6 - Sample Attack Analyses |
for best viewing this tab should be set at
a size of 75% |
|
|
|
|
|
|
|
|
|
|
return to main |
See also Tab 1 - Blogs by
major Cybersecurity Research Groups |
|
|
|
LINKS |
Campaigns |
Cyber
Attack Success is a function of the attacker's goals, sophistication,
planning, motivation, personnel experience, techniques, tools, time
available, as well as the victim's vulnerabilities and defenses. |
|
|
|
Malware
Lists, Packaged Exploits, RATS |
|
|
|
Malware
Available for Analysis |
Use MITRE ATT&CK to view Groups, Techniques and Malware |
|
|
|
Indicators of
Compromise |
Use Threatminer to do research for locating articles on
specific attack characteristics |
|
|
|
|
|
https://www.threatminer.org/ |
|
|
|
|
|
|
|
|
|
Campaign Reports and Significant Examples |
[back to Top] |
see also
https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents |
|
|
Name |
URL for Report |
Perpetrators? |
Target(s) |
Date(s) |
|
1 |
Airports |
https://icitech.org/hacking-our-nations-airports/ |
|
|
5/1/2019 |
|
2 |
APT 1 In Depth |
https://www.fireeye.com/blog/threat-research/2013/02/mandiant-exposes-apt1-chinas-cyber-espionage-units.html |
|
|
|
|
3 |
Capital One |
https://web.mit.edu/smadnick/www/wp/2020-07.pdf |
|
Credit Cards |
7/1/2020 |
|
4 |
Carbanak (4 parts) Financial Sector Attacks |
1 -
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html |
FIN7 |
Banking |
4/1/2019 |
|
5 |
Carbanak (4 parts) Financial Sector Attacks |
2 -
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-continuing-source-code-analysis.html |
FIN7 |
Banking |
4/1/2019 |
|
6 |
Carbanak (4 parts) Financial Sector Attacks |
3 -
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-three-behind-the-backdoor.html |
FIN7 |
Banking |
4/1/2019 |
|
7 |
Carbanak (4 parts) Financial Sector Attacks |
4 -
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-four-desktop-video-player.html |
FIN7 |
Banking |
4/1/2019 |
|
8 |
Chinese Naikon PLA Unit |
https://www.forbes.com/sites/zakdoffman/2020/05/07/chinese-military-cyber-spies-just-caught-crossing-a-very-dangerous-new-line/ |
|
|
|
|
9 |
Cobalt Kitty |
https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf |
|
|
|
|
10 |
Cyber Jihad |
https://krypt3ia.files.wordpress.com/2016/06/icit-brief-the-anatomy-of-cyber-jihad1.pdf |
|
|
6/1/2016 |
|
11 |
Detecting Lateral Movement |
https://www.toshellandback.com/2017/02/11/psexec/ |
https://www.crowdstrike.com/epp-101/lateral-movement/ |
Electronic Freight Management US DOT |
2/1/2017 |
|
12 |
Equifax |
|
|
|
|
|
13 |
FakeUpdates |
https://www.mandiant.com/resources/head-fake-tackling-disruptive-ransomware-attacks |
|
FakeUpdates.
In this newer campaign, the threat actors leveraged victim systems to deploy
malware such as Dridex or NetSupport |
|
|
14 |
Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools |
https://www.fireeye.com/blog/threat-research/2019/07/finding-evil-in-windows-ten-compressed-memory-part-one.html |
|
|
7/25/2019 |
|
15 |
GameOver Zeus |
https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf |
Evgeniy Bogachev |
|
|
|
16 |
Google in the Wild Series |
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html |
|
|
7/12/1905 |
|
17 |
Grizzley Steppe - Russian Hacking |
https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf |
|
Rowhammering |
|
|
|
|
18 |
Hammertoss |
https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf |
|
|
|
|
|
|
19 |
Hard Pass: Declining APT34’s Invite to Join Their Professional Network |
https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html |
|
|
7/18/2019 |
|
20 |
Havex Energy Sector Attack |
https://www.f-secure.com/weblog/archives/00002718.html
; https://www.f-secure.com/v-descs/backdoor_w32_havex.shtml |
Russia, |
|
|
|
21 |
Heartbleed |
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/ |
|
|
|
|
22 |
Hot Pot, a Persistent Browser
Hijacking Rootkit |
https://www.crowdstrike.com/blog/spicy-hot-pot-rootkit-explained/ |
|
|
|
|
23 |
Hunting COM Objects (Part Two) |
https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects-part-two.html |
|
|
6/11/2019 |
|
24 |
Insider Threat (Company Man) |
https://www.fbi.gov/news/stories/economic-espionage |
|
|
|
|
25 |
Iran |
https://www.ironnet.com/blog/iranian-cyber-attack-updates |
|
|
9/1/2021 |
|
26 |
Iranian Cyber Offensive Capability HP Security Briefing 11 |
https://krypt3ia.files.wordpress.com/2014/03/companion-to-hpsr-threat-intelligence-briefing-episode-11-final.pdf |
|
|
|
|
27 |
Iranian Cyber Operations |
https://www.secureworks.com/blog/business-as-usual-for-iranian-operations-despite-increased-tensions |
|
|
2/1/2020 |
|
28 |
Israeli Soldier Android Phones |
https://securelist.com/breaking-the-weakest-link-of-the-strongest-chain/77562/ |
|
|
|
|
29 |
JP Morgan |
http://money.cnn.com/2015/11/10/technology/jpmorgan-hack-charges/index.html |
Gery Shalon, Israeli; Ziv Orenstein, Israeli; |
|
|
|
30 |
Leafminer espionage Middle East |
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/leafminer-espionage-middle-east |
|
|
7/1/2018 |
|
31 |
Malware A Case Study of WannaCry Ransomware |
https://arxiv.org/pdf/1709.08753.pdf |
Chen Q. & Bridges, R.
16th IEEE International Conference on
Machine Learning and Applications (ICMLA). 2017 |
|
7/9/1905 |
|
32 |
Mandiant_APT1_Chinese Cyber Espionage Report |
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf |
|
Democratic National Committee |
|
|
33 |
Maroochy Shire (2 case studies) Sewage System Attack |
https://securitylab.disi.unitn.it/lib/exe/fetch.php?media=teaching:seceng:2014:grc-boden-sewage_spillover-fisma-study.pdf |
Insider Attack - Vitek Boden |
Sewage Processing |
2/1/2000 |
|
34 |
Maroochy Shire (2 case studies) Sewage System Attack |
https://cams.mit.edu/wp-content/uploads/2017-09.pdf |
Insider Attack - Vitek Boden |
|
2/1/2000 |
|
35 |
Mimikatz & Zerologon Authentication Vulnerabilities |
https://www.tenable.com/blog/cve-2020-1472-microsoft-finalizes-patch-for-zerologon-to-enable-enforcement-mode-by-default |
|
|
2/1/2021 |
|
36 |
MisoSMS: New Android Malware Disguises Itself as a Settings App, Steals SMS Messages |
https://www.fireeye.com/blog/threat-research/2013/12/misosms.html |
|
|
12/16/2013 |
| by Blaine
Stancill, Sebastian Vogl, Omar Sardar |
|
37 |
Muddy Waters - Iranian APT |
https://research.checkpoint.com/2019/the-muddy-waters-of-apt-attacks/ |
|
|
4/1/2019 |
| by Matt
Bromiley, Noah Klapprodt, Nick Schroeder, Jessica Rocchio |
38 |
North Korean Cyber Offensive Capability HP Security Briefing 16 |
https://cryptome.org/2014/12/hp-nk-cyber-threat.pdf |
|
|
|
| by Brett Hawkins |
|
39 |
Operation North Star |
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/#Target%20of%20Interest%20%E2%80%93%20Defense%20&%20Aerospace%20Campaign |
|
|
Jul 29 2020 |
|
40 |
Ramsay 2 tool for air gapped nets |
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/ |
Ramsay: A cyber‑espionage
toolkit tailored for air‑gapped networks |
|
|
| by Vinay
Pidathala, Zheng Bu, Hitesh Dharmdasani, Jinjian Zhai |
41 |
Ransomeware Analysis and Defense |
https://pdfs.semanticscholar.org/c989/e243e8c09bac5d4644a4af99e573b64f205c.pdf |
Jones, J. and Shashidhar, N. International Journal of Information Security Science Vol 6 No. 4 |
SpyEye |
|
|
42 |
Ransomeware Attacks |
https://d3bq4d0pqn52ro.cloudfront.net/ |
|
Jing An Telescope Factory |
|
|
43 |
RSA |
|
|
|
|
|
44 |
Russia arrests Malware Author |
https://www.zdnet.com/google-amp/article/russian-authorities-make-rare-arrest-of-malware-author/ |
|
|
11/1/2020 |
|
45 |
Sednit (3 parts) |
https://www.eset.com/afr/about/newsroom/press-releases-afr/research/dissection-of-sednit-espionage-group-1/ |
APT28 / Fancy Bear / Sofacy |
|
|
|
46 |
Shamoon 3 Varient |
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/ |
|
|
7/10/2005 |
|
47 |
Shamoon Saudi ARAMCO |
https://malwareindepth.com/shamoon-2012/ |
|
|
|
series of Zero Day vulnerabilities
from |
|
48 |
Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities |
https://www.fireeye.com/blog/threat-research/2019/08/automated-prioritization-of-software-vulnerabilities.html |
|
|
|
|
49 |
Sofacy from APT28 |
https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/ |
|
|
11/1/2018 |
|
50 |
Sofacy from APT28 |
https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/ |
|
|
2/1/2018 |
|
51 |
Solarwinds |
https://www.cnet.com/news/solarwinds-hack-officially-blamed-on-russia-what-you-need-to-know/ |
Microsoft Hack https://www.cnet.com/news/microsoft-says-solarwinds-hackers-viewed-source-code/ |
|
|
|
52 |
Sony |
|
|
|
|
|
53 |
Sophisticated |
https://www.zdnet.com/article/google-reveals-sophisticated-windows-android-hacking-operation/ |
|
|
|
|
54 |
Stuxnet |
https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf |
Equation Group |
Uranium Refinement Centrifuges |
|
|
55 |
Stuxnet addl |
https://eugene.kaspersky.com/2011/11/02/the-man-who-found-stuxnet-sergey-ulasen-in-the-spotlight/ |
|
|
|
|
56 |
Supply Chain Attack
using Cluster Analysis |
https://www.mandiant.com/sites/default/files/2021-09/rpt-malware-supply-chain.pdf |
|
|
9/1/2021 |
good in depth linking of IOCs to
APTs |
|
57 |
Target Stores (4 parts) Retail Point of Sale Attack |
1 -
http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/ |
https://krebsonsecurity.com/wp-content/uploads/2014/01/POSWDS-ThreatExpert-Report.pdf |
|
1/1/2014 |
|
58 |
Target Stores (4 parts) Retail Point of Sale Attack |
2 -
http://krebsonsecurity.com/wp-content/uploads/2014/01/POSWDS-ThreatExpert-Report.pdf |
|
|
1/1/2014 |
|
59 |
Target Stores (4 parts) Retail Point of Sale Attack |
3 -
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ |
|
|
2/1/2014 |
|
60 |
Target Stores (4 parts) Retail Point of Sale Attack |
4 -
https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/ |
|
|
2/1/2014 |
|
61 |
TRITON |
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html |
|
|
|
|
62 |
Uber Executive Indictment |
https://www.wired.com/story/uber-exec-joe-sullivan-data-breach-indictment/ |
|
|
|
|
63 |
Ukraine |
https://blog.isa.org/lessons-learned-forensic-analysis-ukrainian-power-grid-cyberattack-malware |
|
|
|
|
64 |
Ukrainian Electric Grid Attack |
https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf |
Russia |
|
|
|
65 |
Web IN73CTION Attack CVE-2013-5576 |
http://index-of.co.uk/Hacking-Coleccion/Companion
to HPSR Threat Intelligence Briefing Episode 8 final.pdf |
|
|
|
|
|
|
|
|
|
|
|
Malicious Software & Components - includes:
Viruses, Trojans, Spyware, Ransomware, Worms,
Adware, Cryptojacking, Downloaders, & other common tools that may
be used for hacking |
[back to Top] |
|
|
|
|
Large (500+) list of Malicious
Software |
https://attack.mitre.org/software/ |
|
|
|
|
|
Cyber Analytics Repository from
MITRE |
https://car.mitre.org/ |
|
|
|
|
Threats & Risks See: |
https://www.broadcom.com/support/security-center/a-z |
formerly
https://www.symantec.com/security-center/a-z |
|
|
|
Threat Hunter Playbook |
https://threathunterplaybook.com/ |
|
|
|
|
Exploit Database |
https://www.exploit-db.com/ |
44,000 + entries as of Sept 2021 |
|
|
|
|
Data Breaches See: |
https://en.wikipedia.org/wiki/List_of_data_breaches |
|
|
|
|
Malware Source Lists for Researchers |
https://zeltser.com/malicious-ip-blocklists/ |
|
|
|
|
Pen Test Routines by category |
https://pentestlab.blog/ |
|
|
|
|
Malware Descriptions |
https://securelist.com/tag/malware-descriptions/ |
|
|
|
|
Malpedia |
https://malpedia.caad.fkie.fraunhofer.de/ |
|
|
|
|
MITRE Malware descriptors & content |
https://attack.mitre.org/software/ |
|
|
|
Packaged
Exploits - Major Examples |
|
[back to Top] |
|
|
|
|
WannaCry |
https://attack.mitre.org/software/S0366/ |
|
|
|
|
Petya |
https://en.wikipedia.org/wiki/Petya_(malware) |
|
|
|
|
NotPetya |
https://attack.mitre.org/software/S0368/ |
|
|
|
|
EternalBlue |
https://en.wikipedia.org/wiki/EternalBlue |
|
|
|
|
PowerStats |
https://attack.mitre.org/software/S0223/ |
|
|
|
|
W32 |
Exploits on Windows OS 32 bit version & Apps Running on
that version |
|
|
|
|
W64 |
Exploits on Windows OS 64 bit version " |
|
|
|
|
W95 |
Exploits on Windows 95 OS " |
|
|
|
|
W97 |
Exploits on Windows 97 OS " |
|
|
|
Remote
Access Trojan (RAT) Software |
|
[back to Top] |
|
|
|
|
Black Shades |
https://en.wikipedia.org/wiki/Blackshades |
|
|
|
|
Cybergate |
|
|
|
|
|
Dark Comet |
|
|
|
|
|
Evenge RAT |
|
|
|
|
|
Jspy |
|
|
|
|
|
Nanocore |
|
|
|
|
|
NJ RAT |
|
|
|
|
|
Plasma |
|
|
|
|
|
Poison Ivy |
https://attack.mitre.org/software/S0012/ |
|
|
|
|
Catchamus, Sagerunex, Hannotog |
|
|
|
|
|
Ransomware Families |
[back to Top] |
|
|
|
|
|
WannaCry |
|
|
|
|
|
|
LockerGoga |
|
|
|
|
|
|
MegaCortex |
|
|
|
|
|
|
Ryuk |
|
|
|
|
|
|
Maze, and now SNAKEHOSE |
|
|
|
|
|
|
SNAKEHOSE |
|
|
|
|
|
|
|
|
|
|
|
Sites offering malware for analysis |
[back to top] |
|
|
|
|
|
ANY.RUN: Registration
required |
|
|
|
|
|
|
Contagio Malware
Dump: Password required |
|
|
|
|
|
|
CAPE Sandbox |
|
|
|
|
|
|
Das Malwerk |
|
|
|
|
|
|
FreeTrojanBotnet:
Registration required |
|
|
|
|
|
|
Hybrid Analysis:
Registration required |
|
|
|
|
|
|
KernelMode.info:
Registration required |
|
|
|
|
|
|
MalShare: Registration required |
|
|
|
|
|
|
Malware.lu’s AVCaesar:
Registration required |
|
|
|
|
|
|
Malware DB |
|
|
|
|
|
|
Objective-See
Collection: Mac malware |
|
|
|
|
|
|
PacketTotal:
Malware inside downloadable PCAP files |
|
|
|
|
|
|
SNDBOX: Registration required |
|
|
|
|
|
|
theZoo aka
Malware DB |
|
|
|
|
|
|
URLhaus: Links to
live sites hosting malware |
|
|
|
|
|
|
VirusBay: Registration
required |
|
|
|
|
|
|
VirusShare |
|
|
|
|
|
|
Virusign |
|
|
|
|
|
|
VirusSign:
Registration required |
|
|
|
|
|
|
|
|
|
|
|
|
|
[back to Top] |
|
|
|
|
|
|
|
Indicators of
Compromise -Samples & Sources |
[back to Top] |
|
|
|
|
MITRE Techniques (IOCs) |
https://attack.mitre.org/techniques/enterprise/ |
https://attack.mitre.org/techniques/enterprise/ |
|
|
|
|
|
|
|
|
|
|
FireEye/Mandiant IOCs |
https://www.mandiant.com/blog/basics-series-openioc/ |
https://www.mandiant.com/blog/basics-series-openioc/ |
|
|
|
|
|
|
|
|
|
|
IOC Bucket |
https://www.iocbucket.com/search |
https://www.iocbucket.com/search |
|
|
|
|
|
|
|
|
|
|
Alienvault |
https://otx.alienvault.com/browse/global/indicators |
https://otx.alienvault.com/browse/global/indicators |
|
|
|
|
|
|
|
|
|
|
IBM |
https://exchange.xforce.ibmcloud.com/ |
https://exchange.xforce.ibmcloud.com/ |
|
|
|
|
|
|
|
|
|
|
Unauthorized Access |
|
|
|
|
|
|
|
|
|
|
|
|
Disguised email OR url source |
E.G. bitly |
|
|
|
|
|
|
|
|
|
|
|
Misspellings, Grammar, Foreign language indicators, etc |
|
|
|
|
|
|
|
|
|
|
|
|
Session Recordings |
session hijacking |
session hijacking |
Be careful not to infect yourself when
accessing and experimenting with malicious software. |
|
Packet Capture |
running pcap winpcap |
running pcap winpcap |
https://zeltser.com/automated-malware-analysis/ |
|
|
|
|
|
|
|
|
|
Network State Monitoring |
|
|
My other lists of online security resources
outline Automated Malware Analysis Services and On-Line Tools
for Malicious Website Lookups. Also, take a look at tips sharing malware
samples with other researchers. |
|
Suspicious Binaries |
e.g. not matching hash, not known to be part of an
application |
e.g. not matching hash, not known to be part of an application |
|
|
|
|
|
|
|
|
|
|
Suspicious Process Code (e.g. PowerShell) |
|
|
|
|
|
|
|
|
|
|
|
|
Suspicious Services |
|
|
|
|
|
|
|
|
|
|
|
|
Inferring Admin Accounts |
|
|
|
|
|
|
|
|
|
|
|
|
Autoruns |
|
|
|
|
|
|
|
|
|
|
|
|
Registry Access & Content |
|
|
|
|
|
|
|
|
|
|
|
|
Priviledge User Account activity |
Excessive or Reduced |
Excessive or Reduced |
Updated May 2, 2019 |
|
|
|
|
|
|
|
|
|
Database Read/Write Volume |
Out of bounds high/low; high activity; impermissable access
alerts |
Out of bounds high/low; high activity; impermissable access alerts |
|
|
|
|
|
|
|
|
|
|
Lateral Movement Detection |
mimikatz;
https://www.splunk.com/en_us/blog/security/spotting-the-signs-of-lateral-movement.html |
mimikatz; https://www.splunk.com/en_us/blog/security/spotting-the-signs-of-lateral-movement.html |
|
|
|
|
|
|
|
|
|
|
Threat Miner Site |
|
|
|
1/11/1900 |
|
|
|
|
|
|
|
|
Threat Crowd Search Engine |
|
|
|
2/2/1900 |
|
|
|
|
|
|
|
|
Geographic Anomolies |
|
|
|
2/28/1900 |
|
|
|
|
|
|
|
|
Port Scanning |
|
|
|
1/28/1900 |
|
|
|
|
|
|
|
|
Mismatched Port requests |
|
|
|
3/7/1900 |
|
|
|
|
|
|
|
|
DDOS attempts |
|
|
|
1/19/1900 |
|
|
|
|
|
|
|
|
HTML Anomolies |
large package sizes, denied Gets & Posts |
large package sizes, denied Gets & Posts |
|
1/22/1900 |
|
|
|
|
|
|
|
|
Misuse of Patching |
|
|
|
1/17/1900 |
|
|
|
|
|
|
|
|
Alerts from Memory |
|
|
|
1/13/1900 |
|
|
|
|
|
|
|
|
Hash Anolmolies |
|
|
|
1/22/1900 |
|
|
|
|
|
|
|
|
IDS/IPS strings of code identified in known attacks |
|
|
|
1/9/1900 |
|
|
|
|
|
|
|
|
Firewall alerts |
|
|
|
1/14/1900 |
|
|
|
|
|
|
|
|
IOC Bucket - malware |
https://www.iocbucket.com/search |
|
|
11/9/1900 |
|
|
|
|
|
|
|
|
LinkedIn |
https://www.linkedin.com/pulse/9-great-sites-ioc-searching-ely-kahn/ |
|
|
|
|
|
|
|
|
|
|
|
Splunk |
https://www.splunk.com/blog/2017/07/06/hunting-with-splunk-the-basics.html |
|
|
|
|
|
|
|
|
|
|
|
Bad IPs Blacklists |
https://www.spamhaus.org/lookup |
|
|
|
|
|
Malware Domain List |
http://www.malwaredomainlist.com/mdl.php |
|
|
|
|
|
Unusual Outbound Network
Traffic |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Anomalies in Privileged User
Account Activity |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Geographical Irregularities |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Log-In Red Flags |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Increases in Database Read
Volume |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
HTML Response Sizes |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Large Numbers of Requests for
the Same File |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Mismatched Port-Application
Traffic |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Suspicious Registry or System
File Changes |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Unusual DNS Requests |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Unexpected Patching of Systems |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Mobile Device Profile Changes |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Bundles of Data in the Wrong
Place |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Web Traffic with Unhuman
Behavior |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
Signs of DDoS Activity |
https://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise |
|
|
|
|
|
LinkedIn |
https://www.linkedin.com/pulse/9-great-sites-ioc-searching-ely-kahn/ |
|
|
|
|
|
Splunk |
https://www.splunk.com/blog/2017/07/06/hunting-with-splunk-the-basics.html |
|
|
|
|
|
National Vulnerability Database |
https://nvd.nist.gov/vuln/search |
Vulnerabilities |
|
|
|
|
National Software Reference Library |
https://www.nist.gov/software-quality-group/national-software-reference-library-nsrl |
Hashes |
|
|
|
|
Password Rainbow Tables |
http://ophcrack.sourceforge.net/tables.php |
One Way Password Hashes |
|
|
|
|
National Checklist Repository |
https://nvd.nist.gov/ncp/repository |
Checklists |
|
|
|
|
Malware Check |
https://www.virustotal.com/gui/home/upload |
Has all known malware signatures |
|
|
|
|
Virus Bay |
https://beta.virusbay.io/ |
|
|
|
|
|
UNB Cyber Datasets |
https://www.unb.ca/cic/datasets/index.html |
Wide array of captured traffic: botnets, dark web, |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|