AttributeError: 'module' object has no attribute 'ThreatActor'

[xg5-simon]

Receive the following when converting MISP to STIX with a threat-actor type. Exporting the same event without a threat-actor type is successful. Same behaviour with campaign-name.

misp@misp:/home/MISP-STIX-Converter$ misp-to-stix.py -i 538 /usr/local/lib/python3.4/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'str' object. warnings.warn(msg) Traceback (most recent call last): File "/usr/local/bin/misp-to-stix.py", line 5, in pkg_resources.run_script('misp-stix-converter==0.2.7', 'misp-to-stix.py') File "/usr/lib/python3/dist-packages/pkg_resources.py", line 528, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python3/dist-packages/pkg_resources.py", line 1401, in run_script exec(script_code, namespace, namespace) File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/EGG-INFO/scripts/misp-to-stix.py", line 80, in File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/servers/misp.py", line 83, in pull File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/servers/misp.py", line 83, in File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/converters/convert.py", line 57, in MISPtoSTIX File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/converters/buildSTIXAttribute.py", line 143, in buildAttribute AttributeError: 'module' object has no attribute 'ThreatActor' misp@misp:/home/MISP-STIX-Converter$ pip3 list | grep -i stix misp-stix-converter (0.2.7) stix (1.2.0.2)

[FloatingGhost]

Fixed - STIX moved their ThreatActor class from common to core for some reason

Just run a git pull and you'll be sorted :)

[FloatingGhost]

oops, misclicked. Let me know if all works out :)

[xg5-simon]

Still getting the same attribute error on a fresh install. I'll take a closer at the STIX packages today.

[FloatingGhost]

Oops, yeah, I screwed up. Try pulling again ;)

[xg5-simon]

Different error this time. TypeError: argument of type 'MISPAttribute' is not iterable

/usr/local/lib/python3.4/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'str' object. warnings.warn(msg) Traceback (most recent call last): File "/usr/local/bin/misp-to-stix.py", line 5, in pkg_resources.run_script('misp-stix-converter==0.2.7', 'misp-to-stix.py') File "/usr/lib/python3/dist-packages/pkg_resources.py", line 528, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python3/dist-packages/pkg_resources.py", line 1401, in run_script exec(script_code, namespace, namespace) File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/EGG-INFO/scripts/misp-to-stix.py", line 80, in File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/servers/misp.py", line 83, in pull File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/servers/misp.py", line 83, in File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/converters/convert.py", line 57, in MISPtoSTIX File "/usr/local/lib/python3.4/dist-packages/misp_stix_converter-0.2.7-py3.4.egg/misp_stix_converter/converters/buildSTIXAttribute.py", line 145, in buildAttribute TypeError: argument of type 'MISPAttribute' is not iterable misp@misp:/home/MISP-STIX-Converter/misp_stix_converter$ pip3 list | grep -i stix misp-stix-converter (0.2.7) stix (1.2.0.2)

[FloatingGhost]

Fixed - seems when we migrated to MISPEvent one conversion line got missed :)

[xg5-simon]

Nice! Can confirm threat-actor attribute is working.

I use this MISP-STIX-Converter a lot, so happy to test when needed.

misp@misp:/home/MISP-STIX-Converter/misp_stix_converter$ misp-to-stix.py -i 538 /usr/local/lib/python3.4/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'str' object. warnings.warn(msg) {"observables": {"minor_version": 1, "major_version": 2, "update_version": 0}, "stix_header": {"title": "My Test Event"}, "campaigns": [{"related_ttps": {}, "timestamp": "2017-01-10T21:44:18.459980+00:00", "related_packages": {}, "id": "example:campaign-da0df256-e9df-4705-9ea6-e639d04058e7", "title": "Example Campaign", "related_incidents": {}, "related_indicators": {}}], "ttps": {"kill_chains": {}}, "id": "example:Package-d0dcc118-ec35-4cc6-ad0c-e3b3db9179bd", "threat_actors": [{"associated_actors": {}, "title": "Example Threat Actor", "timestamp": "2017-01-10T21:44:18.460537+00:00", "associated_campaigns": {}, "related_packages": {}, "observed_ttps": {}, "id": "example:threatactor-010c2aad-d860-4d63-a070-82c8bd00ad90"}], "version": "1.2", "indicators": [{"related_campaigns": {}, "suggested_coas": {}, "timestamp": "2017-01-10T21:44:18.457551+00:00", "kill_chain_phases": {}, "sightings": {}, "related_packages": {}, "id": "example:indicator-397bb2f5-79a5-479e-a328-ced40c0904cd", "observable": {"title": "IP Source", "object": {"properties": {"is_source": true, "is_destination": false, "address_value": "8.8.8.8", "xsi:type": "AddressObjectType"}, "id": "example:Address-d7b97ed8-c4bd-4ede-9c71-82f74c8de1bc"}, "id": "example:Observable-ad7bbe88-babc-43a0-bdfe-ddf23449135d"}, "related_indicators": {}}]} misp@misp:/home/MISP-STIX-Converter/misp_stix_converter$ pip3 list | grep -i stix misp-stix-converter (0.2.7) stix (1.2.0.2) cybox is terrible