Add support for check APK certificate hash IOCs (#557)

* Fix bug loading indicators which I introduced in 81b647b

* Add support for matching on APK certificate hash IOCs
This commit is contained in:
Donncha Ó Cearbhaill
2024-10-18 16:35:50 +02:00
committed by GitHub
parent 665806db98
commit 3afe218c7c
5 changed files with 74 additions and 4 deletions
+16
View File
@@ -86,3 +86,19 @@ class TestAndroidqfPackages:
module.detected[0]["matched_indicator"]["value"]
== "31037a27af59d4914906c01ad14a318eee2f3e31d48da8954dca62a99174e3fa"
)
def test_packages_certificate_hash_ioc(self, module, indicators_factory):
module.indicators = indicators_factory(
app_cert_hashes=[
"c7e56178748be1441370416d4c10e34817ea0c961eb636c8e9d98e0fd79bf730"
]
)
run_module(module)
assert len(module.detected) == 1
assert module.detected[0]["name"] == "com.malware.muahaha"
assert (
module.detected[0]["matched_indicator"]["value"]
== "c7e56178748be1441370416d4c10e34817ea0c961eb636c8e9d98e0fd79bf730"
)