Skip to content

Commit

Permalink
Merge pull request #741 from CybercentreCanada/update/short_form
Browse files Browse the repository at this point in the history
If short_form sig is raised, set 'is_phishing' to True [dev]
  • Loading branch information
cccs-kevin authored Jun 18, 2024
2 parents fec82ab + 924252c commit 38dee05
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 1 deletion.
1 change: 1 addition & 0 deletions jsjaws.py
Original file line number Diff line number Diff line change
Expand Up @@ -1475,6 +1475,7 @@ def _run_the_gauntlet(self, request, file_path, file_content, subsequent_run: bo
phishing_inputs_sec.add_lines([f"\t- {item}" for item in sorted(self.phishing_inputs)])
if self.short_form:
phishing_inputs_heur.add_signature_id("short_form", 500)
self.is_phishing = True

if self.num_of_web_bugs:
web_bugs_sec = ResultTextSection("Web bugs found", parent=request.result)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"extra": {
"drop_file": false,
"score": 2571,
"score": 3071,
"sections": [
{
"auto_collapse": false,
Expand Down Expand Up @@ -705,6 +705,44 @@
"title_text": "URLs",
"zeroize_on_tag_safe": false
},
{
"auto_collapse": false,
"body": "\t-\thttps://couponhagen.churchontheranch.uk/app/exlca.php",
"body_config": {},
"body_format": "TEXT",
"classification": "TLP:C",
"depth": 1,
"heuristic": {
"attack_ids": [],
"frequency": 1,
"heur_id": 1,
"score": 500,
"score_map": {
"is_phishing_url": 500
},
"signatures": {
"is_phishing_url": 1
}
},
"promote_to": null,
"tags": {
"network": {
"dynamic": {
"domain": [
"couponhagen.churchontheranch.uk"
],
"uri": [
"https://couponhagen.churchontheranch.uk/app/exlca.php"
],
"uri_path": [
"/app/exlca.php"
]
}
}
},
"title_text": "URLs used for POSTs, found in a file containing suspicious phishing characteristics",
"zeroize_on_tag_safe": false
},
{
"auto_collapse": false,
"body": "Multiple rounds of tool runs were required due to nested document.write calls",
Expand Down Expand Up @@ -762,6 +800,13 @@
"single_script_url"
]
},
{
"attack_ids": [],
"heur_id": 1,
"signatures": [
"is_phishing_url"
]
},
{
"attack_ids": [],
"heur_id": 2,
Expand Down Expand Up @@ -879,6 +924,13 @@
],
"value": "couponhagen.churchontheranch.uk"
},
{
"heur_id": 1,
"signatures": [
"is_phishing_url"
],
"value": "couponhagen.churchontheranch.uk"
},
{
"heur_id": 1,
"signatures": [
Expand All @@ -902,6 +954,13 @@
],
"value": "https://couponhagen.churchontheranch.uk/app/exlca.php"
},
{
"heur_id": 1,
"signatures": [
"is_phishing_url"
],
"value": "https://couponhagen.churchontheranch.uk/app/exlca.php"
},
{
"heur_id": 1,
"signatures": [
Expand All @@ -918,6 +977,13 @@
],
"value": "/app/exlca.php"
},
{
"heur_id": 1,
"signatures": [
"is_phishing_url"
],
"value": "/app/exlca.php"
},
{
"heur_id": 1,
"signatures": [
Expand Down

0 comments on commit 38dee05

Please sign in to comment.