From 0e2eb51732736c4fde3d11c12119c5098b474b3a Mon Sep 17 00:00:00 2001
From: Nex <nex@nex.sx>
Date: Fri, 21 Jan 2022 16:30:34 +0100
Subject: [PATCH] Fixed checking of indicators in filesystem module

---
 mvt/ios/modules/fs/filesystem.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mvt/ios/modules/fs/filesystem.py b/mvt/ios/modules/fs/filesystem.py
index c81c897..f8abff1 100644
--- a/mvt/ios/modules/fs/filesystem.py
+++ b/mvt/ios/modules/fs/filesystem.py
@@ -47,9 +47,11 @@ class Filesystem(IOSExtraction):
             if self.fast_mode:
                 continue
 
-            for ioc in ioc_file.get_iocs("processes"):
+            for ioc in self.indicators.get_iocs("processes"):
                 parts = result["path"].split("/")
-                if ioc in parts:
+                if ioc["value"] in parts:
+                    self.log.warning("Found known suspicious process name mentioned in file at path \"%s\" matching indicators from \"%s\"",
+                                     result["path"], ioc["name"])
                     self.detected.append(result)
 
     def run(self):