Closed firebitsbr closed 4 years ago
Change "sample2@user.email" in sample.tsv to your account name, then try below command: python3 ./MISP-CSVImport.py -i ./sample.tsv --skip-header --ls "\r\n" (Delete '--cs " "' from the official command example, because the Column delimiter of sample.tsv is "\ t" which is default setting).
I'm sorry that I noticed it very late. it is necessary to match the user information in the TSV to be imported with the user information in const.py.
In addition, an error occurred when using this program in combination with the latest pymisp. This time, we have made it compatible with the latest pymisp, so please check with the latest version.
Hi. I am using for testing an MISP VM (MISP_v2.4.113@0f134ee.OVA) and installed MISP-Modules and pyMISP.
I git clone the source code and test the example, but I was unsuccessful, created a user with email sample1@user.email, because I figured it was allowed to access. Please what would be my mistake and what should I do to successfully run these scripts?
Att
Mauro Risonho de Paula Assumpção
Error:
root@misp:~/MISP-tools/MISP-CSVImport# ls const.py MISP-CSVImport.py pycache readme.md LICENSE.txt modules readme_jp.md sample.tsv
root@misp:~/MISP-tools/MISP-CSVImport# python3 ./MISP-CSVImport.py -i ./sample.tsv --skip-header --ls "\r\n" --cs " " Import file parsing skip header invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.lac.co.jp/english/report/2018/01/23_alert_01.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.jpcert.or.jp/magazine/acreport-plugx2.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 97763d25af878d73d19deabe9ea2d564 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 29cdae7dc2a7f7376a19e4de91b69c98 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 58ba2c0ed39d5c874a4933677508f5cc Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX php.marbletemps.com Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX bbs.donkeyhaws.info Network activity hostname PIPX 2017.9.20-12.6 invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX http.donkeyhaws.info Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https.osakaintec.com Network activity hostname PIPX -2017.12.6 invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 206.161.218.49 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 207.226.137.207 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 118.193.163.133 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample1@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 103.226.153.39 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.lac.co.jp/english/report/2018/01/23_alert_01.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.jpcert.or.jp/magazine/acreport-plugx2.html External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/ External analysis link
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 97763d25af878d73d19deabe9ea2d564 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 29cdae7dc2a7f7376a19e4de91b69c98 Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 58ba2c0ed39d5c874a4933677508f5cc Payload delivery md5 PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX php.marbletemps.com Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX bbs.donkeyhaws.info Network activity hostname PIPX 2017.9.20-12.6 invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX http.donkeyhaws.info Network activity hostname PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX https.osakaintec.com Network activity hostname PIPX -2017.12.6 invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 206.161.218.49 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 207.226.137.207 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 118.193.163.133 Network activity ip-dst PIPX
invalid formatsample.tsv: 2018/4/3 LAC sample2@user.email How PlugX is related to the APT attack group DragonOK tlp:white,OSINT APT DragonOK Poison Ivy,PlugX,PIPX 103.226.153.39 Network activity ip-dst PIPX
no import event