search

CrowdStrike / MISP-tools

Import CrowdStrike Threat Intelligence into your instance of MISP
MIT License
39 stars 10 forks source link

TypeError: 'NoneType' object is not subscriptable #100

Closed packet-rat closed 1 year ago

packet-rat commented 1 year ago

TypeError: 'NoneType' object is not subscriptable

line 334, in add_actor_detail

$ python3 misp_import.py --all -d

[2023-02-12 19:53:28,194] INFO     misp_tools    
[2023-02-12 19:53:28,194] INFO     misp_tools    '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2023-02-12 19:53:28,194] INFO     misp_tools     ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2023-02-12 19:53:28,194] INFO     misp_tools     ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2023-02-12 19:53:28,194] INFO     misp_tools     ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2023-02-12 19:53:28,195] INFO     misp_tools     ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2023-02-12 19:53:28,195] INFO     misp_tools     ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2023-02-12 19:53:28,195] INFO     misp_tools     ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2023-02-12 19:53:28,195] INFO     misp_tools    ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2023-02-12 19:53:28,195] INFO     misp_tools               _____
[2023-02-12 19:53:28,195] INFO     misp_tools                /  '
[2023-02-12 19:53:28,195] INFO     misp_tools             ,-/-,__ __
[2023-02-12 19:53:28,195] INFO     misp_tools            (_/  (_)/ (_
[2023-02-12 19:53:28,195] INFO     misp_tools                         _______                        __ _______ __        __ __
[2023-02-12 19:53:28,195] INFO     misp_tools                        |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
[2023-02-12 19:53:28,195] INFO     misp_tools                        |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
[2023-02-12 19:53:28,195] INFO     misp_tools                        |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
[2023-02-12 19:53:28,195] INFO     misp_tools                        |:  1   |                         |:  1   |
[2023-02-12 19:53:28,195] INFO     misp_tools                        |::.. . |                         |::.. . |  Threat Intelligence v0.6.6
[2023-02-12 19:53:28,195] INFO     misp_tools                        `-------'                         `-------'
[2023-02-12 19:53:28,195] INFO     misp_tools    
[2023-02-12 19:53:28,195] INFO     config  
[2023-02-12 19:53:28,195] INFO     config  _______ _     _ _______ _______ _     _      _______  _____  __   _ _______ _____  ______
[2023-02-12 19:53:28,195] INFO     config  |       |_____| |______ |       |____/       |       |     | | \  | |______   |   |  ____
[2023-02-12 19:53:28,195] INFO     config  |_____  |     | |______ |_____  |    \_      |_____  |_____| |  \_| |       __|__ |_____|
[2023-02-12 19:53:28,195] INFO     config  
[2023-02-12 19:53:28,196] DEBUG    config  client_id                                   value redacted, check config file
[2023-02-12 19:53:28,196] DEBUG    config  client_secret                               value redacted, check config file
[2023-02-12 19:53:28,196] DEBUG    config  crowdstrike_url                             US1
[2023-02-12 19:53:28,196] DEBUG    config  api_request_max                             5000
[2023-02-12 19:53:28,196] DEBUG    config  api_enable_ssl                              True
[2023-02-12 19:53:28,196] DEBUG    config  reports_timestamp_filename                  lastReportsUpdate.dat
[2023-02-12 19:53:28,197] DEBUG    config  indicators_timestamp_filename               lastIndicatorsUpdate.dat
[2023-02-12 19:53:28,197] DEBUG    config  actors_timestamp_filename                   lastActorsUpdate.dat
[2023-02-12 19:53:28,197] DEBUG    config  init_reports_days_before                    365
[2023-02-12 19:53:28,197] DEBUG    config  init_indicators_minutes_before              20220
[2023-02-12 19:53:28,197] DEBUG    config  init_actors_days_before                     365
[2023-02-12 19:53:28,197] DEBUG    config  reports_unique_tag                          CrowdStrike: REPORT
[2023-02-12 19:53:28,197] DEBUG    config  indicators_unique_tag                       CrowdStrike: INDICATOR
[2023-02-12 19:53:28,197] DEBUG    config  actors_unique_tag                           CrowdStrike: ADVERSARY
[2023-02-12 19:53:28,197] DEBUG    config  reports_tags                                att:source="Crowdstrike.Report"
[2023-02-12 19:53:28,197] DEBUG    config  indicators_tags                             att:source="Crowdstrike.Indicators"
[2023-02-12 19:53:28,197] DEBUG    config  actors_tags                                 att:source="Crowdstrike.Actors"
[2023-02-12 19:53:28,197] DEBUG    config  unknown_mapping                             CrowdStrike:indicator:galaxy: UNATTRIBUTED
[2023-02-12 19:53:28,197] DEBUG    config  unattributed_title                          Unattributed indicators:
[2023-02-12 19:53:28,197] DEBUG    config  indicator_type_title                        Indicator Type:
[2023-02-12 19:53:28,197] DEBUG    config  malware_family_title                        Malware Family:
[2023-02-12 19:53:28,197] DEBUG    config  log_duplicates_as_sightings                 True
[2023-02-12 19:53:28,197] DEBUG    config  misp_url                                    https://3samisp
[2023-02-12 19:53:28,197] DEBUG    config  misp_auth_key                               value redacted, check config file
[2023-02-12 19:53:28,197] DEBUG    config  crowdstrike_org_uuid                        ca4f4b5d-db04-4a5e-a6de-e60636dc01be
[2023-02-12 19:53:28,197] DEBUG    config  misp_enable_ssl                             False
[2023-02-12 19:53:28,197] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-02-12 19:53:28,197] DEBUG    config  ind_attribute_batch_size                    2500
[2023-02-12 19:53:28,197] DEBUG    config  event_save_memory_refresh_interval          180
[2023-02-12 19:53:28,197] DEBUG    config  max_threads                                 16
[2023-02-12 19:53:28,197] DEBUG    config  miss_track_file                             no_galaxy_mapping.log
[2023-02-12 19:53:28,197] DEBUG    config  galaxies_map_file                           galaxy.ini
[2023-02-12 19:53:28,198] DEBUG    config  tag_unknown_galaxy_maps                     True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_kill-chain                        True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_information-security-data-source  True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_type                              True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_iep                               False
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_iep2                              True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_iep2_version                      False
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_tlp                               True
[2023-02-12 19:53:28,198] DEBUG    config  taxonomic_workflow                          True
[2023-02-12 19:53:28,899] INFO     config  No configuration errors found (1 warning)
[2023-02-12 19:53:28,899] INFO     config  
[2023-02-12 19:53:28,899] INFO     config  ____ _  _ ____ ____ _  _ ____    ___  ____ ____ ____ ____ ___
[2023-02-12 19:53:28,899] INFO     config  |    |__| |___ |    |_/  [__     |__] |__| [__  [__  |___ |  \
[2023-02-12 19:53:28,899] INFO     config  |___ |  | |___ |___ | \_ ___]    |    |  | ___] ___] |___ |__/
[2023-02-12 19:53:28,899] INFO     config  
[2023-02-12 19:53:30,352] INFO     processor/main       
[2023-02-12 19:53:30,352] INFO     processor/main       _____ _______  _____   _____   ______ _______
[2023-02-12 19:53:30,352] INFO     processor/main         |   |  |  | |_____] |     | |_____/    |
[2023-02-12 19:53:30,352] INFO     processor/main       __|__ |  |  | |       |_____| |    \_    |
[2023-02-12 19:53:30,352] INFO     processor/main       
[2023-02-12 19:53:30,352] INFO     processor/main       
[2023-02-12 19:53:30,352] INFO     processor/main         ____  ___    __ __    ___  ____    _____  ____  ____   ____    ___  _____
[2023-02-12 19:53:30,352] INFO     processor/main        /    T|   \  |  T  |  /  _]|    \  / ___/ /    T|    \ l    j  /  _]/ ___/
[2023-02-12 19:53:30,352] INFO     processor/main       Y  o  ||    \ |  |  | /  [_ |  D  )(   \_ Y  o  ||  D  ) |  T  /  [_(   \_
[2023-02-12 19:53:30,352] INFO     processor/main       |     ||  D  Y|  |  |Y    _]|    /  \__  T|     ||    /  |  | Y    _]\__  T
[2023-02-12 19:53:30,353] INFO     processor/main       |  _  ||     |l  :  !|   [_ |    \  /  \ ||  _  ||    \  |  | |   [_ /  \ |
[2023-02-12 19:53:30,353] INFO     processor/main       |  |  ||     | \   / |     T|  .  Y \    ||  |  ||  .  Y j  l |     T\    |
[2023-02-12 19:53:30,353] INFO     processor/main       l__j__jl_____j  \_/  l_____jl__j\_j  \___jl__j__jl__j\_j|____jl_____j \___j
[2023-02-12 19:53:30,353] INFO     processor/main       
[2023-02-12 19:53:30,353] INFO     processor/main       Start importing CrowdStrike Adversaries as events into MISP (past 365 days).
[2023-02-12 19:53:30,353] INFO     processor/main       Retrieving all adversaries.
[2023-02-12 19:53:31,116] INFO     processor/main       Got 3 adversaries from the Crowdstrike Intel API.
[2023-02-12 19:53:32,152] DEBUG    processor/thread_0   Created adversary event for WANDERING SPIDER
[2023-02-12 19:53:32,155] DEBUG    processor/thread_1   Created adversary event for VETO SPIDER
[2023-02-12 19:53:32,160] DEBUG    processor/thread_2   Created adversary event for ROYAL SPIDER
[2023-02-12 19:53:33,146] INFO     processor/main       Completed import of 3 CrowdStrike adversaries into MISP.
[2023-02-12 19:53:33,146] INFO     processor/main       Finished importing CrowdStrike Adversaries as events into MISP.
[2023-02-12 19:53:33,146] INFO     processor/main       Completed import of adversaries into MISP in 2.79 seconds
[2023-02-12 19:53:33,146] INFO     processor/main       
[2023-02-12 19:53:33,146] INFO     processor/main        ____     ___  ____    ___   ____  ______  _____
[2023-02-12 19:53:33,146] INFO     processor/main       |    \   /  _]|    \  /   \ |    \|      T/ ___/
[2023-02-12 19:53:33,146] INFO     processor/main       |  D  ) /  [_ |  o  )Y     Y|  D  )      (   \_
[2023-02-12 19:53:33,146] INFO     processor/main       |    / Y    _]|   _/ |  O  ||    /l_j  l_j\__  T
[2023-02-12 19:53:33,146] INFO     processor/main       |    \ |   [_ |  |   |     ||    \  |  |  /  \ |
[2023-02-12 19:53:33,146] INFO     processor/main       |  .  Y|     T|  |   l     !|  .  Y |  |  \    |
[2023-02-12 19:53:33,146] INFO     processor/main       l__j\_jl_____jl__j    \___/ l__j\_j l__j   \___j
[2023-02-12 19:53:33,146] INFO     processor/main       
[2023-02-12 19:53:33,147] INFO     processor/main       Starting import of CrowdStrike Threat Intelligence reports as events (past 365 days).
[2023-02-12 19:53:33,147] INFO     processor/main       Retrieving all available report types.
[2023-02-12 19:53:47,524] INFO     processor/main       Retrieved 182 total reports from the Crowdstrike Intel API.
[2023-02-12 19:53:47,524] INFO     processor/main       Found 2092 pre-existing CrowdStrike reports within the MISP instance.
[2023-02-12 19:53:59,160] INFO     processor/main       Retrieved extended report details for 167 reports.
[2023-02-12 19:54:08,444] INFO     processor/main       2421 related indicators found.
[2023-02-12 19:54:08,446] DEBUG    processor/thread_1   Retrieved 9 indicators detailed within report CSIT-23013
[2023-02-12 19:54:08,458] DEBUG    processor/thread_8   Retrieved 2 indicators detailed within report CSA-230071
[2023-02-12 19:54:08,494] DEBUG    processor/thread_9   Retrieved 20 indicators detailed within report CSA-230093
[2023-02-12 19:54:08,524] DEBUG    processor/thread_10  Retrieved 13 indicators detailed within report CSA-230100
[2023-02-12 19:54:08,690] DEBUG    processor/thread_4   CSA-230090 Pro-Russia Hacktivists Conduct DDoS Attacks Against Estonia and European Defense Company in Retaliation for Ukraine Aid report created.
[2023-02-12 19:54:08,693] DEBUG    processor/thread_6   CSA-230097 North African Hacktivism: November and December 2022 Activity Update report created.
[2023-02-12 19:54:08,696] DEBUG    processor/thread_2   CSA-230056 Founder of Bitzlato Cryptocurrency Exchange Arrested; Charged by DOJ with Unlicensed Money Transmitting report created.
[2023-02-12 19:54:08,701] DEBUG    processor/thread_2   Retrieved 21 indicators detailed within report CSA-230089
[2023-02-12 19:54:08,705] DEBUG    processor/thread_8   CSA-230071 Actor Exploits CVE-2021-40438 to Obtain Cloud Credentials; Steals S3 Data, Requests Ransom, then Leaks Data report created.
[2023-02-12 19:54:08,720] DEBUG    processor/thread_8   Retrieved 49 indicators detailed within report CSA-230098
[2023-02-12 19:54:08,745] DEBUG    processor/thread_14  CSA-230105 Pro-Russia Hacktivists Claim DDoS of Czechia-Based Software Company report created.
[2023-02-12 19:54:08,754] DEBUG    processor/thread_7   CSDR-23014 CrowdStrike Intelligence Daily Report Day of 24 January 2023 report created.
[2023-02-12 19:54:08,761] DEBUG    processor/thread_1   CSIT-23013 Malware Analysis of Ducktail Stealer report created.
[2023-02-12 19:54:08,767] DEBUG    processor/thread_12  CSA-230106 Pro-Russia Hacktivists Announce New Campaign Against Germany Over Military Support for Ukraine report created.
[2023-02-12 19:54:08,852] DEBUG    processor/thread_10  CSA-230100 New Updates Identified in Rekram Downloader: Configuration Format and Payload Obfuscation report created.
[2023-02-12 19:54:08,867] DEBUG    processor/thread_13  CSA-230103 Pro-Turkey Hacktivist Activity Targets Swedish Entities After Quran Burned at Protest report created.
[2023-02-12 19:54:08,868] DEBUG    processor/thread_13  Retrieved 22 indicators detailed within report CSA-230107
[2023-02-12 19:54:08,897] DEBUG    processor/thread_9   CSA-230093 Russia Announces Investments in Arctic Digital Infrastructure report created.
[2023-02-12 19:54:08,985] DEBUG    processor/thread_2   CSA-230089 Industry Reporting Details FortiOS CVE-2022-49475 Exploitation By Likely China-Nexus Actor report created.
[2023-02-12 19:54:09,062] DEBUG    processor/thread_8   CSA-230098 Ducktail Stealer Updates Email List Used for Facebook Business Account Takeover report created.
[2023-02-12 19:54:09,169] DEBUG    processor/thread_13  CSA-230107 “X-Crypts” Crypting Service Advertised on eCrime Forums, Several Samples Observed in Wild report created.
[2023-02-12 19:54:09,170] DEBUG    processor/thread_13  Retrieved 20 indicators detailed within report CSA-230096
[2023-02-12 19:54:09,196] DEBUG    processor/thread_8   CSA-230085 Actor Uses Likely Webserver Exploit to Achieve Access to Cloud Machine; Steals Cloud Credentials report created.
[2023-02-12 19:54:09,279] DEBUG    processor/thread_0   CSDR-23013 CrowdStrike Intelligence Daily Report Day of 23 January 2023 report created.
[2023-02-12 19:54:09,365] DEBUG    processor/thread_13  CSA-230096 Fake Installer Distributed via SEO Poisoning Delivers Python-Based Information Stealer report created.
[2023-02-12 19:54:09,462] DEBUG    processor/thread_13  CSA-230123 Pro-Russia Hacktivist Group Threatens Likely Bomb Hoax Campaign Against Baltic States report created.
[2023-02-12 19:54:09,625] DEBUG    processor/thread_1   Retrieved 45 indicators detailed within report CSA-230104
[2023-02-12 19:54:09,662] DEBUG    processor/thread_15  CSDR-23015 CrowdStrike Intelligence Daily Report Day of 25 January 2023 report created.
[2023-02-12 19:54:09,666] DEBUG    processor/thread_6   CSA-230109 SCATTERED SPIDER Presents First Extortion Demand report created.
[2023-02-12 19:54:09,668] DEBUG    processor/thread_6   Retrieved 6 indicators detailed within report CSA-230099
[2023-02-12 19:54:09,685] DEBUG    processor/thread_7   CSA-230116 Law Enforcement Seizes HIVE SPIDER’s Dedicated Leak Site and Victim Negotiation Portal report created.
[2023-02-12 19:54:09,774] DEBUG    processor/thread_3   Retrieved 3 indicators detailed within report CSIT-23008
[2023-02-12 19:54:09,793] DEBUG    processor/thread_7   CSA-230110 Intelligence Recon Report: Week of 23 January 2023 report created.
[2023-02-12 19:54:09,826] DEBUG    processor/thread_12  Retrieved 16 indicators detailed within report CSA-230102
[2023-02-12 19:54:09,849] DEBUG    processor/thread_2   Retrieved 34 indicators detailed within report CSA-230115
[2023-02-12 19:54:09,890] DEBUG    processor/thread_6   CSA-230099 Analysis of the AvantGarde Infection Chain Suggests Update Server Supply-Chain Compromise report created.
[2023-02-12 19:54:10,002] DEBUG    processor/thread_3   CSIT-23008 Unit 32065 in the Northern Theater Command: Ties to KARMA PANDA's Unit 65016 and Jinan MR TRB Unit 72959 report created.
[2023-02-12 19:54:10,004] DEBUG    processor/thread_3   Retrieved 14 indicators detailed within report CSA-230122
[2023-02-12 19:54:10,020] DEBUG    processor/thread_11  Retrieved 37 indicators detailed within report CSA-230091
[2023-02-12 19:54:10,046] DEBUG    processor/thread_1   CSA-230104 Industry Reporting Describes VELVET CHOLLIMA Phishing Campaign Targeting Cryptocurrency Investors report created.
[2023-02-12 19:54:10,089] DEBUG    processor/thread_12  CSA-230102 Analysis of Hive Ransomware Version 6.0; Changes Made to Address Previously Identified Cryptographic Flaw report created.
[2023-02-12 19:54:10,116] DEBUG    processor/thread_10  Retrieved 49 indicators detailed within report CSA-230108
[2023-02-12 19:54:10,145] DEBUG    processor/thread_1   CSIT-22088 CyclopsBlink: Retrospective Analysis of CVE-2022-26318 and WatchGuard Intrusion-Vector Timelines report created.
[2023-02-12 19:54:10,147] DEBUG    processor/thread_1   Retrieved 1 indicators detailed within report CSA-230127
[2023-02-12 19:54:10,211] DEBUG    processor/thread_2   CSA-230115 PRIMITIVE BEAR Baryonyx Campaign Targets Eastern European NATO-Member Countries report created.
[2023-02-12 19:54:10,216] DEBUG    processor/thread_9   Retrieved 28 indicators detailed within report CSA-230082
[2023-02-12 19:54:10,254] DEBUG    processor/thread_3   CSA-230122 Sample Tied to Iranian Operator of RCRU64 Ransomware-as-a-Service Deployed at North American Electronics Manufacturing Company report created.
[2023-02-12 19:54:10,264] DEBUG    processor/thread_1   CSA-230127 Threat Actor Leverages pingb[.]in After Exploiting Vulnerable ManageEngine Servers report created.
[2023-02-12 19:54:10,363] DEBUG    processor/thread_11  CSA-230091 Threat Actor Leverages SMOKY SPIDER's Smoke Bot to Deliver Probable SCATTERED SPIDER BlackLotus Bootkit Installers report created.
[2023-02-12 19:54:10,374] DEBUG    processor/thread_3   CSA-230121 Hacktivists Who Targeted Korean Government Networks Affiliated with Samsung Hackers report created.
[2023-02-12 19:54:10,398] DEBUG    processor/thread_0   Retrieved 24 indicators detailed within report CSIT-23036
[2023-02-12 19:54:10,411] DEBUG    processor/thread_7   Retrieved 19 indicators detailed within report CSA-230124
[2023-02-12 19:54:10,464] DEBUG    processor/thread_11  CSA-230101 Chinese Hacktivist Group Claims Breach of South Korean Government Networks report created.
[2023-02-12 19:54:10,472] DEBUG    processor/thread_3   CSA-230112 Pro-Russia Hacktivists Claim DDoS Attacks Against German Government, Financial Sector, and Airports in Retaliatory Campaign report created.
[2023-02-12 19:54:10,482] DEBUG    processor/thread_9   CSA-230082 HAZY TIGER Likely Targets Entities Across Asia With Malicious Compressed HTML Files report created.
[2023-02-12 19:54:10,484] DEBUG    processor/thread_9   Retrieved 14 indicators detailed within report CSIT-23040
[2023-02-12 19:54:10,499] DEBUG    processor/thread_10  CSA-230108 STARDUST CHOLLIMA Continues Targeting Financial Technology Sector with LNK Infection Chain report created.
[2023-02-12 19:54:10,559] DEBUG    processor/thread_8   CSA-230119 Multiple Law Enforcement Agencies Announce International Operation Targeting HIVE SPIDER report created.
[2023-02-12 19:54:10,677] DEBUG    processor/thread_7   CSA-230124 MIRAGE TIGER Remains Active as of Early 2023; Continues Use of Various Infrastructure Administration Accounts report created.
[2023-02-12 19:54:10,689] DEBUG    processor/thread_9   CSIT-23040 Browser Extension-Based Banking Trojan Mozart: Authorship and Technical Details report created.
[2023-02-12 19:54:10,757] DEBUG    processor/thread_0   CSIT-23036 CARBON SPIDER’s JSSXLoader Infection Chain report created.
[2023-02-12 19:54:11,004] DEBUG    processor/thread_4   CSA-230081 BRAIN SPIDER Linked to RADAR Ransomware; User Publicizes RADAR and Other RaaS Victims on Criminal Forum report created.
[2023-02-12 19:54:11,033] DEBUG    processor/thread_6   CSA-230117 UK NCSC Releases Details of GOSSAMER BEAR Credential-Phishing Operations report created.
[2023-02-12 19:54:11,338] DEBUG    processor/thread_3   Retrieved 16 indicators detailed within report CSA-230086
[2023-02-12 19:54:11,366] DEBUG    processor/thread_10  Retrieved 52 indicators detailed within report CSA-230111
[2023-02-12 19:54:11,647] DEBUG    processor/thread_3   CSA-230086 PROPHET SPIDER Compromises Tableau and GoAnywhere Servers via SQL Processes report created.
[2023-02-12 19:54:11,656] DEBUG    processor/thread_1   CSIT-23021 VETO SPIDER Adversary Profile: eCrime Actor Offers Access, Exploits, and Tooling for Sale report created.
[2023-02-12 19:54:11,697] DEBUG    processor/thread_0   Retrieved 75 indicators detailed within report CSIT-23018
[2023-02-12 19:54:11,728] DEBUG    processor/thread_11  CSA-230114 FBI Attributes June 2022 Harmony Bridge Breach to DPRK Adversary; Associated Malware and Cryptocurrency Laundering Tradecraft are Consistent with LABYRINTH CHOLLIMA Activity report created.
[2023-02-12 19:54:11,731] DEBUG    processor/thread_4   Retrieved 35 indicators detailed within report CSIT-23032
[2023-02-12 19:54:11,749] DEBUG    processor/thread_8   Retrieved 4 indicators detailed within report CSIT-23030
[2023-02-12 19:54:11,814] DEBUG    processor/thread_10  CSA-230111 BLIND SPIDER Continues to Target Colombia-Based Users; Distributes Quasar RAT report created.
[2023-02-12 19:54:11,817] DEBUG    processor/thread_1   CSA-230132 Killnet and Affiliates Claim DDoS Attacks in Ongoing Campaign Against Western Healthcare Entities report created.
[2023-02-12 19:54:11,819] DEBUG    processor/thread_1   Retrieved 2 indicators detailed within report CSA-230133
[2023-02-12 19:54:11,840] DEBUG    processor/thread_15  Retrieved 5 indicators detailed within report CSDR-23017
[2023-02-12 19:54:11,926] DEBUG    processor/thread_8   CSIT-23030 Technical Analysis of BokBot's Hidden VNC Module report created.
[2023-02-12 19:54:11,986] DEBUG    processor/thread_14  CSDR-23016 CrowdStrike Intelligence Daily Report Day of 26 January 2023 report created.
[2023-02-12 19:54:11,988] DEBUG    processor/thread_14  Retrieved 61 indicators detailed within report CSIT-23052
[2023-02-12 19:54:12,008] INFO     processor/thread_1   50 reports imported (0 reports skipped, 0 errors).
[2023-02-12 19:54:12,009] DEBUG    processor/thread_1   CSA-230133 ArcLocker Ransomware Operators Establish Dedicated Leak Site and Offer Victim Data for Sale report created.
[2023-02-12 19:54:12,010] DEBUG    processor/thread_1   Retrieved 5 indicators detailed within report CSIT-23017
[2023-02-12 19:54:12,018] DEBUG    processor/thread_7   Retrieved 6 indicators detailed within report CSIT-23011
[2023-02-12 19:54:12,084] DEBUG    processor/thread_9   CSIT-23026 Royal Ransomware Technical Analysis report created.
[2023-02-12 19:54:12,123] DEBUG    processor/thread_4   CSIT-23032 Make 5 Million in 5 Minutes: Analysis of a LABYRINTH CHOLLIMA SparkDownloader Infection Chain Targeting the FinTech Sector report created.
[2023-02-12 19:54:12,136] DEBUG    processor/thread_15  CSDR-23017 CrowdStrike Intelligence Daily Report Day of 27 January 2023 report created.
[2023-02-12 19:54:12,151] DEBUG    processor/thread_0   CSIT-23018 Technical Analysis of PRIMITIVE BEAR’s EvilGnome RAT report created.
[2023-02-12 19:54:12,168] DEBUG    processor/thread_1   CSIT-23017 Technical Analysis of White Rabbit Ransomware and its Cryptographic Flaw report created.
[2023-02-12 19:54:12,180] DEBUG    processor/thread_3   Retrieved 3 indicators detailed within report CSA-230130
[2023-02-12 19:54:12,194] DEBUG    processor/thread_6   Retrieved 67 indicators detailed within report CSIT-23016
[2023-02-12 19:54:12,264] DEBUG    processor/thread_7   CSIT-23011 RICOCHET CHOLLIMA: Technical Analysis of CloudMensis report created.
[2023-02-12 19:54:12,361] DEBUG    processor/thread_2   CSDR-23018 CrowdStrike Intelligence Daily Report Day of 30 January 2023 report created.
[2023-02-12 19:54:12,368] DEBUG    processor/thread_3   CSA-230130 Novel Golang Wiper SwiftSlicer Allegedly Targets Ukraine report created.
[2023-02-12 19:54:12,384] DEBUG    processor/thread_14  CSIT-23052 Softserve, Retrograde, and 9002: Malware Linked to Targeted Intrusion Activity at East Asian Entity report created.
[2023-02-12 19:54:12,391] DEBUG    processor/thread_7   CSA-230135 China’s Cyberspace Administration Buys Stake in Alibaba: Government’s “Golden Shares” Signal Shift in Big Tech Oversight report created.
[2023-02-12 19:54:12,442] DEBUG    processor/thread_11  CSDR-23019 CrowdStrike Intelligence Daily Report Day of 31 January 2023 report created.
[2023-02-12 19:54:12,462] DEBUG    processor/thread_13  Retrieved 36 indicators detailed within report CSIT-23047
[2023-02-12 19:54:12,481] DEBUG    processor/thread_9   Retrieved 45 indicators detailed within report CSIT-23057
[2023-02-12 19:54:12,484] DEBUG    processor/thread_3   CSIT-23046 Pro-Azerbaijan Hacktivism in 2022 and Geopolitical Context report created.
[2023-02-12 19:54:12,577] DEBUG    processor/thread_8   Retrieved 5 indicators detailed within report CSA-230129
[2023-02-12 19:54:12,602] DEBUG    processor/thread_15  Retrieved 21 indicators detailed within report CSIT-23006
[2023-02-12 19:54:12,629] DEBUG    processor/thread_6   CSIT-23016 Analysis of VICE SPIDER’s SocksProxyGo report created.
[2023-02-12 19:54:12,631] DEBUG    processor/thread_6   Retrieved 28 indicators detailed within report CSIT-23022
[2023-02-12 19:54:12,746] DEBUG    processor/thread_13  CSIT-23047 Analysis of PROPHET SPIDER’s Ishmael Proxy report created.
[2023-02-12 19:54:12,758] DEBUG    processor/thread_0   Retrieved 35 indicators detailed within report CSIT-23045
[2023-02-12 19:54:12,799] DEBUG    processor/thread_8   CSA-230129 CERT-UA Provides Further Context of VOODOO BEAR Destructive Attack Against Ukrainian Media Organization report created.
[2023-02-12 19:54:12,859] DEBUG    processor/thread_15  CSIT-23006 MIRAGE TIGER: Technical Analysis of VajraRAT Android RAT report created.
[2023-02-12 19:54:12,879] DEBUG    processor/thread_9   CSIT-23057 RFile: Malware Linked to Historical WICKED PANDA Activity report created.
[2023-02-12 19:54:12,883] DEBUG    processor/thread_13  CSA-230141 Azerbaijani Hacktivist Group Defaces Iranian Websites After Attack on Azeri Embassy in Tehran report created.
[2023-02-12 19:54:12,885] DEBUG    processor/thread_9   Retrieved 12 indicators detailed within report CSA-230126
[2023-02-12 19:54:12,888] DEBUG    processor/thread_4   Retrieved 70 indicators detailed within report CSIT-23010
[2023-02-12 19:54:12,947] DEBUG    processor/thread_6   CSIT-23022 Salve LATAM Banking Trojan: Main Component report created.
[2023-02-12 19:54:12,949] DEBUG    processor/thread_6   Retrieved 2 indicators detailed within report CSA-230137
[2023-02-12 19:54:12,962] DEBUG    processor/thread_11  Retrieved 14 indicators detailed within report CSA-230131
[2023-02-12 19:54:12,984] DEBUG    processor/thread_2   CSIT-23064 Profile of BOSS SPIDER Operator Faramarz Shahi Savandi and Assessment of Current Activities report created.
[2023-02-12 19:54:13,062] DEBUG    processor/thread_0   CSIT-23045 Technical Analysis of a New Variant of SCULLY SPIDER’S DanaBot Loader report created.
[2023-02-12 19:54:13,076] DEBUG    processor/thread_1   Retrieved 9 indicators detailed within report CSIT-23037
[2023-02-12 19:54:13,091] DEBUG    processor/thread_9   CSA-230126 Spam Campaign Uses Malicious OneNote Files to Deliver AsyncRAT report created.
[2023-02-12 19:54:13,092] DEBUG    processor/thread_9   Retrieved 5 indicators detailed within report CSA-230145
[2023-02-12 19:54:13,096] DEBUG    processor/thread_6   CSA-230137 Known Ransomware Actor Leverages Trojanized Software Package to Gain Initial Access to Victim Organization report created.
[2023-02-12 19:54:13,113] DEBUG    processor/thread_7   Retrieved 12 indicators detailed within report CSA-230134
[2023-02-12 19:54:13,163] DEBUG    processor/thread_0   CSA-230143 Disinformation Campaigns Observed Against January 2023 Czech Presidential Elections report created.
[2023-02-12 19:54:13,243] DEBUG    processor/thread_11  CSA-230131 LABYRINTH CHOLLIMA Targets Defense Sector with SecurePDF Malicious PDF Reader report created.
[2023-02-12 19:54:13,244] DEBUG    processor/thread_11  Retrieved 45 indicators detailed within report CSA-230153
[2023-02-12 19:54:13,271] DEBUG    processor/thread_15  Retrieved 49 indicators detailed within report CSIT-23054
[2023-02-12 19:54:13,287] DEBUG    processor/thread_14  CSIT-23053 Pro-Turkey Hacktivist Activity Year-in-Review 2022 report created.
[2023-02-12 19:54:13,302] DEBUG    processor/thread_1   CSIT-23037 Kazuar’s Updated On-Disk Storage report created.
[2023-02-12 19:54:13,317] DEBUG    processor/thread_6   CSA-230154 Pro-Palestine Hacktivist Group Electronic Quds Force Claims Israeli Chemical Factory Industrial Control Systems Compromise report created.
[2023-02-12 19:54:13,328] DEBUG    processor/thread_4   CSIT-23010 EMISSARY PANDA: RShell Updates Indicate Ongoing Development report created.
[2023-02-12 19:54:13,344] DEBUG    processor/thread_9   CSA-230145 Amadey Distributes New, Completely Rewritten Version of Amadey Stealer report created.
[2023-02-12 19:54:13,369] DEBUG    processor/thread_7   CSA-230134 Oracle E-Business Suite Vulnerability CVE-2022-21587 Exploited in the Wild report created.
[2023-02-12 19:54:13,416] DEBUG    processor/thread_1   CSA-230155 IT Army of Ukraine Claims Leak of Sensitive Gazprom Files report created.
[2023-02-12 19:54:13,425] DEBUG    processor/thread_2   Retrieved 34 indicators detailed within report CSA-230144
[2023-02-12 19:54:13,507] DEBUG    processor/thread_7   CSA-230162 Killnet and Affiliated Russian Groups Continue DDoS Campaign Against U.S. Healthcare Entities report created.
[2023-02-12 19:54:13,521] DEBUG    processor/thread_1   CSA-230159 South Korea to Sanction North Korean Cyber Actors for the First Time report created.
[2023-02-12 19:54:13,523] DEBUG    processor/thread_1   Retrieved 33 indicators detailed within report CSA-230136
[2023-02-12 19:54:13,556] DEBUG    processor/thread_3   CSIT-23029 Overview of Ongoing SAMBA SPIDER Mispadu Campaigns Targeting LATAM-Based Entities report created.
[2023-02-12 19:54:13,557] DEBUG    processor/thread_3   Retrieved 82 indicators detailed within report CSA-230165
[2023-02-12 19:54:13,601] DEBUG    processor/thread_11  CSA-230153 Summary of Shindig Execution Task Updates report created.
[2023-02-12 19:54:13,604] DEBUG    processor/thread_8   Retrieved 25 indicators detailed within report CSA-230092
[2023-02-12 19:54:13,667] DEBUG    processor/thread_15  CSIT-23054 PIRATE PANDA Deploys MsmRat Version 2.46-2 in Campaign Targeting Russia and Ukraine report created.
[2023-02-12 19:54:13,669] DEBUG    processor/thread_15  Retrieved 5 indicators detailed within report CSA-230152
[2023-02-12 19:54:13,715] DEBUG    processor/thread_2   CSA-230144 MALLARD SPIDER Campaign Leverages Malicious OneNote Documents; TTPs Consistent with Recent Campaigns report created.
[2023-02-12 19:54:13,717] DEBUG    processor/thread_2   Retrieved 15 indicators detailed within report CSA-230149
[2023-02-12 19:54:13,736] DEBUG    processor/thread_6   Retrieved 15 indicators detailed within report CSA-230118
[2023-02-12 19:54:13,792] DEBUG    processor/thread_1   CSA-230136 Commodity Malware Aurora Stealer Likely Distributed in Campaigns Impersonating Legitimate Installers report created.
[2023-02-12 19:54:13,898] DEBUG    processor/thread_15  CSA-230152 Phobos Operator Deploys Tooling from Self-Extracting Archive; Deploys Remote Monitoring Tool report created.
[2023-02-12 19:54:13,900] DEBUG    processor/thread_15  Retrieved 29 indicators detailed within report CSA-230158
[2023-02-12 19:54:13,904] DEBUG    processor/thread_1   CSA-230138 ArcLocker Ransomware Operators Observed Paying for Illicit VPN Service, Access Broker, and Other Services report created.
[2023-02-12 19:54:13,918] DEBUG    processor/thread_1   Retrieved 16 indicators detailed within report CSA-230167
[2023-02-12 19:54:13,943] DEBUG    processor/thread_8   CSA-230092 TRACER KITTEN Intrusions Leveraging DNSDAT Observed at Multiple South Asian Telecommunications Providers Throughout January 2023 report created.
[2023-02-12 19:54:13,948] DEBUG    processor/thread_2   CSA-230149 Vohuk Ransomware-as-a-Service Recruits Affiliates Within Iranian eCrime Communities with Limited Success report created.
[2023-02-12 19:54:14,011] DEBUG    processor/thread_6   CSA-230118 Likely SILENT CHOLLIMA Activity Deploys AnanasRAT in Opportunistic Targeting of North American Food Services Sector; Malware Previously Observed at North American Manufacturing Sector Entity in 2022 report created.
[2023-02-12 19:54:14,012] DEBUG    processor/thread_6   Retrieved 34 indicators detailed within report CSA-230146
[2023-02-12 19:54:14,037] DEBUG    processor/thread_13  CSDR-23020 CrowdStrike Intelligence Daily Report Day of 1 February 2023 report created.
[2023-02-12 19:54:14,057] DEBUG    processor/thread_3   CSA-230165 GildedShovel Activity Cluster Likely Targets Arabic-Speaking Entities; Associated with Historical Activity Targeting Egyptian Civil Society Organizations report created.
[2023-02-12 19:54:14,058] DEBUG    processor/thread_3   Retrieved 65 indicators detailed within report CSA-230160
[2023-02-12 19:54:14,095] DEBUG    processor/thread_14  Retrieved 104 indicators detailed within report CSA-230066
[2023-02-12 19:54:14,134] DEBUG    processor/thread_11  Retrieved 5 indicators detailed within report CSA-230040
[2023-02-12 19:54:14,147] DEBUG    processor/thread_13  CSA-230166 Japan Creates Working Group for Offensive Cyber Operations and Bolsters Cooperation with NATO report created.
[2023-02-12 19:54:14,157] DEBUG    processor/thread_8   CSDR-23022 CrowdStrike Intelligence Daily Report Day of 3 February 2023 report created.
[2023-02-12 19:54:14,197] DEBUG    processor/thread_1   CSA-230167 Pro-Turkey Hacktivists Conduct Spear-Phishing Operations Likely Using AsyncRAT in Response to Quran Burnings in Sweden and Denmark report created.
[2023-02-12 19:54:14,249] INFO     processor/thread_15  100 reports imported (0 reports skipped, 0 errors).
[2023-02-12 19:54:14,250] DEBUG    processor/thread_15  CSA-230158 Malvertising Campaigns Continue to Deliver Gozi ISFB and RedLine Stealer report created.
[2023-02-12 19:54:14,276] DEBUG    processor/thread_13  CSA-230147 Intelligence Recon Report: Week of 30 January 2023 report created.
[2023-02-12 19:54:14,308] DEBUG    processor/thread_6   CSA-230146 Multiple Operators Have Begun Distributing Shindig Again report created.
[2023-02-12 19:54:14,311] DEBUG    processor/thread_9   CSA-230151 QuantumBuilder Developer Advertises Malicious OneNote Builder report created.
[2023-02-12 19:54:14,314] DEBUG    processor/thread_6   Retrieved 39 indicators detailed within report CSA-230120
[2023-02-12 19:54:14,347] DEBUG    processor/thread_11  CSA-230040 SCATTERED SPIDER Likely Deploys Vulnerable Software to Sabotage Gateways and Enable Exploitation report created.
[2023-02-12 19:54:14,507] DEBUG    processor/thread_3   CSA-230160 Shindig’s Anti-Analysis Functionality: Follow-Up Analysis report created.
[2023-02-12 19:54:14,527] DEBUG    processor/thread_11  CSA-230163 Netherlands and Japan Agree to Join U.S. in Restricting Semiconductor Manufacturing Equipment Exports to China report created.
[2023-02-12 19:54:14,529] DEBUG    processor/thread_11  Retrieved 55 indicators detailed within report CSA-230168
[2023-02-12 19:54:14,612] DEBUG    processor/thread_6   CSA-230120 New Shindig Build Reintroduces Persistence and Anti-Analysis Functionality report created.
[2023-02-12 19:54:14,779] DEBUG    processor/thread_4   CSDR-23021 CrowdStrike Intelligence Daily Report Day of 2 February 2023 report created.
[2023-02-12 19:54:14,781] DEBUG    processor/thread_4   Retrieved 5 indicators detailed within report CSA-230173
[2023-02-12 19:54:14,836] DEBUG    processor/thread_2   CSA-230140 SCATTERED SPIDER Likely Continues to Expand Technology Sector Target Scope report created.
[2023-02-12 19:54:14,839] DEBUG    processor/thread_2   Retrieved 2 indicators detailed within report CSDR-23023
[2023-02-12 19:54:14,857] DEBUG    processor/thread_14  CSA-230066 Suspected Cobalt Strike Intrusion Targets East Asia-Based Chemical Company; Activity Associated with Separately Observed Infrastructure Cluster and Historical WICKED PANDA Operations report created.
[2023-02-12 19:54:14,867] DEBUG    processor/thread_11  CSA-230168 RepeatingUmbra Continues Credential-Phishing Campaigns; Observed TTPs Overlap with FANCY BEAR report created.
[2023-02-12 19:54:14,872] DEBUG    processor/thread_0   Retrieved 26 indicators detailed within report CSA-230128
[2023-02-12 19:54:14,948] DEBUG    processor/thread_4   CSA-230173 Probable Exploitation of CVE-2022-47986 IBM Aspera Faspex Deserialization Flaw report created.
[2023-02-12 19:54:14,962] DEBUG    processor/thread_1   Retrieved 22 indicators detailed within report CSA-230161
[2023-02-12 19:54:15,046] DEBUG    processor/thread_4   CSIT-23023 Western Cyber Aid and Cooperation with Ukraine Around 2022 Russian Invasion report created.
[2023-02-12 19:54:15,048] DEBUG    processor/thread_4   Retrieved 66 indicators detailed within report CSA-230150
[2023-02-12 19:54:15,076] DEBUG    processor/thread_2   CSDR-23023 CrowdStrike Intelligence Daily Report Day of 6 February 2023 report created.
[2023-02-12 19:54:15,079] DEBUG    processor/thread_9   Retrieved 44 indicators detailed within report CSA-230139
[2023-02-12 19:54:15,080] DEBUG    processor/thread_2   Retrieved 11 indicators detailed within report CSA-230178
[2023-02-12 19:54:15,126] DEBUG    processor/thread_0   CSA-230128 QUILTED TIGER Targets Chinese Universities in Likely Credential-Harvesting Operation report created.
[2023-02-12 19:54:15,228] DEBUG    processor/thread_1   CSA-230161 New Rekram Downloader Spam Campaign Includes OneNote File Attachments; Downloads Netwire and Pouter RATs report created.
[2023-02-12 19:54:15,230] DEBUG    processor/thread_1   Retrieved 3 indicators detailed within report CSIT-23034
[2023-02-12 19:54:15,322] DEBUG    processor/thread_2   CSA-230178 eCrime Actors Continue Shift to Using OneNote Files; Shindig Latest Threat Distributed Using OneNote File report created.
[2023-02-12 19:54:15,324] DEBUG    processor/thread_2   Retrieved 13 indicators detailed within report CSA-230176
[2023-02-12 19:54:15,364] DEBUG    processor/thread_5   Retrieved 55 indicators detailed within report CSA-230174
[2023-02-12 19:54:15,395] DEBUG    processor/thread_1   CSIT-23034 Black Basta ESXi Cryptographic Weaknesses Allows Full Decryption report created.
[2023-02-12 19:54:15,397] DEBUG    processor/thread_1   Retrieved 8 indicators detailed within report CSA-230170
[2023-02-12 19:54:15,452] DEBUG    processor/thread_3   Retrieved 6 indicators detailed within report CSA-230142
[2023-02-12 19:54:15,467] DEBUG    processor/thread_4   CSA-230150 Unattributed Threat Actor Targeting Telecommunications Services Continues Using Backdoored OpenSSH Client report created.
[2023-02-12 19:54:15,503] DEBUG    processor/thread_9   CSA-230139 LABYRINTH CHOLLIMA Utilizes ISO-Based Employment Assessments to Deploy Pulsar Downloader and KeyTheme report created.
[2023-02-12 19:54:15,513] DEBUG    processor/thread_8   Retrieved 8 indicators detailed within report CSA-230164
[2023-02-12 19:54:15,544] DEBUG    processor/thread_2   CSA-230176 RedLine Stealer Delivered Using Google and Dropbox Links report created.
[2023-02-12 19:54:15,570] DEBUG    processor/thread_4   CSIT-23056 Analysis of VMware Virtual Infrastructure Attack Vectors report created.
[2023-02-12 19:54:15,584] DEBUG    processor/thread_1   CSA-230170 Amadey Distributes Amadey Clipper, New Cryptocurrency Clipjacking Module report created.
[2023-02-12 19:54:15,585] DEBUG    processor/thread_1   Retrieved 91 indicators detailed within report CSA-230148
[2023-02-12 19:54:15,619] DEBUG    processor/thread_9   CSA-230186 Anonymous Sudan Claims High-Profile Western Government Target in String of Alleged DDoS Attacks report created.
[2023-02-12 19:54:15,651] DEBUG    processor/thread_7   Retrieved 3 indicators detailed within report CSA-230157
[2023-02-12 19:54:15,663] DEBUG    processor/thread_14  Retrieved 1 indicators detailed within report CSA-230171
[2023-02-12 19:54:15,678] DEBUG    processor/thread_3   CSA-230142 HERMIT SPIDER Customer Uses PrivateLoader to Deliver Ficker Stealer in Late January 2023 Amidst Decrease in PrivateLoader Loads report created.
[2023-02-12 19:54:15,680] DEBUG    processor/thread_3   Retrieved 6 indicators detailed within report CSA-230189
[2023-02-12 19:54:15,695] DEBUG    processor/thread_11  Retrieved 7 indicators detailed within report CSA-230172
[2023-02-12 19:54:15,709] DEBUG    processor/thread_5   CSA-230174 ScarletSpiral Updates Dropper and Downloader; Campaign Spans November 2022 to January 2023 report created.
[2023-02-12 19:54:15,720] DEBUG    processor/thread_8   CSA-230164 VICE SPIDER Continues High-Tempo Activity Targeting Academic Sector; Deploys RedAlertLocker report created.
[2023-02-12 19:54:15,813] DEBUG    processor/thread_14  CSA-230171 SCATTERED SPIDER Uses Bitsadmin to Download Plink and Ngrok, Continues Targeting Cellular Providers report created.
[2023-02-12 19:54:15,826] DEBUG    processor/thread_15  Retrieved 10 indicators detailed within report CSA-230169
[2023-02-12 19:54:15,836] DEBUG    processor/thread_5   CSIT-23043 Overview of N3ww4v3 Ransomware and Associated TTPs report created.
[2023-02-12 19:54:15,838] DEBUG    processor/thread_5   Retrieved 33 indicators detailed within report CSIT-23049
[2023-02-12 19:54:15,857] DEBUG    processor/thread_8   CSA-230175 Cybercriminals Continue to Rely on Cloud-Based Log Sellers report created.
[2023-02-12 19:54:15,862] DEBUG    processor/thread_3   CSA-230189 ESXiArgs Campaign Targeting ESXi Hosts; Likely Exploiting CVE-2021-21974 or CVE-2020-3992 report created.
[2023-02-12 19:54:15,866] DEBUG    processor/thread_9   CSIR-23002 Overview of Guacamaya’s “Fuerzas Represivas” Campaign report created.
[2023-02-12 19:54:15,868] DEBUG    processor/thread_3   Retrieved 1 indicators detailed within report CSA-230194
[2023-02-12 19:54:15,881] DEBUG    processor/thread_7   CSA-230157 LockBit GREEN Observed at Two U.S.-Based Food and Beverage Entities; Overlap with Leaked Conti Source Code report created.
[2023-02-12 19:54:15,925] DEBUG    processor/thread_11  CSA-230172 RECESS SPIDER Uses New Exfiltration TTPs, Continues Targeting Microsoft Exchange Servers report created.
[2023-02-12 19:54:15,937] DEBUG    processor/thread_14  CSA-230193 January 2023 Summary of Pro-Russia Hacktivist Activity report created.
[2023-02-12 19:54:15,938] DEBUG    processor/thread_14  Retrieved 11 indicators detailed within report CSA-230192
[2023-02-12 19:54:15,982] DEBUG    processor/thread_13  CSA-230156 ALPHA SPIDER Responds to HIVE SPIDER Disruption in Announcement to Affiliates report created.
[2023-02-12 19:54:16,046] DEBUG    processor/thread_15  CSA-230169 LUNAR SPIDER Reportedly Adopts OneNote Files to Distribute BokBot report created.
[2023-02-12 19:54:16,058] DEBUG    processor/thread_3   CSA-230194 GoAnywhere Zero-Day Vulnerability (CVE-2023-0669) Actively Exploited report created.
[2023-02-12 19:54:16,059] DEBUG    processor/thread_3   Retrieved 28 indicators detailed within report CSA-230183
[2023-02-12 19:54:16,088] DEBUG    processor/thread_1   CSA-230148 Cobalt Strike Campaign Leverages Fastly CDN Domain Fronting; Uses Custom RFile Malware-Based Downloader Linked to WICKED PANDA report created.
[2023-02-12 19:54:16,097] DEBUG    processor/thread_11  CSA-230181 Anonymous-Affiliated Hacktivists Conduct #OpPeru Campaign in Support of Protestors report created.
[2023-02-12 19:54:16,148] DEBUG    processor/thread_14  CSA-230192 New Version of Satacom Downloader Uses RC4 Encryption for Data Obfuscation report created.
[2023-02-12 19:54:16,178] DEBUG    processor/thread_5   CSIT-23049 Malware Analysis of ColdStealer report created.
[2023-02-12 19:54:16,183] DEBUG    processor/thread_0   CSA-230177 CURIOUS JACKAL Advertises Sale of South American Web Hosting Company Access and Backup Data report created.
[2023-02-12 19:54:16,198] DEBUG    processor/thread_11  CSA-230207 Russia’s Gazprom Media Holding Stops Adding Content to YouTube Amid Government Push Towards Russian Alternatives report created.
[2023-02-12 19:54:16,240] DEBUG    processor/thread_1   CSA-230195 Purportedly Inauthentic Vietnamese Social Media Accounts Support Israeli Government’s Judicial Overhaul Plan report created.
[2023-02-12 19:54:16,268] DEBUG    processor/thread_2   CSDR-23024 CrowdStrike Intelligence Daily Report Day of 7 February 2023 report created.
[2023-02-12 19:54:16,269] DEBUG    processor/thread_2   Retrieved 42 indicators detailed within report CSA-230198
[2023-02-12 19:54:16,350] DEBUG    processor/thread_4   Retrieved 10 indicators detailed within report CSA-230182
[2023-02-12 19:54:16,408] DEBUG    processor/thread_3   CSA-230183 Updated Apolog Shellcode Loaders Deliver New Version of Satacom Downloader report created.
[2023-02-12 19:54:16,540] DEBUG    processor/thread_4   CSA-230182 BokBot Disables Chrome Root Store to Allow Man-in-the-Middle Attacks report created.
[2023-02-12 19:54:16,568] DEBUG    processor/thread_2   CSA-230198 Increase in BianLian Ransomware Activity Observed Since Late 2022 report created.
[2023-02-12 19:54:16,664] INFO     processor/thread_2   150 reports imported (0 reports skipped, 0 errors).
[2023-02-12 19:54:16,664] DEBUG    processor/thread_2   CSA-230190 AresLoader Advertised on Russian-Language Underground Forum report created.
[2023-02-12 19:54:16,666] DEBUG    processor/thread_2   Retrieved 8 indicators detailed within report CSA-230196
[2023-02-12 19:54:16,686] DEBUG    processor/thread_7   Retrieved 9 indicators detailed within report CSA-230197
[2023-02-12 19:54:16,729] DEBUG    processor/thread_13  CSIT-23041 Overview of Karakurt Team DLS and Activity in 2022 report created.
[2023-02-12 19:54:16,824] DEBUG    processor/thread_2   CSA-230196 New PixPirate Mobile Banking Trojan Targets Users from Latin American Financial Institutions report created.
[2023-02-12 19:54:16,842] DEBUG    processor/thread_7   CSA-230197 Active Malspam Campaign Delivering Malicious OneNote Downloaders report created.
[2023-02-12 19:54:16,903] DEBUG    processor/thread_15  Retrieved 6 indicators detailed within report CSA-230202
[2023-02-12 19:54:16,985] DEBUG    processor/thread_5   CSA-230211 Seven Members of WIZARD SPIDER Sanctioned by UK FCDO and U.S. OFAC; U.S. DNJ Unseals Indictment Against Key WIZARD SPIDER Member report created.
[2023-02-12 19:54:17,033] DEBUG    processor/thread_3   Retrieved 28 indicators detailed within report CSA-230205
[2023-02-12 19:54:17,080] DEBUG    processor/thread_7   CSDR-23027 CrowdStrike Intelligence Daily Report Day of 10 February 2023 report created.
[2023-02-12 19:54:17,089] DEBUG    processor/thread_14  Retrieved 3 indicators detailed within report CSA-230199
[2023-02-12 19:54:17,102] DEBUG    processor/thread_5   CSA-230214 Intelligence Recon Report: Week of 6 February 2023 report created.
[2023-02-12 19:54:17,107] DEBUG    processor/thread_15  CSA-230202 FRONTLINE JACKAL Continues Likely Opportunistic Activity in Early 2023 report created.
[2023-02-12 19:54:17,109] DEBUG    processor/thread_5   Retrieved 38 indicators detailed within report CSA-230213
[2023-02-12 19:54:17,131] DEBUG    processor/thread_1   Retrieved 7 indicators detailed within report CSIT-23065
[2023-02-12 19:54:17,182] DEBUG    processor/thread_11  CSA-230203 Nevada Ransomware Advertises Ransomware-as-a-Service Program; Seeks to Recruit HIVE SPIDER Affiliates report created.
[2023-02-12 19:54:17,184] DEBUG    processor/thread_11  Retrieved 26 indicators detailed within report CSA-230185
[2023-02-12 19:54:17,224] DEBUG    processor/thread_7   CSIT-23063 China’s Demonstration Project for Building World-Class Cybersecurity Colleges: Strengthening PANDA Talent report created.
[2023-02-12 19:54:17,226] DEBUG    processor/thread_7   Retrieved 57 indicators detailed within report CSA-230210
[2023-02-12 19:54:17,264] DEBUG    processor/thread_14  CSA-230199 UK Politician Discloses Email Account Compromise via Credential Phishing; Activity Attributed to GOSSAMER BEAR report created.
[2023-02-12 19:54:17,300] DEBUG    processor/thread_3   CSA-230205 New OneNote Spam Campaign Uses JavaScript to Download BokBot report created.
[2023-02-12 19:54:17,334] DEBUG    processor/thread_1   CSIT-23065 CHRONO KITTEN Uses Updated MasterTape Malware Throughout 2022 report created.
[2023-02-12 19:54:17,398] DEBUG    processor/thread_3   CSA-230216 Raccoon Stealer Vendor Banned on Two Different Underground Forums; Unconfirmed Claims of Cryptocurrency Theft from Customers report created.
[2023-02-12 19:54:17,423] DEBUG    processor/thread_11  CSA-230185 Recently Observed RustSimpleLoader Sample Likely Developed and Used by LATAM-Based Criminal Actors report created.
[2023-02-12 19:54:17,443] DEBUG    processor/thread_5   CSA-230213 DoubleColonBatchLoader Delivered Using OneNote Files; Likely Being Used by Multiple Access Brokers report created.
[2023-02-12 19:54:17,523] DEBUG    processor/thread_2   Retrieved 10 indicators detailed within report CSA-230206

[2023-02-12 19:54:17,523] DEBUG    processor/thread_2   Retrieved 10 indicators detailed within report CSA-230206
[2023-02-12 19:54:17,562] DEBUG    processor/thread_7   CSA-230210 Early 2023 SaltedEarth Activity Likely Targets European Embassy in Kazakhstan, CIS Entities report created.
[2023-02-12 19:54:17,662] DEBUG    processor/thread_0   CSDR-23026 CrowdStrike Intelligence Daily Report Day of 9 February 2023 report created.
[2023-02-12 19:54:17,666] DEBUG    processor/thread_14  Retrieved 17 indicators detailed within report CSA-230188
[2023-02-12 19:54:17,701] DEBUG    processor/thread_2   CSA-230206 HERMIT SPIDER Customer Uses PrivateLoader to Distribute Aurora Stealer report created.
[2023-02-12 19:54:17,718] DEBUG    processor/thread_1   Retrieved 63 indicators detailed within report CSA-230212
[2023-02-12 19:54:17,830] DEBUG    processor/thread_13  CSA-230184 Industry Reporting Details HAYWIRE KITTEN Operations Targeting French Magazine Charlie Hebdo report created.
[2023-02-12 19:54:17,833] DEBUG    processor/thread_4   Retrieved 3 indicators detailed within report CSA-230180
[2023-02-12 19:54:17,895] DEBUG    processor/thread_14  CSA-230188 Concurrent Targeted Intrusions at Southeast Asian Telecommunications Entity; PHANTOM PANDA and Unattributed Actors Identified report created.
[2023-02-12 19:54:18,017] DEBUG    processor/thread_4   CSA-230180 Industry Report Details Use of AnanasRAT in Q4 2022 SILENT CHOLLIMA Intrusion; Operation Allegedly Exhibits Links to VELVET CHOLLIMA report created.
[2023-02-12 19:54:18,127] DEBUG    processor/thread_1   CSA-230212 SCULLY SPIDER’s DanaBot Distributed via Unclaimed Property Websites report created.
[2023-02-12 19:54:18,234] DEBUG    processor/thread_9   CSDR-23025 CrowdStrike Intelligence Daily Report Day of 8 February 2023 report created.
[2023-02-12 19:54:18,869] DEBUG    processor/thread_3   CSIR-23001 Strategic Support Force Recruitment in the Central Theater Command: Unit 32081 and the Technical Reconnaissance Base report created.
[2023-02-12 19:54:18,892] DEBUG    processor/thread_15  Retrieved 12 indicators detailed within report CSA-230217
[2023-02-12 19:54:19,006] DEBUG    processor/thread_8   CSIT-23028 Overview of Observed Russian False Flag Operations report created.
[2023-02-12 19:54:19,075] DEBUG    processor/thread_15  CSA-230217 BokBot Delivers Older Versions of Second-Stage Core Module report created.
[2023-02-12 19:54:21,338] DEBUG    processor/thread_10  CSIR-22022 Sector Report: Trends in Targeting of the Industrials and Engineering Sector report created.
[2023-02-12 19:54:23,907] DEBUG    processor/thread_12  CSWR-23004 CrowdStrike Intelligence Weekly Report: Week of 01/21/2023 report created.
[2023-02-12 19:54:24,660] DEBUG    processor/thread_6   CSWR-23005 CrowdStrike Intelligence Weekly Report: Week of 01/28/2023 report created.
[2023-02-12 19:54:27,948] DEBUG    processor/thread_11  CSWR-23006 CrowdStrike Intelligence Weekly Report: Week of 02/04/2023 report created.
Traceback (most recent call last):
  File "misp_import.py", line 377, in <module>
    main()
  File "misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/importer.py", line 308, in import_from_crowdstrike
    self.reports_importer.process_reports(reports_days_before, self.event_ids)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 311, in process_reports
    reported.update(fut.result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 146, in batch_import_reports
    event: MISPEvent = self.create_event_from_report(report, rpt_detail, ind_list)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 538, in create_event_from_report
    event = self.add_actor_detail(report, event)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 334, in add_actor_detail
    actor_detail = actor_detail["body"]["resources"][0]
TypeError: 'NoneType' object is not subscriptable
packet-rat commented 1 year ago

Perhaps more succinct:

python3 misp_import.py -r


[2023-02-12 20:00:23,976] INFO     misp_tools    
[2023-02-12 20:00:23,976] INFO     misp_tools    '##::::'##:'####::'######::'########:::::'########::'#######:::'#######::'##::::::::'######::
[2023-02-12 20:00:23,976] INFO     misp_tools     ###::'###:. ##::'##... ##: ##.... ##::::... ##..::'##.... ##:'##.... ##: ##:::::::'##... ##:
[2023-02-12 20:00:23,976] INFO     misp_tools     ####'####:: ##:: ##:::..:: ##:::: ##::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::: ##:::..::
[2023-02-12 20:00:23,976] INFO     misp_tools     ## ### ##:: ##::. ######:: ########:::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::. ######::
[2023-02-12 20:00:23,976] INFO     misp_tools     ##. #: ##:: ##:::..... ##: ##.....::::::::: ##:::: ##:::: ##: ##:::: ##: ##::::::::..... ##:
[2023-02-12 20:00:23,976] INFO     misp_tools     ##:.:: ##:: ##::'##::: ##: ##:::::::::::::: ##:::: ##:::: ##: ##:::: ##: ##:::::::'##::: ##:
[2023-02-12 20:00:23,976] INFO     misp_tools     ##:::: ##:'####:. ######:: ##:::::::::::::: ##::::. #######::. #######:: ########:. ######::
[2023-02-12 20:00:23,976] INFO     misp_tools    ..:::::..::....:::......:::..:::::::::::::::..::::::.......::::.......:::........:::......:::
[2023-02-12 20:00:23,976] INFO     misp_tools               _____
[2023-02-12 20:00:23,976] INFO     misp_tools                /  '
[2023-02-12 20:00:23,976] INFO     misp_tools             ,-/-,__ __
[2023-02-12 20:00:23,976] INFO     misp_tools            (_/  (_)/ (_
[2023-02-12 20:00:23,976] INFO     misp_tools                         _______                        __ _______ __        __ __
[2023-02-12 20:00:23,976] INFO     misp_tools                        |   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
[2023-02-12 20:00:23,976] INFO     misp_tools                        |.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
[2023-02-12 20:00:23,976] INFO     misp_tools                        |.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
[2023-02-12 20:00:23,976] INFO     misp_tools                        |:  1   |                         |:  1   |
[2023-02-12 20:00:23,976] INFO     misp_tools                        |::.. . |                         |::.. . |  Threat Intelligence v0.6.6

[2023-02-12 20:00:23,977] WARNING  config  misp_enable_ssl                             SSL is disabled for MISP API requests
[2023-02-12 20:00:24,470] INFO     config  No configuration errors found (1 warning)

[2023-02-12 20:00:25,921] INFO     processor/main       Starting import of CrowdStrike Threat Intelligence reports as events (past 365 days).
[2023-02-12 20:00:25,922] INFO     processor/main       Retrieving all available report types.
[2023-02-12 20:00:42,391] INFO     processor/main       Retrieved 182 total reports from the Crowdstrike Intel API.
[2023-02-12 20:00:42,391] INFO     processor/main       Found 2217 pre-existing CrowdStrike reports within the MISP instance.
[2023-02-12 20:00:44,606] INFO     processor/main       Retrieved extended report details for 2 reports.
[2023-02-12 20:00:45,395] INFO     processor/main       0 related indicators found.
Traceback (most recent call last):
  File "misp_import.py", line 377, in <module>
    main()
  File "misp_import.py", line 356, in main
    importer.import_from_crowdstrike(int(settings["CrowdStrike"]["init_reports_days_before"]),
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/importer.py", line 308, in import_from_crowdstrike
    self.reports_importer.process_reports(reports_days_before, self.event_ids)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 311, in process_reports
    reported.update(fut.result())
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 437, in result
    return self.__get_result()
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
  File "/opt/rh/rh-python38/root/usr/lib64/python3.8/concurrent/futures/thread.py", line 57, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 146, in batch_import_reports
    event: MISPEvent = self.create_event_from_report(report, rpt_detail, ind_list)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 538, in create_event_from_report
    event = self.add_actor_detail(report, event)
  File "/home/rx118r/src/crowdstrike/MISP-tools-main/cs_misp_import/reports.py", line 334, in add_actor_detail
    actor_detail = actor_detail["body"]["resources"][0]
TypeError: 'NoneType' object is not subscriptable
packet-rat commented 1 year ago

I just discovered a newer version and retested - seems to work now...