Fixed checking of indicators in filesystem module

2022-01-21 16:30:34 +01:00 · 2022-01-21 16:30:34 +01:00 · 0e2eb51732
parent b35cd4bc73
commit 0e2eb51732
1 changed files with 4 additions and 2 deletions
--- a/mvt/ios/modules/fs/filesystem.py
+++ b/mvt/ios/modules/fs/filesystem.py
@ -47,9 +47,11 @@ class Filesystem(IOSExtraction):
            if self.fast_mode:
                continue

-            for ioc in ioc_file.get_iocs("processes"):
+            for ioc in self.indicators.get_iocs("processes"):
                parts = result["path"].split("/")
-                if ioc in parts:
+                if ioc["value"] in parts:
+                    self.log.warning("Found known suspicious process name mentioned in file at path \"%s\" matching indicators from \"%s\"",
+                                     result["path"], ioc["name"])
                    self.detected.append(result)

    def run(self):