update

mthcht · Jan 31, 2025 · bac80d1 · bac80d1
1 parent 95ff08b
commit bac80d1
Show file tree

Hide file tree

Showing 25 changed files with 301 additions and 291 deletions.
diff --git a/Collection_category_detection.csv b/Collection_category_detection.csv
@@ -3,7 +3,6 @@
 "* CarSeat.py *",".{0,1000}\sCarSeat\.py\s.{0,1000}","offensive_tool_keyword","Carseat","Python implementation of GhostPack Seatbelt situational awareness tool","T1012 - T1082 - T1087 - T1124 - T1217","TA0006 - TA0007 - TA0009","N/A","N/A","Collection","https://github.com/0xthirteen/Carseat","1","0","N/A","N/A","8","3","237","18","2024-11-12T19:37:38Z","2024-11-08T02:08:53Z"
 "* dll-installer.ps1*",".{0,1000}\sdll\-installer\.ps1.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","4","388","43","2024-10-23T10:26:43Z","2023-02-27T14:27:32Z"
 "* GraphSpy.py*",".{0,1000}\sGraphSpy\.py.{0,1000}","offensive_tool_keyword","GraphSpy","Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI","T1078.004 - T1110.003 - T1071.001 - T1566.002 - T1656","TA0001 - TA0006 - TA0003 - TA0005 - TA0008","N/A","N/A","Collection","https://github.com/RedByte1337/GraphSpy","1","0","N/A","N/A","10","7","629","68","2025-01-16T17:00:32Z","2024-02-07T19:47:15Z"
-"*https://www.sendspace.com/file/*",".{0,1000}\shttps\:\/\/www\.sendspace\.com\/file\/.{0,1000}","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","Dispossessor - Black Basta - Hive - Ragnar Locker - Royal - LockBit - Vice Society","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
 "* Invoke-WebRequest -Uri http://download.anydesk.com/AnyDesk.exe*",".{0,1000}\sInvoke\-WebRequest\s\-Uri\shttp\:\/\/download\.anydesk\.com\/AnyDesk\.exe.{0,1000}","greyware_tool_keyword","anydesk","command line used with anydesk in the notes of the Dispossessor ransomware group","T1486 - T1490 - T1059 - T1213 - T1078","TA0040 - TA0043 - TA0001 - TA0009","N/A","Dispossessor","Collection","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
 "* process call create *cmd.exe /c powershell.exe -nop -w hidden -c *IEX ((new-object net.webclient).downloadstring('https://*",".{0,1000}\sprocess\scall\screate\s.{0,1000}cmd\.exe\s\/c\spowershell\.exe\s\-nop\s\-w\shidden\s\-c\s.{0,1000}IEX\s\(\(new\-object\snet\.webclient\)\.downloadstring\(\'https\:\/\/.{0,1000}","greyware_tool_keyword","wmic","Threat Actors ran the following command to download and execute a PowerShell payload","T1059.001 - T1059.003 - T1569.002 - T1021.006","TA0002 - TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker - COZY BEAR - Dispossessor","Collection","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
 "* SendScreenshotToTelegram*",".{0,1000}\sSendScreenshotToTelegram.{0,1000}","offensive_tool_keyword","Powershell-Scripts-for-Hackers-and-Pentesters","","T1059.001 - T1119 - T1027 - T1016 - T1056.001","TA0002 - TA0009 - TA0005 - TA0007 - TA0010","N/A","N/A","Collection","https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters","1","0","N/A","N/A","10","4","388","43","2024-10-23T10:26:43Z","2023-02-27T14:27:32Z"
@@ -436,6 +435,7 @@
 "*https://www.nirsoft.net/toolsdownload/*",".{0,1000}https\:\/\/www\.nirsoft\.net\/toolsdownload\/.{0,1000}","greyware_tool_keyword","nirsoft tools","NirSoft is a legitimate software company that develops system utilities for Windows. Some of its tools can be used by malicious actors to recover passwords harvest sensitive information and conduct password attacks.","T1003 - T1003.001 - T1003.002 - T1110 - T1566","TA0002 - TA0003 - TA0004 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Collection","N/A","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
 "*https://www.nirsoft.net/utils/webcamimagesave.zip*","https\:\/\/www\.nirsoft\.net\/utils\/webcamimagesave\.zip","offensive_tool_keyword","nirsoft","designed to capture webcam images","T1125 - T1056.004 - T1140","TA0005 - TA0006","N/A","N/A","Collection","https://medium.com/checkmarx-security/python-obfuscation-traps-1acced941375","1","1","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
 "*https://www.premiumize.me/*",".{0,1000}https\:\/\/www\.premiumize\.me\/.{0,1000}","greyware_tool_keyword","premiumize.me","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Collection","www.premiumize.me","1","1","#filehostingservice #P2P","N/A","10","10","N/A","N/A","N/A","N/A"
+"*https://www.sendspace.com/file/*",".{0,1000}\shttps\:\/\/www\.sendspace\.com\/file\/.{0,1000}","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","Dispossessor - Black Basta - Hive - Ragnar Locker - Royal - LockBit - Vice Society","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
 "*https://www.telerik.com/download/fiddler/*",".{0,1000}https\:\/\/www\.telerik\.com\/download\/fiddler\/.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
 "*IEX(New-Object System.Net.WebClient).DownloadString(""https://raw.githubusercontent.com/*",".{0,1000}IEX\(New\-Object\sSystem\.Net\.WebClient\)\.DownloadString\(\""https\:\/\/raw\.githubusercontent\.com\/.{0,1000}","greyware_tool_keyword","powershell","download from github from memory","T1105 - T1059.001 - T1204","TA0009 - TA0002","N/A","N/A","Collection","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
 "*imaohw/nib/rsu/*",".{0,1000}imaohw\/nib\/rsu\/.{0,1000}","offensive_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0006 - TA0007","N/A","N/A","Collection","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"

diff --git a/Data_Exfiltration_category_detection.csv b/Data_Exfiltration_category_detection.csv
@@ -3258,6 +3258,7 @@
 "*DocPlz-main.zip*",".{0,1000}DocPlz\-main\.zip.{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","1","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z"
 "*DocsPLZ\DocsPLZ.*",".{0,1000}DocsPLZ\\DocsPLZ\..{0,1000}","offensive_tool_keyword","DocPlz","Documents Exfiltration and C2 project","T1105 - T1567 - T1071","TA0011 - TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/TheD1rkMtr/DocPlz","1","0","N/A","N/A","10","2","145","30","2023-10-10T19:01:42Z","2023-10-02T20:49:22Z"
 "*download.filezilla-project.org*",".{0,1000}download\.filezilla\-project\.org.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Dispossessor - Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider* - Unit 29155","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
+"*downloads.nordcdn.com/apps/vpn-extension/*","N/A","greyware_tool_keyword","NordVPN","OVPN configuration for nordvpn accessed within corporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://nordvpn.com","1","1","#VPN","N/A","8","10","N/A","N/A","N/A","N/A"
 "*dpplabbmogkhghncfbfdeeokoefdjegm*",".{0,1000}dpplabbmogkhghncfbfdeeokoefdjegm.{0,1000}","greyware_tool_keyword","Proxy SwitchySharp","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry #VPN","detection in registry","8","10","N/A","N/A","N/A","N/A"
 "*-e localtonet.service*",".{0,1000}\-e\slocaltonet\.service.{0,1000}","offensive_tool_keyword","localtonet","LocaltoNet is a reverse proxy that enables you to expose your localhost services to the internet","T1090 - T1102 - T1071 - T1105","TA0010 - TA0011 - TA0009 - TA0003 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/engineseller/localtonet","1","0","N/A","N/A","10","1","5","4","2022-01-31T03:19:25Z","2022-01-31T03:17:18Z"
 "*e023e84ae168c960b037db2d17b215362e19076f40f746f9190bb963302a4d77*",".{0,1000}e023e84ae168c960b037db2d17b215362e19076f40f746f9190bb963302a4d77.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest - EMBER BEA - Gamaredon","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","48472","4323","2025-01-27T20:00:44Z","2014-03-16T16:19:57Z"

diff --git a/FileHosting_Services_tag_detection.csv b/FileHosting_Services_tag_detection.csv
@@ -1,5 +1,4 @@
 "keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_tags","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
-"*https://www.sendspace.com/file/*",".{0,1000}\shttps\:\/\/www\.sendspace\.com\/file\/.{0,1000}","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","Dispossessor - Black Basta - Hive - Ragnar Locker - Royal - LockBit - Vice Society","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
 "*.api.mega.co.nz*",".{0,1000}\.api\.mega\.co\.nz.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon - EMBER BEAR","Data Exfiltration","https://mega.io/en/desktop","1","1","#filehostingservice #P2P","N/A","10","10","N/A","N/A","N/A","N/A"
 "*.gofile.io/uploadFile*",".{0,1000}\.gofile\.io\/uploadFile.{0,1000}","greyware_tool_keyword","gofile.io","legitimate service abused by lots of stealer to exfiltrate data","T1567.002","TA0010","N/A","Hive - Royal - LockBit - Vice Society - BlackSuit - Conti","Data Exfiltration","https://gofile.io","1","1","#filehostingservice","N/A","8","10","N/A","N/A","N/A","N/A"
 "*.myftp.biz*",".{0,1000}\.myftp\.biz.{0,1000}","greyware_tool_keyword","myftp.biz","dyndns - lots of subdomains associated with malwares - could be used in various ways for both legitimate and malicious activities (malicious mostly)","T1071 - T1021 - T1095 - T1059","TA0010 - TA0008 - TA0009 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/hagezi/dns-blocklists/blob/9d6562bddc175b59241d5935531f648cd6b6d9c8/rpz/dyndns.txt#L103","1","1","#filehostingservice #P2P","N/A","10","10","8334","279","2025-01-28T03:28:57Z","2022-04-25T07:13:09Z"
@@ -77,6 +76,7 @@
 "*https://www.4shared.com/get/*",".{0,1000}https\:\/\/www\.4shared\.com\/get\/.{0,1000}","greyware_tool_keyword","4shared.com","Downloading a file from 4shared.com","T1105 - T1071 - T1125","TA0009","N/A","Turla","Collection","4shared.com","1","1","#filehostingservice","N/A","6","5","N/A","N/A","N/A","N/A"
 "*https://www.mediafire.com/api/*/folder/get_content.php*",".{0,1000}https\:\/\/www\.mediafire\.com\/api\/.{0,1000}\/folder\/get_content\.php.{0,1000}","greyware_tool_keyword","mediafire","downloading from mediafire","T1105 - T1114 - T1083","TA0009","N/A","N/A","Collection","N/A","1","1","#filehostingservice","N/A","7","8","N/A","N/A","N/A","N/A"
 "*https://www.premiumize.me/*",".{0,1000}https\:\/\/www\.premiumize\.me\/.{0,1000}","greyware_tool_keyword","premiumize.me","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Collection","www.premiumize.me","1","1","#filehostingservice #P2P","N/A","10","10","N/A","N/A","N/A","N/A"
+"*https://www.sendspace.com/file/*",".{0,1000}\shttps\:\/\/www\.sendspace\.com\/file\/.{0,1000}","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","Dispossessor - Black Basta - Hive - Ragnar Locker - Royal - LockBit - Vice Society","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
 "*mediator.goodsync.com*",".{0,1000}mediator\.goodsync\.com.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","#filehostingservice","N/A","9","10","N/A","N/A","N/A","N/A"
 "*oshi.at/onion*",".{0,1000}oshi\.at\/onion.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","#filehostingservice #P2P","N/A","10","2","186","26","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
 "*oshiatwowvdbshka.onion*",".{0,1000}oshiatwowvdbshka\.onion.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","#filehostingservice #P2P","N/A","10","2","186","26","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"

diff --git a/GUIDproject_tag_detection.csv b/GUIDproject_tag_detection.csv
@@ -172,7 +172,7 @@
 "*2CFB9E9E-479D-4E23-9A8E-18C92E06B731*",".{0,1000}2CFB9E9E\-479D\-4E23\-9A8E\-18C92E06B731.{0,1000}","offensive_tool_keyword","NoFilter","Tool for abusing the Windows Filtering Platform for privilege escalation. It can launch a new console as NT AUTHORITY\SYSTEM or as another user that is logged on to the machine.","T1548 - T1548.002 - T1055 - T1055.004","TA0004 - TA0003","N/A","N/A","Privilege Escalation","https://github.com/deepinstinct/NoFilter","1","0","#GUIDproject","N/A","9","3","296","48","2024-10-29T07:30:35Z","2023-07-30T09:25:38Z"
 "*2D6FDD44-39B1-4FF8-8AE0-60A6B0979F5F*",".{0,1000}2D6FDD44\-39B1\-4FF8\-8AE0\-60A6B0979F5F.{0,1000}","offensive_tool_keyword","r77-rootkit","Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections","T1014 - T1055 - T1055.013 - T1060 - T1106 - T1070.009","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/bytecode77/r77-rootkit","1","0","#GUIDproject","N/A","10","10","1715","403","2025-01-24T14:42:29Z","2017-12-17T13:04:14Z"
 "*2D863D7A-A369-419C-B4B3-54BDB88B5816*",".{0,1000}2D863D7A\-A369\-419C\-B4B3\-54BDB88B5816.{0,1000}","offensive_tool_keyword","UsoDllLoader","This PoC shows a technique that can be used to weaponize privileged file write vulnerabilities on Windows. It provides an alternative to the DiagHub DLL loading exploit ","T1210.001 - T1055 - T1574.001","TA0007 - TA0002 - TA0001","N/A","N/A","Exploitation tool","https://github.com/itm4n/UsoDllLoader","1","0","#GUIDproject","N/A","N/A","4","382","99","2020-06-06T11:05:12Z","2019-08-01T17:58:16Z"
-"*2deff2ca-c313-4d85-aeee-414bac32e7ae*",".{0,1000}2deff2ca\-c313\-4d85\-aeee\-414bac32e7ae.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing$","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","#GUIDproject","N/A","9","1","17","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z"
+"*2deff2ca-c313-4d85-aeee-414bac32e7ae*",".{0,1000}2deff2ca\-c313\-4d85\-aeee\-414bac32e7ae.{0,1000}","offensive_tool_keyword","hotkeyz","Hotkey-based keylogger for Windows","T1056.001","TA0006  - TA0009","N/A","N/A","Sniffing & Spoofing","https://github.com/yo-yo-yo-jbo/hotkeyz","1","0","#GUIDproject","N/A","9","1","17","1","2024-10-17T17:50:19Z","2024-06-03T21:23:16Z"
 "*2E98B8D4-7A26-4F04-A95D-2051B0AB884C*",".{0,1000}2E98B8D4\-7A26\-4F04\-A95D\-2051B0AB884C.{0,1000}","offensive_tool_keyword","S-inject","Windows injection of x86/x64 DLL and Shellcode","T1055 - T1027","TA0002 - TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/Joe1sn/S-inject","1","0","#GUIDproject","N/A","10","3","267","35","2024-07-07T15:01:16Z","2024-02-05T04:39:10Z"
 "*2E9B1462-F47C-48CA-9D85-004493892381*",".{0,1000}2E9B1462\-F47C\-48CA\-9D85\-004493892381.{0,1000}","offensive_tool_keyword","p0wnedShell","p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an ?all in one? Post Exploitation tool which we could use to bypass all mitigations solutions (or at least some off). and that has all relevant tooling included. You can use it to perform modern attacks within Active Directory environments and create awareness within your Blue team so they can build the right defense strategies.","T1086 - T1059 - T1106 - T1566","TA0002 - TA0003 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Cn33liz/p0wnedShell","1","0","#GUIDproject","N/A","9","10","1530","336","2019-08-02T16:24:39Z","2015-12-25T11:44:37Z"
 "*2F00A05B-263D-4FCC-846B-DA82BD684603*",".{0,1000}2F00A05B\-263D\-4FCC\-846B\-DA82BD684603.{0,1000}","offensive_tool_keyword","SharpDPAPI","SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.","T1552.002 - T1059.001 - T1112 - T1649","TA0006 - TA0002","N/A","Conti","Credential Access","https://github.com/GhostPack/SharpDPAPI","1","0","#GUIDproject","N/A","10","10","1209","214","2024-06-27T13:39:08Z","2018-08-22T17:39:31Z"