_cluster_uuid': 'dc6fe6ee-04c2-49be-ba3d-f38d2463c02a',\n", " 'id': '3566',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6780',\n", " 'galaxy_cluster_uuid': '56319646-eb6e-41fc-ae53-aadfa7adb924',\n", " 'id': '3807',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6848',\n", " 'galaxy_cluster_uuid': 'fd19bd82-1b14-49a1-a176-6cdc46b8a826',\n", " 'id': '5703',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6868',\n", " 'galaxy_cluster_uuid': '2a7914cf-dff3-428d-ab0f-1014d1c28aeb',\n", " 'id': '6194',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6882',\n", " 'galaxy_cluster_uuid': '4ca1929c-7d64-4aab-b849-badbfc0c760d',\n", " 'id': '6668',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6948',\n", " 'galaxy_cluster_uuid': 'ff41b9b6-4c1d-407b-a7e2-835109c8dbc5',\n", " 'id': '7796',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6949',\n", " 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n", " 'id': '7851',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6951',\n", " 'galaxy_cluster_uuid': '3bc7e862-5610-4c02-9c48-15b2e2dc1ddb',\n", " 'id': '7909',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6966',\n", " 'galaxy_cluster_uuid': '56e6b6c2-e573-4969-8bab-783205cebbbf',\n", " 'id': '8094',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6970',\n", " 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n", " 'id': '8147',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6976',\n", " 'galaxy_cluster_uuid': '5967cc93-57c9-404a-8ffd-097edfa7bdfc',\n", " 'id': '8197',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6988',\n", " 'galaxy_cluster_uuid': '82cb34ba-02b5-432b-b2d2-07f55cbf674d',\n", " 'id': '8310',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7003',\n", " 'galaxy_cluster_uuid': '4f1c389e-a80e-4a3e-9b0e-9be8c91df64f',\n", " 'id': '8462',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7023',\n", " 'galaxy_cluster_uuid': '5e595477-2e78-4ce7-ae42-e0b059b17808',\n", " 'id': '8739',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7030',\n", " 'galaxy_cluster_uuid': 'b8eb28e4-48a6-40ae-951a-328714f75eda',\n", " 'id': '8864',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7034',\n", " 'galaxy_cluster_uuid': '6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9',\n", " 'id': '8922',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7035',\n", " 'galaxy_cluster_uuid': '495b6cdb-7b5a-4fbc-8d33-e7ef68806d08',\n", " 'id': '8942',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7040',\n", " 'galaxy_cluster_uuid': '0f1ad2ef-41d4-4b7a-9304-ddae68ea3005',\n", " 'id': '8993',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7041',\n", " 'galaxy_cluster_uuid': 'ccd61dfc-b03f-4689-8c18-7c97eab08472',\n", " 'id': '9010',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7098',\n", " 'galaxy_cluster_uuid': 'fb575479-14ef-41e9-bfab-0b7cf10bec73',\n", " 'id': '9650',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7114',\n", " 'galaxy_cluster_uuid': '35cd1d01-1ede-44d2-b073-a264d727bc04',\n", " 'id': '9879',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7162',\n", " 'galaxy_cluster_uuid': '6c575670-d14c-4c7f-9b9d-fd1b363e255d',\n", " 'id': '10461',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7170',\n", " 'galaxy_cluster_uuid': '7343e208-7cab-45f2-a47b-41ba5e2f0fab',\n", " 'id': '10591',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7199',\n", " 'galaxy_cluster_uuid': 'a4f57468-fbd5-49e4-8476-52088220b92d',\n", " 'id': '10924',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7200',\n", " 'galaxy_cluster_uuid': 'da5880b4-f7da-4869-85f2-e0aba84b8565',\n", " 'id': '10948',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7229',\n", " 'galaxy_cluster_uuid': '958b5d06-8bb0-4c5b-a2e7-0130fe654ac7',\n", " 'id': '11303',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7254',\n", " 'galaxy_cluster_uuid': '3a4197ae-ec63-4162-907b-9a073d1157e4',\n", " 'id': '11660',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7262',\n", " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", " 'id': '11754',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7273',\n", " 'galaxy_cluster_uuid': '20945359-3b39-4542-85ef-08ecb4e1c174',\n", " 'id': '11915',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7277',\n", " 'galaxy_cluster_uuid': '959f3b19-2dc8-48d5-8942-c66813a5101a',\n", " 'id': '11967',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7278',\n", " 'galaxy_cluster_uuid': '425771c5-48b4-4ecd-9f95-74ed3fc9da59',\n", " 'id': '11987',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7305',\n", " 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n", " 'id': '12286',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7319',\n", " 'galaxy_cluster_uuid': 'e8545794-b98c-492b-a5b3-4b5a02682e37',\n", " 'id': '12463',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7337',\n", " 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n", " 'id': '12676',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7344',\n", " 'galaxy_cluster_uuid': 'c9b99d03-ff11-4a48-95f0-82660d582c25',\n", " 'id': '12762',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7353',\n", " 'galaxy_cluster_uuid': 'aae22730-e571-4d17-b037-65f2a3e26213',\n", " 'id': '12889',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7373',\n", " 'galaxy_cluster_uuid': 'cc5497f7-a9e8-436f-94da-b2b4a9b9ad3c',\n", " 'id': '13123',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7379',\n", " 'galaxy_cluster_uuid': '77ca1aa3-280c-4b67-abaa-e8fb891a8f83',\n", " 'id': '13207',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7401',\n", " 'galaxy_cluster_uuid': '94d6d788-07bb-4dcc-b62f-e02626b00108',\n", " 'id': '13550',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7420',\n", " 'galaxy_cluster_uuid': 'b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f',\n", " 'id': '13753',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7431',\n", " 'galaxy_cluster_uuid': '99fdf3b4-96ef-4ab9-b191-fc683441cad0',\n", " 'id': '13932',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7445',\n", " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", " 'id': '14131',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7446',\n", " 'galaxy_cluster_uuid': '5147ef15-1cae-4707-8ea1-bee8d98b7f1d',\n", " 'id': '14151',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7447',\n", " 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n", " 'id': '14166',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7463',\n", " 'galaxy_cluster_uuid': '75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661',\n", " 'id': '14439',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7466',\n", " 'galaxy_cluster_uuid': '63686509-069b-4143-99ea-4e59cad6cb2a',\n", " 'id': '14502',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7467',\n", " 'galaxy_cluster_uuid': '32066e94-3112-48ca-b9eb-ba2b59d2f023',\n", " 'id': '14534',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7495',\n", " 'galaxy_cluster_uuid': '81c57a96-fc8c-4f91-af8e-63e24c2927c2',\n", " 'id': '14981',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7521',\n", " 'galaxy_cluster_uuid': 'ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5',\n", " 'id': '15425',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7549',\n", " 'galaxy_cluster_uuid': 'd18cb958-f4ad-4fb3-bb4f-e8994d206550',\n", " 'id': '15851',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7552',\n", " 'galaxy_cluster_uuid': '5c747acd-47f0-4c5a-b9e5-213541fc01e0',\n", " 'id': '15882',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7558',\n", " 'galaxy_cluster_uuid': '2a7c1bb7-cd12-456e-810d-ab3bf8457bab',\n", " 'id': '15986',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7900',\n", " 'galaxy_cluster_uuid': 'c8655260-9f4b-44e3-85e1-6538a5f6e4f4',\n", " 'id': '16508',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7920',\n", " 'galaxy_cluster_uuid': 'cb69b20d-56d0-41ab-8440-4a4b251614d4',\n", " 'id': '16638',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7923',\n", " 'galaxy_cluster_uuid': 'ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68',\n", " 'id': '16654',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7943',\n", " 'galaxy_cluster_uuid': '3433a9e8-1c47-4320-b9bf-ed449061d1c3',\n", " 'id': '16901',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7944',\n", " 'galaxy_cluster_uuid': '11f8d7eb-1927-4806-9267-3a11d4d4d6be',\n", " 'id': '16928',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7958',\n", " 'galaxy_cluster_uuid': 'd505fc8b-2e64-46eb-96d6-9ef7ffca5b66',\n", " 'id': '17066',\n", " 'referenced_galaxy_cluster_id': '5291',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'employ a known '\n", " 'asymmetric '\n", " 'encryption '\n", " 'algorithm to '\n", " 'conceal command and '\n", " 'control traffic '\n", " 'rather than relying '\n", " 'on any inherent '\n", " 'protections '\n", " 'provided by a '\n", " 'communication '\n", " 'protocol. '\n", " 'Asymmetric '\n", " 'cryptography, also '\n", " 'known as public key '\n", " 'cryptography, uses '\n", " 'a keypair per '\n", " 'party: one public '\n", " 'that can be freely '\n", " 'distributed, and '\n", " 'one private. Due to '\n", " 'how the keys are '\n", " 'generated, the '\n", " 'sender encrypts '\n", " 'data with the '\n", " 'receiver’s public '\n", " 'key and the '\n", " 'receiver decrypts '\n", " 'the data with their '\n", " 'private key. This '\n", " 'ensures that only '\n", " 'the intended '\n", " 'recipient can read '\n", " 'the encrypted data. '\n", " 'Common public key '\n", " 'encryption '\n", " 'algorithms include '\n", " 'RSA and ElGamal.\\n'\n", " '\\n'\n", " 'For efficiency, '\n", " 'many protocols '\n", " '(including SSL/TLS) '\n", " 'use symmetric '\n", " 'cryptography once a '\n", " 'connection is '\n", " 'established, but '\n", " 'use asymmetric '\n", " 'cryptography to '\n", " 'establish or '\n", " 'transmit a key. As '\n", " 'such, these '\n", " 'protocols are '\n", " 'classified as '\n", " '[Asymmetric '\n", " 'Cryptography](https://attack.mitre.org/techniques/T1573/002).',\n", " 'distribution': '3',\n", " 'event_tag_id': '287',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5291',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1573.002'],\n", " 'kill_chain': ['mitre-attack:command-and-control'],\n", " 'mitre_data_sources': ['Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows'],\n", " 'refs': ['http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840',\n", " 'https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf',\n", " 'https://attack.mitre.org/techniques/T1573/002',\n", " 'https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 28,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Asymmetric '\n", " 'Cryptography - '\n", " 'T1573.002\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n", " 'value': 'Asymmetric Cryptography - '\n", " 'T1573.002',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5153',\n", " 'galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'id': '869',\n", " 'referenced_galaxy_cluster_id': '6010',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': '731f4f55-b6d0-41d1-a7a9-072a66389aea',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5171',\n", " 'galaxy_cluster_uuid': '7d751199-05fa-4a72-920f-85df4506c76c',\n", " 'id': '883',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'revoked-by',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5799',\n", " 'galaxy_cluster_uuid': '20f6a9df-37c4-4e20-9e47-025983b1b39d',\n", " 'id': '1916',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6815',\n", " 'galaxy_cluster_uuid': 'ead23196-d7b6-4ce6-a124-4ab4b67d81bd',\n", " 'id': '4694',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6819',\n", " 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n", " 'id': '5015',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6833',\n", " 'galaxy_cluster_uuid': '899ce53f-13a0-479b-a0e4-67d46e241542',\n", " 'id': '5373',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6875',\n", " 'galaxy_cluster_uuid': 'd0b3393b-3bec-4ba3-bda9-199d30db47b6',\n", " 'id': '6348',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6885',\n", " 'galaxy_cluster_uuid': '7113eaa5-ba79-4fb3-b68a-398ee9cd698e',\n", " 'id': '6749',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6970',\n", " 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n", " 'id': '8144',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7107',\n", " 'galaxy_cluster_uuid': 'e401d4fe-f0c9-44f0-98e6-f93487678808',\n", " 'id': '9764',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7212',\n", " 'galaxy_cluster_uuid': 'f36b2598-515f-4345-84e5-5ccde253edbe',\n", " 'id': '11097',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7262',\n", " 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n", " 'id': '11750',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7273',\n", " 'galaxy_cluster_uuid': '20945359-3b39-4542-85ef-08ecb4e1c174',\n", " 'id': '11911',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7328',\n", " 'galaxy_cluster_uuid': 'f72251cb-2be5-421f-a081-99c29a1209e7',\n", " 'id': '12574',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7337',\n", " 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n", " 'id': '12674',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7347',\n", " 'galaxy_cluster_uuid': '4fbd565b-bf55-4ac7-80b4-b183a7b64b9c',\n", " 'id': '12809',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7400',\n", " 'galaxy_cluster_uuid': '4b072c90-bc7a-432b-940e-016fc1c01761',\n", " 'id': '13536',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7445',\n", " 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n", " 'id': '14129',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7447',\n", " 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n", " 'id': '14164',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7463',\n", " 'galaxy_cluster_uuid': '75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661',\n", " 'id': '14437',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7472',\n", " 'galaxy_cluster_uuid': '1492d0f8-7e14-4af3-9239-bc3fe10d3407',\n", " 'id': '14617',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '7923',\n", " 'galaxy_cluster_uuid': 'ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68',\n", " 'id': '16653',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9643',\n", " 'galaxy_cluster_uuid': 'e6c09b63-a424-4d9e-b7f7-b752cbbca02a',\n", " 'id': '17912',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15101',\n", " 'galaxy_cluster_uuid': '8384bd26-bde6-4da9-8e5d-4174a7a47ca2',\n", " 'id': '22589',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '15901',\n", " 'galaxy_cluster_uuid': 'b55ca2a3-7cff-4dda-8bdd-c7bfa63bf544',\n", " 'id': '23491',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '16698',\n", " 'galaxy_cluster_uuid': '62f7c9bf-9135-49b2-8aeb-1e54a6ecc13c',\n", " 'id': '24429',\n", " 'referenced_galaxy_cluster_id': '5153',\n", " 'referenced_galaxy_cluster_type': 'related-to',\n", " 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'To disguise the '\n", " 'source of malicious '\n", " 'traffic, '\n", " 'adversaries may '\n", " 'chain together '\n", " 'multiple proxies. '\n", " 'Typically, a '\n", " 'defender will be '\n", " 'able to identify '\n", " 'the last proxy '\n", " 'traffic traversed '\n", " 'before it enters '\n", " 'their network; the '\n", " 'defender may or may '\n", " 'not be able to '\n", " 'identify any '\n", " 'previous proxies '\n", " 'before the last-hop '\n", " 'proxy. This '\n", " 'technique makes '\n", " 'identifying the '\n", " 'original source of '\n", " 'the malicious '\n", " 'traffic even more '\n", " 'difficult by '\n", " 'requiring the '\n", " 'defender to trace '\n", " 'malicious traffic '\n", " 'through several '\n", " 'proxies to identify '\n", " 'its source. A '\n", " 'particular variant '\n", " 'of this behavior is '\n", " 'to use onion '\n", " 'routing networks, '\n", " 'such as the '\n", " 'publicly available '\n", " 'TOR network. '\n", " '(Citation: Onion '\n", " 'Routing)\\n'\n", " '\\n'\n", " 'In the case of '\n", " 'network '\n", " 'infrastructure, '\n", " 'particularly '\n", " 'routers, it is '\n", " 'possible for an '\n", " 'adversary to '\n", " 'leverage multiple '\n", " 'compromised devices '\n", " 'to create a '\n", " 'multi-hop proxy '\n", " 'chain within the '\n", " 'Wide-Area Network '\n", " '(WAN) of the '\n", " 'enterprise. By '\n", " 'leveraging [Patch '\n", " 'System '\n", " 'Image](https://attack.mitre.org/techniques/T1601/001), '\n", " 'adversaries can add '\n", " 'custom code to the '\n", " 'affected network '\n", " 'devices that will '\n", " 'implement onion '\n", " 'routing between '\n", " 'those nodes. This '\n", " 'custom onion '\n", " 'routing network '\n", " 'will transport the '\n", " 'encrypted C2 '\n", " 'traffic through the '\n", " 'compromised '\n", " 'population, '\n", " 'allowing '\n", " 'adversaries to '\n", " 'communicate with '\n", " 'any device within '\n", " 'the onion routing '\n", " 'network. This '\n", " 'method is dependent '\n", " 'upon the [Network '\n", " 'Boundary '\n", " 'Bridging](https://attack.mitre.org/techniques/T1599) '\n", " 'method in order to '\n", " 'allow the '\n", " 'adversaries to '\n", " 'cross the protected '\n", " 'network boundary of '\n", " 'the Internet '\n", " 'perimeter and into '\n", " 'the organization’s '\n", " 'WAN. Protocols such '\n", " 'as ICMP may be used '\n", " 'as a transport.',\n", " 'distribution': '3',\n", " 'event_tag_id': '288',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5153',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1090.003'],\n", " 'kill_chain': ['mitre-attack:command-and-control'],\n", " 'mitre_data_sources': ['Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Connection '\n", " 'Creation',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Flow'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows',\n", " 'Network'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1090/003',\n", " 'https://en.wikipedia.org/wiki/Onion_routing']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 29,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Multi-hop '\n", " 'Proxy - T1090.003\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n", " 'value': 'Multi-hop Proxy - '\n", " 'T1090.003',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'attempt to make an '\n", " 'executable or file '\n", " 'difficult to '\n", " 'discover or analyze '\n", " 'by encrypting, '\n", " 'encoding, or '\n", " 'otherwise '\n", " 'obfuscating its '\n", " 'contents on the '\n", " 'system or in '\n", " 'transit. This is '\n", " 'common behavior '\n", " 'that can be used '\n", " 'across different '\n", " 'platforms and the '\n", " 'network to evade '\n", " 'defenses. \\n'\n", " '\\n'\n", " 'Payloads may be '\n", " 'compressed, '\n", " 'archived, or '\n", " 'encrypted in order '\n", " 'to avoid detection. '\n", " 'These payloads may '\n", " 'be used during '\n", " 'Initial Access or '\n", " 'later to mitigate '\n", " 'detection. '\n", " \"Sometimes a user's \"\n", " 'action may be '\n", " 'required to open '\n", " 'and '\n", " '[Deobfuscate/Decode '\n", " 'Files or '\n", " 'Information](https://attack.mitre.org/techniques/T1140) '\n", " 'for [User '\n", " 'Execution](https://attack.mitre.org/techniques/T1204). '\n", " 'The user may also '\n", " 'be required to '\n", " 'input a password to '\n", " 'open a password '\n", " 'protected '\n", " 'compressed/encrypted '\n", " 'file that was '\n", " 'provided by the '\n", " 'adversary. '\n", " '(Citation: Volexity '\n", " 'PowerDuke November '\n", " '2016) Adversaries '\n", " 'may also use '\n", " 'compressed or '\n", " 'archived scripts, '\n", " 'such as '\n", " 'JavaScript. \\n'\n", " '\\n'\n", " 'Portions of files '\n", " 'can also be encoded '\n", " 'to hide the '\n", " 'plain-text strings '\n", " 'that would '\n", " 'otherwise help '\n", " 'defenders with '\n", " 'discovery. '\n", " '(Citation: '\n", " 'Linux/Cdorked.A We '\n", " 'Live Security '\n", " 'Analysis) Payloads '\n", " 'may also be split '\n", " 'into separate, '\n", " 'seemingly benign '\n", " 'files that only '\n", " 'reveal malicious '\n", " 'functionality when '\n", " 'reassembled. '\n", " '(Citation: Carbon '\n", " 'Black Obfuscation '\n", " 'Sept 2016)\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'also abuse [Command '\n", " 'Obfuscation](https://attack.mitre.org/techniques/T1027/010) '\n", " 'to obscure commands '\n", " 'executed from '\n", " 'payloads or '\n", " 'directly via '\n", " '[Command and '\n", " 'Scripting '\n", " 'Interpreter](https://attack.mitre.org/techniques/T1059). '\n", " 'Environment '\n", " 'variables, aliases, '\n", " 'characters, and '\n", " 'other '\n", " 'platform/language '\n", " 'specific semantics '\n", " 'can be used to '\n", " 'evade signature '\n", " 'based detections '\n", " 'and application '\n", " 'control mechanisms. '\n", " '(Citation: FireEye '\n", " 'Obfuscation June '\n", " '2017) (Citation: '\n", " 'FireEye '\n", " 'Revoke-Obfuscation '\n", " 'July '\n", " '2017)(Citation: '\n", " 'PaloAlto '\n", " 'EncodedCommand '\n", " 'March 2017) ',\n", " 'distribution': '3',\n", " 'event_tag_id': '289',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '4727',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1027'],\n", " 'kill_chain': ['mitre-attack:defense-evasion'],\n", " 'mitre_data_sources': ['Command: '\n", " 'Command '\n", " 'Execution',\n", " 'File: '\n", " 'File '\n", " 'Creation',\n", " 'File: '\n", " 'File '\n", " 'Metadata',\n", " 'Module: '\n", " 'Module '\n", " 'Load',\n", " 'Process: '\n", " 'OS '\n", " 'API '\n", " 'Execution',\n", " 'Process: '\n", " 'Process '\n", " 'Creation',\n", " 'Script: '\n", " 'Script '\n", " 'Execution',\n", " 'WMI: '\n", " 'WMI '\n", " 'Creation',\n", " 'Windows '\n", " 'Registry: '\n", " 'Windows '\n", " 'Registry '\n", " 'Key '\n", " 'Creation'],\n", " 'mitre_platforms': ['Linux',\n", " 'macOS',\n", " 'Windows'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1027',\n", " 'https://github.com/danielbohannon/Revoke-Obfuscation',\n", " 'https://github.com/itsreallynick/office-crackros',\n", " 'https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/',\n", " 'https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html',\n", " 'https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/',\n", " 'https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf',\n", " 'https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/',\n", " 'https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 30,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Obfuscated '\n", " 'Files or Information - '\n", " 'T1027\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'b3d682b6-98f2-4fb0-aa3b-b4df007ca70a',\n", " 'value': 'Obfuscated Files or '\n", " 'Information - T1027',\n", " 'version': '25'}],\n", " 'description': 'ATT&CK Tactic',\n", " 'enabled': True,\n", " 'icon': 'map',\n", " 'id': '23',\n", " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", " 'resource-development',\n", " 'initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact'],\n", " 'mitre-mobile-attack': ['initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact',\n", " 'network-effects',\n", " 'remote-service-effects'],\n", " 'mitre-pre-attack': ['priority-definition-planning',\n", " 'priority-definition-direction',\n", " 'target-selection',\n", " 'technical-information-gathering',\n", " 'people-information-gathering',\n", " 'organizational-information-gathering',\n", " 'technical-weakness-identification',\n", " 'people-weakness-identification',\n", " 'organizational-weakness-identification',\n", " 'adversary-opsec',\n", " 'establish-&-maintain-infrastructure',\n", " 'persona-development',\n", " 'build-capabilities',\n", " 'test-capabilities',\n", " 'stage-capabilities']},\n", " 'local_only': False,\n", " 'name': 'Attack Pattern',\n", " 'namespace': 'mitre-attack',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", " 'version': '9'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Various'],\n", " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '290',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '53',\n", " 'id': '18422',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'CERT-EU',\n", " 'tag_id': 31,\n", " 'tag_name': 'misp-galaxy:sector=\"Academia '\n", " '- University\"',\n", " 'type': 'sector',\n", " 'uuid': '98821a86-3c11-474b-afab-3c84af061407',\n", " 'value': 'Academia - University',\n", " 'version': '5'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Various'],\n", " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '291',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '53',\n", " 'id': '18448',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'synonyms': ['Government',\n", " 'Administration']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'CERT-EU',\n", " 'tag_id': 32,\n", " 'tag_name': 'misp-galaxy:sector=\"Government, '\n", " 'Administration\"',\n", " 'type': 'sector',\n", " 'uuid': '6012ecea-dcc8-490c-b368-e2e06b2cb62f',\n", " 'value': 'Government, '\n", " 'Administration',\n", " 'version': '5'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Various'],\n", " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '292',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '53',\n", " 'id': '18456',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'CERT-EU',\n", " 'tag_id': 33,\n", " 'tag_name': 'misp-galaxy:sector=\"IT '\n", " '- ISP\"',\n", " 'type': 'sector',\n", " 'uuid': '872de996-e069-4cd9-b227-d5ca01dc020c',\n", " 'value': 'IT - ISP',\n", " 'version': '5'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Various'],\n", " 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '293',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '53',\n", " 'id': '18526',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'CERT-EU',\n", " 'tag_id': 34,\n", " 'tag_name': 'misp-galaxy:sector=\"Marketing\"',\n", " 'type': 'sector',\n", " 'uuid': 'ee5720bb-c638-46f8-bdf2-55579bf37eb2',\n", " 'value': 'Marketing',\n", " 'version': '5'}],\n", " 'description': 'Activity sectors',\n", " 'enabled': True,\n", " 'icon': 'industry',\n", " 'id': '53',\n", " 'local_only': False,\n", " 'name': 'Sector',\n", " 'namespace': 'misp',\n", " 'type': 'sector',\n", " 'uuid': 'e1bb134c-ae4d-11e7-8aa9-f78a37325439',\n", " 'version': '2'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14458',\n", " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2424d55',\n", " 'id': '21874',\n", " 'referenced_galaxy_cluster_id': '10024',\n", " 'referenced_galaxy_cluster_type': 'located-in',\n", " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14469',\n", " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b243414e',\n", " 'id': '21885',\n", " 'referenced_galaxy_cluster_id': '10024',\n", " 'referenced_galaxy_cluster_type': 'located-in',\n", " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14515',\n", " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b247524c',\n", " 'id': '21931',\n", " 'referenced_galaxy_cluster_id': '10024',\n", " 'referenced_galaxy_cluster_type': 'located-in',\n", " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14612',\n", " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b253504d',\n", " 'id': '22028',\n", " 'referenced_galaxy_cluster_id': '10024',\n", " 'referenced_galaxy_cluster_type': 'located-in',\n", " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14665',\n", " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2555341',\n", " 'id': '22081',\n", " 'referenced_galaxy_cluster_id': '10024',\n", " 'referenced_galaxy_cluster_type': 'located-in',\n", " 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", " 'sharing_group_id': None}],\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '294',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '51',\n", " 'id': '10024',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'subregions': ['060 - '\n", " 'Bermuda',\n", " '124 - '\n", " 'Canada',\n", " '304 - '\n", " 'Greenland',\n", " '666 - '\n", " 'Saint '\n", " 'Pierre and '\n", " 'Miquelon',\n", " '840 - '\n", " 'United '\n", " 'States of '\n", " 'America']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n", " 'tag_id': 35,\n", " 'tag_name': 'misp-galaxy:region=\"021 '\n", " '- Northern America\"',\n", " 'type': 'region',\n", " 'uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n", " 'value': '021 - Northern America',\n", " 'version': '1'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '295',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '51',\n", " 'id': '10034',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'subregions': ['030 - '\n", " 'Eastern '\n", " 'Asia',\n", " '034 - '\n", " 'Southern '\n", " 'Asia',\n", " '035 - '\n", " 'South-eastern '\n", " 'Asia',\n", " '143 - '\n", " 'Central '\n", " 'Asia',\n", " '145 - '\n", " 'Western '\n", " 'Asia']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n", " 'tag_id': 36,\n", " 'tag_name': 'misp-galaxy:region=\"142 '\n", " '- Asia\"',\n", " 'type': 'region',\n", " 'uuid': '4b09b683-5650-4a6c-a383-d8f3b686ebc2',\n", " 'value': '142 - Asia',\n", " 'version': '1'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '296',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '51',\n", " 'id': '10037',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'subregions': ['039 - '\n", " 'Southern '\n", " 'Europe',\n", " '151 - '\n", " 'Eastern '\n", " 'Europe',\n", " '154 - '\n", " 'Northern '\n", " 'Europe',\n", " '155 - '\n", " 'Western '\n", " 'Europe']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n", " 'tag_id': 37,\n", " 'tag_name': 'misp-galaxy:region=\"150 '\n", " '- Europe\"',\n", " 'type': 'region',\n", " 'uuid': '739c285c-fe59-4540-b323-bf713af30347',\n", " 'value': '150 - Europe',\n", " 'version': '1'}],\n", " 'description': 'Regions based on UN M49.',\n", " 'enabled': True,\n", " 'icon': 'globe-europe',\n", " 'id': '51',\n", " 'local_only': False,\n", " 'name': 'Regions UN M49',\n", " 'namespace': 'misp',\n", " 'type': 'region',\n", " 'uuid': 'd151a79a-e029-11e9-9409-f3e0cf3d93aa',\n", " 'version': '2'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1944',\n", " 'referenced_galaxy_cluster_id': '4945',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '06c00069-771a-4d57-8ef5-d3718c1a8771',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1945',\n", " 'referenced_galaxy_cluster_id': '5189',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1946',\n", " 'referenced_galaxy_cluster_id': '6081',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '10d51417-ee35-4589-b1ff-b6df1c334e8d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1947',\n", " 'referenced_galaxy_cluster_id': '4799',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '10ffac09-e42d-4f56-ab20-db94c67d76ff',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1948',\n", " 'referenced_galaxy_cluster_id': '5982',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '1608f3e1-598a-42f4-a01a-2e252e81728f',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1949',\n", " 'referenced_galaxy_cluster_id': '5190',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '1d24cdee-9ea2-4189-b08e-af110bf2435d',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1950',\n", " 'referenced_galaxy_cluster_id': '5529',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '2db31dcd-54da-405d-acef-b9129b816ed6',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1951',\n", " 'referenced_galaxy_cluster_id': '4880',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1952',\n", " 'referenced_galaxy_cluster_id': '6090',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '3257eb21-f9a7-4430-8de1-d8b6e288f529',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1953',\n", " 'referenced_galaxy_cluster_id': '4731',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '3298ce88-1628-43b1-87d9-0b5336b193d7',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1954',\n", " 'referenced_galaxy_cluster_id': '4692',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '4ffc1794-ec3b-45be-9e52-42dbcb2af2de',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1955',\n", " 'referenced_galaxy_cluster_id': '6077',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '54a649ff-439a-41a4-9856-8d144a2551ba',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1956',\n", " 'referenced_galaxy_cluster_id': '5344',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '54ca26f3-c172-4231-93e5-ccebcac2161f',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1957',\n", " 'referenced_galaxy_cluster_id': '5247',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '635cbe30-392d-4e27-978e-66774357c762',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1958',\n", " 'referenced_galaxy_cluster_id': '5191',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '692074ae-bb62-4a5e-a735-02cb6bde458c',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1959',\n", " 'referenced_galaxy_cluster_id': '5252',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '7610cada-1499-41a4-b3dd-46467b68d177',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1960',\n", " 'referenced_galaxy_cluster_id': '5241',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '7decb26c-715c-40cf-b7e0-026f7d7cc215',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1961',\n", " 'referenced_galaxy_cluster_id': '5199',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '8861073d-d1b8-4941-82ce-dce621d398f0',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1962',\n", " 'referenced_galaxy_cluster_id': '4859',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '8a2f40cf-8325-47f9-96e4-b1ca4c7389bd',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1963',\n", " 'referenced_galaxy_cluster_id': '6106',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '92a78814-b191-47ca-909c-1ccfe3777414',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1964',\n", " 'referenced_galaxy_cluster_id': '4668',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '954a1639-f2d6-407d-aef3-4917622ca493',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1965',\n", " 'referenced_galaxy_cluster_id': '5956',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '9fa07bef-9c81-421e-a8e5-ad4366c5a925',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1966',\n", " 'referenced_galaxy_cluster_id': '5262',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'a009cb25-4801-4116-9105-80a91cf15c1b',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1967',\n", " 'referenced_galaxy_cluster_id': '6059',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'a10641f4-87b4-45a3-a906-92a149cb2c27',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1968',\n", " 'referenced_galaxy_cluster_id': '5973',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'a93494bb-4b80-4ea1-8695-3236a49916fd',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1969',\n", " 'referenced_galaxy_cluster_id': '4993',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'ae7f3575-0a5e-427e-991b-fe03ad44c754',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1970',\n", " 'referenced_galaxy_cluster_id': '5192',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'b2d03cea-aec1-45ca-9744-9ee583c1e1cc',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1971',\n", " 'referenced_galaxy_cluster_id': '5162',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'b4409cd8-0da9-46e1-a401-a241afd4d1cc',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1972',\n", " 'referenced_galaxy_cluster_id': '4891',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'b4694861-542c-48ea-9eb1-10d356e7140a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1973',\n", " 'referenced_galaxy_cluster_id': '5149',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'b8017880-4b1e-42de-ad10-ae7ac6705166',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1974',\n", " 'referenced_galaxy_cluster_id': '5220',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1975',\n", " 'referenced_galaxy_cluster_id': '5251',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'cff94884-3b1c-4987-a70b-6d5643c621c3',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1976',\n", " 'referenced_galaxy_cluster_id': '4848',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'd245808a-7086-4310-984a-a84aaaa43f8f',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1977',\n", " 'referenced_galaxy_cluster_id': '4918',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'd4b96d2c-1032-4b22-9235-2b5b649d0605',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1978',\n", " 'referenced_galaxy_cluster_id': '6014',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'e01be9c5-e763-4caf-aeb7-000b416aef67',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1979',\n", " 'referenced_galaxy_cluster_id': '4676',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'e74de37c-a829-446c-937d-56a44f0e9306',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1980',\n", " 'referenced_galaxy_cluster_id': '4846',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'eb062747-2193-45de-8fa2-e62549c37ddf',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1981',\n", " 'referenced_galaxy_cluster_id': '5235',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'f232fa7a-025c-4d43-abc7-318e81a73d65',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1982',\n", " 'referenced_galaxy_cluster_id': '5144',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'f4c1826f-a322-41cd-9557-562100848c84',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1983',\n", " 'referenced_galaxy_cluster_id': '4953',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'fa44a152-ac48-441e-a524-dd7b04b8adcd',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001fc2',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '3',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n", " 'numerical_value': '95',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5854',\n", " 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'id': '1984',\n", " 'referenced_galaxy_cluster_id': '4850',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': 'fc74ba38-dc98-461f-8611-b3dbf9978e3d',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'a8825ae8-6dea-11e7-8d57-7728f3cfe086',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Use two or more '\n", " 'pieces of evidence '\n", " 'to authenticate to '\n", " 'a system; such as '\n", " 'username and '\n", " 'password in '\n", " 'addition to a token '\n", " 'from a physical '\n", " 'smart card or token '\n", " 'generator.',\n", " 'distribution': '3',\n", " 'event_tag_id': '303',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '24',\n", " 'id': '5854',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['M1032'],\n", " 'refs': ['https://attack.mitre.org/mitigations/M1032']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 43,\n", " 'tag_name': 'misp-galaxy:mitre-course-of-action=\"Multi-factor '\n", " 'Authentication - '\n", " 'M1032\"',\n", " 'type': 'mitre-course-of-action',\n", " 'uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n", " 'value': 'Multi-factor '\n", " 'Authentication - M1032',\n", " 'version': '26'}],\n", " 'description': 'ATT&CK Mitigation',\n", " 'enabled': True,\n", " 'icon': 'link',\n", " 'id': '24',\n", " 'local_only': False,\n", " 'name': 'Course of Action',\n", " 'namespace': 'mitre-attack',\n", " 'type': 'mitre-course-of-action',\n", " 'uuid': '6fcb4472-6de4-11e7-b5f7-37771619e14e',\n", " 'version': '7'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '23',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Compromise '\n", " 'Client Software Binary - T1554\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '24',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Traffic '\n", " 'Signaling - T1205\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '25',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Clear Command '\n", " 'History - T1070.003\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '26',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Timestomp - '\n", " 'T1070.006\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '27',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Symmetric '\n", " 'Cryptography - T1573.001\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '28',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Asymmetric '\n", " 'Cryptography - T1573.002\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '29',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Multi-hop '\n", " 'Proxy - T1090.003\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '30',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Obfuscated '\n", " 'Files or Information - T1027\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '31',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:sector=\"Academia - University\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '32',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:sector=\"Government, Administration\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '33',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:sector=\"IT - ISP\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '34',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:sector=\"Marketing\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '35',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:region=\"021 - Northern America\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '36',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:region=\"142 - Asia\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '37',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:region=\"150 - Europe\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#996e00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '38',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'access-method:stolen-credentials',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '16',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:white',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#002b4a',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '39',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'osint:source-type=\"technical-report\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#007ed9',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '40',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'osint:certainty=\"93\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#00c0eb',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '41',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'veris:action:hacking:vector=\"Backdoor or C2\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '42',\n", " 'is_custom_galaxy': True,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:backdoor=\"c070c1c8-8939-4e66-bf4d-b91e8392a7a4\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '43',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-course-of-action=\"Multi-factor '\n", " 'Authentication - M1032\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '44',\n", " 'is_custom_galaxy': True,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-course-of-action=\"08c0a23d-ed11-41b9-85ae-7cd86181b254\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '2',\n", " 'attribute_count': '24',\n", " 'date': '2021-02-03',\n", " 'disable_correlation': False,\n", " 'distribution': '1',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '52',\n", " 'info': 'Kobalos - Linux threat to high performance computing '\n", " 'infrastructure',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '2',\n", " 'timestamp': '1617972935',\n", " 'uuid': '83a7add9-76d7-47ef-9f4b-ebd07fbe880d'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Francesco Bigarella',\n", " 'Christophe Vandeplas'],\n", " 'collection_uuid': 'cc0c8ae9-aec2-42c6-9939-f4f82b051836',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Type of Jackpotting '\n", " 'attack. Connection '\n", " 'of an unauthorized '\n", " 'device which sends '\n", " 'dispense commands '\n", " 'directly to the ATM '\n", " 'cash dispenser in '\n", " 'order to “cash out” '\n", " 'the ATM.',\n", " 'distribution': '3',\n", " 'event_tag_id': '308',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '4',\n", " 'id': '575',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'kill_chain': ['fraud-tactics:Target '\n", " 'Compromise'],\n", " 'refs': ['https://www.association-secure-transactions.eu/industry-information/fraud-definitions/'],\n", " 'synonyms': ['Black Box '\n", " 'Attack']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Open Sources',\n", " 'tag_id': 19,\n", " 'tag_name': 'misp-galaxy:financial-fraud=\"ATM '\n", " 'Black Box Attack\"',\n", " 'type': 'financial-fraud',\n", " 'uuid': '6bec22cb-9aed-426a-bffc-b0a78db6527a',\n", " 'value': 'ATM Black Box Attack',\n", " 'version': '6'}],\n", " 'description': 'attck4fraud - Principles of MITRE '\n", " 'ATT&CK in the fraud domain',\n", " 'enabled': True,\n", " 'icon': 'map',\n", " 'id': '4',\n", " 'kill_chain_order': {'fraud-tactics': ['Initiation',\n", " 'Target '\n", " 'Compromise',\n", " 'Perform Fraud',\n", " 'Obtain '\n", " 'Fraudulent '\n", " 'Assets',\n", " 'Assets '\n", " 'Transfer',\n", " 'Monetisation',\n", " 'Due '\n", " 'Diligence']},\n", " 'local_only': False,\n", " 'name': 'attck4fraud',\n", " 'namespace': 'misp',\n", " 'type': 'financial-fraud',\n", " 'uuid': 'cc0c8ae9-aec2-42c6-9939-f4f82b051836',\n", " 'version': '2'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", " 'http://pastebin.com/raw/GHgpWjar',\n", " 'MISP Project',\n", " 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n", " 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Ransomware Based on '\n", " 'HiddenTear',\n", " 'distribution': '3',\n", " 'event_tag_id': '309',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '49',\n", " 'id': '8410',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'encryption': ['AES-256'],\n", " 'extensions': ['.암호화됨'],\n", " 'payment-method': ['Bitcoin'],\n", " 'price': ['0.5'],\n", " 'ransomnotes-filenames': ['ReadMe.txt'],\n", " 'refs': ['http://www.nyxbone.com/malware/koreanRansom.html',\n", " 'http://id-ransomware.blogspot.com/2016/08/korean-ransomware.html']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 20,\n", " 'tag_name': 'misp-galaxy:ransomware=\"Korean\"',\n", " 'type': 'ransomware',\n", " 'uuid': '4febffe0-3837-41d7-b95f-e26d126275e4',\n", " 'value': 'Korean',\n", " 'version': '118'}],\n", " 'description': 'Ransomware galaxy based on '\n", " 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", " 'enabled': True,\n", " 'icon': 'btc',\n", " 'id': '49',\n", " 'local_only': False,\n", " 'name': 'Ransomware',\n", " 'namespace': 'misp',\n", " 'type': 'ransomware',\n", " 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n", " 'version': '4'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5584',\n", " 'galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", " 'id': '1176',\n", " 'referenced_galaxy_cluster_id': '5520',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': 'ce0687a0-e692-4b77-964a-0784a8e54ff1',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5899',\n", " 'galaxy_cluster_uuid': '78bb71be-92b4-46de-acd6-5f998fedf1cc',\n", " 'id': '2378',\n", " 'referenced_galaxy_cluster_id': '5584',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '6786',\n", " 'galaxy_cluster_uuid': '381fcf73-60f6-4ab2-9991-6af3cbc35192',\n", " 'id': '3998',\n", " 'referenced_galaxy_cluster_id': '5584',\n", " 'referenced_galaxy_cluster_type': 'uses',\n", " 'referenced_galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'acquire information '\n", " 'about '\n", " 'vulnerabilities '\n", " 'that can be used '\n", " 'during targeting. A '\n", " 'vulnerability is a '\n", " 'weakness in '\n", " 'computer hardware '\n", " 'or software that '\n", " 'can, potentially, '\n", " 'be exploited by an '\n", " 'adversary to cause '\n", " 'unintended or '\n", " 'unanticipated '\n", " 'behavior to occur. '\n", " 'Adversaries may '\n", " 'find vulnerability '\n", " 'information by '\n", " 'searching open '\n", " 'databases or '\n", " 'gaining access to '\n", " 'closed '\n", " 'vulnerability '\n", " 'databases.(Citation: '\n", " 'National '\n", " 'Vulnerability '\n", " 'Database)\\n'\n", " '\\n'\n", " 'An adversary may '\n", " 'monitor '\n", " 'vulnerability '\n", " 'disclosures/databases '\n", " 'to understand the '\n", " 'state of existing, '\n", " 'as well as newly '\n", " 'discovered, '\n", " 'vulnerabilities. '\n", " 'There is usually a '\n", " 'delay between when '\n", " 'a vulnerability is '\n", " 'discovered and when '\n", " 'it is made public. '\n", " 'An adversary may '\n", " 'target the systems '\n", " 'of those known to '\n", " 'conduct '\n", " 'vulnerability '\n", " 'research (including '\n", " 'commercial '\n", " 'vendors). Knowledge '\n", " 'of a vulnerability '\n", " 'may cause an '\n", " 'adversary to search '\n", " 'for an existing '\n", " 'exploit (i.e. '\n", " '[Exploits](https://attack.mitre.org/techniques/T1588/005)) '\n", " 'or to attempt to '\n", " 'develop one '\n", " 'themselves (i.e. '\n", " '[Exploits](https://attack.mitre.org/techniques/T1587/004)).',\n", " 'distribution': '3',\n", " 'event_tag_id': '310',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5584',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1588.006'],\n", " 'kill_chain': ['mitre-attack:resource-development'],\n", " 'mitre_platforms': ['PRE'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1588/006',\n", " 'https://nvd.nist.gov/']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 21,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Vulnerabilities '\n", " '- T1588.006\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n", " 'value': 'Vulnerabilities - '\n", " 'T1588.006',\n", " 'version': '25'}],\n", " 'description': 'ATT&CK Tactic',\n", " 'enabled': True,\n", " 'icon': 'map',\n", " 'id': '23',\n", " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", " 'resource-development',\n", " 'initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact'],\n", " 'mitre-mobile-attack': ['initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact',\n", " 'network-effects',\n", " 'remote-service-effects'],\n", " 'mitre-pre-attack': ['priority-definition-planning',\n", " 'priority-definition-direction',\n", " 'target-selection',\n", " 'technical-information-gathering',\n", " 'people-information-gathering',\n", " 'organizational-information-gathering',\n", " 'technical-weakness-identification',\n", " 'people-weakness-identification',\n", " 'organizational-weakness-identification',\n", " 'adversary-opsec',\n", " 'establish-&-maintain-infrastructure',\n", " 'persona-development',\n", " 'build-capabilities',\n", " 'test-capabilities',\n", " 'stage-capabilities']},\n", " 'local_only': False,\n", " 'name': 'Attack Pattern',\n", " 'namespace': 'mitre-attack',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", " 'version': '9'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#004646',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '9',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'type:OSINT',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '16',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:white',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#db0076',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '18',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'workflow:state=\"incomplete\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '19',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:financial-fraud=\"ATM Black Box '\n", " 'Attack\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ca957b',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '20',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:ransomware=\"Korean\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#5dc0e0',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '21',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Vulnerabilities '\n", " '- T1588.006\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#418100',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '22',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'circl:incident-classification=\"vulnerability\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '1',\n", " 'attribute_count': '64',\n", " 'date': '2021-02-16',\n", " 'disable_correlation': False,\n", " 'distribution': '3',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '53',\n", " 'info': 'ATM Vulnerabilities Allow Deposit Forgery Attacks',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '2',\n", " 'timestamp': '1682497911',\n", " 'uuid': '848a3172-1301-4cbd-8398-435b00904c20'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Alexandre Dulaunoy',\n", " 'Florian Roth',\n", " 'Thomas Schreck',\n", " 'Timo Steffens',\n", " 'Various'],\n", " 'collection_uuid': '7cdff317-a673-4474-84ec-4f1754947823',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'The Syrian '\n", " 'Electronic Army '\n", " '(SEA) is a group of '\n", " 'computer hackers '\n", " 'which first '\n", " 'surfaced online in '\n", " '2011 to support the '\n", " 'government of '\n", " 'Syrian President '\n", " 'Bashar al-Assad. '\n", " 'Using spamming, '\n", " 'website defacement, '\n", " 'malware, phishing, '\n", " 'and denial of '\n", " 'service attacks, it '\n", " 'has targeted '\n", " 'political '\n", " 'opposition groups, '\n", " 'western news '\n", " 'organizations, '\n", " 'human rights groups '\n", " 'and websites that '\n", " 'are seemingly '\n", " 'neutral to the '\n", " 'Syrian conflict. It '\n", " 'has also hacked '\n", " 'government websites '\n", " 'in the Middle East '\n", " 'and Europe, as well '\n", " 'as US defense '\n", " 'contractors. As of '\n", " '2011 the SEA has '\n", " 'been *the first '\n", " 'Arab country to '\n", " 'have a public '\n", " 'Internet Army '\n", " 'hosted on its '\n", " 'national networks '\n", " 'to openly launch '\n", " 'cyber attacks on '\n", " 'its enemies*. The '\n", " 'precise nature of '\n", " \"SEA's relationship \"\n", " 'with the Syrian '\n", " 'government has '\n", " 'changed over time '\n", " 'and is unclear',\n", " 'distribution': '3',\n", " 'event_tag_id': '312',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '62',\n", " 'id': '18607',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'attribution-confidence': ['50'],\n", " 'country': ['SY'],\n", " 'refs': ['https://en.wikipedia.org/wiki/Syrian_Electronic_Army'],\n", " 'synonyms': ['SyrianElectronicArmy',\n", " 'SEA']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'MISP Project',\n", " 'tag_id': 14,\n", " 'tag_name': 'misp-galaxy:threat-actor=\"Deadeye '\n", " 'Jackal\"',\n", " 'type': 'threat-actor',\n", " 'uuid': '4265d44e-8372-4ed0-b428-b331a5443d7d',\n", " 'value': 'Deadeye Jackal',\n", " 'version': '281'}],\n", " 'description': 'Threat actors are characteristics of '\n", " 'malicious actors (or adversaries) '\n", " 'representing a cyber attack threat '\n", " 'including presumed intent and '\n", " 'historically observed behaviour.',\n", " 'enabled': True,\n", " 'icon': 'user-secret',\n", " 'id': '62',\n", " 'local_only': False,\n", " 'name': 'Threat Actor',\n", " 'namespace': 'misp',\n", " 'type': 'threat-actor',\n", " 'uuid': '698774c7-8022-42c4-917f-8d6e4f06ada3',\n", " 'version': '3'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5248',\n", " 'galaxy_cluster_uuid': '8c41090b-aa47-4331-986b-8c9a51a91103',\n", " 'id': '956',\n", " 'referenced_galaxy_cluster_id': '5614',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5258',\n", " 'galaxy_cluster_uuid': '0cfe31a7-81fc-472c-bc45-e2808d1066a3',\n", " 'id': '966',\n", " 'referenced_galaxy_cluster_id': '5614',\n", " 'referenced_galaxy_cluster_type': 'subtechnique-of',\n", " 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", " 'sharing_group_id': None},\n", " {'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '5877',\n", " 'galaxy_cluster_uuid': '3efe43d1-6f3f-4fcb-ab39-4a730971f70b',\n", " 'id': '2233',\n", " 'referenced_galaxy_cluster_id': '5614',\n", " 'referenced_galaxy_cluster_type': 'mitigates',\n", " 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", " 'sharing_group_id': None}],\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'modify visual '\n", " 'content available '\n", " 'internally or '\n", " 'externally to an '\n", " 'enterprise network, '\n", " 'thus affecting the '\n", " 'integrity of the '\n", " 'original content. '\n", " 'Reasons for '\n", " '[Defacement](https://attack.mitre.org/techniques/T1491) '\n", " 'include delivering '\n", " 'messaging, '\n", " 'intimidation, or '\n", " 'claiming (possibly '\n", " 'false) credit for '\n", " 'an intrusion. '\n", " 'Disturbing or '\n", " 'offensive images '\n", " 'may be used as a '\n", " 'part of '\n", " '[Defacement](https://attack.mitre.org/techniques/T1491) '\n", " 'in order to cause '\n", " 'user discomfort, or '\n", " 'to pressure '\n", " 'compliance with '\n", " 'accompanying '\n", " 'messages. \\n',\n", " 'distribution': '3',\n", " 'event_tag_id': '315',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5614',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1491'],\n", " 'kill_chain': ['mitre-attack:impact'],\n", " 'mitre_data_sources': ['Application '\n", " 'Log: '\n", " 'Application '\n", " 'Log '\n", " 'Content',\n", " 'File: '\n", " 'File '\n", " 'Creation',\n", " 'File: '\n", " 'File '\n", " 'Modification',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content'],\n", " 'mitre_platforms': ['Windows',\n", " 'IaaS',\n", " 'Linux',\n", " 'macOS'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1491']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 17,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Defacement '\n", " '- T1491\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n", " 'value': 'Defacement - T1491',\n", " 'version': '25'}],\n", " 'description': 'ATT&CK Tactic',\n", " 'enabled': True,\n", " 'icon': 'map',\n", " 'id': '23',\n", " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", " 'resource-development',\n", " 'initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact'],\n", " 'mitre-mobile-attack': ['initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact',\n", " 'network-effects',\n", " 'remote-service-effects'],\n", " 'mitre-pre-attack': ['priority-definition-planning',\n", " 'priority-definition-direction',\n", " 'target-selection',\n", " 'technical-information-gathering',\n", " 'people-information-gathering',\n", " 'organizational-information-gathering',\n", " 'technical-weakness-identification',\n", " 'people-weakness-identification',\n", " 'organizational-weakness-identification',\n", " 'adversary-opsec',\n", " 'establish-&-maintain-infrastructure',\n", " 'persona-development',\n", " 'build-capabilities',\n", " 'test-capabilities',\n", " 'stage-capabilities']},\n", " 'local_only': False,\n", " 'name': 'Attack Pattern',\n", " 'namespace': 'mitre-attack',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", " 'version': '9'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '14',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:threat-actor=\"Deadeye Jackal\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ee4700',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '15',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'domain-abuse:domain-access-method=\"compromised-domain-name-registrar\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '16',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:white',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '17',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Defacement - '\n", " 'T1491\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '1',\n", " 'attribute_count': '242',\n", " 'date': '2013-08-27',\n", " 'disable_correlation': False,\n", " 'distribution': '3',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '54',\n", " 'info': 'Investigation Syrian Electronic Army Activities - '\n", " 'Domain(s) Take over via Melbourne IT registrar',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '2',\n", " 'timestamp': '1693924239',\n", " 'uuid': 'c54869a6-0123-405f-b1a0-0ba3cfd759b9'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9554',\n", " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'id': '17887',\n", " 'referenced_galaxy_cluster_id': '9652',\n", " 'referenced_galaxy_cluster_type': 'parent-of',\n", " 'referenced_galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9554',\n", " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'id': '17888',\n", " 'referenced_galaxy_cluster_id': '9653',\n", " 'referenced_galaxy_cluster_type': 'parent-of',\n", " 'referenced_galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9554',\n", " 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'id': '17889',\n", " 'referenced_galaxy_cluster_id': '9654',\n", " 'referenced_galaxy_cluster_type': 'parent-of',\n", " 'referenced_galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'TargetingClusterRelation': [{'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9652',\n", " 'galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n", " 'id': '17916',\n", " 'referenced_galaxy_cluster_id': '9554',\n", " 'referenced_galaxy_cluster_type': 'successor-of',\n", " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9653',\n", " 'galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n", " 'id': '17917',\n", " 'referenced_galaxy_cluster_id': '9554',\n", " 'referenced_galaxy_cluster_type': 'successor-of',\n", " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'sharing_group_id': None},\n", " {'Tag': [{'colour': '#001899',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '1',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"likely\"',\n", " 'numerical_value': '55',\n", " 'org_id': '0',\n", " 'user_id': '0'}],\n", " 'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '9654',\n", " 'galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n", " 'id': '17919',\n", " 'referenced_galaxy_cluster_id': '9554',\n", " 'referenced_galaxy_cluster_type': 'successor-of',\n", " 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'sharing_group_id': None}],\n", " 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", " 'http://pastebin.com/raw/GHgpWjar',\n", " 'MISP Project',\n", " 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n", " 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Conti ransomware is '\n", " 'a RaaS and has been '\n", " 'observed encrypting '\n", " 'networks since '\n", " 'mid-2020.\\n'\n", " 'Conti was developed '\n", " 'by the “TrickBot” '\n", " 'group, an organized '\n", " 'Russian '\n", " 'cybercriminal '\n", " 'operation. Their '\n", " 'reputation has '\n", " 'allowed the group '\n", " 'to create a strong '\n", " 'brand name, '\n", " 'attracting many '\n", " 'affiliates which '\n", " 'has made Conti one '\n", " 'of the most '\n", " 'widespread '\n", " 'ransomware strains '\n", " 'in the world.\\n'\n", " 'One of the last '\n", " 'known “Conti” '\n", " 'attacks was against '\n", " 'the government of '\n", " 'Costa Rica in April '\n", " '2022 causing the '\n", " 'country to declare '\n", " 'a state of '\n", " 'emergency.\\n'\n", " 'Shortly after this '\n", " 'final attack, the '\n", " '“Conti” brand '\n", " 'disappeared. The '\n", " 'group behind it '\n", " 'likely switched to '\n", " 'a different brand '\n", " 'to avoid sanctions '\n", " 'and start over with '\n", " 'a new, clean '\n", " 'reputation.',\n", " 'distribution': '3',\n", " 'event_tag_id': '317',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '49',\n", " 'id': '9554',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'attribution-confidence': ['100'],\n", " 'country': ['RU'],\n", " 'extensions': ['.conti'],\n", " 'links': ['http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/',\n", " 'http://continews.click'],\n", " 'ransomnotes': ['All of '\n", " 'your '\n", " 'files are '\n", " 'currently '\n", " 'encrypted '\n", " 'by CONTI '\n", " 'ransomware.'],\n", " 'refs': ['https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-010-acsc-ransomware-profile-conti',\n", " 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098',\n", " 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 166,\n", " 'tag_name': 'misp-galaxy:ransomware=\"Conti\"',\n", " 'type': 'ransomware',\n", " 'uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n", " 'value': 'Conti',\n", " 'version': '118'}],\n", " 'description': 'Ransomware galaxy based on '\n", " 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n", " 'enabled': True,\n", " 'icon': 'btc',\n", " 'id': '49',\n", " 'local_only': False,\n", " 'name': 'Ransomware',\n", " 'namespace': 'misp',\n", " 'type': 'ransomware',\n", " 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n", " 'version': '4'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'date': '2022-03-21',\n", " 'distribution': '1',\n", " 'id': '50',\n", " 'info': 'Ransomware Attack against a '\n", " 'French organization',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'published': False,\n", " 'threat_level_id': '1',\n", " 'timestamp': '1695041268',\n", " 'uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80'}}],\n", " 'Tag': [{'colour': '#001cad',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '2',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'estimative-language:likelihood-probability=\"very-likely\"',\n", " 'numerical_value': '80',\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '166',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:ransomware=\"Conti\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '13',\n", " 'date': '2022-03-22',\n", " 'disable_correlation': False,\n", " 'distribution': '2',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80',\n", " 'id': '55',\n", " 'info': 'Network relationship with Conti BTC address',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '4',\n", " 'timestamp': '1695040739',\n", " 'uuid': 'd1a18f98-4efb-4238-b608-8783e626b95f'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#0fc000',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '45',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'admiralty-scale:information-credibility=\"2\"',\n", " 'numerical_value': '75',\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#038e00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '46',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'economical-impact:loss=\"less-than-1B-euro\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '7',\n", " 'date': '2021-05-28',\n", " 'disable_correlation': False,\n", " 'distribution': '1',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '56',\n", " 'info': 'Decaying example',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '4',\n", " 'timestamp': '1695024030',\n", " 'uuid': 'e6f83d22-248c-4286-91d2-8dd97b637560'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '321',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '59',\n", " 'id': '13281',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'calling-code': ['+31'],\n", " 'capital': ['Amsterdam'],\n", " 'currency': ['€',\n", " 'EUR',\n", " 'EURO',\n", " '$',\n", " 'USD',\n", " 'United '\n", " 'States '\n", " 'dollar'],\n", " 'iso-code': ['NL', 'NLD'],\n", " 'member-of': ['NATO'],\n", " 'official-languages': ['Dutch'],\n", " 'synonyms': ['Nederland',\n", " 'Holland'],\n", " 'territory-type': ['Country'],\n", " 'top-level-domain': ['.nl']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 50,\n", " 'tag_name': 'misp-galaxy:target-information=\"Netherlands\"',\n", " 'type': 'target-information',\n", " 'uuid': '1c016908-33df-485c-ba9a-3e629e6f92d9',\n", " 'value': 'Netherlands',\n", " 'version': '7'}],\n", " 'description': 'Description of targets of threat '\n", " 'actors.',\n", " 'enabled': True,\n", " 'icon': 'bullseye',\n", " 'id': '59',\n", " 'local_only': False,\n", " 'name': 'Target Information',\n", " 'namespace': 'misp',\n", " 'type': 'target-information',\n", " 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n", " 'version': '1'},\n", " {'GalaxyCluster': [{'GalaxyClusterRelation': [{'default': True,\n", " 'distribution': '3',\n", " 'galaxy_cluster_id': '14623',\n", " 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2525553',\n", " 'id': '22039',\n", " 'referenced_galaxy_cluster_id': '10038',\n", " 'referenced_galaxy_cluster_type': 'located-in',\n", " 'referenced_galaxy_cluster_uuid': 'c7cb0859-5680-4bdb-9c78-46cab3504a62',\n", " 'sharing_group_id': None}],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['geonames.org'],\n", " 'collection_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Russia',\n", " 'distribution': '3',\n", " 'event_tag_id': '322',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '14',\n", " 'id': '14623',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'Capital': ['Moscow'],\n", " 'Continent': ['EU'],\n", " 'CurrencyCode': ['RUB'],\n", " 'CurrencyName': ['Ruble'],\n", " 'ISO': ['RU'],\n", " 'ISO3': ['RUS'],\n", " 'Languages': ['ru,tt,xal,cau,ady,kv,ce,tyv,cv,udm,tut,mns,bua,myv,mdf,chm,ba,inh,tut,kbd,krc,av,sah,nog'],\n", " 'Population': ['140702000'],\n", " 'tld': ['.ru']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'MISP Project',\n", " 'tag_id': 51,\n", " 'tag_name': 'misp-galaxy:country=\"russia\"',\n", " 'type': 'country',\n", " 'uuid': '84668357-5a8c-4bdd-9f0f-6b50b2525553',\n", " 'value': 'russia',\n", " 'version': '2'}],\n", " 'description': 'Country meta information based on the '\n", " 'database provided by geonames.org.',\n", " 'enabled': True,\n", " 'icon': 'globe',\n", " 'id': '14',\n", " 'local_only': False,\n", " 'name': 'Country',\n", " 'namespace': 'misp',\n", " 'type': 'country',\n", " 'uuid': '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',\n", " 'version': '1'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#e9007e',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '49',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'workflow:state=\"draft\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '50',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:target-information=\"Netherlands\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '51',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:country=\"russia\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#FFC000',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '52',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:amber+strict',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '65',\n", " 'date': '2023-01-27',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '57',\n", " 'info': 'GRU close access cyber operation against OPCW',\n", " 'locked': True,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '4',\n", " 'timestamp': '1693470062',\n", " 'uuid': 'f438b116-58db-44d5-b37f-167d1b3a2f41'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [],\n", " 'Org': {'id': '6',\n", " 'local': True,\n", " 'name': 'ORG_4',\n", " 'uuid': '9e913344-3e2d-4cd2-8403-8888dfe0ad1e'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'analysis': '0',\n", " 'attribute_count': '1',\n", " 'date': '2024-04-14',\n", " 'disable_correlation': False,\n", " 'distribution': '3',\n", " 'event_creator_email': 'user1@sync-user.4.test',\n", " 'extends_uuid': '',\n", " 'id': '59',\n", " 'info': 'Test Pull From Docker',\n", " 'locked': True,\n", " 'org_id': '6',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '1713083090',\n", " 'published': True,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713083076',\n", " 'uuid': 'fc1ef566-44a5-4d98-9c85-dc0f75467100'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'attempt to exploit '\n", " 'a weakness in an '\n", " 'Internet-facing '\n", " 'host or system to '\n", " 'initially access a '\n", " 'network. The '\n", " 'weakness in the '\n", " 'system can be a '\n", " 'software bug, a '\n", " 'temporary glitch, '\n", " 'or a '\n", " 'misconfiguration.\\n'\n", " '\\n'\n", " 'Exploited '\n", " 'applications are '\n", " 'often websites/web '\n", " 'servers, but can '\n", " 'also include '\n", " 'databases (like '\n", " 'SQL), standard '\n", " 'services (like SMB '\n", " 'or SSH), network '\n", " 'device '\n", " 'administration and '\n", " 'management '\n", " 'protocols (like '\n", " 'SNMP and Smart '\n", " 'Install), and any '\n", " 'other system with '\n", " 'Internet accessible '\n", " 'open '\n", " 'sockets.(Citation: '\n", " 'NVD '\n", " 'CVE-2016-6662)(Citation: '\n", " 'CIS Multiple SMB '\n", " 'Vulnerabilities)(Citation: '\n", " 'US-CERT TA18-106A '\n", " 'Network '\n", " 'Infrastructure '\n", " 'Devices '\n", " '2018)(Citation: '\n", " 'Cisco Blog Legacy '\n", " 'Device '\n", " 'Attacks)(Citation: '\n", " 'NVD CVE-2014-7169) '\n", " 'Depending on the '\n", " 'flaw being '\n", " 'exploited this may '\n", " 'also involve '\n", " '[Exploitation for '\n", " 'Defense '\n", " 'Evasion](https://attack.mitre.org/techniques/T1211). \\n'\n", " '\\n'\n", " 'If an application '\n", " 'is hosted on '\n", " 'cloud-based '\n", " 'infrastructure '\n", " 'and/or is '\n", " 'containerized, then '\n", " 'exploiting it may '\n", " 'lead to compromise '\n", " 'of the underlying '\n", " 'instance or '\n", " 'container. This can '\n", " 'allow an adversary '\n", " 'a path to access '\n", " 'the cloud or '\n", " 'container APIs, '\n", " 'exploit container '\n", " 'host access via '\n", " '[Escape to '\n", " 'Host](https://attack.mitre.org/techniques/T1611), '\n", " 'or take advantage '\n", " 'of weak identity '\n", " 'and access '\n", " 'management '\n", " 'policies.\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'also exploit edge '\n", " 'network '\n", " 'infrastructure and '\n", " 'related appliances, '\n", " 'specifically '\n", " 'targeting devices '\n", " 'that do not support '\n", " 'robust host-based '\n", " 'defenses.(Citation: '\n", " 'Mandiant Fortinet '\n", " 'Zero Day)(Citation: '\n", " 'Wired Russia '\n", " 'Cyberwar)\\n'\n", " '\\n'\n", " 'For websites and '\n", " 'databases, the '\n", " 'OWASP top 10 and '\n", " 'CWE top 25 '\n", " 'highlight the most '\n", " 'common web-based '\n", " 'vulnerabilities.(Citation: '\n", " 'OWASP Top '\n", " '10)(Citation: CWE '\n", " 'top 25)',\n", " 'distribution': '3',\n", " 'event_tag_id': '332',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '4825',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1190'],\n", " 'kill_chain': ['mitre-attack:initial-access'],\n", " 'mitre_data_sources': ['Application '\n", " 'Log: '\n", " 'Application '\n", " 'Log '\n", " 'Content',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content'],\n", " 'mitre_platforms': ['Windows',\n", " 'IaaS',\n", " 'Network',\n", " 'Linux',\n", " 'macOS',\n", " 'Containers'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1190',\n", " 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n", " 'https://cwe.mitre.org/top25/index.html',\n", " 'https://nvd.nist.gov/vuln/detail/CVE-2014-7169',\n", " 'https://nvd.nist.gov/vuln/detail/CVE-2016-6662',\n", " 'https://us-cert.cisa.gov/ncas/alerts/TA18-106A',\n", " 'https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/',\n", " 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem',\n", " 'https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project',\n", " 'https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 170,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", " 'Public-Facing '\n", " 'Application - T1190\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '3f886f2a-874f-4333-b794-aa6075009b1c',\n", " 'value': 'Exploit Public-Facing '\n", " 'Application - T1190',\n", " 'version': '25'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'leverage '\n", " 'external-facing '\n", " 'remote services to '\n", " 'initially access '\n", " 'and/or persist '\n", " 'within a network. '\n", " 'Remote services '\n", " 'such as VPNs, '\n", " 'Citrix, and other '\n", " 'access mechanisms '\n", " 'allow users to '\n", " 'connect to internal '\n", " 'enterprise network '\n", " 'resources from '\n", " 'external locations. '\n", " 'There are often '\n", " 'remote service '\n", " 'gateways that '\n", " 'manage connections '\n", " 'and credential '\n", " 'authentication for '\n", " 'these services. '\n", " 'Services such as '\n", " '[Windows Remote '\n", " 'Management](https://attack.mitre.org/techniques/T1021/006) '\n", " 'and '\n", " '[VNC](https://attack.mitre.org/techniques/T1021/005) '\n", " 'can also be used '\n", " 'externally.(Citation: '\n", " 'MacOS VNC software '\n", " 'for Remote '\n", " 'Desktop)\\n'\n", " '\\n'\n", " 'Access to [Valid '\n", " 'Accounts](https://attack.mitre.org/techniques/T1078) '\n", " 'to use the service '\n", " 'is often a '\n", " 'requirement, which '\n", " 'could be obtained '\n", " 'through credential '\n", " 'pharming or by '\n", " 'obtaining the '\n", " 'credentials from '\n", " 'users after '\n", " 'compromising the '\n", " 'enterprise '\n", " 'network.(Citation: '\n", " 'Volexity Virtual '\n", " 'Private Keylogging) '\n", " 'Access to remote '\n", " 'services may be '\n", " 'used as a redundant '\n", " 'or persistent '\n", " 'access mechanism '\n", " 'during an '\n", " 'operation.\\n'\n", " '\\n'\n", " 'Access may also be '\n", " 'gained through an '\n", " 'exposed service '\n", " 'that doesn’t '\n", " 'require '\n", " 'authentication. In '\n", " 'containerized '\n", " 'environments, this '\n", " 'may include an '\n", " 'exposed Docker API, '\n", " 'Kubernetes API '\n", " 'server, kubelet, or '\n", " 'web application '\n", " 'such as the '\n", " 'Kubernetes '\n", " 'dashboard.(Citation: '\n", " 'Trend Micro Exposed '\n", " 'Docker '\n", " 'Server)(Citation: '\n", " 'Unit 42 Hildegard '\n", " 'Malware)',\n", " 'distribution': '3',\n", " 'event_tag_id': '333',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '5048',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1133'],\n", " 'kill_chain': ['mitre-attack:persistence',\n", " 'mitre-attack:initial-access'],\n", " 'mitre_data_sources': ['Application '\n", " 'Log: '\n", " 'Application '\n", " 'Log '\n", " 'Content',\n", " 'Logon '\n", " 'Session: '\n", " 'Logon '\n", " 'Session '\n", " 'Metadata',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Connection '\n", " 'Creation',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Flow'],\n", " 'mitre_platforms': ['Windows',\n", " 'Linux',\n", " 'Containers',\n", " 'macOS'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1133',\n", " 'https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac',\n", " 'https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/',\n", " 'https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html',\n", " 'https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 171,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"External '\n", " 'Remote Services - '\n", " 'T1133\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '10d51417-ee35-4589-b1ff-b6df1c334e8d',\n", " 'value': 'External Remote Services '\n", " '- T1133',\n", " 'version': '25'}],\n", " 'description': 'ATT&CK Tactic',\n", " 'enabled': True,\n", " 'icon': 'map',\n", " 'id': '23',\n", " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", " 'resource-development',\n", " 'initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact'],\n", " 'mitre-mobile-attack': ['initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact',\n", " 'network-effects',\n", " 'remote-service-effects'],\n", " 'mitre-pre-attack': ['priority-definition-planning',\n", " 'priority-definition-direction',\n", " 'target-selection',\n", " 'technical-information-gathering',\n", " 'people-information-gathering',\n", " 'organizational-information-gathering',\n", " 'technical-weakness-identification',\n", " 'people-weakness-identification',\n", " 'organizational-weakness-identification',\n", " 'adversary-opsec',\n", " 'establish-&-maintain-infrastructure',\n", " 'persona-development',\n", " 'build-capabilities',\n", " 'test-capabilities',\n", " 'stage-capabilities']},\n", " 'local_only': False,\n", " 'name': 'Attack Pattern',\n", " 'namespace': 'mitre-attack',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", " 'version': '9'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '170',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", " 'Public-Facing Application - T1190\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '171',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"External '\n", " 'Remote Services - T1133\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#004646',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '9',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'type:OSINT',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0071c3',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '10',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'osint:lifetime=\"perpetual\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '16',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:white',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '55',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:clear',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '2',\n", " 'attribute_count': '27',\n", " 'date': '2024-04-13',\n", " 'disable_correlation': False,\n", " 'distribution': '3',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '60',\n", " 'info': 'OSINT - Zero-Day Exploitation of Unauthenticated Remote '\n", " 'Code Execution Vulnerability in GlobalProtect '\n", " '(CVE-2024-3400)',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '1713149736',\n", " 'published': True,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713023036',\n", " 'uuid': '9802116c-3ec3-4a8e-8b39-5c69b08df5ab'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['MITRE'],\n", " 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': 'Adversaries may '\n", " 'attempt to exploit '\n", " 'a weakness in an '\n", " 'Internet-facing '\n", " 'host or system to '\n", " 'initially access a '\n", " 'network. The '\n", " 'weakness in the '\n", " 'system can be a '\n", " 'software bug, a '\n", " 'temporary glitch, '\n", " 'or a '\n", " 'misconfiguration.\\n'\n", " '\\n'\n", " 'Exploited '\n", " 'applications are '\n", " 'often websites/web '\n", " 'servers, but can '\n", " 'also include '\n", " 'databases (like '\n", " 'SQL), standard '\n", " 'services (like SMB '\n", " 'or SSH), network '\n", " 'device '\n", " 'administration and '\n", " 'management '\n", " 'protocols (like '\n", " 'SNMP and Smart '\n", " 'Install), and any '\n", " 'other system with '\n", " 'Internet accessible '\n", " 'open '\n", " 'sockets.(Citation: '\n", " 'NVD '\n", " 'CVE-2016-6662)(Citation: '\n", " 'CIS Multiple SMB '\n", " 'Vulnerabilities)(Citation: '\n", " 'US-CERT TA18-106A '\n", " 'Network '\n", " 'Infrastructure '\n", " 'Devices '\n", " '2018)(Citation: '\n", " 'Cisco Blog Legacy '\n", " 'Device '\n", " 'Attacks)(Citation: '\n", " 'NVD CVE-2014-7169) '\n", " 'Depending on the '\n", " 'flaw being '\n", " 'exploited this may '\n", " 'also involve '\n", " '[Exploitation for '\n", " 'Defense '\n", " 'Evasion](https://attack.mitre.org/techniques/T1211). \\n'\n", " '\\n'\n", " 'If an application '\n", " 'is hosted on '\n", " 'cloud-based '\n", " 'infrastructure '\n", " 'and/or is '\n", " 'containerized, then '\n", " 'exploiting it may '\n", " 'lead to compromise '\n", " 'of the underlying '\n", " 'instance or '\n", " 'container. This can '\n", " 'allow an adversary '\n", " 'a path to access '\n", " 'the cloud or '\n", " 'container APIs, '\n", " 'exploit container '\n", " 'host access via '\n", " '[Escape to '\n", " 'Host](https://attack.mitre.org/techniques/T1611), '\n", " 'or take advantage '\n", " 'of weak identity '\n", " 'and access '\n", " 'management '\n", " 'policies.\\n'\n", " '\\n'\n", " 'Adversaries may '\n", " 'also exploit edge '\n", " 'network '\n", " 'infrastructure and '\n", " 'related appliances, '\n", " 'specifically '\n", " 'targeting devices '\n", " 'that do not support '\n", " 'robust host-based '\n", " 'defenses.(Citation: '\n", " 'Mandiant Fortinet '\n", " 'Zero Day)(Citation: '\n", " 'Wired Russia '\n", " 'Cyberwar)\\n'\n", " '\\n'\n", " 'For websites and '\n", " 'databases, the '\n", " 'OWASP top 10 and '\n", " 'CWE top 25 '\n", " 'highlight the most '\n", " 'common web-based '\n", " 'vulnerabilities.(Citation: '\n", " 'OWASP Top '\n", " '10)(Citation: CWE '\n", " 'top 25)',\n", " 'distribution': '3',\n", " 'event_tag_id': '342',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '23',\n", " 'id': '4825',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'external_id': ['T1190'],\n", " 'kill_chain': ['mitre-attack:initial-access'],\n", " 'mitre_data_sources': ['Application '\n", " 'Log: '\n", " 'Application '\n", " 'Log '\n", " 'Content',\n", " 'Network '\n", " 'Traffic: '\n", " 'Network '\n", " 'Traffic '\n", " 'Content'],\n", " 'mitre_platforms': ['Windows',\n", " 'IaaS',\n", " 'Network',\n", " 'Linux',\n", " 'macOS',\n", " 'Containers'],\n", " 'refs': ['https://attack.mitre.org/techniques/T1190',\n", " 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n", " 'https://cwe.mitre.org/top25/index.html',\n", " 'https://nvd.nist.gov/vuln/detail/CVE-2014-7169',\n", " 'https://nvd.nist.gov/vuln/detail/CVE-2016-6662',\n", " 'https://us-cert.cisa.gov/ncas/alerts/TA18-106A',\n", " 'https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/',\n", " 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem',\n", " 'https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project',\n", " 'https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'https://github.com/mitre/cti',\n", " 'tag_id': 170,\n", " 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", " 'Public-Facing '\n", " 'Application - T1190\"',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': '3f886f2a-874f-4333-b794-aa6075009b1c',\n", " 'value': 'Exploit Public-Facing '\n", " 'Application - T1190',\n", " 'version': '25'}],\n", " 'description': 'ATT&CK Tactic',\n", " 'enabled': True,\n", " 'icon': 'map',\n", " 'id': '23',\n", " 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n", " 'resource-development',\n", " 'initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact'],\n", " 'mitre-mobile-attack': ['initial-access',\n", " 'execution',\n", " 'persistence',\n", " 'privilege-escalation',\n", " 'defense-evasion',\n", " 'credential-access',\n", " 'discovery',\n", " 'lateral-movement',\n", " 'collection',\n", " 'command-and-control',\n", " 'exfiltration',\n", " 'impact',\n", " 'network-effects',\n", " 'remote-service-effects'],\n", " 'mitre-pre-attack': ['priority-definition-planning',\n", " 'priority-definition-direction',\n", " 'target-selection',\n", " 'technical-information-gathering',\n", " 'people-information-gathering',\n", " 'organizational-information-gathering',\n", " 'technical-weakness-identification',\n", " 'people-weakness-identification',\n", " 'organizational-weakness-identification',\n", " 'adversary-opsec',\n", " 'establish-&-maintain-infrastructure',\n", " 'persona-development',\n", " 'build-capabilities',\n", " 'test-capabilities',\n", " 'stage-capabilities']},\n", " 'local_only': False,\n", " 'name': 'Attack Pattern',\n", " 'namespace': 'mitre-attack',\n", " 'type': 'mitre-attack-pattern',\n", " 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n", " 'version': '9'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'Tag': [{'colour': '#004646',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '9',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'type:OSINT',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0071c3',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '10',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'osint:lifetime=\"perpetual\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '16',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:white',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ffffff',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '55',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:clear',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '170',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n", " 'Public-Facing Application - T1190\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '172',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:producer=\"Sophos\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '2',\n", " 'attribute_count': '12',\n", " 'date': '2024-02-23',\n", " 'disable_correlation': False,\n", " 'distribution': '3',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '61',\n", " 'info': 'OSINT - ConnectWise ScreenConnect attacks deliver malware',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '1713149927',\n", " 'published': True,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '2',\n", " 'timestamp': '1708699989',\n", " 'uuid': 'f8912a82-2870-4de2-9663-5fdbee0ed401'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '346',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '59',\n", " 'id': '13134',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'calling-code': ['+352'],\n", " 'capital': ['Luxembourg'],\n", " 'currency': ['€',\n", " 'EUR',\n", " 'EURO'],\n", " 'iso-code': ['LU', 'LUX'],\n", " 'member-of': ['NATO'],\n", " 'official-languages': ['French',\n", " 'Luxembourgish',\n", " 'German'],\n", " 'synonyms': ['Grand Duchy '\n", " 'of '\n", " 'Luxembourg',\n", " 'Grand-Duché '\n", " 'de '\n", " 'Luxembourg',\n", " 'Lëtzebuerg',\n", " 'Groussherzogtum '\n", " 'Lëtzebuerg',\n", " 'Luxemburg',\n", " 'Großherzogtum '\n", " 'Luxemburg'],\n", " 'territory-type': ['Country'],\n", " 'top-level-domain': ['lu']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 173,\n", " 'tag_name': 'misp-galaxy:target-information=\"Luxembourg\"',\n", " 'type': 'target-information',\n", " 'uuid': 'f9a1d7f4-980a-11e9-a8b6-23162ddc4255',\n", " 'value': 'Luxembourg',\n", " 'version': '7'},\n", " {'GalaxyClusterRelation': [],\n", " 'Org': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'Orgc': {'contacts': '',\n", " 'created_by': '0',\n", " 'date_created': '',\n", " 'date_modified': '',\n", " 'description': 'Automatically '\n", " 'generated '\n", " 'MISP '\n", " 'organisation',\n", " 'id': '0',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'MISP',\n", " 'nationality': 'Not '\n", " 'specified',\n", " 'restricted_to_domain': [],\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': '0'},\n", " 'authors': ['Unknown'],\n", " 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n", " 'default': True,\n", " 'deleted': False,\n", " 'description': '',\n", " 'distribution': '3',\n", " 'event_tag_id': '347',\n", " 'extends_uuid': '',\n", " 'extends_version': '0',\n", " 'galaxy_id': '59',\n", " 'id': '13207',\n", " 'local': False,\n", " 'locked': False,\n", " 'meta': {'calling-code': ['+33'],\n", " 'capital': ['Paris'],\n", " 'currency': ['€',\n", " 'EUR',\n", " 'EURO'],\n", " 'iso-code': ['FR', 'FRA'],\n", " 'member-of': ['NATO'],\n", " 'official-languages': ['French'],\n", " 'synonyms': ['French '\n", " 'Republic',\n", " 'République '\n", " 'française'],\n", " 'territory-type': ['Country'],\n", " 'top-level-domain': ['.fr']},\n", " 'org_id': '0',\n", " 'orgc_id': '0',\n", " 'published': False,\n", " 'relationship_type': False,\n", " 'sharing_group_id': None,\n", " 'source': 'Various',\n", " 'tag_id': 167,\n", " 'tag_name': 'misp-galaxy:target-information=\"France\"',\n", " 'type': 'target-information',\n", " 'uuid': '0cc6ad08-fac6-42bc-a7c7-09a53ea6b968',\n", " 'value': 'France',\n", " 'version': '7'}],\n", " 'description': 'Description of targets of threat '\n", " 'actors.',\n", " 'enabled': True,\n", " 'icon': 'bullseye',\n", " 'id': '59',\n", " 'local_only': False,\n", " 'name': 'Target Information',\n", " 'namespace': 'misp',\n", " 'type': 'target-information',\n", " 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n", " 'version': '1'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'date': '2024-04-15',\n", " 'distribution': '0',\n", " 'id': '64',\n", " 'info': 'Event created via the API as '\n", " 'an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'published': False,\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713155243',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}],\n", " 'Tag': [{'colour': '#FF2B2B',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '53',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:red',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#ff0000',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '84',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'PAP:RED',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '173',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:target-information=\"Luxembourg\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'},\n", " {'colour': '#0088cc',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '167',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': True,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'misp-galaxy:target-information=\"France\"',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '4',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '62',\n", " 'info': 'Test event with some sample indicator to match on Jupyter '\n", " 'notebook',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153254',\n", " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'analysis': '0',\n", " 'attribute_count': '0',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '63',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153707',\n", " 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'}},\n", " {'Event': {'CryptographicKey': [],\n", " 'Galaxy': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'date': '2024-04-15',\n", " 'distribution': '0',\n", " 'id': '62',\n", " 'info': 'Test event with some sample '\n", " 'indicator to match on Jupyter '\n", " 'notebook',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'published': False,\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153254',\n", " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n", " 'Tag': [{'colour': '#33FF00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '12',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:green',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '5',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713155243',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n" ] } ], "source": [ "# Searching using the RestSearch\n", "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"org\": \"CIRCL\",\n", "# \"id\": 33,\n", " \"metadata\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 55, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 2\n", " - Attribute count: 0\n", " - Attribute count: 4\n", "----------\n", "[{'Event': {'Attribute': [],\n", " 'CryptographicKey': [],\n", " 'EventReport': [],\n", " 'Galaxy': [],\n", " 'Object': [],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [],\n", " 'ShadowAttribute': [],\n", " 'analysis': '0',\n", " 'attribute_count': '0',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '63',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153707',\n", " 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'}},\n", " {'Event': {'Attribute': [{'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': 'Comment added via the API',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3362',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154698',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n", " 'value': '127.0.0.1'},\n", " {'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Payload delivery',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3364',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155138',\n", " 'to_ids': False,\n", " 'type': 'attachment',\n", " 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n", " 'value': 'cti-2024.png'},\n", " {'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3365',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155215',\n", " 'to_ids': False,\n", " 'type': 'ip-dst',\n", " 'uuid': '1ce6d7c3-a3cf-4bf7-b0fe-a054b7a06342',\n", " 'value': '8.8.8.8'},\n", " {'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Network activity',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3366',\n", " 'last_seen': None,\n", " 'object_id': '0',\n", " 'object_relation': None,\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713155243',\n", " 'to_ids': True,\n", " 'type': 'ip-dst',\n", " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", " 'value': '127.0.0.2'}],\n", " 'CryptographicKey': [],\n", " 'EventReport': [{'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '55',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713153904',\n", " 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n", " {'content': 'Body',\n", " 'deleted': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'id': '56',\n", " 'name': 'Report from API',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1713154575',\n", " 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n", " 'Galaxy': [],\n", " 'Object': [{'Attribute': [{'Galaxy': [],\n", " 'ShadowAttribute': [],\n", " 'category': 'Other',\n", " 'comment': '',\n", " 'deleted': False,\n", " 'disable_correlation': False,\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '3363',\n", " 'last_seen': None,\n", " 'object_id': '537',\n", " 'object_relation': 'post',\n", " 'sharing_group_id': '0',\n", " 'timestamp': '1558702173',\n", " 'to_ids': False,\n", " 'type': 'text',\n", " 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n", " 'value': 'post'}],\n", " 'ObjectReference': [],\n", " 'comment': '',\n", " 'deleted': False,\n", " 'description': 'Microblog post like a Twitter tweet or '\n", " 'a post on a Facebook wall.',\n", " 'distribution': '5',\n", " 'event_id': '64',\n", " 'first_seen': None,\n", " 'id': '537',\n", " 'last_seen': None,\n", " 'meta-category': 'misc',\n", " 'name': 'microblog',\n", " 'sharing_group_id': '0',\n", " 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n", " 'template_version': '5',\n", " 'timestamp': '1558702173',\n", " 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n", " 'Org': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'local': True,\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'Orgc': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'analysis': '0',\n", " 'date': '2024-04-15',\n", " 'distribution': '0',\n", " 'id': '62',\n", " 'info': 'Test event with some sample '\n", " 'indicator to match on Jupyter '\n", " 'notebook',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'published': False,\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713153254',\n", " 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n", " 'ShadowAttribute': [],\n", " 'Tag': [{'colour': '#33FF00',\n", " 'exportable': True,\n", " 'hide_tag': False,\n", " 'id': '12',\n", " 'is_custom_galaxy': False,\n", " 'is_galaxy': False,\n", " 'local': False,\n", " 'local_only': False,\n", " 'name': 'tlp:green',\n", " 'numerical_value': None,\n", " 'relationship_type': None,\n", " 'user_id': '0'}],\n", " 'analysis': '0',\n", " 'attribute_count': '5',\n", " 'date': '2024-04-15',\n", " 'disable_correlation': False,\n", " 'distribution': '0',\n", " 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n", " 'extends_uuid': '',\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'locked': False,\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'proposal_email_lock': False,\n", " 'protected': None,\n", " 'publish_timestamp': '0',\n", " 'published': False,\n", " 'sharing_group_id': '0',\n", " 'threat_level_id': '1',\n", " 'timestamp': '1713155243',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n" ] } ], "source": [ "# Searching using the RestSearch\n", "endpoint = '/events/restSearch'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"eventinfo\": \"%via the API%\",\n", "# \"published\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Sightings" ] }, { "cell_type": "code", "execution_count": 60, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Sighting': {'attribute_id': '3366',\n", " 'date_sighting': '1713155573',\n", " 'event_id': '64',\n", " 'id': '102',\n", " 'org_id': '15',\n", " 'source': '',\n", " 'type': '0',\n", " 'uuid': '53eb767b-b54a-4d7d-b3d8-6809703a3975'}}\n" ] } ], "source": [ "# Creating sightings\n", "endpoint = '/sightings/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"id\": \"3366\"\n", "# \"value\": \"127.2.2.2\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 63, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Count: 1\n", "----------\n", "[{'Sighting': {'Attribute': {'category': 'Network activity',\n", " 'id': '3366',\n", " 'to_ids': True,\n", " 'type': 'ip-dst',\n", " 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n", " 'value': '127.0.0.2'},\n", " 'Event': {'Orgc': {'name': 'CIRCL'},\n", " 'id': '64',\n", " 'info': 'Event created via the API as an example',\n", " 'org_id': '15',\n", " 'orgc_id': '15',\n", " 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n", " 'Organisation': {'id': '15',\n", " 'name': 'CIRCL',\n", " 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n", " 'attribute_id': '3366',\n", " 'date_sighting': '1713155573',\n", " 'event_id': '64',\n", " 'id': '102',\n", " 'org_id': '15',\n", " 'source': '',\n", " 'type': '0',\n", " 'uuid': '53eb767b-b54a-4d7d-b3d8-6809703a3975',\n", " 'value': '127.0.0.2'}}]\n" ] } ], "source": [ "# Searching for sighted elements\n", "endpoint = '/sightings/restSearch/event'\n", "relative_path = ''\n", "\n", "body = {\n", " \"returnFormat\": \"json\",\n", " \"id\": 64,\n", " \"includeAttribute\": 1,\n", " \"includeEvent\": 1\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Warning lists" ] }, { "cell_type": "code", "execution_count": 64, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'8.8.8.8': [{'id': '54',\n", " 'matched': '8.8.8.8/32',\n", " 'name': 'List of known IPv4 public DNS resolvers'}]}\n" ] } ], "source": [ "# Checking values against the warining list\n", "endpoint = '/warninglists/checkValue'\n", "relative_path = ''\n", "\n", "body = [\"8.8.8.8\", \"yolo\", \"test\"]\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Instance management" ] }, { "cell_type": "code", "execution_count": 65, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'Organisation': {'contacts': None,\n", " 'created_by': '626',\n", " 'date_created': '2024-04-15 04:34:16',\n", " 'date_modified': '2024-04-15 04:34:16',\n", " 'description': None,\n", " 'id': '17',\n", " 'landingpage': None,\n", " 'local': True,\n", " 'name': 'TEMP_ORG2',\n", " 'nationality': '',\n", " 'restricted_to_domain': None,\n", " 'sector': '',\n", " 'type': '',\n", " 'uuid': 'c9a0a3d6-2698-4535-9bf3-782667e8779b'}}\n" ] } ], "source": [ "# Creating Organisation\n", "endpoint = '/admin/organisations/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"name\": \"TEMP_ORG2\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Creating Users\n", "endpoint = '/admin/users/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"email\": \"from_api2@admin.test\",\n", " \"org_id\": 1009,\n", " \"role_id\": 3,\n", " \"termsaccepted\": 1,\n", " \"change_pw\": 0, # User prompted to change the psswd once logged in\n", " \"password\": \"~~UlTrA_SeCuRe_PaSsWoRd~~\"\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Creating Sharing Groups\n", "endpoint = '/sharing_groups/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"name\": \"TEMP_SG2\",\n", " \"releasability\": \"To nobody\",\n", " \"SharingGroupOrg\": [\n", " {\n", " \"name\": \"ORGNAME\",\n", " \"extend\": 1\n", " },\n", " {\n", " \"name\": \"CIRCL\",\n", " \"extend\": 1\n", " }\n", " ]\n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "scrolled": true }, "outputs": [], "source": [ "# Server\n", "endpoint = '/servers/add'\n", "relative_path = ''\n", "\n", "body = {\n", " \"url\": \"http://127.0.0.1:80/\",\n", " \"name\": \"Myself\",\n", " \"remote_org_id\": \"2\",\n", " \"authkey\": \"UHwmZCH4QdSKqPVunxTzfSes8n7ibBhUlsd0dmx9\"\n", " \n", "}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# Server settings\n", "endpoint = '/servers/serverSettings'\n", "relative_path = ''\n", "\n", "body = {}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "code", "execution_count": 99, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{'stats': {'attribute_count': 51848,\n", " 'attribute_count_month': 11,\n", " 'attributes_per_event': 701,\n", " 'average_user_per_org': 2.6,\n", " 'contributing_org_count': 6,\n", " 'correlation_count': 63,\n", " 'event_count': 74,\n", " 'event_count_month': 7,\n", " 'local_org_count': 7,\n", " 'org_count': 16,\n", " 'post_count': 14,\n", " 'post_count_month': 0,\n", " 'proposal_count': 1,\n", " 'thread_count': 2,\n", " 'thread_count_month': 0,\n", " 'user_count': 18,\n", " 'user_count_pgp': 0}}\n" ] } ], "source": [ "# Statistics\n", "endpoint = '/users/statistics'\n", "relative_path = ''\n", "\n", "body = {}\n", "\n", "res = misp.direct_call(endpoint + relative_path, body)\n", "print_result(res)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Not Available:\n", "- misp-module" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3 (ipykernel)", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.10.12" } }, "nbformat": 4, "nbformat_minor": 4 }