Add new iOS versions and build numbers (#739)

Co-authored-by: DonnchaC <DonnchaC@users.noreply.github.com>

Makefile

@@ -1,14 +1,9 @@
 PWD = $(shell pwd)
 
-autofix:
-	ruff format .
-	ruff check --fix .
-
 check: ruff mypy
 
 ruff:
-	ruff format --check .
+	ruff check .
-	ruff check -q .
 
 mypy:
 	mypy

pyproject.toml

@@ -80,7 +80,7 @@ packages = "src"
 addopts = "-ra -q --cov=mvt --cov-report html --junitxml=pytest.xml --cov-report=term-missing:skip-covered"
 testpaths = ["tests"]
 
-[tool.ruff.lint]
+[tool.ruff]
 select = ["C90", "E", "F", "W"] # flake8 default set
 ignore = [
     "E501", # don't enforce line length violations
@@ -95,10 +95,10 @@ ignore = [
     # "E203",  # whitespace-before-punctuation
 ]
 
-[tool.ruff.lint.per-file-ignores]
+[tool.ruff.per-file-ignores]
 "__init__.py" = ["F401"] # unused-import
 
-[tool.ruff.lint.mccabe]
+[tool.ruff.mccabe]
 max-complexity = 10
 
 [tool.setuptools]

src/mvt/android/modules/bugreport/base.py

@@ -84,13 +84,17 @@ class BugReportModule(MVTModule):
                 return self._get_file_content(main_content.decode().strip())
             except KeyError:
                 return None
-        else:
-            dumpstate_logs = self._get_files_by_pattern("dumpState_*.log")
-            if not dumpstate_logs:
-                return None
 
+        dumpstate_logs = self._get_files_by_pattern("dumpState_*.log")
+        if dumpstate_logs:
             return self._get_file_content(dumpstate_logs[0])
 
+        dumpsys_files = self._get_files_by_pattern("*/dumpsys.txt")
+        if dumpsys_files:
+            return self._get_file_content(dumpsys_files[0])
+
+        return None
+
     def _get_file_modification_time(self, file_path: str) -> dict:
         if self.zip_archive:
             file_timetuple = self.zip_archive.getinfo(file_path).date_time

src/mvt/android/modules/bugreport/dumpsys_receivers.py

@@ -34,6 +34,20 @@ class DumpsysReceivers(DumpsysReceiversArtifact, BugReportModule):
 
         self.results = results if results else {}
 
+    def check_indicators(self) -> None:
+        for result in self.results:
+            if self.indicators:
+                receiver_name = self.results[result][0]["receiver"]
+
+                # return IoC if the stix2 process name a substring of the receiver name
+                ioc = self.indicators.check_receiver_prefix(receiver_name)
+                if ioc:
+                    self.results[result][0]["matched_indicator"] = ioc
+                    self.detected.append(result)
+                    continue
+
+
+
     def run(self) -> None:
         content = self._get_dumpstate_file()
         if not content:

src/mvt/common/indicators.py

@@ -768,6 +768,30 @@ class Indicators:
 
         return None
 
+
+    def check_receiver_prefix(self, receiver_name: str) -> Union[dict, None]:
+        """Check the provided receiver name against the list of indicators.
+        An IoC match is detected when a substring of the receiver matches the indicator
+        :param app_id: App ID to check against the list of indicators
+        :type app_id: str
+        :returns: Indicator details if matched, otherwise None
+
+        """
+        if not receiver_name:
+            return None
+
+        for ioc in self.get_iocs("app_ids"):
+            if ioc["value"].lower() in receiver_name.lower():
+                self.log.warning(
+                    'Found a known suspicious receiver with name "%s" '
+                    'matching indicators from "%s"',
+                    receiver_name,
+                    ioc["name"],
+                )
+                return ioc
+
+        return None
+
     def check_android_property_name(self, property_name: str) -> Optional[dict]:
         """Check the android property name against the list of indicators.
 

src/mvt/common/version.py

@@ -3,4 +3,4 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
 
-MVT_VERSION = "2.6.1"
+MVT_VERSION = "2.7.0"

src/mvt/ios/data/ios_versions.json

@@ -631,6 +631,10 @@
         "build": "16H81",
         "version": "12.5.7"
     },
+    {
+        "version": "12.5.8",
+        "build": "16H88"
+    },
     {
         "build": "17A577",
         "version": "13.0"
@@ -899,6 +903,10 @@
         "version": "15.8.5",
         "build": "19H394"
     },
+    {
+        "version": "15.8.6",
+        "build": "19H402"
+    },
     {
         "build": "20A362",
         "version": "16.0"
@@ -1008,6 +1016,10 @@
         "version": "16.7.12",
         "build": "20H364"
     },
+    {
+        "version": "16.7.14",
+        "build": "20H370"
+    },
     {
         "version": "17.0",
         "build": "21A327"
@@ -1164,6 +1176,14 @@
         "version": "18.7.3",
         "build": "22H217"
     },
+    {
+        "version": "18.7.4",
+        "build": "22H218"
+    },
+    {
+        "version": "18.7.5",
+        "build": "22H311"
+    },
     {
         "version": "26",
         "build": "23A341"
@@ -1179,5 +1199,13 @@
     {
         "version": "26.2",
         "build": "23C55"
+    },
+    {
+        "version": "26.2.1",
+        "build": "23C71"
+    },
+    {
+        "version": "26.3",
+        "build": "23D127"
     }
 ]