tag:blogger.com,1999:blog-44619713428595800002024-03-04T21:41:18.346-08:00Maltelligence - a Malware/Threat Analyst Desktopmaltelligencehttp://www.blogger.com/profile/09208416302739573615noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4461971342859580000.post-32859617128087528992015-08-27T01:57:00.002-07:002015-08-27T09:07:06.196-07:00Maltelligence <div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Why Maltelligence is created?<o:p></o:p></span></b></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">After hiding myself in a corner at my home
every weekend for almost half year, I finally completed the new tool – Maltelligence
(which is named MalShell in the past). It shall be made available at <a href="https://github.com/maltelligence/maltelligence">Github</a> by
end of this week.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">As described in my last blog of seven months
ago, I want to develop a tool for threat/malware analysts to collect OSINT of
APT or watering hole attacks’ artifacts from various sources. It extends the functionality
of previous MalProfile Tool, which keeps only history (based of Passive DNS) of
selected DNS-IP pair and whois information of c2 used in malware samples. The
original idea is to develop an OS like framework so that Maltelligence users
can write plugins, for craving out relevant data from <a href="http://www.cuckoosandbox.org/">Cuckoo sandbox</a>,
analyzed results from <a href="http://viper.li/">Viper</a> and network infrastructure artifacts
from <a href="https://code.google.com/p/malicious-domain-profiling/">MalProfile</a> ported to
Maltelligence. The information is stored inside the Maltelligence database for
further analysis and for using in attribution.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">As I am not a ‘real coder’, I invited my
research buddies: Leng, Michael, Frank & Dan to work on this project with
me.<span style="mso-spacerun: yes;"> </span>They are now working as per planned
and have achieved various milestones this month. I am looking forward to see
their final product.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Although I am only responsible to write the
network infrastructure plugin, I found why not I first release this part separately
so that users can start collecting the network infrastructure artifacts as soon
as possible?<span style="mso-spacerun: yes;"> </span>Therefore, I trimmed down
my part and release a self-workable Maltelligence as pre-release beta.<span style="mso-spacerun: yes;"> </span>I hope the community can provide further feedbacks
and comments, which will definitely enrich the development of the future Maltelligence.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<b><span style="color: #262626; font-family: Calibri; mso-ascii-theme-font: major-latin; mso-bidi-font-family: Arial; mso-hansi-theme-font: major-latin;">Design concepts<o:p></o:p></span></b></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="color: #262626; font-family: Calibri;">At first, I want to build a Malware/Threat Analyst Desktop that
allows analyst interactively analysis and investigate various malicious “artifacts”,
including sample files, url, dns(domain), IP address, whois data, email, pcap,
memory images, etc. All results and collected artifacts will be properly kept
in a highly organised database or on file system folders for further analysis,
profiling and attribution.<o:p></o:p></span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="color: #262626; font-family: Calibri; mso-ascii-theme-font: major-latin; mso-bidi-font-family: Arial; mso-hansi-theme-font: major-latin;">Maltelligence also allows users to write their own plugin to analysis
each kind of objects by making queries from various OSINT (or paid data
sources) and has capability to monitor “temporal” or “contextual” changes on
selected malicious artifact. The information can be presented in a tabular table
or even nicely formatted 2D graphs (like: <a href="https://www.paterva.com/web6/products/maltego.php">Maltego</a> and <a href="https://www.elastic.co/products/kibana">Elasticsearch/Kibana</a>).<o:p></o:p></span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="color: #262626; font-family: Calibri; mso-ascii-theme-font: major-latin; mso-bidi-font-family: Arial; mso-hansi-theme-font: major-latin;">Maltelligence should provide easy online helps and fairly
controlled command line environment. Analyst can selectively execute commands
interactively in response to the queried results. All results will display all
output to the stdout first, but users can selectively save all or partial results
into the database. All typed commands can be saved into a command log, which
can be run like a tailed-made shell script for repeated operations with some
key parameters provided by the users.<o:p></o:p></span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="color: #262626; font-family: Calibri;">I want to implement some basic analytic functions into
Maltelligence in a way that normal IT Sec professionals can get the best and easy
results by accessing the collected data.</span><span style="color: #262626; font-family: Calibri;">
</span><span style="color: #262626; font-family: Calibri;">Finally, it will be great if the queried results can be visualised on
either 2D or 3D graphs or diagrams, interactively and replay the states along
the time span.</span><span style="color: #262626; font-family: Calibri;"> </span><span style="color: #262626; font-family: Calibri;"><o:p></o:p></span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">What is Maltelligence?<o:p></o:p></span></b></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Maltelligence is a tool developed by
Maltelligence Research Group to automatically collect malicious network
infrastructure information and malware samples RECURSIVELY from various open
source intelligence (OSINT) sources including VirusTotal, whois, passive DNS,
IP subnets, AS number and Geolocation information.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">You may run Maltelligence PERIODICALLY to
capture and profile the behaviour of malicious group of domain, IP, whois and
html content along different stage/time of APT attacks. Maltelligence is a
project from the insight of MalProfile<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">What artifacts collected?<o:p></o:p></span></b></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">If a domain or an IP address is submitted,
Maltelligence will update the domain and its second level domain to its domain
table, then it will grasp the latest key data from the respective whois
server.<span style="mso-spacerun: yes;"> </span>If IP address is submitted,
Maltelligence will update the Geo-location, the Country of residing, the AS
number, AS registrant, Subnet information if the ASN parameter is turned on in
MalProfile.ini.<span style="mso-spacerun: yes;"> </span>Please note that I used
paid service from Maxmind’s geoip database and tcpiputils.com to data mine this
set of information.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Using the web module, Maltelligence collects
JS script, iframe, images and links of the first web page of a domain.<span style="mso-spacerun: yes;"> </span>Downloaded JS scripts will be stored at the
repository directory under sub-directory name of respective domain by date.<span style="mso-spacerun: yes;"> </span>When making a <a href="https://youtu.be/TGMfx3FL9hM">recursive Passive DNS</a> query to
VirusTotal, Maltelligence will store everything, including associated domains
and IP addresses provided by VirusTotal.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">If download hash is available, using your
VirusTotal key, the samples will be automatically downloaded and store at the
repository directory.<span style="mso-spacerun: yes;"> </span>If any sample is
downloaded, Maltelligence will also check if this sample was once uploaded to
VirusTotal. If record is found, Maltelligence will collect the analysis details
from VirusTotal and saved inside the av_classification table.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Other than using Maltelligence’s report.py
module, users can structure their own queries to dump the collected information
from Maltelligence database.<span style="mso-spacerun: yes;"> </span>I would
like to see contributors upload their queries scripts in near future.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">How to use Maltelligence?<o:p></o:p></span></b></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Maltelligence consists of three parts: (a)
the engine to collect of the OSINT artifacts, (b) the analytic logic to display
the collected data and (c) the presentation of output by visualizing the
information in 2D or 3D graphs or diagrams.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">In this trimmed version, I included only the
domain, ip & whois part.<span style="mso-spacerun: yes;"> </span>First, you
need to submit identified malicious data into Maltelligence.<span style="mso-spacerun: yes;"> </span>By using update [-u] or [-c] option, you provide
a single record to Maltelligence, it will try to find the relevant data from
the Internet.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">You can make a submission in <a href="https://youtu.be/MAfmxqSlSfM">batch mode</a> [-b]
by creating a text file and put all related network infrastructure (domain
and/or IP address) plus sample hash (md5, sha1 or sha256) in the same line,
then submit the <span style="mso-spacerun: yes;"> </span>[--path] of the file
with a [--tag] to Maltelligence.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Maltelligence will automatically to grasp the
whois, geoip, subnet and AS number related information from the Internet and
save the information to Maltelligence database. If hash is available, it will
go the VirusTotal to grasp the sample and put it under a separate folder,
determined by the tag, for further analysis.<span style="mso-spacerun: yes;">
</span>To use Maltelligence, you have <a href="https://www.virustotal.com/en/#dlg-join">apply a API key</a> from VirusTotal. <o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">By setting up appropriate cron jobs plus
using the [-m] option, Maltelligence can be used as an automated engine to
collect malware associated network infrastructure data running in the
background. I use it to collect recessive Passive DNS from identified malware
(as specified under the c2 table). <o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">For example, I have set up a cron job to
monitoring the IP Address and whois changes of selected domains and set up
another cron job to monitor the updates of parked domains of selected subnets
under a few AS number.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">The way to learn how to use Maltelligence, is
download it from <a href="https://github.com/maltelligence/maltelligence">Github</a> and run the batch [-b] mode<span style="mso-spacerun: yes;"> </span>using with some sample files provided under
./reamde directory. Then check the output by calling the pre-defined queries contained
in the report.py module.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Where is the Maltelligence user manual?<o:p></o:p></span></b></div>
<div class="MsoNormal">
<span style="font-family: Calibri; mso-ascii-theme-font: major-latin; mso-hansi-theme-font: major-latin;">Maltelligence is created as my part time
project without funding.<span style="mso-spacerun: yes;"> </span>I made it open
source and assume users will provide feedbacks to us so that a more sophistical
version can be released. Only readme and FAQ are the only user
documentation.<span style="mso-spacerun: yes;"> </span>I am going to write some
blogs to illustrate how I make use of Maltellignece to analyze malicious
network infrastructure. You can find some introduction <a href="https://www.youtube.com/channel/UCA2SOq2EzZXCslu-AAXorXw">video on youtube</a>. <o:p></o:p></span><span style="font-family: Calibri;">By modifying the reporting module, structured queries can be presented like the attached. Enjoy it …!</span></div>
<div class="MsoNormal">
<span style="font-family: Calibri;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxEVZugE-XHYdPDMvAEtLrxcpC0igsAu12QeoYipZ9qB9w7HzZMzf06-SWqlzI6obi6xdaf6VAoHZr-2lMGt8uHnmzjCEoldedjjc7hRuwHZZEdU9IWMzsuUsuK-EPxGyv5J1qDc99d3I/s1600/Screen+Shot+2015-08-27+at+4.41.12+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxEVZugE-XHYdPDMvAEtLrxcpC0igsAu12QeoYipZ9qB9w7HzZMzf06-SWqlzI6obi6xdaf6VAoHZr-2lMGt8uHnmzjCEoldedjjc7hRuwHZZEdU9IWMzsuUsuK-EPxGyv5J1qDc99d3I/s400/Screen+Shot+2015-08-27+at+4.41.12+pm.png" width="400" /></a></div>
<div class="MsoNormal">
<span style="font-family: Calibri;"><br /></span></div>
<div class="p1">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
<w:UseFELayout/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Cambria;
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;}
</style>
<![endif]-->
<!--StartFragment-->
<!--EndFragment--></div>
<div class="MsoNormal">
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dzBwb6JoLzKllanjw2xpAr5uRIosSkTYx4WljCLwRQnqM-khKvkF-Kwm3qC0wZMbqAR7XyxBOewagJDBfH-HQ' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Visualisation of future Maltelligence</div>
</div>
maltelligencehttp://www.blogger.com/profile/09208416302739573615noreply@blogger.com0