MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-training/complementary/jupyter-notebooks/Training - Using the API in...

15518 lines
1.3 MiB
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Notebook trainer cheatsheet: API and CLI"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"- Automation page\n",
"- Recovering the API KEY (Automation page, User page, RestClient)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Important notice\n",
"\n",
"This notebook various usage of the MISP restAPI.\n",
"\n",
"It should be noted that PyMISP is not required to use the MISP restAPI. We are using PyMISP only to parse the response and inspect the data. So any HTTP client such as curl could do the job a described below.\n",
"\n",
"This command:\n",
"```\n",
"misp_url = URL + '/events/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"info\": \"Event\"\n",
"}\n",
"\n",
"misp = ExpandedPyMISP(misp_url, AUTHKEY, False)\n",
"res = misp.direct_call(relative_path, body)\n",
"print_result(res)\n",
"```\n",
"\n",
"Will yield the same result as this command:\n",
"```\n",
"!curl \\\n",
" -d '{\"info\": \"Event\"}' \\\n",
" -H \"Authorization: ptU1OggdiLLWlwHPO9B3lzpwEND3hL7gH0uEsyYL\" \\\n",
" -H \"Accept: application/json\" \\\n",
" -H \"Content-type: application/json\" \\\n",
" -X POST 127.0.0.1:8080/events/restSearch\n",
" ```"
]
},
{
"cell_type": "code",
"execution_count": 2,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"/home/adulau/.pyenv/versions/3.10.12/lib/python3.10/site-packages/pymisp/__init__.py:67: FutureWarning: This class is deprecated, use PyMISP instead\n",
" warnings.warn('This class is deprecated, use PyMISP instead', FutureWarning)\n"
]
}
],
"source": [
"from pymisp import ExpandedPyMISP\n",
"from pprint import pprint\n",
"AUTHKEY = \"YOURAPIKEY\"\n",
"URL = \"https://training.misp-community.org/\"\n",
"import urllib3\n",
"urllib3.disable_warnings()\n",
"misp = ExpandedPyMISP(URL, AUTHKEY, False)\n",
"\n",
"def print_result(result):\n",
" flag_printed = False\n",
" if isinstance(result, list):\n",
" print(\"Count: %s\" % len(result))\n",
" flag_printed = True\n",
" for i in res:\n",
" if 'Event' in i and 'Attribute' in i['Event']:\n",
" print(\" - Attribute count: %s\" % len(i['Event']['Attribute']))\n",
" elif isinstance(result, dict):\n",
" if 'Attribute' in result:\n",
" print(\"Count: %s\" % len(result['Attribute']))\n",
" flag_printed = True\n",
" elif 'Event' in result and 'Attribute' in result['Event']:\n",
" print(\"Attribute count: %s\" % len(result['Event']['Attribute']))\n",
" flag_printed = True\n",
" if flag_printed:\n",
" print('----------')\n",
" pprint(result)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Events"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Creation and Edition"
]
},
{
"cell_type": "code",
"execution_count": 5,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Attribute count: 0\n",
"----------\n",
"{'Event': {'Attribute': [],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [],\n",
" 'Galaxy': [],\n",
" 'Object': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'ShadowAttribute': [],\n",
" 'analysis': '0',\n",
" 'attribute_count': '0',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153774',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n"
]
}
],
"source": [
"# Creation\n",
"endpoint = '/events/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"info\": \"Event created via the API as an example\",\n",
" \"threat_level_id\": 1,\n",
" \"distribution\": 0\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 7,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Attribute count: 0\n",
"----------\n",
"{'Event': {'Attribute': [],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [],\n",
" 'Galaxy': [],\n",
" 'Object': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'ShadowAttribute': [],\n",
" 'analysis': '0',\n",
" 'attribute_count': '0',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '3',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153806',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n"
]
}
],
"source": [
"# Edition 1\n",
"endpoint = '/events/edit/'\n",
"relative_path = '64'\n",
"\n",
"body = {\n",
" \"distribution\": 3,\n",
"# \"sharing_group_id\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"Something went wrong (404): {'name': 'Invalid event', 'message': 'Invalid event', 'url': '/events/edit/126'}\n"
]
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'errors': (404,\n",
" {'message': 'Invalid event',\n",
" 'name': 'Invalid event',\n",
" 'url': '/events/edit/126'})}\n"
]
}
],
"source": [
"# Edition 2 - Adding Attribute\n",
"endpoint = '/events/edit/'\n",
"relative_path = '126'\n",
"\n",
"body = {\n",
" \"distribution\": 0,\n",
" \"Attribute\": [\n",
" {\n",
" \"value\": \"9.9.9.9\",\n",
" \"type\": \"ip-src\"\n",
" }\n",
" ]\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 47,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'message': 'Global tag tlp:red123(400) successfully attached to Event(126).',\n",
" 'name': 'Global tag tlp:red123(400) successfully attached to Event(126).',\n",
" 'saved': True,\n",
" 'success': True,\n",
" 'url': '/tags/attachTagToObject'}\n"
]
}
],
"source": [
"# Edition 2 - tagging 1\n",
"endpoint = '/tags/attachTagToObject'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"uuid\": \"b3cc1ea2-892f-48e1-a6dc-20279818a724\", # can be anything: event or attribute\n",
" \"tag\": \"tlp:red\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Attributes"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Creation and edition"
]
},
{
"cell_type": "code",
"execution_count": 8,
"metadata": {},
"outputs": [],
"source": [
"event_id = 64"
]
},
{
"cell_type": "code",
"execution_count": 9,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 19\n",
"----------\n",
"{'Attribute': {'category': 'Network activity',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713153845',\n",
" 'to_ids': True,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '8.8.8.9',\n",
" 'value1': '8.8.8.9',\n",
" 'value2': ''},\n",
" 'AttributeTag': []}\n"
]
}
],
"source": [
"# Adding\n",
"endpoint = '/attributes/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"value\": \"8.8.8.9\",\n",
" \"type\": \"ip-dst\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 21,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"Something went wrong (403): {'saved': False, 'name': 'Could not add Attribute', 'message': 'Could not add Attribute', 'url': '/attributes/add', 'errors': {'value': ['Checksum has an invalid length or format (expected: 32 hexadecimal characters). Please double check the value or select type \"other\".']}}\n"
]
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'errors': (403,\n",
" {'errors': {'value': ['Checksum has an invalid length or format '\n",
" '(expected: 32 hexadecimal characters). '\n",
" 'Please double check the value or select '\n",
" 'type \"other\".']},\n",
" 'message': 'Could not add Attribute',\n",
" 'name': 'Could not add Attribute',\n",
" 'saved': False,\n",
" 'url': '/attributes/add'})}\n"
]
}
],
"source": [
"# Adding invalid attribute type\n",
"endpoint = '/attributes/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"value\": \"8.8.8.9\",\n",
" \"type\": \"md5\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 22,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 17\n",
"----------\n",
"{'Attribute': {'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'}}\n"
]
}
],
"source": [
"# Editing\n",
"endpoint = '/attributes/edit/' # /attributes/edit/[attribute_id]\n",
"relative_path = '3362'\n",
"\n",
"body = {\n",
" \"value\": \"127.0.0.1\",\n",
" \"to_ids\": 0,\n",
" \"comment\": \"Comment added via the API\",\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 54,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 17\n",
"----------\n",
"{'Attribute': {'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '126',\n",
" 'first_seen': None,\n",
" 'id': '56143',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1705582332',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '8153fcad-cd37-45d9-a1d1-a509942116f8',\n",
" 'value': '127.1.1.1'}}\n"
]
}
],
"source": [
"# Editing with data taken from JSON views. \n",
"# <!> (timestamp) contrast the difference with *PyMISP*\n",
"endpoint = '/attributes/edit/'\n",
"relative_path = '56143'\n",
"\n",
"body = {\n",
" \"id\": \"56143\",\n",
" \"type\": \"ip-dst\",\n",
" \"category\": \"Network activity\",\n",
" \"to_ids\": False,\n",
" \"uuid\": \"8153fcad-cd37-45d9-a1d1-a509942116f8\",\n",
" \"event_id\": \"126\",\n",
" \"distribution\": \"5\",\n",
" \"comment\": \"Comment added via the API\",\n",
" \"sharing_group_id\": \"0\",\n",
" \"deleted\": False,\n",
" \"disable_correlation\": False,\n",
" \"object_id\": \"0\",\n",
" \"object_relation\": None,\n",
" \"first_seen\": None,\n",
" \"last_seen\": None,\n",
" \"value\": \"127.1.1.1\",\n",
" \"Galaxy\": [],\n",
" \"ShadowAttribute\": []\n",
" }\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Objects"
]
},
{
"cell_type": "code",
"execution_count": 23,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Object': {'Attribute': [{'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post',\n",
" 'value1': 'post',\n",
" 'value2': ''}],\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'description': 'Microblog post like a Twitter tweet or a post on a '\n",
" 'Facebook wall.',\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '537',\n",
" 'last_seen': None,\n",
" 'meta-category': 'misc',\n",
" 'name': 'microblog',\n",
" 'sharing_group_id': '0',\n",
" 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n",
" 'template_version': '5',\n",
" 'timestamp': '1558702173',\n",
" 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}}\n"
]
}
],
"source": [
"endpoint = '/objects/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"name\": \"microblog\",\n",
" \"meta-category\": \"misc\",\n",
" \"description\": \"Microblog post like a Twitter tweet or a post on a Facebook wall.\",\n",
" \"template_uuid\": \"8ec8c911-ddbe-4f5b-895b-fbff70c42a60\",\n",
" \"template_version\": \"5\",\n",
" \"event_id\": event_id,\n",
" \"timestamp\": \"1558702173\",\n",
" \"distribution\": \"5\",\n",
" \"sharing_group_id\": \"0\",\n",
" \"comment\": \"\",\n",
" \"deleted\": False,\n",
" \"ObjectReference\": [],\n",
" \"Attribute\": [\n",
" {\n",
" \"type\": \"text\",\n",
" \"category\": \"Other\",\n",
" \"to_ids\": False,\n",
" \"event_id\": event_id,\n",
" \"distribution\": \"5\",\n",
" \"timestamp\": \"1558702173\",\n",
" \"comment\": \"\",\n",
" \"sharing_group_id\": \"0\",\n",
" \"deleted\": False,\n",
" \"disable_correlation\": False,\n",
" \"object_relation\": \"post\",\n",
" \"value\": \"post\",\n",
" \"Galaxy\": [],\n",
" \"ShadowAttribute\": []\n",
" }\n",
" ]\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 24,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Attribute count: 1\n",
"----------\n",
"{'Event': {'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'}],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [{'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '55',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713153904',\n",
" 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n",
" {'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '56',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154575',\n",
" 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n",
" 'Galaxy': [],\n",
" 'Object': [{'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}],\n",
" 'ObjectReference': [],\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'description': 'Microblog post like a Twitter tweet or '\n",
" 'a post on a Facebook wall.',\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '537',\n",
" 'last_seen': None,\n",
" 'meta-category': 'misc',\n",
" 'name': 'microblog',\n",
" 'sharing_group_id': '0',\n",
" 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n",
" 'template_version': '5',\n",
" 'timestamp': '1558702173',\n",
" 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'ShadowAttribute': [],\n",
" 'Tag': [{'colour': '#33FF00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '12',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:green',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '2',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713154741',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}\n"
]
}
],
"source": [
"# Edition 2 - tagging 2\n",
"endpoint = '/events/edit/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"distribution\": 0,\n",
" \"Tag\": [\n",
" {\"name\":\"tlp:green\"}\n",
" ]\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Event reports"
]
},
{
"cell_type": "code",
"execution_count": 20,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Event': {'Org': {'id': '15', 'name': 'CIRCL'},\n",
" 'Orgc': {'id': '15', 'name': 'CIRCL'},\n",
" 'date': '2024-04-15',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'user_id': '626'},\n",
" 'EventReport': {'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '56',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154575',\n",
" 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'},\n",
" 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n"
]
}
],
"source": [
"endpoint = '/eventReports/add/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"name\": \"Report from API\",\n",
" \"distribution\": 5,\n",
" \"sharing_group_id\": 0,\n",
" \"content\": \"Body\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"event_report_id = res['EventReport']['id']\n",
"\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 66,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Event': {'Org': {'id': '15', 'name': 'CIRCL'},\n",
" 'Orgc': {'id': '15', 'name': 'CIRCL'},\n",
" 'date': '2024-04-15',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'user_id': '626'},\n",
" 'EventReport': {'content': 'html # TR-84 - PAN-OS (Palo Alto Networks) OS '\n",
" 'Command Injection Vulnerability in GlobalProtect '\n",
" 'Gateway - CVE-2024-3400\\n'\n",
" '\\n'\n",
" ' ### TR-84 - PAN-OS (Palo Alto Networks) OS '\n",
" 'Command Injection Vulnerability in GlobalProtect '\n",
" 'Gateway - CVE-2024-3400\\n'\n",
" '\\n'\n",
" ' â\\x86\\x91 Back to Publications and '\n",
" 'Presentations\\n'\n",
" '\\n'\n",
" ' \\n'\n",
" ' 2. Fixes\\n'\n",
" ' 4. Detection\\n'\n",
" ' 6. Known affected software\\n'\n",
" ' 8. References\\n'\n",
" ' 10. Classification of this document\\n'\n",
" ' 12. Revision\\n'\n",
" ' \\n'\n",
" ' You can report incidents via our official '\n",
" 'contact including e-mail, phone or use the '\n",
" 'Anonymous reporting form.\\n'\n",
" '\\n'\n",
" ' Search\\n'\n",
" '\\n'\n",
" ' \\n'\n",
" ' A command injection vulnerability in the '\n",
" 'GlobalProtect feature of Palo Alto Networks '\n",
" 'PAN-OS software for specific PAN-OS versions and '\n",
" 'distinct feature configurations may enable an '\n",
" 'unauthenticated attacker to execute arbitrary '\n",
" 'code with root privileges on the firewall. Fixes '\n",
" 'for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are '\n",
" 'in development and are expected to be released by '\n",
" 'April 14, 2024. Cloud NGFW, Panorama appliances, '\n",
" 'and Prisma Access are not impacted by this '\n",
" 'vulnerability. All other versions of PAN-OS are '\n",
" 'also not impacted.\\n'\n",
" '\\n'\n",
" ' The vulnerability is currently exploited in the '\n",
" 'wild as mentioned by Volexity and itâ\\x80\\x99s '\n",
" 'referenced as CVE-2024-3400.\\n'\n",
" '\\n'\n",
" ' ## Fixes\\n'\n",
" '\\n'\n",
" ' Palo Alto Networks mention a patch will be '\n",
" 'released by April 14, 2024. This issue will be '\n",
" 'fixed in hotfix releases of PAN-OS 10.2.9-h1 '\n",
" '(ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), '\n",
" 'and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all '\n",
" 'later PAN-OS versions.\\n'\n",
" '\\n'\n",
" ' There are workarounds proposed by the vendor to '\n",
" 'fix the vulnerability before the hotfix will be '\n",
" 'released.\\n'\n",
" '\\n'\n",
" ' ## Detection\\n'\n",
" '\\n'\n",
" ' \\n'\n",
" ' * Indicators shared by Volexity are available in '\n",
" 'a MISP event with UUID '\n",
" '9802116c-3ec3-4a8e-8b39-5c69b08df5ab, shared in '\n",
" 'the OSINT feed and the MISP private sector '\n",
" 'community.\\n'\n",
" ' \\n'\n",
" ' ## Known affected software\\n'\n",
" '\\n'\n",
" ' \\n'\n",
" ' * PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 used '\n",
" 'as GlobalProtect gateway with device telemetry '\n",
" 'enabled. (other versions are not impacted).\\n'\n",
" ' \\n'\n",
" ' ## References\\n'\n",
" '\\n'\n",
" ' \\n'\n",
" ' * Palo Alto Networks - CVE-2024-3400 PAN-OS: OS '\n",
" 'Command Injection Vulnerability in GlobalProtect '\n",
" 'Gateway.\\n'\n",
" ' * Volexity - 0day exploited in the wild..\\n'\n",
" ' * Volexity - []Zero-Day Exploitation of '\n",
" 'Unauthenticated Remote Code Execution '\n",
" 'Vulnerability in GlobalProtect '\n",
" '(CVE-2024-3400)(https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/)\\n'\n",
" ' \\n'\n",
" ' ## Classification of this document\\n'\n",
" '\\n'\n",
" ' TLP:CLEAR information may be distributed without '\n",
" 'restriction, subject to copyright controls.\\n'\n",
" '\\n'\n",
" ' ## Revision\\n'\n",
" '\\n'\n",
" ' \\n'\n",
" ' * Version 1.0 - TLP:CLEAR - First version - 12th '\n",
" 'April 2024\\n'\n",
" ' * Version 1.1 - TLP:CLEAR - Second version - '\n",
" '13rd April 2024 - IoCs added\\n'\n",
" ' \\n'\n",
" ' ',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '57',\n",
" 'name': 'Report from - https://www.circl.lu/pub/tr-84/ '\n",
" '(1713160991)',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713160991',\n",
" 'uuid': '53c2eaf6-43f6-4789-8c47-99445877c7e5'},\n",
" 'SharingGroup': {'id': None, 'name': None, 'uuid': None}}\n"
]
}
],
"source": [
"# Download HTML, convert it into markdown then save it as Event Report.\n",
"endpoint = '/eventReports/importReportFromUrl/'\n",
"relative_path = str(event_id)\n",
"\n",
"body = {\n",
" \"url\": \"https://www.circl.lu/pub/tr-84/\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 68,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"Something went wrong (404): {'name': 'Invalid report', 'message': 'Invalid report', 'url': '/eventReports/extractAllFromReport/64'}\n"
]
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'errors': (404,\n",
" {'message': 'Invalid report',\n",
" 'name': 'Invalid report',\n",
" 'url': '/eventReports/extractAllFromReport/64'})}\n"
]
}
],
"source": [
" # Extract all entities, tag Event with tag found\n",
"endpoint = '/eventReports/extractAllFromReport/'\n",
"relative_path = str(64)\n",
"\n",
"body = {\n",
" \"tag_event\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Analyst Data"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Analyst Note"
]
},
{
"cell_type": "code",
"execution_count": 67,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Note': {'Org': {'contacts': None,\n",
" 'created_by': '0',\n",
" 'date_created': '2023-09-29 06:47:38',\n",
" 'date_modified': '2023-09-29 06:47:38',\n",
" 'description': 'CIRCL is the CERT (Computer Emergency '\n",
" 'Response Team/Computer Security Incident '\n",
" 'Response Team) for the private sector, '\n",
" 'communes and non-governmental entities in '\n",
" 'Luxembourg.',\n",
" 'id': '15',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'nationality': '',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'contacts': None,\n",
" 'created_by': '0',\n",
" 'date_created': '2023-09-29 06:47:38',\n",
" 'date_modified': '2023-09-29 06:47:38',\n",
" 'description': 'CIRCL is the CERT (Computer Emergency '\n",
" 'Response Team/Computer Security Incident '\n",
" 'Response Team) for the private sector, '\n",
" 'communes and non-governmental entities in '\n",
" 'Luxembourg.',\n",
" 'id': '15',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'nationality': '',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" '_canEdit': True,\n",
" 'authors': 'john.doe@admin.test',\n",
" 'created': '2024-04-15 06:04:52',\n",
" 'distribution': '1',\n",
" 'id': '1',\n",
" 'language': 'fr-BE',\n",
" 'locked': False,\n",
" 'modified': '2024-04-15 06:04:52',\n",
" 'note': 'Ceci est une note',\n",
" 'note_type': 0,\n",
" 'note_type_name': 'Note',\n",
" 'object_type': 'Event64',\n",
" 'object_uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'org_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n",
" 'orgc_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n",
" 'sharing_group_id': None,\n",
" 'uuid': 'bdccb0a3-6cd1-4562-88d7-f4f67007195b'}}\n"
]
}
],
"source": [
"analystType = 'Note'\n",
"objectUUID = '501fd194-8b98-40d9-91e6-1c3d56d9c36a'\n",
"# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n",
"# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n",
"objectType = 'Event'\n",
"endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n",
"\n",
"body = {\n",
" \"note\": \"Ceci est une note\",\n",
" \"language\": \"fr-BE\",\n",
" \"authors\": \"john.doe@admin.test\",\n",
" \"distribution\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Analyst Opinion"
]
},
{
"cell_type": "code",
"execution_count": 69,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Opinion': {'Org': {'contacts': None,\n",
" 'created_by': '0',\n",
" 'date_created': '2023-09-29 06:47:38',\n",
" 'date_modified': '2023-09-29 06:47:38',\n",
" 'description': 'CIRCL is the CERT (Computer Emergency '\n",
" 'Response Team/Computer Security Incident '\n",
" 'Response Team) for the private sector, '\n",
" 'communes and non-governmental entities in '\n",
" 'Luxembourg.',\n",
" 'id': '15',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'nationality': '',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'contacts': None,\n",
" 'created_by': '0',\n",
" 'date_created': '2023-09-29 06:47:38',\n",
" 'date_modified': '2023-09-29 06:47:38',\n",
" 'description': 'CIRCL is the CERT (Computer Emergency '\n",
" 'Response Team/Computer Security Incident '\n",
" 'Response Team) for the private sector, '\n",
" 'communes and non-governmental entities '\n",
" 'in Luxembourg.',\n",
" 'id': '15',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'nationality': '',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" '_canEdit': True,\n",
" 'authors': 'john.doe@admin.test',\n",
" 'comment': 'This is an opinion',\n",
" 'created': '2024-04-15 06:09:58',\n",
" 'distribution': '1',\n",
" 'id': '1',\n",
" 'locked': False,\n",
" 'modified': '2024-04-15 06:09:58',\n",
" 'note_type': 1,\n",
" 'note_type_name': 'Opinion',\n",
" 'object_type': 'Event64',\n",
" 'object_uuid': '03cbbd87-9081-4ea9-94e2-431939fa85dc',\n",
" 'opinion': '75',\n",
" 'org_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n",
" 'orgc_uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f',\n",
" 'sharing_group_id': None,\n",
" 'uuid': '94f0f534-4287-4612-972b-0c95e57938e5'}}\n"
]
}
],
"source": [
"analystType = 'Opinion'\n",
"objectUUID = '03cbbd87-9081-4ea9-94e2-431939fa85dc'\n",
"# objectType[Enum]: \"Attribute\" \"Event\" \"EventReport\" \"GalaxyCluster\" \"Galaxy\"\n",
"# \"Object\" \"Note\" \"Opinion\" \"Relationship\" \"Organisation\" \"SharingGroup\"\n",
"objectType = 'Event'\n",
"endpoint = f'/analystData/add/{analystType}/{objectUUID}/{objectType}'\n",
"\n",
"body = {\n",
" \"opinion\": 75,\n",
" \"comment\": \"This is an opinion\",\n",
" \"authors\": \"john.doe@admin.test\",\n",
" \"distribution\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Searches"
]
},
{
"cell_type": "code",
"execution_count": 28,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"[{'EventTag': [],\n",
" 'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'attribute_count': '0',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'extends_uuid': '',\n",
" 'id': '63',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'sighting_timestamp': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153707',\n",
" 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'},\n",
" {'EventTag': [{'Tag': {'colour': '#33FF00',\n",
" 'id': '12',\n",
" 'is_galaxy': False,\n",
" 'name': 'tlp:green'},\n",
" 'event_id': '64',\n",
" 'id': '348',\n",
" 'local': False,\n",
" 'relationship_type': None,\n",
" 'tag_id': '12'}],\n",
" 'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'attribute_count': '2',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'sighting_timestamp': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713154741',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}]\n"
]
}
],
"source": [
"# Searching the Event index (Move it to the search topic)\n",
"endpoint = '/events/index'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"eventinfo\": \"Event created via the API as an example\",\n",
"# \"publish_timestamp\": \"2024-04-15\",\n",
"# \"org\": \"ORGNAME\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 29,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Event number: 0\n",
"Count: 0\n",
"----------\n",
"[]\n"
]
}
],
"source": [
"# Searching the Event index\n",
"misp_url = '/events/index'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
"# \"hasproposal\": 1,\n",
" \"tag\": [\"tlp:amber\"]\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"\n",
"print('Event number: %s' % len(res))\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## RestSearch\n",
"**Aka: Most powerful search tool in MISP**"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### RestSearch - Attributes"
]
},
{
"cell_type": "code",
"execution_count": 30,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '537',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 69,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 1\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '126',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '1',\n",
" 'orgc_id': '1',\n",
" 'uuid': 'b3cc1ea2-892f-48e1-a6dc-20279818a724'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '645',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '126',\n",
" 'first_seen': None,\n",
" 'id': '56144',\n",
" 'last_seen': None,\n",
" 'object_id': '645',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"# Searches on Attribute's data\n",
"misp_url = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"type\": \"ip-dst\",\n",
"# \"value\": \"127.0.%\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 31,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '537',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"# Searches on Attribute's data\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"deleted\": [0, 1] # Consider both deleted AND not deleted\n",
"}\n",
"\n",
"# [] == {\"OR\": []}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 33,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '537',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"# Searches on Attribute's data\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
"# \"tags\": \"tlp:white\",\n",
"# \"tags\": [\"tlp:white\", \"tlp:green\"]\n",
"# \"tags\": [\"!tlp:green\"]\n",
"# \"tags\": \"tlp:%\",\n",
"# \"includeEventTags\": 1\n",
"# BRAND NEW (only tag)! Prefered way (Most accurate): Distinction between OR and AND!\n",
"# \"tags\": {\"AND\": [\"tlp:green\", \"Malware\"], \"NOT\": [\"%ransomware%\"]}\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 35,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '537',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"# Paginating\n",
"endpoint = '/attributes/restSearch/'\n",
"#relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
"# \"page\": 0,\n",
"# \"limit\": 10000\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 37,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '537',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"# Searches based on time: Absolute\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"event_id = 64\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"from\": \"2019/05/21\" # or \"2019-05-21\"\n",
" # from and to NOT REALLY USEFUL.. \n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 40,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Object': {'distribution': '5',\n",
" 'id': '537',\n",
" 'sharing_group_id': '0'},\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}]}\n"
]
}
],
"source": [
"# Searches based on time: Relative\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"# /!\\ Last: works on the publish_timestamp -> may be confusing\n",
"# Units: days, hours, minutes and secondes\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
"# \"to_ids\": 1,\n",
"# \"publish_timestamp\": \"2024-04-15\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Precision regarding the different timestamps\n",
"- ``publish_timestamp`` = Time at which the event was published\n",
" - Usage: get data that arrived in my system since x\n",
" - E.g.: New data from a feed\n",
"- ``timestamp`` = Time of the last modification on the data\n",
" - data was modified in the last x hours\n",
" - E.g.: Last updated data from a feed\n",
"- ``event_timestamp``: Used in the Attribute scope\n",
" - Event modified in the last x hours"
]
},
{
"cell_type": "code",
"execution_count": 44,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 1\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Payload delivery',\n",
" 'comment': '',\n",
" 'data': 'iVBORw0KGgoAAAANSUhEUgAAAG8AAABvAQAAAADKvqPNAAABJklEQVQ4jdXUMY6FIBAG4N9Y0K0XIOEadF5JL4B6Ad+V6LiGiRfAjoI4O5oX87ZhKDabLKH5CsPPMCPox8L/YASm0EZkwIg8KI9hX/s8UQW9nkhPKQ+qioMCel1J1+fR15HyYNv5I2SBfN8xaN7P9QvkdYIPMk9hC4zQsJvr99XKPG37usqO8U4lEFsXaAm5uw8qM3JyMkeCsxVU2nHZLZ1K5gl++v1IW/NOVSIFjB5QcPe3ZfJ9KeUm0CvJjNi+cOV/hyzyILMEbkI0wcj0/EBmVtdZMkO79hwJU6qgz07tp0XjjUheR2o5W4RMbpJB6S7xLJBIngUHzaccycj0eqR9Vk9xBA7gzW1Qx75dCADJvP45V9NGK/MeGR6xayJE/tkf+Nf4DXMqFobLZDuHAAAAAElFTkSuQmCC',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3364',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155138',\n",
" 'to_ids': False,\n",
" 'type': 'attachment',\n",
" 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n",
" 'value': 'cti-2024.png'}]}\n"
]
}
],
"source": [
"# Searches with attachments\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"type\": \"attachment\",\n",
" \"withAttachments\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 48,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
"----------\n",
"{'Attribute': [{'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Event': {'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'category': 'Network activity',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3366',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155243',\n",
" 'to_ids': True,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n",
" 'value': '127.0.0.2'}]}\n"
]
}
],
"source": [
"# Searches - Others\n",
"endpoint = '/attributes/restSearch/'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": event_id,\n",
" \"type\": [\"ip-src\", \"ip-dst\"],\n",
" \"enforceWarninglist\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### RestSearch - Events"
]
},
{
"cell_type": "code",
"execution_count": 49,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 1\n",
" - Attribute count: 4\n",
"----------\n",
"[{'Event': {'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Payload delivery',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3364',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155138',\n",
" 'to_ids': False,\n",
" 'type': 'attachment',\n",
" 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n",
" 'value': 'cti-2024.png'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3365',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155215',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '1ce6d7c3-a3cf-4bf7-b0fe-a054b7a06342',\n",
" 'value': '8.8.8.8'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3366',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155243',\n",
" 'to_ids': True,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n",
" 'value': '127.0.0.2'}],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [{'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '55',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713153904',\n",
" 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n",
" {'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '56',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154575',\n",
" 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n",
" 'Galaxy': [],\n",
" 'Object': [{'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}],\n",
" 'ObjectReference': [],\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'description': 'Microblog post like a Twitter tweet or '\n",
" 'a post on a Facebook wall.',\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '537',\n",
" 'last_seen': None,\n",
" 'meta-category': 'misc',\n",
" 'name': 'microblog',\n",
" 'sharing_group_id': '0',\n",
" 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n",
" 'template_version': '5',\n",
" 'timestamp': '1558702173',\n",
" 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'date': '2024-04-15',\n",
" 'distribution': '0',\n",
" 'id': '62',\n",
" 'info': 'Test event with some sample '\n",
" 'indicator to match on Jupyter '\n",
" 'notebook',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'published': False,\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153254',\n",
" 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n",
" 'ShadowAttribute': [],\n",
" 'Tag': [{'colour': '#33FF00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '12',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:green',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '5',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713155243',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n"
]
}
],
"source": [
"# Searching using the RestSearch\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventid\": 64,\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 51,
"metadata": {},
"outputs": [],
"source": [
"# Searching using the RestSearch - Other return format\n",
"!curl \\\n",
" -d '{\"returnFormat\":\"rpz\",\"eventid\":64}' \\\n",
" -H \"Authorization: tzcU6V4IdOdNsQy9LkD3yBHaIkg64n7oeKpaQNyf\" \\\n",
" -H \"Accept: application/json\" \\\n",
" -H \"Content-type: application/json\" \\\n",
" -k \\\n",
" -X POST https://localhost:8443/events/restSearch 2> /dev/null"
]
},
{
"cell_type": "code",
"execution_count": 96,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"uuid,event_id,category,type,value,comment,to_ids,date,object_relation,attribute_tag,object_uuid,object_name,object_meta_category\r\n",
"\"6938d503-7d96-48b6-9a18-f8e6f95f04dd\",126,\"Network activity\",\"ip-src\",\"9.9.9.9\",\"\",1,1705581872,\"\",\"\",\"\",\"\",\"\"\r\n",
"\"8153fcad-cd37-45d9-a1d1-a509942116f8\",126,\"Network activity\",\"ip-dst\",\"127.2.2.2\",\"Comment added via the API!\",0,1705583914,\"\",\"tlp:white\",\"\",\"\",\"\"\r\n",
"\"1b436ea7-5fc3-485f-b059-9bfff544925f\",126,\"Payload delivery\",\"attachment\",\"test.txt\",\"\",0,1705584018,\"\",\"\",\"\",\"\",\"\"\r\n",
"\"7ed55fe3-cae9-4353-9cd6-cdcb9a50bba5\",126,\"Other\",\"text\",\"post\",\"\",0,1558702173,\"post\",\"\",\"838aefb1-0f6e-4967-9a99-e7414887ae9a\",\"microblog\",\"misc\"\r\n",
"\r\n"
]
}
],
"source": [
"# Searching using the RestSearch - Other return format\n",
"!curl \\\n",
" -d '{\"returnFormat\":\"csv\",\"eventid\":126}' \\\n",
" -H \"Authorization: AaRwZVxZqE8peVet1LGfTYMOkOfFfa7rlS5i5xfL\" \\\n",
" -H \"Accept: application/json\" \\\n",
" -H \"Content-type: application/json\" \\\n",
" -k \\\n",
" -X POST https://localhost:8443/events/restSearch 2> /dev/null"
]
},
{
"cell_type": "code",
"execution_count": 52,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 0\n",
"----------\n",
"[]\n"
]
}
],
"source": [
"# Searching using the RestSearch - Filtering\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"value\": \"parsed-ail.json\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 53,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 14\n",
"----------\n",
"[{'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '278',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '59',\n",
" 'id': '13207',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'calling-code': ['+33'],\n",
" 'capital': ['Paris'],\n",
" 'currency': ['€',\n",
" 'EUR',\n",
" 'EURO'],\n",
" 'iso-code': ['FR', 'FRA'],\n",
" 'member-of': ['NATO'],\n",
" 'official-languages': ['French'],\n",
" 'synonyms': ['French '\n",
" 'Republic',\n",
" 'République '\n",
" 'française'],\n",
" 'territory-type': ['Country'],\n",
" 'top-level-domain': ['.fr']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 167,\n",
" 'tag_name': 'misp-galaxy:target-information=\"France\"',\n",
" 'type': 'target-information',\n",
" 'uuid': '0cc6ad08-fac6-42bc-a7c7-09a53ea6b968',\n",
" 'value': 'France',\n",
" 'version': '7'}],\n",
" 'description': 'Description of targets of threat '\n",
" 'actors.',\n",
" 'enabled': True,\n",
" 'icon': 'bullseye',\n",
" 'id': '59',\n",
" 'local_only': False,\n",
" 'name': 'Target Information',\n",
" 'namespace': 'misp',\n",
" 'type': 'target-information',\n",
" 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n",
" 'version': '1'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9554',\n",
" 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'id': '17887',\n",
" 'referenced_galaxy_cluster_id': '9652',\n",
" 'referenced_galaxy_cluster_type': 'parent-of',\n",
" 'referenced_galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9554',\n",
" 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'id': '17888',\n",
" 'referenced_galaxy_cluster_id': '9653',\n",
" 'referenced_galaxy_cluster_type': 'parent-of',\n",
" 'referenced_galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9554',\n",
" 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'id': '17889',\n",
" 'referenced_galaxy_cluster_id': '9654',\n",
" 'referenced_galaxy_cluster_type': 'parent-of',\n",
" 'referenced_galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9652',\n",
" 'galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n",
" 'id': '17916',\n",
" 'referenced_galaxy_cluster_id': '9554',\n",
" 'referenced_galaxy_cluster_type': 'successor-of',\n",
" 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9653',\n",
" 'galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n",
" 'id': '17917',\n",
" 'referenced_galaxy_cluster_id': '9554',\n",
" 'referenced_galaxy_cluster_type': 'successor-of',\n",
" 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9654',\n",
" 'galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n",
" 'id': '17919',\n",
" 'referenced_galaxy_cluster_id': '9554',\n",
" 'referenced_galaxy_cluster_type': 'successor-of',\n",
" 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n",
" 'http://pastebin.com/raw/GHgpWjar',\n",
" 'MISP Project',\n",
" 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n",
" 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Conti ransomware is '\n",
" 'a RaaS and has been '\n",
" 'observed encrypting '\n",
" 'networks since '\n",
" 'mid-2020.\\n'\n",
" 'Conti was developed '\n",
" 'by the “TrickBot” '\n",
" 'group, an organized '\n",
" 'Russian '\n",
" 'cybercriminal '\n",
" 'operation. Their '\n",
" 'reputation has '\n",
" 'allowed the group '\n",
" 'to create a strong '\n",
" 'brand name, '\n",
" 'attracting many '\n",
" 'affiliates which '\n",
" 'has made Conti one '\n",
" 'of the most '\n",
" 'widespread '\n",
" 'ransomware strains '\n",
" 'in the world.\\n'\n",
" 'One of the last '\n",
" 'known “Conti” '\n",
" 'attacks was against '\n",
" 'the government of '\n",
" 'Costa Rica in April '\n",
" '2022 causing the '\n",
" 'country to declare '\n",
" 'a state of '\n",
" 'emergency.\\n'\n",
" 'Shortly after this '\n",
" 'final attack, the '\n",
" '“Conti” brand '\n",
" 'disappeared. The '\n",
" 'group behind it '\n",
" 'likely switched to '\n",
" 'a different brand '\n",
" 'to avoid sanctions '\n",
" 'and start over with '\n",
" 'a new, clean '\n",
" 'reputation.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '279',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '49',\n",
" 'id': '9554',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'attribution-confidence': ['100'],\n",
" 'country': ['RU'],\n",
" 'extensions': ['.conti'],\n",
" 'links': ['http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/',\n",
" 'http://continews.click'],\n",
" 'ransomnotes': ['All of '\n",
" 'your '\n",
" 'files are '\n",
" 'currently '\n",
" 'encrypted '\n",
" 'by CONTI '\n",
" 'ransomware.'],\n",
" 'refs': ['https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-010-acsc-ransomware-profile-conti',\n",
" 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098',\n",
" 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 166,\n",
" 'tag_name': 'misp-galaxy:ransomware=\"Conti\"',\n",
" 'type': 'ransomware',\n",
" 'uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'value': 'Conti',\n",
" 'version': '118'}],\n",
" 'description': 'Ransomware galaxy based on '\n",
" 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n",
" 'enabled': True,\n",
" 'icon': 'btc',\n",
" 'id': '49',\n",
" 'local_only': False,\n",
" 'name': 'Ransomware',\n",
" 'namespace': 'misp',\n",
" 'type': 'ransomware',\n",
" 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n",
" 'version': '4'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'date': '2022-03-22',\n",
" 'distribution': '2',\n",
" 'id': '55',\n",
" 'info': 'Network relationship with '\n",
" 'Conti BTC address',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'published': False,\n",
" 'threat_level_id': '4',\n",
" 'timestamp': '1695040739',\n",
" 'uuid': 'd1a18f98-4efb-4238-b608-8783e626b95f'}}],\n",
" 'Tag': [{'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:white',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '167',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:target-information=\"France\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '166',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:ransomware=\"Conti\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#075200',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '138',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'admiralty-scale:source-reliability=\"b\"',\n",
" 'numerical_value': '75',\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '13',\n",
" 'date': '2022-03-21',\n",
" 'disable_correlation': False,\n",
" 'distribution': '1',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '50',\n",
" 'info': 'Ransomware Attack against a French organization',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1695041268',\n",
" 'uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#33FF00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '12',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:green',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '28',\n",
" 'date': '2021-12-22',\n",
" 'disable_correlation': False,\n",
" 'distribution': '1',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '51',\n",
" 'info': 'Dirty harry example',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1693922674',\n",
" 'uuid': '339b8437-13e8-4ae6-97dc-47cf909aa78d'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5881',\n",
" 'galaxy_cluster_uuid': '590777b3-b475-4c7c-aaf8-f4a73b140312',\n",
" 'id': '2339',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7107',\n",
" 'galaxy_cluster_uuid': 'e401d4fe-f0c9-44f0-98e6-f93487678808',\n",
" 'id': '9763',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7262',\n",
" 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n",
" 'id': '11748',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7476',\n",
" 'galaxy_cluster_uuid': 'd6b3fcd0-1c86-4350-96f0-965ed02fcc51',\n",
" 'id': '14674',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7516',\n",
" 'galaxy_cluster_uuid': '4c6d62c2-89f5-4159-8fab-0190b1f9d328',\n",
" 'id': '15343',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7524',\n",
" 'galaxy_cluster_uuid': 'c984b414-b766-44c5-814a-2fe96c913c12',\n",
" 'id': '15474',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7535',\n",
" 'galaxy_cluster_uuid': '727afb95-3d0f-4451-b297-362a43909923',\n",
" 'id': '15629',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7541',\n",
" 'galaxy_cluster_uuid': 'e14085cb-0e8d-4be6-92ba-e3b93ee5978f',\n",
" 'id': '15744',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14906',\n",
" 'galaxy_cluster_uuid': '0ee4d8a5-4e67-4faf-acfa-62a78457d1f2',\n",
" 'id': '22387',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15094',\n",
" 'galaxy_cluster_uuid': 'b55d23e5-6821-44ff-8a6e-67218891e49f',\n",
" 'id': '22582',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15893',\n",
" 'galaxy_cluster_uuid': '7bd3902d-8b8b-4dd4-838a-c6862d40150d',\n",
" 'id': '23482',\n",
" 'referenced_galaxy_cluster_id': '4806',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'modify client '\n",
" 'software binaries '\n",
" 'to establish '\n",
" 'persistent access '\n",
" 'to systems. Client '\n",
" 'software enables '\n",
" 'users to access '\n",
" 'services provided '\n",
" 'by a server. Common '\n",
" 'client software '\n",
" 'types are SSH '\n",
" 'clients, FTP '\n",
" 'clients, email '\n",
" 'clients, and web '\n",
" 'browsers.\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'make modifications '\n",
" 'to client software '\n",
" 'binaries to carry '\n",
" 'out malicious tasks '\n",
" 'when those '\n",
" 'applications are in '\n",
" 'use. For example, '\n",
" 'an adversary may '\n",
" 'copy source code '\n",
" 'for the client '\n",
" 'software, add a '\n",
" 'backdoor, compile '\n",
" 'for the target, and '\n",
" 'replace the '\n",
" 'legitimate '\n",
" 'application binary '\n",
" '(or support files) '\n",
" 'with the backdoored '\n",
" 'one. Since these '\n",
" 'applications may be '\n",
" 'routinely executed '\n",
" 'by the user, the '\n",
" 'adversary can '\n",
" 'leverage this for '\n",
" 'persistent access '\n",
" 'to the host.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '282',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '4806',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1554'],\n",
" 'kill_chain': ['mitre-attack:persistence'],\n",
" 'mitre_data_sources': ['File: '\n",
" 'File '\n",
" 'Creation',\n",
" 'File: '\n",
" 'File '\n",
" 'Deletion',\n",
" 'File: '\n",
" 'File '\n",
" 'Metadata',\n",
" 'File: '\n",
" 'File '\n",
" 'Modification'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1554']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 23,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Compromise '\n",
" 'Client Software Binary '\n",
" '- T1554\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '960c3c86-1480-4d72-b4e0-8c242e84a5c5',\n",
" 'value': 'Compromise Client '\n",
" 'Software Binary - T1554',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may use '\n",
" 'traffic signaling '\n",
" 'to hide open ports '\n",
" 'or other malicious '\n",
" 'functionality used '\n",
" 'for persistence or '\n",
" 'command and '\n",
" 'control. Traffic '\n",
" 'signaling involves '\n",
" 'the use of a magic '\n",
" 'value or sequence '\n",
" 'that must be sent '\n",
" 'to a system to '\n",
" 'trigger a special '\n",
" 'response, such as '\n",
" 'opening a closed '\n",
" 'port or executing a '\n",
" 'malicious task. '\n",
" 'This may take the '\n",
" 'form of sending a '\n",
" 'series of packets '\n",
" 'with certain '\n",
" 'characteristics '\n",
" 'before a port will '\n",
" 'be opened that the '\n",
" 'adversary can use '\n",
" 'for command and '\n",
" 'control. Usually '\n",
" 'this series of '\n",
" 'packets consists of '\n",
" 'attempted '\n",
" 'connections to a '\n",
" 'predefined sequence '\n",
" 'of closed ports '\n",
" '(i.e. [Port '\n",
" 'Knocking](https://attack.mitre.org/techniques/T1205/001)), '\n",
" 'but can involve '\n",
" 'unusual flags, '\n",
" 'specific strings, '\n",
" 'or other unique '\n",
" 'characteristics. '\n",
" 'After the sequence '\n",
" 'is completed, '\n",
" 'opening a port may '\n",
" 'be accomplished by '\n",
" 'the host-based '\n",
" 'firewall, but could '\n",
" 'also be implemented '\n",
" 'by custom '\n",
" 'software.\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'also communicate '\n",
" 'with an already '\n",
" 'open port, but the '\n",
" 'service listening '\n",
" 'on that port will '\n",
" 'only respond to '\n",
" 'commands or trigger '\n",
" 'other malicious '\n",
" 'functionality if '\n",
" 'passed the '\n",
" 'appropriate magic '\n",
" 'value(s).\\n'\n",
" '\\n'\n",
" 'The observation of '\n",
" 'the signal packets '\n",
" 'to trigger the '\n",
" 'communication can '\n",
" 'be conducted '\n",
" 'through different '\n",
" 'methods. One means, '\n",
" 'originally '\n",
" 'implemented by '\n",
" 'Cd00r (Citation: '\n",
" 'Hartrell cd00r '\n",
" '2002), is to use '\n",
" 'the libpcap '\n",
" 'libraries to sniff '\n",
" 'for the packets in '\n",
" 'question. Another '\n",
" 'method leverages '\n",
" 'raw sockets, which '\n",
" 'enables the malware '\n",
" 'to use ports that '\n",
" 'are already open '\n",
" 'for use by other '\n",
" 'programs.\\n'\n",
" '\\n'\n",
" 'On network devices, '\n",
" 'adversaries may use '\n",
" 'crafted packets to '\n",
" 'enable [Network '\n",
" 'Device '\n",
" 'Authentication](https://attack.mitre.org/techniques/T1556/004) '\n",
" 'for standard '\n",
" 'services offered by '\n",
" 'the device such as '\n",
" 'telnet. Such '\n",
" 'signaling may also '\n",
" 'be used to open a '\n",
" 'closed service port '\n",
" 'such as telnet, or '\n",
" 'to trigger module '\n",
" 'modification of '\n",
" 'malware implants on '\n",
" 'the device, adding, '\n",
" 'removing, or '\n",
" 'changing malicious '\n",
" 'capabilities. '\n",
" 'Adversaries may use '\n",
" 'crafted packets to '\n",
" 'attempt to connect '\n",
" 'to one or more '\n",
" '(open or closed) '\n",
" 'ports, but may also '\n",
" 'attempt to connect '\n",
" 'to a router '\n",
" 'interface, '\n",
" 'broadcast, and '\n",
" 'network address IP '\n",
" 'on the same port in '\n",
" 'order to achieve '\n",
" 'their goals and '\n",
" 'objectives.(Citation: '\n",
" 'Cisco Synful Knock '\n",
" 'Evolution)(Citation: '\n",
" 'Mandiant - Synful '\n",
" 'Knock)(Citation: '\n",
" 'Cisco Blog Legacy '\n",
" 'Device Attacks) To '\n",
" 'enable this traffic '\n",
" 'signaling on '\n",
" 'embedded devices, '\n",
" 'adversaries must '\n",
" 'first achieve and '\n",
" 'leverage [Patch '\n",
" 'System '\n",
" 'Image](https://attack.mitre.org/techniques/T1601/001) '\n",
" 'due to the '\n",
" 'monolithic nature '\n",
" 'of the '\n",
" 'architecture.\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'also use the '\n",
" 'Wake-on-LAN feature '\n",
" 'to turn on powered '\n",
" 'off systems. '\n",
" 'Wake-on-LAN is a '\n",
" 'hardware feature '\n",
" 'that allows a '\n",
" 'powered down system '\n",
" 'to be powered on, '\n",
" 'or woken up, by '\n",
" 'sending a magic '\n",
" 'packet to it. Once '\n",
" 'the system is '\n",
" 'powered on, it may '\n",
" 'become a target for '\n",
" 'lateral '\n",
" 'movement.(Citation: '\n",
" 'Bleeping Computer - '\n",
" 'Ryuk WoL)(Citation: '\n",
" 'AMD Magic Packet)',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '283',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5396',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1205'],\n",
" 'kill_chain': ['mitre-attack:defense-evasion',\n",
" 'mitre-attack:persistence',\n",
" 'mitre-attack:command-and-control'],\n",
" 'mitre_data_sources': ['Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Connection '\n",
" 'Creation',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Flow',\n",
" 'Process: '\n",
" 'Process '\n",
" 'Creation'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows',\n",
" 'Network'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1205',\n",
" 'https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices',\n",
" 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n",
" 'https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN',\n",
" 'https://www.amd.com/system/files/TechDocs/20213.pdf',\n",
" 'https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/',\n",
" 'https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631',\n",
" 'https://www.mandiant.com/resources/synful-knock-acis']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 24,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Traffic '\n",
" 'Signaling - T1205\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '451a9977-d255-43c9-b431-66de80130c8c',\n",
" 'value': 'Traffic Signaling - T1205',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '4842',\n",
" 'galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'id': '674',\n",
" 'referenced_galaxy_cluster_id': '6067',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': '799ace7f-e227-4411-baa0-8868704f2a69',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5058',\n",
" 'galaxy_cluster_uuid': 'd3046a90-580c-4004-8208-66915bc29830',\n",
" 'id': '827',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'revoked-by',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5645',\n",
" 'galaxy_cluster_uuid': '987988f0-cf86-4680-a875-2f6456ab2448',\n",
" 'id': '1304',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5789',\n",
" 'galaxy_cluster_uuid': '20a2baeb-98c2-4901-bad7-dc62d0a03dea',\n",
" 'id': '1856',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5801',\n",
" 'galaxy_cluster_uuid': '609191bf-7d06-40e4-b1f8-9e11eb3ff8a6',\n",
" 'id': '1928',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6782',\n",
" 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n",
" 'id': '3869',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6790',\n",
" 'galaxy_cluster_uuid': 'f9d6633a-55e6-4adc-9263-6ae080421a13',\n",
" 'id': '4168',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6841',\n",
" 'galaxy_cluster_uuid': '18854f55-ac7c-4634-bd9a-352dd07613b7',\n",
" 'id': '5562',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6876',\n",
" 'galaxy_cluster_uuid': '222fbd21-fc4f-4b7e-9f85-0e6e3a76c33f',\n",
" 'id': '6381',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6913',\n",
" 'galaxy_cluster_uuid': '35d1b3be-49d4-42f1-aaa6-ef159c880bca',\n",
" 'id': '7335',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7027',\n",
" 'galaxy_cluster_uuid': '40a1b8ec-7295-416c-a6b1-68181d86f120',\n",
" 'id': '8788',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7262',\n",
" 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n",
" 'id': '11742',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14705',\n",
" 'galaxy_cluster_uuid': 'ceb407f6-8277-439b-951f-e4210e3ed956',\n",
" 'id': '22146',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15467',\n",
" 'galaxy_cluster_uuid': 'f99276ad-d122-4989-a09a-d00904a5f9d2',\n",
" 'id': '23003',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15520',\n",
" 'galaxy_cluster_uuid': '602f5669-6927-4688-84db-0d4b7afb2150',\n",
" 'id': '23074',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15620',\n",
" 'galaxy_cluster_uuid': '26b692dc-1722-49b2-b496-a8258aa6371d',\n",
" 'id': '23177',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15626',\n",
" 'galaxy_cluster_uuid': 'bde47d4b-9987-405c-94c7-b080410e8ea7',\n",
" 'id': '23192',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15646',\n",
" 'galaxy_cluster_uuid': '70ad982f-67c8-40e0-a955-b920c2fa05cb',\n",
" 'id': '23216',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '17301',\n",
" 'galaxy_cluster_uuid': 'fdc88d25-96fb-4b7c-9633-c0e417fdbd4e',\n",
" 'id': '25085',\n",
" 'referenced_galaxy_cluster_id': '4842',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'In addition to '\n",
" 'clearing system '\n",
" 'logs, an adversary '\n",
" 'may clear the '\n",
" 'command history of '\n",
" 'a compromised '\n",
" 'account to conceal '\n",
" 'the actions '\n",
" 'undertaken during '\n",
" 'an intrusion. '\n",
" 'Various command '\n",
" 'interpreters keep '\n",
" 'track of the '\n",
" 'commands users type '\n",
" 'in their terminal '\n",
" 'so that users can '\n",
" 'retrace what '\n",
" \"they've done.\\n\"\n",
" '\\n'\n",
" 'On Linux and macOS, '\n",
" 'these command '\n",
" 'histories can be '\n",
" 'accessed in a few '\n",
" 'different ways. '\n",
" 'While logged in, '\n",
" 'this command '\n",
" 'history is tracked '\n",
" 'in a file pointed '\n",
" 'to by the '\n",
" 'environment '\n",
" 'variable '\n",
" '<code>HISTFILE</code>. '\n",
" 'When a user logs '\n",
" 'off a system, this '\n",
" 'information is '\n",
" 'flushed to a file '\n",
" \"in the user's home \"\n",
" 'directory called '\n",
" '<code>~/.bash_history</code>. '\n",
" 'The benefit of this '\n",
" 'is that it allows '\n",
" 'users to go back to '\n",
" \"commands they've \"\n",
" 'used before in '\n",
" 'different '\n",
" 'sessions.\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'delete their '\n",
" 'commands from these '\n",
" 'logs by manually '\n",
" 'clearing the '\n",
" 'history '\n",
" '(<code>history '\n",
" '-c</code>) or '\n",
" 'deleting the bash '\n",
" 'history file '\n",
" '<code>rm '\n",
" '~/.bash_history</code>. \\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'also leverage a '\n",
" '[Network Device '\n",
" 'CLI](https://attack.mitre.org/techniques/T1059/008) '\n",
" 'on network devices '\n",
" 'to clear command '\n",
" 'history data '\n",
" '(<code>clear '\n",
" 'logging</code> '\n",
" 'and/or <code>clear '\n",
" 'history</code>).(Citation: '\n",
" 'US-CERT-TA18-106A)\\n'\n",
" '\\n'\n",
" 'On Windows hosts, '\n",
" 'PowerShell has two '\n",
" 'different command '\n",
" 'history providers: '\n",
" 'the built-in '\n",
" 'history and the '\n",
" 'command history '\n",
" 'managed by the '\n",
" '<code>PSReadLine</code> '\n",
" 'module. The '\n",
" 'built-in history '\n",
" 'only tracks the '\n",
" 'commands used in '\n",
" 'the current '\n",
" 'session. This '\n",
" 'command history is '\n",
" 'not available to '\n",
" 'other sessions and '\n",
" 'is deleted when the '\n",
" 'session ends.\\n'\n",
" '\\n'\n",
" 'The '\n",
" '<code>PSReadLine</code> '\n",
" 'command history '\n",
" 'tracks the commands '\n",
" 'used in all '\n",
" 'PowerShell sessions '\n",
" 'and writes them to '\n",
" 'a file '\n",
" '(<code>$env:APPDATA\\\\Microsoft\\\\Windows\\\\PowerShell\\\\PSReadLine\\\\ConsoleHost_history.txt</code> '\n",
" 'by default). This '\n",
" 'history file is '\n",
" 'available to all '\n",
" 'sessions and '\n",
" 'contains all past '\n",
" 'history since the '\n",
" 'file is not deleted '\n",
" 'when the session '\n",
" 'ends.(Citation: '\n",
" 'Microsoft '\n",
" 'PowerShell Command '\n",
" 'History)\\n'\n",
" '\\n'\n",
" 'Adversaries may run '\n",
" 'the PowerShell '\n",
" 'command '\n",
" '<code>Clear-History</code> '\n",
" 'to flush the entire '\n",
" 'command history '\n",
" 'from a current '\n",
" 'PowerShell session. '\n",
" 'This, however, will '\n",
" 'not delete/flush '\n",
" 'the '\n",
" '<code>ConsoleHost_history.txt</code> '\n",
" 'file. Adversaries '\n",
" 'may also delete the '\n",
" '<code>ConsoleHost_history.txt</code> '\n",
" 'file or edit its '\n",
" 'contents to hide '\n",
" 'PowerShell commands '\n",
" 'they have '\n",
" 'run.(Citation: '\n",
" 'Sophos PowerShell '\n",
" 'command '\n",
" 'audit)(Citation: '\n",
" 'Sophos PowerShell '\n",
" 'Command History '\n",
" 'Forensics)',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '284',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '4842',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1070.003'],\n",
" 'kill_chain': ['mitre-attack:defense-evasion'],\n",
" 'mitre_data_sources': ['Command: '\n",
" 'Command '\n",
" 'Execution',\n",
" 'File: '\n",
" 'File '\n",
" 'Deletion',\n",
" 'File: '\n",
" 'File '\n",
" 'Modification',\n",
" 'User '\n",
" 'Account: '\n",
" 'User '\n",
" 'Account '\n",
" 'Authentication'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows',\n",
" 'Network'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1070/003',\n",
" 'https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit',\n",
" 'https://community.sophos.com/products/malware/b/blog/posts/powershell-command-history-forensics',\n",
" 'https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7',\n",
" 'https://www.us-cert.gov/ncas/alerts/TA18-106A']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 25,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Clear '\n",
" 'Command History - '\n",
" 'T1070.003\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '3aef9463-9a7a-43ba-8957-a867e07c1e6a',\n",
" 'value': 'Clear Command History - '\n",
" 'T1070.003',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5528',\n",
" 'galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'id': '1121',\n",
" 'referenced_galaxy_cluster_id': '6067',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': '799ace7f-e227-4411-baa0-8868704f2a69',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5605',\n",
" 'galaxy_cluster_uuid': '128c55d3-aeba-469f-bd3e-c8996ab4112a',\n",
" 'id': '1192',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'revoked-by',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6782',\n",
" 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n",
" 'id': '3878',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6809',\n",
" 'galaxy_cluster_uuid': '9538b1a4-4120-4e2d-bf59-3b11fcab05a4',\n",
" 'id': '4563',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6817',\n",
" 'galaxy_cluster_uuid': '247cb30b-955f-42eb-97a5-a89fef69341e',\n",
" 'id': '4826',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6819',\n",
" 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n",
" 'id': '4980',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6849',\n",
" 'galaxy_cluster_uuid': '44102191-3a31-45f8-acbe-34bdb441d5ad',\n",
" 'id': '5726',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6857',\n",
" 'galaxy_cluster_uuid': '00f67a77-86a4-4adf-be26-1a54fc713340',\n",
" 'id': '5921',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6881',\n",
" 'galaxy_cluster_uuid': '0ec2f388-bf0f-4b5c-97b1-fc736d26c25f',\n",
" 'id': '6544',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6901',\n",
" 'galaxy_cluster_uuid': '8c1f0187-0826-4320-bddc-5f326cfcfe2c',\n",
" 'id': '7082',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6920',\n",
" 'galaxy_cluster_uuid': 'd3afa961-a80c-4043-9509-282cdf69ab21',\n",
" 'id': '7428',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6927',\n",
" 'galaxy_cluster_uuid': '5a3a31fe-5a8f-48e1-bff0-a753e5b1be70',\n",
" 'id': '7528',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6935',\n",
" 'galaxy_cluster_uuid': '7bec698a-7e20-4fd3-bb6a-12787770fb1a',\n",
" 'id': '7602',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6949',\n",
" 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n",
" 'id': '7825',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6970',\n",
" 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n",
" 'id': '8136',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6990',\n",
" 'galaxy_cluster_uuid': 'b00f90b6-c75c-4bfd-b813-ca9e6c9ebf29',\n",
" 'id': '8332',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7010',\n",
" 'galaxy_cluster_uuid': '94379dec-5c87-49db-b36e-66abc0b81344',\n",
" 'id': '8536',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7020',\n",
" 'galaxy_cluster_uuid': '8901ac23-6b50-410c-b0dd-d8174a86f9b3',\n",
" 'id': '8704',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7023',\n",
" 'galaxy_cluster_uuid': '5e595477-2e78-4ce7-ae42-e0b059b17808',\n",
" 'id': '8734',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7033',\n",
" 'galaxy_cluster_uuid': '7551188b-8f91-4d34-8350-0d0c57b2b913',\n",
" 'id': '8904',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7053',\n",
" 'galaxy_cluster_uuid': '01dbc71d-0ee8-420d-abb4-3dfb6a4bf725',\n",
" 'id': '9143',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7060',\n",
" 'galaxy_cluster_uuid': '47afe41c-4c08-485e-b062-c3bd209a1cce',\n",
" 'id': '9230',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7062',\n",
" 'galaxy_cluster_uuid': 'a60657fa-e2e7-4f8f-8128-a882534ae8c5',\n",
" 'id': '9278',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7087',\n",
" 'galaxy_cluster_uuid': '088f1d6e-0783-47c6-9923-9c79b2af43d4',\n",
" 'id': '9493',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7093',\n",
" 'galaxy_cluster_uuid': '0db09158-6e48-4e7c-8ce7-2b10b9c0c039',\n",
" 'id': '9574',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7121',\n",
" 'galaxy_cluster_uuid': 'fa766a65-5136-4ff3-8429-36d08eaa0100',\n",
" 'id': '10014',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7139',\n",
" 'galaxy_cluster_uuid': 'dfb5fa9b-3051-4b97-8035-08f80aef945b',\n",
" 'id': '10204',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7151',\n",
" 'galaxy_cluster_uuid': '3a0f6128-0a01-421d-8eca-e57d8671b1f1',\n",
" 'id': '10317',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7167',\n",
" 'galaxy_cluster_uuid': 'bdee9574-7479-4073-a7dc-e86d8acd073a',\n",
" 'id': '10547',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7171',\n",
" 'galaxy_cluster_uuid': 'fece06b7-d4b1-42cf-b81a-5323c917546e',\n",
" 'id': '10599',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7231',\n",
" 'galaxy_cluster_uuid': 'af2ad3b7-ab6a-4807-91fd-51bcaff9acbb',\n",
" 'id': '11340',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7260',\n",
" 'galaxy_cluster_uuid': '0b32ec39-ba61-4864-9ebe-b4b0b73caf9a',\n",
" 'id': '11727',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7262',\n",
" 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n",
" 'id': '11745',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7287',\n",
" 'galaxy_cluster_uuid': '0998045d-f96e-4284-95ce-3c8219707486',\n",
" 'id': '12071',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7292',\n",
" 'galaxy_cluster_uuid': 'df350889-4de9-44e5-8cb3-888b8343e97c',\n",
" 'id': '12113',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7305',\n",
" 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n",
" 'id': '12281',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7356',\n",
" 'galaxy_cluster_uuid': '1f6e3702-7ca1-4582-b2e7-4591297d05a8',\n",
" 'id': '12922',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7427',\n",
" 'galaxy_cluster_uuid': 'dcac85c1-6485-4790-84f6-de5e6f6b91dd',\n",
" 'id': '13854',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7445',\n",
" 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n",
" 'id': '14120',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7477',\n",
" 'galaxy_cluster_uuid': '5dd649c0-bca4-488b-bd85-b180474ec62e',\n",
" 'id': '14685',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7540',\n",
" 'galaxy_cluster_uuid': '7f4bbe05-1674-4087-8a16-8f1ad61b6152',\n",
" 'id': '15712',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7542',\n",
" 'galaxy_cluster_uuid': '7cdfccda-2950-4167-981a-60872ff5d0db',\n",
" 'id': '15759',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7555',\n",
" 'galaxy_cluster_uuid': 'efa7c4d6-8e30-41d9-a8fd-26dc337f4a1b',\n",
" 'id': '15936',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7943',\n",
" 'galaxy_cluster_uuid': '3433a9e8-1c47-4320-b9bf-ed449061d1c3',\n",
" 'id': '16867',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14868',\n",
" 'galaxy_cluster_uuid': 'faa031b5-21ed-4e02-8881-2591f98d82ed',\n",
" 'id': '22336',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15576',\n",
" 'galaxy_cluster_uuid': 'c6438007-e081-42ce-9483-b067fbef33c3',\n",
" 'id': '23134',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15891',\n",
" 'galaxy_cluster_uuid': '558eebe5-f2ba-4104-b339-36f7902bcc1a',\n",
" 'id': '23480',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '17212',\n",
" 'galaxy_cluster_uuid': '88c0f9d8-30a8-4120-bb6b-ebb54abcf2a0',\n",
" 'id': '24993',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '17264',\n",
" 'galaxy_cluster_uuid': 'b3cec4e7-6901-4b0d-a02d-8ab2d8eb818b',\n",
" 'id': '25049',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '17375',\n",
" 'galaxy_cluster_uuid': '31545105-3444-4584-bebf-c466353230d2',\n",
" 'id': '25155',\n",
" 'referenced_galaxy_cluster_id': '5528',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'modify file time '\n",
" 'attributes to hide '\n",
" 'new or changes to '\n",
" 'existing files. '\n",
" 'Timestomping is a '\n",
" 'technique that '\n",
" 'modifies the '\n",
" 'timestamps of a '\n",
" 'file (the modify, '\n",
" 'access, create, and '\n",
" 'change times), '\n",
" 'often to mimic '\n",
" 'files that are in '\n",
" 'the same folder. '\n",
" 'This is done, for '\n",
" 'example, on files '\n",
" 'that have been '\n",
" 'modified or created '\n",
" 'by the adversary so '\n",
" 'that they do not '\n",
" 'appear conspicuous '\n",
" 'to forensic '\n",
" 'investigators or '\n",
" 'file analysis '\n",
" 'tools.\\n'\n",
" '\\n'\n",
" 'Timestomping may be '\n",
" 'used along with '\n",
" 'file name '\n",
" '[Masquerading](https://attack.mitre.org/techniques/T1036) '\n",
" 'to hide malware and '\n",
" 'tools.(Citation: '\n",
" 'WindowsIR '\n",
" 'Anti-Forensic '\n",
" 'Techniques)',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '285',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5528',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1070.006'],\n",
" 'kill_chain': ['mitre-attack:defense-evasion'],\n",
" 'mitre_data_sources': ['File: '\n",
" 'File '\n",
" 'Metadata',\n",
" 'File: '\n",
" 'File '\n",
" 'Modification'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows'],\n",
" 'refs': ['http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html',\n",
" 'https://attack.mitre.org/techniques/T1070/006']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 26,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Timestomp '\n",
" '- T1070.006\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '47f2d673-ca62-47e9-929b-1b0be9657611',\n",
" 'value': 'Timestomp - T1070.006',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5271',\n",
" 'galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'id': '979',\n",
" 'referenced_galaxy_cluster_id': '5501',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': 'b8902400-e6c5-4ba2-95aa-2d35b442b118',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5763',\n",
" 'galaxy_cluster_uuid': '12241367-a8b7-49b4-b86e-2236901ba50c',\n",
" 'id': '1488',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6769',\n",
" 'galaxy_cluster_uuid': '93f52415-0fe4-4d3d-896c-fc9b8e88ab90',\n",
" 'id': '3482',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6782',\n",
" 'galaxy_cluster_uuid': 'c93fccb1-e8e8-42cf-ae33-2ad1d183913a',\n",
" 'id': '3860',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6787',\n",
" 'galaxy_cluster_uuid': '894aab42-3371-47b1-8859-a4a074c804c8',\n",
" 'id': '4070',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6802',\n",
" 'galaxy_cluster_uuid': '420ac20b-f2b9-42b8-aa1a-6d4b72895ca4',\n",
" 'id': '4415',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6815',\n",
" 'galaxy_cluster_uuid': 'ead23196-d7b6-4ce6-a124-4ab4b67d81bd',\n",
" 'id': '4679',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6819',\n",
" 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n",
" 'id': '4960',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6835',\n",
" 'galaxy_cluster_uuid': '9e729a7e-0dd6-4097-95bf-db8d64911383',\n",
" 'id': '5430',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6862',\n",
" 'galaxy_cluster_uuid': 'fbd29c89-18ba-4c2d-b792-51c0adee049f',\n",
" 'id': '5985',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6891',\n",
" 'galaxy_cluster_uuid': '269e8108-68c6-4f99-b911-14b2e765dec2',\n",
" 'id': '6852',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6908',\n",
" 'galaxy_cluster_uuid': '54dfec3e-6464-4f74-9d69-b7c817b7e5a3',\n",
" 'id': '7225',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6909',\n",
" 'galaxy_cluster_uuid': '4283ae19-69c7-4347-a35e-b56f08eb660b',\n",
" 'id': '7251',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6918',\n",
" 'galaxy_cluster_uuid': '8787e86d-8475-4f13-acea-d33eb83b6105',\n",
" 'id': '7409',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6920',\n",
" 'galaxy_cluster_uuid': 'd3afa961-a80c-4043-9509-282cdf69ab21',\n",
" 'id': '7423',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6926',\n",
" 'galaxy_cluster_uuid': '88c621a7-aef9-4ae0-94e3-1fc87123eb24',\n",
" 'id': '7507',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6935',\n",
" 'galaxy_cluster_uuid': '7bec698a-7e20-4fd3-bb6a-12787770fb1a',\n",
" 'id': '7601',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6937',\n",
" 'galaxy_cluster_uuid': '8e461ca3-0996-4e6e-a0df-e2a5bbc51ebc',\n",
" 'id': '7614',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6949',\n",
" 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n",
" 'id': '7813',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6951',\n",
" 'galaxy_cluster_uuid': '3bc7e862-5610-4c02-9c48-15b2e2dc1ddb',\n",
" 'id': '7892',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6962',\n",
" 'galaxy_cluster_uuid': 'b879758f-bbc4-4cab-b5ba-177ac9b009b4',\n",
" 'id': '8018',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6976',\n",
" 'galaxy_cluster_uuid': '5967cc93-57c9-404a-8ffd-097edfa7bdfc',\n",
" 'id': '8193',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6994',\n",
" 'galaxy_cluster_uuid': '7f8730af-f683-423f-9ee1-5f6875a80481',\n",
" 'id': '8378',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6995',\n",
" 'galaxy_cluster_uuid': '251fbae2-78f6-4de7-84f6-194c727a64ad',\n",
" 'id': '8384',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6996',\n",
" 'galaxy_cluster_uuid': 'e170995d-4f61-4f17-b60e-04f9a06ee517',\n",
" 'id': '8388',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6998',\n",
" 'galaxy_cluster_uuid': '72f54d66-675d-4587-9bd3-4ed09f9522e4',\n",
" 'id': '8400',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6999',\n",
" 'galaxy_cluster_uuid': 'ad4f146f-e3ec-444a-ba71-24bffd7f0f8e',\n",
" 'id': '8414',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7002',\n",
" 'galaxy_cluster_uuid': '2eb9b131-d333-4a48-9eb4-d8dec46c19ee',\n",
" 'id': '8439',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7006',\n",
" 'galaxy_cluster_uuid': '95047f03-4811-4300-922e-1ba937d53a61',\n",
" 'id': '8484',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7008',\n",
" 'galaxy_cluster_uuid': 'b143dfa4-e944-43ff-8429-bfffc308c517',\n",
" 'id': '8506',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7010',\n",
" 'galaxy_cluster_uuid': '94379dec-5c87-49db-b36e-66abc0b81344',\n",
" 'id': '8534',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7012',\n",
" 'galaxy_cluster_uuid': 'b42378e0-f147-496f-992a-26a49705395b',\n",
" 'id': '8574',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7017',\n",
" 'galaxy_cluster_uuid': '64fa0de0-6240-41f4-8638-f4ca7ed528fd',\n",
" 'id': '8640',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7025',\n",
" 'galaxy_cluster_uuid': '8393dac0-0583-456a-9372-fd81691bca20',\n",
" 'id': '8761',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7028',\n",
" 'galaxy_cluster_uuid': '3be1fb7a-0f7e-415e-8e3a-74a80d596e68',\n",
" 'id': '8814',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7029',\n",
" 'galaxy_cluster_uuid': 'df4cd566-ff2f-4d08-976d-8c86e95782de',\n",
" 'id': '8846',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7031',\n",
" 'galaxy_cluster_uuid': 'eff1a885-6f90-42a1-901f-eef6e7a1905e',\n",
" 'id': '8875',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7033',\n",
" 'galaxy_cluster_uuid': '7551188b-8f91-4d34-8350-0d0c57b2b913',\n",
" 'id': '8898',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7035',\n",
" 'galaxy_cluster_uuid': '495b6cdb-7b5a-4fbc-8d33-e7ef68806d08',\n",
" 'id': '8928',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7036',\n",
" 'galaxy_cluster_uuid': '6b62e336-176f-417b-856a-8552dd8c44e1',\n",
" 'id': '8949',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7038',\n",
" 'galaxy_cluster_uuid': '5bcd5511-6756-4824-a692-e8bb109364af',\n",
" 'id': '8983',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7041',\n",
" 'galaxy_cluster_uuid': 'ccd61dfc-b03f-4689-8c18-7c97eab08472',\n",
" 'id': '9001',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7043',\n",
" 'galaxy_cluster_uuid': '73a4793a-ce55-4159-b2a6-208ef29b326f',\n",
" 'id': '9023',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7044',\n",
" 'galaxy_cluster_uuid': '4ab44516-ad75-4e43-a280-705dc0420e2f',\n",
" 'id': '9044',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7053',\n",
" 'galaxy_cluster_uuid': '01dbc71d-0ee8-420d-abb4-3dfb6a4bf725',\n",
" 'id': '9137',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7060',\n",
" 'galaxy_cluster_uuid': '47afe41c-4c08-485e-b062-c3bd209a1cce',\n",
" 'id': '9215',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7067',\n",
" 'galaxy_cluster_uuid': '0f862b01-99da-47cc-9bdb-db4a86a95bb1',\n",
" 'id': '9312',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7075',\n",
" 'galaxy_cluster_uuid': '53cf6cc4-65aa-445a-bcf8-c3d296f8a7a2',\n",
" 'id': '9351',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7079',\n",
" 'galaxy_cluster_uuid': '67e6d66b-1b82-4699-b47a-e2efb6268d14',\n",
" 'id': '9397',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7086',\n",
" 'galaxy_cluster_uuid': '22b17791-45bf-45c0-9322-ff1a0af5cf2b',\n",
" 'id': '9460',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7087',\n",
" 'galaxy_cluster_uuid': '088f1d6e-0783-47c6-9923-9c79b2af43d4',\n",
" 'id': '9482',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7088',\n",
" 'galaxy_cluster_uuid': '2daa14d6-cbf3-4308-bb8e-213c324a08e4',\n",
" 'id': '9518',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7092',\n",
" 'galaxy_cluster_uuid': '68dca94f-c11d-421e-9287-7c501108e18c',\n",
" 'id': '9550',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7098',\n",
" 'galaxy_cluster_uuid': 'fb575479-14ef-41e9-bfab-0b7cf10bec73',\n",
" 'id': '9636',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7110',\n",
" 'galaxy_cluster_uuid': '96b08451-b27a-4ff6-893f-790e26393a8e',\n",
" 'id': '9804',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7114',\n",
" 'galaxy_cluster_uuid': '35cd1d01-1ede-44d2-b073-a264d727bc04',\n",
" 'id': '9856',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7120',\n",
" 'galaxy_cluster_uuid': 'edc5e045-5401-42bb-ad92-52b5b2ee0de9',\n",
" 'id': '9951',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7128',\n",
" 'galaxy_cluster_uuid': 'fde19a18-e502-467f-be14-58c71b4e7f4b',\n",
" 'id': '10109',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7130',\n",
" 'galaxy_cluster_uuid': 'bb3c1098-d654-4620-bf40-694386d28921',\n",
" 'id': '10148',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7135',\n",
" 'galaxy_cluster_uuid': 'e8268361-a599-4e45-bd3f-71c8c7e700c0',\n",
" 'id': '10190',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7138',\n",
" 'galaxy_cluster_uuid': 'cb7bcf6f-085f-41db-81ee-4b68481661b5',\n",
" 'id': '10200',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7143',\n",
" 'galaxy_cluster_uuid': 'f8dfbc54-b070-4224-b560-79aaa5f835bd',\n",
" 'id': '10256',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7151',\n",
" 'galaxy_cluster_uuid': '3a0f6128-0a01-421d-8eca-e57d8671b1f1',\n",
" 'id': '10312',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7152',\n",
" 'galaxy_cluster_uuid': '37cc7eb6-12e3-467b-82e8-f20f2cc73c69',\n",
" 'id': '10333',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7168',\n",
" 'galaxy_cluster_uuid': '196f1f32-e0c2-4d46-99cd-234d4b6befe1',\n",
" 'id': '10564',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7171',\n",
" 'galaxy_cluster_uuid': 'fece06b7-d4b1-42cf-b81a-5323c917546e',\n",
" 'id': '10596',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7177',\n",
" 'galaxy_cluster_uuid': 'dd889a55-fb2c-4ec7-8e9f-c399939a49e1',\n",
" 'id': '10639',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7196',\n",
" 'galaxy_cluster_uuid': '54a01db0-9fab-4d5f-8209-53cef8425f4a',\n",
" 'id': '10847',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7203',\n",
" 'galaxy_cluster_uuid': 'f108215f-3487-489d-be8b-80e346d32518',\n",
" 'id': '10977',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7205',\n",
" 'galaxy_cluster_uuid': '6fb36c6f-bb3d-4ed6-9471-cb9933e5c154',\n",
" 'id': '11009',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7206',\n",
" 'galaxy_cluster_uuid': '64d76fa5-cf8f-469c-b78c-1a4f7c5bad80',\n",
" 'id': '11020',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7207',\n",
" 'galaxy_cluster_uuid': '11e36d5b-6a92-4bf9-8eb7-85eb24f59e22',\n",
" 'id': '11036',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7210',\n",
" 'galaxy_cluster_uuid': 'e9595678-d269-469e-ae6b-75e49259de63',\n",
" 'id': '11070',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7218',\n",
" 'galaxy_cluster_uuid': 'aad11e34-02ca-4220-91cd-2ed420af4db3',\n",
" 'id': '11158',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7219',\n",
" 'galaxy_cluster_uuid': '08d20cd2-f084-45ee-8558-fa6ef5a18519',\n",
" 'id': '11175',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7221',\n",
" 'galaxy_cluster_uuid': 'fb78294a-7d7a-4d38-8ad0-92e67fddc9f0',\n",
" 'id': '11194',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7230',\n",
" 'galaxy_cluster_uuid': '17b40f60-729f-4fe8-8aea-cc9ee44a95d5',\n",
" 'id': '11315',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7235',\n",
" 'galaxy_cluster_uuid': '60c18d06-7b91-4742-bae3-647845cd9d81',\n",
" 'id': '11398',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7237',\n",
" 'galaxy_cluster_uuid': 'e85cae1a-bce3-4ac4-b36b-b00acac0567b',\n",
" 'id': '11409',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7241',\n",
" 'galaxy_cluster_uuid': '432555de-63bf-4f2a-a3fa-f720a4561078',\n",
" 'id': '11441',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7244',\n",
" 'galaxy_cluster_uuid': '04378e79-4387-468a-a8f7-f974b8254e44',\n",
" 'id': '11479',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7247',\n",
" 'galaxy_cluster_uuid': 'dc5d1a33-62aa-4a0c-aa8c-589b87beb11e',\n",
" 'id': '11542',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7254',\n",
" 'galaxy_cluster_uuid': '3a4197ae-ec63-4162-907b-9a073d1157e4',\n",
" 'id': '11653',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7262',\n",
" 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n",
" 'id': '11740',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7269',\n",
" 'galaxy_cluster_uuid': '92ec0cbd-2c30-44a2-b270-73f4ec949841',\n",
" 'id': '11840',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7272',\n",
" 'galaxy_cluster_uuid': '9ea525fa-b0a9-4dde-84f2-bcea0137b3c1',\n",
" 'id': '11881',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7278',\n",
" 'galaxy_cluster_uuid': '425771c5-48b4-4ecd-9f95-74ed3fc9da59',\n",
" 'id': '11975',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7291',\n",
" 'galaxy_cluster_uuid': '3240cbe4-c550-443b-aa76-cc2a7058b870',\n",
" 'id': '12097',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7292',\n",
" 'galaxy_cluster_uuid': 'df350889-4de9-44e5-8cb3-888b8343e97c',\n",
" 'id': '12107',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7296',\n",
" 'galaxy_cluster_uuid': '72911fe3-f085-40f7-b4f2-f25a4221fe44',\n",
" 'id': '12173',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7305',\n",
" 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n",
" 'id': '12277',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7311',\n",
" 'galaxy_cluster_uuid': 'b6b3dfc7-9a81-43ff-ac04-698bad48973a',\n",
" 'id': '12365',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7315',\n",
" 'galaxy_cluster_uuid': '2a70812b-f1ef-44db-8578-a496a227aef2',\n",
" 'id': '12392',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7326',\n",
" 'galaxy_cluster_uuid': 'd1183cb9-258e-4f2f-8415-50ac8252c49e',\n",
" 'id': '12553',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7334',\n",
" 'galaxy_cluster_uuid': '835a79f1-842d-472d-b8f4-d54b545c341b',\n",
" 'id': '12626',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7337',\n",
" 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n",
" 'id': '12667',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7342',\n",
" 'galaxy_cluster_uuid': '54a73038-1937-4d71-a253-316e76d5413c',\n",
" 'id': '12712',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7344',\n",
" 'galaxy_cluster_uuid': 'c9b99d03-ff11-4a48-95f0-82660d582c25',\n",
" 'id': '12750',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7359',\n",
" 'galaxy_cluster_uuid': 'f4c80d39-ce10-4f74-9b50-a7e3f5df1f2e',\n",
" 'id': '12951',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7361',\n",
" 'galaxy_cluster_uuid': '9dbdadb6-fdbf-490f-a35f-38762d06a0d2',\n",
" 'id': '12977',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7362',\n",
" 'galaxy_cluster_uuid': '21c0b55b-5ff3-4654-a05e-e3fc1ee1ce1b',\n",
" 'id': '12986',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7372',\n",
" 'galaxy_cluster_uuid': '8be7c69e-d8e3-4970-9668-61de08e508cc',\n",
" 'id': '13090',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7375',\n",
" 'galaxy_cluster_uuid': 'bfd2738c-8b43-43c3-bc9f-d523c8e88bf4',\n",
" 'id': '13160',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7385',\n",
" 'galaxy_cluster_uuid': '92b55426-109f-4d93-899f-1833ce91ff90',\n",
" 'id': '13314',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7387',\n",
" 'galaxy_cluster_uuid': 'fb4e3792-e915-4fdd-a9cd-92dfa2ace7aa',\n",
" 'id': '13340',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7389',\n",
" 'galaxy_cluster_uuid': 'c9ccc4df-1f56-49e7-ad57-b383e1451688',\n",
" 'id': '13368',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7397',\n",
" 'galaxy_cluster_uuid': '00806466-754d-44ea-ad6f-0caf59cb8556',\n",
" 'id': '13447',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7401',\n",
" 'galaxy_cluster_uuid': '94d6d788-07bb-4dcc-b62f-e02626b00108',\n",
" 'id': '13543',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7406',\n",
" 'galaxy_cluster_uuid': '65ffc206-d7c1-45b3-b543-f6b726e7840d',\n",
" 'id': '13577',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7408',\n",
" 'galaxy_cluster_uuid': '29231689-5837-4a7a-aafc-1b65b3f50cc7',\n",
" 'id': '13628',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7418',\n",
" 'galaxy_cluster_uuid': '44c75271-0e4d-496f-ae0a-a6d883a42a65',\n",
" 'id': '13713',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7422',\n",
" 'galaxy_cluster_uuid': 'b4d80f8b-d2b9-4448-8844-4bef777ed676',\n",
" 'id': '13778',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7429',\n",
" 'galaxy_cluster_uuid': 'f9b05f33-d45d-4e4d-aafe-c208d38a0080',\n",
" 'id': '13869',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7430',\n",
" 'galaxy_cluster_uuid': 'b57f419e-8b12-49d3-886b-145383725dcd',\n",
" 'id': '13884',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7431',\n",
" 'galaxy_cluster_uuid': '99fdf3b4-96ef-4ab9-b191-fc683441cad0',\n",
" 'id': '13905',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7437',\n",
" 'galaxy_cluster_uuid': '76ac7989-c5cc-42e2-93e3-d6c476f01ace',\n",
" 'id': '14019',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7445',\n",
" 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n",
" 'id': '14111',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7447',\n",
" 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n",
" 'id': '14158',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7449',\n",
" 'galaxy_cluster_uuid': 'fc774af4-533b-4724-96d2-ac1026316794',\n",
" 'id': '14185',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7450',\n",
" 'galaxy_cluster_uuid': '4b6ec280-7bbb-48ff-ae59-b189520ebe83',\n",
" 'id': '14200',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7453',\n",
" 'galaxy_cluster_uuid': '21583311-6321-4891-8a37-3eb4e57b0fb1',\n",
" 'id': '14252',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7455',\n",
" 'galaxy_cluster_uuid': '86b92f6c-9c05-4c51-b361-4c7bb13e21a1',\n",
" 'id': '14287',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7456',\n",
" 'galaxy_cluster_uuid': '2cf7dec3-66fc-423f-b2c7-58f1de243b4e',\n",
" 'id': '14317',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7462',\n",
" 'galaxy_cluster_uuid': '6ba1d7ae-d60b-43e6-9f08-a8b787e9d9cb',\n",
" 'id': '14409',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7465',\n",
" 'galaxy_cluster_uuid': 'c009560a-f097-45a3-8f9f-78ec1440a783',\n",
" 'id': '14456',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7476',\n",
" 'galaxy_cluster_uuid': 'd6b3fcd0-1c86-4350-96f0-965ed02fcc51',\n",
" 'id': '14665',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7495',\n",
" 'galaxy_cluster_uuid': '81c57a96-fc8c-4f91-af8e-63e24c2927c2',\n",
" 'id': '14958',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7499',\n",
" 'galaxy_cluster_uuid': '805480f1-6caa-4a67-8ca9-b2b39650d986',\n",
" 'id': '15021',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7506',\n",
" 'galaxy_cluster_uuid': '4b346d12-7f91-48d2-8f06-b26ffa0d825b',\n",
" 'id': '15161',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7510',\n",
" 'galaxy_cluster_uuid': 'a545456a-f9a7-47ad-9ea6-8b017def38d1',\n",
" 'id': '15210',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7512',\n",
" 'galaxy_cluster_uuid': '7acb15b6-fe2c-4319-b136-6ab36ff0b2d4',\n",
" 'id': '15240',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7516',\n",
" 'galaxy_cluster_uuid': '4c6d62c2-89f5-4159-8fab-0190b1f9d328',\n",
" 'id': '15338',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7519',\n",
" 'galaxy_cluster_uuid': '7e0f8b0f-716e-494d-827e-310bd6ed709e',\n",
" 'id': '15374',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7534',\n",
" 'galaxy_cluster_uuid': 'a8839c95-029f-44cf-8f3d-a3cf2039e927',\n",
" 'id': '15592',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7540',\n",
" 'galaxy_cluster_uuid': '7f4bbe05-1674-4087-8a16-8f1ad61b6152',\n",
" 'id': '15710',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7541',\n",
" 'galaxy_cluster_uuid': 'e14085cb-0e8d-4be6-92ba-e3b93ee5978f',\n",
" 'id': '15729',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7545',\n",
" 'galaxy_cluster_uuid': '6a21e3a4-5ffe-4581-af9a-6a54c7536f44',\n",
" 'id': '15794',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7561',\n",
" 'galaxy_cluster_uuid': '0715560d-4299-4e84-9e20-6e80ab57e4f2',\n",
" 'id': '16038',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7935',\n",
" 'galaxy_cluster_uuid': 'da04ac30-27da-4959-a67d-450ce47d9470',\n",
" 'id': '16714',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7944',\n",
" 'galaxy_cluster_uuid': '11f8d7eb-1927-4806-9267-3a11d4d4d6be',\n",
" 'id': '16921',\n",
" 'referenced_galaxy_cluster_id': '5271',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'employ a known '\n",
" 'symmetric '\n",
" 'encryption '\n",
" 'algorithm to '\n",
" 'conceal command and '\n",
" 'control traffic '\n",
" 'rather than relying '\n",
" 'on any inherent '\n",
" 'protections '\n",
" 'provided by a '\n",
" 'communication '\n",
" 'protocol. Symmetric '\n",
" 'encryption '\n",
" 'algorithms use the '\n",
" 'same key for '\n",
" 'plaintext '\n",
" 'encryption and '\n",
" 'ciphertext '\n",
" 'decryption. Common '\n",
" 'symmetric '\n",
" 'encryption '\n",
" 'algorithms include '\n",
" 'AES, DES, 3DES, '\n",
" 'Blowfish, and RC4.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '286',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5271',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1573.001'],\n",
" 'kill_chain': ['mitre-attack:command-and-control'],\n",
" 'mitre_data_sources': ['Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'Windows',\n",
" 'macOS'],\n",
" 'refs': ['https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf',\n",
" 'https://attack.mitre.org/techniques/T1573/001']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 27,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Symmetric '\n",
" 'Cryptography - '\n",
" 'T1573.001\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '24bfaeba-cb0d-4525-b3dc-507c77ecec41',\n",
" 'value': 'Symmetric Cryptography - '\n",
" 'T1573.001',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5291',\n",
" 'galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'id': '999',\n",
" 'referenced_galaxy_cluster_id': '5501',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': 'b8902400-e6c5-4ba2-95aa-2d35b442b118',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5763',\n",
" 'galaxy_cluster_uuid': '12241367-a8b7-49b4-b86e-2236901ba50c',\n",
" 'id': '1518',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5856',\n",
" 'galaxy_cluster_uuid': '7bb5fae9-53ad-4424-866b-f0ea2a8b731d',\n",
" 'id': '1987',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6771',\n",
" 'galaxy_cluster_uuid': 'dc6fe6ee-04c2-49be-ba3d-f38d2463c02a',\n",
" 'id': '3566',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6780',\n",
" 'galaxy_cluster_uuid': '56319646-eb6e-41fc-ae53-aadfa7adb924',\n",
" 'id': '3807',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6848',\n",
" 'galaxy_cluster_uuid': 'fd19bd82-1b14-49a1-a176-6cdc46b8a826',\n",
" 'id': '5703',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6868',\n",
" 'galaxy_cluster_uuid': '2a7914cf-dff3-428d-ab0f-1014d1c28aeb',\n",
" 'id': '6194',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6882',\n",
" 'galaxy_cluster_uuid': '4ca1929c-7d64-4aab-b849-badbfc0c760d',\n",
" 'id': '6668',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6948',\n",
" 'galaxy_cluster_uuid': 'ff41b9b6-4c1d-407b-a7e2-835109c8dbc5',\n",
" 'id': '7796',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6949',\n",
" 'galaxy_cluster_uuid': 'a7881f21-e978-4fe4-af56-92c9416a2616',\n",
" 'id': '7851',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6951',\n",
" 'galaxy_cluster_uuid': '3bc7e862-5610-4c02-9c48-15b2e2dc1ddb',\n",
" 'id': '7909',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6966',\n",
" 'galaxy_cluster_uuid': '56e6b6c2-e573-4969-8bab-783205cebbbf',\n",
" 'id': '8094',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6970',\n",
" 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n",
" 'id': '8147',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6976',\n",
" 'galaxy_cluster_uuid': '5967cc93-57c9-404a-8ffd-097edfa7bdfc',\n",
" 'id': '8197',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6988',\n",
" 'galaxy_cluster_uuid': '82cb34ba-02b5-432b-b2d2-07f55cbf674d',\n",
" 'id': '8310',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7003',\n",
" 'galaxy_cluster_uuid': '4f1c389e-a80e-4a3e-9b0e-9be8c91df64f',\n",
" 'id': '8462',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7023',\n",
" 'galaxy_cluster_uuid': '5e595477-2e78-4ce7-ae42-e0b059b17808',\n",
" 'id': '8739',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7030',\n",
" 'galaxy_cluster_uuid': 'b8eb28e4-48a6-40ae-951a-328714f75eda',\n",
" 'id': '8864',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7034',\n",
" 'galaxy_cluster_uuid': '6a0ef5d4-fc7c-4dda-85d7-592e4dbdc5d9',\n",
" 'id': '8922',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7035',\n",
" 'galaxy_cluster_uuid': '495b6cdb-7b5a-4fbc-8d33-e7ef68806d08',\n",
" 'id': '8942',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7040',\n",
" 'galaxy_cluster_uuid': '0f1ad2ef-41d4-4b7a-9304-ddae68ea3005',\n",
" 'id': '8993',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7041',\n",
" 'galaxy_cluster_uuid': 'ccd61dfc-b03f-4689-8c18-7c97eab08472',\n",
" 'id': '9010',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7098',\n",
" 'galaxy_cluster_uuid': 'fb575479-14ef-41e9-bfab-0b7cf10bec73',\n",
" 'id': '9650',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7114',\n",
" 'galaxy_cluster_uuid': '35cd1d01-1ede-44d2-b073-a264d727bc04',\n",
" 'id': '9879',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7162',\n",
" 'galaxy_cluster_uuid': '6c575670-d14c-4c7f-9b9d-fd1b363e255d',\n",
" 'id': '10461',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7170',\n",
" 'galaxy_cluster_uuid': '7343e208-7cab-45f2-a47b-41ba5e2f0fab',\n",
" 'id': '10591',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7199',\n",
" 'galaxy_cluster_uuid': 'a4f57468-fbd5-49e4-8476-52088220b92d',\n",
" 'id': '10924',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7200',\n",
" 'galaxy_cluster_uuid': 'da5880b4-f7da-4869-85f2-e0aba84b8565',\n",
" 'id': '10948',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7229',\n",
" 'galaxy_cluster_uuid': '958b5d06-8bb0-4c5b-a2e7-0130fe654ac7',\n",
" 'id': '11303',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7254',\n",
" 'galaxy_cluster_uuid': '3a4197ae-ec63-4162-907b-9a073d1157e4',\n",
" 'id': '11660',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7262',\n",
" 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n",
" 'id': '11754',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7273',\n",
" 'galaxy_cluster_uuid': '20945359-3b39-4542-85ef-08ecb4e1c174',\n",
" 'id': '11915',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7277',\n",
" 'galaxy_cluster_uuid': '959f3b19-2dc8-48d5-8942-c66813a5101a',\n",
" 'id': '11967',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7278',\n",
" 'galaxy_cluster_uuid': '425771c5-48b4-4ecd-9f95-74ed3fc9da59',\n",
" 'id': '11987',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7305',\n",
" 'galaxy_cluster_uuid': '76abb3ef-dafd-4762-97cb-a35379429db4',\n",
" 'id': '12286',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7319',\n",
" 'galaxy_cluster_uuid': 'e8545794-b98c-492b-a5b3-4b5a02682e37',\n",
" 'id': '12463',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7337',\n",
" 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n",
" 'id': '12676',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7344',\n",
" 'galaxy_cluster_uuid': 'c9b99d03-ff11-4a48-95f0-82660d582c25',\n",
" 'id': '12762',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7353',\n",
" 'galaxy_cluster_uuid': 'aae22730-e571-4d17-b037-65f2a3e26213',\n",
" 'id': '12889',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7373',\n",
" 'galaxy_cluster_uuid': 'cc5497f7-a9e8-436f-94da-b2b4a9b9ad3c',\n",
" 'id': '13123',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7379',\n",
" 'galaxy_cluster_uuid': '77ca1aa3-280c-4b67-abaa-e8fb891a8f83',\n",
" 'id': '13207',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7401',\n",
" 'galaxy_cluster_uuid': '94d6d788-07bb-4dcc-b62f-e02626b00108',\n",
" 'id': '13550',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7420',\n",
" 'galaxy_cluster_uuid': 'b7e9880a-7a7c-4162-bddb-e28e8ef2bf1f',\n",
" 'id': '13753',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7431',\n",
" 'galaxy_cluster_uuid': '99fdf3b4-96ef-4ab9-b191-fc683441cad0',\n",
" 'id': '13932',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7445',\n",
" 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n",
" 'id': '14131',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7446',\n",
" 'galaxy_cluster_uuid': '5147ef15-1cae-4707-8ea1-bee8d98b7f1d',\n",
" 'id': '14151',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7447',\n",
" 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n",
" 'id': '14166',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7463',\n",
" 'galaxy_cluster_uuid': '75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661',\n",
" 'id': '14439',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7466',\n",
" 'galaxy_cluster_uuid': '63686509-069b-4143-99ea-4e59cad6cb2a',\n",
" 'id': '14502',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7467',\n",
" 'galaxy_cluster_uuid': '32066e94-3112-48ca-b9eb-ba2b59d2f023',\n",
" 'id': '14534',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7495',\n",
" 'galaxy_cluster_uuid': '81c57a96-fc8c-4f91-af8e-63e24c2927c2',\n",
" 'id': '14981',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7521',\n",
" 'galaxy_cluster_uuid': 'ac61f1f9-7bb1-465e-9b8a-c2ce8e88baf5',\n",
" 'id': '15425',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7549',\n",
" 'galaxy_cluster_uuid': 'd18cb958-f4ad-4fb3-bb4f-e8994d206550',\n",
" 'id': '15851',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7552',\n",
" 'galaxy_cluster_uuid': '5c747acd-47f0-4c5a-b9e5-213541fc01e0',\n",
" 'id': '15882',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7558',\n",
" 'galaxy_cluster_uuid': '2a7c1bb7-cd12-456e-810d-ab3bf8457bab',\n",
" 'id': '15986',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7900',\n",
" 'galaxy_cluster_uuid': 'c8655260-9f4b-44e3-85e1-6538a5f6e4f4',\n",
" 'id': '16508',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7920',\n",
" 'galaxy_cluster_uuid': 'cb69b20d-56d0-41ab-8440-4a4b251614d4',\n",
" 'id': '16638',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7923',\n",
" 'galaxy_cluster_uuid': 'ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68',\n",
" 'id': '16654',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7943',\n",
" 'galaxy_cluster_uuid': '3433a9e8-1c47-4320-b9bf-ed449061d1c3',\n",
" 'id': '16901',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7944',\n",
" 'galaxy_cluster_uuid': '11f8d7eb-1927-4806-9267-3a11d4d4d6be',\n",
" 'id': '16928',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7958',\n",
" 'galaxy_cluster_uuid': 'd505fc8b-2e64-46eb-96d6-9ef7ffca5b66',\n",
" 'id': '17066',\n",
" 'referenced_galaxy_cluster_id': '5291',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'employ a known '\n",
" 'asymmetric '\n",
" 'encryption '\n",
" 'algorithm to '\n",
" 'conceal command and '\n",
" 'control traffic '\n",
" 'rather than relying '\n",
" 'on any inherent '\n",
" 'protections '\n",
" 'provided by a '\n",
" 'communication '\n",
" 'protocol. '\n",
" 'Asymmetric '\n",
" 'cryptography, also '\n",
" 'known as public key '\n",
" 'cryptography, uses '\n",
" 'a keypair per '\n",
" 'party: one public '\n",
" 'that can be freely '\n",
" 'distributed, and '\n",
" 'one private. Due to '\n",
" 'how the keys are '\n",
" 'generated, the '\n",
" 'sender encrypts '\n",
" 'data with the '\n",
" 'receivers public '\n",
" 'key and the '\n",
" 'receiver decrypts '\n",
" 'the data with their '\n",
" 'private key. This '\n",
" 'ensures that only '\n",
" 'the intended '\n",
" 'recipient can read '\n",
" 'the encrypted data. '\n",
" 'Common public key '\n",
" 'encryption '\n",
" 'algorithms include '\n",
" 'RSA and ElGamal.\\n'\n",
" '\\n'\n",
" 'For efficiency, '\n",
" 'many protocols '\n",
" '(including SSL/TLS) '\n",
" 'use symmetric '\n",
" 'cryptography once a '\n",
" 'connection is '\n",
" 'established, but '\n",
" 'use asymmetric '\n",
" 'cryptography to '\n",
" 'establish or '\n",
" 'transmit a key. As '\n",
" 'such, these '\n",
" 'protocols are '\n",
" 'classified as '\n",
" '[Asymmetric '\n",
" 'Cryptography](https://attack.mitre.org/techniques/T1573/002).',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '287',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5291',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1573.002'],\n",
" 'kill_chain': ['mitre-attack:command-and-control'],\n",
" 'mitre_data_sources': ['Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows'],\n",
" 'refs': ['http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840',\n",
" 'https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf',\n",
" 'https://attack.mitre.org/techniques/T1573/002',\n",
" 'https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 28,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Asymmetric '\n",
" 'Cryptography - '\n",
" 'T1573.002\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'bf176076-b789-408e-8cba-7275e81c0ada',\n",
" 'value': 'Asymmetric Cryptography - '\n",
" 'T1573.002',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5153',\n",
" 'galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'id': '869',\n",
" 'referenced_galaxy_cluster_id': '6010',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': '731f4f55-b6d0-41d1-a7a9-072a66389aea',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5171',\n",
" 'galaxy_cluster_uuid': '7d751199-05fa-4a72-920f-85df4506c76c',\n",
" 'id': '883',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'revoked-by',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5799',\n",
" 'galaxy_cluster_uuid': '20f6a9df-37c4-4e20-9e47-025983b1b39d',\n",
" 'id': '1916',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6815',\n",
" 'galaxy_cluster_uuid': 'ead23196-d7b6-4ce6-a124-4ab4b67d81bd',\n",
" 'id': '4694',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6819',\n",
" 'galaxy_cluster_uuid': 'bef4c620-0787-42a8-a96d-b7eb6e85917c',\n",
" 'id': '5015',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6833',\n",
" 'galaxy_cluster_uuid': '899ce53f-13a0-479b-a0e4-67d46e241542',\n",
" 'id': '5373',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6875',\n",
" 'galaxy_cluster_uuid': 'd0b3393b-3bec-4ba3-bda9-199d30db47b6',\n",
" 'id': '6348',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6885',\n",
" 'galaxy_cluster_uuid': '7113eaa5-ba79-4fb3-b68a-398ee9cd698e',\n",
" 'id': '6749',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6970',\n",
" 'galaxy_cluster_uuid': 'b350b47f-88fe-4921-8538-6d9c59bac84e',\n",
" 'id': '8144',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7107',\n",
" 'galaxy_cluster_uuid': 'e401d4fe-f0c9-44f0-98e6-f93487678808',\n",
" 'id': '9764',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7212',\n",
" 'galaxy_cluster_uuid': 'f36b2598-515f-4345-84e5-5ccde253edbe',\n",
" 'id': '11097',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7262',\n",
" 'galaxy_cluster_uuid': '9abdda30-08e0-4ab1-9cf0-d447654c6de9',\n",
" 'id': '11750',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7273',\n",
" 'galaxy_cluster_uuid': '20945359-3b39-4542-85ef-08ecb4e1c174',\n",
" 'id': '11911',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7328',\n",
" 'galaxy_cluster_uuid': 'f72251cb-2be5-421f-a081-99c29a1209e7',\n",
" 'id': '12574',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7337',\n",
" 'galaxy_cluster_uuid': '308b3d68-a084-4dfb-885a-3125e1a9c1e8',\n",
" 'id': '12674',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7347',\n",
" 'galaxy_cluster_uuid': '4fbd565b-bf55-4ac7-80b4-b183a7b64b9c',\n",
" 'id': '12809',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7400',\n",
" 'galaxy_cluster_uuid': '4b072c90-bc7a-432b-940e-016fc1c01761',\n",
" 'id': '13536',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7445',\n",
" 'galaxy_cluster_uuid': '8f423bd7-6ca7-4303-9e85-008c7ad5fdaa',\n",
" 'id': '14129',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7447',\n",
" 'galaxy_cluster_uuid': 'f01e2711-4b48-4192-a2e8-5f56c945ca19',\n",
" 'id': '14164',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7463',\n",
" 'galaxy_cluster_uuid': '75ecdbf1-c2bb-4afc-a3f9-c8da4de8c661',\n",
" 'id': '14437',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7472',\n",
" 'galaxy_cluster_uuid': '1492d0f8-7e14-4af3-9239-bc3fe10d3407',\n",
" 'id': '14617',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '7923',\n",
" 'galaxy_cluster_uuid': 'ed7d0cb1-87a6-43b4-9f46-ef1bc56d6c68',\n",
" 'id': '16653',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9643',\n",
" 'galaxy_cluster_uuid': 'e6c09b63-a424-4d9e-b7f7-b752cbbca02a',\n",
" 'id': '17912',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15101',\n",
" 'galaxy_cluster_uuid': '8384bd26-bde6-4da9-8e5d-4174a7a47ca2',\n",
" 'id': '22589',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '15901',\n",
" 'galaxy_cluster_uuid': 'b55ca2a3-7cff-4dda-8bdd-c7bfa63bf544',\n",
" 'id': '23491',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '16698',\n",
" 'galaxy_cluster_uuid': '62f7c9bf-9135-49b2-8aeb-1e54a6ecc13c',\n",
" 'id': '24429',\n",
" 'referenced_galaxy_cluster_id': '5153',\n",
" 'referenced_galaxy_cluster_type': 'related-to',\n",
" 'referenced_galaxy_cluster_uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'To disguise the '\n",
" 'source of malicious '\n",
" 'traffic, '\n",
" 'adversaries may '\n",
" 'chain together '\n",
" 'multiple proxies. '\n",
" 'Typically, a '\n",
" 'defender will be '\n",
" 'able to identify '\n",
" 'the last proxy '\n",
" 'traffic traversed '\n",
" 'before it enters '\n",
" 'their network; the '\n",
" 'defender may or may '\n",
" 'not be able to '\n",
" 'identify any '\n",
" 'previous proxies '\n",
" 'before the last-hop '\n",
" 'proxy. This '\n",
" 'technique makes '\n",
" 'identifying the '\n",
" 'original source of '\n",
" 'the malicious '\n",
" 'traffic even more '\n",
" 'difficult by '\n",
" 'requiring the '\n",
" 'defender to trace '\n",
" 'malicious traffic '\n",
" 'through several '\n",
" 'proxies to identify '\n",
" 'its source. A '\n",
" 'particular variant '\n",
" 'of this behavior is '\n",
" 'to use onion '\n",
" 'routing networks, '\n",
" 'such as the '\n",
" 'publicly available '\n",
" 'TOR network. '\n",
" '(Citation: Onion '\n",
" 'Routing)\\n'\n",
" '\\n'\n",
" 'In the case of '\n",
" 'network '\n",
" 'infrastructure, '\n",
" 'particularly '\n",
" 'routers, it is '\n",
" 'possible for an '\n",
" 'adversary to '\n",
" 'leverage multiple '\n",
" 'compromised devices '\n",
" 'to create a '\n",
" 'multi-hop proxy '\n",
" 'chain within the '\n",
" 'Wide-Area Network '\n",
" '(WAN) of the '\n",
" 'enterprise. By '\n",
" 'leveraging [Patch '\n",
" 'System '\n",
" 'Image](https://attack.mitre.org/techniques/T1601/001), '\n",
" 'adversaries can add '\n",
" 'custom code to the '\n",
" 'affected network '\n",
" 'devices that will '\n",
" 'implement onion '\n",
" 'routing between '\n",
" 'those nodes. This '\n",
" 'custom onion '\n",
" 'routing network '\n",
" 'will transport the '\n",
" 'encrypted C2 '\n",
" 'traffic through the '\n",
" 'compromised '\n",
" 'population, '\n",
" 'allowing '\n",
" 'adversaries to '\n",
" 'communicate with '\n",
" 'any device within '\n",
" 'the onion routing '\n",
" 'network. This '\n",
" 'method is dependent '\n",
" 'upon the [Network '\n",
" 'Boundary '\n",
" 'Bridging](https://attack.mitre.org/techniques/T1599) '\n",
" 'method in order to '\n",
" 'allow the '\n",
" 'adversaries to '\n",
" 'cross the protected '\n",
" 'network boundary of '\n",
" 'the Internet '\n",
" 'perimeter and into '\n",
" 'the organizations '\n",
" 'WAN. Protocols such '\n",
" 'as ICMP may be used '\n",
" 'as a transport.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '288',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5153',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1090.003'],\n",
" 'kill_chain': ['mitre-attack:command-and-control'],\n",
" 'mitre_data_sources': ['Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Connection '\n",
" 'Creation',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Flow'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows',\n",
" 'Network'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1090/003',\n",
" 'https://en.wikipedia.org/wiki/Onion_routing']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 29,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Multi-hop '\n",
" 'Proxy - T1090.003\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'a782ebe2-daba-42c7-bc82-e8e9d923162d',\n",
" 'value': 'Multi-hop Proxy - '\n",
" 'T1090.003',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'attempt to make an '\n",
" 'executable or file '\n",
" 'difficult to '\n",
" 'discover or analyze '\n",
" 'by encrypting, '\n",
" 'encoding, or '\n",
" 'otherwise '\n",
" 'obfuscating its '\n",
" 'contents on the '\n",
" 'system or in '\n",
" 'transit. This is '\n",
" 'common behavior '\n",
" 'that can be used '\n",
" 'across different '\n",
" 'platforms and the '\n",
" 'network to evade '\n",
" 'defenses. \\n'\n",
" '\\n'\n",
" 'Payloads may be '\n",
" 'compressed, '\n",
" 'archived, or '\n",
" 'encrypted in order '\n",
" 'to avoid detection. '\n",
" 'These payloads may '\n",
" 'be used during '\n",
" 'Initial Access or '\n",
" 'later to mitigate '\n",
" 'detection. '\n",
" \"Sometimes a user's \"\n",
" 'action may be '\n",
" 'required to open '\n",
" 'and '\n",
" '[Deobfuscate/Decode '\n",
" 'Files or '\n",
" 'Information](https://attack.mitre.org/techniques/T1140) '\n",
" 'for [User '\n",
" 'Execution](https://attack.mitre.org/techniques/T1204). '\n",
" 'The user may also '\n",
" 'be required to '\n",
" 'input a password to '\n",
" 'open a password '\n",
" 'protected '\n",
" 'compressed/encrypted '\n",
" 'file that was '\n",
" 'provided by the '\n",
" 'adversary. '\n",
" '(Citation: Volexity '\n",
" 'PowerDuke November '\n",
" '2016) Adversaries '\n",
" 'may also use '\n",
" 'compressed or '\n",
" 'archived scripts, '\n",
" 'such as '\n",
" 'JavaScript. \\n'\n",
" '\\n'\n",
" 'Portions of files '\n",
" 'can also be encoded '\n",
" 'to hide the '\n",
" 'plain-text strings '\n",
" 'that would '\n",
" 'otherwise help '\n",
" 'defenders with '\n",
" 'discovery. '\n",
" '(Citation: '\n",
" 'Linux/Cdorked.A We '\n",
" 'Live Security '\n",
" 'Analysis) Payloads '\n",
" 'may also be split '\n",
" 'into separate, '\n",
" 'seemingly benign '\n",
" 'files that only '\n",
" 'reveal malicious '\n",
" 'functionality when '\n",
" 'reassembled. '\n",
" '(Citation: Carbon '\n",
" 'Black Obfuscation '\n",
" 'Sept 2016)\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'also abuse [Command '\n",
" 'Obfuscation](https://attack.mitre.org/techniques/T1027/010) '\n",
" 'to obscure commands '\n",
" 'executed from '\n",
" 'payloads or '\n",
" 'directly via '\n",
" '[Command and '\n",
" 'Scripting '\n",
" 'Interpreter](https://attack.mitre.org/techniques/T1059). '\n",
" 'Environment '\n",
" 'variables, aliases, '\n",
" 'characters, and '\n",
" 'other '\n",
" 'platform/language '\n",
" 'specific semantics '\n",
" 'can be used to '\n",
" 'evade signature '\n",
" 'based detections '\n",
" 'and application '\n",
" 'control mechanisms. '\n",
" '(Citation: FireEye '\n",
" 'Obfuscation June '\n",
" '2017) (Citation: '\n",
" 'FireEye '\n",
" 'Revoke-Obfuscation '\n",
" 'July '\n",
" '2017)(Citation: '\n",
" 'PaloAlto '\n",
" 'EncodedCommand '\n",
" 'March 2017) ',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '289',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '4727',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1027'],\n",
" 'kill_chain': ['mitre-attack:defense-evasion'],\n",
" 'mitre_data_sources': ['Command: '\n",
" 'Command '\n",
" 'Execution',\n",
" 'File: '\n",
" 'File '\n",
" 'Creation',\n",
" 'File: '\n",
" 'File '\n",
" 'Metadata',\n",
" 'Module: '\n",
" 'Module '\n",
" 'Load',\n",
" 'Process: '\n",
" 'OS '\n",
" 'API '\n",
" 'Execution',\n",
" 'Process: '\n",
" 'Process '\n",
" 'Creation',\n",
" 'Script: '\n",
" 'Script '\n",
" 'Execution',\n",
" 'WMI: '\n",
" 'WMI '\n",
" 'Creation',\n",
" 'Windows '\n",
" 'Registry: '\n",
" 'Windows '\n",
" 'Registry '\n",
" 'Key '\n",
" 'Creation'],\n",
" 'mitre_platforms': ['Linux',\n",
" 'macOS',\n",
" 'Windows'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1027',\n",
" 'https://github.com/danielbohannon/Revoke-Obfuscation',\n",
" 'https://github.com/itsreallynick/office-crackros',\n",
" 'https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/',\n",
" 'https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html',\n",
" 'https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/',\n",
" 'https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf',\n",
" 'https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/',\n",
" 'https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 30,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Obfuscated '\n",
" 'Files or Information - '\n",
" 'T1027\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'b3d682b6-98f2-4fb0-aa3b-b4df007ca70a',\n",
" 'value': 'Obfuscated Files or '\n",
" 'Information - T1027',\n",
" 'version': '25'}],\n",
" 'description': 'ATT&CK Tactic',\n",
" 'enabled': True,\n",
" 'icon': 'map',\n",
" 'id': '23',\n",
" 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n",
" 'resource-development',\n",
" 'initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact'],\n",
" 'mitre-mobile-attack': ['initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact',\n",
" 'network-effects',\n",
" 'remote-service-effects'],\n",
" 'mitre-pre-attack': ['priority-definition-planning',\n",
" 'priority-definition-direction',\n",
" 'target-selection',\n",
" 'technical-information-gathering',\n",
" 'people-information-gathering',\n",
" 'organizational-information-gathering',\n",
" 'technical-weakness-identification',\n",
" 'people-weakness-identification',\n",
" 'organizational-weakness-identification',\n",
" 'adversary-opsec',\n",
" 'establish-&-maintain-infrastructure',\n",
" 'persona-development',\n",
" 'build-capabilities',\n",
" 'test-capabilities',\n",
" 'stage-capabilities']},\n",
" 'local_only': False,\n",
" 'name': 'Attack Pattern',\n",
" 'namespace': 'mitre-attack',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n",
" 'version': '9'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Various'],\n",
" 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '290',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '53',\n",
" 'id': '18422',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'CERT-EU',\n",
" 'tag_id': 31,\n",
" 'tag_name': 'misp-galaxy:sector=\"Academia '\n",
" '- University\"',\n",
" 'type': 'sector',\n",
" 'uuid': '98821a86-3c11-474b-afab-3c84af061407',\n",
" 'value': 'Academia - University',\n",
" 'version': '5'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Various'],\n",
" 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '291',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '53',\n",
" 'id': '18448',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'synonyms': ['Government',\n",
" 'Administration']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'CERT-EU',\n",
" 'tag_id': 32,\n",
" 'tag_name': 'misp-galaxy:sector=\"Government, '\n",
" 'Administration\"',\n",
" 'type': 'sector',\n",
" 'uuid': '6012ecea-dcc8-490c-b368-e2e06b2cb62f',\n",
" 'value': 'Government, '\n",
" 'Administration',\n",
" 'version': '5'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Various'],\n",
" 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '292',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '53',\n",
" 'id': '18456',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'CERT-EU',\n",
" 'tag_id': 33,\n",
" 'tag_name': 'misp-galaxy:sector=\"IT '\n",
" '- ISP\"',\n",
" 'type': 'sector',\n",
" 'uuid': '872de996-e069-4cd9-b227-d5ca01dc020c',\n",
" 'value': 'IT - ISP',\n",
" 'version': '5'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Various'],\n",
" 'collection_uuid': '1401c704-7dfb-41f6-a6d3-e751b270843b',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '293',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '53',\n",
" 'id': '18526',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'CERT-EU',\n",
" 'tag_id': 34,\n",
" 'tag_name': 'misp-galaxy:sector=\"Marketing\"',\n",
" 'type': 'sector',\n",
" 'uuid': 'ee5720bb-c638-46f8-bdf2-55579bf37eb2',\n",
" 'value': 'Marketing',\n",
" 'version': '5'}],\n",
" 'description': 'Activity sectors',\n",
" 'enabled': True,\n",
" 'icon': 'industry',\n",
" 'id': '53',\n",
" 'local_only': False,\n",
" 'name': 'Sector',\n",
" 'namespace': 'misp',\n",
" 'type': 'sector',\n",
" 'uuid': 'e1bb134c-ae4d-11e7-8aa9-f78a37325439',\n",
" 'version': '2'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14458',\n",
" 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2424d55',\n",
" 'id': '21874',\n",
" 'referenced_galaxy_cluster_id': '10024',\n",
" 'referenced_galaxy_cluster_type': 'located-in',\n",
" 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14469',\n",
" 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b243414e',\n",
" 'id': '21885',\n",
" 'referenced_galaxy_cluster_id': '10024',\n",
" 'referenced_galaxy_cluster_type': 'located-in',\n",
" 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14515',\n",
" 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b247524c',\n",
" 'id': '21931',\n",
" 'referenced_galaxy_cluster_id': '10024',\n",
" 'referenced_galaxy_cluster_type': 'located-in',\n",
" 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14612',\n",
" 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b253504d',\n",
" 'id': '22028',\n",
" 'referenced_galaxy_cluster_id': '10024',\n",
" 'referenced_galaxy_cluster_type': 'located-in',\n",
" 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14665',\n",
" 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2555341',\n",
" 'id': '22081',\n",
" 'referenced_galaxy_cluster_id': '10024',\n",
" 'referenced_galaxy_cluster_type': 'located-in',\n",
" 'referenced_galaxy_cluster_uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '294',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '51',\n",
" 'id': '10024',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'subregions': ['060 - '\n",
" 'Bermuda',\n",
" '124 - '\n",
" 'Canada',\n",
" '304 - '\n",
" 'Greenland',\n",
" '666 - '\n",
" 'Saint '\n",
" 'Pierre and '\n",
" 'Miquelon',\n",
" '840 - '\n",
" 'United '\n",
" 'States of '\n",
" 'America']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n",
" 'tag_id': 35,\n",
" 'tag_name': 'misp-galaxy:region=\"021 '\n",
" '- Northern America\"',\n",
" 'type': 'region',\n",
" 'uuid': '64974dea-c6c9-462d-9fcf-4456a397d591',\n",
" 'value': '021 - Northern America',\n",
" 'version': '1'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '295',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '51',\n",
" 'id': '10034',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'subregions': ['030 - '\n",
" 'Eastern '\n",
" 'Asia',\n",
" '034 - '\n",
" 'Southern '\n",
" 'Asia',\n",
" '035 - '\n",
" 'South-eastern '\n",
" 'Asia',\n",
" '143 - '\n",
" 'Central '\n",
" 'Asia',\n",
" '145 - '\n",
" 'Western '\n",
" 'Asia']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n",
" 'tag_id': 36,\n",
" 'tag_name': 'misp-galaxy:region=\"142 '\n",
" '- Asia\"',\n",
" 'type': 'region',\n",
" 'uuid': '4b09b683-5650-4a6c-a383-d8f3b686ebc2',\n",
" 'value': '142 - Asia',\n",
" 'version': '1'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'eea087b6-e02f-11e9-89c1-cf406e0267ec',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '296',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '51',\n",
" 'id': '10037',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'subregions': ['039 - '\n",
" 'Southern '\n",
" 'Europe',\n",
" '151 - '\n",
" 'Eastern '\n",
" 'Europe',\n",
" '154 - '\n",
" 'Northern '\n",
" 'Europe',\n",
" '155 - '\n",
" 'Western '\n",
" 'Europe']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://unstats.un.org/unsd/methodology/m49/overview/',\n",
" 'tag_id': 37,\n",
" 'tag_name': 'misp-galaxy:region=\"150 '\n",
" '- Europe\"',\n",
" 'type': 'region',\n",
" 'uuid': '739c285c-fe59-4540-b323-bf713af30347',\n",
" 'value': '150 - Europe',\n",
" 'version': '1'}],\n",
" 'description': 'Regions based on UN M49.',\n",
" 'enabled': True,\n",
" 'icon': 'globe-europe',\n",
" 'id': '51',\n",
" 'local_only': False,\n",
" 'name': 'Regions UN M49',\n",
" 'namespace': 'misp',\n",
" 'type': 'region',\n",
" 'uuid': 'd151a79a-e029-11e9-9409-f3e0cf3d93aa',\n",
" 'version': '2'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1944',\n",
" 'referenced_galaxy_cluster_id': '4945',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '06c00069-771a-4d57-8ef5-d3718c1a8771',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1945',\n",
" 'referenced_galaxy_cluster_id': '5189',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1946',\n",
" 'referenced_galaxy_cluster_id': '6081',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '10d51417-ee35-4589-b1ff-b6df1c334e8d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1947',\n",
" 'referenced_galaxy_cluster_id': '4799',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '10ffac09-e42d-4f56-ab20-db94c67d76ff',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1948',\n",
" 'referenced_galaxy_cluster_id': '5982',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '1608f3e1-598a-42f4-a01a-2e252e81728f',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1949',\n",
" 'referenced_galaxy_cluster_id': '5190',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '1d24cdee-9ea2-4189-b08e-af110bf2435d',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1950',\n",
" 'referenced_galaxy_cluster_id': '5529',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '2db31dcd-54da-405d-acef-b9129b816ed6',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1951',\n",
" 'referenced_galaxy_cluster_id': '4880',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1952',\n",
" 'referenced_galaxy_cluster_id': '6090',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '3257eb21-f9a7-4430-8de1-d8b6e288f529',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1953',\n",
" 'referenced_galaxy_cluster_id': '4731',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '3298ce88-1628-43b1-87d9-0b5336b193d7',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1954',\n",
" 'referenced_galaxy_cluster_id': '4692',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '4ffc1794-ec3b-45be-9e52-42dbcb2af2de',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1955',\n",
" 'referenced_galaxy_cluster_id': '6077',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '54a649ff-439a-41a4-9856-8d144a2551ba',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1956',\n",
" 'referenced_galaxy_cluster_id': '5344',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '54ca26f3-c172-4231-93e5-ccebcac2161f',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1957',\n",
" 'referenced_galaxy_cluster_id': '5247',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '635cbe30-392d-4e27-978e-66774357c762',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1958',\n",
" 'referenced_galaxy_cluster_id': '5191',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '692074ae-bb62-4a5e-a735-02cb6bde458c',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1959',\n",
" 'referenced_galaxy_cluster_id': '5252',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '7610cada-1499-41a4-b3dd-46467b68d177',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1960',\n",
" 'referenced_galaxy_cluster_id': '5241',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '7decb26c-715c-40cf-b7e0-026f7d7cc215',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1961',\n",
" 'referenced_galaxy_cluster_id': '5199',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '8861073d-d1b8-4941-82ce-dce621d398f0',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1962',\n",
" 'referenced_galaxy_cluster_id': '4859',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '8a2f40cf-8325-47f9-96e4-b1ca4c7389bd',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1963',\n",
" 'referenced_galaxy_cluster_id': '6106',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '92a78814-b191-47ca-909c-1ccfe3777414',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1964',\n",
" 'referenced_galaxy_cluster_id': '4668',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '954a1639-f2d6-407d-aef3-4917622ca493',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1965',\n",
" 'referenced_galaxy_cluster_id': '5956',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '9fa07bef-9c81-421e-a8e5-ad4366c5a925',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1966',\n",
" 'referenced_galaxy_cluster_id': '5262',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'a009cb25-4801-4116-9105-80a91cf15c1b',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1967',\n",
" 'referenced_galaxy_cluster_id': '6059',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'a10641f4-87b4-45a3-a906-92a149cb2c27',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1968',\n",
" 'referenced_galaxy_cluster_id': '5973',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'a93494bb-4b80-4ea1-8695-3236a49916fd',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1969',\n",
" 'referenced_galaxy_cluster_id': '4993',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'ae7f3575-0a5e-427e-991b-fe03ad44c754',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1970',\n",
" 'referenced_galaxy_cluster_id': '5192',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'b2d03cea-aec1-45ca-9744-9ee583c1e1cc',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1971',\n",
" 'referenced_galaxy_cluster_id': '5162',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'b4409cd8-0da9-46e1-a401-a241afd4d1cc',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1972',\n",
" 'referenced_galaxy_cluster_id': '4891',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'b4694861-542c-48ea-9eb1-10d356e7140a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1973',\n",
" 'referenced_galaxy_cluster_id': '5149',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'b8017880-4b1e-42de-ad10-ae7ac6705166',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1974',\n",
" 'referenced_galaxy_cluster_id': '5220',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1975',\n",
" 'referenced_galaxy_cluster_id': '5251',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'cff94884-3b1c-4987-a70b-6d5643c621c3',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1976',\n",
" 'referenced_galaxy_cluster_id': '4848',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'd245808a-7086-4310-984a-a84aaaa43f8f',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1977',\n",
" 'referenced_galaxy_cluster_id': '4918',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'd4b96d2c-1032-4b22-9235-2b5b649d0605',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1978',\n",
" 'referenced_galaxy_cluster_id': '6014',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'e01be9c5-e763-4caf-aeb7-000b416aef67',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1979',\n",
" 'referenced_galaxy_cluster_id': '4676',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'e74de37c-a829-446c-937d-56a44f0e9306',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1980',\n",
" 'referenced_galaxy_cluster_id': '4846',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'eb062747-2193-45de-8fa2-e62549c37ddf',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1981',\n",
" 'referenced_galaxy_cluster_id': '5235',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'f232fa7a-025c-4d43-abc7-318e81a73d65',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1982',\n",
" 'referenced_galaxy_cluster_id': '5144',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'f4c1826f-a322-41cd-9557-562100848c84',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1983',\n",
" 'referenced_galaxy_cluster_id': '4953',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'fa44a152-ac48-441e-a524-dd7b04b8adcd',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001fc2',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '3',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"almost-certain\"',\n",
" 'numerical_value': '95',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5854',\n",
" 'galaxy_cluster_uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'id': '1984',\n",
" 'referenced_galaxy_cluster_id': '4850',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': 'fc74ba38-dc98-461f-8611-b3dbf9978e3d',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'a8825ae8-6dea-11e7-8d57-7728f3cfe086',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Use two or more '\n",
" 'pieces of evidence '\n",
" 'to authenticate to '\n",
" 'a system; such as '\n",
" 'username and '\n",
" 'password in '\n",
" 'addition to a token '\n",
" 'from a physical '\n",
" 'smart card or token '\n",
" 'generator.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '303',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '24',\n",
" 'id': '5854',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['M1032'],\n",
" 'refs': ['https://attack.mitre.org/mitigations/M1032']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 43,\n",
" 'tag_name': 'misp-galaxy:mitre-course-of-action=\"Multi-factor '\n",
" 'Authentication - '\n",
" 'M1032\"',\n",
" 'type': 'mitre-course-of-action',\n",
" 'uuid': 'b045d015-6bed-4490-bd38-56b41ece59a0',\n",
" 'value': 'Multi-factor '\n",
" 'Authentication - M1032',\n",
" 'version': '26'}],\n",
" 'description': 'ATT&CK Mitigation',\n",
" 'enabled': True,\n",
" 'icon': 'link',\n",
" 'id': '24',\n",
" 'local_only': False,\n",
" 'name': 'Course of Action',\n",
" 'namespace': 'mitre-attack',\n",
" 'type': 'mitre-course-of-action',\n",
" 'uuid': '6fcb4472-6de4-11e7-b5f7-37771619e14e',\n",
" 'version': '7'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '23',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Compromise '\n",
" 'Client Software Binary - T1554\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '24',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Traffic '\n",
" 'Signaling - T1205\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '25',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Clear Command '\n",
" 'History - T1070.003\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '26',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Timestomp - '\n",
" 'T1070.006\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '27',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Symmetric '\n",
" 'Cryptography - T1573.001\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '28',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Asymmetric '\n",
" 'Cryptography - T1573.002\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '29',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Multi-hop '\n",
" 'Proxy - T1090.003\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '30',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Obfuscated '\n",
" 'Files or Information - T1027\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '31',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:sector=\"Academia - University\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '32',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:sector=\"Government, Administration\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '33',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:sector=\"IT - ISP\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '34',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:sector=\"Marketing\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '35',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:region=\"021 - Northern America\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '36',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:region=\"142 - Asia\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '37',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:region=\"150 - Europe\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#996e00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '38',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'access-method:stolen-credentials',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:white',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#002b4a',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '39',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'osint:source-type=\"technical-report\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#007ed9',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '40',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'osint:certainty=\"93\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#00c0eb',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '41',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'veris:action:hacking:vector=\"Backdoor or C2\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '42',\n",
" 'is_custom_galaxy': True,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:backdoor=\"c070c1c8-8939-4e66-bf4d-b91e8392a7a4\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '43',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-course-of-action=\"Multi-factor '\n",
" 'Authentication - M1032\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '44',\n",
" 'is_custom_galaxy': True,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-course-of-action=\"08c0a23d-ed11-41b9-85ae-7cd86181b254\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '2',\n",
" 'attribute_count': '24',\n",
" 'date': '2021-02-03',\n",
" 'disable_correlation': False,\n",
" 'distribution': '1',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '52',\n",
" 'info': 'Kobalos - Linux threat to high performance computing '\n",
" 'infrastructure',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '2',\n",
" 'timestamp': '1617972935',\n",
" 'uuid': '83a7add9-76d7-47ef-9f4b-ebd07fbe880d'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Francesco Bigarella',\n",
" 'Christophe Vandeplas'],\n",
" 'collection_uuid': 'cc0c8ae9-aec2-42c6-9939-f4f82b051836',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Type of Jackpotting '\n",
" 'attack. Connection '\n",
" 'of an unauthorized '\n",
" 'device which sends '\n",
" 'dispense commands '\n",
" 'directly to the ATM '\n",
" 'cash dispenser in '\n",
" 'order to “cash out” '\n",
" 'the ATM.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '308',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '4',\n",
" 'id': '575',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'kill_chain': ['fraud-tactics:Target '\n",
" 'Compromise'],\n",
" 'refs': ['https://www.association-secure-transactions.eu/industry-information/fraud-definitions/'],\n",
" 'synonyms': ['Black Box '\n",
" 'Attack']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Open Sources',\n",
" 'tag_id': 19,\n",
" 'tag_name': 'misp-galaxy:financial-fraud=\"ATM '\n",
" 'Black Box Attack\"',\n",
" 'type': 'financial-fraud',\n",
" 'uuid': '6bec22cb-9aed-426a-bffc-b0a78db6527a',\n",
" 'value': 'ATM Black Box Attack',\n",
" 'version': '6'}],\n",
" 'description': 'attck4fraud - Principles of MITRE '\n",
" 'ATT&CK in the fraud domain',\n",
" 'enabled': True,\n",
" 'icon': 'map',\n",
" 'id': '4',\n",
" 'kill_chain_order': {'fraud-tactics': ['Initiation',\n",
" 'Target '\n",
" 'Compromise',\n",
" 'Perform Fraud',\n",
" 'Obtain '\n",
" 'Fraudulent '\n",
" 'Assets',\n",
" 'Assets '\n",
" 'Transfer',\n",
" 'Monetisation',\n",
" 'Due '\n",
" 'Diligence']},\n",
" 'local_only': False,\n",
" 'name': 'attck4fraud',\n",
" 'namespace': 'misp',\n",
" 'type': 'financial-fraud',\n",
" 'uuid': 'cc0c8ae9-aec2-42c6-9939-f4f82b051836',\n",
" 'version': '2'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n",
" 'http://pastebin.com/raw/GHgpWjar',\n",
" 'MISP Project',\n",
" 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n",
" 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Ransomware Based on '\n",
" 'HiddenTear',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '309',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '49',\n",
" 'id': '8410',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'encryption': ['AES-256'],\n",
" 'extensions': ['.암호화됨'],\n",
" 'payment-method': ['Bitcoin'],\n",
" 'price': ['0.5'],\n",
" 'ransomnotes-filenames': ['ReadMe.txt'],\n",
" 'refs': ['http://www.nyxbone.com/malware/koreanRansom.html',\n",
" 'http://id-ransomware.blogspot.com/2016/08/korean-ransomware.html']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 20,\n",
" 'tag_name': 'misp-galaxy:ransomware=\"Korean\"',\n",
" 'type': 'ransomware',\n",
" 'uuid': '4febffe0-3837-41d7-b95f-e26d126275e4',\n",
" 'value': 'Korean',\n",
" 'version': '118'}],\n",
" 'description': 'Ransomware galaxy based on '\n",
" 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n",
" 'enabled': True,\n",
" 'icon': 'btc',\n",
" 'id': '49',\n",
" 'local_only': False,\n",
" 'name': 'Ransomware',\n",
" 'namespace': 'misp',\n",
" 'type': 'ransomware',\n",
" 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n",
" 'version': '4'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5584',\n",
" 'galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n",
" 'id': '1176',\n",
" 'referenced_galaxy_cluster_id': '5520',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': 'ce0687a0-e692-4b77-964a-0784a8e54ff1',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5899',\n",
" 'galaxy_cluster_uuid': '78bb71be-92b4-46de-acd6-5f998fedf1cc',\n",
" 'id': '2378',\n",
" 'referenced_galaxy_cluster_id': '5584',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '6786',\n",
" 'galaxy_cluster_uuid': '381fcf73-60f6-4ab2-9991-6af3cbc35192',\n",
" 'id': '3998',\n",
" 'referenced_galaxy_cluster_id': '5584',\n",
" 'referenced_galaxy_cluster_type': 'uses',\n",
" 'referenced_galaxy_cluster_uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'acquire information '\n",
" 'about '\n",
" 'vulnerabilities '\n",
" 'that can be used '\n",
" 'during targeting. A '\n",
" 'vulnerability is a '\n",
" 'weakness in '\n",
" 'computer hardware '\n",
" 'or software that '\n",
" 'can, potentially, '\n",
" 'be exploited by an '\n",
" 'adversary to cause '\n",
" 'unintended or '\n",
" 'unanticipated '\n",
" 'behavior to occur. '\n",
" 'Adversaries may '\n",
" 'find vulnerability '\n",
" 'information by '\n",
" 'searching open '\n",
" 'databases or '\n",
" 'gaining access to '\n",
" 'closed '\n",
" 'vulnerability '\n",
" 'databases.(Citation: '\n",
" 'National '\n",
" 'Vulnerability '\n",
" 'Database)\\n'\n",
" '\\n'\n",
" 'An adversary may '\n",
" 'monitor '\n",
" 'vulnerability '\n",
" 'disclosures/databases '\n",
" 'to understand the '\n",
" 'state of existing, '\n",
" 'as well as newly '\n",
" 'discovered, '\n",
" 'vulnerabilities. '\n",
" 'There is usually a '\n",
" 'delay between when '\n",
" 'a vulnerability is '\n",
" 'discovered and when '\n",
" 'it is made public. '\n",
" 'An adversary may '\n",
" 'target the systems '\n",
" 'of those known to '\n",
" 'conduct '\n",
" 'vulnerability '\n",
" 'research (including '\n",
" 'commercial '\n",
" 'vendors). Knowledge '\n",
" 'of a vulnerability '\n",
" 'may cause an '\n",
" 'adversary to search '\n",
" 'for an existing '\n",
" 'exploit (i.e. '\n",
" '[Exploits](https://attack.mitre.org/techniques/T1588/005)) '\n",
" 'or to attempt to '\n",
" 'develop one '\n",
" 'themselves (i.e. '\n",
" '[Exploits](https://attack.mitre.org/techniques/T1587/004)).',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '310',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5584',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1588.006'],\n",
" 'kill_chain': ['mitre-attack:resource-development'],\n",
" 'mitre_platforms': ['PRE'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1588/006',\n",
" 'https://nvd.nist.gov/']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 21,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Vulnerabilities '\n",
" '- T1588.006\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '2b5aa86b-a0df-4382-848d-30abea443327',\n",
" 'value': 'Vulnerabilities - '\n",
" 'T1588.006',\n",
" 'version': '25'}],\n",
" 'description': 'ATT&CK Tactic',\n",
" 'enabled': True,\n",
" 'icon': 'map',\n",
" 'id': '23',\n",
" 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n",
" 'resource-development',\n",
" 'initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact'],\n",
" 'mitre-mobile-attack': ['initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact',\n",
" 'network-effects',\n",
" 'remote-service-effects'],\n",
" 'mitre-pre-attack': ['priority-definition-planning',\n",
" 'priority-definition-direction',\n",
" 'target-selection',\n",
" 'technical-information-gathering',\n",
" 'people-information-gathering',\n",
" 'organizational-information-gathering',\n",
" 'technical-weakness-identification',\n",
" 'people-weakness-identification',\n",
" 'organizational-weakness-identification',\n",
" 'adversary-opsec',\n",
" 'establish-&-maintain-infrastructure',\n",
" 'persona-development',\n",
" 'build-capabilities',\n",
" 'test-capabilities',\n",
" 'stage-capabilities']},\n",
" 'local_only': False,\n",
" 'name': 'Attack Pattern',\n",
" 'namespace': 'mitre-attack',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n",
" 'version': '9'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#004646',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '9',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'type:OSINT',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:white',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#db0076',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '18',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'workflow:state=\"incomplete\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '19',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:financial-fraud=\"ATM Black Box '\n",
" 'Attack\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ca957b',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '20',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:ransomware=\"Korean\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#5dc0e0',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '21',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Vulnerabilities '\n",
" '- T1588.006\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#418100',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '22',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'circl:incident-classification=\"vulnerability\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '1',\n",
" 'attribute_count': '64',\n",
" 'date': '2021-02-16',\n",
" 'disable_correlation': False,\n",
" 'distribution': '3',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '53',\n",
" 'info': 'ATM Vulnerabilities Allow Deposit Forgery Attacks',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '2',\n",
" 'timestamp': '1682497911',\n",
" 'uuid': '848a3172-1301-4cbd-8398-435b00904c20'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Alexandre Dulaunoy',\n",
" 'Florian Roth',\n",
" 'Thomas Schreck',\n",
" 'Timo Steffens',\n",
" 'Various'],\n",
" 'collection_uuid': '7cdff317-a673-4474-84ec-4f1754947823',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'The Syrian '\n",
" 'Electronic Army '\n",
" '(SEA) is a group of '\n",
" 'computer hackers '\n",
" 'which first '\n",
" 'surfaced online in '\n",
" '2011 to support the '\n",
" 'government of '\n",
" 'Syrian President '\n",
" 'Bashar al-Assad. '\n",
" 'Using spamming, '\n",
" 'website defacement, '\n",
" 'malware, phishing, '\n",
" 'and denial of '\n",
" 'service attacks, it '\n",
" 'has targeted '\n",
" 'political '\n",
" 'opposition groups, '\n",
" 'western news '\n",
" 'organizations, '\n",
" 'human rights groups '\n",
" 'and websites that '\n",
" 'are seemingly '\n",
" 'neutral to the '\n",
" 'Syrian conflict. It '\n",
" 'has also hacked '\n",
" 'government websites '\n",
" 'in the Middle East '\n",
" 'and Europe, as well '\n",
" 'as US defense '\n",
" 'contractors. As of '\n",
" '2011 the SEA has '\n",
" 'been *the first '\n",
" 'Arab country to '\n",
" 'have a public '\n",
" 'Internet Army '\n",
" 'hosted on its '\n",
" 'national networks '\n",
" 'to openly launch '\n",
" 'cyber attacks on '\n",
" 'its enemies*. The '\n",
" 'precise nature of '\n",
" \"SEA's relationship \"\n",
" 'with the Syrian '\n",
" 'government has '\n",
" 'changed over time '\n",
" 'and is unclear',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '312',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '62',\n",
" 'id': '18607',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'attribution-confidence': ['50'],\n",
" 'country': ['SY'],\n",
" 'refs': ['https://en.wikipedia.org/wiki/Syrian_Electronic_Army'],\n",
" 'synonyms': ['SyrianElectronicArmy',\n",
" 'SEA']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'MISP Project',\n",
" 'tag_id': 14,\n",
" 'tag_name': 'misp-galaxy:threat-actor=\"Deadeye '\n",
" 'Jackal\"',\n",
" 'type': 'threat-actor',\n",
" 'uuid': '4265d44e-8372-4ed0-b428-b331a5443d7d',\n",
" 'value': 'Deadeye Jackal',\n",
" 'version': '281'}],\n",
" 'description': 'Threat actors are characteristics of '\n",
" 'malicious actors (or adversaries) '\n",
" 'representing a cyber attack threat '\n",
" 'including presumed intent and '\n",
" 'historically observed behaviour.',\n",
" 'enabled': True,\n",
" 'icon': 'user-secret',\n",
" 'id': '62',\n",
" 'local_only': False,\n",
" 'name': 'Threat Actor',\n",
" 'namespace': 'misp',\n",
" 'type': 'threat-actor',\n",
" 'uuid': '698774c7-8022-42c4-917f-8d6e4f06ada3',\n",
" 'version': '3'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5248',\n",
" 'galaxy_cluster_uuid': '8c41090b-aa47-4331-986b-8c9a51a91103',\n",
" 'id': '956',\n",
" 'referenced_galaxy_cluster_id': '5614',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5258',\n",
" 'galaxy_cluster_uuid': '0cfe31a7-81fc-472c-bc45-e2808d1066a3',\n",
" 'id': '966',\n",
" 'referenced_galaxy_cluster_id': '5614',\n",
" 'referenced_galaxy_cluster_type': 'subtechnique-of',\n",
" 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n",
" 'sharing_group_id': None},\n",
" {'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '5877',\n",
" 'galaxy_cluster_uuid': '3efe43d1-6f3f-4fcb-ab39-4a730971f70b',\n",
" 'id': '2233',\n",
" 'referenced_galaxy_cluster_id': '5614',\n",
" 'referenced_galaxy_cluster_type': 'mitigates',\n",
" 'referenced_galaxy_cluster_uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'modify visual '\n",
" 'content available '\n",
" 'internally or '\n",
" 'externally to an '\n",
" 'enterprise network, '\n",
" 'thus affecting the '\n",
" 'integrity of the '\n",
" 'original content. '\n",
" 'Reasons for '\n",
" '[Defacement](https://attack.mitre.org/techniques/T1491) '\n",
" 'include delivering '\n",
" 'messaging, '\n",
" 'intimidation, or '\n",
" 'claiming (possibly '\n",
" 'false) credit for '\n",
" 'an intrusion. '\n",
" 'Disturbing or '\n",
" 'offensive images '\n",
" 'may be used as a '\n",
" 'part of '\n",
" '[Defacement](https://attack.mitre.org/techniques/T1491) '\n",
" 'in order to cause '\n",
" 'user discomfort, or '\n",
" 'to pressure '\n",
" 'compliance with '\n",
" 'accompanying '\n",
" 'messages. \\n',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '315',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5614',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1491'],\n",
" 'kill_chain': ['mitre-attack:impact'],\n",
" 'mitre_data_sources': ['Application '\n",
" 'Log: '\n",
" 'Application '\n",
" 'Log '\n",
" 'Content',\n",
" 'File: '\n",
" 'File '\n",
" 'Creation',\n",
" 'File: '\n",
" 'File '\n",
" 'Modification',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content'],\n",
" 'mitre_platforms': ['Windows',\n",
" 'IaaS',\n",
" 'Linux',\n",
" 'macOS'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1491']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 17,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Defacement '\n",
" '- T1491\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '5909f20f-3c39-4795-be06-ef1ea40d350b',\n",
" 'value': 'Defacement - T1491',\n",
" 'version': '25'}],\n",
" 'description': 'ATT&CK Tactic',\n",
" 'enabled': True,\n",
" 'icon': 'map',\n",
" 'id': '23',\n",
" 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n",
" 'resource-development',\n",
" 'initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact'],\n",
" 'mitre-mobile-attack': ['initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact',\n",
" 'network-effects',\n",
" 'remote-service-effects'],\n",
" 'mitre-pre-attack': ['priority-definition-planning',\n",
" 'priority-definition-direction',\n",
" 'target-selection',\n",
" 'technical-information-gathering',\n",
" 'people-information-gathering',\n",
" 'organizational-information-gathering',\n",
" 'technical-weakness-identification',\n",
" 'people-weakness-identification',\n",
" 'organizational-weakness-identification',\n",
" 'adversary-opsec',\n",
" 'establish-&-maintain-infrastructure',\n",
" 'persona-development',\n",
" 'build-capabilities',\n",
" 'test-capabilities',\n",
" 'stage-capabilities']},\n",
" 'local_only': False,\n",
" 'name': 'Attack Pattern',\n",
" 'namespace': 'mitre-attack',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n",
" 'version': '9'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '14',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:threat-actor=\"Deadeye Jackal\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ee4700',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '15',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'domain-abuse:domain-access-method=\"compromised-domain-name-registrar\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:white',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '17',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Defacement - '\n",
" 'T1491\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '1',\n",
" 'attribute_count': '242',\n",
" 'date': '2013-08-27',\n",
" 'disable_correlation': False,\n",
" 'distribution': '3',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '54',\n",
" 'info': 'Investigation Syrian Electronic Army Activities - '\n",
" 'Domain(s) Take over via Melbourne IT registrar',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '2',\n",
" 'timestamp': '1693924239',\n",
" 'uuid': 'c54869a6-0123-405f-b1a0-0ba3cfd759b9'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [{'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9554',\n",
" 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'id': '17887',\n",
" 'referenced_galaxy_cluster_id': '9652',\n",
" 'referenced_galaxy_cluster_type': 'parent-of',\n",
" 'referenced_galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9554',\n",
" 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'id': '17888',\n",
" 'referenced_galaxy_cluster_id': '9653',\n",
" 'referenced_galaxy_cluster_type': 'parent-of',\n",
" 'referenced_galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9554',\n",
" 'galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'id': '17889',\n",
" 'referenced_galaxy_cluster_id': '9654',\n",
" 'referenced_galaxy_cluster_type': 'parent-of',\n",
" 'referenced_galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'TargetingClusterRelation': [{'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9652',\n",
" 'galaxy_cluster_uuid': '0ca6ac54-ad2b-4945-9580-ac90e702fd2c',\n",
" 'id': '17916',\n",
" 'referenced_galaxy_cluster_id': '9554',\n",
" 'referenced_galaxy_cluster_type': 'successor-of',\n",
" 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9653',\n",
" 'galaxy_cluster_uuid': '9db5f425-fe49-4137-8598-840e7290ed0f',\n",
" 'id': '17917',\n",
" 'referenced_galaxy_cluster_id': '9554',\n",
" 'referenced_galaxy_cluster_type': 'successor-of',\n",
" 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'sharing_group_id': None},\n",
" {'Tag': [{'colour': '#001899',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '1',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"likely\"',\n",
" 'numerical_value': '55',\n",
" 'org_id': '0',\n",
" 'user_id': '0'}],\n",
" 'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '9654',\n",
" 'galaxy_cluster_uuid': '1c43524e-0f2e-4468-b6b6-8a37f1d0ea87',\n",
" 'id': '17919',\n",
" 'referenced_galaxy_cluster_id': '9554',\n",
" 'referenced_galaxy_cluster_type': 'successor-of',\n",
" 'referenced_galaxy_cluster_uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'sharing_group_id': None}],\n",
" 'authors': ['https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n",
" 'http://pastebin.com/raw/GHgpWjar',\n",
" 'MISP Project',\n",
" 'https://id-ransomware.blogspot.com/2016/07/ransomware-list.html'],\n",
" 'collection_uuid': '10cf658b-5d32-4c4b-bb32-61760a640372',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Conti ransomware is '\n",
" 'a RaaS and has been '\n",
" 'observed encrypting '\n",
" 'networks since '\n",
" 'mid-2020.\\n'\n",
" 'Conti was developed '\n",
" 'by the “TrickBot” '\n",
" 'group, an organized '\n",
" 'Russian '\n",
" 'cybercriminal '\n",
" 'operation. Their '\n",
" 'reputation has '\n",
" 'allowed the group '\n",
" 'to create a strong '\n",
" 'brand name, '\n",
" 'attracting many '\n",
" 'affiliates which '\n",
" 'has made Conti one '\n",
" 'of the most '\n",
" 'widespread '\n",
" 'ransomware strains '\n",
" 'in the world.\\n'\n",
" 'One of the last '\n",
" 'known “Conti” '\n",
" 'attacks was against '\n",
" 'the government of '\n",
" 'Costa Rica in April '\n",
" '2022 causing the '\n",
" 'country to declare '\n",
" 'a state of '\n",
" 'emergency.\\n'\n",
" 'Shortly after this '\n",
" 'final attack, the '\n",
" '“Conti” brand '\n",
" 'disappeared. The '\n",
" 'group behind it '\n",
" 'likely switched to '\n",
" 'a different brand '\n",
" 'to avoid sanctions '\n",
" 'and start over with '\n",
" 'a new, clean '\n",
" 'reputation.',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '317',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '49',\n",
" 'id': '9554',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'attribution-confidence': ['100'],\n",
" 'country': ['RU'],\n",
" 'extensions': ['.conti'],\n",
" 'links': ['http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/',\n",
" 'http://continews.click'],\n",
" 'ransomnotes': ['All of '\n",
" 'your '\n",
" 'files are '\n",
" 'currently '\n",
" 'encrypted '\n",
" 'by CONTI '\n",
" 'ransomware.'],\n",
" 'refs': ['https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-010-acsc-ransomware-profile-conti',\n",
" 'https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/787/original/ransomware-chats.pdf?1651576098',\n",
" 'https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-virtual-machines']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 166,\n",
" 'tag_name': 'misp-galaxy:ransomware=\"Conti\"',\n",
" 'type': 'ransomware',\n",
" 'uuid': '201eff54-d41e-4f70-916c-5dfb9301730a',\n",
" 'value': 'Conti',\n",
" 'version': '118'}],\n",
" 'description': 'Ransomware galaxy based on '\n",
" 'https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml',\n",
" 'enabled': True,\n",
" 'icon': 'btc',\n",
" 'id': '49',\n",
" 'local_only': False,\n",
" 'name': 'Ransomware',\n",
" 'namespace': 'misp',\n",
" 'type': 'ransomware',\n",
" 'uuid': '3f44af2e-1480-4b6b-9aa8-f9bb21341078',\n",
" 'version': '4'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'date': '2022-03-21',\n",
" 'distribution': '1',\n",
" 'id': '50',\n",
" 'info': 'Ransomware Attack against a '\n",
" 'French organization',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'published': False,\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1695041268',\n",
" 'uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80'}}],\n",
" 'Tag': [{'colour': '#001cad',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '2',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'estimative-language:likelihood-probability=\"very-likely\"',\n",
" 'numerical_value': '80',\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '166',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:ransomware=\"Conti\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '13',\n",
" 'date': '2022-03-22',\n",
" 'disable_correlation': False,\n",
" 'distribution': '2',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '1128963e-516e-4c9b-b14e-ae2dcbf69e80',\n",
" 'id': '55',\n",
" 'info': 'Network relationship with Conti BTC address',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '4',\n",
" 'timestamp': '1695040739',\n",
" 'uuid': 'd1a18f98-4efb-4238-b608-8783e626b95f'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#0fc000',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '45',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'admiralty-scale:information-credibility=\"2\"',\n",
" 'numerical_value': '75',\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#038e00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '46',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'economical-impact:loss=\"less-than-1B-euro\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '7',\n",
" 'date': '2021-05-28',\n",
" 'disable_correlation': False,\n",
" 'distribution': '1',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '56',\n",
" 'info': 'Decaying example',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '4',\n",
" 'timestamp': '1695024030',\n",
" 'uuid': 'e6f83d22-248c-4286-91d2-8dd97b637560'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '321',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '59',\n",
" 'id': '13281',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'calling-code': ['+31'],\n",
" 'capital': ['Amsterdam'],\n",
" 'currency': ['€',\n",
" 'EUR',\n",
" 'EURO',\n",
" '$',\n",
" 'USD',\n",
" 'United '\n",
" 'States '\n",
" 'dollar'],\n",
" 'iso-code': ['NL', 'NLD'],\n",
" 'member-of': ['NATO'],\n",
" 'official-languages': ['Dutch'],\n",
" 'synonyms': ['Nederland',\n",
" 'Holland'],\n",
" 'territory-type': ['Country'],\n",
" 'top-level-domain': ['.nl']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 50,\n",
" 'tag_name': 'misp-galaxy:target-information=\"Netherlands\"',\n",
" 'type': 'target-information',\n",
" 'uuid': '1c016908-33df-485c-ba9a-3e629e6f92d9',\n",
" 'value': 'Netherlands',\n",
" 'version': '7'}],\n",
" 'description': 'Description of targets of threat '\n",
" 'actors.',\n",
" 'enabled': True,\n",
" 'icon': 'bullseye',\n",
" 'id': '59',\n",
" 'local_only': False,\n",
" 'name': 'Target Information',\n",
" 'namespace': 'misp',\n",
" 'type': 'target-information',\n",
" 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n",
" 'version': '1'},\n",
" {'GalaxyCluster': [{'GalaxyClusterRelation': [{'default': True,\n",
" 'distribution': '3',\n",
" 'galaxy_cluster_id': '14623',\n",
" 'galaxy_cluster_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2525553',\n",
" 'id': '22039',\n",
" 'referenced_galaxy_cluster_id': '10038',\n",
" 'referenced_galaxy_cluster_type': 'located-in',\n",
" 'referenced_galaxy_cluster_uuid': 'c7cb0859-5680-4bdb-9c78-46cab3504a62',\n",
" 'sharing_group_id': None}],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['geonames.org'],\n",
" 'collection_uuid': '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Russia',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '322',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '14',\n",
" 'id': '14623',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'Capital': ['Moscow'],\n",
" 'Continent': ['EU'],\n",
" 'CurrencyCode': ['RUB'],\n",
" 'CurrencyName': ['Ruble'],\n",
" 'ISO': ['RU'],\n",
" 'ISO3': ['RUS'],\n",
" 'Languages': ['ru,tt,xal,cau,ady,kv,ce,tyv,cv,udm,tut,mns,bua,myv,mdf,chm,ba,inh,tut,kbd,krc,av,sah,nog'],\n",
" 'Population': ['140702000'],\n",
" 'tld': ['.ru']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'MISP Project',\n",
" 'tag_id': 51,\n",
" 'tag_name': 'misp-galaxy:country=\"russia\"',\n",
" 'type': 'country',\n",
" 'uuid': '84668357-5a8c-4bdd-9f0f-6b50b2525553',\n",
" 'value': 'russia',\n",
" 'version': '2'}],\n",
" 'description': 'Country meta information based on the '\n",
" 'database provided by geonames.org.',\n",
" 'enabled': True,\n",
" 'icon': 'globe',\n",
" 'id': '14',\n",
" 'local_only': False,\n",
" 'name': 'Country',\n",
" 'namespace': 'misp',\n",
" 'type': 'country',\n",
" 'uuid': '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',\n",
" 'version': '1'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#e9007e',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '49',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'workflow:state=\"draft\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '50',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:target-information=\"Netherlands\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '51',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:country=\"russia\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#FFC000',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '52',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:amber+strict',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '65',\n",
" 'date': '2023-01-27',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '57',\n",
" 'info': 'GRU close access cyber operation against OPCW',\n",
" 'locked': True,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '4',\n",
" 'timestamp': '1693470062',\n",
" 'uuid': 'f438b116-58db-44d5-b37f-167d1b3a2f41'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [],\n",
" 'Org': {'id': '6',\n",
" 'local': True,\n",
" 'name': 'ORG_4',\n",
" 'uuid': '9e913344-3e2d-4cd2-8403-8888dfe0ad1e'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'analysis': '0',\n",
" 'attribute_count': '1',\n",
" 'date': '2024-04-14',\n",
" 'disable_correlation': False,\n",
" 'distribution': '3',\n",
" 'event_creator_email': 'user1@sync-user.4.test',\n",
" 'extends_uuid': '',\n",
" 'id': '59',\n",
" 'info': 'Test Pull From Docker',\n",
" 'locked': True,\n",
" 'org_id': '6',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '1713083090',\n",
" 'published': True,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713083076',\n",
" 'uuid': 'fc1ef566-44a5-4d98-9c85-dc0f75467100'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'attempt to exploit '\n",
" 'a weakness in an '\n",
" 'Internet-facing '\n",
" 'host or system to '\n",
" 'initially access a '\n",
" 'network. The '\n",
" 'weakness in the '\n",
" 'system can be a '\n",
" 'software bug, a '\n",
" 'temporary glitch, '\n",
" 'or a '\n",
" 'misconfiguration.\\n'\n",
" '\\n'\n",
" 'Exploited '\n",
" 'applications are '\n",
" 'often websites/web '\n",
" 'servers, but can '\n",
" 'also include '\n",
" 'databases (like '\n",
" 'SQL), standard '\n",
" 'services (like SMB '\n",
" 'or SSH), network '\n",
" 'device '\n",
" 'administration and '\n",
" 'management '\n",
" 'protocols (like '\n",
" 'SNMP and Smart '\n",
" 'Install), and any '\n",
" 'other system with '\n",
" 'Internet accessible '\n",
" 'open '\n",
" 'sockets.(Citation: '\n",
" 'NVD '\n",
" 'CVE-2016-6662)(Citation: '\n",
" 'CIS Multiple SMB '\n",
" 'Vulnerabilities)(Citation: '\n",
" 'US-CERT TA18-106A '\n",
" 'Network '\n",
" 'Infrastructure '\n",
" 'Devices '\n",
" '2018)(Citation: '\n",
" 'Cisco Blog Legacy '\n",
" 'Device '\n",
" 'Attacks)(Citation: '\n",
" 'NVD CVE-2014-7169) '\n",
" 'Depending on the '\n",
" 'flaw being '\n",
" 'exploited this may '\n",
" 'also involve '\n",
" '[Exploitation for '\n",
" 'Defense '\n",
" 'Evasion](https://attack.mitre.org/techniques/T1211). \\n'\n",
" '\\n'\n",
" 'If an application '\n",
" 'is hosted on '\n",
" 'cloud-based '\n",
" 'infrastructure '\n",
" 'and/or is '\n",
" 'containerized, then '\n",
" 'exploiting it may '\n",
" 'lead to compromise '\n",
" 'of the underlying '\n",
" 'instance or '\n",
" 'container. This can '\n",
" 'allow an adversary '\n",
" 'a path to access '\n",
" 'the cloud or '\n",
" 'container APIs, '\n",
" 'exploit container '\n",
" 'host access via '\n",
" '[Escape to '\n",
" 'Host](https://attack.mitre.org/techniques/T1611), '\n",
" 'or take advantage '\n",
" 'of weak identity '\n",
" 'and access '\n",
" 'management '\n",
" 'policies.\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'also exploit edge '\n",
" 'network '\n",
" 'infrastructure and '\n",
" 'related appliances, '\n",
" 'specifically '\n",
" 'targeting devices '\n",
" 'that do not support '\n",
" 'robust host-based '\n",
" 'defenses.(Citation: '\n",
" 'Mandiant Fortinet '\n",
" 'Zero Day)(Citation: '\n",
" 'Wired Russia '\n",
" 'Cyberwar)\\n'\n",
" '\\n'\n",
" 'For websites and '\n",
" 'databases, the '\n",
" 'OWASP top 10 and '\n",
" 'CWE top 25 '\n",
" 'highlight the most '\n",
" 'common web-based '\n",
" 'vulnerabilities.(Citation: '\n",
" 'OWASP Top '\n",
" '10)(Citation: CWE '\n",
" 'top 25)',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '332',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '4825',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1190'],\n",
" 'kill_chain': ['mitre-attack:initial-access'],\n",
" 'mitre_data_sources': ['Application '\n",
" 'Log: '\n",
" 'Application '\n",
" 'Log '\n",
" 'Content',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content'],\n",
" 'mitre_platforms': ['Windows',\n",
" 'IaaS',\n",
" 'Network',\n",
" 'Linux',\n",
" 'macOS',\n",
" 'Containers'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1190',\n",
" 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n",
" 'https://cwe.mitre.org/top25/index.html',\n",
" 'https://nvd.nist.gov/vuln/detail/CVE-2014-7169',\n",
" 'https://nvd.nist.gov/vuln/detail/CVE-2016-6662',\n",
" 'https://us-cert.cisa.gov/ncas/alerts/TA18-106A',\n",
" 'https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/',\n",
" 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem',\n",
" 'https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project',\n",
" 'https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 170,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n",
" 'Public-Facing '\n",
" 'Application - T1190\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '3f886f2a-874f-4333-b794-aa6075009b1c',\n",
" 'value': 'Exploit Public-Facing '\n",
" 'Application - T1190',\n",
" 'version': '25'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'leverage '\n",
" 'external-facing '\n",
" 'remote services to '\n",
" 'initially access '\n",
" 'and/or persist '\n",
" 'within a network. '\n",
" 'Remote services '\n",
" 'such as VPNs, '\n",
" 'Citrix, and other '\n",
" 'access mechanisms '\n",
" 'allow users to '\n",
" 'connect to internal '\n",
" 'enterprise network '\n",
" 'resources from '\n",
" 'external locations. '\n",
" 'There are often '\n",
" 'remote service '\n",
" 'gateways that '\n",
" 'manage connections '\n",
" 'and credential '\n",
" 'authentication for '\n",
" 'these services. '\n",
" 'Services such as '\n",
" '[Windows Remote '\n",
" 'Management](https://attack.mitre.org/techniques/T1021/006) '\n",
" 'and '\n",
" '[VNC](https://attack.mitre.org/techniques/T1021/005) '\n",
" 'can also be used '\n",
" 'externally.(Citation: '\n",
" 'MacOS VNC software '\n",
" 'for Remote '\n",
" 'Desktop)\\n'\n",
" '\\n'\n",
" 'Access to [Valid '\n",
" 'Accounts](https://attack.mitre.org/techniques/T1078) '\n",
" 'to use the service '\n",
" 'is often a '\n",
" 'requirement, which '\n",
" 'could be obtained '\n",
" 'through credential '\n",
" 'pharming or by '\n",
" 'obtaining the '\n",
" 'credentials from '\n",
" 'users after '\n",
" 'compromising the '\n",
" 'enterprise '\n",
" 'network.(Citation: '\n",
" 'Volexity Virtual '\n",
" 'Private Keylogging) '\n",
" 'Access to remote '\n",
" 'services may be '\n",
" 'used as a redundant '\n",
" 'or persistent '\n",
" 'access mechanism '\n",
" 'during an '\n",
" 'operation.\\n'\n",
" '\\n'\n",
" 'Access may also be '\n",
" 'gained through an '\n",
" 'exposed service '\n",
" 'that doesnt '\n",
" 'require '\n",
" 'authentication. In '\n",
" 'containerized '\n",
" 'environments, this '\n",
" 'may include an '\n",
" 'exposed Docker API, '\n",
" 'Kubernetes API '\n",
" 'server, kubelet, or '\n",
" 'web application '\n",
" 'such as the '\n",
" 'Kubernetes '\n",
" 'dashboard.(Citation: '\n",
" 'Trend Micro Exposed '\n",
" 'Docker '\n",
" 'Server)(Citation: '\n",
" 'Unit 42 Hildegard '\n",
" 'Malware)',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '333',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '5048',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1133'],\n",
" 'kill_chain': ['mitre-attack:persistence',\n",
" 'mitre-attack:initial-access'],\n",
" 'mitre_data_sources': ['Application '\n",
" 'Log: '\n",
" 'Application '\n",
" 'Log '\n",
" 'Content',\n",
" 'Logon '\n",
" 'Session: '\n",
" 'Logon '\n",
" 'Session '\n",
" 'Metadata',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Connection '\n",
" 'Creation',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Flow'],\n",
" 'mitre_platforms': ['Windows',\n",
" 'Linux',\n",
" 'Containers',\n",
" 'macOS'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1133',\n",
" 'https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac',\n",
" 'https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/',\n",
" 'https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html',\n",
" 'https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 171,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"External '\n",
" 'Remote Services - '\n",
" 'T1133\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '10d51417-ee35-4589-b1ff-b6df1c334e8d',\n",
" 'value': 'External Remote Services '\n",
" '- T1133',\n",
" 'version': '25'}],\n",
" 'description': 'ATT&CK Tactic',\n",
" 'enabled': True,\n",
" 'icon': 'map',\n",
" 'id': '23',\n",
" 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n",
" 'resource-development',\n",
" 'initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact'],\n",
" 'mitre-mobile-attack': ['initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact',\n",
" 'network-effects',\n",
" 'remote-service-effects'],\n",
" 'mitre-pre-attack': ['priority-definition-planning',\n",
" 'priority-definition-direction',\n",
" 'target-selection',\n",
" 'technical-information-gathering',\n",
" 'people-information-gathering',\n",
" 'organizational-information-gathering',\n",
" 'technical-weakness-identification',\n",
" 'people-weakness-identification',\n",
" 'organizational-weakness-identification',\n",
" 'adversary-opsec',\n",
" 'establish-&-maintain-infrastructure',\n",
" 'persona-development',\n",
" 'build-capabilities',\n",
" 'test-capabilities',\n",
" 'stage-capabilities']},\n",
" 'local_only': False,\n",
" 'name': 'Attack Pattern',\n",
" 'namespace': 'mitre-attack',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n",
" 'version': '9'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '170',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n",
" 'Public-Facing Application - T1190\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '171',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"External '\n",
" 'Remote Services - T1133\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#004646',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '9',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'type:OSINT',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0071c3',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '10',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'osint:lifetime=\"perpetual\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:white',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '55',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:clear',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '2',\n",
" 'attribute_count': '27',\n",
" 'date': '2024-04-13',\n",
" 'disable_correlation': False,\n",
" 'distribution': '3',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '60',\n",
" 'info': 'OSINT - Zero-Day Exploitation of Unauthenticated Remote '\n",
" 'Code Execution Vulnerability in GlobalProtect '\n",
" '(CVE-2024-3400)',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '1713149736',\n",
" 'published': True,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713023036',\n",
" 'uuid': '9802116c-3ec3-4a8e-8b39-5c69b08df5ab'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['MITRE'],\n",
" 'collection_uuid': 'dcb864dc-775f-11e7-9fbb-1f41b4996683',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': 'Adversaries may '\n",
" 'attempt to exploit '\n",
" 'a weakness in an '\n",
" 'Internet-facing '\n",
" 'host or system to '\n",
" 'initially access a '\n",
" 'network. The '\n",
" 'weakness in the '\n",
" 'system can be a '\n",
" 'software bug, a '\n",
" 'temporary glitch, '\n",
" 'or a '\n",
" 'misconfiguration.\\n'\n",
" '\\n'\n",
" 'Exploited '\n",
" 'applications are '\n",
" 'often websites/web '\n",
" 'servers, but can '\n",
" 'also include '\n",
" 'databases (like '\n",
" 'SQL), standard '\n",
" 'services (like SMB '\n",
" 'or SSH), network '\n",
" 'device '\n",
" 'administration and '\n",
" 'management '\n",
" 'protocols (like '\n",
" 'SNMP and Smart '\n",
" 'Install), and any '\n",
" 'other system with '\n",
" 'Internet accessible '\n",
" 'open '\n",
" 'sockets.(Citation: '\n",
" 'NVD '\n",
" 'CVE-2016-6662)(Citation: '\n",
" 'CIS Multiple SMB '\n",
" 'Vulnerabilities)(Citation: '\n",
" 'US-CERT TA18-106A '\n",
" 'Network '\n",
" 'Infrastructure '\n",
" 'Devices '\n",
" '2018)(Citation: '\n",
" 'Cisco Blog Legacy '\n",
" 'Device '\n",
" 'Attacks)(Citation: '\n",
" 'NVD CVE-2014-7169) '\n",
" 'Depending on the '\n",
" 'flaw being '\n",
" 'exploited this may '\n",
" 'also involve '\n",
" '[Exploitation for '\n",
" 'Defense '\n",
" 'Evasion](https://attack.mitre.org/techniques/T1211). \\n'\n",
" '\\n'\n",
" 'If an application '\n",
" 'is hosted on '\n",
" 'cloud-based '\n",
" 'infrastructure '\n",
" 'and/or is '\n",
" 'containerized, then '\n",
" 'exploiting it may '\n",
" 'lead to compromise '\n",
" 'of the underlying '\n",
" 'instance or '\n",
" 'container. This can '\n",
" 'allow an adversary '\n",
" 'a path to access '\n",
" 'the cloud or '\n",
" 'container APIs, '\n",
" 'exploit container '\n",
" 'host access via '\n",
" '[Escape to '\n",
" 'Host](https://attack.mitre.org/techniques/T1611), '\n",
" 'or take advantage '\n",
" 'of weak identity '\n",
" 'and access '\n",
" 'management '\n",
" 'policies.\\n'\n",
" '\\n'\n",
" 'Adversaries may '\n",
" 'also exploit edge '\n",
" 'network '\n",
" 'infrastructure and '\n",
" 'related appliances, '\n",
" 'specifically '\n",
" 'targeting devices '\n",
" 'that do not support '\n",
" 'robust host-based '\n",
" 'defenses.(Citation: '\n",
" 'Mandiant Fortinet '\n",
" 'Zero Day)(Citation: '\n",
" 'Wired Russia '\n",
" 'Cyberwar)\\n'\n",
" '\\n'\n",
" 'For websites and '\n",
" 'databases, the '\n",
" 'OWASP top 10 and '\n",
" 'CWE top 25 '\n",
" 'highlight the most '\n",
" 'common web-based '\n",
" 'vulnerabilities.(Citation: '\n",
" 'OWASP Top '\n",
" '10)(Citation: CWE '\n",
" 'top 25)',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '342',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '23',\n",
" 'id': '4825',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'external_id': ['T1190'],\n",
" 'kill_chain': ['mitre-attack:initial-access'],\n",
" 'mitre_data_sources': ['Application '\n",
" 'Log: '\n",
" 'Application '\n",
" 'Log '\n",
" 'Content',\n",
" 'Network '\n",
" 'Traffic: '\n",
" 'Network '\n",
" 'Traffic '\n",
" 'Content'],\n",
" 'mitre_platforms': ['Windows',\n",
" 'IaaS',\n",
" 'Network',\n",
" 'Linux',\n",
" 'macOS',\n",
" 'Containers'],\n",
" 'refs': ['https://attack.mitre.org/techniques/T1190',\n",
" 'https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954',\n",
" 'https://cwe.mitre.org/top25/index.html',\n",
" 'https://nvd.nist.gov/vuln/detail/CVE-2014-7169',\n",
" 'https://nvd.nist.gov/vuln/detail/CVE-2016-6662',\n",
" 'https://us-cert.cisa.gov/ncas/alerts/TA18-106A',\n",
" 'https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/',\n",
" 'https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem',\n",
" 'https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project',\n",
" 'https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'https://github.com/mitre/cti',\n",
" 'tag_id': 170,\n",
" 'tag_name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n",
" 'Public-Facing '\n",
" 'Application - T1190\"',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': '3f886f2a-874f-4333-b794-aa6075009b1c',\n",
" 'value': 'Exploit Public-Facing '\n",
" 'Application - T1190',\n",
" 'version': '25'}],\n",
" 'description': 'ATT&CK Tactic',\n",
" 'enabled': True,\n",
" 'icon': 'map',\n",
" 'id': '23',\n",
" 'kill_chain_order': {'mitre-attack': ['reconnaissance',\n",
" 'resource-development',\n",
" 'initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact'],\n",
" 'mitre-mobile-attack': ['initial-access',\n",
" 'execution',\n",
" 'persistence',\n",
" 'privilege-escalation',\n",
" 'defense-evasion',\n",
" 'credential-access',\n",
" 'discovery',\n",
" 'lateral-movement',\n",
" 'collection',\n",
" 'command-and-control',\n",
" 'exfiltration',\n",
" 'impact',\n",
" 'network-effects',\n",
" 'remote-service-effects'],\n",
" 'mitre-pre-attack': ['priority-definition-planning',\n",
" 'priority-definition-direction',\n",
" 'target-selection',\n",
" 'technical-information-gathering',\n",
" 'people-information-gathering',\n",
" 'organizational-information-gathering',\n",
" 'technical-weakness-identification',\n",
" 'people-weakness-identification',\n",
" 'organizational-weakness-identification',\n",
" 'adversary-opsec',\n",
" 'establish-&-maintain-infrastructure',\n",
" 'persona-development',\n",
" 'build-capabilities',\n",
" 'test-capabilities',\n",
" 'stage-capabilities']},\n",
" 'local_only': False,\n",
" 'name': 'Attack Pattern',\n",
" 'namespace': 'mitre-attack',\n",
" 'type': 'mitre-attack-pattern',\n",
" 'uuid': 'c4e851fa-775f-11e7-8163-b774922098cd',\n",
" 'version': '9'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'Tag': [{'colour': '#004646',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '9',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'type:OSINT',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0071c3',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '10',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'osint:lifetime=\"perpetual\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '16',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:white',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ffffff',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '55',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:clear',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '170',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Exploit '\n",
" 'Public-Facing Application - T1190\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '172',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:producer=\"Sophos\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '2',\n",
" 'attribute_count': '12',\n",
" 'date': '2024-02-23',\n",
" 'disable_correlation': False,\n",
" 'distribution': '3',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '61',\n",
" 'info': 'OSINT - ConnectWise ScreenConnect attacks deliver malware',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '1713149927',\n",
" 'published': True,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '2',\n",
" 'timestamp': '1708699989',\n",
" 'uuid': 'f8912a82-2870-4de2-9663-5fdbee0ed401'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [{'GalaxyCluster': [{'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '346',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '59',\n",
" 'id': '13134',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'calling-code': ['+352'],\n",
" 'capital': ['Luxembourg'],\n",
" 'currency': ['€',\n",
" 'EUR',\n",
" 'EURO'],\n",
" 'iso-code': ['LU', 'LUX'],\n",
" 'member-of': ['NATO'],\n",
" 'official-languages': ['French',\n",
" 'Luxembourgish',\n",
" 'German'],\n",
" 'synonyms': ['Grand Duchy '\n",
" 'of '\n",
" 'Luxembourg',\n",
" 'Grand-Duché '\n",
" 'de '\n",
" 'Luxembourg',\n",
" 'Lëtzebuerg',\n",
" 'Groussherzogtum '\n",
" 'Lëtzebuerg',\n",
" 'Luxemburg',\n",
" 'Großherzogtum '\n",
" 'Luxemburg'],\n",
" 'territory-type': ['Country'],\n",
" 'top-level-domain': ['lu']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 173,\n",
" 'tag_name': 'misp-galaxy:target-information=\"Luxembourg\"',\n",
" 'type': 'target-information',\n",
" 'uuid': 'f9a1d7f4-980a-11e9-a8b6-23162ddc4255',\n",
" 'value': 'Luxembourg',\n",
" 'version': '7'},\n",
" {'GalaxyClusterRelation': [],\n",
" 'Org': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'Orgc': {'contacts': '',\n",
" 'created_by': '0',\n",
" 'date_created': '',\n",
" 'date_modified': '',\n",
" 'description': 'Automatically '\n",
" 'generated '\n",
" 'MISP '\n",
" 'organisation',\n",
" 'id': '0',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'MISP',\n",
" 'nationality': 'Not '\n",
" 'specified',\n",
" 'restricted_to_domain': [],\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': '0'},\n",
" 'authors': ['Unknown'],\n",
" 'collection_uuid': 'cc6feae0-968a-11e9-a29a-bf581ae8eee3',\n",
" 'default': True,\n",
" 'deleted': False,\n",
" 'description': '',\n",
" 'distribution': '3',\n",
" 'event_tag_id': '347',\n",
" 'extends_uuid': '',\n",
" 'extends_version': '0',\n",
" 'galaxy_id': '59',\n",
" 'id': '13207',\n",
" 'local': False,\n",
" 'locked': False,\n",
" 'meta': {'calling-code': ['+33'],\n",
" 'capital': ['Paris'],\n",
" 'currency': ['€',\n",
" 'EUR',\n",
" 'EURO'],\n",
" 'iso-code': ['FR', 'FRA'],\n",
" 'member-of': ['NATO'],\n",
" 'official-languages': ['French'],\n",
" 'synonyms': ['French '\n",
" 'Republic',\n",
" 'République '\n",
" 'française'],\n",
" 'territory-type': ['Country'],\n",
" 'top-level-domain': ['.fr']},\n",
" 'org_id': '0',\n",
" 'orgc_id': '0',\n",
" 'published': False,\n",
" 'relationship_type': False,\n",
" 'sharing_group_id': None,\n",
" 'source': 'Various',\n",
" 'tag_id': 167,\n",
" 'tag_name': 'misp-galaxy:target-information=\"France\"',\n",
" 'type': 'target-information',\n",
" 'uuid': '0cc6ad08-fac6-42bc-a7c7-09a53ea6b968',\n",
" 'value': 'France',\n",
" 'version': '7'}],\n",
" 'description': 'Description of targets of threat '\n",
" 'actors.',\n",
" 'enabled': True,\n",
" 'icon': 'bullseye',\n",
" 'id': '59',\n",
" 'local_only': False,\n",
" 'name': 'Target Information',\n",
" 'namespace': 'misp',\n",
" 'type': 'target-information',\n",
" 'uuid': '709ed29c-aa00-11e9-82cd-67ac1a6ee3bc',\n",
" 'version': '1'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'date': '2024-04-15',\n",
" 'distribution': '0',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as '\n",
" 'an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'published': False,\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713155243',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}],\n",
" 'Tag': [{'colour': '#FF2B2B',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '53',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:red',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#ff0000',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '84',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'PAP:RED',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '173',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:target-information=\"Luxembourg\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'},\n",
" {'colour': '#0088cc',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '167',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': True,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'misp-galaxy:target-information=\"France\"',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '4',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '62',\n",
" 'info': 'Test event with some sample indicator to match on Jupyter '\n",
" 'notebook',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153254',\n",
" 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'analysis': '0',\n",
" 'attribute_count': '0',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '63',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153707',\n",
" 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'}},\n",
" {'Event': {'CryptographicKey': [],\n",
" 'Galaxy': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'date': '2024-04-15',\n",
" 'distribution': '0',\n",
" 'id': '62',\n",
" 'info': 'Test event with some sample '\n",
" 'indicator to match on Jupyter '\n",
" 'notebook',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'published': False,\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153254',\n",
" 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n",
" 'Tag': [{'colour': '#33FF00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '12',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:green',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '5',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713155243',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n"
]
}
],
"source": [
"# Searching using the RestSearch\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"org\": \"CIRCL\",\n",
"# \"id\": 33,\n",
" \"metadata\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 55,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 2\n",
" - Attribute count: 0\n",
" - Attribute count: 4\n",
"----------\n",
"[{'Event': {'Attribute': [],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [],\n",
" 'Galaxy': [],\n",
" 'Object': [],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [],\n",
" 'ShadowAttribute': [],\n",
" 'analysis': '0',\n",
" 'attribute_count': '0',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '63',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153707',\n",
" 'uuid': 'ab3edd51-58a2-47b3-b465-546364cb0d44'}},\n",
" {'Event': {'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': 'Comment added via the API',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3362',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154698',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '501fd194-8b98-40d9-91e6-1c3d56d9c36a',\n",
" 'value': '127.0.0.1'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Payload delivery',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3364',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155138',\n",
" 'to_ids': False,\n",
" 'type': 'attachment',\n",
" 'uuid': '3a0f950c-3f09-480b-b777-ac3e13acc75a',\n",
" 'value': 'cti-2024.png'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3365',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155215',\n",
" 'to_ids': False,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '1ce6d7c3-a3cf-4bf7-b0fe-a054b7a06342',\n",
" 'value': '8.8.8.8'},\n",
" {'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Network activity',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3366',\n",
" 'last_seen': None,\n",
" 'object_id': '0',\n",
" 'object_relation': None,\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713155243',\n",
" 'to_ids': True,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n",
" 'value': '127.0.0.2'}],\n",
" 'CryptographicKey': [],\n",
" 'EventReport': [{'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '55',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713153904',\n",
" 'uuid': '3696d945-7dc8-4685-b71f-8cb2b1132913'},\n",
" {'content': 'Body',\n",
" 'deleted': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'id': '56',\n",
" 'name': 'Report from API',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1713154575',\n",
" 'uuid': '823d4e2e-76f4-43b8-9b3c-c851fa32412d'}],\n",
" 'Galaxy': [],\n",
" 'Object': [{'Attribute': [{'Galaxy': [],\n",
" 'ShadowAttribute': [],\n",
" 'category': 'Other',\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'disable_correlation': False,\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '3363',\n",
" 'last_seen': None,\n",
" 'object_id': '537',\n",
" 'object_relation': 'post',\n",
" 'sharing_group_id': '0',\n",
" 'timestamp': '1558702173',\n",
" 'to_ids': False,\n",
" 'type': 'text',\n",
" 'uuid': '17bebb02-c294-4444-adc9-85e8fa0039f1',\n",
" 'value': 'post'}],\n",
" 'ObjectReference': [],\n",
" 'comment': '',\n",
" 'deleted': False,\n",
" 'description': 'Microblog post like a Twitter tweet or '\n",
" 'a post on a Facebook wall.',\n",
" 'distribution': '5',\n",
" 'event_id': '64',\n",
" 'first_seen': None,\n",
" 'id': '537',\n",
" 'last_seen': None,\n",
" 'meta-category': 'misc',\n",
" 'name': 'microblog',\n",
" 'sharing_group_id': '0',\n",
" 'template_uuid': '8ec8c911-ddbe-4f5b-895b-fbff70c42a60',\n",
" 'template_version': '5',\n",
" 'timestamp': '1558702173',\n",
" 'uuid': 'bc9219e7-9ae8-4f36-a433-dad3a9c963f5'}],\n",
" 'Org': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'local': True,\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'RelatedEvent': [{'Event': {'Org': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'Orgc': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'analysis': '0',\n",
" 'date': '2024-04-15',\n",
" 'distribution': '0',\n",
" 'id': '62',\n",
" 'info': 'Test event with some sample '\n",
" 'indicator to match on Jupyter '\n",
" 'notebook',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'published': False,\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713153254',\n",
" 'uuid': '403a7c69-3708-429e-b1f0-1e7379655db5'}}],\n",
" 'ShadowAttribute': [],\n",
" 'Tag': [{'colour': '#33FF00',\n",
" 'exportable': True,\n",
" 'hide_tag': False,\n",
" 'id': '12',\n",
" 'is_custom_galaxy': False,\n",
" 'is_galaxy': False,\n",
" 'local': False,\n",
" 'local_only': False,\n",
" 'name': 'tlp:green',\n",
" 'numerical_value': None,\n",
" 'relationship_type': None,\n",
" 'user_id': '0'}],\n",
" 'analysis': '0',\n",
" 'attribute_count': '5',\n",
" 'date': '2024-04-15',\n",
" 'disable_correlation': False,\n",
" 'distribution': '0',\n",
" 'event_creator_email': 'alexandre.dulaunoy@circl.lu',\n",
" 'extends_uuid': '',\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'locked': False,\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'proposal_email_lock': False,\n",
" 'protected': None,\n",
" 'publish_timestamp': '0',\n",
" 'published': False,\n",
" 'sharing_group_id': '0',\n",
" 'threat_level_id': '1',\n",
" 'timestamp': '1713155243',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'}}]\n"
]
}
],
"source": [
"# Searching using the RestSearch\n",
"endpoint = '/events/restSearch'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"eventinfo\": \"%via the API%\",\n",
"# \"published\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Sightings"
]
},
{
"cell_type": "code",
"execution_count": 60,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Sighting': {'attribute_id': '3366',\n",
" 'date_sighting': '1713155573',\n",
" 'event_id': '64',\n",
" 'id': '102',\n",
" 'org_id': '15',\n",
" 'source': '',\n",
" 'type': '0',\n",
" 'uuid': '53eb767b-b54a-4d7d-b3d8-6809703a3975'}}\n"
]
}
],
"source": [
"# Creating sightings\n",
"endpoint = '/sightings/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"id\": \"3366\"\n",
"# \"value\": \"127.2.2.2\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 63,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Count: 1\n",
"----------\n",
"[{'Sighting': {'Attribute': {'category': 'Network activity',\n",
" 'id': '3366',\n",
" 'to_ids': True,\n",
" 'type': 'ip-dst',\n",
" 'uuid': '6c4e1467-ce18-4131-b858-470ee57ebaec',\n",
" 'value': '127.0.0.2'},\n",
" 'Event': {'Orgc': {'name': 'CIRCL'},\n",
" 'id': '64',\n",
" 'info': 'Event created via the API as an example',\n",
" 'org_id': '15',\n",
" 'orgc_id': '15',\n",
" 'uuid': '24e1a0bd-a6ad-4ff6-9d4b-5aeb0413a1f9'},\n",
" 'Organisation': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'attribute_id': '3366',\n",
" 'date_sighting': '1713155573',\n",
" 'event_id': '64',\n",
" 'id': '102',\n",
" 'org_id': '15',\n",
" 'source': '',\n",
" 'type': '0',\n",
" 'uuid': '53eb767b-b54a-4d7d-b3d8-6809703a3975',\n",
" 'value': '127.0.0.2'}}]\n"
]
}
],
"source": [
"# Searching for sighted elements\n",
"endpoint = '/sightings/restSearch/event'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"returnFormat\": \"json\",\n",
" \"id\": 64,\n",
" \"includeAttribute\": 1,\n",
" \"includeEvent\": 1\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Warning lists"
]
},
{
"cell_type": "code",
"execution_count": 64,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'8.8.8.8': [{'id': '54',\n",
" 'matched': '8.8.8.8/32',\n",
" 'name': 'List of known IPv4 public DNS resolvers'}]}\n"
]
}
],
"source": [
"# Checking values against the warining list\n",
"endpoint = '/warninglists/checkValue'\n",
"relative_path = ''\n",
"\n",
"body = [\"8.8.8.8\", \"yolo\", \"test\"]\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Instance management"
]
},
{
"cell_type": "code",
"execution_count": 65,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'Organisation': {'contacts': None,\n",
" 'created_by': '626',\n",
" 'date_created': '2024-04-15 04:34:16',\n",
" 'date_modified': '2024-04-15 04:34:16',\n",
" 'description': None,\n",
" 'id': '17',\n",
" 'landingpage': None,\n",
" 'local': True,\n",
" 'name': 'TEMP_ORG2',\n",
" 'nationality': '',\n",
" 'restricted_to_domain': None,\n",
" 'sector': '',\n",
" 'type': '',\n",
" 'uuid': 'c9a0a3d6-2698-4535-9bf3-782667e8779b'}}\n"
]
}
],
"source": [
"# Creating Organisation\n",
"endpoint = '/admin/organisations/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"name\": \"TEMP_ORG2\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creating Users\n",
"endpoint = '/admin/users/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"email\": \"from_api2@admin.test\",\n",
" \"org_id\": 1009,\n",
" \"role_id\": 3,\n",
" \"termsaccepted\": 1,\n",
" \"change_pw\": 0, # User prompted to change the psswd once logged in\n",
" \"password\": \"~~UlTrA_SeCuRe_PaSsWoRd~~\"\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Creating Sharing Groups\n",
"endpoint = '/sharing_groups/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"name\": \"TEMP_SG2\",\n",
" \"releasability\": \"To nobody\",\n",
" \"SharingGroupOrg\": [\n",
" {\n",
" \"name\": \"ORGNAME\",\n",
" \"extend\": 1\n",
" },\n",
" {\n",
" \"name\": \"CIRCL\",\n",
" \"extend\": 1\n",
" }\n",
" ]\n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"scrolled": true
},
"outputs": [],
"source": [
"# Server\n",
"endpoint = '/servers/add'\n",
"relative_path = ''\n",
"\n",
"body = {\n",
" \"url\": \"http://127.0.0.1:80/\",\n",
" \"name\": \"Myself\",\n",
" \"remote_org_id\": \"2\",\n",
" \"authkey\": \"UHwmZCH4QdSKqPVunxTzfSes8n7ibBhUlsd0dmx9\"\n",
" \n",
"}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Server settings\n",
"endpoint = '/servers/serverSettings'\n",
"relative_path = ''\n",
"\n",
"body = {}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "code",
"execution_count": 99,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'stats': {'attribute_count': 51848,\n",
" 'attribute_count_month': 11,\n",
" 'attributes_per_event': 701,\n",
" 'average_user_per_org': 2.6,\n",
" 'contributing_org_count': 6,\n",
" 'correlation_count': 63,\n",
" 'event_count': 74,\n",
" 'event_count_month': 7,\n",
" 'local_org_count': 7,\n",
" 'org_count': 16,\n",
" 'post_count': 14,\n",
" 'post_count_month': 0,\n",
" 'proposal_count': 1,\n",
" 'thread_count': 2,\n",
" 'thread_count_month': 0,\n",
" 'user_count': 18,\n",
" 'user_count_pgp': 0}}\n"
]
}
],
"source": [
"# Statistics\n",
"endpoint = '/users/statistics'\n",
"relative_path = ''\n",
"\n",
"body = {}\n",
"\n",
"res = misp.direct_call(endpoint + relative_path, body)\n",
"print_result(res)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Not Available:\n",
"- misp-module"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (ipykernel)",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.10.12"
}
},
"nbformat": 4,
"nbformat_minor": 4
}
Reference in New Issue View Git Blame Copy Permalink