search

fhightower / ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
GNU Lesser General Public License v3.0
158 stars 42 forks source link

Keyword regexes that are clearly in malware list are missing from list data output ? #67

Closed wesinator closed 4 years ago

wesinator commented 4 years ago

This is really confounding me:

python3.6 Ubuntu 18.04 

import ioc_finder.data_lists

for i in ioc_finder.data_lists.malpedia_malware_name_regexes:
    if "dapato" in i.lower():
        print(i)

The list output doesn't include https://github.com/fhightower/ioc-finder/blob/3e2fa119498a0fb04e9a3b6d8c7d26e323251238/ioc_finder/data_lists.py#L2485

tested both in package and standalone data_lists

I don't see any linter errors, but obviously something isn't right. I suspected a missing comma, but if that were the case the string should still appear concatenated.

wonder if this is what happened in #64

fhightower commented 4 years ago

Thanks for reporting this @wesinator ! The problem was that I did not release this package to pypi until today, so dapato was not the in the list. Sorry about the delay in releasing to pypi (I'll update it more quickly in the future). The code snippet you posted will work with the latest version of this package.