diff --git a/data/yara/CAPE/NitrogenLoader.yar b/data/yara/CAPE/NitrogenLoader.yar
index d51906c18bf..62ca0ce830f 100644
--- a/data/yara/CAPE/NitrogenLoader.yar
+++ b/data/yara/CAPE/NitrogenLoader.yar
@@ -31,5 +31,6 @@ rule NitrogenLoader
$rc4decrypt_1 = {48 89 ?? 4? 89 ?? E8 [4] 4? 8B ?? 24 [1-4] 4? 89 ?? 4? 89 ?? 4? 89 C1 [0-1] 89 ?? E8 [4] 4? 89}
$rc4decrypt_2 = {E8 [4] 8B ?? 24 [1-4] 4? 89 ?? 48 89 ?? 4? 89 C1 E8 [3] FF}
condition:
- (2 of ($string*) and any of ($syscall*)) or 4 of ($decrypt*) or ((3 of ($taskman_*) or 3 of ($installers*)) and all of ($rc4decrypt_*))
+ uint16(0) == 0x5a4d and
+ ((2 of ($string*) and any of ($syscall*)) or 4 of ($decrypt*) or ((3 of ($taskman_*) or 3 of ($installers*)) and all of ($rc4decrypt_*)))
}
diff --git a/web/analysis/views.py b/web/analysis/views.py
index 29df40d88c5..4eb2c6b73d7 100644
--- a/web/analysis/views.py
+++ b/web/analysis/views.py
@@ -288,7 +288,6 @@ def get_analysis_info(db, id=-1, task=None):
# by sha256; the denormalize_files mongo hook restores
# them — but only if file_ref is in the projection. Pull
# it explicitly so the hook can follow the reference.
- "target.file.yara.name": 1,
"target.file.file_ref": 1,
"suri_tls_cnt": 1,
"suri_alert_cnt": 1,
diff --git a/web/guac/templates/guac/index.html b/web/guac/templates/guac/index.html
index 41a633d663b..87ba55825e6 100644
--- a/web/guac/templates/guac/index.html
+++ b/web/guac/templates/guac/index.html
@@ -33,9 +33,8 @@
-
Session Error
-
-
+
Session Ended
+
View Task
diff --git a/web/static/js/guac-main.js b/web/static/js/guac-main.js
index ec708431fd8..bd96e92b0db 100644
--- a/web/static/js/guac-main.js
+++ b/web/static/js/guac-main.js
@@ -17,6 +17,10 @@ const PASTE_DELAY_MS = 50;
const NON_FATAL_STATUS_CODES = new Set([0, 256]);
+const ICON_ERROR = 'fas fa-exclamation-circle text-danger';
+const ICON_WARNING = 'fas fa-exclamation-triangle text-warning';
+const ICON_SUCCESS = 'fas fa-check-circle text-success';
+
class GuacSession {
constructor(element, config) {
this.config = config;
@@ -153,14 +157,27 @@ class GuacSession {
});
}
- _showError(title, detail) {
+ _showDialog(title, detail, icon) {
const dialog = $('#launch_error');
- dialog.find('.message').html(title);
- dialog.find('.error_msg').html(detail);
+ const iconHtml = icon ? `` : '';
+ dialog.find('#dialog-heading').html(`${iconHtml}${title}`);
+ dialog.find('#dialog-message').html(detail);
dialog.dialog({ dialogClass: 'no-close' });
dialog.dialog(this.dialogContainer);
}
+ _showError(title, detail) {
+ this._showDialog(title, detail, ICON_ERROR);
+ }
+
+ _showWarning(title, detail) {
+ this._showDialog(title, detail, ICON_WARNING);
+ }
+
+ _showSuccess(title, detail) {
+ this._showDialog(title, detail, ICON_SUCCESS);
+ }
+
_setupErrorHandler() {
const handler = (error) => {
console.log(`guac error ${error.code}: ${error.message}`);
@@ -174,9 +191,9 @@ class GuacSession {
if (error.code === 514) {
this._showError("Connection error", "Server timeout.");
} else if (error.code === 515) {
- this._showError("Session complete", "Backing VM has disconnected.");
+ this._showSuccess("Session complete", "Backing VM has disconnected.");
} else if (error.code === 522) {
- this._showError("Session ended", "Session timed out due to inactivity.");
+ this._showWarning("Session ended", "Session timed out due to inactivity.");
} else {
const _msg = `An unexpected error occurred: ${error.message}`;
this._showError("Connection error", _msg);
@@ -228,7 +245,6 @@ function stopTask(taskId, onSuccess, onError) {
const apiUrl = location.origin + "/apiv2/tasks/status/" + taskId + "/";
- var apiUrl = location.origin + "/apiv2/tasks/status/" + taskId + "/";
fetch(apiUrl, {
method: 'POST',
headers: {