diff --git a/bazaar/core/utils.py b/bazaar/core/utils.py index 4348a0b..dda3c4f 100644 --- a/bazaar/core/utils.py +++ b/bazaar/core/utils.py @@ -237,8 +237,7 @@ def get_matching_items_by_ssdeep(ssdeep_value, threshold_grade, index, sha256): if ssdeep_grade >= threshold_grade: sha256_list_to_return.append((record['_source']['sha256'], ssdeep_grade)) - return sha256_list_to_return - + return (sha256_list_to_return, None) def get_matching_items_by_ssdeep_func(ssdeep_value, threshold_grade, index, sha256): chunksize, chunk, double_chunk = ssdeep_value.split(':') @@ -281,6 +280,7 @@ def get_matching_items_by_ssdeep_func(ssdeep_value, threshold_grade, index, sha2 results = es.search(index=index, body=query) sha256_list_to_return = [] + ssdeep_struct = None for record in results['hits']['hits']: for rule in record['_source']['andro_cfg']['rules']: @@ -291,8 +291,11 @@ def get_matching_items_by_ssdeep_func(ssdeep_value, threshold_grade, index, sha2 if ssdeep_grade >= threshold_grade: sha256_list_to_return.append((record['_source']['sha256'], ssdeep_grade)) - - return sha256_list_to_return + + if f["dexofuzzy_hash"] == ssdeep_value: + ssdeep_struct = f + + return (sha256_list_to_return, ssdeep_struct) def get_matching_items_by_dexofuzzy(dexofuzzy_value, threshold_grade, index, sha256): @@ -350,8 +353,7 @@ def get_matching_items_by_dexofuzzy(dexofuzzy_value, threshold_grade, index, sha sha256_list_to_return.append( (record['_source']['sha256'], dexofuzzy_grade)) - return sha256_list_to_return - + return (sha256_list_to_return, None) def compute_genetic_analysis(results): try: diff --git a/bazaar/front/view.py b/bazaar/front/view.py index da619fe..c26e332 100644 --- a/bazaar/front/view.py +++ b/bazaar/front/view.py @@ -29,7 +29,7 @@ from bazaar.core.models import Yara from bazaar.core.tasks import analyze, retrohunt -from bazaar.core.utils import get_sha256_of_file, get_matching_items_by_dexofuzzy +from bazaar.core.utils import get_sha256_of_file, get_matching_items_by_dexofuzzy, compute_genetic_analysis from bazaar.front.forms import SearchForm, BasicUploadForm, SimilaritySearchForm, BasicUrlDownloadForm from bazaar.front.og import generate_og_card from bazaar.front.utils import transform_results, get_similarity_matrix, compute_status, generate_world_map, \ @@ -124,7 +124,7 @@ def get(self, request, *args, **kwargs): try: dexofuzzy_hash = result['dexofuzzy']['apk'] if dexofuzzy_hash: - similar_samples = get_matching_items_by_dexofuzzy( + similar_samples, _ = get_matching_items_by_dexofuzzy( dexofuzzy_hash, 25, settings.ELASTICSEARCH_DEXOFUZZY_APK_INDEX, sha) @@ -236,8 +236,10 @@ def similarity_search_view(request, sha256=''): form = SimilaritySearchForm(request.GET) results = None res = [] + ssdeep_struct = None + genetic_analysis = None if form.is_valid(): - results = form.do_search(sha256) + results, ssdeep_struct = form.do_search(sha256) for sha256, score in results: apk = get_sample_light(sha256) try: @@ -248,8 +250,9 @@ def similarity_search_view(request, sha256=''): res.append((apk[0]['source']['app_name'], apk[0]['source']['handle'], sha256, vt, score)) results = res + genetic_analysis = compute_genetic_analysis(results) - return render(request, 'front/similarity_search.html', {'form': form, 'results': results}) + return render(request, 'front/similarity_search.html', {'form': form, 'results': results, 'andro_cfg': ssdeep_struct, 'genetic_analysis': genetic_analysis}) def download_sample_view(request, sha256): diff --git a/bazaar/templates/front/m_similarities.html b/bazaar/templates/front/m_similarities.html index 25dc9c3..48b1b9e 100644 --- a/bazaar/templates/front/m_similarities.html +++ b/bazaar/templates/front/m_similarities.html @@ -1,3 +1,4 @@ +{% include "front/m_dendrogram.html" %} @@ -6,6 +7,9 @@ + {% if andro_cfg %} + + {% endif %} @@ -39,6 +43,11 @@ + {% if andro_cfg %} + + {% endif%} {% endif %} {% endfor %}
SHA256 VirusTotal Score SimilarityCode
+ {{andro_cfg.call_by}} +