c_meyer/KasperskyLab-TinyCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correcting issue with certificates detection

Browse Source
This commit is contained in:
Félix Aimé 2021-04-24 22:39:02 +02:00 committed by GitHub
parent 5e29f8c850
commit 27942c224b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
analysis/classes/zeekengine.py
View File

@ -271,11 +271,10 @@ class ZeekEngine(object):
self.files.append(f)
for f in self.files:
if f["mime_type"] == "application/x-x509-ca-cert":
if f["mime_type"] == "application/x-x509-user-cert":
for cert in bl_certs: # Check for blacklisted certificate.
if f["sha1"] == cert[0]:
host = self.resolve(f["ip_dst"])
c["alert_tiggered"] = True
host = self.resolve(f["ip_src"])
self.alerts.append({"title": self.template["IOC-07"]["title"].format(cert[1].upper(), host),
"description": self.template["IOC-07"]["description"].format(f["sha1"], host),
"host": host,