MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Avoid creating a signer info object when the pe is not signed

pull/304/head
chrisr3d 2019-05-20 10:52:34 +02:00
parent 54f5fa6fa9
commit 72e5f0099d
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
misp_modules/modules/import_mod/joe_import.py
View File

@ -155,16 +155,18 @@ class JoeParser():
pe_object.add_attribute(pe_object_mapping[name], **{'type': 'text', 'value': feature['value']}) pe_object.add_attribute(pe_object_mapping[name], **{'type': 'text', 'value': feature['value']})
sections_number = len(peinfo['sections']['section']) sections_number = len(peinfo['sections']['section'])
pe_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number}) pe_object.add_attribute('number-sections', **{'type': 'counter', 'value': sections_number})
signerinfo_object = MISPObject('authenticode-signerinfo')
pe_object.add_reference(signerinfo_object.uuid, 'signed-by')
self.misp_event.add_object(**pe_object)
signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name})
signatureinfo = peinfo['signature'] signatureinfo = peinfo['signature']
if signatureinfo['signed']: if signatureinfo['signed']:
signerinfo_object = MISPObject('authenticode-signerinfo')
pe_object.add_reference(signerinfo_object.uuid, 'signed-by')
self.misp_event.add_object(**pe_object)
signerinfo_object.add_attribute('program-name', **{'type': 'text', 'value': program_name})
for feature, mapping in signerinfo_object_mapping.items(): for feature, mapping in signerinfo_object_mapping.items():
attribute_type, object_relation = mapping attribute_type, object_relation = mapping
signerinfo_object.add_attribute(object_relation, **{'type': attribute_type, 'value': signatureinfo[feature]}) signerinfo_object.add_attribute(object_relation, **{'type': attribute_type, 'value': signatureinfo[feature]})
self.misp_event.add_object(**signerinfo_object) self.misp_event.add_object(**signerinfo_object)
else:
self.misp_event.add_object(**pe_object)
for section in peinfo['sections']['section']: for section in peinfo['sections']['section']:
section_object = self.parse_pe_section(section) section_object = self.parse_pe_section(section)
self.references[pe_object.uuid].append({'idref': section_object.uuid, 'relationship': 'included-in'}) self.references[pe_object.uuid].append({'idref': section_object.uuid, 'relationship': 'included-in'})