From 577fcf752d4e34cdb6015668af22f0b7b37f5f0b Mon Sep 17 00:00:00 2001 From: tek Date: Fri, 7 Apr 2023 12:25:17 +0200 Subject: [PATCH] Fixes issues in analytics module --- mvt/ios/modules/fs/analytics.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/mvt/ios/modules/fs/analytics.py b/mvt/ios/modules/fs/analytics.py index 97985bb..ec02610 100644 --- a/mvt/ios/modules/fs/analytics.py +++ b/mvt/ios/modules/fs/analytics.py @@ -6,6 +6,7 @@ import logging import plistlib import sqlite3 +import copy from typing import Optional, Union from mvt.common.utils import convert_mactime_to_iso @@ -55,18 +56,20 @@ class Analytics(IOSExtraction): if ioc: self.log.warning("Found mention of a malicious process \"%s\" in %s file at %s", value, result["artifact"], - result["timestamp"]) - result["matched_indicator"] = ioc - self.detected.append(result) + result["isodate"]) + new_result = copy.copy(result) + new_result["matched_indicator"] = ioc + self.detected.append(new_result) continue ioc = self.indicators.check_domain(value) if ioc: self.log.warning("Found mention of a malicious domain \"%s\" in %s file at %s", value, result["artifact"], - result["timestamp"]) - result["matched_indicator"] = ioc - self.detected.append(result) + result["isodate"]) + new_result = copy.copy(result) + new_result["matched_indicator"] = ioc + self.detected.append(new_result) def _extract_analytics_data(self): artifact = self.file_path.split("/")[-1]