Skip to content

[pull] master from kevoreilly:master #471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 6 commits into from
May 18, 2026
Merged

[pull] master from kevoreilly:master #471

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4b849e1
fix NitrogenLoader YARA
ruppde May 4, 2026
6379581
Reorder condition in NitrogenLoader.yar
ruppde May 4, 2026
de31ada
Restore FA icons in guac session-ended dialog
josh-feather May 15, 2026
22faecf
Merge pull request #3032 from josh-feather/add-fa-icons-to-show-error
kevoreilly May 18, 2026
b36ca6b
Merge pull request #3003 from ruppde/patch-1-fix-NitrogenLoader
kevoreilly May 18, 2026
0d90954
Fix mongo error from recent PR 3018
kevoreilly May 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion data/yara/CAPE/NitrogenLoader.yar
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,6 @@ rule NitrogenLoader
$rc4decrypt_1 = {48 89 ?? 4? 89 ?? E8 [4] 4? 8B ?? 24 [1-4] 4? 89 ?? 4? 89 ?? 4? 89 C1 [0-1] 89 ?? E8 [4] 4? 89}
$rc4decrypt_2 = {E8 [4] 8B ?? 24 [1-4] 4? 89 ?? 48 89 ?? 4? 89 C1 E8 [3] FF}
condition:
(2 of ($string*) and any of ($syscall*)) or 4 of ($decrypt*) or ((3 of ($taskman_*) or 3 of ($installers*)) and all of ($rc4decrypt_*))
uint16(0) == 0x5a4d and
((2 of ($string*) and any of ($syscall*)) or 4 of ($decrypt*) or ((3 of ($taskman_*) or 3 of ($installers*)) and all of ($rc4decrypt_*)))
}
1 change: 0 additions & 1 deletion web/analysis/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,6 @@ def get_analysis_info(db, id=-1, task=None):
# by sha256; the denormalize_files mongo hook restores
# them — but only if file_ref is in the projection. Pull
# it explicitly so the hook can follow the reference.
"target.file.yara.name": 1,
"target.file.file_ref": 1,
"suri_tls_cnt": 1,
"suri_alert_cnt": 1,
Expand Down
5 changes: 2 additions & 3 deletions web/guac/templates/guac/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,8 @@
<div id="terminal"></div>
<div id="launch_error" style="display:none;position:absolute;top:50%;left:50%;transform:translate(-50%,-50%);z-index:1002;max-width:440px;width:100%;">
<div style="background:#212529;border:1px solid #495057;border-radius:8px;padding:20px;box-shadow:0 0 30px rgba(0,0,0,0.8);color:#fff;">
<h6 id="dialog-heading" class="mb-2" style="color:#fff;"><i class="fas fa-exclamation-triangle me-1 text-danger"></i>Session Error</h6>
<p class="message mb-1 small" style="color:#adb5bd;"></p>
<p class="error_msg mb-2 small" style="color:#6c757d;"></p>
<h6 id="dialog-heading" class="mb-2" style="color:#fff;">Session Ended</h6>
<p id="dialog-message" class="mb-2 small" style="color:#6c757d;"></p>
<a id="taskStatus" href="/submit/status/{{ task_id }}/" class="btn btn-sm btn-outline-light"><i class="fas fa-tasks me-1"></i>View Task</a>
</div>
</div>
Expand Down
28 changes: 22 additions & 6 deletions web/static/js/guac-main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ const PASTE_DELAY_MS = 50;

const NON_FATAL_STATUS_CODES = new Set([0, 256]);

const ICON_ERROR = 'fas fa-exclamation-circle text-danger';
const ICON_WARNING = 'fas fa-exclamation-triangle text-warning';
const ICON_SUCCESS = 'fas fa-check-circle text-success';

class GuacSession {
constructor(element, config) {
this.config = config;
Expand Down Expand Up @@ -153,14 +157,27 @@ class GuacSession {
});
}

_showError(title, detail) {
_showDialog(title, detail, icon) {
const dialog = $('#launch_error');
dialog.find('.message').html(title);
dialog.find('.error_msg').html(detail);
const iconHtml = icon ? `<i class="${icon} me-1"></i>` : '';
dialog.find('#dialog-heading').html(`${iconHtml}${title}`);
dialog.find('#dialog-message').html(detail);
dialog.dialog({ dialogClass: 'no-close' });
dialog.dialog(this.dialogContainer);
}

_showError(title, detail) {
this._showDialog(title, detail, ICON_ERROR);
}

_showWarning(title, detail) {
this._showDialog(title, detail, ICON_WARNING);
}

_showSuccess(title, detail) {
this._showDialog(title, detail, ICON_SUCCESS);
}

_setupErrorHandler() {
const handler = (error) => {
console.log(`guac error ${error.code}: ${error.message}`);
Expand All @@ -174,9 +191,9 @@ class GuacSession {
if (error.code === 514) {
this._showError("Connection error", "Server timeout.");
} else if (error.code === 515) {
this._showError("Session complete", "Backing VM has disconnected.");
this._showSuccess("Session complete", "Backing VM has disconnected.");
} else if (error.code === 522) {
this._showError("Session ended", "Session timed out due to inactivity.");
this._showWarning("Session ended", "Session timed out due to inactivity.");
} else {
const _msg = `An unexpected error occurred: ${error.message}`;
this._showError("Connection error", _msg);
Expand Down Expand Up @@ -228,7 +245,6 @@ function stopTask(taskId, onSuccess, onError) {

const apiUrl = location.origin + "/apiv2/tasks/status/" + taskId + "/";

var apiUrl = location.origin + "/apiv2/tasks/status/" + taskId + "/";
fetch(apiUrl, {
method: 'POST',
headers: {
Expand Down
Loading