<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>Hi,</p>
<p>I am not very familiar with the MISP feeds, but it looks like the
pymisp libary tries to read the file</p>
<p>/var/lib/intelmq/bots/mispfeed-output/276c9aa3-abb6-4983-8fc7-34e4810e6951.json</p>
<p>as JSON, but there seems to be a syntax error just at the
beginning. I did a quick test here and it worked. For a more
debugging, the start of the mentioned file, as well as the pymisp
version that you are using, might help</p>
<p>Sebastian<br>
</p>
<div class="moz-cite-prefix">On 4/29/21 10:33 AM, Soni, Drupad via
IntelMQ-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DB5P138MB0008567BAFFF3146B5B35683A95F9@DB5P138MB0008.EURP138.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Univers for KPMG";
panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">HI,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">o/p of .current file is <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">/var/lib/intelmq/bots/mispfeed-output/276c9aa3-abb6-4983-8fc7-34e4810e6951.json<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black">Regards,<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black">Drupad Soni<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black">KPMG – Cyber Security</span></b><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:#4D5156;background:white">Embassy
Golf Links Business Park, Pebble Beach, 'B' Block,
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:#4D5156;background:white">1st
& 2nd Floor, Off Intermediate Ring Road</span><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black">
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black">Mobile : +91 8140283894<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:black">Know more about our
<b>Cyber Security Services</b><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;font-family:"Univers for
KPMG",sans-serif;color:#1F497D" lang="EN-GB"><a
href="https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html"
moz-do-not-send="true">https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Sebastian Wagner
<a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> <br>
<b>Sent:</b> Thursday, April 29, 2021 2:02 PM<br>
<b>To:</b> Soni, Drupad <a class="moz-txt-link-rfc2396E" href="mailto:drupadsoni@kpmg.com"><drupadsoni@kpmg.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:intelmq-users@lists.cert.at">intelmq-users@lists.cert.at</a><br>
<b>Subject:</b> Re: [IntelMQ-users] mispfeedoutput bot
feed<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Hi,<o:p></o:p></p>
<p>To see hidden files, you need to use `ls -a`.<o:p></o:p></p>
<div>
<p class="MsoNormal">On 4/29/21 10:30 AM, Soni, Drupad wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi Sebastian,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">It was running previously. I am not able
to locate any .current file Please see,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">root@intelmqelk:/var/lib/intelmq/bots/mispfeed-output#
ls<o:p></o:p></p>
<p class="MsoNormal">b34c5dfb-af4c-441c-bffe-60842ec4d35f.json
hashes.csv manifest.json<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Drupad Soni</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="font-size:10.0pt">KPMG – Cyber Security</span></b><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Embassy Golf Links Business
Park, Pebble Beach, 'B' Block,
</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">1st & 2nd Floor, Off
Intermediate Ring Road
</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Mobile : +91 8140283894</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Know more about our
<b>Cyber Security Services</b></span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt" lang="EN-GB"><a
href="https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html"
moz-do-not-send="true">https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html</a></span><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Sebastian Wagner <a
href="mailto:wagner@cert.at" moz-do-not-send="true">
<wagner@cert.at></a> <br>
<b>Sent:</b> Thursday, April 29, 2021 1:53 PM<br>
<b>To:</b> Soni, Drupad <a
href="mailto:drupadsoni@kpmg.com"
moz-do-not-send="true"><drupadsoni@kpmg.com></a>;
<a href="mailto:intelmq-users@lists.cert.at"
moz-do-not-send="true">intelmq-users@lists.cert.at</a><br>
<b>Subject:</b> Re: [IntelMQ-users] mispfeedoutput bot
feed<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p>Hi Drupad,<o:p></o:p></p>
<p>Was the bot running previously already, or is this the
first run? In your configured output directory, there is a
file called ".current", can you show the very beginning of
it (to check the format)?<o:p></o:p></p>
<p>Sebsatian<o:p></o:p></p>
<div>
<p class="MsoNormal">On 4/29/21 9:31 AM, Soni, Drupad via
IntelMQ-users wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi Sebastian/Bernhard,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Mispfeed-output bot failed. Error is as
below,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#333333;background:white">Bot
initialization failed.</span><span
style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#333333"><br>
<span style="background:white">Traceback (most recent call last):</span><br>
<span style="background:white"> File "/usr/lib/python3/dist-packages/intelmq/lib/bot.py", line 164, in __init__</span><br>
<span style="background:white"> self.init()</span><br>
<span style="background:white"> File "/usr/lib/python3/dist-packages/intelmq/bots/outputs/misp/output_feed.py", line 65, in init</span><br>
<span style="background:white"> self.current_event.load_file(self.current_file)</span><br>
<span style="background:white"> File "/usr/local/lib/python3.6/dist-packages/pymisp/mispevent.py", line 1598, in load_file</span><br>
<span style="background:white"> self.load(f, validate, metadata_only)</span><br>
<span style="background:white"> File "/usr/local/lib/python3.6/dist-packages/pymisp/mispevent.py", line 1606, in load</span><br>
<span style="background:white"> json_event = json.loads(json_event)</span><br>
<span style="background:white"> File "/usr/lib/python3.6/json/__init__.py", line 354, in loads</span><br>
<span style="background:white"> return _default_decoder.decode(s)</span><br>
<span style="background:white"> File "/usr/lib/python3.6/json/decoder.py", line 339, in decode</span><br>
<span style="background:white"> obj, end = self.raw_decode(s, idx=_w(s, 0).end())</span><br>
<span style="background:white"> File "/usr/lib/python3.6/json/decoder.py", line 357, in raw_decode</span><br>
<span style="background:white"> raise JSONDecodeError("Expecting value", s, err.value) from None</span><br>
<span style="background:white">json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)</span></span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Drupad Soni</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="font-size:10.0pt">KPMG – Cyber Security</span></b><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Embassy Golf Links Business
Park, Pebble Beach, 'B' Block,
</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">1st & 2nd Floor, Off
Intermediate Ring Road
</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Mobile : +91 8140283894</span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Know more about our
<b>Cyber Security Services</b></span><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt" lang="EN-GB"><a
href="https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html"
moz-do-not-send="true">https://home.kpmg.com/in/en/home/services/advisory/risk-consulting/it-advisory-services/cyber-security.html</a></span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div class="MsoNormal" style="text-align:center"
align="center">
<hr width="100%" size="2" align="center">
</div>
<p class="MsoNormal">KPMG (in India) allows reasonable
personal use of the e-mail system. Views and opinions
expressed in these communications do not necessarily
represent those of KPMG (in India).<br>
<br>
*******************************************************************************************************<br>
DISCLAIMER<br>
The information in this e-mail is confidential and may be
legally privileged. It is intended solely for the
addressee. Access to this e-mail by anyone else is
unauthorized. If you have received this communication in
error, please address with the subject heading "Received
in error," send to <a href="mailto:postmaster1@kpmg.com"
moz-do-not-send="true">postmaster1@kpmg.com</a>, then
delete the e-mail and destroy any copies of it. If you are
not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. Any
opinions or advice contained in this e-mail are subject to
the terms and conditions expressed in the governing KPMG
client engagement letter. Opinions, conclusions and other
information in this e-mail and any attachments that do not
relate to the official business of the firm are neither
given nor endorsed by it.<br>
<br>
KPMG cannot guarantee that e-mail communications are
secure or error-free, as information could be intercepted,
corrupted, amended, lost, destroyed, arrive late or
incomplete, or contain viruses.<br>
<br>
KPMG, an Indian partnership and a member firm of KPMG
International Cooperative ("KPMG International"), a Swiss
entity that serves as a coordinating entity for a network
of independent firms operating under the KPMG name. KPMG
International Cooperative (“KPMG International”) provides
no services to clients. Each member firm of KPMG
International Cooperative (“KPMG International”) is a
legally distinct and separate entity and each describes
itself as such.<br>
<br>
“Notwithstanding anything inconsistent contained in the
meeting invite to which this acceptance pertains, this
acceptance is restricted solely to confirming my
availability for the proposed call and should not be
construed in any manner as acceptance of any other terms
or conditions. Specifically, nothing contained herein may
be construed as an acceptance (or deemed acceptance) of
any request or notification for recording of the call,
which can be done only if it is based on my explicit and
written consent and subject to the terms and conditions on
which such consent has been granted”<br>
*******************************************************************************************************<br>
<br>
<br>
<br>
<o:p></o:p></p>
</blockquote>
<pre>-- <o:p></o:p></pre>
<pre>// Sebastian Wagner <a href="mailto:wagner@cert.at" moz-do-not-send="true"><wagner@cert.at></a> - T: +43 676 898 298 7201<o:p></o:p></pre>
<pre>// CERT Austria - <a href="https://www.cert.at/" moz-do-not-send="true">https://www.cert.at/</a><o:p></o:p></pre>
<pre>// Eine Initiative der nic.at GmbH - <a href="https://www.nic.at/" moz-do-not-send="true">https://www.nic.at/</a><o:p></o:p></pre>
<pre>// Firmenbuchnummer 172568b, LG Salzburg<o:p></o:p></pre>
</blockquote>
<pre>-- <o:p></o:p></pre>
<pre>// Sebastian Wagner <a href="mailto:wagner@cert.at" moz-do-not-send="true"><wagner@cert.at></a> - T: +43 676 898 298 7201<o:p></o:p></pre>
<pre>// CERT Austria - <a href="https://www.cert.at/" moz-do-not-send="true">https://www.cert.at/</a><o:p></o:p></pre>
<pre>// Eine Initiative der nic.at GmbH - <a href="https://www.nic.at/" moz-do-not-send="true">https://www.nic.at/</a><o:p></o:p></pre>
<pre>// Firmenbuchnummer 172568b, LG Salzburg<o:p></o:p></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
</blockquote>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 676 898 298 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
</body>
</html>