valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-06 09:05:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
Cortex-Analyzers/thehive-templates/FileInfo_8_0/long.html
dadokkio 3b67ebc8aa update fileinfo
2020-12-14 17:49:24 +01:00

644 lines
35 KiB
HTML
Raw Permalink Blame History

<div class="report-FILEInfo" ng-if="success">
<style>
.report-FILEInfo dl {
margin-bottom: 2px;
}
</style>
<br>
<uib-tabset active="active">
<uib-tab index="$index" ng-repeat="result in content.results" heading="{{result.submodule_name}}"
disable="tab.disabled">
<br>
<!-- Basic properties -->
<div ng-if="result.submodule_name=='Basic properties'">
<div class="panel-body">
<div ng-repeat="r in result.results" class="panel panel-primary">
<div class="panel-heading">
<h4 class="panel-title">
{{r.submodule_section_header}}
</h4>
</div>
<div class="panel-body">
<dl class="dl-horizontal" ng-repeat="(k,v) in r.submodule_section_content">
<dt>{{k}}</dt>
<dd class="wrap">{{v}}</dd>
</dl>
</div>
</div>
</div>
</div>
<!-- Oletools -->
<div ng-if="result.submodule_name=='Oletools Submodule'">
<div class="panel-body">
<!-- summary -->
<div>
<div ng-if="result['summary']" class="panel panel-primary">
<div class="panel-heading">
<h4 class="panel-title">Summary</h4>
</div>
<div class="panel-body">
<dl class="dl-horizontal">
<dt>Olevba version</dt>
<dd class="wrap">{{result['summary']['Olevba']}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Msodde version</dt>
<dd class="wrap">{{result['summary']['Msodde']}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Oletools scanner</dt>
<dd class="wrap">
<span class="label mr-xxxs" ng-repeat="t in result['summary']['taxonomies']"
ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}="{{t.value}}"
</span>
</dd>
</dl>
<dl class="dl-horizontal">
<dt>Encrypted document</dt>
<dd class="wrap">
<span class="label mr-xxxs"
ng-class="{false: 'label-info', true: 'label-warning'}[result['summary']['encrypted_file']['encrypted']]">
{{result['summary']['encrypted_file']['encrypted']}}
</span>
</dd>
<dt ng-if="result['summary']['encrypted_file']['encrypted']"></dt>
<dd ng-if="result['summary']['encrypted_file']['encrypted']">
<b>Decrypted file information</b>
<dl>
<dt>SHA256</dt>
<dd>{{result['summary']['encrypted_file']['sha256']}}</dd>
<dt>SHA1</dt>
<dd>{{result['summary']['encrypted_file']['sha1']}}</dd>
<dt>MD5</dt>
<dd>{{result['summary']['encrypted_file']['md5']}}</dd>
</dl>
</dd>
</dl>
</div>
</div>
</div>
<div ng-repeat="r in result.results">
<uib-accordion ng-if="r.submodule_section_header=='Olevba'">
<!--Olevba analysis -->
<div uib-accordion-group class="panel-primary" heading="Olevba analysis" is-open="true"
is-disabled="status.isFirstDisabled">
<div ng-if="r.submodule_section_content.analysis" class="table-responsive">
<table class="table">
<thead>
<tr>
<th>Type</th>
<th>Keyword</th>
<th>Description</th>
</tr>
</thead>
<tbody ng-repeat="l in r.submodule_section_content.analysis">
<tr>
<td>{{l.type}}</td>
<td>{{l.keyword}}</td>
<td>{{l.description}}</td>
</tr>
</tbody>
</table>
</div>
<div ng-if="!r.submodule_section_content.analysis">
No VBA analysis found
</div>
</div>
<!-- Macros -->
<div ng-if="r.submodule_section_content.macros.length > 0" uib-accordion-group
class="panel-primary" heading="Macros" is-open="false">
<div ng-repeat="m in r.submodule_section_content.macros">
<dl class="dl-horizontal">
<dt>vba_filename</dt>
<dd class="wrap">{{m.vba_filename}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>ole_stream</dt>
<dd class="wrap">{{m.ole_stream}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>code</dt>
<dd class="wrap">
<pre>{{m.code}}</pre>
</dd>
</dl>
</div>
</div>
<!--Deobfuscated code -->
<div uib-accordion-group ng-if="r.submodule_section_content.code_deobfuscated"
class="panel-primary" heading="Deobfuscated code" is-open="false">
<pre>
{{r.submodule_section_content.code_deobfuscated}}
</pre>
</div>
</uib-accordion>
<div class="panel panel-primary" ng-if="r.submodule_section_header=='DDE Analysis'">
<div class="panel-heading">
<h4 class="panel-title">{{r.submodule_section_header}}</h4>
</div>
<div class="panel-body">
<dl class="dl-horizontal" ng-repeat="(k,v) in r.submodule_section_content">
<dt>{{k}}</dt>
<dd class="wrap">
<pre>{{v}}</pre>
</dd>
</dl>
</div>
</div>
</div>
</div>
</div>
<!-- Outlook message parser -->
<div ng-if="result.submodule_name=='Outlook mail Information'">
<div class="panel-body">
<div ng-repeat="r in result.results track by $index" class="panel panel-primary">
<div class="panel-heading">
<h4 class="panel-title">
{{r.submodule_section_header}}
</h4>
</div>
<div class="panel-body">
<dl class="dl-horizontal">
<dt>From</dt>
<dd class="wrap">{{r.submodule_section_content.from}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>To</dt>
<dd class="wrap">{{r.submodule_section_content.to}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Cc</dt>
<dd class="wrap">{{r.submodule_section_content.cc}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Date</dt>
<dd class="wrap">{{r.submodule_section_content.date}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Subject</dt>
<dd class="wrap">{{r.submodule_section_content.subject}}</dd>
</dl>
<dl class="dl-horizontal">
<dt>Body</dt>
<dd class="wrap">
<pre>{{r.submodule_section_content.body}}</pre>
</dd>
</dl>
<dl class="dl-horizontal">
<dt>Attachments</dt>
<dd class="wrap">
<table class="table table-striped table-bordered">
<thead>
<tr>
<th class="col-md-2">Filename</th>
<th>File information</th>
</tr>
</thead>
<tbody ng-repeat="a in r.submodule_section_content.attachments">
<tr>
<td rowspan=2>{{a.name}}</td>
<td>[SHA256]: {{a.sha256}}</td>
</tr>
<tr>
<td>
{{a.mimeinfo}}
</td>
</tr>
</tbody>
</table>
</dd>
</dl>
<dl class="dl-horizontal">
<dt>All Headers</dt>
<dd class="wrap">
<pre>{{r.submodule_section_content.header}}</pre>
</dd>
</dl>
</div>
</div>
</div>
</div>
<!-- PDF Information (PDFiD)-->
<div ng-if="result.submodule_name=='PDF Information'">
<div class="panel-body">
<!-- summary -->
<div class="panel panel-primary">
<div class="panel-heading" ng-if="result.summary">
<h4 class="panel-title">
Summary
</h4>
</div>
<div class="panel panel-body">
<dl class="dl-horizontal" ng-if="result.summary.pdfid">
<dt>PDFiD</dt>
<dd class="wrap">{{result.summary.pdfid}}</dd>
</dl>
<dl class="dl-horizontal" ng-if="result.summary.taxonomies != []">
<dt>PDFiD report</dt>
<dd class="wrap">
<span class="label mr-xxxs" ng-repeat="t in result['summary']['taxonomies']"
ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}="{{t.value}}"
</span>
</dd>
</dl>
</div>
</div>
<!-- PDFiD -->
<div ng-repeat="r in result.results" class="panel panel-primary">
<div class="panel-heading" ng-if="r.submodule_section_header=='PDFiD Information'">
<h4 class="panel-title">
{{r.submodule_section_header}}
</h4>
</div>
<div class="panel-body">
<div ng-repeat="(k,v) in r.submodule_section_content[0].pdfid">
<dl class="dl-horizontal" ng-if="k!='keywords'">
<dt>{{k}}</dt>
<dd class="wrap">{{v}}</dd>
</dl>
<dl class="dl-horizontal" ng-if="k=='keywords'">
<dt>{{k}}</dt>
<dd class="wrap">
<table class="table">
<thead>
<tr>
<th>name</th>
<th>hexcodecount</th>
<th>count</th>
</tr>
</thead>
<tbody ng-repeat="a in v.keyword">
<tr>
<td>{{a.name}}</td>
<td>{{a.hexcodecount}}</td>
<td>{{a.count}}</td>
</tr>
</tbody>
</table>
</dd>
</dl>
</div>
</div>
</div>
</div>
</div>
<!-- PE Information submodule-->
<div ng-if="result.submodule_name=='PE Information'">
<div class="panel-body">
<div class="panel panel-primary">
<div class="panel-heading">
<h4 class="panel-title">
Summary
</h4>
</div>
<div class="panel-body">
<dl class="dl-horizontal">
<dt>pefile version</dt>
<dd class="wrap">{{result['summary']['pefile']}}</dd>
</dl>
</div>
</div>
<div ng-repeat="r in result.results">
<uib-accordion>
<div uib-accordion-group ng-if="r.submodule_section_header=='Headers'" class="panel-primary"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<div ng-repeat="h in r.submodule_section_content">
<dl class="dl-horizontal">
<dt>{{h.Info}}</dt>
<dd class="wrap">{{h.Value}}</dd>
</dl>
</div>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header=='Hashes'" class="panel-primary"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<dl class="dl-horizontal" data-ng-repeat="(k,v) in r.submodule_section_content">
<dt>{{k}}</dt>
<dd class="wrap">{{v}}</dd>
</dl>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header=='Import Adress Tables'"
class="panel-primary" heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<div ng-repeat="table in r.submodule_section_content" ng-init="table.showRows=false;">
<dl class="dl-horizontal">
<dt>
<a href="" ng-click="table.showRows = !table.showRows">
<i class="fa"
ng-class="{ true:'fa-minus-square-o', false:'fa-plus-square-o' }[table.showRows]"></i>
</a>
{{table.entryname}}
</dt>
<dd class="wrap">
<ul class="list-unstyled">
<div ng-if="!table.showRows">
{{table.symbols.length}}
items
</div>
<div ng-if="table.showRows" ng-repeat="s in table.symbols">{{s}}</div>
</ul>
</dd>
</dl>
</div>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header=='Sections'"
class="panel-primary" heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<table class="table">
<thead>
<th>Section</th>
<th>SizeOfRawData</th>
<th>Entroy</th>
</thead>
<tbody ng-repeat="section in r.submodule_section_content">
<tr>
<td>
<b>{{section.entryname}}</b>
</td>
<td>{{section.SizeOfRawData}}</td>
<td>{{section.Entropy}}</td>
</tr>
<tr>
<td colspan=3>
<dl class="dl-horizontal">
<dt>
<small>MD5</small>
</dt>
<dd>
<small>{{section.MD5}}</small>
</dd>
</dl>
<dl class="dl-horizontal">
<dt>
<small>SHA1</small>
</dt>
<dd>
<small>{{section.SHA1}}</small>
</dd>
</dl>
<dl class="dl-horizontal">
<dt>
<small>SHA256</small>
</dt>
<dd>
<small>{{section.SHA256}}</small>
</dd>
</dl>
</td>
</tr>
</tbody>
</table>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header=='pefile raw output'"
class="panel-primary" heading="pefile raw output" is-open="false"
is-disabled="status.isFirstDisabled">
<pre>
{{r.submodule_section_content}}
</pre>
</div>
</uib-accordion>
</div>
</div>
</div>
<!-- Manalyze submodule -->
<div ng-if="result.submodule_name=='Manalyze'">
<div class="panel-body">
<div ng-repeat="r in result.results">
<uib-accordion>
<div uib-accordion-group ng-if="r.submodule_section_header=='Exploit mitigation techniques'"
ng-class="{'panel-danger': r.submodule_section_content.level === 3, 'panel-warning': r.submodule_section_content.level === 2, 'panel-info': r.submodule_section_content.level === 1}"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<p><b>Summary</b>: {{r.submodule_section_content.summary}}</p>
<dl class="dl-horizontal" ng-repeat="(k, v) in r.submodule_section_content.content">
<dt>{{k}}</dt>
<dd>{{v}}</dd>
</dl>
</div>
<div uib-accordion-group
ng-if="r.submodule_section_header!=='Manalyze raw output' && r.submodule_section_header!=='Exploit mitigation techniques' && r.submodule_section_header!=='Packer' && r.submodule_section_header!=='Clamav'"
ng-class="{'panel-danger': r.submodule_section_content.level === 3, 'panel-warning': r.submodule_section_content.level === 2, 'panel-info': r.submodule_section_content.level <= 1}"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<p><b>Summary</b>: {{r.submodule_section_content.summary || "None" }}</p>
<table class="table">
<tr ng-repeat="(k, v) in r.submodule_section_content.content">
<td>{{k}}</td>
<td>
<ul>
<li ng-repeat="value in v">{{value || "None" }}</li>
</ul>
</td>
</tr>
</table>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header== 'Clamav' "
ng-class="{'panel-danger': r.submodule_section_content.level === 3, 'panel-warning': r.submodule_section_content.level === 2, 'panel-info': r.submodule_section_content.level <= 1}"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<p><b>Summary</b>: {{r.submodule_section_content.summary || "None" }}</p>
<dl class="dl-horizontal" ng-repeat="(k, v) in r.submodule_section_content.content">
<dt>{{k}}</dt>
<dd>{{v}}</dd>
</dl>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header== 'Packer' "
ng-class="{'panel-danger': r.submodule_section_content.level === 3, 'panel-warning': r.submodule_section_content.level === 2, 'panel-info': r.submodule_section_content.level <= 1}"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<p><b>Summary</b>: {{r.submodule_section_content.summary || "None" }}</p>
<dl class="dl-horizontal" ng-repeat="(k, v) in r.submodule_section_content.content">
<dt>{{k}}</dt>
<dd>{{v}}</dd>
</dl>
</div>
<div uib-accordion-group ng-if="r.submodule_section_header=='Manalyze raw output'"
class="panel-primary" heading="Manalyze raw output" is-open="false"
is-disabled="status.isFirstDisabled">
<pre>
{{r.submodule_section_content}}
</pre>
</div>
</uib-accordion>
</div>
</div>
</div>
<!-- rtfobj submodule -->
<div ng-if="result.submodule_name=='rtfobj'">
<div class="panel-body">
<div ng-if="result['summary']" class="panel panel-primary">
<div class="panel-heading">
<h4 class="panel-title">Summary</h4>
</div>
<div class="panel-body">
<dl class="dl-horizontal">
<dt>Objects found</dt>
<dd class="wrap">
<span class="label mr-xxxs" ng-repeat="t in result['summary']['taxonomies']"
ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]">
{{t.namespace}}:{{t.predicate}}="{{t.value}}"
</span>
</dd>
</dl>
</div>
</div>
<div ng-repeat="r in result.results">
<uib-accordion>
<div uib-accordion-group
ng-class="{'panel-danger': r.submodule_section_content.class === 'malicious', 'panel-warning': r.submodule_section_content.class === 'suspicious', 'panel-info': r.submodule_section_content.class === 'info'}"
heading="{{r.submodule_section_header}}" is-open="true"
is-disabled="status.isFirstDisabled">
<table class="table">
<thead>
<tr>
<td>Address</td>
<td>OLE Object</td>
</tr>
</thead>
<tbody>
<tr>
<td>{{r.submodule_section_content.address}}</td>
<td>
<dl class="dl-horizontal">
<dt>Format_id</dt>
<dd>{{r.submodule_section_content.type}}</dd>
<dt>Class name</dt>
<dd>{{r.submodule_section_content.classname}}</dd>
<dt>Filename</dt>
<dd>{{r.submodule_section_content.filename}}</dd>
<dt>Source path</dt>
<dd>{{r.submodule_section_content.source_path}}</dd>
<dt>Temp path</dt>
<dd>{{r.submodule_section_content.temp_path}}</dd>
<dt>Data size</dt>
<dd>{{r.submodule_section_content.size}}</dd>
<dt>CLSID</dt>
<dd>{{r.submodule_section_content.clsid}}</dd>
<dt>Description</dt>
<dd>{{r.submodule_section_content.clsid_description}}</dd>
</dl>
</td>
</tr>
</tbody>
</table>
</div>
</uib-accordion>
</div>
</div>
</div>
<!-- IOCParser submodule -->
<div ng-if="result.submodule_name=='IOC Parser'">
<div class="panel-body">
<div ng-repeat="r in result.results" class="panel panel-primary">
<div class="panel-heading" ng-if="r.submodule_section_header=='IOC Parser Information'">
<h4 class="panel-title">IOC Parser Information</h4>
</div>
<div class="panel panel-body">
<div>
<h4>Summary</h4>
<br>
<p><b>Number of IOC found in the file: </b> <span
class="label label-default">{{r.submodule_section_content.iocp_result.length}}</span>
</p>
</div>
<br>
<br>
<div ng-if="r.submodule_section_content.iocp_result.length > 0">
<h4>List of IOC</h4>
<table class="table table-striped">
<thead>
<tr>
<th>#</th>
<th>Data Type</th>
<th>Data</th>
</tr>
</thead>
<tbody>
<tr ng-repeat="o in r.submodule_section_content.iocp_result">
<th>{{$index}}</th>
<td>{{o.type}}</td>
<td>{{o.match}}</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<!-- FLOSS submodule -->
<div ng-if="result.submodule_name=='FLOSS'">
<div class="panel-body">
<div ng-repeat="r in result.results">
<uib-accordion>
<div uib-accordion-group
ng-class="r.submodule_section_header === 'Errors' ? 'panel-danger' : 'panel-primary'"
heading="{{r.submodule_section_header}}" is-open="false"
is-disabled="status.isFirstDisabled">
<ul style="list-style-type: none;">
<li ng-repeat="raw_string in r.submodule_section_content track by $index">
{{raw_string}}
</li>
</ul>
</div>
</uib-accordion>
</div>
</div>
</div>
</uib-tab>
</uib-tabset>
</div>
Reference in New Issue View Git Blame Copy Permalink