search

yeti-platform / yeti

Your Everyday Threat Intelligence
https://yeti-platform.io/
Apache License 2.0
1.67k stars 282 forks source link

A little problem with BambenekOsintIpmaster feed #548

Closed dumprop closed 4 years ago

dumprop commented 4 years ago

Description

Somelines in BambenekOsintIpmaster have a comma in description, it raise exception because there will be length > 6 ( https://github.com/yeti-platform/yeti/blob/master/plugins/feeds/public/bambenek_osint_ipmaster.py#L36) IMG_20200122_113923_471

How we should deal with them?

Steps to Reproduce

  1. git clone the repo and install it
  2. Update BambenekOsintIpmaster feed
  3. observe stacktrace

Expected behavior

Parse all lines well

Actual behavior

It have exception on these (~40) lines: adqtlgeawsqjalq.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded**,** it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt dqrdpnir.com,71.39.242.144,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt fcbxfthmyeveaqyweds.us,199.167.133.251,ns1.fcbxfthmyeveaqyweds.us|ns2.fcbxfthmyeveaqyweds.us|ns3.fcbxfthmyeveaqyweds.us|ns4.fcbxfthmyeveaqyweds.us|ns5.fcbxfthmyeveaqyweds.us|ns6.fcbxfthmyeveaqyweds.us|ns7.fcbxfthmyeveaqyweds.us|ns8.fcbxfthmyeveaqyweds.us,199.167.133.251,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt fjymsooxideovg.pro,122.19.62.1,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt fnvyoviti.pw,104.109.57.101,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt fryvmya.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt fvehumt.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt gbmcdoraio.com,64.135.13.214,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt gpkstqasieculnww.pro,122.97.15.67,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt grldxljvgsdftfnmd.pro,124.155.42.193,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt gwxaipoqxvgfwbsr.eu,205.151.243.115,ns1.gwxaipoqxvgfwbsr.eu|ns2.gwxaipoqxvgfwbsr.eu|ns3.gwxaipoqxvgfwbsr.eu|ns4.gwxaipoqxvgfwbsr.eu|ns5.gwxaipoqxvgfwbsr.eu|ns6.gwxaipoqxvgfwbsr.eu|ns7.gwxaipoqxvgfwbsr.eu|ns8.gwxaipoqxvgfwbsr.eu,205.151.243.115,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt hhhvajwygigildt.com,,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt ixgaquixmtqdcxlbexdh.pw,,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt jojvvklauyspbh.pw,106.109.55.6,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt jpkvcrfyxadr.com,64.111.145.54,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt juivhlqllcopxovbqhcql.pw,106.181.158.65,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt jwbyftfn.pw,109.253.56.33,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt kghuylysobypq.pw,109.149.226.64,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt lbojscgh.pw,108.133.230.225,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt ltqxkigatgc.pw,110.229.127.129,dns1.registrar-servers.com|dns2.registrar-servers.com,156.154.132.200|156.154.133.200,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt ohnbjixitdlvl.eu,228.122.10.58,ns1.ohnbjixitdlvl.eu|ns2.ohnbjixitdlvl.eu|ns3.ohnbjixitdlvl.eu|ns4.ohnbjixitdlvl.eu|ns5.ohnbjixitdlvl.eu|ns6.ohnbjixitdlvl.eu|ns7.ohnbjixitdlvl.eu|ns8.ohnbjixitdlvl.eu,228.122.10.58,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt pihtpvuvyipoc.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt pndgkngc.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt pqobrlqbtdv.com,65.103.252.242,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt qgfhblihpbxlfltfp.pro,122.187.152.36,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt qmcaqcndpfdx.com,,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt rgkbeljryx.com,64.135.235.144,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt sqywrirk.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt tmlhwpeidxbtpan.net,,ns1.markmonitor.com|ns2.markmonitor.com|ns3.markmonitor.com,,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt trbbttpkqiljuxjraok.pro,,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt uwvnrhjbawjddfb.eu,229.186.156.120,ns1.uwvnrhjbawjddfb.eu|ns2.uwvnrhjbawjddfb.eu|ns3.uwvnrhjbawjddfb.eu|ns4.uwvnrhjbawjddfb.eu|ns5.uwvnrhjbawjddfb.eu|ns6.uwvnrhjbawjddfb.eu|ns7.uwvnrhjbawjddfb.eu|ns8.uwvnrhjbawjddfb.eu,229.186.156.120,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt vqxqwhjocddrqgowc.us,,,,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt vvneyjdkkhbejjtybycfs.pro,130.245.197.7,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt wdwvtgfh.pro,121.43.61.229,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt weuhenlm.com,70.63.91.55,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt wountvi.pro,124.97.64.132,ns1.mwrlabs.co.uk|ns2.mwrlabs.co.uk,35.177.126.151|35.177.219.247,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt xvejxquovqsrliyvuoi.pro,122.57.149.227,,,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt yvgkevcqtmwikkvtcwn.com,,nsgbr.comlaude.co.uk|nssui.comlaude.ch|nsusa.comlaude.net,64.147.99.10|193.193.167.97|212.95.244.211,Master Indicator Feed for necurs non-sinkholed domains (this IP is encoded, it is NOT actualy IP used by C2,http://osint.bambenekconsulting.com/manual/necurs.txt

tomchop commented 4 years ago

I've reached out to John to see if he can fix the feed. Cheers!

sebdraven commented 4 years ago

it seem to be fixed side server.