search

malpedia / feedback

Public Issue tracker to gather feedback for and allow discussions around Malpedia
31 stars 3 forks source link

Malpedia OpenCTI connector fails to import due to missing STIX-Domain-Object #39

Open faustus25 opened 1 year ago

faustus25 commented 1 year ago

Describe the bug Malpedia connector for OpenCTI not working due to STIX issues

To Reproduce

INFO:root:Creating Identity {Malpedia}. INFO:root:starting Malpedia connector... INFO:root:current Malpedia version: 16218 INFO:root:loaded state: {} INFO:root:running importers INFO:root:running Knowledge importer with state: {} INFO:root:Reading Marking-Definition {marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9}. INFO:root:Reading Marking-Definition {marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da}. INFO:root:Reading Marking-Definition {marking-definition--f88d31f6-486f-44da-b317-01333bde0b82}. INFO:root:Reading Marking-Definition {marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed}. INFO:root:Processing malware family: aix.fastcash INFO:root:Processing malware family: aix.fastcash INFO:root:Listing Malwares with filters [{"key": "name", "values": ["FastCash"]}]. INFO:root:Listing Malwares with filters [{"key": "aliases", "values": ["FastCash"]}]. INFO:root:Tag 'FastCash' does not reference malware INFO:root:Listing Malwares with filters [{"key": "name", "values": ["aix.fastcash"]}]. INFO:root:Listing Malwares with filters [{"key": "aliases", "values": ["aix.fastcash"]}]. INFO:root:Tag 'aix.fastcash' does not reference malware INFO:root:Reading Marking-Definition {marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9}. INFO:root:Creating Malware {FastCash}. INFO:root:Creating External Reference {Malpedia}. INFO:root:Adding External-Reference {ada1969f-477e-4c47-9b4e-a2e1cbc87c91} to Stix-Domain-Object {d1ca16b4-7653-4f19-b6e8-01ff523df348} ERROR:root:Cannot add the relation, Stix-Domain-Object cannot be found. ERROR:root:{'name': 'FunctionalError', 'message': 'Cannot add the relation, Stix-Domain-Object cannot be found.'}

Expected behavior The STIX domain object should be available for each entity to be imported into OpenCTI.

Additional context Running the latest version of OpenCTI.

danielplohmann commented 1 year ago

Hi!

Thanks for the notification about this issue! We ourselves are not involved with the maintenance of the OpenCTI connector, so it's hard to tell what's going wrong there, especially since we didn't change any formats on our side.

I guess the more appropriate location to track this issue would be over at the OpenCTI connectors issue tracker.