Giter Club home page Giter Club logo

misp-tools's Introduction

CrowdStrike Falcon

CrowdStrike Subreddit

MISP Tools

This repository is focused on a solution for importing CrowdStrike Threat Intelligence data into an instance of MISP.

  • Manual Import - Manually import Adversaries (Actors), Indicators or Reports from CrowdStrike Falcon Threat Intelligence into your MISP instance.
  • MISP Modules - MISP modules that leverage CrowdStrike.

Manual import

CrowdStrike Adversary Lineup

This solution will import adversaries, indicators or reports from CrowdStrike Falcon Threat Intelligence into your MISP instance from a specified number of days backwards in time.

This solution supports standalone execution as well as container deployment.

Configuration

Requirements

This application requires Python 3.6+.

The following Python packages must be installed in order for this application to function.

CrowdStrike API credential Scope

Your API credentials will need READ access to:

  • Adversaries (Falcon Threat Intelligence)
  • Indicators (Falcon Threat Intelligence)
  • Reports (Falcon Threat Intelligence)

MISP server requirements

You will need to generate an authorization key (and potentially a user) to use for access to the MISP instance. You will also need to create an organization called "CrowdStrike", and provide the UUID for this organization in the configuration file as detailed below.

misp_import.ini

The are two sections within the misp_import.ini configuration file, CrowdStrike and MISP.

CrowdStrike

The CrowdStrike section contains configuration detail for communicating with your CrowdStrike tenant.
client_id Your CrowdStrike API client identifier.
client_secret Your CrowdStrike API client secret.
crowdstrike_url The base URL to use for requests to CrowdStrike. You may pass the full URL, the URL string, or just the shortname (US1, US2, EU1, USGOV1).
api_request_max Limit to use for requests to the CrowdStrike API. The US-1 CrowdStrike region supports 5000 for a limit. Other regions support 2500.
api_enable_ssl Boolean to specify if SSL verification should be disabled.
reports_timestamp_filename Filename to use to store the timestamp for the last imported report.
indicators_timestamp_filename Filename to use to store the timestamp for the last imported indicator.
actors_timestamp_filename Filename to use to store the timestamp for the last imported adversary.
init_reports_days_before Maximum age of reports to import.
init_indicators_minutes_before Maximum age of indicators to import.
init_actors_days_before Maximum age of adversaries to import.
reports_unique_tag Originating from CrowdStrike unique report tag.
indicators_unique_tag Originating from CrowdStrike unique indicator tag.
actors_unique_tag Originating from CrowdStrike unique adversary tag.
reports_tags Tags to apply to imported reports.
indicators_tags Tags to apply to imported indicators.
actors_tags Tags to apply to imported adversaries.
unknown_mapping Name to use for tag used to flag unknown malware families.
unattributed_title Title used for unattributed indicator events.
indicator_type_title Title used for indicator type events.
malware_family_title Title used for indicator malware family events.
MISP

The MISP section contains detail for communicating with your MISP instance.
misp_url URL to use for the MISP instance.
misp_auth_key MISP authorization key used to import data.
crowdstrike_org_uuid The UUID of the CrowdStrike organization within your MISP instance. This is used as the organization for all imports.
misp_enable_ssl Boolean to specify if SSL should be used to communicate with the MISP instance.
max_threads Number of processor threads to use for processing.
miss_track_file The name of the file used to track malware families without a galaxy mapping.
galaxies_map_file The name of the galaxy mapping file (default: galaxy.ini)
ind_attribute_batch_size Maximum number of indicators to process before updating MISP event records. Performance impacts.
event_save_memory_refresh_interval Amount of time (in seconds) an event save must take before the event is subsequently refreshed in memory.

galaxy.ini

The galaxy mapping file, galaxy.ini contains one section, Galaxy. This section contains galaxy mappings for indicator malware families.

These mappings use the following format:

MalwareFamily = Misp_Galaxy_Mapping

Example

njRAT = misp-galaxy:malpedia="NjRAT"

More malware family detail and additional mappings for unidentified malware families can be found at https://www.misp-project.org/galaxy.html.

Command line arguments

This solution accepts the following command line arguments.

Argument Purpose
-h or --help Show command line help and exit.
-cr,
--clean_reports		 Remove all CrowdStrike tagged reports from the MISP instance.
-ci,
--clean_indicators		 Remove all CrowdStrike tagged indicators from the MISP instance.
-ca,
--clean_adversaries		 Remove all CrowdStrike tagged adversaries from the MISP instance.
-ct, --clean_tags Remove all CrowdStrike local tags. (WARNING: Run after removing reports, indicators and adversaries.)
-d, --debug Enable debug output.
-m, --max_age Remove all events that exceed the maximum age specified (in days).
-i, --indicators Import all indicators.
-f, --force Ignore the timestamp file and import indicators from the "minutes before" configuration setting.
-r, --reports Import reports.
-a,
--adversaries,
--actors		 Import adversaries.
-p, --publish Publish events upon creation.
-t, --type
--indicator_type,
--report_type,
--adversary_type		 Import or delete events of a specific type.
-c, --config Path to the local configuration file, defaults to misp_import.ini.
-v,
--verbose_tagging		 Disable verbose tagging.
-nd,
--no_dupe_check		 Disable duplicate checking on indicator import.
-nb, --no_banner Disable banners in terminal outputs.
-l, --logfile Logging file. Not currently implemented
--all, --fullmonty Import Adversaries, Reports and Indicators in one cycle.
--obliterate Remove all CrowdStrike data from the MISP instance.

Running the solution as a container

This solution can also be run as a container using the provided Docker file.

Building the container

To build the container, execute the following command. Depending upon permissions within your environment, you may need to execute this with escalated permissions.

docker build . -t misp

Running the container

Once your container has been built, you can start one up using the following (you may also need to escalate permissions here):

This example only shows the help dialog and exits.

docker run -it --rm \
    -v $(pwd)/misp_import.init:/misp/misp_import.init \
    misp --help

This example demonstrates cleaning all indicators from your MISP instance.

docker run -it --rm \
    -v $(pwd)/misp_import.init:/misp/misp_import.init \
    misp --clean_indicators

Running the solution manually

This solution can be run manually as long as all Python requirements have been met and the configuration files have been updated to reflect your environment.

Examples

The following examples demonstrate different variations of executing the solution locally.

Import all data (adversaries, indicators and reports)

python3 misp_import.py --all

Import just bear branch adversaries and CrowdStrike intelligence tips

python3 misp_import.py -a -r -t bear,csit

Disable verbose tagging

python3 misp_import.py -a -r -v

Delete just indicators

python3 misp_import.py --clean_indicators

Delete just panda branch adversaries

python3 misp_import.py -ca -t panda

Only import reports and related indicators

python3 misp_import.py --reports

Remove all CrowdStrike data

python3 misp_import.py --obliterate

MISP Modules

The MISP project supports autonomous modules that can be used to extend overall functionality. These modules are broken out into three categories; expansion, import and export.

The following MISP modules currently leverage CrowdStrike:

Support

misp-tools is an open source project, not a CrowdStrike product. As such it carries no formal support, expressed or implied.


WE STOP BREACHES

misp-tools's People

Contributors

cudeso avatar dependabot[bot] avatar isimluk avatar jshcodes avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

danieldurnea 5l1v3r1 cudeso ag-michael valdree dizhaung fwxiong

misp-tools's Issues

Obliterate and Clean <xxx> are no longer working

Crowdstrike Artifacts (i.e., Reports, Actors) are not deleted after performing Obliterate and Clean functions functions.

  • Use of -f has no impact on outcomes
  • Have tried bulk --obliterate and individual -ca, -ca, ci, -ct
[2023-03-31 19:01:30,364] INFO     processor/main       Start clean up of CrowdStrike Adversary (BAT) events from MISP.
[2023-03-31 19:01:30,518] INFO     processor/main       Completed deletion of CrowdStrike BAT adversaries within MISP in 0.15 seconds
[2023-03-31 19:01:30,518] INFO     processor/main       Start clean up of CrowdStrike Adversary (BEAR) events from MISP.
[2023-03-31 19:01:30,607] INFO     processor/main       Completed deletion of CrowdStrike BEAR adversaries within MISP in 0.08 seconds
[2023-03-31 19:01:30,607] INFO     processor/main       Start clean up of CrowdStrike Adversary (BUFFALO) events from MISP.
[2023-03-31 19:01:30,693] INFO     processor/main       Completed deletion of CrowdStrike BUFFALO adversaries within MISP in 0.08 seconds
[2023-03-31 19:01:30,693] INFO     processor/main       Start clean up of CrowdStrike Adversary (CHOLLIMA) events from MISP.
[2023-03-31 19:01:30,795] INFO     processor/main       Completed deletion of CrowdStrike CHOLLIMA adversaries within MISP in 0.10 seconds
[2023-03-31 19:01:30,795] INFO     processor/main       Start clean up of CrowdStrike Adversary (CRANE) events from MISP.
[2023-03-31 19:01:31,177] INFO     processor/main       Completed deletion of CrowdStrike CRANE adversaries within MISP in 0.38 seconds
[2023-03-31 19:01:31,177] INFO     processor/main       Start clean up of CrowdStrike Adversary (JACKAL) events from MISP.
[2023-03-31 19:01:31,243] INFO     processor/main       Completed deletion of CrowdStrike JACKAL adversaries within MISP in 0.06 seconds
[2023-03-31 19:01:31,243] INFO     processor/main       Start clean up of CrowdStrike Adversary (HAWK) events from MISP.
[2023-03-31 19:01:31,368] INFO     processor/main       Completed deletion of CrowdStrike HAWK adversaries within MISP in 0.12 seconds
[2023-03-31 19:01:31,368] INFO     processor/main       Start clean up of CrowdStrike Adversary (KITTEN) events from MISP.
[2023-03-31 19:01:31,487] INFO     processor/main       Completed deletion of CrowdStrike KITTEN adversaries within MISP in 0.11 seconds
[2023-03-31 19:01:31,487] INFO     processor/main       Start clean up of CrowdStrike Adversary (LEOPARD) events from MISP.
[2023-03-31 19:01:31,585] INFO     processor/main       Completed deletion of CrowdStrike LEOPARD adversaries within MISP in 0.09 seconds
[2023-03-31 19:01:31,585] INFO     processor/main       Start clean up of CrowdStrike Adversary (LYNX) events from MISP.
[2023-03-31 19:01:31,700] INFO     processor/main       Completed deletion of CrowdStrike LYNX adversaries within MISP in 0.11 seconds
[2023-03-31 19:01:31,700] INFO     processor/main       Start clean up of CrowdStrike Adversary (OCELOT) events from MISP.
[2023-03-31 19:01:31,829] INFO     processor/main       Completed deletion of CrowdStrike OCELOT adversaries within MISP in 0.12 seconds
[2023-03-31 19:01:31,830] INFO     processor/main       Start clean up of CrowdStrike Adversary (PANDA) events from MISP.
[2023-03-31 19:01:32,007] INFO     processor/main       Completed deletion of CrowdStrike PANDA adversaries within MISP in 0.17 seconds
[2023-03-31 19:01:32,007] INFO     processor/main       Start clean up of CrowdStrike Adversary (SPIDER) events from MISP.
[2023-03-31 19:01:32,222] INFO     processor/main       Completed deletion of CrowdStrike SPIDER adversaries within MISP in 0.21 seconds
[2023-03-31 19:01:32,222] INFO     processor/main       Start clean up of CrowdStrike Adversary (TIGER) events from MISP.
[2023-03-31 19:01:32,340] INFO     processor/main       Completed deletion of CrowdStrike TIGER adversaries within MISP in 0.11 seconds
[2023-03-31 19:01:32,340] INFO     processor/main       Start clean up of CrowdStrike Adversary (WOLF) events from MISP.
[2023-03-31 19:01:32,476] INFO     processor/main       Completed deletion of CrowdStrike WOLF adversaries within MISP in 0.13 seconds
[2023-03-31 19:01:32,476] INFO     processor/main       Finished cleaning up CrowdStrike related events from MISP, 0 events deleted.

image

ver_0.6.2 KeyError: 'TAGGING'

All prior Events (Actors, Reports, Indicators) deleted.

(venv):~/src/crowdstrike/220815/MISP-tools-ver_0.6.2]$ python3 misp_import.py --actors

[2022-08-15 21:04:41,839] (INFO) 
'##::::'##:'####::'######::'########:::::'####:'##::::'##:'########:::'#######::'########::'########:
 ###::'###:. ##::'##... ##: ##.... ##::::. ##:: ###::'###: ##.... ##:'##.... ##: ##.... ##:... ##..::
 ####'####:: ##:: ##:::..:: ##:::: ##::::: ##:: ####'####: ##:::: ##: ##:::: ##: ##:::: ##:::: ##::::
 ## ### ##:: ##::. ######:: ########:::::: ##:: ## ### ##: ########:: ##:::: ##: ########::::: ##::::
 ##. #: ##:: ##:::..... ##: ##.....::::::: ##:: ##. #: ##: ##.....::: ##:::: ##: ##.. ##:::::: ##::::
 ##:.:: ##:: ##::'##::: ##: ##:::::::::::: ##:: ##:.:: ##: ##:::::::: ##:::: ##: ##::. ##::::: ##::::
 ##:::: ##:'####:. ######:: ##:::::::::::'####: ##:::: ##: ##::::::::. #######:: ##:::. ##:::: ##::::
..:::::..::....:::......:::..::::::::::::....::..:::::..::..::::::::::.......:::..:::::..:::::..:::::
                      _____
                       /  '
                    ,-/-,__ __
                   (_/  (_)/ (_
                               _______                        __ _______ __        __ __
                              |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
                              |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
                              |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
                              |:  1   |                         |:  1   |
                              |::.. . |                         |::.. . |  Threat Intelligence v0.6.2
                              `-------'                         `-------'

[2022-08-15 21:04:42,971] (INFO) 
 ______  _______  ______ _____ __   _      _____ _______  _____   _____   ______ _______
 |_____] |______ |  ____   |   | \  |        |   |  |  | |_____] |     | |_____/    |
 |_____] |______ |_____| __|__ |  \_|      __|__ |  |  | |       |_____| |    \_    |

[2022-08-15 21:04:42,971] (INFO) 
  ____  ___    __ __    ___  ____    _____  ____  ____   ____    ___  _____
 /    T|   \  |  T  |  /  _]|    \  / ___/ /    T|    \ l    j  /  _]/ ___/
Y  o  ||    \ |  |  | /  [_ |  D  )(   \_ Y  o  ||  D  ) |  T  /  [_(   \_
|     ||  D  Y|  |  |Y    _]|    /  \__  T|     ||    /  |  | Y    _]\__  T
|  _  ||     |l  :  !|   [_ |    \  /  \ ||  _  ||    \  |  | |   [_ /  \ |
|  |  ||     | \   / |     T|  .  Y \    ||  |  ||  .  Y j  l |     T\    |
l__j__jl_____j  \_/  l_____jl__j\_j  \___jl__j__jl__j\_j|____jl_____j \___j

[2022-08-15 21:04:42,971] (INFO) Started getting adversaries from Crowdstrike Intel API and pushing them as events in MISP.
[2022-08-15 21:04:43,691] (INFO) Got 185 adversaries from the Crowdstrike Intel API.
last_seen (1375315200) has to be after first_seen (2013-09-11 21:41:00+00:00)
last_seen (1393632000) has to be after first_seen (2014-05-05 19:53:00+00:00)
last_seen (1367366400) has to be after first_seen (2013-11-15 20:21:00+00:00)
last_seen (1441065600) has to be after first_seen (2015-10-07 19:53:00+00:00)
last_seen (1433116800) has to be after first_seen (2015-06-02 16:07:00+00:00)
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)
last_seen (1372723200) has to be after first_seen (2013-07-02 19:35:00+00:00)
last_seen (1357084800) has to be after first_seen (2013-04-22 15:03:00+00:00)
last_seen (1435708800) has to be after first_seen (2015-08-28 15:50:00+00:00)
last_seen (1333324800) has to be after first_seen (2012-04-02 22:50:00+00:00)
[2022-08-15 21:04:50,479] (WARNING) Adversary 156278 missing field first_activity_date.
[2022-08-15 21:04:50,577] (WARNING) Adversary 137920 missing field first_activity_date.
[2022-08-15 21:04:50,888] (WARNING) Adversary 138228 missing field first_activity_date.
[2022-08-15 21:04:51,023] (ERROR) 'TAGGING'
Traceback (most recent call last):
  File "misp_import.py", line 213, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/220815/MISP-tools-ver_0.6.2/cs_misp_import/importer.py", line 163, in import_from_crowdstrike
    self.actors_importer.process_actors(actors_days_before, self.event_ids)
  File "/home/rx118r/src/crowdstrike/220815/MISP-tools-ver_0.6.2/cs_misp_import/actors.py", line 128, in process_actors
    if fut.result():
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/220815/MISP-tools-ver_0.6.2/cs_misp_import/actors.py", line 59, in batch_import_actors
    event: MISPEvent = self.create_event_from_actor(act, act_det)
  File "/home/rx118r/src/crowdstrike/220815/MISP-tools-ver_0.6.2/cs_misp_import/actors.py", line 417, in create_event_from_actor
    if confirm_boolean_param(self.settings["TAGGING"].get("taxonomic_TYPE", False)):
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/configparser.py", line 960, in __getitem__
    raise KeyError(key)
KeyError: 'TAGGING'
'TAGGING'

Data issue causes crash on related adversary during reports import (Missing null check) 

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/local/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/misp/misp_import.py", line 377, in <module>
    main()
  File "/misp/misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/misp/cs_misp_import/importer.py", line 308, in import_from_crowdstrike
    self.reports_importer.process_reports(reports_days_before, self.event_ids)
  File "/misp/cs_misp_import/reports.py", line 311, in process_reports
    reported.update(fut.result())
  File "/usr/local/lib/python3.10/concurrent/futures/_base.py", line 439, in result
    return self.__get_result()
  File "/usr/local/lib/python3.10/concurrent/futures/_base.py", line 391, in __get_result
    raise self._exception
  File "/usr/local/lib/python3.10/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/misp/cs_misp_import/reports.py", line 146, in batch_import_reports
    event: MISPEvent = self.create_event_from_report(report, rpt_detail, ind_list)
  File "/misp/cs_misp_import/reports.py", line 538, in create_event_from_report
    event = self.add_actor_detail(report, event)
  File "/misp/cs_misp_import/reports.py", line 334, in add_actor_detail
    actor_detail = actor_detail["body"]["resources"][0]
TypeError: 'NoneType' object is not subscriptable

Swap local tagging to leverage the taxonomy and drop the base event tags

The three base event tags CrowdStrike: REPORT, CrowdStrike: ADVERSARY and CrowdStrike: REPORT are used for deletion purposes. These base tags generate thousands of correlations and fill up the correlation table. Remove these tags as they are no longer necessary now that the new local tagging taxonomy is in place.

TypeError: 'NoneType' object is not iterable

I'm getting this error when running python3 misp-import.py --reports
Console output:
cs-misp-importer.py:31: DeprecationWarning: As our baseline system is the latest Ubuntu LTS, and Ubuntu LTS 22.04 has Python 3.10 available, we will officially deprecate python versions below 3.10 on January 1st 2024. **Please update your codebase.** from pymisp import ExpandedPyMISP, MISPObject, MISPEvent, MISPAttribute, MISPOrganisation INFO:root:Started getting reports from Crowdstrike Intel API and pushing them as events in MISP. ERROR:root:'NoneType' object is not iterable Traceback (most recent call last): File "cs-misp-importer.py", line 871, in main importer.import_from_crowdstrike(settings.init_reports_days_before, settings.init_indicators_days_before, File "cs-misp-importer.py", line 796, in import_from_crowdstrike self.reportsImporter.process_reports(reports_days_before, self.eventIDS) File "cs-misp-importer.py", line 234, in process_reports reports = self.intel_api_client.get_reports(start_get_events) File "cs-misp-importer.py", line 104, in get_reports reports.extend(resp_json.get('resources', [])) TypeError: 'NoneType' object is not iterable

Events being created for individual indicators

I'm curious as to why events are being created in MISP that only have 1 indicator in them?
It makes for a very messy MISP instance.
It would be nice if there was a way to stop this or group all those individual indicators into a single MISP event for those not related to a CS report of actor.

Feature Request: Add a 'no banner' ini and command line switch

Add the ability to turn off the cool banners in the ini file and command line (i.e., --no_banner)

Banners:


'##::::'##:'####::'######::'########:::::'####:'##::::'##:'########:::'#######::'########::'########:
 ###::'###:. ##::'##... ##: ##.... ##::::. ##:: ###::'###: ##.... ##:'##.... ##: ##.... ##:... ##..::
 ####'####:: ##:: ##:::..:: ##:::: ##::::: ##:: ####'####: ##:::: ##: ##:::: ##: ##:::: ##:::: ##::::
 ## ### ##:: ##::. ######:: ########:::::: ##:: ## ### ##: ########:: ##:::: ##: ########::::: ##::::
 ##. #: ##:: ##:::..... ##: ##.....::::::: ##:: ##. #: ##: ##.....::: ##:::: ##: ##.. ##:::::: ##::::
 ##:.:: ##:: ##::'##::: ##: ##:::::::::::: ##:: ##:.:: ##: ##:::::::: ##:::: ##: ##::. ##::::: ##::::
 ##:::: ##:'####:. ######:: ##:::::::::::'####: ##:::: ##: ##::::::::. #######:: ##:::. ##:::: ##::::
..:::::..::....:::......:::..::::::::::::....::..:::::..::..::::::::::.......:::..:::::..:::::..:::::
                      _____
                       /  '
                    ,-/-,__ __
                   (_/  (_)/ (_
                               _______                        __ _______ __        __ __
                              |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
                              |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
                              |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
                              |:  1   |                         |:  1   |
                              |::.. . |                         |::.. . |  Threat Intelligence v0.6.2
                              `-------'                         `-------'

 ______  _______  ______ _____ __   _      _____ _______  _____   _____   ______ _______
 |_____] |______ |  ____   |   | \  |        |   |  |  | |_____] |     | |_____/    |
 |_____] |______ |_____| __|__ |  \_|      __|__ |  |  | |       |_____| |    \_    |


 ____     ___  ____    ___   ____  ______  _____
|    \   /  _]|    \  /   \ |    \|      T/ ___/
|  D  ) /  [_ |  o  )Y     Y|  D  )      (   \_
|    / Y    _]|   _/ |  O  ||    /l_j  l_j\__  T
|    \ |   [_ |  |   |     ||    \  |  |  /  \ |
|  .  Y|     T|  |   l     !|  .  Y |  |  \    |
l__j\_jl_____jl__j    \___/ l__j\_j l__j   \___j


 _______ _____ __   _ _____ _______ _     _ _______ ______
 |______   |   | \  |   |   |______ |_____| |______ |     \
 |       __|__ |  \_| __|__ ______| |     | |______ |_____/

kao.add_tag(f"CrowdStrike:adversary:branch: {actor_branch}") AttributeError: 'NoneType' object has no attribute 'add_tag' 

python3 misp_import.py -f -nb -d --fullmonty
[2023-03-31 19:23:50,002] INFO     misp_tools    MISP Import for CrowdStrike Threat Intelligence v0.6.8
[2023-03-31 19:23:50,002] INFO     config  CHECK CONFIG
[2023-03-31 19:23:50,003] DEBUG    config  client_id                                   value redacted, check config file
[2023-03-31 19:23:50,003] DEBUG    config  client_secret                               value redacted, check config file
[2023-03-31 19:23:50,003] DEBUG    config  crowdstrike_url                             US1
[2023-03-31 19:23:50,003] DEBUG    config  api_request_max                             5000
[2023-03-31 19:23:50,003] DEBUG    config  api_enable_ssl                              True
[2023-03-31 19:23:50,003] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-03-31 19:23:50,003] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-03-31 19:23:50,003] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-03-31 19:23:50,003] DEBUG    config  init_reports_days_before                    365
[2023-03-31 19:23:50,003] DEBUG    config  init_indicators_minutes_before              20220
[2023-03-31 19:23:50,003] DEBUG    config  init_actors_days_before                     730
[2023-03-31 19:23:50,003] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-03-31 19:23:50,004] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-03-31 19:23:50,004] DEBUG    config  actors_unique_tag                           CrowdStrike: ADVERSARY
[2023-03-31 19:23:50,004] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-03-31 19:23:50,004] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-03-31 19:23:50,004] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-03-31 19:23:50,004] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-03-31 19:23:50,004] DEBUG    config  unattributed_title                          Unattributed indicators:
[2023-03-31 19:23:50,004] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-03-31 19:23:50,004] DEBUG    config  malware_family_title                        Malware Family:
[2023-03-31 19:23:50,004] DEBUG    config  log_duplicates_as_sightings                 True
[2023-03-31 19:23:50,004] DEBUG    config  misp_url                                    https://3samisp
[2023-03-31 19:23:50,004] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-03-31 19:23:50,004] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-03-31 19:23:50,004] DEBUG    config  misp_enable_ssl                             False
[2023-03-31 19:23:50,004] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-03-31 19:23:50,004] DEBUG    config  ind_attribute_batch_size                    2500
[2023-03-31 19:23:50,004] DEBUG    config  event_save_memory_refresh_interval          180
[2023-03-31 19:23:50,004] DEBUG    config  max_threads                                 16
[2023-03-31 19:23:50,004] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-03-31 19:23:50,004] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-03-31 19:23:50,004] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_kill-chain                        True
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_information-security-data-source  True
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_type                              True
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_iep                               False
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_iep2                              True
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_iep2_version                      False
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_tlp                               True
[2023-03-31 19:23:50,004] DEBUG    config  taxonomic_workflow                          True
[2023-03-31 19:23:50,892] INFO     config  No configuration errors found (1 warning)
[2023-03-31 19:23:50,892] INFO     config  
[2023-03-31 19:23:50,892] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-03-31 19:23:50,892] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-03-31 19:23:50,892] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-03-31 19:23:50,892] INFO     config  
[2023-03-31 19:23:52,593] INFO     processor/main       BEGIN ADVERSARIES IMPORT
[2023-03-31 19:23:52,593] INFO     processor/main       Start importing CrowdStrike Adversaries as events into MISP (past 730 days).
[2023-03-31 19:23:52,593] INFO     processor/main       Retrieving all adversaries.
[2023-03-31 19:23:53,656] INFO     processor/main       Got 54 adversaries from the Crowdstrike Intel API.
[2023-03-31 19:23:55,700] WARNING  processor/thread_0   Adversary OCTANE PANDA missing field first_activity_date.
[2023-03-31 19:23:55,723] DEBUG    processor/thread_3   Created adversary event for SHATTERED PANDA
[2023-03-31 19:23:55,737] DEBUG    processor/thread_4   Created adversary event for CYBORG SPIDER
[2023-03-31 19:23:55,739] DEBUG    processor/thread_5   Created adversary event for ALCHEMIST SPIDER
[2023-03-31 19:23:55,744] DEBUG    processor/thread_14  Created adversary event for CHRONO KITTEN
[2023-03-31 19:23:55,746] DEBUG    processor/thread_1   Created adversary event for FERAL SPIDER
[2023-03-31 19:23:55,747] DEBUG    processor/thread_8   Created adversary event for HIDDEN SPIDER
[2023-03-31 19:23:55,750] DEBUG    processor/thread_2   Created adversary event for SPECTRAL KITTEN
[2023-03-31 19:23:55,755] DEBUG    processor/thread_6   Created adversary event for COMPASS SPIDER
[2023-03-31 19:23:55,759] DEBUG    processor/thread_13  Created adversary event for SHINING SPIDER
[2023-03-31 19:23:55,763] DEBUG    processor/thread_0   Created adversary event for OCTANE PANDA
[2023-03-31 19:23:55,766] DEBUG    processor/thread_12  Created adversary event for SAMBA SPIDER
[2023-03-31 19:23:55,767] DEBUG    processor/thread_11  Created adversary event for HOLIDAY SPIDER
[2023-03-31 19:23:55,770] DEBUG    processor/thread_15  Created adversary event for HAYWIRE KITTEN
[2023-03-31 19:23:55,774] DEBUG    processor/thread_7   Created adversary event for OUTBREAK SPIDER
[2023-03-31 19:23:55,778] DEBUG    processor/thread_10  Created adversary event for SCATTERED SPIDER
[2023-03-31 19:23:55,786] DEBUG    processor/thread_9   Created adversary event for SLIPPY SPIDER
[2023-03-31 19:24:05,780] DEBUG    processor/thread_8   Created adversary event for COSMIC WOLF
[2023-03-31 19:24:07,406] DEBUG    processor/thread_10  Created adversary event for PARTISAN JACKAL
[2023-03-31 19:24:08,225] DEBUG    processor/thread_11  Created adversary event for LILY SPIDER
[2023-03-31 19:24:10,716] DEBUG    processor/thread_5   Created adversary event for VAPOR PANDA
[2023-03-31 19:24:10,726] DEBUG    processor/thread_12  Created adversary event for EMBER BEAR
[2023-03-31 19:24:10,827] DEBUG    processor/thread_9   Created adversary event for CHARIOT SPIDER
[2023-03-31 19:24:11,191] DEBUG    processor/thread_1   Created adversary event for HERMIT SPIDER
[2023-03-31 19:24:12,685] DEBUG    processor/thread_7   Created adversary event for WANDERING SPIDER
[2023-03-31 19:24:13,421] DEBUG    processor/thread_3   Created adversary event for VICE SPIDER
[2023-03-31 19:24:14,792] DEBUG    processor/thread_11  Created adversary event for ALPHA SPIDER
[2023-03-31 19:24:14,959] DEBUG    processor/thread_13  Created adversary event for RECESS SPIDER
[2023-03-31 19:24:16,752] DEBUG    processor/thread_15  Created adversary event for HIVE SPIDER
[2023-03-31 19:24:17,838] DEBUG    processor/thread_9   Created adversary event for DEADEYE HAWK
[2023-03-31 19:24:18,191] DEBUG    processor/thread_1   Created adversary event for GALACTIC OCELOT
[2023-03-31 19:24:20,358] DEBUG    processor/thread_6   Created adversary event for VERTIGO PANDA
[2023-03-31 19:24:21,323] DEBUG    processor/thread_0   Created adversary event for BLIND SPIDER
[2023-03-31 19:24:25,341] DEBUG    processor/thread_14  Created adversary event for JACKPOT PANDA
[2023-03-31 19:24:26,614] WARNING  pymisp/thread_10     The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
[2023-03-31 19:24:26,617] DEBUG    processor/thread_10  Created adversary event for CHAOTIC SPIDER
[2023-03-31 19:24:27,480] DEBUG    processor/thread_2   Created adversary event for AQUATIC PANDA
[2023-03-31 19:24:27,694] DEBUG    processor/thread_3   Created adversary event for BRAIN SPIDER
[2023-03-31 19:24:27,751] DEBUG    processor/thread_7   Created adversary event for AVIATOR SPIDER
[2023-03-31 19:24:27,761] DEBUG    processor/thread_0   Created adversary event for FRINGE LEOPARD
[2023-03-31 19:24:27,781] DEBUG    processor/thread_4   Created adversary event for HAZY TIGER
[2023-03-31 19:24:27,828] DEBUG    processor/thread_13  Created adversary event for MIRAGE TIGER
[2023-03-31 19:24:27,851] DEBUG    processor/thread_15  Created adversary event for VETO SPIDER
[2023-03-31 19:24:27,879] WARNING  processor/thread_11  Adversary DEMON SPIDER missing field first_activity_date.
[2023-03-31 19:24:27,880] WARNING  processor/thread_11  Adversary DEMON SPIDER missing field last_activity_date.
[2023-03-31 19:24:27,880] DEBUG    processor/thread_11  Created adversary event for DEMON SPIDER
[2023-03-31 19:24:28,016] DEBUG    processor/thread_10  Created adversary event for BANISHED KITTEN
[2023-03-31 19:24:28,212] WARNING  processor/thread_11  Could not add or tag event ADV-203346 DEMON SPIDER (eCrime). Will retry in 0.3 seconds.
day is out of range for month: 0
[2023-03-31 19:24:28,331] DEBUG    processor/thread_7   Created adversary event for ROYAL SPIDER
[2023-03-31 19:24:28,384] DEBUG    processor/thread_5   Created adversary event for BITWISE SPIDER
[2023-03-31 19:24:28,633] DEBUG    processor/thread_3   Created adversary event for GOSSAMER BEAR
[2023-03-31 19:24:28,642] DEBUG    processor/thread_11  Created adversary event for REGAL JACKAL
[2023-03-31 19:24:28,698] WARNING  processor/thread_6   Adversary INTREPID JACKAL missing field first_activity_date.
[2023-03-31 19:24:28,698] WARNING  processor/thread_6   Adversary INTREPID JACKAL missing field last_activity_date.
[2023-03-31 19:24:28,699] DEBUG    processor/thread_6   Created adversary event for INTREPID JACKAL
[2023-03-31 19:24:28,820] DEBUG    processor/thread_12  Created adversary event for OUTRIDER TIGER
[2023-03-31 19:24:28,853] WARNING  processor/thread_9   Adversary VAMPIRE SPIDER missing field last_activity_date.
[2023-03-31 19:24:28,854] WARNING  pymisp/thread_9      The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
[2023-03-31 19:24:28,863] DEBUG    processor/thread_9   Created adversary event for NEMESIS KITTEN
[2023-03-31 19:24:28,910] DEBUG    processor/thread_15  Created adversary event for SUNRISE PANDA
[2023-03-31 19:24:29,023] DEBUG    processor/thread_14  Created adversary event for ETHEREAL PANDA
[2023-03-31 19:24:30,586] WARNING  processor/thread_6   Could not add or tag event ADV-137920 INTREPID JACKAL (Hacktivist). Will retry in 0.3 seconds.
day is out of range for month: 0
Traceback (most recent call last):
  File "misp_import.py", line 377, in <module>
    main()
  File "misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/importer.py", line 303, in import_from_crowdstrike
    self.actors_importer.process_actors(actors_days_before, self.event_ids)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/actors.py", line 153, in process_actors
    if fut.result():
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/actors.py", line 66, in batch_import_actors
    event: MISPEvent = self.create_event_from_actor(act, act_det)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/actors.py", line 372, in create_event_from_actor
    kao.add_tag(f"CrowdStrike:adversary:branch: {actor_branch}")
AttributeError: 'NoneType' object has no attribute 'add_tag'

Critical Errors During Bulk Deletes

While executing bulk deletes,

/data/misp/venv/bin/python3 misp_import.py --clean_actors --clean_indicators --clean_reports

Received many errors like following:

CRITICAL:pymisp:Unknown error: the response is not in JSON.
Something is broken server-side, please send us everything that follows (careful with the auth key):
Request headers:
{'User-Agent': 'PyMISP 2.4.159 - Python 3.8', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Cookie': 'MISP-00c7d9ac-5a36-4b35-b72a-ed943aeb516c=8aa8hqp93hjj531ssq4cb6uvr4', 'Content-Length': '0', 'Authorization': '<<<SNIP>>>', 'content-type': 'application/json'}
Request body:
None
Response (if any):
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/delete\/0b37ad85-5f7d-4da8-b00f-1656581e730d"}
WARNING:root:Caught an error from MISP server. Re-trying the request 0.300000 seconds

Re-running the commands cleaned up the remaining Events that were not orginally disposed of:

/data/misp/venv/bin/python3 misp_import.py --clean_actors --clean_indicators --clean_reports
WARNING:root:Caught an error from MISP server. Re-trying the request 0.300000 seconds
INFO:root:Finished cleaning up a batch of Crowdstrike related events from MISP, 761 events deleted.

how to solve this??? 

def conn():
    t=[]
    falcon = intel.falcon
    j=intel.get_indicators ((int(time.time()-60*60*24*30)),False)
    #response3 = falcon.get_indicator_entities(body=[])
   # TABLE.convert_object(response3)
    return j

Adding custom headers to MISP requests

Hey,

Is there an option to add custom headers into all requests that goes to MISP?
I need it in order to bypass the WAF authentication on my MISP tenant.

Thanks :)

String data, right truncated: 1406 Data too long for column 'content'

When importing reports this error is raised by MISP (2.4.165)

2022-11-21 10:44:41 Error: [PDOException] SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'content' at row 1
Request URL: /events/add
Stack Trace:
#0 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(502): PDOStatement->execute()
#1 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(468): DboSource->_execute()
#2 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(1132): DboSource->execute()
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(1942): DboSource->create()
#4 /var/www/MISP/app/Lib/cakephp/lib/Cake/Model/Model.php(1760): Model->_doSave()
#5 /var/www/MISP/app/Model/EventReport.php(561): Model->save()
#6 /var/www/MISP/app/Model/EventReport.php(114): EventReport->saveAndReturnErrors()
#7 /var/www/MISP/app/Model/Event.php(3687): EventReport->captureReport()
#8 /var/www/MISP/app/Controller/EventsController.php(2214): Event->_add()
#9 [internal function]: EventsController->add()
#10 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs()
#11 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction()
#12 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke()
#13 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch()
#14 {main}

Please remove/obfuscate full API Keys in error/log messages

Full API Keys are exposed in error/log messages.

A standard best-practice is to include a few characters of the prefix and suffix of an API key. It is useful to know which key/user is related to a given action and/or failure. However disclosure of the keys requires diligence and potentially non-trivial efforts to ensure one isn't exposing credentials when posting to ticketing systems, public forums , etc.

[ BUG ] Invalid format string

I'm currently trying to run this project but I'm stumbling across some invalid format strings:

C:\Users*\Downloads\MISP-tools-main>python misp_import.py --all_indicators
ERROR:root:Invalid format string
Traceback (most recent call last):
File "C:\Users*\Downloads\MISP-tools-main\misp_import.py", line 188, in main
importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
File "C:\Users*\Downloads\MISP-tools-main\cs_misp_import\importer.py", line 121, in import_from_crowdstrike
self.indicators_importer.process_indicators(indicators_days_before, self.event_ids)
File "C:\Users*\Downloads\MISP-tools-main\cs_misp_import\indicators.py", line 80, in process_indicators
start_get_events = int((datetime.date.today() - datetime.timedelta(indicators_days_before)).strftime("%s"))
ValueError: Invalid format string
Invalid format string

I checked https://strftime.org/ and "%s" indeed seems to be an invalid format string.

Is 'all_indicators' option replaced by '--indicators'?

Hello,

In the older versions (cs-misp-importer-beta-release-4 etc) there used to be an option all_indicators, allowing you to import all indicators, regardless if they are related to a report or not.
I don't see that option in the latest version(s). Is this replaced with --indicators?

kind regards,

koen

'indicators_tags' are not being asserted on Indicator Events or Indicators

'indicators_tags' are not being asserted on Indicator Events or Indicators

; Standard local tags
; You can add additional tags here, and they will be appended to each event created
; Example: reports_tags = ${CrowdStrike:reports_unique_tag},My_Custom_Tag_1,My_Custom_Tag_2

indicators_tags = att:source="Crowdstrike.Indicators"

image

Attribute dropped due to validation for Event abc

Hello,

When running the import for indicators there are several error messages indicating that attributes are already present in an event. This was done on a "clean" MISP, no previous imports took place. It doesn't break the import progress, but it pollutes the logs and are API calls that aren't maybe necessary.

Validation errors: {
	"value": ["A similar attribute already exists for this event."]
}
Full Attribute: {
	"uuid": "ac0620e0-e914-443d-a136-48293fe5a6f4",
	"Tag": [{
		"name": "CrowdStrike:indicator:malicious-confidence: MEDIUM"
	}],
	"type": "domain",
	"value": "<redacted>",
	"category": "Network activity",
	"to_ids": true,
	"first_seen": "2022-11-15T12:56:03+01:00",
	"last_seen": "2022-11-15T16:37:28+01:00",
	"disable_correlation": false,
	"org": {
		"id": "2",
		"name": "Crowdstrike",
		"date_created": "2022-11-09 13:34:52",
		"date_modified": "2022-11-09 13:34:52",
		"type": "",
		"nationality": "United States",
		"sector": "IT",
		"contacts": "",
		"description": "Organisation created to pull data from Crowdstrike.",
		"local": true,
		"uuid": "9ce95cf3-8b6d-4c38-8b62-94c047366513",
		"created_by": "1",
		"user_count": "0",
		"created_by_email": "<redacted>"
	},
	"event_id": "403",
	"object_id": 0,
	"distribution": 5
}

Validation errors: {
	"value": ["A similar attribute already exists for this event."]
}
Full Attribute: {
	"uuid": "09f29be8-40a6-4616-a541-9b4aac385869",
	"Tag": [{
		"name": "CrowdStrike:indicator:adversary:branch: SPIDER"
	}, {
		"name": "CrowdStrike:adversary=\"Wizard Spider\""
	}, {
		"name": "CrowdStrike:indicator:threat: CRIMINAL"
	}, {
		"name": "CrowdStrike:indicator:threat: DOWNLOADER"
	}, {
		"name": "CrowdStrike:indicator:threat: RAT"
	}, {
		"name": "CrowdStrike:indicator:csd: csa-221199"
	}, {
		"name": "kill-chain:Actions on Objectives"
	}, {
		"name": "CrowdStrike:indicator:malicious-confidence: HIGH"
	}, {
		"name": "CrowdStrike:indicator:malware: ANCHORMAIL"
	}],
	"type": "domain",
	"value": "<redacted>",
	"category": "Network activity",
	"to_ids": true,
	"first_seen": "2022-11-14T15:55:43+01:00",
	"last_seen": "2022-11-15T18:02:34+01:00",
	"disable_correlation": false,
	"org": {
		"id": "2",
		"name": "Crowdstrike",
		"date_created": "2022-11-09 13:34:52",
		"date_modified": "2022-11-09 13:34:52",
		"type": "",
		"nationality": "United States",
		"sector": "IT",
		"contacts": "",
		"description": "Organisation created to pull data from Crowdstrike.",
		"local": true,
		"uuid": "9ce95cf3-8b6d-4c38-8b62-94c047366513",
		"created_by": "1",
		"user_count": "0",
		"created_by_email": "<redacted>"
	},
	"event_id": "403",
	"object_id": 0,
	"distribution": 5
}

Something similar happens for adding the TA, but this is more understandable.

Validation errors: {
	"value": ["A similar attribute already exists for this event."]
}
Full Attribute: {
	"uuid": "044f7b85-413d-4bd7-8184-8b8f5f324b94",
	"type": "threat-actor",
	"value": "Lotus Panda",
	"category": "Attribution",
	"to_ids": false,
	"disable_correlation": false,
	"event_id": "704",
	"object_id": 0,
	"distribution": 5
}

Breaking Issues: Various Actor Error Messages

Breaking Issues

I should highlight that these are breaking issues:

Adversary OCTANE PANDA missing field first_activity_date.
The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
WARNING  processor/thread_3   Adversary DEMON SPIDER missing field first_activity_date.
 WARNING  processor/thread_3   Adversary DEMON SPIDER missing field last_activity_date.

[2023-04-04 21:22:32,016] WARNING  processor/thread_3   Could not add or tag event ADV-203346 DEMON SPIDER (eCrime). Will retry in 0.3 seconds.
day is out of range for month: 0

[2023-04-04 21:22:32,425] WARNING  pymisp/thread_10     The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias

python3 misp_import.py --fullmonty -d -v
[2023-04-04 21:22:25,471] INFO misp_tools
[2023-04-04 21:22:25,471] INFO misp_tools '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2023-04-04 21:22:25,472] INFO misp_tools ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2023-04-04 21:22:25,472] INFO misp_tools ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2023-04-04 21:22:25,472] INFO misp_tools ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2023-04-04 21:22:25,472] INFO misp_tools ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2023-04-04 21:22:25,472] INFO misp_tools ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2023-04-04 21:22:25,472] INFO misp_tools ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2023-04-04 21:22:25,472] INFO misp_tools ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2023-04-04 21:22:25,472] INFO misp_tools _____
[2023-04-04 21:22:25,472] INFO misp_tools / '
[2023-04-04 21:22:25,472] INFO misp_tools ,-/-,__ __
[2023-04-04 21:22:25,472] INFO misp_tools (/ ()/ (_
[2023-04-04 21:22:25,472] INFO misp_tools _______ __ _______ __ __ __
[2023-04-04 21:22:25,472] INFO misp_tools | _ .----.-----.--.--.--.--| | _ | |.----|| |--.-----.
[2023-04-04 21:22:25,472] INFO misp_tools |. 1| | _ | | | | _ | 1__| | | | <| -|
[2023-04-04 21:22:25,472] INFO misp_tools |. ||| ||||___ ||| |||||
[2023-04-04 21:22:25,472] INFO misp_tools |: 1 | |: 1 |
[2023-04-04 21:22:25,472] INFO misp_tools |::.. . | |::.. . | Threat Intelligence v0.6.8
[2023-04-04 21:22:25,472] INFO misp_tools -------' -------'
[2023-04-04 21:22:25,472] INFO misp_tools
[2023-04-04 21:22:25,472] INFO config
[2023-04-04 21:22:25,472] INFO config _______ _ _ _______ _______ _ _ _______ _____ __ _ _______ _____ ______
[2023-04-04 21:22:25,472] INFO config | || |__ | |/ | | | | \ | |__ | | ____
[2023-04-04 21:22:25,472] INFO config |_____ | | |______ |_____ | _ |_____ || | _| | | ||
[2023-04-04 21:22:25,472] INFO config
[2023-04-04 21:22:25,473] DEBUG config client_id value redacted, check config file
[2023-04-04 21:22:25,473] DEBUG config client_secret value redacted, check config file
[2023-04-04 21:22:25,473] DEBUG config crowdstrike_url US1
[2023-04-04 21:22:25,473] DEBUG config api_request_max 5000
[2023-04-04 21:22:25,473] DEBUG config api_enable_ssl True
[2023-04-04 21:22:25,473] DEBUG config reports_timestamp_filename lastReportsUpdate.dat
[2023-04-04 21:22:25,473] DEBUG config indicators_timestamp_filename lastIndicatorsUpdate.dat
[2023-04-04 21:22:25,473] DEBUG config actors_timestamp_filename lastActorsUpdate.dat
[2023-04-04 21:22:25,473] DEBUG config init_reports_days_before 365
[2023-04-04 21:22:25,473] DEBUG config init_indicators_minutes_before 20220
[2023-04-04 21:22:25,473] DEBUG config init_actors_days_before 730
[2023-04-04 21:22:25,473] DEBUG config reports_unique_tag CrowdStrike: REPORT
[2023-04-04 21:22:25,473] DEBUG config indicators_unique_tag CrowdStrike: INDICATOR
[2023-04-04 21:22:25,473] DEBUG config actors_unique_tag CrowdStrike: ADVERSARY
[2023-04-04 21:22:25,474] DEBUG config reports_tags att:source="Crowdstrike.Report"
[2023-04-04 21:22:25,474] DEBUG config indicators_tags att:source="Crowdstrike.Indicators"
[2023-04-04 21:22:25,474] DEBUG config actors_tags att:source="Crowdstrike.Actors"
[2023-04-04 21:22:25,474] DEBUG config unknown_mapping CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-04-04 21:22:25,474] DEBUG config unattributed_title Unattributed indicators:
[2023-04-04 21:22:25,474] DEBUG config indicator_type_title Indicator Type:
[2023-04-04 21:22:25,474] DEBUG config malware_family_title Malware Family:
[2023-04-04 21:22:25,474] DEBUG config log_duplicates_as_sightings True
[2023-04-04 21:22:25,474] DEBUG config misp_url https://3samisp
[2023-04-04 21:22:25,474] DEBUG config misp_auth_key value redacted, check config file
[2023-04-04 21:22:25,474] DEBUG config crowdstrike_org_uuid ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-04-04 21:22:25,474] DEBUG config misp_enable_ssl False
[2023-04-04 21:22:25,474] WARNING config misp_enable_ssl SSL is disabled for MISP API requests
[2023-04-04 21:22:25,474] DEBUG config ind_attribute_batch_size 2500
[2023-04-04 21:22:25,474] DEBUG config event_save_memory_refresh_interval 180
[2023-04-04 21:22:25,474] DEBUG config max_threads 16
[2023-04-04 21:22:25,474] DEBUG config miss_track_file no_galaxy_mapping.log
[2023-04-04 21:22:25,474] DEBUG config galaxies_map_file galaxy.ini
[2023-04-04 21:22:25,474] DEBUG config tag_unknown_galaxy_maps True
[2023-04-04 21:22:25,474] DEBUG config taxonomic_kill-chain True
[2023-04-04 21:22:25,474] DEBUG config taxonomic_information-security-data-source True
[2023-04-04 21:22:25,474] DEBUG config taxonomic_type True
[2023-04-04 21:22:25,474] DEBUG config taxonomic_iep False
[2023-04-04 21:22:25,474] DEBUG config taxonomic_iep2 True
[2023-04-04 21:22:25,474] DEBUG config taxonomic_iep2_version False
[2023-04-04 21:22:25,474] DEBUG config taxonomic_tlp True
[2023-04-04 21:22:25,474] DEBUG config taxonomic_workflow True
[2023-04-04 21:22:26,401] INFO config No configuration errors found (1 warning)
[2023-04-04 21:22:26,401] INFO config
[2023-04-04 21:22:26,401] INFO config ____ _ _ ____ ____ _ _ ____ ___ ____ ____ ____ ____ ___
[2023-04-04 21:22:26,401] INFO config | || |_ | |/ [__ |] || [__ [__ |__ |
[2023-04-04 21:22:26,401] INFO config |___ | | |___ |___ | _ ] | | | ] ] | |/
[2023-04-04 21:22:26,401] INFO config
[2023-04-04 21:22:27,480] INFO processor/main
[2023-04-04 21:22:27,480] INFO processor/main _____ _______ _____ _____ ______ _______
[2023-04-04 21:22:27,480] INFO processor/main | | | | |] | | |/ |
[2023-04-04 21:22:27,480] INFO processor/main | | | | | |_| | _ |
[2023-04-04 21:22:27,480] INFO processor/main
[2023-04-04 21:22:27,480] INFO processor/main
[2023-04-04 21:22:27,480] INFO processor/main ____ ___ __ __ ___ ____ _____ ____ ____ ____ ___ _____
[2023-04-04 21:22:27,480] INFO processor/main / T| \ | T | / _]| \ / ___/ / T| \ l j / ]/ /
[2023-04-04 21:22:27,480] INFO processor/main Y o || \ | | | / [ | D )( _ Y o || D ) | T / [( _
[2023-04-04 21:22:27,480] INFO processor/main | || D Y| | |Y ]| / _ T| || / | | Y ]_ T
[2023-04-04 21:22:27,480] INFO processor/main | _ || |l : !| [ | \ / \ || _ || \ | | | [ / \ |
[2023-04-04 21:22:27,480] INFO processor/main | | || | \ / | T| . Y \ || | || . Y j l | T\ |
[2023-04-04 21:22:27,480] INFO processor/main l__j__jl_____j _/ l_____jl__j_j ___jl__j__jl__j_j|____jl_____j ___j
[2023-04-04 21:22:27,480] INFO processor/main
[2023-04-04 21:22:27,480] INFO processor/main Start importing CrowdStrike Adversaries as events into MISP (past 730 days).
[2023-04-04 21:22:27,480] INFO processor/main Retrieving all adversaries.
[2023-04-04 21:22:28,514] INFO processor/main Got 55 adversaries from the Crowdstrike Intel API.
[2023-04-04 21:22:29,832] WARNING processor/thread_0 Adversary OCTANE PANDA missing field first_activity_date.
[2023-04-04 21:22:29,858] DEBUG processor/thread_10 Created adversary event for SCATTERED SPIDER
[2023-04-04 21:22:29,862] DEBUG processor/thread_7 Created adversary event for OUTBREAK SPIDER
[2023-04-04 21:22:29,863] DEBUG processor/thread_11 Created adversary event for HOLIDAY SPIDER
[2023-04-04 21:22:29,865] DEBUG processor/thread_1 Created adversary event for FERAL SPIDER
[2023-04-04 21:22:29,873] DEBUG processor/thread_13 Created adversary event for SHINING SPIDER
[2023-04-04 21:22:29,874] DEBUG processor/thread_8 Created adversary event for HIDDEN SPIDER
[2023-04-04 21:22:29,881] DEBUG processor/thread_14 Created adversary event for CHRONO KITTEN
[2023-04-04 21:22:29,886] DEBUG processor/thread_15 Created adversary event for HAYWIRE KITTEN
[2023-04-04 21:22:29,888] DEBUG processor/thread_0 Created adversary event for OCTANE PANDA
[2023-04-04 21:22:29,890] DEBUG processor/thread_2 Created adversary event for SPECTRAL KITTEN
[2023-04-04 21:22:29,891] DEBUG processor/thread_3 Created adversary event for SHATTERED PANDA
[2023-04-04 21:22:29,893] DEBUG processor/thread_9 Created adversary event for SLIPPY SPIDER
[2023-04-04 21:22:29,896] DEBUG processor/thread_6 Created adversary event for COMPASS SPIDER
[2023-04-04 21:22:29,897] DEBUG processor/thread_12 Created adversary event for SAMBA SPIDER
[2023-04-04 21:22:29,902] DEBUG processor/thread_4 Created adversary event for CYBORG SPIDER
[2023-04-04 21:22:29,916] DEBUG processor/thread_5 Created adversary event for ALCHEMIST SPIDER
[2023-04-04 21:22:30,445] DEBUG processor/thread_10 Created adversary event for COSMIC WOLF
[2023-04-04 21:22:30,456] DEBUG processor/thread_12 Created adversary event for PARTISAN JACKAL
[2023-04-04 21:22:30,476] DEBUG processor/thread_11 Created adversary event for LILY SPIDER
[2023-04-04 21:22:30,489] DEBUG processor/thread_1 Created adversary event for VAPOR PANDA
[2023-04-04 21:22:30,499] DEBUG processor/thread_7 Created adversary event for EMBER BEAR
[2023-04-04 21:22:30,506] DEBUG processor/thread_13 Created adversary event for CHARIOT SPIDER
[2023-04-04 21:22:30,526] DEBUG processor/thread_8 Created adversary event for WANDERING SPIDER
[2023-04-04 21:22:30,766] DEBUG processor/thread_6 Created adversary event for VICE SPIDER
[2023-04-04 21:22:30,869] DEBUG processor/thread_9 Created adversary event for ALPHA SPIDER
[2023-04-04 21:22:30,879] DEBUG processor/thread_5 Created adversary event for RECESS SPIDER
[2023-04-04 21:22:30,894] DEBUG processor/thread_11 Created adversary event for HIVE SPIDER
[2023-04-04 21:22:30,920] DEBUG processor/thread_4 Created adversary event for DEADEYE HAWK
[2023-04-04 21:22:31,122] DEBUG processor/thread_15 Created adversary event for GALACTIC OCELOT
[2023-04-04 21:22:31,161] DEBUG processor/thread_13 Created adversary event for VERTIGO PANDA
[2023-04-04 21:22:31,208] DEBUG processor/thread_6 Created adversary event for BLIND SPIDER
[2023-04-04 21:22:31,222] WARNING pymisp/thread_8 The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
[2023-04-04 21:22:31,223] DEBUG processor/thread_8 Created adversary event for VENGEFUL KITTEN
[2023-04-04 21:22:31,253] DEBUG processor/thread_3 Created adversary event for CHAOTIC SPIDER
[2023-04-04 21:22:31,324] DEBUG processor/thread_0 Created adversary event for AQUATIC PANDA
[2023-04-04 21:22:31,429] DEBUG processor/thread_5 Created adversary event for BRAIN SPIDER
[2023-04-04 21:22:31,467] DEBUG processor/thread_9 Created adversary event for AVIATOR SPIDER
[2023-04-04 21:22:31,535] DEBUG processor/thread_11 Created adversary event for FRINGE LEOPARD
[2023-04-04 21:22:31,549] DEBUG processor/thread_12 Created adversary event for HAZY TIGER
[2023-04-04 21:22:31,616] DEBUG processor/thread_14 Created adversary event for MIRAGE TIGER
[2023-04-04 21:22:31,728] DEBUG processor/thread_6 Created adversary event for VETO SPIDER
[2023-04-04 21:22:31,761] WARNING processor/thread_3 Adversary DEMON SPIDER missing field first_activity_date.
[2023-04-04 21:22:31,761] WARNING processor/thread_3 Adversary DEMON SPIDER missing field last_activity_date.
[2023-04-04 21:22:31,762] DEBUG processor/thread_3 Created adversary event for DEMON SPIDER
[2023-04-04 21:22:31,856] DEBUG processor/thread_5 Created adversary event for BANISHED KITTEN
[2023-04-04 21:22:31,994] DEBUG processor/thread_2 Created adversary event for ROYAL SPIDER
[2023-04-04 21:22:32,011] DEBUG processor/thread_9 Created adversary event for BITWISE SPIDER
[2023-04-04 21:22:32,016] WARNING processor/thread_3 Could not add or tag event ADV-203346 DEMON SPIDER (eCrime). Will retry in 0.3 seconds.
day is out of range for month: 0
[2023-04-04 21:22:32,120] DEBUG processor/thread_7 Created adversary event for GOSSAMER BEAR
[2023-04-04 21:22:32,152] DEBUG processor/thread_6 Created adversary event for REGAL JACKAL
[2023-04-04 21:22:32,173] WARNING processor/thread_1 Adversary INTREPID JACKAL missing field first_activity_date.
[2023-04-04 21:22:32,173] WARNING processor/thread_1 Adversary INTREPID JACKAL missing field last_activity_date.
[2023-04-04 21:22:32,174] DEBUG processor/thread_1 Created adversary event for INTREPID JACKAL
[2023-04-04 21:22:32,389] DEBUG processor/thread_2 Created adversary event for OUTRIDER TIGER
[2023-04-04 21:22:32,417] WARNING processor/thread_10 Adversary VAMPIRE SPIDER missing field last_activity_date.
[2023-04-04 21:22:32,425] WARNING pymisp/thread_10 The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
[2023-04-04 21:22:32,424] DEBUG processor/thread_3 Created adversary event for NEMESIS KITTEN
[2023-04-04 21:22:32,426] DEBUG processor/thread_10 Created adversary event for VAMPIRE SPIDER
[2023-04-04 21:22:32,431] DEBUG processor/thread_4 Created adversary event for ETHEREAL PANDA
[2023-04-04 21:22:32,607] DEBUG processor/thread_13 Created adversary event for QUANTUM SPIDER
[2023-04-04 21:22:32,657] DEBUG processor/thread_8 Created adversary event for SUNRISE PANDA
[2023-04-04 21:22:32,693] DEBUG processor/thread_9 Created adversary event for HERMIT SPIDER
[2023-04-04 21:22:32,867] DEBUG processor/thread_10 Created adversary event for JACKPOT PANDA
[2023-04-04 21:22:33,724] WARNING processor/thread_1 Could not add or tag event ADV-137920 INTREPID JACKAL (Hacktivist). Will retry in 0.3 seconds.
day is out of range for month: 0
[2023-04-04 21:22:34,424] INFO processor/main Completed import of 55 CrowdStrike adversaries into MISP.
[2023-04-04 21:22:34,424] INFO processor/main Finished importing CrowdStrike Adversaries as events into MISP.
[2023-04-04 21:22:34,425] INFO processor/main Completed import of adversaries into MISP in 6.95 seconds
[2023-04-04 21:22:34,426] INFO processor/main
[2023-04-04 21:22:34,426] INFO processor/main ____ ___ ____ ___ ____ ______ _____
[2023-04-04 21:22:34,426] INFO processor/main | \ / _]| \ / \ | | T/ /
[2023-04-04 21:22:34,426] INFO processor/main | D ) / [ | o )Y Y| D ) ( _
[2023-04-04 21:22:34,426] INFO processor/main | / Y ]| / | O || /l_j l_j_ T
[2023-04-04 21:22:34,426] INFO processor/main | \ | [ | | | || \ | | / \ |
[2023-04-04 21:22:34,426] INFO processor/main | . Y| T| | l !| . Y | | \ |
[2023-04-04 21:22:34,426] INFO processor/main l__j_jl_____jl__j _/ l__j_j l__j ___j
[2023-04-04 21:22:34,426] INFO processor/main
[2023-04-04 21:22:34,426] INFO processor/main Starting import of CrowdStrike Threat Intelligence reports as events (past 365 days).
[2023-04-04 21:22:34,426] INFO processor/main Retrieving all available report types.

220811 Version - Fails with TypeError: unsupported operand type(s) for +=: 'int' and 'NoneType'

python3 misp_import.py --reports --actors


[[2022-08-12 16:23:12,268] (INFO) 
<SNIP>
[2022-08-12 16:23:32,454] (INFO) 
 ______  _______  ______ _____ __   _      _____ _______  _____   _____   ______ _______
 |_____] |______ |  ____   |   | \  |        |   |  |  | |_____] |     | |_____/    |
 |_____] |______ |_____| __|__ |  \_|      __|__ |  |  | |       |_____| |    \_    |

[2022-08-12 16:23:32,454] (INFO) 


[2022-08-12 16:23:32,454] (INFO) Started getting adversaries from Crowdstrike Intel API and pushing them as events in MISP.
[2022-08-12 16:24:12,502] (ERROR) unsupported operand type(s) for +=: 'int' and 'NoneType'
Traceback (most recent call last):
  File "misp_import.py", line 213, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/220812/MISP-tools-main/cs_misp_import/importer.py", line 143, in import_from_crowdstrike
    self.actors_importer.process_actors(actors_days_before, self.event_ids)
  File "/home/rx118r/src/crowdstrike/220812/MISP-tools-main/cs_misp_import/actors.py", line 114, in process_actors
    actors = self.intel_api_client.get_actors(start_get_events)
  File "/home/rx118r/src/crowdstrike/220812/MISP-tools-main/cs_misp_import/intel_client.py", line 119, in get_actors
    offset += resp_json.get('meta', {}).get('pagination', {}).get('limit')
TypeError: unsupported operand type(s) for +=: 'int' and 'NoneType'
unsupported operand type(s) for +=: 'int' and 'NoneType'
](url)

New Category - Malware Families(?)

We appear to have a new New Category: Malware Families.

We should make Malware Families a 1st Class Citizen with it's own "Tag" and ingestion/deletion command line parameters

i.e. add it to "Actors", "Reports", and "Indicators" as a top level category.

--clean_xxx does not remove any Events (Reports, Actors, Indicators)

Function --clean_reports does not remove any reports

(1) Loaded 1,000 of Reports
(2) Executed --clean_reports
(3) No Reports deleted.

(venv) [rx118r@md2nj01di:~/src/crowdstrike/220812/MISP-tools-main]$ python3 misp_import.py --reports

[2022-08-13 16:06:28,448] (INFO) 
'##::::'##:'####::'######::'########:::::'####:'##::::'##:'########:::'#######::'########::'########:
 ###::'###:. ##::'##... ##: ##.... ##::::. ##:: ###::'###: ##.... ##:'##.... ##: ##.... ##:... ##..::
 ####'####:: ##:: ##:::..:: ##:::: ##::::: ##:: ####'####: ##:::: ##: ##:::: ##: ##:::: ##:::: ##::::
 ## ### ##:: ##::. ######:: ########:::::: ##:: ## ### ##: ########:: ##:::: ##: ########::::: ##::::
 ##. #: ##:: ##:::..... ##: ##.....::::::: ##:: ##. #: ##: ##.....::: ##:::: ##: ##.. ##:::::: ##::::
 ##:.:: ##:: ##::'##::: ##: ##:::::::::::: ##:: ##:.:: ##: ##:::::::: ##:::: ##: ##::. ##::::: ##::::
 ##:::: ##:'####:. ######:: ##:::::::::::'####: ##:::: ##: ##::::::::. #######:: ##:::. ##:::: ##::::
..:::::..::....:::......:::..::::::::::::....::..:::::..::..::::::::::.......:::..:::::..:::::..:::::
                      _____
                       /  '
                    ,-/-,__ __
                   (_/  (_)/ (_
                               _______                        __ _______ __        __ __
                              |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
                              |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
                              |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
                              |:  1   |                         |:  1   |
                              |::.. . |                         |::.. . |    Threat Intelligence
                              `-------'                         `-------'

[2022-08-13 16:06:29,202] (INFO) 
 ______  _______  ______ _____ __   _      _____ _______  _____   _____   ______ _______
 |_____] |______ |  ____   |   | \  |        |   |  |  | |_____] |     | |_____/    |
 |_____] |______ |_____| __|__ |  \_|      __|__ |  |  | |       |_____| |    \_    |

[2022-08-13 16:06:29,202] (INFO) 
 ____     ___  ____    ___   ____  ______  _____
|    \   /  _]|    \  /   \ |    \|      T/ ___/
|  D  ) /  [_ |  o  )Y     Y|  D  )      (   \_
|    / Y    _]|   _/ |  O  ||    /l_j  l_j\__  T
|    \ |   [_ |  |   |     ||    \  |  |  /  \ |
|  .  Y|     T|  |   l     !|  .  Y |  |  \    |
l__j\_jl_____jl__j    \___/ l__j\_j l__j   \___j

[2022-08-13 16:06:29,202] (INFO) Start getting reports from Crowdstrike Intel API and pushing them as events in MISP (past 365 days).
[2022-08-13 16:07:19,070] (INFO) Got 10728 reports from the Crowdstrike Intel API.
[2022-08-13 16:08:51,412] (INFO) Retrieved extended report details for 9884 reports
[2022-08-13 16:09:22,620] (INFO) 99355 related indicators found
[2022-08-13 16:09:22,906] (INFO) CSIT-20205 RedLine Stealer, Bond Loader, and the Author "REDGlade" report created.
[2022-08-13 16:09:23,021] (INFO) CSA-17098 Emotet Banking Trojan Distribution Continues Via Delivery Notification Spam report created.
[2022-08-13 16:09:23,038] (INFO) CSA-210621 Russian Actors Advertise Big Game Hunting Ransomware on African eCrime Channels; Claims of REvil Partnership Likely False report created.
[2022-08-13 16:09:23,060] (INFO) CSA-16357 Bitcoin Investments and Price Volatility Highlight China's Growing Influence on Top Cryptocurrency report created.
[2022-08-13 16:09:23,061] (INFO) CSA-16407 New Version of Petya Ransomware Available with Dual-layer Access Prevention Included; U.S. and European Countries Likely to be Targeted report created.
[2022-08-13 16:09:23,175] (INFO) CSWR-16010 GTAC Weekly Wrap-Up: Week of 3/12/16 report created.
[2022-08-13 16:09:23,231] (INFO) CSWR-16021 GTAC Weekly Wrap-Up: Week of 5/28/16 report created.
[2022-08-13 16:09:23,394] (INFO) CSA-16349 United Cyber Caliphate Publishes Database of Saudi Citizens Indicating the Group Remains Active Despite Recent Arrests report created.
[2022-08-13 16:09:23,556] (INFO) CSA-16342 Malicious Operation Demonstrates Sophisticated Knowledge of Cloud Storage Environment; Suspected Ties to FANCY BEAR report created.
[2022-08-13 16:09:23,594] (INFO) CSIT-17127 XDATA Ransomware Deployed Via M.E.Doc Update Mechanism report created.
[2022-08-13 16:09:23,616] (INFO) CSA-16348 Asian Football Confederation Website Defaced by Iranian Actor; Probable Links to Iranian Revolutionary Posturing report created.
[2022-08-13 16:09:23,769] (INFO) CSA-16344 Member Seeks Distribution Partners for Russian-Sourced Ransomware on Brazilian Underground eCrime Forum report created.
[2022-08-13 16:09:23,786] (INFO) CSA-16360 Quant Loader Hits Underground Forums; Increases Competition in Loader Market report created.

<SNIP>

(venv) [rx118r@md2nj01di:~/src/crowdstrike/220812/MISP-tools-main]$ python3 misp_import.py --clean_reports


[2022-08-13 16:14:39,658] (INFO) 
'##::::'##:'####::'######::'########:::::'####:'##::::'##:'########:::'#######::'########::'########:
 ###::'###:. ##::'##... ##: ##.... ##::::. ##:: ###::'###: ##.... ##:'##.... ##: ##.... ##:... ##..::
 ####'####:: ##:: ##:::..:: ##:::: ##::::: ##:: ####'####: ##:::: ##: ##:::: ##: ##:::: ##:::: ##::::
 ## ### ##:: ##::. ######:: ########:::::: ##:: ## ### ##: ########:: ##:::: ##: ########::::: ##::::
 ##. #: ##:: ##:::..... ##: ##.....::::::: ##:: ##. #: ##: ##.....::: ##:::: ##: ##.. ##:::::: ##::::
 ##:.:: ##:: ##::'##::: ##: ##:::::::::::: ##:: ##:.:: ##: ##:::::::: ##:::: ##: ##::. ##::::: ##::::
 ##:::: ##:'####:. ######:: ##:::::::::::'####: ##:::: ##: ##::::::::. #######:: ##:::. ##:::: ##::::
..:::::..::....:::......:::..::::::::::::....::..:::::..::..::::::::::.......:::..:::::..:::::..:::::
                      _____
                       /  '
                    ,-/-,__ __
                   (_/  (_)/ (_
                               _______                        __ _______ __        __ __
                              |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
                              |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
                              |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
                              |:  1   |                         |:  1   |
                              |::.. . |                         |::.. . |    Threat Intelligence
                              `-------'                         `-------'

[2022-08-13 16:14:40,599] (INFO) 
 ______  _______  ______ _____ __   _      ______  _______        _______ _______ _______
 |_____] |______ |  ____   |   | \  |      |     \ |______ |      |______    |    |______
 |_____] |______ |_____| __|__ |  \_|      |_____/ |______ |_____ |______    |    |______

[2022-08-13 16:14:40,600] (INFO) Start clean up CrowdStrike related events from MISP.
[2022-08-13 16:14:40,632] (INFO) Finished cleaning up CrowdStrike related events from MISP, 0 events deleted.
[2022-08-13 16:14:40,632] (INFO) 
 _______ _____ __   _ _____ _______ _     _ _______ ______
 |______   |   | \  |   |   |______ |_____| |______ |     \
 |       __|__ |  \_| __|__ ______| |     | |______ |_____/

Please disable Correlations on Highly Duplicative Values

Some values are very general and highly duplicative and should have Correlation enable. For Example "Country: China".
image

  • Disable unnecessary adversary attribute correlations
  • Disable unnecessary report attribute correlations
  • Disable unnecessary indicator event attribute correlations

Add POST handler

Editing parameters within the configuration file can be confusing for new users. Validate the contents of the configuration file and report any warnings or errors to the user as part of the start up process. Align the log output format to match.

Indicator Type Reports Have No Attributes

image

[2023-01-06 21:38:02,557] INFO processor/main
[2023-01-06 21:38:02,557] INFO processor/main Retrieving lookup data for import of CrowdStrike indicators into MISP.
[2023-01-06 21:38:02,595] INFO processor/main Retrieved 24 CrowdStrike indicator type events from MISP.
[2023-01-06 21:38:02,638] INFO processor/main Retrieved 0 CrowdStrike indicator malware family events from MISP.
[2023-01-06 21:38:02,741] INFO processor/thread_8 Retrieved 233 bitcoin_address indicators from MISP.
[2023-01-06 21:38:02,742] INFO processor/thread_9 Retrieved 11 coin_address indicators from MISP.
[2023-01-06 21:38:02,789] INFO processor/thread_12 Retrieved 483 registry indicators from MISP.
[2023-01-06 21:38:02,791] INFO processor/thread_9 Retrieved 28 service_name indicators from MISP.
[2023-01-06 21:38:02,803] INFO processor/thread_13 Retrieved 50 device_name indicators from MISP.
[2023-01-06 21:38:02,922] INFO processor/thread_3 Retrieved 1,602 hash_imphash indicators from MISP.
[2023-01-06 21:38:02,973] INFO processor/thread_15 Retrieved 37 campaign_id indicators from MISP.
[2023-01-06 21:38:03,007] INFO processor/thread_9 Retrieved 125 port indicators from MISP.
[2023-01-06 21:38:03,112] INFO processor/thread_12 Retrieved 447 user_agent indicators from MISP.
[2023-01-06 21:38:03,184] INFO processor/thread_7 Retrieved 3,920 mutex_name indicators from MISP.
[2023-01-06 21:38:12,700] INFO processor/thread_10 Retrieved 4,607 email_address indicators from MISP.
[2023-01-06 21:38:17,191] INFO processor/thread_11 Retrieved 24,967 email_subject indicators from MISP.
[2023-01-06 21:38:19,406] INFO processor/thread_2 Retrieved 126,802 hash_sha1 indicators from MISP.
[2023-01-06 21:38:25,958] INFO processor/thread_5 Retrieved 192,728 file_path indicators from MISP.
[2023-01-06 21:38:26,222] INFO processor/thread_4 Retrieved 192,728 file_name indicators from MISP.
[2023-01-06 21:38:34,301] INFO processor/thread_1 Retrieved 272,552 hash_sha256 indicators from MISP.
[2023-01-06 21:39:14,950] INFO processor/thread_0 Retrieved 742,424 hash_md5 indicators from MISP.
[2023-01-06 21:39:43,850] INFO processor/thread_14 Retrieved 1,534,147 domain indicators from MISP.
[2023-01-06 21:42:25,674] INFO processor/thread_8 Retrieved 3,754,983 ip_address indicators from MISP.

TypeError: 'NoneType' object is not subscriptable

TypeError: 'NoneType' object is not subscriptable

line 334, in add_actor_detail

$ python3 misp_import.py --all -d

[2023-02-12 19:53:28,194] INFO     misp_tools    
[2023-02-12 19:53:28,194] INFO     misp_tools    '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2023-02-12 19:53:28,194] INFO     misp_tools     ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2023-02-12 19:53:28,194] INFO     misp_tools     ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2023-02-12 19:53:28,194] INFO     misp_tools     ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2023-02-12 19:53:28,195] INFO     misp_tools     ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2023-02-12 19:53:28,195] INFO     misp_tools     ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2023-02-12 19:53:28,195] INFO     misp_tools     ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2023-02-12 19:53:28,195] INFO     misp_tools    ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2023-02-12 19:53:28,195] INFO     misp_tools               _____
[2023-02-12 19:53:28,195] INFO     misp_tools                /  '
[2023-02-12 19:53:28,195] INFO     misp_tools             ,-/-,__ __
[2023-02-12 19:53:28,195] INFO     misp_tools            (_/  (_)/ (_
[2023-02-12 19:53:28,195] INFO     misp_tools                         _______                        __ _______ __        __ __
[2023-02-12 19:53:28,195] INFO     misp_tools                        |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
[2023-02-12 19:53:28,195] INFO     misp_tools                        |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
[2023-02-12 19:53:28,195] INFO     misp_tools                        |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
[2023-02-12 19:53:28,195] INFO     misp_tools                        |:  1   |                         |:  1   |
[2023-02-12 19:53:28,195] INFO     misp_tools                        |::.. . |                         |::.. . |  Threat Intelligence v0.6.6
[2023-02-12 19:53:28,195] INFO     misp_tools                        `-------'                         `-------'
[2023-02-12 19:53:28,195] INFO     misp_tools    
[2023-02-12 19:53:28,195] INFO     config  
[2023-02-12 19:53:28,195] INFO     config  _______ _     _ _______ _______ _     _      _______  _____  __   _ _______ _____  ______
[2023-02-12 19:53:28,195] INFO     config  |       |_____| |______ |       |____/       |       |     | | \  | |______   |   |  ____
[2023-02-12 19:53:28,195] INFO     config  |_____  |     | |______ |_____  |    \_      |_____  |_____| |  \_| |       __|__ |_____|
[2023-02-12 19:53:28,195] INFO     config  
[2023-02-12 19:53:28,196] DEBUG    config  client_id                                   value redacted, check config file
[2023-02-12 19:53:28,196] DEBUG    config  client_secret                               value redacted, check config file
[2023-02-12 19:53:28,196] DEBUG    config  crowdstrike_url                             US1
[2023-02-12 19:53:28,196] DEBUG    config  api_request_max                             5000
[2023-02-12 19:53:28,196] DEBUG    config  api_enable_ssl                              True
[2023-02-12 19:53:28,196] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-02-12 19:53:28,197] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-02-12 19:53:28,197] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-02-12 19:53:28,197] DEBUG    config  init_reports_days_before                    365
[2023-02-12 19:53:28,197] DEBUG    config  init_indicators_minutes_before              20220
[2023-02-12 19:53:28,197] DEBUG    config  init_actors_days_before                     365
[2023-02-12 19:53:28,197] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-02-12 19:53:28,197] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-02-12 19:53:28,197] DEBUG    config  actors_unique_tag                           CrowdStrike: ADVERSARY
[2023-02-12 19:53:28,197] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-02-12 19:53:28,197] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-02-12 19:53:28,197] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-02-12 19:53:28,197] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-02-12 19:53:28,197] DEBUG    config  unattributed_title                          Unattributed indicators:
[2023-02-12 19:53:28,197] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-02-12 19:53:28,197] DEBUG    config  malware_family_title                        Malware Family:
[2023-02-12 19:53:28,197] DEBUG    config  log_duplicates_as_sightings                 True
[2023-02-12 19:53:28,197] DEBUG    config  misp_url                                    https://3samisp
[2023-02-12 19:53:28,197] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-02-12 19:53:28,197] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-02-12 19:53:28,197] DEBUG    config  misp_enable_ssl                             False
[2023-02-12 19:53:28,197] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-02-12 19:53:28,197] DEBUG    config  ind_attribute_batch_size                    2500
[2023-02-12 19:53:28,197] DEBUG    config  event_save_memory_refresh_interval          180
[2023-02-12 19:53:28,197] DEBUG    config  max_threads                                 16
[2023-02-12 19:53:28,197] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-02-12 19:53:28,197] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-02-12 19:53:28,198] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_kill-chain                        True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_information-security-data-source  True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_type                              True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_iep                               False
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_iep2                              True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_iep2_version                      False
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_tlp                               True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_workflow                          True
[2023-02-12 19:53:28,899] INFO     config  No configuration errors found (1 warning)
[2023-02-12 19:53:28,899] INFO     config  
[2023-02-12 19:53:28,899] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-02-12 19:53:28,899] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-02-12 19:53:28,899] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-02-12 19:53:28,899] INFO     config  
[2023-02-12 19:53:30,352] INFO     processor/main       
[2023-02-12 19:53:30,352] INFO     processor/main       _____ _______  _____   _____   ______ _______
[2023-02-12 19:53:30,352] INFO     processor/main         |   |  |  | |_____] |     | |_____/    |
[2023-02-12 19:53:30,352] INFO     processor/main       __|__ |  |  | |       |_____| |    \_    |
[2023-02-12 19:53:30,352] INFO     processor/main       
[2023-02-12 19:53:30,352] INFO     processor/main       
[2023-02-12 19:53:30,352] INFO     processor/main         ____  ___    __ __    ___  ____    _____  ____  ____   ____    ___  _____
[2023-02-12 19:53:30,352] INFO     processor/main        /    T|   \  |  T  |  /  _]|    \  / ___/ /    T|    \ l    j  /  _]/ ___/
[2023-02-12 19:53:30,352] INFO     processor/main       Y  o  ||    \ |  |  | /  [_ |  D  )(   \_ Y  o  ||  D  ) |  T  /  [_(   \_
[2023-02-12 19:53:30,352] INFO     processor/main       |     ||  D  Y|  |  |Y    _]|    /  \__  T|     ||    /  |  | Y    _]\__  T
[2023-02-12 19:53:30,353] INFO     processor/main       |  _  ||     |l  :  !|   [_ |    \  /  \ ||  _  ||    \  |  | |   [_ /  \ |
[2023-02-12 19:53:30,353] INFO     processor/main       |  |  ||     | \   / |     T|  .  Y \    ||  |  ||  .  Y j  l |     T\    |
[2023-02-12 19:53:30,353] INFO     processor/main       l__j__jl_____j  \_/  l_____jl__j\_j  \___jl__j__jl__j\_j|____jl_____j \___j
[2023-02-12 19:53:30,353] INFO     processor/main       
[2023-02-12 19:53:30,353] INFO     processor/main       Start importing CrowdStrike Adversaries as events into MISP (past 365 days).
[2023-02-12 19:53:30,353] INFO     processor/main       Retrieving all adversaries.
[2023-02-12 19:53:31,116] INFO     processor/main       Got 3 adversaries from the Crowdstrike Intel API.
[2023-02-12 19:53:32,152] DEBUG    processor/thread_0   Created adversary event for WANDERING SPIDER
[2023-02-12 19:53:32,155] DEBUG    processor/thread_1   Created adversary event for VETO SPIDER
[2023-02-12 19:53:32,160] DEBUG    processor/thread_2   Created adversary event for ROYAL SPIDER
[2023-02-12 19:53:33,146] INFO     processor/main       Completed import of 3 CrowdStrike adversaries into MISP.
[2023-02-12 19:53:33,146] INFO     processor/main       Finished importing CrowdStrike Adversaries as events into MISP.
[2023-02-12 19:53:33,146] INFO     processor/main       Completed import of adversaries into MISP in 2.79 seconds
[2023-02-12 19:53:33,146] INFO     processor/main       
[2023-02-12 19:53:33,146] INFO     processor/main        ____     ___  ____    ___   ____  ______  _____
[2023-02-12 19:53:33,146] INFO     processor/main       |    \   /  _]|    \  /   \ |    \|      T/ ___/
[2023-02-12 19:53:33,146] INFO     processor/main       |  D  ) /  [_ |  o  )Y     Y|  D  )      (   \_
[2023-02-12 19:53:33,146] INFO     processor/main       |    / Y    _]|   _/ |  O  ||    /l_j  l_j\__  T
[2023-02-12 19:53:33,146] INFO     processor/main       |    \ |   [_ |  |   |     ||    \  |  |  /  \ |
[2023-02-12 19:53:33,146] INFO     processor/main       |  .  Y|     T|  |   l     !|  .  Y |  |  \    |
[2023-02-12 19:53:33,146] INFO     processor/main       l__j\_jl_____jl__j    \___/ l__j\_j l__j   \___j
[2023-02-12 19:53:33,146] INFO     processor/main       
[2023-02-12 19:53:33,147] INFO     processor/main       Starting import of CrowdStrike Threat Intelligence reports as events (past 365 days).
[2023-02-12 19:53:33,147] INFO     processor/main       Retrieving all available report types.
[2023-02-12 19:53:47,524] INFO     processor/main       Retrieved 182 total reports from the Crowdstrike Intel API.
[2023-02-12 19:53:47,524] INFO     processor/main       Found 2092 pre-existing CrowdStrike reports within the MISP instance.
[2023-02-12 19:53:59,160] INFO     processor/main       Retrieved extended report details for 167 reports.
[2023-02-12 19:54:08,444] INFO     processor/main       2421 related indicators found.
[2023-02-12 19:54:08,446] DEBUG    processor/thread_1   Retrieved 9 indicators detailed within report CSIT-23013
[2023-02-12 19:54:08,458] DEBUG    processor/thread_8   Retrieved 2 indicators detailed within report CSA-230071
[2023-02-12 19:54:08,494] DEBUG    processor/thread_9   Retrieved 20 indicators detailed within report CSA-230093
[2023-02-12 19:54:08,524] DEBUG    processor/thread_10  Retrieved 13 indicators detailed within report CSA-230100
[2023-02-12 19:54:08,690] DEBUG    processor/thread_4   CSA-230090 Pro-Russia Hacktivists Conduct DDoS Attacks Against Estonia and European Defense Company in Retaliation for Ukraine Aid report created.
[2023-02-12 19:54:08,693] DEBUG    processor/thread_6   CSA-230097 North African Hacktivism: November and December 2022 Activity Update report created.
[2023-02-12 19:54:08,696] DEBUG    processor/thread_2   CSA-230056 Founder of Bitzlato Cryptocurrency Exchange Arrested; Charged by DOJ with Unlicensed Money Transmitting report created.
[2023-02-12 19:54:08,701] DEBUG    processor/thread_2   Retrieved 21 indicators detailed within report CSA-230089
[2023-02-12 19:54:08,705] DEBUG    processor/thread_8   CSA-230071 Actor Exploits CVE-2021-40438 to Obtain Cloud Credentials; Steals S3 Data, Requests Ransom, then Leaks Data report created.
[2023-02-12 19:54:08,720] DEBUG    processor/thread_8   Retrieved 49 indicators detailed within report CSA-230098
[2023-02-12 19:54:08,745] DEBUG    processor/thread_14  CSA-230105 Pro-Russia Hacktivists Claim DDoS of Czechia-Based Software Company report created.
[2023-02-12 19:54:08,754] DEBUG    processor/thread_7   CSDR-23014 CrowdStrike Intelligence Daily Report Day of 24 January 2023 report created.
[2023-02-12 19:54:08,761] DEBUG    processor/thread_1   CSIT-23013 Malware Analysis of Ducktail Stealer report created.
[2023-02-12 19:54:08,767] DEBUG    processor/thread_12  CSA-230106 Pro-Russia Hacktivists Announce New Campaign Against Germany Over Military Support for Ukraine report created.
[2023-02-12 19:54:08,852] DEBUG    processor/thread_10  CSA-230100 New Updates Identified in Rekram Downloader: Configuration Format and Payload Obfuscation report created.
[2023-02-12 19:54:08,867] DEBUG    processor/thread_13  CSA-230103 Pro-Turkey Hacktivist Activity Targets Swedish Entities After Quran Burned at Protest report created.
[2023-02-12 19:54:08,868] DEBUG    processor/thread_13  Retrieved 22 indicators detailed within report CSA-230107
[2023-02-12 19:54:08,897] DEBUG    processor/thread_9   CSA-230093 Russia Announces Investments in Arctic Digital Infrastructure report created.
[2023-02-12 19:54:08,985] DEBUG    processor/thread_2   CSA-230089 Industry Reporting Details FortiOS CVE-2022-49475 Exploitation By Likely China-Nexus Actor report created.
[2023-02-12 19:54:09,062] DEBUG    processor/thread_8   CSA-230098 Ducktail Stealer Updates Email List Used for Facebook Business Account Takeover report created.
[2023-02-12 19:54:09,169] DEBUG    processor/thread_13  CSA-230107 โ€œX-Cryptsโ€ Crypting Service Advertised on eCrime Forums, Several Samples Observed in Wild report created.
[2023-02-12 19:54:09,170] DEBUG    processor/thread_13  Retrieved 20 indicators detailed within report CSA-230096
[2023-02-12 19:54:09,196] DEBUG    processor/thread_8   CSA-230085 Actor Uses Likely Webserver Exploit to Achieve Access to Cloud Machine; Steals Cloud Credentials report created.
[2023-02-12 19:54:09,279] DEBUG    processor/thread_0   CSDR-23013 CrowdStrike Intelligence Daily Report Day of 23 January 2023 report created.
[2023-02-12 19:54:09,365] DEBUG    processor/thread_13  CSA-230096 Fake Installer Distributed via SEO Poisoning Delivers Python-Based Information Stealer report created.
[2023-02-12 19:54:09,462] DEBUG    processor/thread_13  CSA-230123 Pro-Russia Hacktivist Group Threatens Likely Bomb Hoax Campaign Against Baltic States report created.
[2023-02-12 19:54:09,625] DEBUG    processor/thread_1   Retrieved 45 indicators detailed within report CSA-230104
[2023-02-12 19:54:09,662] DEBUG    processor/thread_15  CSDR-23015 CrowdStrike Intelligence Daily Report Day of 25 January 2023 report created.
[2023-02-12 19:54:09,666] DEBUG    processor/thread_6   CSA-230109 SCATTERED SPIDER Presents First Extortion Demand report created.
[2023-02-12 19:54:09,668] DEBUG    processor/thread_6   Retrieved 6 indicators detailed within report CSA-230099
[2023-02-12 19:54:09,685] DEBUG    processor/thread_7   CSA-230116 Law Enforcement Seizes HIVE SPIDERโ€™s Dedicated Leak Site and Victim Negotiation Portal report created.
[2023-02-12 19:54:09,774] DEBUG    processor/thread_3   Retrieved 3 indicators detailed within report CSIT-23008
[2023-02-12 19:54:09,793] DEBUG    processor/thread_7   CSA-230110 Intelligence Recon Report: Week of 23 January 2023 report created.
[2023-02-12 19:54:09,826] DEBUG    processor/thread_12  Retrieved 16 indicators detailed within report CSA-230102
[2023-02-12 19:54:09,849] DEBUG    processor/thread_2   Retrieved 34 indicators detailed within report CSA-230115
[2023-02-12 19:54:09,890] DEBUG    processor/thread_6   CSA-230099 Analysis of the AvantGarde Infection Chain Suggests Update Server Supply-Chain Compromise report created.
[2023-02-12 19:54:10,002] DEBUG    processor/thread_3   CSIT-23008 Unit 32065 in the Northern Theater Command: Ties to KARMA PANDA's Unit 65016 and Jinan MR TRB Unit 72959 report created.
[2023-02-12 19:54:10,004] DEBUG    processor/thread_3   Retrieved 14 indicators detailed within report CSA-230122
[2023-02-12 19:54:10,020] DEBUG    processor/thread_11  Retrieved 37 indicators detailed within report CSA-230091
[2023-02-12 19:54:10,046] DEBUG    processor/thread_1   CSA-230104 Industry Reporting Describes VELVET CHOLLIMA Phishing Campaign Targeting Cryptocurrency Investors report created.
[2023-02-12 19:54:10,089] DEBUG    processor/thread_12  CSA-230102 Analysis of Hive Ransomware Version 6.0; Changes Made to Address Previously Identified Cryptographic Flaw report created.
[2023-02-12 19:54:10,116] DEBUG    processor/thread_10  Retrieved 49 indicators detailed within report CSA-230108
[2023-02-12 19:54:10,145] DEBUG    processor/thread_1   CSIT-22088 CyclopsBlink: Retrospective Analysis of CVE-2022-26318 and WatchGuard Intrusion-Vector Timelines report created.
[2023-02-12 19:54:10,147] DEBUG    processor/thread_1   Retrieved 1 indicators detailed within report CSA-230127
[2023-02-12 19:54:10,211] DEBUG    processor/thread_2   CSA-230115 PRIMITIVE BEAR Baryonyx Campaign Targets Eastern European NATO-Member Countries report created.
[2023-02-12 19:54:10,216] DEBUG    processor/thread_9   Retrieved 28 indicators detailed within report CSA-230082
[2023-02-12 19:54:10,254] DEBUG    processor/thread_3   CSA-230122 Sample Tied to Iranian Operator of RCRU64 Ransomware-as-a-Service Deployed at North American Electronics Manufacturing Company report created.
[2023-02-12 19:54:10,264] DEBUG    processor/thread_1   CSA-230127 Threat Actor Leverages pingb[.]in After Exploiting Vulnerable ManageEngine Servers report created.
[2023-02-12 19:54:10,363] DEBUG    processor/thread_11  CSA-230091 Threat Actor Leverages SMOKY SPIDER's Smoke Bot to Deliver Probable SCATTERED SPIDER BlackLotus Bootkit Installers report created.
[2023-02-12 19:54:10,374] DEBUG    processor/thread_3   CSA-230121 Hacktivists Who Targeted Korean Government Networks Affiliated with Samsung Hackers report created.
[2023-02-12 19:54:10,398] DEBUG    processor/thread_0   Retrieved 24 indicators detailed within report CSIT-23036
[2023-02-12 19:54:10,411] DEBUG    processor/thread_7   Retrieved 19 indicators detailed within report CSA-230124
[2023-02-12 19:54:10,464] DEBUG    processor/thread_11  CSA-230101 Chinese Hacktivist Group Claims Breach of South Korean Government Networks report created.
[2023-02-12 19:54:10,472] DEBUG    processor/thread_3   CSA-230112 Pro-Russia Hacktivists Claim DDoS Attacks Against German Government, Financial Sector, and Airports in Retaliatory Campaign report created.
[2023-02-12 19:54:10,482] DEBUG    processor/thread_9   CSA-230082 HAZY TIGER Likely Targets Entities Across Asia With Malicious Compressed HTML Files report created.
[2023-02-12 19:54:10,484] DEBUG    processor/thread_9   Retrieved 14 indicators detailed within report CSIT-23040
[2023-02-12 19:54:10,499] DEBUG    processor/thread_10  CSA-230108 STARDUST CHOLLIMA Continues Targeting Financial Technology Sector with LNK Infection Chain report created.
[2023-02-12 19:54:10,559] DEBUG    processor/thread_8   CSA-230119 Multiple Law Enforcement Agencies Announce International Operation Targeting HIVE SPIDER report created.
[2023-02-12 19:54:10,677] DEBUG    processor/thread_7   CSA-230124 MIRAGE TIGER Remains Active as of Early 2023; Continues Use of Various Infrastructure Administration Accounts report created.
[2023-02-12 19:54:10,689] DEBUG    processor/thread_9   CSIT-23040 Browser Extension-Based Banking Trojan Mozart: Authorship and Technical Details report created.
[2023-02-12 19:54:10,757] DEBUG    processor/thread_0   CSIT-23036 CARBON SPIDERโ€™s JSSXLoader Infection Chain report created.
[2023-02-12 19:54:11,004] DEBUG    processor/thread_4   CSA-230081 BRAIN SPIDER Linked to RADAR Ransomware; User Publicizes RADAR and Other RaaS Victims on Criminal Forum report created.
[2023-02-12 19:54:11,033] DEBUG    processor/thread_6   CSA-230117 UK NCSC Releases Details of GOSSAMER BEAR Credential-Phishing Operations report created.
[2023-02-12 19:54:11,338] DEBUG    processor/thread_3   Retrieved 16 indicators detailed within report CSA-230086
[2023-02-12 19:54:11,366] DEBUG    processor/thread_10  Retrieved 52 indicators detailed within report CSA-230111
[2023-02-12 19:54:11,647] DEBUG    processor/thread_3   CSA-230086 PROPHET SPIDER Compromises Tableau and GoAnywhere Servers via SQL Processes report created.
[2023-02-12 19:54:11,656] DEBUG    processor/thread_1   CSIT-23021 VETO SPIDER Adversary Profile: eCrime Actor Offers Access, Exploits, and Tooling for Sale report created.
[2023-02-12 19:54:11,697] DEBUG    processor/thread_0   Retrieved 75 indicators detailed within report CSIT-23018
[2023-02-12 19:54:11,728] DEBUG    processor/thread_11  CSA-230114 FBI Attributes June 2022 Harmony Bridge Breach to DPRK Adversary; Associated Malware and Cryptocurrency Laundering Tradecraft are Consistent with LABYRINTH CHOLLIMA Activity report created.
[2023-02-12 19:54:11,731] DEBUG    processor/thread_4   Retrieved 35 indicators detailed within report CSIT-23032
[2023-02-12 19:54:11,749] DEBUG    processor/thread_8   Retrieved 4 indicators detailed within report CSIT-23030
[2023-02-12 19:54:11,814] DEBUG    processor/thread_10  CSA-230111 BLIND SPIDER Continues to Target Colombia-Based Users; Distributes Quasar RAT report created.
[2023-02-12 19:54:11,817] DEBUG    processor/thread_1   CSA-230132 Killnet and Affiliates Claim DDoS Attacks in Ongoing Campaign Against Western Healthcare Entities report created.
[2023-02-12 19:54:11,819] DEBUG    processor/thread_1   Retrieved 2 indicators detailed within report CSA-230133
[2023-02-12 19:54:11,840] DEBUG    processor/thread_15  Retrieved 5 indicators detailed within report CSDR-23017
[2023-02-12 19:54:11,926] DEBUG    processor/thread_8   CSIT-23030 Technical Analysis of BokBot's Hidden VNC Module report created.
[2023-02-12 19:54:11,986] DEBUG    processor/thread_14  CSDR-23016 CrowdStrike Intelligence Daily Report Day of 26 January 2023 report created.
[2023-02-12 19:54:11,988] DEBUG    processor/thread_14  Retrieved 61 indicators detailed within report CSIT-23052
[2023-02-12 19:54:12,008] INFO     processor/thread_1   50 reports imported (0 reports skipped, 0 errors).
[2023-02-12 19:54:12,009] DEBUG    processor/thread_1   CSA-230133 ArcLocker Ransomware Operators Establish Dedicated Leak Site and Offer Victim Data for Sale report created.
[2023-02-12 19:54:12,010] DEBUG    processor/thread_1   Retrieved 5 indicators detailed within report CSIT-23017
[2023-02-12 19:54:12,018] DEBUG    processor/thread_7   Retrieved 6 indicators detailed within report CSIT-23011
[2023-02-12 19:54:12,084] DEBUG    processor/thread_9   CSIT-23026 Royal Ransomware Technical Analysis report created.
[2023-02-12 19:54:12,123] DEBUG    processor/thread_4   CSIT-23032 Make 5 Million in 5 Minutes: Analysis of a LABYRINTH CHOLLIMA SparkDownloader Infection Chain Targeting the FinTech Sector report created.
[2023-02-12 19:54:12,136] DEBUG    processor/thread_15  CSDR-23017 CrowdStrike Intelligence Daily Report Day of 27 January 2023 report created.
[2023-02-12 19:54:12,151] DEBUG    processor/thread_0   CSIT-23018 Technical Analysis of PRIMITIVE BEARโ€™s EvilGnome RAT report created.
[2023-02-12 19:54:12,168] DEBUG    processor/thread_1   CSIT-23017 Technical Analysis of White Rabbit Ransomware and its Cryptographic Flaw report created.
[2023-02-12 19:54:12,180] DEBUG    processor/thread_3   Retrieved 3 indicators detailed within report CSA-230130
[2023-02-12 19:54:12,194] DEBUG    processor/thread_6   Retrieved 67 indicators detailed within report CSIT-23016
[2023-02-12 19:54:12,264] DEBUG    processor/thread_7   CSIT-23011 RICOCHET CHOLLIMA: Technical Analysis of CloudMensis report created.
[2023-02-12 19:54:12,361] DEBUG    processor/thread_2   CSDR-23018 CrowdStrike Intelligence Daily Report Day of 30 January 2023 report created.
[2023-02-12 19:54:12,368] DEBUG    processor/thread_3   CSA-230130 Novel Golang Wiper SwiftSlicer Allegedly Targets Ukraine report created.
[2023-02-12 19:54:12,384] DEBUG    processor/thread_14  CSIT-23052 Softserve, Retrograde, and 9002: Malware Linked to Targeted Intrusion Activity at East Asian Entity report created.
[2023-02-12 19:54:12,391] DEBUG    processor/thread_7   CSA-230135 Chinaโ€™s Cyberspace Administration Buys Stake in Alibaba: Governmentโ€™s โ€œGolden Sharesโ€ Signal Shift in Big Tech Oversight report created.
[2023-02-12 19:54:12,442] DEBUG    processor/thread_11  CSDR-23019 CrowdStrike Intelligence Daily Report Day of 31 January 2023 report created.
[2023-02-12 19:54:12,462] DEBUG    processor/thread_13  Retrieved 36 indicators detailed within report CSIT-23047
[2023-02-12 19:54:12,481] DEBUG    processor/thread_9   Retrieved 45 indicators detailed within report CSIT-23057
[2023-02-12 19:54:12,484] DEBUG    processor/thread_3   CSIT-23046 Pro-Azerbaijan Hacktivism in 2022 and Geopolitical Context report created.
[2023-02-12 19:54:12,577] DEBUG    processor/thread_8   Retrieved 5 indicators detailed within report CSA-230129
[2023-02-12 19:54:12,602] DEBUG    processor/thread_15  Retrieved 21 indicators detailed within report CSIT-23006
[2023-02-12 19:54:12,629] DEBUG    processor/thread_6   CSIT-23016 Analysis of VICE SPIDERโ€™s SocksProxyGo report created.
[2023-02-12 19:54:12,631] DEBUG    processor/thread_6   Retrieved 28 indicators detailed within report CSIT-23022
[2023-02-12 19:54:12,746] DEBUG    processor/thread_13  CSIT-23047 Analysis of PROPHET SPIDERโ€™s Ishmael Proxy report created.
[2023-02-12 19:54:12,758] DEBUG    processor/thread_0   Retrieved 35 indicators detailed within report CSIT-23045
[2023-02-12 19:54:12,799] DEBUG    processor/thread_8   CSA-230129 CERT-UA Provides Further Context of VOODOO BEAR Destructive Attack Against Ukrainian Media Organization report created.
[2023-02-12 19:54:12,859] DEBUG    processor/thread_15  CSIT-23006 MIRAGE TIGER: Technical Analysis of VajraRAT Android RAT report created.
[2023-02-12 19:54:12,879] DEBUG    processor/thread_9   CSIT-23057 RFile: Malware Linked to Historical WICKED PANDA Activity report created.
[2023-02-12 19:54:12,883] DEBUG    processor/thread_13  CSA-230141 Azerbaijani Hacktivist Group Defaces Iranian Websites After Attack on Azeri Embassy in Tehran report created.
[2023-02-12 19:54:12,885] DEBUG    processor/thread_9   Retrieved 12 indicators detailed within report CSA-230126
[2023-02-12 19:54:12,888] DEBUG    processor/thread_4   Retrieved 70 indicators detailed within report CSIT-23010
[2023-02-12 19:54:12,947] DEBUG    processor/thread_6   CSIT-23022 Salve LATAM Banking Trojan: Main Component report created.
[2023-02-12 19:54:12,949] DEBUG    processor/thread_6   Retrieved 2 indicators detailed within report CSA-230137
[2023-02-12 19:54:12,962] DEBUG    processor/thread_11  Retrieved 14 indicators detailed within report CSA-230131
[2023-02-12 19:54:12,984] DEBUG    processor/thread_2   CSIT-23064 Profile of BOSS SPIDER Operator Faramarz Shahi Savandi and Assessment of Current Activities report created.
[2023-02-12 19:54:13,062] DEBUG    processor/thread_0   CSIT-23045 Technical Analysis of a New Variant of SCULLY SPIDERโ€™S DanaBot Loader report created.
[2023-02-12 19:54:13,076] DEBUG    processor/thread_1   Retrieved 9 indicators detailed within report CSIT-23037
[2023-02-12 19:54:13,091] DEBUG    processor/thread_9   CSA-230126 Spam Campaign Uses Malicious OneNote Files to Deliver AsyncRAT report created.
[2023-02-12 19:54:13,092] DEBUG    processor/thread_9   Retrieved 5 indicators detailed within report CSA-230145
[2023-02-12 19:54:13,096] DEBUG    processor/thread_6   CSA-230137 Known Ransomware Actor Leverages Trojanized Software Package to Gain Initial Access to Victim Organization report created.
[2023-02-12 19:54:13,113] DEBUG    processor/thread_7   Retrieved 12 indicators detailed within report CSA-230134
[2023-02-12 19:54:13,163] DEBUG    processor/thread_0   CSA-230143 Disinformation Campaigns Observed Against January 2023 Czech Presidential Elections report created.
[2023-02-12 19:54:13,243] DEBUG    processor/thread_11  CSA-230131 LABYRINTH CHOLLIMA Targets Defense Sector with SecurePDF Malicious PDF Reader report created.
[2023-02-12 19:54:13,244] DEBUG    processor/thread_11  Retrieved 45 indicators detailed within report CSA-230153
[2023-02-12 19:54:13,271] DEBUG    processor/thread_15  Retrieved 49 indicators detailed within report CSIT-23054
[2023-02-12 19:54:13,287] DEBUG    processor/thread_14  CSIT-23053 Pro-Turkey Hacktivist Activity Year-in-Review 2022 report created.
[2023-02-12 19:54:13,302] DEBUG    processor/thread_1   CSIT-23037 Kazuarโ€™s Updated On-Disk Storage report created.
[2023-02-12 19:54:13,317] DEBUG    processor/thread_6   CSA-230154 Pro-Palestine Hacktivist Group Electronic Quds Force Claims Israeli Chemical Factory Industrial Control Systems Compromise report created.
[2023-02-12 19:54:13,328] DEBUG    processor/thread_4   CSIT-23010 EMISSARY PANDA: RShell Updates Indicate Ongoing Development report created.
[2023-02-12 19:54:13,344] DEBUG    processor/thread_9   CSA-230145 Amadey Distributes New, Completely Rewritten Version of Amadey Stealer report created.
[2023-02-12 19:54:13,369] DEBUG    processor/thread_7   CSA-230134 Oracle E-Business Suite Vulnerability CVE-2022-21587 Exploited in the Wild report created.
[2023-02-12 19:54:13,416] DEBUG    processor/thread_1   CSA-230155 IT Army of Ukraine Claims Leak of Sensitive Gazprom Files report created.
[2023-02-12 19:54:13,425] DEBUG    processor/thread_2   Retrieved 34 indicators detailed within report CSA-230144
[2023-02-12 19:54:13,507] DEBUG    processor/thread_7   CSA-230162 Killnet and Affiliated Russian Groups Continue DDoS Campaign Against U.S. Healthcare Entities report created.
[2023-02-12 19:54:13,521] DEBUG    processor/thread_1   CSA-230159 South Korea to Sanction North Korean Cyber Actors for the First Time report created.
[2023-02-12 19:54:13,523] DEBUG    processor/thread_1   Retrieved 33 indicators detailed within report CSA-230136
[2023-02-12 19:54:13,556] DEBUG    processor/thread_3   CSIT-23029 Overview of Ongoing SAMBA SPIDER Mispadu Campaigns Targeting LATAM-Based Entities report created.
[2023-02-12 19:54:13,557] DEBUG    processor/thread_3   Retrieved 82 indicators detailed within report CSA-230165
[2023-02-12 19:54:13,601] DEBUG    processor/thread_11  CSA-230153 Summary of Shindig Execution Task Updates report created.
[2023-02-12 19:54:13,604] DEBUG    processor/thread_8   Retrieved 25 indicators detailed within report CSA-230092
[2023-02-12 19:54:13,667] DEBUG    processor/thread_15  CSIT-23054 PIRATE PANDA Deploys MsmRat Version 2.46-2 in Campaign Targeting Russia and Ukraine report created.
[2023-02-12 19:54:13,669] DEBUG    processor/thread_15  Retrieved 5 indicators detailed within report CSA-230152
[2023-02-12 19:54:13,715] DEBUG    processor/thread_2   CSA-230144 MALLARD SPIDER Campaign Leverages Malicious OneNote Documents; TTPs Consistent with Recent Campaigns report created.
[2023-02-12 19:54:13,717] DEBUG    processor/thread_2   Retrieved 15 indicators detailed within report CSA-230149
[2023-02-12 19:54:13,736] DEBUG    processor/thread_6   Retrieved 15 indicators detailed within report CSA-230118
[2023-02-12 19:54:13,792] DEBUG    processor/thread_1   CSA-230136 Commodity Malware Aurora Stealer Likely Distributed in Campaigns Impersonating Legitimate Installers report created.
[2023-02-12 19:54:13,898] DEBUG    processor/thread_15  CSA-230152 Phobos Operator Deploys Tooling from Self-Extracting Archive; Deploys Remote Monitoring Tool report created.
[2023-02-12 19:54:13,900] DEBUG    processor/thread_15  Retrieved 29 indicators detailed within report CSA-230158
[2023-02-12 19:54:13,904] DEBUG    processor/thread_1   CSA-230138 ArcLocker Ransomware Operators Observed Paying for Illicit VPN Service, Access Broker, and Other Services report created.
[2023-02-12 19:54:13,918] DEBUG    processor/thread_1   Retrieved 16 indicators detailed within report CSA-230167
[2023-02-12 19:54:13,943] DEBUG    processor/thread_8   CSA-230092 TRACER KITTEN Intrusions Leveraging DNSDAT Observed at Multiple South Asian Telecommunications Providers Throughout January 2023 report created.
[2023-02-12 19:54:13,948] DEBUG    processor/thread_2   CSA-230149 Vohuk Ransomware-as-a-Service Recruits Affiliates Within Iranian eCrime Communities with Limited Success report created.
[2023-02-12 19:54:14,011] DEBUG    processor/thread_6   CSA-230118 Likely SILENT CHOLLIMA Activity Deploys AnanasRAT in Opportunistic Targeting of North American Food Services Sector; Malware Previously Observed at North American Manufacturing Sector Entity in 2022 report created.
[2023-02-12 19:54:14,012] DEBUG    processor/thread_6   Retrieved 34 indicators detailed within report CSA-230146
[2023-02-12 19:54:14,037] DEBUG    processor/thread_13  CSDR-23020 CrowdStrike Intelligence Daily Report Day of 1 February 2023 report created.
[2023-02-12 19:54:14,057] DEBUG    processor/thread_3   CSA-230165 GildedShovel Activity Cluster Likely Targets Arabic-Speaking Entities; Associated with Historical Activity Targeting Egyptian Civil Society Organizations report created.
[2023-02-12 19:54:14,058] DEBUG    processor/thread_3   Retrieved 65 indicators detailed within report CSA-230160
[2023-02-12 19:54:14,095] DEBUG    processor/thread_14  Retrieved 104 indicators detailed within report CSA-230066
[2023-02-12 19:54:14,134] DEBUG    processor/thread_11  Retrieved 5 indicators detailed within report CSA-230040
[2023-02-12 19:54:14,147] DEBUG    processor/thread_13  CSA-230166 Japan Creates Working Group for Offensive Cyber Operations and Bolsters Cooperation with NATO report created.
[2023-02-12 19:54:14,157] DEBUG    processor/thread_8   CSDR-23022 CrowdStrike Intelligence Daily Report Day of 3 February 2023 report created.
[2023-02-12 19:54:14,197] DEBUG    processor/thread_1   CSA-230167 Pro-Turkey Hacktivists Conduct Spear-Phishing Operations Likely Using AsyncRAT in Response to Quran Burnings in Sweden and Denmark report created.
[2023-02-12 19:54:14,249] INFO     processor/thread_15  100 reports imported (0 reports skipped, 0 errors).
[2023-02-12 19:54:14,250] DEBUG    processor/thread_15  CSA-230158 Malvertising Campaigns Continue to Deliver Gozi ISFB and RedLine Stealer report created.
[2023-02-12 19:54:14,276] DEBUG    processor/thread_13  CSA-230147 Intelligence Recon Report: Week of 30 January 2023 report created.
[2023-02-12 19:54:14,308] DEBUG    processor/thread_6   CSA-230146 Multiple Operators Have Begun Distributing Shindig Again report created.
[2023-02-12 19:54:14,311] DEBUG    processor/thread_9   CSA-230151 QuantumBuilder Developer Advertises Malicious OneNote Builder report created.
[2023-02-12 19:54:14,314] DEBUG    processor/thread_6   Retrieved 39 indicators detailed within report CSA-230120
[2023-02-12 19:54:14,347] DEBUG    processor/thread_11  CSA-230040 SCATTERED SPIDER Likely Deploys Vulnerable Software to Sabotage Gateways and Enable Exploitation report created.
[2023-02-12 19:54:14,507] DEBUG    processor/thread_3   CSA-230160 Shindigโ€™s Anti-Analysis Functionality: Follow-Up Analysis report created.
[2023-02-12 19:54:14,527] DEBUG    processor/thread_11  CSA-230163 Netherlands and Japan Agree to Join U.S. in Restricting Semiconductor Manufacturing Equipment Exports to China report created.
[2023-02-12 19:54:14,529] DEBUG    processor/thread_11  Retrieved 55 indicators detailed within report CSA-230168
[2023-02-12 19:54:14,612] DEBUG    processor/thread_6   CSA-230120 New Shindig Build Reintroduces Persistence and Anti-Analysis Functionality report created.
[2023-02-12 19:54:14,779] DEBUG    processor/thread_4   CSDR-23021 CrowdStrike Intelligence Daily Report Day of 2 February 2023 report created.
[2023-02-12 19:54:14,781] DEBUG    processor/thread_4   Retrieved 5 indicators detailed within report CSA-230173
[2023-02-12 19:54:14,836] DEBUG    processor/thread_2   CSA-230140 SCATTERED SPIDER Likely Continues to Expand Technology Sector Target Scope report created.
[2023-02-12 19:54:14,839] DEBUG    processor/thread_2   Retrieved 2 indicators detailed within report CSDR-23023
[2023-02-12 19:54:14,857] DEBUG    processor/thread_14  CSA-230066 Suspected Cobalt Strike Intrusion Targets East Asia-Based Chemical Company; Activity Associated with Separately Observed Infrastructure Cluster and Historical WICKED PANDA Operations report created.
[2023-02-12 19:54:14,867] DEBUG    processor/thread_11  CSA-230168 RepeatingUmbra Continues Credential-Phishing Campaigns; Observed TTPs Overlap with FANCY BEAR report created.
[2023-02-12 19:54:14,872] DEBUG    processor/thread_0   Retrieved 26 indicators detailed within report CSA-230128
[2023-02-12 19:54:14,948] DEBUG    processor/thread_4   CSA-230173 Probable Exploitation of CVE-2022-47986 IBM Aspera Faspex Deserialization Flaw report created.
[2023-02-12 19:54:14,962] DEBUG    processor/thread_1   Retrieved 22 indicators detailed within report CSA-230161
[2023-02-12 19:54:15,046] DEBUG    processor/thread_4   CSIT-23023 Western Cyber Aid and Cooperation with Ukraine Around 2022 Russian Invasion report created.
[2023-02-12 19:54:15,048] DEBUG    processor/thread_4   Retrieved 66 indicators detailed within report CSA-230150
[2023-02-12 19:54:15,076] DEBUG    processor/thread_2   CSDR-23023 CrowdStrike Intelligence Daily Report Day of 6 February 2023 report created.
[2023-02-12 19:54:15,079] DEBUG    processor/thread_9   Retrieved 44 indicators detailed within report CSA-230139
[2023-02-12 19:54:15,080] DEBUG    processor/thread_2   Retrieved 11 indicators detailed within report CSA-230178
[2023-02-12 19:54:15,126] DEBUG    processor/thread_0   CSA-230128 QUILTED TIGER Targets Chinese Universities in Likely Credential-Harvesting Operation report created.
[2023-02-12 19:54:15,228] DEBUG    processor/thread_1   CSA-230161 New Rekram Downloader Spam Campaign Includes OneNote File Attachments; Downloads Netwire and Pouter RATs report created.
[2023-02-12 19:54:15,230] DEBUG    processor/thread_1   Retrieved 3 indicators detailed within report CSIT-23034
[2023-02-12 19:54:15,322] DEBUG    processor/thread_2   CSA-230178 eCrime Actors Continue Shift to Using OneNote Files; Shindig Latest Threat Distributed Using OneNote File report created.
[2023-02-12 19:54:15,324] DEBUG    processor/thread_2   Retrieved 13 indicators detailed within report CSA-230176
[2023-02-12 19:54:15,364] DEBUG    processor/thread_5   Retrieved 55 indicators detailed within report CSA-230174
[2023-02-12 19:54:15,395] DEBUG    processor/thread_1   CSIT-23034 Black Basta ESXi Cryptographic Weaknesses Allows Full Decryption report created.
[2023-02-12 19:54:15,397] DEBUG    processor/thread_1   Retrieved 8 indicators detailed within report CSA-230170
[2023-02-12 19:54:15,452] DEBUG    processor/thread_3   Retrieved 6 indicators detailed within report CSA-230142
[2023-02-12 19:54:15,467] DEBUG    processor/thread_4   CSA-230150 Unattributed Threat Actor Targeting Telecommunications Services Continues Using Backdoored OpenSSH Client report created.
[2023-02-12 19:54:15,503] DEBUG    processor/thread_9   CSA-230139 LABYRINTH CHOLLIMA Utilizes ISO-Based Employment Assessments to Deploy Pulsar Downloader and KeyTheme report created.
[2023-02-12 19:54:15,513] DEBUG    processor/thread_8   Retrieved 8 indicators detailed within report CSA-230164
[2023-02-12 19:54:15,544] DEBUG    processor/thread_2   CSA-230176 RedLine Stealer Delivered Using Google and Dropbox Links report created.
[2023-02-12 19:54:15,570] DEBUG    processor/thread_4   CSIT-23056 Analysis of VMware Virtual Infrastructure Attack Vectors report created.
[2023-02-12 19:54:15,584] DEBUG    processor/thread_1   CSA-230170 Amadey Distributes Amadey Clipper, New Cryptocurrency Clipjacking Module report created.
[2023-02-12 19:54:15,585] DEBUG    processor/thread_1   Retrieved 91 indicators detailed within report CSA-230148
[2023-02-12 19:54:15,619] DEBUG    processor/thread_9   CSA-230186 Anonymous Sudan Claims High-Profile Western Government Target in String of Alleged DDoS Attacks report created.
[2023-02-12 19:54:15,651] DEBUG    processor/thread_7   Retrieved 3 indicators detailed within report CSA-230157
[2023-02-12 19:54:15,663] DEBUG    processor/thread_14  Retrieved 1 indicators detailed within report CSA-230171
[2023-02-12 19:54:15,678] DEBUG    processor/thread_3   CSA-230142 HERMIT SPIDER Customer Uses PrivateLoader to Deliver Ficker Stealer in Late January 2023 Amidst Decrease in PrivateLoader Loads report created.
[2023-02-12 19:54:15,680] DEBUG    processor/thread_3   Retrieved 6 indicators detailed within report CSA-230189
[2023-02-12 19:54:15,695] DEBUG    processor/thread_11  Retrieved 7 indicators detailed within report CSA-230172
[2023-02-12 19:54:15,709] DEBUG    processor/thread_5   CSA-230174 ScarletSpiral Updates Dropper and Downloader; Campaign Spans November 2022 to January 2023 report created.
[2023-02-12 19:54:15,720] DEBUG    processor/thread_8   CSA-230164 VICE SPIDER Continues High-Tempo Activity Targeting Academic Sector; Deploys RedAlertLocker report created.
[2023-02-12 19:54:15,813] DEBUG    processor/thread_14  CSA-230171 SCATTERED SPIDER Uses Bitsadmin to Download Plink and Ngrok, Continues Targeting Cellular Providers report created.
[2023-02-12 19:54:15,826] DEBUG    processor/thread_15  Retrieved 10 indicators detailed within report CSA-230169
[2023-02-12 19:54:15,836] DEBUG    processor/thread_5   CSIT-23043 Overview of N3ww4v3 Ransomware and Associated TTPs report created.
[2023-02-12 19:54:15,838] DEBUG    processor/thread_5   Retrieved 33 indicators detailed within report CSIT-23049
[2023-02-12 19:54:15,857] DEBUG    processor/thread_8   CSA-230175 Cybercriminals Continue to Rely on Cloud-Based Log Sellers report created.
[2023-02-12 19:54:15,862] DEBUG    processor/thread_3   CSA-230189 ESXiArgs Campaign Targeting ESXi Hosts; Likely Exploiting CVE-2021-21974 or CVE-2020-3992 report created.
[2023-02-12 19:54:15,866] DEBUG    processor/thread_9   CSIR-23002 Overview of Guacamayaโ€™s โ€œFuerzas Represivasโ€ Campaign report created.
[2023-02-12 19:54:15,868] DEBUG    processor/thread_3   Retrieved 1 indicators detailed within report CSA-230194
[2023-02-12 19:54:15,881] DEBUG    processor/thread_7   CSA-230157 LockBit GREEN Observed at Two U.S.-Based Food and Beverage Entities; Overlap with Leaked Conti Source Code report created.
[2023-02-12 19:54:15,925] DEBUG    processor/thread_11  CSA-230172 RECESS SPIDER Uses New Exfiltration TTPs, Continues Targeting Microsoft Exchange Servers report created.
[2023-02-12 19:54:15,937] DEBUG    processor/thread_14  CSA-230193 January 2023 Summary of Pro-Russia Hacktivist Activity report created.
[2023-02-12 19:54:15,938] DEBUG    processor/thread_14  Retrieved 11 indicators detailed within report CSA-230192
[2023-02-12 19:54:15,982] DEBUG    processor/thread_13  CSA-230156 ALPHA SPIDER Responds to HIVE SPIDER Disruption in Announcement to Affiliates report created.
[2023-02-12 19:54:16,046] DEBUG    processor/thread_15  CSA-230169 LUNAR SPIDER Reportedly Adopts OneNote Files to Distribute BokBot report created.
[2023-02-12 19:54:16,058] DEBUG    processor/thread_3   CSA-230194 GoAnywhere Zero-Day Vulnerability (CVE-2023-0669) Actively Exploited report created.
[2023-02-12 19:54:16,059] DEBUG    processor/thread_3   Retrieved 28 indicators detailed within report CSA-230183
[2023-02-12 19:54:16,088] DEBUG    processor/thread_1   CSA-230148 Cobalt Strike Campaign Leverages Fastly CDN Domain Fronting; Uses Custom RFile Malware-Based Downloader Linked to WICKED PANDA report created.
[2023-02-12 19:54:16,097] DEBUG    processor/thread_11  CSA-230181 Anonymous-Affiliated Hacktivists Conduct #OpPeru Campaign in Support of Protestors report created.
[2023-02-12 19:54:16,148] DEBUG    processor/thread_14  CSA-230192 New Version of Satacom Downloader Uses RC4 Encryption for Data Obfuscation report created.
[2023-02-12 19:54:16,178] DEBUG    processor/thread_5   CSIT-23049 Malware Analysis of ColdStealer report created.
[2023-02-12 19:54:16,183] DEBUG    processor/thread_0   CSA-230177 CURIOUS JACKAL Advertises Sale of South American Web Hosting Company Access and Backup Data report created.
[2023-02-12 19:54:16,198] DEBUG    processor/thread_11  CSA-230207 Russiaโ€™s Gazprom Media Holding Stops Adding Content to YouTube Amid Government Push Towards Russian Alternatives report created.
[2023-02-12 19:54:16,240] DEBUG    processor/thread_1   CSA-230195 Purportedly Inauthentic Vietnamese Social Media Accounts Support Israeli Governmentโ€™s Judicial Overhaul Plan report created.
[2023-02-12 19:54:16,268] DEBUG    processor/thread_2   CSDR-23024 CrowdStrike Intelligence Daily Report Day of 7 February 2023 report created.
[2023-02-12 19:54:16,269] DEBUG    processor/thread_2   Retrieved 42 indicators detailed within report CSA-230198
[2023-02-12 19:54:16,350] DEBUG    processor/thread_4   Retrieved 10 indicators detailed within report CSA-230182
[2023-02-12 19:54:16,408] DEBUG    processor/thread_3   CSA-230183 Updated Apolog Shellcode Loaders Deliver New Version of Satacom Downloader report created.
[2023-02-12 19:54:16,540] DEBUG    processor/thread_4   CSA-230182 BokBot Disables Chrome Root Store to Allow Man-in-the-Middle Attacks report created.
[2023-02-12 19:54:16,568] DEBUG    processor/thread_2   CSA-230198 Increase in BianLian Ransomware Activity Observed Since Late 2022 report created.
[2023-02-12 19:54:16,664] INFO     processor/thread_2   150 reports imported (0 reports skipped, 0 errors).
[2023-02-12 19:54:16,664] DEBUG    processor/thread_2   CSA-230190 AresLoader Advertised on Russian-Language Underground Forum report created.
[2023-02-12 19:54:16,666] DEBUG    processor/thread_2   Retrieved 8 indicators detailed within report CSA-230196
[2023-02-12 19:54:16,686] DEBUG    processor/thread_7   Retrieved 9 indicators detailed within report CSA-230197
[2023-02-12 19:54:16,729] DEBUG    processor/thread_13  CSIT-23041 Overview of Karakurt Team DLS and Activity in 2022 report created.
[2023-02-12 19:54:16,824] DEBUG    processor/thread_2   CSA-230196 New PixPirate Mobile Banking Trojan Targets Users from Latin American Financial Institutions report created.
[2023-02-12 19:54:16,842] DEBUG    processor/thread_7   CSA-230197 Active Malspam Campaign Delivering Malicious OneNote Downloaders report created.
[2023-02-12 19:54:16,903] DEBUG    processor/thread_15  Retrieved 6 indicators detailed within report CSA-230202
[2023-02-12 19:54:16,985] DEBUG    processor/thread_5   CSA-230211 Seven Members of WIZARD SPIDER Sanctioned by UK FCDO and U.S. OFAC; U.S. DNJ Unseals Indictment Against Key WIZARD SPIDER Member report created.
[2023-02-12 19:54:17,033] DEBUG    processor/thread_3   Retrieved 28 indicators detailed within report CSA-230205
[2023-02-12 19:54:17,080] DEBUG    processor/thread_7   CSDR-23027 CrowdStrike Intelligence Daily Report Day of 10 February 2023 report created.
[2023-02-12 19:54:17,089] DEBUG    processor/thread_14  Retrieved 3 indicators detailed within report CSA-230199
[2023-02-12 19:54:17,102] DEBUG    processor/thread_5   CSA-230214 Intelligence Recon Report: Week of 6 February 2023 report created.
[2023-02-12 19:54:17,107] DEBUG    processor/thread_15  CSA-230202 FRONTLINE JACKAL Continues Likely Opportunistic Activity in Early 2023 report created.
[2023-02-12 19:54:17,109] DEBUG    processor/thread_5   Retrieved 38 indicators detailed within report CSA-230213
[2023-02-12 19:54:17,131] DEBUG    processor/thread_1   Retrieved 7 indicators detailed within report CSIT-23065
[2023-02-12 19:54:17,182] DEBUG    processor/thread_11  CSA-230203 Nevada Ransomware Advertises Ransomware-as-a-Service Program; Seeks to Recruit HIVE SPIDER Affiliates report created.
[2023-02-12 19:54:17,184] DEBUG    processor/thread_11  Retrieved 26 indicators detailed within report CSA-230185
[2023-02-12 19:54:17,224] DEBUG    processor/thread_7   CSIT-23063 Chinaโ€™s Demonstration Project for Building World-Class Cybersecurity Colleges: Strengthening PANDA Talent report created.
[2023-02-12 19:54:17,226] DEBUG    processor/thread_7   Retrieved 57 indicators detailed within report CSA-230210
[2023-02-12 19:54:17,264] DEBUG    processor/thread_14  CSA-230199 UK Politician Discloses Email Account Compromise via Credential Phishing; Activity Attributed to GOSSAMER BEAR report created.
[2023-02-12 19:54:17,300] DEBUG    processor/thread_3   CSA-230205 New OneNote Spam Campaign Uses JavaScript to Download BokBot report created.
[2023-02-12 19:54:17,334] DEBUG    processor/thread_1   CSIT-23065 CHRONO KITTEN Uses Updated MasterTape Malware Throughout 2022 report created.
[2023-02-12 19:54:17,398] DEBUG    processor/thread_3   CSA-230216 Raccoon Stealer Vendor Banned on Two Different Underground Forums; Unconfirmed Claims of Cryptocurrency Theft from Customers report created.
[2023-02-12 19:54:17,423] DEBUG    processor/thread_11  CSA-230185 Recently Observed RustSimpleLoader Sample Likely Developed and Used by LATAM-Based Criminal Actors report created.
[2023-02-12 19:54:17,443] DEBUG    processor/thread_5   CSA-230213 DoubleColonBatchLoader Delivered Using OneNote Files; Likely Being Used by Multiple Access Brokers report created.
[2023-02-12 19:54:17,523] DEBUG    processor/thread_2   Retrieved 10 indicators detailed within report CSA-230206

[2023-02-12 19:54:17,523] DEBUG    processor/thread_2   Retrieved 10 indicators detailed within report CSA-230206
[2023-02-12 19:54:17,562] DEBUG    processor/thread_7   CSA-230210 Early 2023 SaltedEarth Activity Likely Targets European Embassy in Kazakhstan, CIS Entities report created.
[2023-02-12 19:54:17,662] DEBUG    processor/thread_0   CSDR-23026 CrowdStrike Intelligence Daily Report Day of 9 February 2023 report created.
[2023-02-12 19:54:17,666] DEBUG    processor/thread_14  Retrieved 17 indicators detailed within report CSA-230188
[2023-02-12 19:54:17,701] DEBUG    processor/thread_2   CSA-230206 HERMIT SPIDER Customer Uses PrivateLoader to Distribute Aurora Stealer report created.
[2023-02-12 19:54:17,718] DEBUG    processor/thread_1   Retrieved 63 indicators detailed within report CSA-230212
[2023-02-12 19:54:17,830] DEBUG    processor/thread_13  CSA-230184 Industry Reporting Details HAYWIRE KITTEN Operations Targeting French Magazine Charlie Hebdo report created.
[2023-02-12 19:54:17,833] DEBUG    processor/thread_4   Retrieved 3 indicators detailed within report CSA-230180
[2023-02-12 19:54:17,895] DEBUG    processor/thread_14  CSA-230188 Concurrent Targeted Intrusions at Southeast Asian Telecommunications Entity; PHANTOM PANDA and Unattributed Actors Identified report created.
[2023-02-12 19:54:18,017] DEBUG    processor/thread_4   CSA-230180 Industry Report Details Use of AnanasRAT in Q4 2022 SILENT CHOLLIMA Intrusion; Operation Allegedly Exhibits Links to VELVET CHOLLIMA report created.
[2023-02-12 19:54:18,127] DEBUG    processor/thread_1   CSA-230212 SCULLY SPIDERโ€™s DanaBot Distributed via Unclaimed Property Websites report created.
[2023-02-12 19:54:18,234] DEBUG    processor/thread_9   CSDR-23025 CrowdStrike Intelligence Daily Report Day of 8 February 2023 report created.
[2023-02-12 19:54:18,869] DEBUG    processor/thread_3   CSIR-23001 Strategic Support Force Recruitment in the Central Theater Command: Unit 32081 and the Technical Reconnaissance Base report created.
[2023-02-12 19:54:18,892] DEBUG    processor/thread_15  Retrieved 12 indicators detailed within report CSA-230217
[2023-02-12 19:54:19,006] DEBUG    processor/thread_8   CSIT-23028 Overview of Observed Russian False Flag Operations report created.
[2023-02-12 19:54:19,075] DEBUG    processor/thread_15  CSA-230217 BokBot Delivers Older Versions of Second-Stage Core Module report created.
[2023-02-12 19:54:21,338] DEBUG    processor/thread_10  CSIR-22022 Sector Report: Trends in Targeting of the Industrials and Engineering Sector report created.
[2023-02-12 19:54:23,907] DEBUG    processor/thread_12  CSWR-23004 CrowdStrike Intelligence Weekly Report: Week of 01/21/2023 report created.
[2023-02-12 19:54:24,660] DEBUG    processor/thread_6   CSWR-23005 CrowdStrike Intelligence Weekly Report: Week of 01/28/2023 report created.
[2023-02-12 19:54:27,948] DEBUG    processor/thread_11  CSWR-23006 CrowdStrike Intelligence Weekly Report: Week of 02/04/2023 report created.
Traceback (most recent call last):
  File "misp_import.py", line 377, in <module>
    main()
  File "misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/importer.py", line 308, in import_from_crowdstrike
    self.reports_importer.process_reports(reports_days_before, self.event_ids)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 311, in process_reports
    reported.update(fut.result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 146, in batch_import_reports
    event: MISPEvent = self.create_event_from_report(report, rpt_detail, ind_list)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 538, in create_event_from_report
    event = self.add_actor_detail(report, event)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 334, in add_actor_detail
    actor_detail = actor_detail["body"]["resources"][0]
TypeError: 'NoneType' object is not subscriptable

OverflowError: string longer than 2147483647 bytes

230225-2300

python3 misp_import.py --fullmonty -d -v -p -nb

[2023-02-25 22:40:39,751] INFO     misp_tools    MISP Import for CrowdStrike Threat Intelligence v0.6.8
[2023-02-25 22:40:39,751] INFO     config  CHECK CONFIG
[2023-02-25 22:40:39,752] DEBUG    config  client_id                                   value redacted, check config file
[2023-02-25 22:40:39,752] DEBUG    config  client_secret                               value redacted, check config file
[2023-02-25 22:40:39,752] DEBUG    config  crowdstrike_url                             US1
[2023-02-25 22:40:39,752] DEBUG    config  api_request_max                             5000
[2023-02-25 22:40:39,752] DEBUG    config  api_enable_ssl                              True
[2023-02-25 22:40:39,752] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-02-25 22:40:39,752] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-02-25 22:40:39,752] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-02-25 22:40:39,752] DEBUG    config  init_reports_days_before                    365
[2023-02-25 22:40:39,752] DEBUG    config  init_indicators_minutes_before              20220
[2023-02-25 22:40:39,752] DEBUG    config  init_actors_days_before                     365
[2023-02-25 22:40:39,752] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-02-25 22:40:39,752] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-02-25 22:40:39,753] DEBUG    config  actors_unique_tag                           CrowdStrike: ADVERSARY
[2023-02-25 22:40:39,753] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-02-25 22:40:39,753] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-02-25 22:40:39,753] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-02-25 22:40:39,753] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-02-25 22:40:39,753] DEBUG    config  unattributed_title                          Unattributed indicators:
[2023-02-25 22:40:39,753] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-02-25 22:40:39,753] DEBUG    config  malware_family_title                        Malware Family:
[2023-02-25 22:40:39,753] DEBUG    config  log_duplicates_as_sightings                 True
[2023-02-25 22:40:39,753] DEBUG    config  misp_url                                    https://3samisp/
[2023-02-25 22:40:39,753] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-02-25 22:40:39,753] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-02-25 22:40:39,753] DEBUG    config  misp_enable_ssl                             False
[2023-02-25 22:40:39,753] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-02-25 22:40:39,753] DEBUG    config  ind_attribute_batch_size                    2500
[2023-02-25 22:40:39,753] DEBUG    config  event_save_memory_refresh_interval          180
[2023-02-25 22:40:39,753] DEBUG    config  max_threads                                 16
[2023-02-25 22:40:39,753] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-02-25 22:40:39,753] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-02-25 22:40:39,753] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_kill-chain                        True
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_information-security-data-source  True
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_type                              True
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_iep                               False
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_iep2                              True
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_iep2_version                      False
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_tlp                               True
[2023-02-25 22:40:39,753] DEBUG    config  taxonomic_workflow                          True
[2023-02-25 22:40:40,646] INFO     config  No configuration errors found (1 warning)
[2023-02-25 22:40:40,646] INFO     config  
[2023-02-25 22:40:40,646] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-02-25 22:40:40,646] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-02-25 22:40:40,646] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-02-25 22:40:40,646] INFO     config  
[2023-02-25 22:40:42,246] INFO     processor/main       BEGIN ADVERSARIES IMPORT
[2023-02-25 22:40:42,247] INFO     processor/main       Start importing CrowdStrike Adversaries as events into MISP (past 365 days).
[2023-02-25 22:40:42,247] INFO     processor/main       Retrieving all adversaries.
[2023-02-25 22:40:43,061] INFO     processor/main       Got 0 adversaries from the Crowdstrike Intel API.
[2023-02-25 22:40:43,063] INFO     processor/main       Finished importing CrowdStrike Adversaries as events into MISP.
[2023-02-25 22:40:43,064] INFO     processor/main       Completed import of adversaries into MISP in 0.82 seconds
[2023-02-25 22:40:43,064] INFO     processor/main       BEGIN REPORTS IMPORT
[2023-02-25 22:40:43,064] INFO     processor/main       Starting import of CrowdStrike Threat Intelligence reports as events (past 365 days).
[2023-02-25 22:40:43,065] INFO     processor/main       Retrieving all available report types.
[2023-02-25 22:40:43,469] INFO     processor/main       Retrieved 0 total reports from the Crowdstrike Intel API.
[2023-02-25 22:40:43,470] INFO     processor/main       Found 2433 pre-existing CrowdStrike reports within the MISP instance.
[2023-02-25 22:40:43,471] INFO     processor/main       Finished importing 0 (0 skipped) Crowdstrike Threat Intelligence reports.
[2023-02-25 22:40:43,471] INFO     processor/main       Completed import of reports into MISP in 0.40 seconds
[2023-02-25 22:40:43,472] INFO     processor/main       BEGIN INDICATORS IMPORT
[2023-02-25 22:40:43,472] INFO     processor/main       Retrieving lookup data for import of CrowdStrike indicators into MISP.
[2023-02-25 22:40:43,510] INFO     processor/main       Retrieved 24 CrowdStrike indicator type events from MISP.
[2023-02-25 22:42:17,322] INFO     processor/main       Retrieved 229 CrowdStrike indicator malware family events from MISP.
[2023-02-25 22:42:18,486] INFO     processor/thread_0   Processed Malware Family: Tofsee
[2023-02-25 22:42:19,550] INFO     processor/thread_0   Processed Malware Family: IIS7VbDropper
[2023-02-25 22:42:27,511] INFO     processor/thread_5   Processed Malware Family: XMRig
[2023-02-25 22:42:31,917] INFO     processor/thread_12  Processed Malware Family: AmadeyStealer
[2023-02-25 22:42:32,380] INFO     processor/thread_12  Processed Malware Family: DelphiCorePacker
[2023-02-25 22:42:32,725] INFO     processor/thread_12  Processed Malware Family: Nymaim
[2023-02-25 22:42:34,308] INFO     processor/thread_12  Processed Malware Family: CybergateRAT
[2023-02-25 22:42:50,625] INFO     processor/thread_12  Processed Malware Family: BokBot
[2023-02-25 22:42:51,102] INFO     processor/thread_12  Processed Malware Family: MatiexKeylogger
[2023-02-25 22:42:51,483] INFO     processor/thread_15  Processed Malware Family: STOP
[2023-02-25 22:42:53,337] INFO     processor/thread_12  Processed Malware Family: Azorult
[2023-02-25 22:42:57,115] INFO     processor/thread_6   Processed Malware Family: Kovter
[2023-02-25 22:42:57,465] INFO     processor/thread_12  Processed Malware Family: Mispadu
[2023-02-25 22:42:58,122] INFO     processor/thread_7   Processed Malware Family: DarkComet
[2023-02-25 22:42:58,875] INFO     processor/thread_7   Processed Malware Family: Golroted
[2023-02-25 22:42:59,079] INFO     processor/thread_7   Processed Malware Family: Gootkit
[2023-02-25 22:43:00,584] INFO     processor/thread_10  Processed Malware Family: XLoader
[2023-02-25 22:43:02,455] INFO     processor/thread_12  Processed Malware Family: Salityv2
[2023-02-25 22:43:02,458] INFO     processor/thread_12  Processed Malware Family: BuhtrapLoader
[2023-02-25 22:43:02,766] INFO     processor/thread_12  Processed Malware Family: PandaZeus
[2023-02-25 22:43:03,110] INFO     processor/thread_12  Processed Malware Family: Kinsing
[2023-02-25 22:43:04,351] INFO     processor/thread_10  Processed Malware Family: LockBitRansomware
[2023-02-25 22:43:06,034] INFO     processor/thread_6   Processed Malware Family: Badnews
[2023-02-25 22:43:06,981] INFO     processor/thread_12  Processed Malware Family: FormBook
[2023-02-25 22:43:07,010] INFO     processor/thread_10  Processed Malware Family: NanoCore
[2023-02-25 22:43:15,387] INFO     processor/thread_12  Processed Malware Family: Phorpiex
[2023-02-25 22:43:19,217] INFO     processor/thread_8   Processed Malware Family: PdfCaptchaLure21
[2023-02-25 22:43:19,745] INFO     processor/thread_12  Processed Malware Family: Rekram
[2023-02-25 22:43:20,025] INFO     processor/thread_10  Processed Malware Family: Warzone
[2023-02-25 22:43:20,876] INFO     processor/thread_8   Processed Malware Family: Vflooder
[2023-02-25 22:43:26,617] INFO     processor/thread_9   Processed Malware Family: Pony
[2023-02-25 22:43:26,623] INFO     processor/thread_9   Processed Malware Family: PythonInMemoryStager
[2023-02-25 22:43:26,893] INFO     processor/thread_9   Processed Malware Family: SolarBot
[2023-02-25 22:43:31,002] INFO     processor/thread_9   Processed Malware Family: Netwire
[2023-02-25 22:43:32,041] INFO     processor/thread_0   Processed Malware Family: RedLineStealer
[2023-02-25 22:43:35,047] INFO     processor/thread_7   Processed Malware Family: WanaRansomware
[2023-02-25 22:43:35,049] INFO     processor/thread_7   Processed Malware Family: MyloBot/Dropper
[2023-02-25 22:43:35,672] INFO     processor/thread_8   Processed Malware Family: AsyncRAT
[2023-02-25 22:43:35,680] INFO     processor/thread_8   Processed Malware Family: Bat2Exe
[2023-02-25 22:43:35,881] INFO     processor/thread_8   Processed Malware Family: SpyMax
[2023-02-25 22:43:36,096] INFO     processor/thread_12  Processed Malware Family: CryptBot
[2023-02-25 22:43:38,203] INFO     processor/thread_0   Processed Malware Family: MyloBot
[2023-02-25 22:43:38,208] INFO     processor/thread_0   Processed Malware Family: H1N1
[2023-02-25 22:43:38,351] INFO     processor/thread_12  Processed Malware Family: FickerStealer
[2023-02-25 22:43:38,519] INFO     processor/thread_15  Processed Malware Family: Sakula
[2023-02-25 22:43:39,930] INFO     processor/thread_7   Processed Malware Family: MyloPacker
[2023-02-25 22:43:40,149] INFO     processor/thread_7   Processed Malware Family: KopiLuwak
[2023-02-25 22:43:40,689] INFO     processor/thread_15  Processed Malware Family: ISFB
[2023-02-25 22:43:43,273] INFO     processor/thread_15  Processed Malware Family: Metasploit
[2023-02-25 22:43:43,456] INFO     processor/thread_0   Processed Malware Family: AgentTesla
[2023-02-25 22:43:49,764] INFO     processor/thread_15  Processed Malware Family: JsOutProx
[2023-02-25 22:43:49,773] INFO     processor/thread_15  Processed Malware Family: UknownRAT
[2023-02-25 22:43:50,503] INFO     processor/thread_15  Processed Malware Family: Astaroth
[2023-02-25 22:43:50,663] INFO     processor/thread_15  Processed Malware Family: Meterpreter
[2023-02-25 22:43:50,908] INFO     processor/thread_15  Processed Malware Family: PoisonIvy
[2023-02-25 22:43:52,180] INFO     processor/thread_15  Processed Malware Family: VidarStealer
[2023-02-25 22:43:52,456] INFO     processor/thread_15  Processed Malware Family: Andromeda
[2023-02-25 22:43:52,720] INFO     processor/thread_15  Processed Malware Family: Phishery
[2023-02-25 22:43:52,915] INFO     processor/thread_15  Processed Malware Family: BlueHeaven
[2023-02-25 22:43:54,066] INFO     processor/thread_10  Processed Malware Family: KpotStealer
[2023-02-25 22:43:54,692] INFO     processor/thread_10  Processed Malware Family: WideGate
[2023-02-25 22:43:54,835] INFO     processor/thread_10  Processed Malware Family: Caiman
[2023-02-25 22:43:57,564] INFO     processor/thread_10  Processed Malware Family: XORDDoS
[2023-02-25 22:44:01,324] INFO     processor/thread_0   Processed Malware Family: Qakbot
[2023-02-25 22:44:02,024] INFO     processor/thread_10  Processed Malware Family: njRATLime
[2023-02-25 22:44:02,027] INFO     processor/thread_10  Processed Malware Family: DiamondFox
[2023-02-25 22:44:02,081] INFO     processor/thread_9   Processed Malware Family: LokiBot
[2023-02-25 22:44:02,141] INFO     processor/thread_10  Processed Malware Family: Hancitor
[2023-02-25 22:44:02,471] INFO     processor/thread_0   Processed Malware Family: Nitol
[2023-02-25 22:44:02,491] INFO     processor/thread_9   Processed Malware Family: AhMyth
[2023-02-25 22:44:02,532] INFO     processor/thread_10  Processed Malware Family: Matanbuchus
[2023-02-25 22:44:02,865] INFO     processor/thread_10  Processed Malware Family: TinyLoader
[2023-02-25 22:44:03,478] INFO     processor/thread_9   Processed Malware Family: TrojanizedDocument
[2023-02-25 22:44:03,803] INFO     processor/thread_0   Processed Malware Family: Loda
[2023-02-25 22:44:03,838] INFO     processor/thread_0   Processed Malware Family: YahooStealer
[2023-02-25 22:44:04,077] INFO     processor/thread_0   Processed Malware Family: BlackEnergy
[2023-02-25 22:44:04,078] INFO     processor/thread_0   Processed Malware Family: ScreenConnect
[2023-02-25 22:44:06,655] INFO     processor/thread_0   Processed Malware Family: Emotet
[2023-02-25 22:44:08,153] INFO     processor/thread_0   Processed Malware Family: RaccoonStealer
[2023-02-25 22:44:08,157] INFO     processor/thread_0   Processed Malware Family: Rozena
[2023-02-25 22:44:08,159] INFO     processor/thread_0   Processed Malware Family: CubeCrypter
[2023-02-25 22:44:09,220] INFO     processor/thread_9   Processed Malware Family: Remcos
[2023-02-25 22:44:09,401] INFO     processor/thread_9   Processed Malware Family: Gh0stRAT
[2023-02-25 22:44:09,407] INFO     processor/thread_9   Processed Malware Family: SystemBC
[2023-02-25 22:44:09,520] INFO     processor/thread_9   Processed Malware Family: BankBotAnubis
[2023-02-25 22:44:09,673] INFO     processor/thread_9   Processed Malware Family: XtremeRAT
[2023-02-25 22:44:10,426] INFO     processor/thread_9   Processed Malware Family: PhorpiexDownloader
[2023-02-25 22:44:11,143] INFO     processor/thread_9   Processed Malware Family: Enosch
[2023-02-25 22:44:11,505] INFO     processor/thread_9   Processed Malware Family: Xworm
[2023-02-25 22:44:11,943] INFO     processor/thread_7   Processed Malware Family: Quasar
[2023-02-25 22:44:11,986] INFO     processor/thread_9   Processed Malware Family: SnakeKeylogger
[2023-02-25 22:44:12,155] INFO     processor/thread_9   Processed Malware Family: MixLoader
[2023-02-25 22:44:12,206] INFO     processor/thread_9   Processed Malware Family: MiniPythonConnectBackShell
[2023-02-25 22:44:13,284] INFO     processor/thread_9   Processed Malware Family: Necast
[2023-02-25 22:44:13,478] INFO     processor/thread_9   Processed Malware Family: HalfAndHalfDownloader
[2023-02-25 22:44:13,481] INFO     processor/thread_9   Processed Malware Family: PhishingAttachment
[2023-02-25 22:44:13,627] INFO     processor/thread_9   Processed Malware Family: PhishingLureWithInjectedTemplate
[2023-02-25 22:44:14,121] INFO     processor/thread_11  Processed Malware Family: Mofksys
[2023-02-25 22:44:14,584] INFO     processor/thread_11  Processed Malware Family: FakeBrowserUpdate
[2023-02-25 22:44:14,793] INFO     processor/thread_9   Processed Malware Family: DharmaRansomware
[2023-02-25 22:44:14,891] INFO     processor/thread_9   Processed Malware Family: BlackBasta
[2023-02-25 22:44:14,896] INFO     processor/thread_9   Processed Malware Family: Apk4cr
[2023-02-25 22:44:15,096] INFO     processor/thread_9   Processed Malware Family: FTT
[2023-02-25 22:44:15,304] INFO     processor/thread_11  Processed Malware Family: Kiron
[2023-02-25 22:44:15,405] INFO     processor/thread_11  Processed Malware Family: RM3
[2023-02-25 22:44:15,506] INFO     processor/thread_9   Processed Malware Family: Salve
[2023-02-25 22:44:15,513] INFO     processor/thread_11  Processed Malware Family: ZeusVM
[2023-02-25 22:44:15,516] INFO     processor/thread_11  Processed Malware Family: Qakbot/VNCPlugin
[2023-02-25 22:44:15,519] INFO     processor/thread_11  Processed Malware Family: Megatron
[2023-02-25 22:44:15,543] INFO     processor/thread_9   Processed Malware Family: FBILocker
[2023-02-25 22:44:15,722] INFO     processor/thread_11  Processed Malware Family: NetSupportRAT
[2023-02-25 22:44:15,775] INFO     processor/thread_11  Processed Malware Family: PhobosRansomware
[2023-02-25 22:44:15,856] INFO     processor/thread_11  Processed Malware Family: Kronos
[2023-02-25 22:44:15,927] INFO     processor/thread_9   Processed Malware Family: Dridex
[2023-02-25 22:44:15,963] INFO     processor/thread_11  Processed Malware Family: ZxShell
[2023-02-25 22:44:15,965] INFO     processor/thread_9   Processed Malware Family: EggJagger
[2023-02-25 22:44:15,968] INFO     processor/thread_9   Processed Malware Family: Ratty2
[2023-02-25 22:44:16,060] INFO     processor/thread_11  Processed Malware Family: Lampion
[2023-02-25 22:44:16,062] INFO     processor/thread_11  Processed Malware Family: Skynet
[2023-02-25 22:44:16,066] INFO     processor/thread_11  Processed Malware Family: SwaySpy
[2023-02-25 22:44:16,069] INFO     processor/thread_9   Processed Malware Family: CoreImpact
[2023-02-25 22:44:16,159] INFO     processor/thread_11  Processed Malware Family: Culebra
[2023-02-25 22:44:16,202] INFO     processor/thread_11  Processed Malware Family: CoreBot
[2023-02-25 22:44:16,272] INFO     processor/thread_11  Processed Malware Family: FlawedAmmyy
[2023-02-25 22:44:16,275] INFO     processor/thread_11  Processed Malware Family: RevengeRAT
[2023-02-25 22:44:16,277] INFO     processor/thread_11  Processed Malware Family: MatrixRansomware
[2023-02-25 22:44:16,436] INFO     processor/thread_9   Processed Malware Family: CulebraVariant
[2023-02-25 22:44:16,459] INFO     processor/thread_9   Processed Malware Family: Kronos
[2023-02-25 22:44:16,470] INFO     processor/thread_9   Processed Malware Family: PowerSploitDLL
[2023-02-25 22:44:16,570] INFO     processor/thread_9   Processed Malware Family: TrojanizedWinRMDownloader
[2023-02-25 22:44:17,186] INFO     processor/thread_11  Processed Malware Family: HawkEyeKeylogger
[2023-02-25 22:44:17,489] INFO     processor/thread_11  Processed Malware Family: NetInfoNabster
[2023-02-25 22:44:17,583] INFO     processor/thread_11  Processed Malware Family: Piccoload
[2023-02-25 22:44:17,584] INFO     processor/thread_11  Processed Malware Family: RatAttack
[2023-02-25 22:44:17,747] INFO     processor/thread_10  Processed Malware Family: USnapDownloader
[2023-02-25 22:44:17,877] INFO     processor/thread_10  Processed Malware Family: AllinOneNeo
[2023-02-25 22:44:17,880] INFO     processor/thread_10  Processed Malware Family: Mineware
[2023-02-25 22:44:17,883] INFO     processor/thread_10  Processed Malware Family: UltraVNC
[2023-02-25 22:44:18,218] INFO     processor/thread_11  Processed Malware Family: X-Agent
[2023-02-25 22:44:18,228] INFO     processor/thread_10  Processed Malware Family: Vulcanops
[2023-02-25 22:44:18,231] INFO     processor/thread_10  Processed Malware Family: MorphineRAT
[2023-02-25 22:44:18,234] INFO     processor/thread_10  Processed Malware Family: PhoenixKeylogger
[2023-02-25 22:44:18,236] INFO     processor/thread_10  Processed Malware Family: XsltAspxWebshell
[2023-02-25 22:44:18,320] INFO     processor/thread_10  Processed Malware Family: A1Lock
[2023-02-25 22:44:18,387] INFO     processor/thread_11  Processed Malware Family: DoppelDridex
[2023-02-25 22:44:18,429] INFO     processor/thread_11  Processed Malware Family: BazarLoader
[2023-02-25 22:44:18,512] INFO     processor/thread_11  Processed Malware Family: Comome
[2023-02-25 22:44:18,568] INFO     processor/thread_9   Processed Malware Family: TrickBot
[2023-02-25 22:44:18,576] INFO     processor/thread_9   Processed Malware Family: TaurusLoaderStealerModule
[2023-02-25 22:44:18,581] INFO     processor/thread_11  Processed Malware Family: NocturnalStealer
[2023-02-25 22:44:18,599] INFO     processor/thread_9   Processed Malware Family: vw0rm
[2023-02-25 22:44:18,651] INFO     processor/thread_10  Processed Malware Family: PSCrypt
[2023-02-25 22:44:18,866] INFO     processor/thread_10  Processed Malware Family: SyncroRemoteAccess
[2023-02-25 22:44:19,088] INFO     processor/thread_10  Processed Malware Family: ParasiteHTTP
[2023-02-25 22:44:19,171] INFO     processor/thread_10  Processed Malware Family: SlooPower
[2023-02-25 22:44:19,559] INFO     processor/thread_10  Processed Malware Family: Chinch
[2023-02-25 22:44:19,563] INFO     processor/thread_10  Processed Malware Family: Cutwail
[2023-02-25 22:44:19,571] INFO     processor/thread_10  Processed Malware Family: Sykipot
[2023-02-25 22:44:19,575] INFO     processor/thread_10  Processed Malware Family: BozokRAT
[2023-02-25 22:44:19,659] INFO     processor/thread_10  Processed Malware Family: Donut
[2023-02-25 22:44:19,698] INFO     processor/thread_10  Processed Malware Family: TeamSpy
[2023-02-25 22:44:19,778] INFO     processor/thread_10  Processed Malware Family: TimeStealerTriggerCobaltStrike
[2023-02-25 22:44:19,780] INFO     processor/thread_10  Processed Malware Family: VendettaBackdoor
[2023-02-25 22:44:19,904] INFO     processor/thread_10  Processed Malware Family: Prorock
[2023-02-25 22:44:19,912] INFO     processor/thread_10  Processed Malware Family: Onliner
[2023-02-25 22:44:19,988] INFO     processor/thread_10  Processed Malware Family: MasterTape
[2023-02-25 22:44:20,090] INFO     processor/thread_11  Processed Malware Family: HWorm
[2023-02-25 22:44:20,110] INFO     processor/thread_10  Processed Malware Family: TwoFaceWebShell
[2023-02-25 22:44:20,306] INFO     processor/thread_10  Processed Malware Family: Baryonyx
[2023-02-25 22:44:20,309] INFO     processor/thread_10  Processed Malware Family: LeoDocument
[2023-02-25 22:44:20,358] INFO     processor/thread_11  Processed Malware Family: PhishingShortcutLnk
[2023-02-25 22:44:20,408] INFO     processor/thread_10  Processed Malware Family: KoloGrabber
[2023-02-25 22:44:20,512] INFO     processor/thread_11  Processed Malware Family: BuildYourOwnBotnet
[2023-02-25 22:44:20,649] INFO     processor/thread_11  Processed Malware Family: BlisterLoader
[2023-02-25 22:44:20,669] INFO     processor/thread_11  Processed Malware Family: Emotet/PluginLoader
[2023-02-25 22:44:20,680] INFO     processor/thread_11  Processed Malware Family: BatLoader
[2023-02-25 22:44:21,364] INFO     processor/thread_7   Processed Malware Family: GuLoader
[2023-02-25 22:44:21,453] INFO     processor/thread_7   Processed Malware Family: Taleret
[2023-02-25 22:44:21,456] INFO     processor/thread_7   Processed Malware Family: HAVEX
[2023-02-25 22:44:21,492] INFO     processor/thread_7   Processed Malware Family: STRRAT
[2023-02-25 22:44:21,581] INFO     processor/thread_7   Processed Malware Family: liderc
[2023-02-25 22:44:21,589] INFO     processor/thread_7   Processed Malware Family: HailMary
[2023-02-25 22:44:21,674] INFO     processor/thread_7   Processed Malware Family: MedusaLocker
[2023-02-25 22:44:21,675] INFO     processor/thread_7   Processed Malware Family: Metamorfo
[2023-02-25 22:44:21,732] INFO     processor/thread_7   Processed Malware Family: Makop
[2023-02-25 22:44:21,809] INFO     processor/thread_7   Processed Malware Family: InstituteX
[2023-02-25 22:44:21,903] INFO     processor/thread_7   Processed Malware Family: WinExe
[2023-02-25 22:44:21,931] INFO     processor/thread_9   Processed Malware Family: Zloader
[2023-02-25 22:44:22,121] INFO     processor/thread_7   Processed Malware Family: Mozart
[2023-02-25 22:44:22,264] INFO     processor/thread_9   Processed Malware Family: MsmRat
[2023-02-25 22:44:22,329] INFO     processor/thread_7   Processed Malware Family: Ishmael
[2023-02-25 22:44:22,340] INFO     processor/thread_7   Processed Malware Family: Danabot
[2023-02-25 22:44:22,341] INFO     processor/thread_7   Processed Malware Family: PlugX
[2023-02-25 22:44:22,369] INFO     processor/thread_9   Processed Malware Family: TimeStealerTrigger
[2023-02-25 22:44:22,370] INFO     processor/thread_9   Processed Malware Family: SolarMarkerBackdoorInstaller
[2023-02-25 22:44:22,426] INFO     processor/thread_7   Processed Malware Family: SolarMarkerBackdoor
[2023-02-25 22:44:22,711] INFO     processor/thread_7   Processed Malware Family: CloudMensis
[2023-02-25 22:44:22,790] INFO     processor/thread_9   Processed Malware Family: SolarMarkerPowerShellLoader
[2023-02-25 22:44:22,799] INFO     processor/thread_7   Processed Malware Family: Chthonic
[2023-02-25 22:44:22,812] INFO     processor/thread_9   Processed Malware Family: EvilGnome
[2023-02-25 22:44:23,358] INFO     processor/thread_9   Processed Malware Family: EvilGnomeLinux
[2023-02-25 22:44:23,814] INFO     processor/thread_10  Processed Malware Family: ClopRansomware
[2023-02-25 22:44:23,818] INFO     processor/thread_9   Processed Malware Family: StatusSymbol
[2023-02-25 22:44:24,271] INFO     processor/thread_10  Processed Malware Family: SparkDownloader
[2023-02-25 22:44:24,407] INFO     processor/thread_10  Processed Malware Family: Proxy
[2023-02-25 22:44:24,409] INFO     processor/thread_10  Processed Malware Family: CarbonSpiderStagerDLL
[2023-02-25 22:44:24,527] INFO     processor/thread_10  Processed Malware Family: LizarStager
[2023-02-25 22:44:24,696] INFO     processor/thread_10  Processed Malware Family: RisePro
[2023-02-25 22:44:24,869] INFO     processor/thread_10  Processed Malware Family: BetaBot
[2023-02-25 22:44:24,870] INFO     processor/thread_10  Processed Malware Family: BianLianRansomware
[2023-02-25 22:44:24,958] INFO     processor/thread_10  Processed Malware Family: Ransomware
[2023-02-25 22:44:24,960] INFO     processor/thread_10  Processed Malware Family: NTSTATS
[2023-02-25 22:44:24,971] INFO     processor/thread_10  Processed Malware Family: ShinobuClipper
[2023-02-25 22:44:25,096] INFO     processor/thread_9   Processed Malware Family: SocksProxyGo
[2023-02-25 22:44:25,434] INFO     processor/thread_10  Processed Malware Family: CraP2P
[2023-02-25 22:44:25,705] INFO     processor/thread_7   Processed Malware Family: EvilGnomeWindows
[2023-02-25 22:44:36,006] INFO     processor/thread_14  Processed Malware Family: AmadeyLoader
[2023-02-25 22:44:43,121] INFO     processor/thread_0   Processed Malware Family: Magecart
[2023-02-25 22:44:47,067] INFO     processor/thread_11  Processed Malware Family: Salityv4
[2023-02-25 22:44:53,989] INFO     processor/thread_12  Processed Malware Family: Tinba
[2023-02-25 22:45:11,020] INFO     processor/thread_2   Processed Malware Family: SmokeLoader
[2023-02-25 22:45:13,435] INFO     processor/thread_4   Processed Malware Family: Rifdoor
[2023-02-25 22:45:50,448] INFO     processor/thread_8   Processed Malware Family: CobaltStrike
[2023-02-25 22:46:00,439] INFO     processor/thread_15  Processed Malware Family: GandCrab
[2023-02-25 22:46:00,952] INFO     processor/thread_6   Processed Malware Family: ContiRansomware
[2023-02-25 22:46:03,647] INFO     processor/thread_5   Processed Malware Family: Sodinokibi
[2023-02-25 22:46:23,466] INFO     processor/thread_13  Processed Malware Family: Salityv3
[2023-02-25 22:47:18,511] INFO     processor/thread_3   Processed Malware Family: njRAT
[2023-02-25 22:47:42,482] INFO     processor/thread_1   Processed Malware Family: Salityv4
[2023-02-25 22:47:42,855] INFO     processor/thread_8   Retrieved 302 bitcoin_address indicators from MISP.
[2023-02-25 22:47:42,861] INFO     processor/thread_9   Retrieved 7 coin_address indicators from MISP.
[2023-02-25 22:47:42,896] INFO     processor/thread_13  Retrieved 50 device_name indicators from MISP.
[2023-02-25 22:47:42,920] INFO     processor/thread_12  Retrieved 495 registry indicators from MISP.
[2023-02-25 22:47:42,922] INFO     processor/thread_9   Retrieved 29 service_name indicators from MISP.
[2023-02-25 22:47:43,086] INFO     processor/thread_3   Retrieved 1,740 hash_imphash indicators from MISP.
[2023-02-25 22:47:43,166] INFO     processor/thread_15  Retrieved 157 campaign_id indicators from MISP.
[2023-02-25 22:47:43,262] INFO     processor/thread_7   Retrieved 3,922 mutex_name indicators from MISP.
[2023-02-25 22:47:43,326] INFO     processor/thread_12  Retrieved 444 port indicators from MISP.
[2023-02-25 22:48:02,132] INFO     processor/thread_13  Retrieved 90,329 user_agent indicators from MISP.
[2023-02-25 22:48:09,459] INFO     processor/thread_4   Retrieved 199,762 file_name indicators from MISP.
[2023-02-25 22:48:12,832] INFO     processor/thread_5   Retrieved 199,762 file_path indicators from MISP.
[2023-02-25 22:48:15,722] INFO     processor/thread_10  Retrieved 18,980 email_address indicators from MISP.
[2023-02-25 22:48:57,764] INFO     processor/thread_2   Retrieved 507,424 hash_sha1 indicators from MISP.
[2023-02-25 22:49:12,653] INFO     processor/thread_11  Retrieved 501,155 email_subject indicators from MISP.
[2023-02-25 22:50:06,761] INFO     processor/thread_14  Retrieved 1,581,781 domain indicators from MISP.
[2023-02-25 22:52:16,148] INFO     processor/thread_1   Retrieved 1,864,786 hash_sha256 indicators from MISP.
[2023-02-25 22:53:12,248] INFO     processor/thread_0   Retrieved 2,489,070 hash_md5 indicators from MISP.
[2023-02-25 22:56:20,212] INFO     processor/thread_8   Retrieved 4,155,218 ip_address indicators from MISP.

<<<SNIP>>>


[2023-02-25 23:34:23,135] INFO     processor/thread_14  Updated Malware Family: GandCrab with 800 new indicators after 133.62 seconds.
[2023-02-25 23:34:30,640] INFO     processor/thread_3   Updated Indicator Type: SHA256 hashes with 822 new indicators after 178.74 seconds.
[2023-02-25 23:34:36,767] INFO     processor/thread_2   Updated Indicator Type: SHA1 hashes with 815 new indicators after 184.87 seconds.
[2023-02-25 23:34:36,767] DEBUG    processor/thread_2   Refreshing memory logged event: Indicator Type: SHA1 hashes
[2023-02-25 23:34:58,405] INFO     processor/thread_0   Updated Indicator Type: MD5 hashes with 814 new indicators after 206.53 seconds.
[2023-02-25 23:34:58,406] DEBUG    processor/thread_0   Refreshing memory logged event: Indicator Type: MD5 hashes
[2023-02-25 23:35:02,286] INFO     processor/thread_7   Updated Malware Family: njRAT with 229 new indicators after 210.18 seconds.
[2023-02-25 23:35:02,286] DEBUG    processor/thread_7   Refreshing memory logged event: Malware Family: njRAT
[2023-02-25 23:36:00,308] INFO     processor/thread_2   Indicator Type: SHA1 hashes refreshed in memory.
[2023-02-25 23:37:23,384] INFO     processor/thread_7   Malware Family: njRAT refreshed in memory.
[2023-02-25 23:39:09,909] INFO     processor/thread_0   Indicator Type: MD5 hashes refreshed in memory.
Traceback (most recent call last):
  File "misp_import.py", line 377, in <module>
    main()
  File "misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/importer.py", line 314, in import_from_crowdstrike
    self.indicators_importer.process_indicators(indicators_minutes_before)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 195, in process_indicators
    self.push_indicators(indicators_page)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 387, in push_indicators
    for cleaned in self.clean_laundry(len(batch), all_successes, f_failures, m_failures):
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 363, in clean_laundry
    saved.append(fut.result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 247, in event_thread
    self.misp.update_event(evt)
  File "/data/misp/venv/lib64/python3.8/site-packages/pymisp/api.py", line 417, in update_event
    r = self._prepare_request('POST', f'events/edit/{eid}' + ('/metadata:1' if metadata else ''), data=event)
  File "/data/misp/venv/lib64/python3.8/site-packages/pymisp/api.py", line 3705, in _prepare_request
    return self.__session.send(prepped, timeout=self.timeout, **settings)
  File "/data/misp/venv/lib64/python3.8/site-packages/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/data/misp/venv/lib64/python3.8/site-packages/requests/adapters.py", line 489, in send
    resp = conn.urlopen(
  File "/data/misp/venv/lib64/python3.8/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "/data/misp/venv/lib64/python3.8/site-packages/urllib3/connectionpool.py", line 398, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/data/misp/venv/lib64/python3.8/site-packages/urllib3/connection.py", line 239, in request
    super(HTTPConnection, self).request(method, url, body=body, headers=headers)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/http/client.py", line 1256, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/http/client.py", line 1302, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/http/client.py", line 1251, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/http/client.py", line 1050, in _send_output
    self.send(chunk)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/http/client.py", line 972, in send
    self.sock.sendall(data)
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/ssl.py", line 1204, in sendall
    v = self.send(byte_view[count:])
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/ssl.py", line 1173, in send
    return self._sslobj.write(data)
OverflowError: string longer than 2147483647 bytes

Clear Tags Operation Fails

Clear Tags fails with two errors:

  • cannot convert dictionary update sequence element #0 to a sequence
  • MISP Error: (405, {'name': 'You do not have permission to use this

python3 misp_import.py -ct


[2022-12-17 21:23:22,858] INFO     misp_tools    
[2022-12-17 21:23:22,858] INFO     misp_tools    '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2022-12-17 21:23:22,858] INFO     misp_tools     ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2022-12-17 21:23:22,858] INFO     misp_tools     ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2022-12-17 21:23:22,858] INFO     misp_tools     ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2022-12-17 21:23:22,858] INFO     misp_tools     ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2022-12-17 21:23:22,858] INFO     misp_tools     ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2022-12-17 21:23:22,858] INFO     misp_tools     ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2022-12-17 21:23:22,858] INFO     misp_tools    ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2022-12-17 21:23:22,858] INFO     misp_tools               _____
[2022-12-17 21:23:22,858] INFO     misp_tools                /  '
[2022-12-17 21:23:22,858] INFO     misp_tools             ,-/-,__ __
[2022-12-17 21:23:22,858] INFO     misp_tools            (_/  (_)/ (_
[2022-12-17 21:23:22,858] INFO     misp_tools                         _______                        __ _______ __        __ __
[2022-12-17 21:23:22,858] INFO     misp_tools                        |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
[2022-12-17 21:23:22,858] INFO     misp_tools                        |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
[2022-12-17 21:23:22,858] INFO     misp_tools                        |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
[2022-12-17 21:23:22,858] INFO     misp_tools                        |:  1   |                         |:  1   |
[2022-12-17 21:23:22,858] INFO     misp_tools                        |::.. . |                         |::.. . |  Threat Intelligence v0.6.5
[2022-12-17 21:23:22,858] INFO     misp_tools                        `-------'                         `-------'
[2022-12-17 21:23:22,858] INFO     misp_tools    
[2022-12-17 21:23:22,858] INFO     config  
[2022-12-17 21:23:22,858] INFO     config  _______ _     _ _______ _______ _     _      _______  _____  __   _ _______ _____  ______
[2022-12-17 21:23:22,858] INFO     config  |       |_____| |______ |       |____/       |       |     | | \  | |______   |   |  ____
[2022-12-17 21:23:22,858] INFO     config  |_____  |     | |______ |_____  |    \_      |_____  |_____| |  \_| |       __|__ |_____|
[2022-12-17 21:23:22,858] INFO     config  
[2022-12-17 21:23:22,860] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2022-12-17 21:23:23,759] INFO     config  No configuration errors found (1 warning)
[2022-12-17 21:23:23,759] INFO     config  
[2022-12-17 21:23:23,759] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2022-12-17 21:23:23,759] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2022-12-17 21:23:23,759] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2022-12-17 21:23:23,759] INFO     config  
[2022-12-17 21:23:24,362] INFO     processor/main       
[2022-12-17 21:23:24,362] INFO     processor/main       ______  _______        _______ _______ _______
[2022-12-17 21:23:24,362] INFO     processor/main       |     \ |______ |      |______    |    |______
[2022-12-17 21:23:24,362] INFO     processor/main       |_____/ |______ |_____ |______    |    |______
[2022-12-17 21:23:24,362] INFO     processor/main       
[2022-12-17 21:23:24,362] INFO     processor/main       Retrieving list of tags to remove from MISP instance
[2022-12-17 21:23:25,088] WARNING  processor/thread_1   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,089] WARNING  processor/thread_1   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,125] WARNING  processor/thread_2   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,126] WARNING  processor/thread_0   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,126] WARNING  processor/thread_2   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,133] WARNING  processor/thread_5   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,133] WARNING  processor/thread_8   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,134] WARNING  processor/thread_0   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,151] WARNING  processor/thread_10  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,152] WARNING  processor/thread_14  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,152] WARNING  processor/thread_3   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,153] WARNING  processor/thread_4   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,159] WARNING  processor/thread_6   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,166] WARNING  processor/thread_7   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,423] WARNING  processor/thread_7   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,179] WARNING  processor/thread_15  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,214] WARNING  processor/thread_12  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,223] WARNING  processor/thread_11  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,442] WARNING  processor/thread_11  Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,236] WARNING  processor/thread_13  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,443] WARNING  processor/thread_13  Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,285] WARNING  processor/thread_10  Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,331] WARNING  processor/thread_14  Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,347] WARNING  processor/thread_3   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,363] WARNING  processor/thread_4   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,418] WARNING  processor/thread_6   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,178] WARNING  processor/thread_9   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,443] WARNING  processor/thread_9   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,439] WARNING  processor/thread_15  Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,442] WARNING  processor/thread_12  Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,229] WARNING  processor/thread_5   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,259] WARNING  processor/thread_8   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,442] WARNING  processor/thread_1   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,444] WARNING  processor/thread_1   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,506] WARNING  processor/thread_2   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,506] WARNING  processor/thread_2   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,603] WARNING  processor/thread_0   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,603] WARNING  processor/thread_0   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,754] WARNING  processor/thread_7   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,755] WARNING  processor/thread_7   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,771] WARNING  processor/thread_4   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,771] WARNING  processor/thread_4   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,799] WARNING  processor/thread_14  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,799] WARNING  processor/thread_14  Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,801] WARNING  processor/thread_13  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,801] WARNING  processor/thread_13  Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,818] WARNING  processor/thread_10  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,818] WARNING  processor/thread_8   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,819] WARNING  processor/thread_15  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,819] WARNING  processor/thread_9   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,819] WARNING  processor/thread_10  Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,819] WARNING  processor/thread_8   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,819] WARNING  processor/thread_15  Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,819] WARNING  processor/thread_9   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,822] WARNING  processor/thread_3   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,822] WARNING  processor/thread_12  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,823] WARNING  processor/thread_5   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,823] WARNING  processor/thread_3   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,823] WARNING  processor/thread_12  Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,823] WARNING  processor/thread_5   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,827] WARNING  processor/thread_11  cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,828] WARNING  processor/thread_6   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:25,828] WARNING  processor/thread_11  Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:25,828] WARNING  processor/thread_6   Retrying request in 0.60 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:26,073] ERROR    processor/thread_1   Unresolvable error received from the MISP server.
[2022-12-17 21:23:26,073] ERROR    processor/thread_1   MISP Error: (405, {'name': 'You do not have permission to use this functionality.', 'message': 'You do not have permission to use this functionality.', 'url': '/tags/delete/93513'})
[2022-12-17 21:23:26,073] ERROR    processor/thread_1   Exceeded number of retries. (โ•ฏยฐโ–กยฐ๏ผ‰โ•ฏ๏ธต โ”ปโ”โ”ป
[2022-12-17 21:23:26,113] WARNING  processor/thread_1   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:26,113] WARNING  processor/thread_1   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:26,135] ERROR    processor/thread_2   Unresolvable error received from the MISP server.
[2022-12-17 21:23:26,135] ERROR    processor/thread_2   MISP Error: (405, {'name': 'You do not have permission to use this functionality.', 'message': 'You do not have permission to use this functionality.', 'url': '/tags/delete/93514'})
[2022-12-17 21:23:26,135] ERROR    processor/thread_2   Exceeded number of retries. (โ•ฏยฐโ–กยฐ๏ผ‰โ•ฏ๏ธต โ”ปโ”โ”ป
[2022-12-17 21:23:26,161] WARNING  processor/thread_2   cannot convert dictionary update sequence element #0 to a sequence
[2022-12-17 21:23:26,161] WARNING  processor/thread_2   Retrying request in 0.30 seconds. ยฏ\_(ใƒ„)_/ยฏ
[2022-12-17 21:23:26,231] ERROR    processor/thread_0   Unresolvable error received from the MISP server.
[2022-12-17 21:23:26,231] ERROR    processor/thread_0   MISP Error: (405, {'name': 'You do not have permission to use this functionality.', 'message': 'You do not have permission to use this functionality.', 'url': '/tags/delete/93512'})
[2022-12-17 21:23:26,231] ERROR    processor/thread_0   Exceeded number of retries. (โ•ฏยฐโ–กยฐ๏ผ‰โ•ฏ๏ธต โ”ปโ”โ”ป
<=SNIP=>

Indicator Ingestion Loops Indefinitely

Loops indefinitely (every hour) after ingesting Indicators

Command:

python3 misp_import.py -f -nb -d -v -p -i

The following Hash shows the hourly repeat cycle

sudo grep -i 308648c0db  /var/log/messages > crowdstrike-ioc-loop.log
(.ohm) [rx118r@md2nj02ap:~]$ more crowdstrike-ioc-loop.log 
Apr  9 10:54:31 172.30.0.4 docker: md2nj02ap misp-dev3[18458]: add -- Attribute (513760240) from Event (2016952): Payload delivery/sha256 308648c0dbd0ceeceadcdfdfd9e5be68e004eeab286d910b3af3cac81b292f4b -- Attribute "308648c0dbd0ceeceadcdfdfd9e5be68e004
eeab286d910b3af3cac81b292f4b" (513760240) added by User "[email protected]" (238).
Apr  9 11:34:01 172.30.0.4 docker: md2nj02ap misp-dev3[12922]: edit -- Attribute (513760240) from Event (2016952): Payload delivery/sha256 308648c0dbd0ceeceadcdfdfd9e5be68e004eeab286d910b3af3cac81b292f4b -- Attribute "308648c0dbd0ceeceadcdfdfd9e5be68e00
4eeab286d910b3af3cac81b292f4b" (513760240) updated by User "[email protected]" (238).
Apr  9 12:32:16 172.30.0.4 docker: md2nj02ap misp-dev3[5952]: edit -- Attribute (513760240) from Event (2016952): Payload delivery/sha256 308648c0dbd0ceeceadcdfdfd9e5be68e004eeab286d910b3af3cac81b292f4b -- Attribute "308648c0dbd0ceeceadcdfdfd9e5be68e004
eeab286d910b3af3cac81b292f4b" (513760240) updated by User "[email protected]" (238).

Snipped Log


python3 misp_import.py -f -nb -d -v -p -i
[2023-04-08 18:43:13,699] INFO     misp_tools    MISP Import for CrowdStrike Threat Intelligence v0.6.8
[2023-04-08 18:43:13,699] INFO     config  CHECK CONFIG
[2023-04-08 18:43:13,700] DEBUG    config  client_id                                   value redacted, check config file
[2023-04-08 18:43:13,700] DEBUG    config  client_secret                               value redacted, check config file
[2023-04-08 18:43:13,700] DEBUG    config  crowdstrike_url                             US1
[2023-04-08 18:43:13,700] DEBUG    config  api_request_max                             5000
[2023-04-08 18:43:13,700] DEBUG    config  api_enable_ssl                              True
[2023-04-08 18:43:13,700] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-04-08 18:43:13,700] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-04-08 18:43:13,700] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-04-08 18:43:13,700] DEBUG    config  init_reports_days_before                    365
[2023-04-08 18:43:13,700] DEBUG    config  init_indicators_minutes_before              20220
[2023-04-08 18:43:13,700] DEBUG    config  init_actors_days_before                     730
[2023-04-08 18:43:13,700] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-04-08 18:43:13,700] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-04-08 18:43:13,700] DEBUG    config  actors_unique_tag                           CrowdStrike: ACTOR
[2023-04-08 18:43:13,700] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-04-08 18:43:13,700] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-04-08 18:43:13,700] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-04-08 18:43:13,700] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-04-08 18:43:13,700] DEBUG    config  unattributed_title                          CrowdStrike Unattributed indicators:
[2023-04-08 18:43:13,700] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-04-08 18:43:13,700] DEBUG    config  malware_family_title                        Malware Family:
[2023-04-08 18:43:13,700] DEBUG    config  log_duplicates_as_sightings                 True
[2023-04-08 18:43:13,700] DEBUG    config  misp_url                                    https://3samisp
[2023-04-08 18:43:13,700] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-04-08 18:43:13,700] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-04-08 18:43:13,700] DEBUG    config  misp_enable_ssl                             False
[2023-04-08 18:43:13,700] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-04-08 18:43:13,701] DEBUG    config  ind_attribute_batch_size                    2500
[2023-04-08 18:43:13,701] DEBUG    config  event_save_memory_refresh_interval          180
[2023-04-08 18:43:13,701] DEBUG    config  max_threads                                 16
[2023-04-08 18:43:13,701] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-04-08 18:43:13,701] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-04-08 18:43:13,701] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_kill-chain                        True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_information-security-data-source  True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_type                              True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_iep                               False
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_iep2                              True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_iep2_version                      False
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_tlp                               True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_workflow                          True
[2023-04-08 18:43:14,200] INFO     config  No configuration errors found (1 warning)
[2023-04-08 18:43:14,200] INFO     config  
[2023-04-08 18:43:14,200] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-04-08 18:43:14,200] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-04-08 18:43:14,200] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-04-08 18:43:14,200] INFO     config  
[2023-04-08 18:43:15,171] INFO     processor/main       BEGIN INDICATORS IMPORT
[2023-04-08 18:43:15,171] INFO     processor/main       Retrieving lookup data for import of CrowdStrike indicators into MISP.
[2023-04-08 18:43:15,477] INFO     processor/main       Adding 24 CrowdStrike indicator type events to MISP.
[2023-04-08 18:43:15,498] INFO     processor/main       Retrieved 0 CrowdStrike indicator malware family events from MISP.
[2023-04-08 18:43:15,559] INFO     processor/thread_9   Retrieved 15 coin_address indicators from MISP.
[2023-04-08 18:43:15,561] INFO     processor/thread_13  Retrieved 50 device_name indicators from MISP.
[2023-04-08 18:43:15,601] INFO     processor/thread_13  Retrieved 29 service_name indicators from MISP.
[2023-04-08 18:43:15,608] INFO     processor/thread_12  Retrieved 495 registry indicators from MISP.
[2023-04-08 18:43:15,670] INFO     processor/thread_8   Retrieved 309 bitcoin_address indicators from MISP.
[2023-04-08 18:43:15,927] INFO     processor/thread_7   Retrieved 3,922 mutex_name indicators from MISP.
[2023-04-08 18:43:15,994] INFO     processor/thread_12  Retrieved 449 port indicators from MISP.
[2023-04-08 18:43:16,043] INFO     processor/thread_3   Retrieved 1,770 hash_imphash indicators from MISP.
[2023-04-08 18:43:38,543] INFO     processor/thread_15  Retrieved 254 campaign_id indicators from MISP.
[2023-04-08 18:43:40,720] INFO     processor/thread_13  Retrieved 90,336 user_agent indicators from MISP.
[2023-04-08 18:43:50,679] INFO     processor/thread_5   Retrieved 201,177 file_path indicators from MISP.
[2023-04-08 18:43:54,259] INFO     processor/thread_4   Retrieved 201,177 file_name indicators from MISP.
[2023-04-08 18:44:01,788] INFO     processor/thread_2   Retrieved 412,962 hash_sha1 indicators from MISP.
[2023-04-08 18:44:11,313] INFO     processor/thread_10  Retrieved 69,724 email_address indicators from MISP.
[2023-04-08 18:46:12,074] INFO     processor/thread_14  Retrieved 1,612,502 domain indicators from MISP.
[2023-04-08 18:46:50,764] INFO     processor/thread_11  Retrieved 815,731 email_subject indicators from MISP.
[2023-04-08 18:50:00,881] INFO     processor/thread_1   Retrieved 2,934,089 hash_sha256 indicators from MISP.
[2023-04-08 18:52:23,975] INFO     processor/thread_0   Retrieved 3,477,861 hash_md5 indicators from MISP.
[2023-04-08 18:56:45,404] INFO     processor/thread_9   Retrieved 4,795,407 ip_address indicators from MISP.
[2023-04-08 19:26:34,611] INFO     processor/thread_6   Retrieved 16,710,078 url indicators from MISP.
[2023-04-08 19:26:57,388] INFO     processor/main       Found 0 pre-existing indicators within CrowdStrike reports.
[2023-04-08 19:27:18,498] INFO     processor/main       Starting import of CrowdStrike indicators into MISP.
[2023-04-08 19:27:39,189] INFO     processor/main       Retrieved 5,000 of 2,789,355 remaining indicators.
[2023-04-08 19:27:39,190] DEBUG    processor/main       Configuration states we should process batches of 2,500 indicators.
[2023-04-08 19:27:39,190] INFO     processor/main       Processing batch of 2,500 indicators.
[2023-04-08 19:27:39,191] DEBUG    processor/thread_0   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,191] DEBUG    processor/thread_0   Start creation of malware family event object
[2023-04-08 19:27:39,192] DEBUG    processor/thread_0   Complete initial malware family object creation
[2023-04-08 19:27:39,192] DEBUG    processor/thread_0   Successfully created malware family event for CobaltStrike
[2023-04-08 19:27:39,281] DEBUG    processor/thread_1   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,281] DEBUG    processor/thread_1   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_2   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_2   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_3   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_3   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_4   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_4   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_5   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_5   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_6   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_6   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_7   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_7   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_8   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_8   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_9   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_9   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_10  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_10  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_11  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_11  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_12  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_12  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_13  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_13  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,287] DEBUG    processor/thread_14  Malware Family identified: Emotet
[2023-04-08 19:27:39,287] DEBUG    processor/thread_14  Start creation of malware family event object
[2023-04-08 19:27:39,288] DEBUG    processor/thread_14  Complete initial malware family object creation
[2023-04-08 19:27:39,288] DEBUG    processor/thread_14  Successfully created malware family event for Emotet
[2023-04-08 19:27:39,382] DEBUG    processor/thread_15  Malware Family identified: Emotet
[2023-04-08 19:27:39,382] DEBUG    processor/thread_15  Found existing malware family event for Emotet
[2023-04-08 19:27:39,382] DEBUG    processor/thread_0   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_1   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_0   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,383] DEBUG    processor/thread_2   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_2   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,383] DEBUG    processor/thread_1   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,383] DEBUG    processor/thread_4   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_0   Tagged threat COMMODITY
[2023-04-08 19:27:39,383] DEBUG    processor/thread_5   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_3   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_7   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_2   Tagged threat COMMODITY
[2023-04-08 19:27:39,384] DEBUG    processor/thread_8   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_9   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_1   Tagged threat COMMODITY
[2023-04-08 19:27:39,384] DEBUG    processor/thread_10  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_11  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,386] DEBUG    processor/thread_11  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,384] DEBUG    processor/thread_4   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,384] DEBUG    processor/thread_12  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_13  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_5   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_14  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_15  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_3   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_6   Malware Family identified: Emotet
[2023-04-08 19:27:39,385] DEBUG    processor/thread_7   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_2   Tagged threat CRIMINAL
[2023-04-08 19:27:39,385] DEBUG    processor/thread_8   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_9   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_1   Tagged threat CRIMINAL
[2023-04-08 19:27:39,385] DEBUG    processor/thread_10  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,384] DEBUG    processor/thread_0   Tagged threat CRIMINAL
[2023-04-08 19:27:39,386] DEBUG    processor/thread_11  Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_4   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_12  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,386] DEBUG    processor/thread_13  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,386] DEBUG    processor/thread_5   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_14  Tagged malware EMOTET
[2023-04-08 19:27:39,386] DEBUG    processor/thread_15  Tagged malware EMOTET
[2023-04-08 19:27:39,386] DEBUG    processor/thread_3   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_6   Found existing malware family event for Emotet
[2023-04-08 19:27:39,386] DEBUG    processor/thread_7   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_2   Tagged threat RAT
[2023-04-08 19:27:39,387] DEBUG    processor/thread_8   Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_9   Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_1   Tagged threat RAT
[2023-04-08 19:27:39,387] DEBUG    processor/thread_10  Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_0   Tagged threat RAT
[2023-04-08 19:27:39,387] DEBUG    processor/thread_11  Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_4   Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_12  Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_13  Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_5   Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_14  Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_15  Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_3   Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_6   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,388] DEBUG    processor/thread_7   Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_2   Added 47f3a99ed0aaa1b269f14888f3c8e5de032a0840b822d4574e95db68d3811688 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,388] DEBUG    processor/thread_8   Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_9   Tagged threat CRIMINAL
[2023-04-08 19:27:39,389] DEBUG    processor/thread_1   Added 36bb3d9152a14b9912b714714ada5a22 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,389] DEBUG    processor/thread_10  Tagged threat CRIMINAL
[2023-04-08 19:27:39,389] DEBUG    processor/thread_0   Added 5fd1a44bfdc904a775cfa81748f4aaad38036e3d indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,389] DEBUG    processor/thread_11  Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_4   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_12  Tagged threat CRIMINAL
[2023-04-08 19:27:39,390] DEBUG    processor/thread_13  Tagged threat CRIMINAL
[2023-04-08 19:27:39,390] DEBUG    processor/thread_5   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_14  Tagged threat DOWNLOADER
[2023-04-08 19:27:39,390] DEBUG    processor/thread_15  Tagged threat DOWNLOADER
[2023-04-08 19:27:39,390] DEBUG    processor/thread_3   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_6   Tagged malware EMOTET
[2023-04-08 19:27:39,390] DEBUG    processor/thread_7   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_2   Updated Malware Family: CobaltStrike event threat level to HIGH
[2023-04-08 19:27:39,390] DEBUG    processor/thread_8   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_9   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_10  Tagged threat RAT
[2023-04-08 19:27:39,391] DEBUG    processor/thread_12  Tagged threat RAT
[2023-04-08 19:27:39,391] DEBUG    processor/thread_13  Tagged threat RAT
[2023-04-08 19:27:39,393] DEBUG    processor/thread_6   Tagged threat CRIMINAL
[2023-04-08 19:27:39,394] DEBUG    processor/thread_11  Added 94f764473f2946521f4050be6f2d35b5 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_12  Added 89612615ce912b66a0394497efc5ee8cb6c49a25 indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,394] DEBUG    processor/thread_5   Added 5cbeb0a6c5a10eada07b4e9555b1bd3d indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_14  Added 46d8f2195fb9e7d6fc0423422cd2f6e3 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_15  Added 1ca44f66a74a642426ee371f65964ee062abb9b77a83f7ce33cbdf99982ebe54 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_3   Added 3be7535aaad8e5deb0a7b0ce21a4c5e3a2f3701e86c30b4b3846cdda25fa4feb indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_7   Added e98ee554b026f21b6aefd9c0018d618a254f378e91d12ee2169eec1198fd2124 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_2   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,396] DEBUG    processor/thread_1   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,396] DEBUG    processor/thread_0   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,396] DEBUG    processor/thread_8   Added d9a61afbaf06e316abd49511f01ad2b83b970ea4 indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_6   Tagged threat DOWNLOADER
[2023-04-08 19:27:39,396] DEBUG    processor/thread_9   Added 360379b4abb8cffb2f75ede5f8e06df5 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_10  Added https://soguo.quest/multiply/archives/555EDYREXV indicators to event Indicator Type: Web addresses
[2023-04-08 19:27:39,394] DEBUG    processor/thread_4   Added a287f05c4f62ac867ad28239a41a474a1bb846a4 indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_13  Added b1722602adda0e01ad1629d538152a3f1ed22f40b04d67276d1ce140e7253381 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,397] DEBUG    processor/thread_11  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_12  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_5   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_14  Updated Malware Family: Emotet event threat level to HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_2   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,398] DEBUG    processor/thread_1   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,398] DEBUG    processor/thread_0   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,398] DEBUG    processor/thread_11  Tagged malware COBALTSTRIKE
python3 misp_import.py -f -nb -d -v -p -i
[2023-04-08 18:43:13,699] INFO     misp_tools    MISP Import for CrowdStrike Threat Intelligence v0.6.8
[2023-04-08 18:43:13,699] INFO     config  CHECK CONFIG
[2023-04-08 18:43:13,700] DEBUG    config  client_id                                   value redacted, check config file
[2023-04-08 18:43:13,700] DEBUG    config  client_secret                               value redacted, check config file
[2023-04-08 18:43:13,700] DEBUG    config  crowdstrike_url                             US1
[2023-04-08 18:43:13,700] DEBUG    config  api_request_max                             5000
[2023-04-08 18:43:13,700] DEBUG    config  api_enable_ssl                              True
[2023-04-08 18:43:13,700] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-04-08 18:43:13,700] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-04-08 18:43:13,700] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-04-08 18:43:13,700] DEBUG    config  init_reports_days_before                    365
[2023-04-08 18:43:13,700] DEBUG    config  init_indicators_minutes_before              20220
[2023-04-08 18:43:13,700] DEBUG    config  init_actors_days_before                     730
[2023-04-08 18:43:13,700] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-04-08 18:43:13,700] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-04-08 18:43:13,700] DEBUG    config  actors_unique_tag                           CrowdStrike: ACTOR
[2023-04-08 18:43:13,700] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-04-08 18:43:13,700] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-04-08 18:43:13,700] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-04-08 18:43:13,700] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-04-08 18:43:13,700] DEBUG    config  unattributed_title                          CrowdStrike Unattributed indicators:
[2023-04-08 18:43:13,700] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-04-08 18:43:13,700] DEBUG    config  malware_family_title                        Malware Family:
[2023-04-08 18:43:13,700] DEBUG    config  log_duplicates_as_sightings                 True
[2023-04-08 18:43:13,700] DEBUG    config  misp_url                                    https://3samisp
[2023-04-08 18:43:13,700] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-04-08 18:43:13,700] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-04-08 18:43:13,700] DEBUG    config  misp_enable_ssl                             False
[2023-04-08 18:43:13,700] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-04-08 18:43:13,701] DEBUG    config  ind_attribute_batch_size                    2500
[2023-04-08 18:43:13,701] DEBUG    config  event_save_memory_refresh_interval          180
[2023-04-08 18:43:13,701] DEBUG    config  max_threads                                 16
[2023-04-08 18:43:13,701] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-04-08 18:43:13,701] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-04-08 18:43:13,701] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_kill-chain                        True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_information-security-data-source  True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_type                              True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_iep                               False
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_iep2                              True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_iep2_version                      False
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_tlp                               True
[2023-04-08 18:43:13,701] DEBUG    config  taxonomic_workflow                          True
[2023-04-08 18:43:14,200] INFO     config  No configuration errors found (1 warning)
[2023-04-08 18:43:14,200] INFO     config  
[2023-04-08 18:43:14,200] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-04-08 18:43:14,200] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-04-08 18:43:14,200] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-04-08 18:43:14,200] INFO     config  
[2023-04-08 18:43:15,171] INFO     processor/main       BEGIN INDICATORS IMPORT
[2023-04-08 18:43:15,171] INFO     processor/main       Retrieving lookup data for import of CrowdStrike indicators into MISP.
[2023-04-08 18:43:15,477] INFO     processor/main       Adding 24 CrowdStrike indicator type events to MISP.
[2023-04-08 18:43:15,498] INFO     processor/main       Retrieved 0 CrowdStrike indicator malware family events from MISP.
[2023-04-08 18:43:15,559] INFO     processor/thread_9   Retrieved 15 coin_address indicators from MISP.
[2023-04-08 18:43:15,561] INFO     processor/thread_13  Retrieved 50 device_name indicators from MISP.
[2023-04-08 18:43:15,601] INFO     processor/thread_13  Retrieved 29 service_name indicators from MISP.
[2023-04-08 18:43:15,608] INFO     processor/thread_12  Retrieved 495 registry indicators from MISP.
[2023-04-08 18:43:15,670] INFO     processor/thread_8   Retrieved 309 bitcoin_address indicators from MISP.
[2023-04-08 18:43:15,927] INFO     processor/thread_7   Retrieved 3,922 mutex_name indicators from MISP.
[2023-04-08 18:43:15,994] INFO     processor/thread_12  Retrieved 449 port indicators from MISP.
[2023-04-08 18:43:16,043] INFO     processor/thread_3   Retrieved 1,770 hash_imphash indicators from MISP.
[2023-04-08 18:43:38,543] INFO     processor/thread_15  Retrieved 254 campaign_id indicators from MISP.
[2023-04-08 18:43:40,720] INFO     processor/thread_13  Retrieved 90,336 user_agent indicators from MISP.
[2023-04-08 18:43:50,679] INFO     processor/thread_5   Retrieved 201,177 file_path indicators from MISP.
[2023-04-08 18:43:54,259] INFO     processor/thread_4   Retrieved 201,177 file_name indicators from MISP.
[2023-04-08 18:44:01,788] INFO     processor/thread_2   Retrieved 412,962 hash_sha1 indicators from MISP.
[2023-04-08 18:44:11,313] INFO     processor/thread_10  Retrieved 69,724 email_address indicators from MISP.
[2023-04-08 18:46:12,074] INFO     processor/thread_14  Retrieved 1,612,502 domain indicators from MISP.
[2023-04-08 18:46:50,764] INFO     processor/thread_11  Retrieved 815,731 email_subject indicators from MISP.
[2023-04-08 18:50:00,881] INFO     processor/thread_1   Retrieved 2,934,089 hash_sha256 indicators from MISP.
[2023-04-08 18:52:23,975] INFO     processor/thread_0   Retrieved 3,477,861 hash_md5 indicators from MISP.
[2023-04-08 18:56:45,404] INFO     processor/thread_9   Retrieved 4,795,407 ip_address indicators from MISP.
[2023-04-08 19:26:34,611] INFO     processor/thread_6   Retrieved 16,710,078 url indicators from MISP.
[2023-04-08 19:26:57,388] INFO     processor/main       Found 0 pre-existing indicators within CrowdStrike reports.
[2023-04-08 19:27:18,498] INFO     processor/main       Starting import of CrowdStrike indicators into MISP.
[2023-04-08 19:27:39,189] INFO     processor/main       Retrieved 5,000 of 2,789,355 remaining indicators.
[2023-04-08 19:27:39,190] DEBUG    processor/main       Configuration states we should process batches of 2,500 indicators.
[2023-04-08 19:27:39,190] INFO     processor/main       Processing batch of 2,500 indicators.
[2023-04-08 19:27:39,191] DEBUG    processor/thread_0   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,191] DEBUG    processor/thread_0   Start creation of malware family event object
[2023-04-08 19:27:39,192] DEBUG    processor/thread_0   Complete initial malware family object creation
[2023-04-08 19:27:39,192] DEBUG    processor/thread_0   Successfully created malware family event for CobaltStrike
[2023-04-08 19:27:39,281] DEBUG    processor/thread_1   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,281] DEBUG    processor/thread_1   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_2   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_2   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_3   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,282] DEBUG    processor/thread_3   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_4   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_4   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_5   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,283] DEBUG    processor/thread_5   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_6   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_6   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_7   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_7   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_8   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_8   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,284] DEBUG    processor/thread_9   Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_9   Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_10  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_10  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_11  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,285] DEBUG    processor/thread_11  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_12  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_12  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_13  Malware Family identified: CobaltStrike
[2023-04-08 19:27:39,286] DEBUG    processor/thread_13  Found existing malware family event for CobaltStrike
[2023-04-08 19:27:39,287] DEBUG    processor/thread_14  Malware Family identified: Emotet
[2023-04-08 19:27:39,287] DEBUG    processor/thread_14  Start creation of malware family event object
[2023-04-08 19:27:39,288] DEBUG    processor/thread_14  Complete initial malware family object creation
[2023-04-08 19:27:39,288] DEBUG    processor/thread_14  Successfully created malware family event for Emotet
[2023-04-08 19:27:39,382] DEBUG    processor/thread_15  Malware Family identified: Emotet
[2023-04-08 19:27:39,382] DEBUG    processor/thread_15  Found existing malware family event for Emotet
[2023-04-08 19:27:39,382] DEBUG    processor/thread_0   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_1   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_0   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,383] DEBUG    processor/thread_2   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_2   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,383] DEBUG    processor/thread_1   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,383] DEBUG    processor/thread_4   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_0   Tagged threat COMMODITY
[2023-04-08 19:27:39,383] DEBUG    processor/thread_5   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,383] DEBUG    processor/thread_3   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_7   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_2   Tagged threat COMMODITY
[2023-04-08 19:27:39,384] DEBUG    processor/thread_8   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_9   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_1   Tagged threat COMMODITY
[2023-04-08 19:27:39,384] DEBUG    processor/thread_10  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,384] DEBUG    processor/thread_11  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,386] DEBUG    processor/thread_11  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,384] DEBUG    processor/thread_4   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,384] DEBUG    processor/thread_12  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_13  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_5   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_14  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_15  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,385] DEBUG    processor/thread_3   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_6   Malware Family identified: Emotet
[2023-04-08 19:27:39,385] DEBUG    processor/thread_7   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_2   Tagged threat CRIMINAL
[2023-04-08 19:27:39,385] DEBUG    processor/thread_8   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_9   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,385] DEBUG    processor/thread_1   Tagged threat CRIMINAL
[2023-04-08 19:27:39,385] DEBUG    processor/thread_10  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,384] DEBUG    processor/thread_0   Tagged threat CRIMINAL
[2023-04-08 19:27:39,386] DEBUG    processor/thread_11  Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_4   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_12  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,386] DEBUG    processor/thread_13  Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,386] DEBUG    processor/thread_5   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_14  Tagged malware EMOTET
[2023-04-08 19:27:39,386] DEBUG    processor/thread_15  Tagged malware EMOTET
[2023-04-08 19:27:39,386] DEBUG    processor/thread_3   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_6   Found existing malware family event for Emotet
[2023-04-08 19:27:39,386] DEBUG    processor/thread_7   Tagged threat COMMODITY
[2023-04-08 19:27:39,386] DEBUG    processor/thread_2   Tagged threat RAT
[2023-04-08 19:27:39,387] DEBUG    processor/thread_8   Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_9   Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_1   Tagged threat RAT
[2023-04-08 19:27:39,387] DEBUG    processor/thread_10  Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_0   Tagged threat RAT
[2023-04-08 19:27:39,387] DEBUG    processor/thread_11  Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_4   Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_12  Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_13  Tagged threat COMMODITY
[2023-04-08 19:27:39,387] DEBUG    processor/thread_5   Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_14  Tagged threat CRIMINAL
[2023-04-08 19:27:39,387] DEBUG    processor/thread_15  Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_3   Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_6   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,388] DEBUG    processor/thread_7   Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_2   Added 47f3a99ed0aaa1b269f14888f3c8e5de032a0840b822d4574e95db68d3811688 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,388] DEBUG    processor/thread_8   Tagged threat CRIMINAL
[2023-04-08 19:27:39,388] DEBUG    processor/thread_9   Tagged threat CRIMINAL
[2023-04-08 19:27:39,389] DEBUG    processor/thread_1   Added 36bb3d9152a14b9912b714714ada5a22 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,389] DEBUG    processor/thread_10  Tagged threat CRIMINAL
[2023-04-08 19:27:39,389] DEBUG    processor/thread_0   Added 5fd1a44bfdc904a775cfa81748f4aaad38036e3d indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,389] DEBUG    processor/thread_11  Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_4   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_12  Tagged threat CRIMINAL
[2023-04-08 19:27:39,390] DEBUG    processor/thread_13  Tagged threat CRIMINAL
[2023-04-08 19:27:39,390] DEBUG    processor/thread_5   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_14  Tagged threat DOWNLOADER
[2023-04-08 19:27:39,390] DEBUG    processor/thread_15  Tagged threat DOWNLOADER
[2023-04-08 19:27:39,390] DEBUG    processor/thread_3   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_6   Tagged malware EMOTET
[2023-04-08 19:27:39,390] DEBUG    processor/thread_7   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_2   Updated Malware Family: CobaltStrike event threat level to HIGH
[2023-04-08 19:27:39,390] DEBUG    processor/thread_8   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_9   Tagged threat RAT
[2023-04-08 19:27:39,390] DEBUG    processor/thread_10  Tagged threat RAT
[2023-04-08 19:27:39,391] DEBUG    processor/thread_12  Tagged threat RAT
[2023-04-08 19:27:39,391] DEBUG    processor/thread_13  Tagged threat RAT
[2023-04-08 19:27:39,393] DEBUG    processor/thread_6   Tagged threat CRIMINAL
[2023-04-08 19:27:39,394] DEBUG    processor/thread_11  Added 94f764473f2946521f4050be6f2d35b5 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_12  Added 89612615ce912b66a0394497efc5ee8cb6c49a25 indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,394] DEBUG    processor/thread_5   Added 5cbeb0a6c5a10eada07b4e9555b1bd3d indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_14  Added 46d8f2195fb9e7d6fc0423422cd2f6e3 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_15  Added 1ca44f66a74a642426ee371f65964ee062abb9b77a83f7ce33cbdf99982ebe54 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_3   Added 3be7535aaad8e5deb0a7b0ce21a4c5e3a2f3701e86c30b4b3846cdda25fa4feb indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,395] DEBUG    processor/thread_7   Added e98ee554b026f21b6aefd9c0018d618a254f378e91d12ee2169eec1198fd2124 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_2   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,396] DEBUG    processor/thread_1   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,396] DEBUG    processor/thread_0   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,396] DEBUG    processor/thread_8   Added d9a61afbaf06e316abd49511f01ad2b83b970ea4 indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_6   Tagged threat DOWNLOADER
[2023-04-08 19:27:39,396] DEBUG    processor/thread_9   Added 360379b4abb8cffb2f75ede5f8e06df5 indicators to event Indicator Type: MD5 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_10  Added https://soguo.quest/multiply/archives/555EDYREXV indicators to event Indicator Type: Web addresses
[2023-04-08 19:27:39,394] DEBUG    processor/thread_4   Added a287f05c4f62ac867ad28239a41a474a1bb846a4 indicators to event Indicator Type: SHA1 hashes
[2023-04-08 19:27:39,396] DEBUG    processor/thread_13  Added b1722602adda0e01ad1629d538152a3f1ed22f40b04d67276d1ce140e7253381 indicators to event Indicator Type: SHA256 hashes
[2023-04-08 19:27:39,397] DEBUG    processor/thread_11  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_12  Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_5   Tagged malicious-confidence HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_14  Updated Malware Family: Emotet event threat level to HIGH
[2023-04-08 19:27:39,397] DEBUG    processor/thread_2   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,398] DEBUG    processor/thread_1   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,398] DEBUG    processor/thread_0   Tagged malware COBALTSTRIKE
[2023-04-08 19:27:39,398] DEBUG    processor/thread_11  Tagged malware COBALTSTRIKE
Continues for 23+ Hours
[2023-04-09 13:30:55,429] DEBUG    processor/thread_10  Added 4e97d128b5e06ea4cda3cdef1bbe0c28 indicators to event Indicator Type: MD5 hashes
[2023-04-09 13:30:55,456] DEBUG    processor/thread_12  Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:55,522] DEBUG    processor/thread_3   Tagged threat DOWNLOADER
[2023-04-09 13:30:55,605] DEBUG    processor/thread_5   Tagged mitre-attck PERSISTENCE
[2023-04-09 13:30:55,656] DEBUG    processor/thread_6   Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:55,687] DEBUG    processor/thread_0   Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:55,744] DEBUG    processor/thread_1   Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:55,852] DEBUG    processor/thread_15  Tagged mitre-attck PRIVILEGEESCALATION
[2023-04-09 13:30:55,888] DEBUG    processor/thread_8   Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:55,919] DEBUG    processor/thread_11  Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:55,955] DEBUG    processor/thread_13  Tagged mitre-attck PERSISTENCE
[2023-04-09 13:30:55,981] DEBUG    processor/thread_9   Tagged mitre-attck INITIALACCESS
[2023-04-09 13:30:56,063] DEBUG    processor/thread_10  Tagged malicious-confidence HIGH
[2023-04-09 13:30:56,084] DEBUG    processor/thread_12  Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:57,001] DEBUG    processor/thread_12  Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:56,197] DEBUG    processor/thread_6   Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:56,290] DEBUG    processor/thread_0   Tagged mitre-attck DEFENSEEVASION
[2023-04-09 13:30:56,383] DEBUG    processor/thread_1   Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:56,486] DEBUG    processor/thread_15  Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:56,580] DEBUG    processor/thread_8   Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:56,714] DEBUG    processor/thread_11  Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:56,817] DEBUG    processor/thread_13  Tagged mitre-attck PERSISTENCE
[2023-04-09 13:30:56,889] DEBUG    processor/thread_9   Tagged mitre-attck LATERALMOVEMENT
[2023-04-09 13:30:56,971] DEBUG    processor/thread_10  Tagged malware SALITYV4
[2023-04-09 13:30:56,182] DEBUG    processor/thread_5   Tagged mitre-attck PERSISTENCE
[2023-04-09 13:30:57,001] DEBUG    processor/thread_12  Tagged mitre-attck RESOURCEDEVELOPMENT
[2023-04-09 13:30:57,084] DEBUG    processor/thread_6   Tagged threat BOTNET
[2023-04-09 13:30:57,768] DEBUG    processor/thread_6   Tagged threat COMMODITY
[2023-04-09 13:30:57,773] DEBUG    processor/thread_6   Tagged threat CRIMINAL
[2023-04-09 13:30:57,779] DEBUG    processor/thread_6   Tagged threat DOWNLOADER
[2023-04-09 13:30:57,367] DEBUG    processor/thread_8   Tagged mitre-attck COMMANDANDCONTROL
[2023-04-09 13:30:57,475] DEBUG    processor/thread_11  Tagged mitre-attck COMMANDANDCONTROL
^CError in atexit._run_exitfuncs:
Traceback (most recent call last):
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 40, in _python_exit
[2023-04-09 13:30:57,527] DEBUG    processor/thread_13  Tagged mitre-attck PERSISTENCE
    t.join()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/threading.py", line 1011, in join
[2023-04-09 13:30:57,619] DEBUG    processor/thread_9   Tagged mitre-attck PERSISTENCE
^C  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/threading.py", line 1027, in _wait_for_tstate_lock
[2023-04-09 13:30:57,657] DEBUG    processor/thread_4   Added 85f8fd4e4b1d701e431a4dfb0145e856 indicators to event Malware Family: Salityv4
[2023-04-09 13:30:57,686] DEBUG    processor/thread_10  Tagged mitre-attck COMMANDANDCONTROL
^CKeyboardInterrupt

[ENH] Add switch to test and report out both APIs

Add switch to test and report out both APIs

A lot of time installing and testing new frameworks/integrations is often spent initially on getting API Access, Keys, Proxies, et al sorted out.

  • It would great if there were an API Test feature we could invoke to enumerate and test all aspects of both CrowdStrike and MISP APIs.
  • This would include creating a Test Event, Attributes, and some Tags on the MISP side. Option for the Deletion or Retention of these artifacts after the fact would be great.
  • Detailed logging/error messages please!

The current form of logs are less than helpful.

[2022-11-09 11:24:42,361] CRITICAL config authentication Invalid API credentials provided

[RFI] Proper Method for adding our custom Tags?

The 'old' method of adding our own tags do not seem to work.

Previously the following entries in the 'ini' file produced the desired outcomes of adding our own internal tags to CrowdStrike Actor, Report, and Indicator Events.

reports_tags = att:source="Crowdstrike.Report"
indicators_tags = att:source="Crowdstrike.Indicators"
actors_tags = att:source="Crowdstrike.Actors"

Error code 500: "An Internal Error Has Occurred.","url":"\/events\/add"}

While executing the initial Reports ingestion

python3 misp_import.py --reports

[2022-08-19 21:27:14,136] (INFO) Start getting reports from Crowdstrike Intel API and pushing them as events in MISP (past 365 days).
[2022-08-19 21:28:13,753] (INFO) Got 10765 reports from the Crowdstrike Intel API.
[2022-08-19 21:29:29,236] (INFO) Retrieved extended report details for 9916 reports
[2022-08-19 21:30:06,180] (INFO) 99938 related indicators found
last_seen (1441065600) has to be after first_seen (2015-10-07 19:53:00+00:00)
last_seen (1621430244) has to be after first_seen (2021-05-19 13:20:09+00:00)

[2022-08-19 22:11:48,227] (WARNING) Could not add or tag event CSIT-20104 KorDLL Framework: The Father of STARDUST CHOLLIMA and LABYRINTH CHOLLIMA Tooling.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:00,499] (WARNING) Could not add or tag event CSA-18211 Customers of GURU SPIDER Use Quant Loader to Distribute Variety of eCrime Threats.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1627422240) has to be after first_seen (2021-07-27 21:46:36+00:00)

[2022-08-19 22:12:07,256] (WARNING) Could not add or tag event CSIR-14002 VENOMOUS BEAR Use of Wipbot.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:11,823] (WARNING) Could not add or tag event CSIR-13014.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:19,988] (WARNING) Could not add or tag event CSGT-20Q2 Global Threat Analysis Cell Q2 2020 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1612201980) has to be after first_seen (2021-02-01 17:54:38+00:00)

[2022-08-19 22:12:26,236] (WARNING) Could not add or tag event CSWR-17043 GTAC Weekly Wrap-Up: Week of 11/4/17.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:31,700] (WARNING) Could not add or tag event CSIR-18007 SHADOW CRANE Campaign Analysis: From Tapaoux to KONNI.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:37,185] (WARNING) Could not add or tag event CSIT-18012 Cross-Platform Espionage Tool Kazuar Added to VENOMOUS BEAR's Arsenal.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:38,310] (WARNING) Could not add or tag event CSTA-15001.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:38,988] (WARNING) Could not add or tag event CSIR-15001.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:12:43,642] (WARNING) Could not add or tag event CSA-18819 DanaBot Banking Trojan Continues to Be Updated; U.S. and Canadian Financial Institutions Latest Targets.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1441065600) has to be after first_seen (2015-10-07 19:53:00+00:00)

[2022-08-19 22:13:15,547] (WARNING) Could not add or tag event CSIT-19076 VENOMOUS BEAR Targets Email Using Robust Facade Backdoor.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:16,420] (WARNING) Could not add or tag event CSIR-16019 COZY BEAR 2015 Campaigns.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:18,242] (WARNING) Could not add or tag event CSGT-16Q3.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:22,582] (WARNING) Could not add or tag event CSA-18324 BAMBOO SPIDER Continues to Release New Versions of Panda Zeus Malware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:24,391] (WARNING) Could not add or tag event CSIR-19003 Sector Report: Threats to the Energy Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:27,565] (WARNING) Could not add or tag event CSTA-14004.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:29,916] (WARNING) Could not add or tag event CSIR-12019.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:30,710] (WARNING) Could not add or tag event CSIT-13061.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1372723200) has to be after first_seen (2013-07-02 19:35:00+00:00)

[2022-08-19 22:13:31,634] (WARNING) Could not add or tag event CSIR-12017.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:32,708] (WARNING) Could not add or tag event CSIR-13007.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:33,829] (WARNING) Could not add or tag event CSIR-12004.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:38,874] (WARNING) Could not add or tag event CSGT-19Q2 Global Threat Analysis Cell Q2 2019 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:42,275] (WARNING) Could not add or tag event CSIT-17143 Malware Analysis of DiamondFox.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:13:43,165] (WARNING) Could not add or tag event CSIT-20243 SUNBURST Backdoor Deployed Through Supply Chain Attack.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:49,033] (WARNING) Could not add or tag event CSIT-19230 Malware Analysis of Nemty Ransomware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:49,725] (WARNING) Could not add or tag event CSIT-20075 LABYRINTH CHOLLIMA: A Retrospective Analysis of BUFFETLINE and HOPLIGHT.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:51,116] (WARNING) Could not add or tag event CSIR-14003.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:52,072] (WARNING) Could not add or tag event CSMR-21004 GTAC Monthly Report - April 2021.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:55,829] (WARNING) Could not add or tag event CSIA-13Q3A.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:57,509] (WARNING) Could not add or tag event CSGT-18Q3 Global Threat Analysis Cell Q3 2018 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:57,841] (WARNING) Could not add or tag event CSIT-18124 Malware Analysis of SynAck.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:13:59,235] (WARNING) Could not add or tag event CSIT-21121 Historical Guardian Malware Dates PrimevalSentry Activity to 2008.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:00,426] (WARNING) Could not add or tag event CSA-18248 BAMBOO SPIDER Releases New Version of Panda Zeus Malware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:01,114] (WARNING) Could not add or tag event CSIR-21011 Local Privilege Escalation Variants on Microsoft Windows.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:05,324] (WARNING) Could not add or tag event CSIR-18000 New Generation Warfare and Russian Cyber Threats to the Military.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:09,614] (WARNING) Could not add or tag event CSIR-19012 Sector Report: Trends in the Targeting of the Academic Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:10,341] (WARNING) Could not add or tag event CSMR-20012 GTAC Monthly Report - December 2020.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:15,518] (WARNING) Could not add or tag event CSGT-20Q3 Global Threat Analysis Cell Q3 2020 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:24,342] (WARNING) Could not add or tag event CSIR-21009  Android Implant with Additional SMS C2 Channel Linked to PrimevalSentry Activity Cluster, Likely Supports Physical Operations.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:25,726] (WARNING) Could not add or tag event CSIT-19138 Technical Analysis of the HELIX KITTEN Leaks.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:28,613] (WARNING) Could not add or tag event CSIA-13Q1B.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:37,493] (WARNING) Could not add or tag event CSMR-19005 Global Threat Analysis Cell Monthly Report - May 2019.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:45,065] (WARNING) Could not add or tag event CSGT-19Q3 Global Threat Analysis Cell Q3 2019 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:45,420] (WARNING) Could not add or tag event CSMR-21005 GTAC Monthly Report - May 2021.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:46,644] (WARNING) Could not add or tag event CSIR-16007 Technical Analysis of Sakula Remote Access Tool and Associated Operations.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:48,893] (WARNING) Could not add or tag event CSGT-17Q2 Global Threat Analysis Cell Q2 2017 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:51,888] (WARNING) Could not add or tag event CSIR-20013 Motives and Actors Behind India's Cyber Operations.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:52,462] (WARNING) Could not add or tag event CSTA-15000.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:55,008] (WARNING) Could not add or tag event CSIR-12016.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:55,618] (WARNING) Could not add or tag event CSIR-15000.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:55,732] (WARNING) Could not add or tag event CSIA-13Q1A.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:55,754] (WARNING) Could not add or tag event CSIA-13Q4.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:57,352] (WARNING) Could not add or tag event CSIR-13006.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:58,165] (WARNING) Could not add or tag event CSIR-12032.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:14:58,321] (WARNING) Could not add or tag event CSIR-13015.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:00,799] (WARNING) Could not add or tag event CSA-19364 MUMMY SPIDER Reinstates Support for Distribution of QakBot.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:01,261] (WARNING) Could not add or tag event CSIT-13026.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1441065600) has to be after first_seen (2015-10-07 19:53:00+00:00)

[2022-08-19 22:15:09,375] (WARNING) Could not add or tag event CSIT-19135 Malware Analysis of REvil (Sodinokibi) Ransomware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:15:15,379] (WARNING) Could not add or tag event CSIR-18011 Evolution of VOODOO BEAR Operations.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:16,509] (WARNING) Could not add or tag event CSGT-16Q2.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:22,469] (WARNING) Could not add or tag event CSIR-12010.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:34,308] (WARNING) Could not add or tag event CSA-18288 TrickBot Distributed Using Spoofed UK Government Spam Theme.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:35,861] (WARNING) Could not add or tag event CSTA-15007.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:37,760] (WARNING) Could not add or tag event CSIR-14004.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:37,835] (WARNING) Could not add or tag event CSIA-14003.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:42,277] (WARNING) Could not add or tag event CSIR-17005 Shamoon 2: Government Motivations and New Analysis.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:42,732] (WARNING) Could not add or tag event CSIR-13001.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:49,964] (WARNING) Could not add or tag event CSGT-18Q2 Global Threat Analysis Cell Q2 2018 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:15:53,475] (WARNING) Could not add or tag event CSA-18050 Outlook for Russian Legislative and Executive Efforts to Monitor and Control Data in 2018; Russian Data Storage and Decryption Law Faces Potential Delay in Implementation but Authorities Continue to Move Forward on Other Efforts to Inspect Social Media.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1623769560) has to be after first_seen (2021-06-15 15:08:08+00:00)
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:16:07,152] (WARNING) Could not add or tag event CSTA-14002.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:07,326] (WARNING) Could not add or tag event CSTA-15003.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:08,840] (WARNING) Could not add or tag event CSIT-19001 Malware Analysis of KrakenCryptor.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:09,992] (WARNING) Could not add or tag event CSGT-15Q3.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:11,062] (WARNING) Could not add or tag event CSIR-19002 Revisiting the Gaza Cyber Threat Landscape.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:13,241] (WARNING) Could not add or tag event CSIR-12015.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:16:14,802] (WARNING) Could not add or tag event CSIR-12022.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:16,931] (WARNING) Could not add or tag event CSWR-20036 CrowdStrike Intelligence Weekly Report: Week of 09/12/2020.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:27,478] (WARNING) Could not add or tag event CSIR-21017 Sector Report: Trends in Targeting of the Energy Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:34,098] (WARNING) Could not add or tag event CSA-19933 Dridex Variant Linked to DoppelPaymer Operations Using Webinjects to Target U.S. and UK Banking Customers.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:35,275] (WARNING) Could not add or tag event CSWR-17045 GTAC Weekly Wrap-Up: Week of 11/18/17.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:42,210] (WARNING) Could not add or tag event CSIT-16071 Technical Analysis of FANCY BEARโ€™S X-Tunnel Tool.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435708800) has to be after first_seen (2015-08-28 15:50:00+00:00)

[2022-08-19 22:16:47,355] (WARNING) Could not add or tag event CSIR-15006.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:47,522] (WARNING) Could not add or tag event CSIT-19118 Threat Landscape: Mobile Malware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1441065600) has to be after first_seen (2015-10-07 19:53:00+00:00)

[2022-08-19 22:16:48,755] (WARNING) Could not add or tag event CSIR-14000.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:49,160] (WARNING) Could not add or tag event CSIR-14005.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:49,410] (WARNING) Could not add or tag event CSIR-14012.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:49,436] (WARNING) Could not add or tag event CSIR-15003.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1372723200) has to be after first_seen (2013-07-02 19:35:00+00:00)

[2022-08-19 22:16:50,215] (WARNING) Could not add or tag event CSIR-13021.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1623802076) has to be after first_seen (2021-06-16 21:45:55+00:00)
last_seen (1623802077) has to be after first_seen (2021-06-16 21:44:50+00:00)

[2022-08-19 22:16:54,451] (WARNING) Could not add or tag event CSGT-19Q1 Global Threat Analysis Cell Q1 2019 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:55,654] (WARNING) Could not add or tag event CSTA-13003.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:55,814] (WARNING) Could not add or tag event CSIR-13018.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:16:59,510] (WARNING) Could not add or tag event CSIR-21016 Group of Veteran Ryazan-Based Developers Associated with VENOMOUS BEAR.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:17:01,796] (WARNING) Could not add or tag event CSIT-21094 CathodeRaider Campaigns Use Zekadero Families Against Kazakh Extractive and Energy Sectors.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:17:06,865] (WARNING) Could not add or tag event CSIT-21204 STARDUST CHOLLIMA: Venture Capital Decoys Used to Deploy Updated Tooling, Likely for Financial Gain.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:17:22,546] (WARNING) Could not add or tag event CSIR-21015 VENOMOUS BEAR Actor Profile.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:17:27,904] (WARNING) Could not add or tag event CSIR-13025.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:17:39,567] (WARNING) Could not add or tag event CSGT-18Q1 Global Threat Analysis Cell Q1 2018 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:17:41,037] (WARNING) Could not add or tag event CSA-17140 WIZARD SPIDER Releases New Version of TrickBot.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1433116800) has to be after first_seen (2015-06-02 16:07:00+00:00)
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:17:50,463] (WARNING) Could not add or tag event CSIT-20056 Clambling: Legacy of PlugX.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1616392515) has to be after first_seen (2021-04-20 14:59:37+00:00)

[2022-08-19 22:17:56,126] (WARNING) Could not add or tag event CSIR-18003 RICOCHET CHOLLIMA: Campaigns Spanning 2016 to 2018.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:17:58,925] (WARNING) Could not add or tag event CSIR-18002 NTSTATS Malware Delivery Campaign: An Evolving Operation Targeting Organizations in the Middle East.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1622739600) has to be after first_seen (2021-06-03 17:01:11+00:00)
last_seen (1372723200) has to be after first_seen (2013-07-02 19:35:00+00:00)

[2022-08-19 22:18:06,623] (WARNING) Could not add or tag event CSIR-17010 FANCY BEAR: Actor Profile.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:07,233] (WARNING) Could not add or tag event CSIT-20120 Analysis of VENOMOUS BEAR's Mosquito Implant.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:08,391] (WARNING) Could not add or tag event CSIR-17011 Trends in the Targeting of the Technology Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:10,932] (WARNING) Could not add or tag event CSIT-20066 UsbGrabber: PRIMITIVE BEAR's File Exfiltration Toolset.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:12,893] (WARNING) Could not add or tag event CSTA-15004.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:13,248] (WARNING) Could not add or tag event CSIR-15004.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:13,808] (WARNING) Could not add or tag event CSIR-14010.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:14,251] (WARNING) Could not add or tag event CSIR-18014 STONE PANDA Adversary Profile.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:14,336] (WARNING) Could not add or tag event CSIR-16008 ExportControl Dropper: Malware Used by SILENT CHOLLIMA.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:18:16,804] (WARNING) Could not add or tag event CSIR-15005.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:17,833] (WARNING) Could not add or tag event CSIR-14006.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:18,348] (WARNING) Could not add or tag event CSIR-13009.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:21,094] (WARNING) Could not add or tag event CSIR-12002.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:21,353] (WARNING) Could not add or tag event CSIA-14000.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1357084800) has to be after first_seen (2013-04-22 15:03:00+00:00)
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:18:23,149] (WARNING) Could not add or tag event CSIR-12008.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:23,314] (WARNING) Could not add or tag event CSIR-13012.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:24,595] (WARNING) Could not add or tag event CSIA-14001.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:31,516] (WARNING) Could not add or tag event CSA-191502 Amadey Loader Used to Deliver Kronos Payload Following a Period of Inactivity.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:32,308] (WARNING) Could not add or tag event CSIT-21200 Analysis of EvolvedThief Banking Trojan.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:34,135] (WARNING) Could not add or tag event CSA-17192 New Variant of Gootkit Targeting Customers of UK Based Financial Institutions and U.S. Technology Companies.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:37,490] (WARNING) Could not add or tag event CSWR-18001 GTAC Weekly Wrap-Up: Week of 1/13/2018.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:18:43,407] (WARNING) Could not add or tag event CSIT-15118.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:45,450] (WARNING) Could not add or tag event CSIR-12012.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:48,642] (WARNING) Could not add or tag event CSIR-20015 Sector Report: Trends in the Targeting of the U.S. State and Local Government Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:50,202] (WARNING) Could not add or tag event CSA-18704 Emotet Delivering Variant of BokBot to Victims Located in the U.S. and Canada.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:18:54,902] (WARNING) Could not add or tag event CSIR-21022 Sector Report: Annual Trends in Targeting of the Technology Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1433116800) has to be after first_seen (2015-06-02 16:07:00+00:00)

[2022-08-19 22:19:03,463] (WARNING) Could not add or tag event CSIA-12Q4A.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:04,241] (WARNING) Could not add or tag event CSIR-14007.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:05,269] (WARNING) Could not add or tag event CSIR-13024.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:06,354] (WARNING) Could not add or tag event CSIR-13013.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1333324800) has to be after first_seen (2012-04-02 22:50:00+00:00)

[2022-08-19 22:19:07,506] (WARNING) Could not add or tag event CSIR-13008.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:09,720] (WARNING) Could not add or tag event CSGT-21Q3 Global Threat Analysis Cell Q3 2021 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:17,352] (WARNING) Could not add or tag event CSIR-18010 FLASH KITTEN Network Compromise Operations.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:19,956] (WARNING) Could not add or tag event CSIR-19000 Sector Report: Trends in the Targeting of the Financial Sector, 2018.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:20,105] (WARNING) Could not add or tag event CSA-18379 BAMBOO SPIDER Releases New Version of Panda Zeus Malware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:19:27,250] (WARNING) Could not add or tag event CSIR-17000 The Russia-Ukraine Conflict and the Creation of Regional Hacktivism.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:27,400] (WARNING) Could not add or tag event CSWR-18029 GTAC Weekly Wrap-Up: Week of 7/28/2018.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:28,905] (WARNING) Could not add or tag event CSIT-16065 Andromeda Trojan with Fileless PowerShell Dropper Plugin and DGA-Based Payload.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:33,180] (WARNING) Could not add or tag event CSIR-13017.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:41,800] (WARNING) Could not add or tag event CSA-18001 New Variant of Panda Zeus Targets Multiple Sectors in North America, Including Financial and Online Retail.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:42,776] (WARNING) Could not add or tag event CSGT-21Q2 Global Threat Analysis Cell Q2 2021 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:19:49,760] (WARNING) Could not add or tag event CSTA-12027.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1375315200) has to be after first_seen (2013-09-11 21:41:00+00:00)

[2022-08-19 22:19:54,340] (WARNING) Could not add or tag event CSA-18548 WIZARD SPIDER Affiliate Uses PayPal Theme to Distribute Variant of TrickBot Malware Targeting Multiple Countries.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:59,306] (WARNING) Could not add or tag event CSIT-19204 OtakuKit: A Malware Toolset Used by WARLORD KITTEN.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:19:59,612] (WARNING) Could not add or tag event CSGT-17Q3 Global Threat Analysis Cell Q3 2017 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:02,708] (WARNING) Could not add or tag event CSIR-18005 The Evolution of CARBON SPIDER.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:03,143] (WARNING) Could not add or tag event CSMR-21001 GTAC Monthly Report - January 2021.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:10,181] (WARNING) Could not add or tag event CSA-17118 Emotet Issues Commands to Download and Execute Banking Trojans Including QakBot and Dridex.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:10,755] (WARNING) Could not add or tag event CSIT-15039.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:12,835] (WARNING) Could not add or tag event CSIR-14001.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:13,471] (WARNING) Could not add or tag event CSIR-13019.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:13,752] (WARNING) Could not add or tag event CSIR-13004.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:15,121] (WARNING) Could not add or tag event CSIR-12014.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:15,490] (WARNING) Could not add or tag event CSIR-20016 Sector Report: Trends in the Targeting of the Healthcare Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1367366400) has to be after first_seen (2013-11-15 20:21:00+00:00)

[2022-08-19 22:20:16,779] (WARNING) Could not add or tag event CSIR-19006 Sector Report: Trends in the Targeting of the Telecommunications Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:21,014] (WARNING) Could not add or tag event CSIT-21151 VELVET CHOLLIMA: Continued Development of CobraVenom Framework to Target RoK Entities.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:35,378] (WARNING) Could not add or tag event CSIT-21064 A Historical Analysis of Helminth; Understanding Shared Tooling Between REMIX KITTEN and HELIX KITTEN.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:36,417] (WARNING) Could not add or tag event CSIT-21091 The Evolution of PyXie RAT.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:20:42,006] (WARNING) Could not add or tag event CSMR-20007 CrowdStrike Intelligence Monthly Report - July 2020.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:44,776] (WARNING) Could not add or tag event CSIT-21058 LABYRINTH CHOLLIMA: Targeting of Media Sector, Security Researchers, and Pharmaceutical Interests using Stackeyflate and OpenSSL Downloader.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:46,258] (WARNING) Could not add or tag event CSIR-12000.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:47,820] (WARNING) Could not add or tag event CSIT-19196 Ongoing Developments with Konni and Nokki Suggest Links to VELVET CHOLLIMA.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:47,882] (WARNING) Could not add or tag event CSIT-21021 GENIE SPIDER Activity Likely Attributable to STARDUST CHOLLIMA.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:48,649] (WARNING) Could not add or tag event CSIT-17183 BadRabbit Malware Distributed via Strategic Web Compromise Campaign.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:50,697] (WARNING) Could not add or tag event CSIT-20200 Ramsay: Technical Analysis and Links to Other Tools.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:52,092] (WARNING) Could not add or tag event CSA-18516 New Cyber Campaign Leveraging Malicious HWP Document and the Name of a Private Organization Allegedly Involved in the RoK-Russia Gas Pipeline Project Identified; Entities Involved in the Deal May Experience Increased Activities from DPRK Cyber Operators.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:52,208] (WARNING) Could not add or tag event CSMR-20009 GTAC Monthly Report - September 2020.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:20:54,252] (WARNING) Could not add or tag event CSA-18594 Amnesty International Releases Report Accusing Israeli Cyber Solutions Vendor NSO Group of Targeting Two Human Rights Workers in Saudi Arabia; Accusation Follows June 2018 Indictment of Former NSO Group Employee for Theft of Surveillance Software Source Code.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:05,195] (WARNING) Could not add or tag event CSA-17195 WIZARD SPIDER Tests SMB Spreader Plugin and Releases Two New Versions of TrickBot.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:07,212] (WARNING) Could not add or tag event CSIT-18122 Malware Analysis of MyloBot.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:21:14,722] (WARNING) Could not add or tag event CSIR-17009 Baselining North Korean Cyber Capabilities.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:18,087] (WARNING) Could not add or tag event CSGT-14Q1.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:21,801] (WARNING) Could not add or tag event CSIR-20009 Implications for Stability of COVID-19: Consolidated Analysis of Four World Regions.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:21,884] (WARNING) Could not add or tag event CSWR-18024 GTAC Weekly Wrap-Up: Week of 6/23/2018.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:22,182] (WARNING) Could not add or tag event CSMR-20006 CrowdStrike Intelligence Monthly Report - June 2020.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:28,609] (WARNING) Could not add or tag event CSIR-20017 Sector Report: Trends in the Targeting of the Agriculture Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:36,627] (WARNING) Could not add or tag event CSGT-21Q1 Global Threat Analysis Cell Q1 2021 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:36,882] (WARNING) Could not add or tag event CSIT-16021 New Variant of ARCHY RAT Used in Possible PUTTER PANDA Campaign.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:41,031] (WARNING) Could not add or tag event CSIR-13022.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:47,797] (WARNING) Could not add or tag event CSIT-19045 Technical Analysis of FakeDead; Malware Used by Likely Chinese Threat Actor Over Several Years.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:49,315] (WARNING) Could not add or tag event CSIR-16000 ISIS Cyber Capabilities.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:49,823] (WARNING) Could not add or tag event CSIT-20126 Analysis of PRIMITIVE BEAR's Phishing Infrastructure.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:50,482] (WARNING) Could not add or tag event CSIA-15000.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:50,701] (WARNING) Could not add or tag event CSIR-19009 Sector Report: Trends in the Targeting of the Media Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:51,043] (WARNING) Could not add or tag event CSIR-13023.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:53,063] (WARNING) Could not add or tag event CSIR-14008.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:21:54,426] (WARNING) Could not add or tag event CSIR-13010.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:03,591] (WARNING) Could not add or tag event CSIR-17008 Assessing Former and Prospective FANCY BEAR Threats in Europe.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:09,222] (WARNING) Could not add or tag event CSWR-17046 GTAC Weekly Wrap-Up: Week of 11/25/17.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:14,272] (WARNING) Could not add or tag event CSIR-14009.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:14,567] (WARNING) Could not add or tag event CSIR-12036.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:19,816] (WARNING) Could not add or tag event CSIR-21012 Chinaโ€™s 14th Five Year Plan: A Consistent Roadmap for Anticipating PRC Intelligence Requirements.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:24,064] (WARNING) Could not add or tag event CSIT-21221 Technical Analysis of CARBON SPIDERโ€™s BlackMatter Ransomware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:27,716] (WARNING) Could not add or tag event CSGT-17Q1 Global Threat Analysis Cell Q1 2017 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:28,934] (WARNING) Could not add or tag event CSIR-21018 Sector Report: Trends in Targeting of the Telecommunications Sector.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
last_seen (1435795200) has to be after first_seen (2015-09-24 14:16:00+00:00)

[2022-08-19 22:22:39,739] (WARNING) Could not add or tag event CSIR-22003 Geopolitical Context of Russian Cyber Activity Against Ukraine in 2021 and Early 2022.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:40,348] (WARNING) Could not add or tag event CSIT-21250 WellMess RAT Updated in 2020 Campaign Targeting COVID-19 Vaccine Research.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:22:47,194] (WARNING) Could not add or tag event CSIR-22004 RepeatingUmbra Activity Cluster Campaign Analysis: 2017-2022.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:05,180] (WARNING) Could not add or tag event CSWR-22009 CrowdStrike Intelligence Weekly Report: Week of 02/26/2022.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:06,077] (WARNING) Could not add or tag event CSIR-22005 Threats to Renewable Energy.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:12,697] (WARNING) Could not add or tag event CSIR-22007 SILENT CHOLLIMA: Adversary Profile & Campaign Overview.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:26,595] (WARNING) Could not add or tag event CSGT-22Q1 Global Threat Analysis Cell Q1 2022 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:28,996] (WARNING) Could not add or tag event CSIR-22010 EMBER BEAR Actor Profile.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
[2022-08-19 22:23:35,316] (WARNING) Could not add or tag event CSDR-22119 CrowdStrike Intelligence Daily Report Day of 24 June 2022.
('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

[2022-08-19 22:23:44,136] (WARNING) Could not add or tag event CSGT-22Q2 Global Threat Analysis Cell Q2 2022 Report.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:55,022] (WARNING) Could not add or tag event CSIT-20216 VELVET CHOLLIMA: Actor Profile and Campaign Overview.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:23:59,505] (WARNING) Could not add or tag event CSIT-22139 Technical Analysis of Alphv Ransomware.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}

[2022-08-19 22:24:08,791] (WARNING) Could not add or tag event CSIR-22015 Aerospace Targeting Trends.
Error code 500:
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/add"}
[2022-08-19 22:24:08,795] (INFO) Finished importing 10765 (0 skipped) Crowdstrike Intel reports as events in MISP.
[2022-08-19 22:24:08,863] (INFO) 
 _______ _____ __   _ _____ _______ _     _ _______ ______
 |______   |   | \  |   |   |______ |_____| |______ |     \
 |       __|__ |  \_| __|__ ______| |     | |______ |_____/

Fatal Error on Indicator Import: KeyError: 'PERSONA_NAME'

python3 misp_import.py -f -nb -d -i

[2023-04-05 19:21:01,715] INFO     misp_tools    MISP Import for CrowdStrike Threat Intelligence v0.6.8
[2023-04-05 19:21:01,715] INFO     config  CHECK CONFIG
[2023-04-05 19:21:01,716] DEBUG    config  client_id                                   value redacted, check config file
[2023-04-05 19:21:01,716] DEBUG    config  client_secret                               value redacted, check config file
[2023-04-05 19:21:01,716] DEBUG    config  crowdstrike_url                             US1
[2023-04-05 19:21:01,716] DEBUG    config  api_request_max                             5000
[2023-04-05 19:21:01,716] DEBUG    config  api_enable_ssl                              True
[2023-04-05 19:21:01,716] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-04-05 19:21:01,717] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-04-05 19:21:01,717] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-04-05 19:21:01,717] DEBUG    config  init_reports_days_before                    365
[2023-04-05 19:21:01,717] DEBUG    config  init_indicators_minutes_before              20220
[2023-04-05 19:21:01,717] DEBUG    config  init_actors_days_before                     730
[2023-04-05 19:21:01,717] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-04-05 19:21:01,717] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-04-05 19:21:01,717] DEBUG    config  actors_unique_tag                           CrowdStrike: ACTOR
[2023-04-05 19:21:01,717] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-04-05 19:21:01,717] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-04-05 19:21:01,717] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-04-05 19:21:01,717] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-04-05 19:21:01,717] DEBUG    config  unattributed_title                          CrowdStrike Unattributed indicators:
[2023-04-05 19:21:01,717] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-04-05 19:21:01,717] DEBUG    config  malware_family_title                        Malware Family:
[2023-04-05 19:21:01,717] DEBUG    config  log_duplicates_as_sightings                 True
[2023-04-05 19:21:01,717] DEBUG    config  misp_url                                    https://3samisp
[2023-04-05 19:21:01,717] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-04-05 19:21:01,717] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-04-05 19:21:01,717] DEBUG    config  misp_enable_ssl                             False
[2023-04-05 19:21:01,717] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-04-05 19:21:01,717] DEBUG    config  ind_attribute_batch_size                    2500
[2023-04-05 19:21:01,717] DEBUG    config  event_save_memory_refresh_interval          180
[2023-04-05 19:21:01,717] DEBUG    config  max_threads                                 16
[2023-04-05 19:21:01,717] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-04-05 19:21:01,717] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-04-05 19:21:01,718] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_kill-chain                        True
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_information-security-data-source  True
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_type                              True
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_iep                               False
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_iep2                              True
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_iep2_version                      False
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_tlp                               True
[2023-04-05 19:21:01,718] DEBUG    config  taxonomic_workflow                          True
[2023-04-05 19:21:02,461] INFO     config  No configuration errors found (1 warning)
[2023-04-05 19:21:02,461] INFO     config  
[2023-04-05 19:21:02,461] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-04-05 19:21:02,461] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-04-05 19:21:02,461] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-04-05 19:21:02,461] INFO     config  
[2023-04-05 19:21:05,241] INFO     processor/main       BEGIN INDICATORS IMPORT
[2023-04-05 19:21:05,242] INFO     processor/main       Retrieving lookup data for import of CrowdStrike indicators into MISP.
[2023-04-05 19:21:05,619] INFO     processor/main       Adding 24 CrowdStrike indicator type events to MISP.
[2023-04-05 19:21:05,639] INFO     processor/main       Retrieved 0 CrowdStrike indicator malware family events from MISP.
[2023-04-05 19:21:05,728] INFO     processor/thread_8   Retrieved 309 bitcoin_address indicators from MISP.
[2023-04-05 19:21:05,736] INFO     processor/thread_12  Retrieved 495 registry indicators from MISP.
[2023-04-05 19:21:05,748] INFO     processor/thread_9   Retrieved 15 coin_address indicators from MISP.
[2023-04-05 19:21:06,002] INFO     processor/thread_3   Retrieved 1,770 hash_imphash indicators from MISP.
[2023-04-05 19:21:06,006] INFO     processor/thread_13  Retrieved 50 device_name indicators from MISP.
[2023-04-05 19:21:07,337] INFO     processor/thread_7   Retrieved 3,922 mutex_name indicators from MISP.
[2023-04-05 19:21:07,917] INFO     processor/thread_12  Retrieved 29 service_name indicators from MISP.
[2023-04-05 19:21:08,129] INFO     processor/thread_3   Retrieved 443 port indicators from MISP.
[2023-04-05 19:21:29,770] INFO     processor/thread_15  Retrieved 250 campaign_id indicators from MISP.
[2023-04-05 19:21:33,907] INFO     processor/thread_9   Retrieved 90,336 user_agent indicators from MISP.
[2023-04-05 19:21:40,469] INFO     processor/thread_4   Retrieved 201,108 file_name indicators from MISP.
[2023-04-05 19:21:45,887] INFO     processor/thread_5   Retrieved 201,108 file_path indicators from MISP.
[2023-04-05 19:21:59,117] INFO     processor/thread_2   Retrieved 412,705 hash_sha1 indicators from MISP.
[2023-04-05 19:22:08,775] INFO     processor/thread_10  Retrieved 65,980 email_address indicators from MISP.
[2023-04-05 19:23:52,617] INFO     processor/thread_14  Retrieved 1,611,349 domain indicators from MISP.
[2023-04-05 19:24:34,694] INFO     processor/thread_11  Retrieved 797,295 email_subject indicators from MISP.
[2023-04-05 19:28:23,455] INFO     processor/thread_1   Retrieved 2,807,413 hash_sha256 indicators from MISP.
[2023-04-05 19:30:26,405] INFO     processor/thread_0   Retrieved 3,351,444 hash_md5 indicators from MISP.
[2023-04-05 19:35:09,500] INFO     processor/thread_8   Retrieved 4,769,797 ip_address indicators from MISP.
[2023-04-05 20:02:58,184] INFO     processor/thread_6   Retrieved 16,365,828 url indicators from MISP.
[2023-04-05 20:03:23,340] INFO     processor/main       Found 0 pre-existing indicators within CrowdStrike reports.
[2023-04-05 20:03:51,666] INFO     processor/main       Starting import of CrowdStrike indicators into MISP.
[2023-04-05 20:05:09,132] INFO     processor/main       Retrieved 5,000 of 2,130,594 remaining indicators.
[2023-04-05 20:05:09,132] DEBUG    processor/main       Configuration states we should process batches of 2,500 indicators.
[2023-04-05 20:05:09,133] INFO     processor/main       Processing batch of 2,500 indicators.

<<>>

[2023-04-06 04:10:21,093] DEBUG    processor/thread_11  Tagged threat TARGETED
[2023-04-06 04:10:21,101] DEBUG    processor/thread_11  Added 99bfe2258817f3a9098cf69e90b2ade1f86bb0c6711ee40dcc2a5b9abc2f24ce indicators to event Malware Family: EggShellMilt
[2023-04-06 04:10:21,101] DEBUG    processor/thread_11  Creating attribute for indicator 99bfe2258817f3a9098cf69e90b2ade1f86bb0c6711ee40dcc2a5b9abc2f24ce
[2023-04-06 04:10:21,292] DEBUG    processor/thread_12  Added 698614eb8f717cb618055f8689360452ff9a3e21210b7327a3449b00ef527804 indicators to event Indicator Type: SHA256 hashes
[2023-04-06 04:10:21,292] DEBUG    processor/thread_12  Tagged malicious-confidence HIGH
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged malware CRAT
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck COLLECTION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck COLLECTION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck COLLECTION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck COMMANDANDCONTROL
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck COMMANDANDCONTROL
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck DEFENSEEVASION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck DEFENSEEVASION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck DEFENSEEVASION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck DISCOVERY
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck DISCOVERY
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck EXECUTION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck EXECUTION
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged mitre-attck INITIALACCESS
[2023-04-06 04:10:21,293] DEBUG    processor/thread_12  Tagged threat TARGETED
[2023-04-06 04:10:21,296] DEBUG    processor/thread_12  Added 698614eb8f717cb618055f8689360452ff9a3e21210b7327a3449b00ef527804 indicators to event Malware Family: CRAT
[2023-04-06 04:10:21,296] DEBUG    processor/thread_12  Creating attribute for indicator 698614eb8f717cb618055f8689360452ff9a3e21210b7327a3449b00ef527804
Traceback (most recent call last):
  File "misp_import.py", line 377, in <module>
    main()
  File "misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/importer.py", line 314, in import_from_crowdstrike
    self.indicators_importer.process_indicators(indicators_minutes_before)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 195, in process_indicators
    self.push_indicators(indicators_page)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 383, in push_indicators
    total, f_successes, f_failures, m_successes, m_failures = self.process_indicator_batch(batch)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 325, in process_indicator_batch
    if fut.result().get("feed"):
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 225, in indicator_thread
    feed_return, fam_return = self.add_indicator_event(ind, batch_lock) # All sharing the same lock
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/indicators.py", line 528, in add_indicator_event
    itype = IndicatorType[indicator.get('type', None).upper()].value
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/enum.py", line 387, in __getitem__
    return cls._member_map_[name]
KeyError: 'PERSONA_NAME'
(.ohm) [rx118r@md2nj02di:~/src/crowdstrike/MISP-tools-main]$

Adversaries import fails with AttributeError: 'NoneType' object has no attribute 'add_tag'

The Adversaries import process fails at the following step:

[2023-04-18 02:02:09,420] INFO     processor/main       Y  o  ||    \ |  |  | /  [_ |  D  )(   \_ Y  o  ||  D  ) |  T  /  [_(   \_
[2023-04-18 02:02:09,420] INFO     processor/main       |     ||  D  Y|  |  |Y    _]|    /  \__  T|     ||    /  |  | Y    _]\__  T
[2023-04-18 02:02:09,420] INFO     processor/main       |  _  ||     |l  :  !|   [_ |    \  /  \ ||  _  ||    \  |  | |   [_ /  \ |
[2023-04-18 02:02:09,420] INFO     processor/main       |  |  ||     | \   / |     T|  .  Y \    ||  |  ||  .  Y j  l |     T\    |
[2023-04-18 02:02:09,420] INFO     processor/main       l__j__jl_____j  \_/  l_____jl__j\_j  \___jl__j__jl__j\_j|____jl_____j \___j
[2023-04-18 02:02:09,420] INFO     processor/main
[2023-04-18 02:02:09,420] INFO     processor/main       Start importing CrowdStrike Adversaries as events into MISP (past 730 days).
[2023-04-18 02:02:09,421] INFO     processor/main       Retrieving all adversaries.
[2023-04-18 02:02:10,367] INFO     processor/main       Got 58 adversaries from the Crowdstrike Intel API.
[2023-04-18 02:02:11,705] WARNING  processor/thread_0   Adversary OCTANE PANDA missing field first_activity_date.
[2023-04-18 02:02:31,838] WARNING  pymisp/thread_0      The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
[2023-04-18 02:02:34,544] WARNING  processor/thread_2   Adversary DEMON SPIDER missing field first_activity_date.
[2023-04-18 02:02:34,544] WARNING  processor/thread_2   Adversary DEMON SPIDER missing field last_activity_date.
[2023-04-18 02:02:35,773] WARNING  processor/thread_2   Could not add or tag event ADV-203346 DEMON SPIDER (eCrime). Will retry in 0.3 seconds.
day is out of range for month: 0

[2023-04-18 02:02:38,926] WARNING  processor/thread_1   Adversary INTREPID JACKAL missing field first_activity_date.
[2023-04-18 02:02:38,926] WARNING  processor/thread_1   Adversary INTREPID JACKAL missing field last_activity_date.
[2023-04-18 02:02:41,025] WARNING  processor/thread_2   Adversary VAMPIRE SPIDER missing field last_activity_date.
[2023-04-18 02:02:41,026] WARNING  pymisp/thread_2      The value of the attribute you're trying to add is an empty string, skipping it. Object relation: alias
[2023-04-18 02:02:43,649] WARNING  processor/thread_1   Could not add or tag event ADV-137920 INTREPID JACKAL (Hacktivist). Will retry in 0.3 seconds.
day is out of range for month: 0
Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/misp/misp_import.py", line 377, in <module>
    main()
  File "/misp/misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/misp/cs_misp_import/importer.py", line 303, in import_from_crowdstrike
    self.actors_importer.process_actors(actors_days_before, self.event_ids)
  File "/misp/cs_misp_import/actors.py", line 153, in process_actors
    if fut.result():
       ^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/concurrent/futures/_base.py", line 449, in result
    return self.__get_result()
           ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/concurrent/futures/_base.py", line 401, in __get_result
    raise self._exception
  File "/usr/local/lib/python3.11/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/misp/cs_misp_import/actors.py", line 66, in batch_import_actors
    event: MISPEvent = self.create_event_from_actor(act, act_det)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/misp/cs_misp_import/actors.py", line 372, in create_event_from_actor
    kao.add_tag(f"CrowdStrike:adversary:branch: {actor_branch}")
    ^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'add_tag'

I am running MISP-tools as a Docker container (v0.6.8).

Obliterate Command returns "Invalid configuration specified, unable to continue."

Running the Obliterate command is returning an invalid error:

[2022-12-17 21:08:41,233] CRITICAL config authentication Invalid API credentials provided

Subsequent -cr, -ci commands work fine...

### (venv) [rx118r@md2nj01di:~/src/crowdstrike/MISP-tools-main]$ python3 misp_import.py --obliterate


๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ 


@@@  @@@  @@@   @@@@@@   @@@@@@@   @@@  @@@  @@@  @@@  @@@   @@@@@@@@  @@@
@@@  @@@  @@@  @@@@@@@@  @@@@@@@@  @@@@ @@@  @@@  @@@@ @@@  @@@@@@@@@  @@@
@@!  @@!  @@!  @@!  @@@  @@!  @@@  @@!@!@@@  @@!  @@!@!@@@  !@@        @@!
!@!  !@!  !@!  !@!  @!@  !@!  @!@  !@!!@!@!  !@!  !@!!@!@!  !@!        !@
@!!  !!@  @!@  @!@!@!@!  @!@!!@!   @!@ !!@!  !!@  @!@ !!@!  !@! @!@!@  @!@
!@!  !!!  !@!  !!!@!!!!  !!@!@!    !@!  !!!  !!!  !@!  !!!  !!! !!@!!  !!!
!!:  !!:  !!:  !!:  !!!  !!: :!!   !!:  !!!  !!:  !!:  !!!  :!!   !!:
:!:  :!:  :!:  :!:  !:!  :!:  !:!  :!:  !:!  :!:  :!:  !:!  :!:   !::  :!:
 :::: :: :::   ::   :::  ::   :::   ::   ::   ::   ::   ::   ::: ::::   ::
  :: :  : :     :   : :   :   : :  ::    :   :    ::    :    :: :: :   :::


๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ ๐Ÿ˜ฑ 

Obliterate is a destructive operation that will remove all CrowdStrike data
from your MISP instance. There is no going back once this process completes.

Are you sure you want to do this?

[Enter 'yes' to continue] ==> yes

         _.-^^---....,,---;
     _--/                  `--_
    <                        >)
    |        KA-BOOM!         |
     \._                   _./
        ```--. . , ; .--'''
              | |   |
           .-=||  | |=-.
           `-=#$%&%$#=-'
              | ;  :|
     _____.,-#%&$@%#&#~,._____
         COMMAND  ACCEPTED

[2022-12-17 21:08:41,224] INFO     misp_tools    
[2022-12-17 21:08:41,224] INFO     misp_tools    '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2022-12-17 21:08:41,224] INFO     misp_tools     ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2022-12-17 21:08:41,224] INFO     misp_tools     ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2022-12-17 21:08:41,224] INFO     misp_tools     ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2022-12-17 21:08:41,224] INFO     misp_tools     ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2022-12-17 21:08:41,224] INFO     misp_tools     ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2022-12-17 21:08:41,224] INFO     misp_tools     ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2022-12-17 21:08:41,224] INFO     misp_tools    ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2022-12-17 21:08:41,224] INFO     misp_tools               _____
[2022-12-17 21:08:41,224] INFO     misp_tools                /  '
[2022-12-17 21:08:41,224] INFO     misp_tools             ,-/-,__ __
[2022-12-17 21:08:41,224] INFO     misp_tools            (_/  (_)/ (_
[2022-12-17 21:08:41,225] INFO     misp_tools                         _______                        __ _______ __        __ __
[2022-12-17 21:08:41,225] INFO     misp_tools                        |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
[2022-12-17 21:08:41,225] INFO     misp_tools                        |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
[2022-12-17 21:08:41,225] INFO     misp_tools                        |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
[2022-12-17 21:08:41,225] INFO     misp_tools                        |:  1   |                         |:  1   |
[2022-12-17 21:08:41,225] INFO     misp_tools                        |::.. . |                         |::.. . |  Threat Intelligence v0.6.5
[2022-12-17 21:08:41,225] INFO     misp_tools                        `-------'                         `-------'
[2022-12-17 21:08:41,225] INFO     misp_tools    
[2022-12-17 21:08:41,225] INFO     config  
[2022-12-17 21:08:41,225] INFO     config  _______ _     _ _______ _______ _     _      _______  _____  __   _ _______ _____  ______
[2022-12-17 21:08:41,225] INFO     config  |       |_____| |______ |       |____/       |       |     | | \  | |______   |   |  ____
[2022-12-17 21:08:41,225] INFO     config  |_____  |     | |______ |_____  |    \_      |_____  |_____| |  \_| |       __|__ |_____|
[2022-12-17 21:08:41,225] INFO     config  
[2022-12-17 21:08:41,226] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2022-12-17 21:08:41,233] CRITICAL config  authentication                              Invalid API credentials provided
[2022-12-17 21:08:41,233] INFO     config  1 configuration error found (1 warning)
[2022-12-17 21:08:41,233] ERROR    config  
[2022-12-17 21:08:41,233] ERROR    config  ____ _  _ ____ ____ _  _ ____    ____ ____ _ _    ____ ___
[2022-12-17 21:08:41,233] ERROR    config  |    |__| |___ |    |_/  [__     |___ |__| | |    |___ |  \
[2022-12-17 21:08:41,233] ERROR    config  |___ |  | |___ |___ | \_ ___]    |    |  | | |___ |___ |__/
[2022-12-17 21:08:41,233] ERROR    config  
[2022-12-17 21:08:41,233] INFO     misp_tools    
[2022-12-17 21:08:41,233] INFO     misp_tools     _______  __  .__   __.  __       _______. __    __   _______  _______
[2022-12-17 21:08:41,233] INFO     misp_tools    |   ____||  | |  \ |  | |  |     /       ||  |  |  | |   ____||       \
[2022-12-17 21:08:41,233] INFO     misp_tools    |  |__   |  | |   \|  | |  |    |   (----`|  |__|  | |  |__   |  .--.  |
[2022-12-17 21:08:41,233] INFO     misp_tools    |   __|  |  | |  . `  | |  |     \   \    |   __   | |   __|  |  |  |  |
[2022-12-17 21:08:41,233] INFO     misp_tools    |  |     |  | |  |\   | |  | .----)   |   |  |  |  | |  |____ |  '--'  |
[2022-12-17 21:08:41,233] INFO     misp_tools    |__|     |__| |__| \__| |__| |_______/    |__|  |__| |_______||_______/
[2022-12-17 21:08:41,233] INFO     misp_tools    
Invalid configuration specified, unable to continue.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.