Mitre Report Error

[silicon-cowboi]

This is open source and you are getting free support so be friendly!

Prerequisites

Please answer the following questions for yourself before submitting an issue.

• I am running the latest version
• I did read the README!
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed
• I'm reporting the issue to the correct repository (for multi-repository projects)
• I have read and checked all configs (with all optional parts)

Expected Behavior

I am trying to get the mitre report working. I've never seen it work so I'm not not sure what it's supposed to look like. But I'm guessing this error in the log is not correct

Current Behavior

The reporting module is able to finish its run but I get the following error on the [mitre] task when I run utils/process.py
2025-04-08 20:06:39,178 [Task 58] [mitre] ERROR: ('Mitre', AttributeError("'NoneType' object has no attribute 'enterprise'"))

Failure Information (for bugs)

I did see in this repo you should wget down the json file. I did that and added the following to my reporting.conf

[mitre]
enabled = yes
local_file = data/mitre_attack.json

But that did not seem to make any change. I then checked the json with a online json validator and it found a bunch of NaN entries it said were not valid so I replaced all those with null and that also did not make any change.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

Run poetry run python process.py -r 58 -d as the cape user from the utils directory. Change the number to a submission number on your system.

Context

Question	Answer
Git commit	commit c389db1
OS version	Ubuntu 24.04.2

Failure Logs

2025-04-08 20:06:39,153 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Running signature "allaple_mutexes"
2025-04-08 20:06:39,153 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "antianalysis_tls_section"
2025-04-08 20:06:39,153 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "packer_unknown_pe_section_name"
2025-04-08 20:06:39,153 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "contains_pe_overlay"
2025-04-08 20:06:39,153 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "static_pe_anomaly"
2025-04-08 20:06:39,155 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "BinGraph"
2025-04-08 20:06:39,155 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "LiteReport"
2025-04-08 20:06:39,178 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MITRE_TTPS"
2025-04-08 20:06:39,178 [Task 58] [mitre] ERROR: ('Mitre', AttributeError("'NoneType' object has no attribute 'enterprise'"))
2025-04-08 20:06:39,179 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "PCAP2CERT"
2025-04-08 20:06:39,181 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump"
2025-04-08 20:06:39,204 [Task 58] [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB"
2025-04-08 20:06:39,352 [Task 58] [modules.reporting.mongodb] DEBUG: Deleted previous MongoDB data for Task 58
2025-04-08 20:06:39,610 [Task 58] [root] DEBUG: Finished processing task

[silicon-cowboi]

Well I seem to have made some progress. I updated pyattck using pip in the venv, downloaded generated_attck_data.json from it's repo and it seems to be working if I manually run process.py. If I just upload something and let it analyze it by itself I still get the error

[doomedraven]

Did you restart cape-processor after those changes?

[silicon-cowboi]

Did you restart cape-processor after those changes?

Of course the one service I forgot to try resetting. After restarting that it's working fine now thank you.

I don't see pyattck in the requirements.txt actually so I'm guessing it wasn't installed in the first place

[doomedraven]

Yes it not included by default due to conflicting with another more important libraries. But it should be improved to show proper msg instead of error, will improve that one day