2022-06-16 15:02:38 +00:00
|
|
|
# Mobile Verification Toolkit (MVT)
|
|
|
|
# Copyright (c) 2021-2022 Claudio Guarnieri.
|
|
|
|
# Use of this software is governed by the MVT License 1.1 that can be found at
|
|
|
|
# https://license.mvt.re/1.1/
|
|
|
|
|
|
|
|
import logging
|
|
|
|
import os
|
|
|
|
|
|
|
|
from mvt.common.command import Command
|
|
|
|
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
class CmdCheckIOCS(Command):
|
|
|
|
|
|
|
|
name = "check-iocs"
|
|
|
|
modules = []
|
|
|
|
|
2022-06-17 20:30:46 +00:00
|
|
|
def __init__(self, target_path: str = None, results_path: str = None,
|
|
|
|
ioc_files: list = [], module_name: str = None, serial: str = None,
|
|
|
|
fast_mode: bool = False):
|
2022-06-16 15:02:38 +00:00
|
|
|
super().__init__(target_path=target_path, results_path=results_path,
|
|
|
|
ioc_files=ioc_files, module_name=module_name,
|
|
|
|
serial=serial, fast_mode=fast_mode, log=log)
|
|
|
|
|
2022-06-17 20:30:46 +00:00
|
|
|
def run(self) -> None:
|
2022-06-16 15:02:38 +00:00
|
|
|
all_modules = []
|
|
|
|
for entry in self.modules:
|
|
|
|
if entry not in all_modules:
|
|
|
|
all_modules.append(entry)
|
|
|
|
|
|
|
|
log.info("Checking stored results against provided indicators...")
|
|
|
|
|
|
|
|
total_detections = 0
|
|
|
|
for file_name in os.listdir(self.target_path):
|
|
|
|
name_only, ext = os.path.splitext(file_name)
|
|
|
|
file_path = os.path.join(self.target_path, file_name)
|
|
|
|
|
|
|
|
for iocs_module in all_modules:
|
|
|
|
if self.module_name and iocs_module.__name__ != self.module_name:
|
|
|
|
continue
|
|
|
|
|
|
|
|
if iocs_module().get_slug() != name_only:
|
|
|
|
continue
|
|
|
|
|
|
|
|
log.info("Loading results from \"%s\" with module %s", file_name,
|
|
|
|
iocs_module.__name__)
|
|
|
|
|
|
|
|
m = iocs_module.from_json(file_path,
|
|
|
|
log=logging.getLogger(iocs_module.__module__))
|
|
|
|
if self.iocs.total_ioc_count > 0:
|
|
|
|
m.indicators = self.iocs
|
|
|
|
m.indicators.log = m.log
|
|
|
|
|
|
|
|
try:
|
|
|
|
m.check_indicators()
|
|
|
|
except NotImplementedError:
|
|
|
|
continue
|
|
|
|
else:
|
|
|
|
total_detections += len(m.detected)
|
|
|
|
|
|
|
|
if total_detections > 0:
|
|
|
|
log.warning("The check of the results produced %d detections!",
|
|
|
|
total_detections)
|