CalvinBackup/mvt
1
0
Fork 0
mirror of https://github.com/mvt-project/mvt.git synced 2026-05-21 15:56:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed checking of indicators in filesystem module

Browse Source
This commit is contained in:
Nex
2022-01-21 16:30:34 +01:00
parent b35cd4bc73
commit 0e2eb51732
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mvt/ios/modules/fs/filesystem.py
+4 -2
View File
@@ -47,9 +47,11 @@ class Filesystem(IOSExtraction):
if self.fast_mode:
continue
for ioc in ioc_file.get_iocs("processes"):
for ioc in self.indicators.get_iocs("processes"):
parts = result["path"].split("/")
if ioc in parts:
if ioc["value"] in parts:
self.log.warning("Found known suspicious process name mentioned in file at path \"%s\" matching indicators from \"%s\"",
result["path"], ioc["name"])
self.detected.append(result)
def run(self):