MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Fixed direction of the relationship between files, PEs and their sections 

- The file object includes a PE, and the PE
  includes sections, not the other way round
pull/322/head
chrisr3d 2019-07-24 14:58:45 +02:00
parent 42b95c4210
commit e2a0f27d75
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
misp_modules/lib/joe_parser.py
View File

@ -236,7 +236,7 @@ class JoeParser():
def parse_pe(self, fileinfo, file_object): def parse_pe(self, fileinfo, file_object):
peinfo = fileinfo['pe'] peinfo = fileinfo['pe']
pe_object = MISPObject('pe') pe_object = MISPObject('pe')
file_object.add_reference(pe_object.uuid, 'included-in') file_object.add_reference(pe_object.uuid, 'includes')
self.misp_event.add_object(**file_object) self.misp_event.add_object(**file_object)
for field, mapping in pe_object_fields.items(): for field, mapping in pe_object_fields.items():
attribute_type, object_relation = mapping attribute_type, object_relation = mapping
@ -267,7 +267,7 @@ class JoeParser():
for section in peinfo['sections']['section']: for section in peinfo['sections']['section']:
section_object = self.parse_pe_section(section) section_object = self.parse_pe_section(section)
self.references[pe_object.uuid].append(dict(referenced_uuid=section_object.uuid, self.references[pe_object.uuid].append(dict(referenced_uuid=section_object.uuid,
relationship_type='included-in')) relationship_type='includes'))
self.misp_event.add_object(**section_object) self.misp_event.add_object(**section_object)
def parse_pe_section(self, section): def parse_pe_section(self, section):