mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-06 07:12:46 +01:00
64 lines
1.3 KiB
YAML
64 lines
1.3 KiB
YAML
name: Malware
|
|
tasks:
|
|
file-or-hash:
|
|
name: Do you have the file or the hash?
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
file:
|
|
type: string
|
|
title: "I have the"
|
|
enum: [ "File", "Hash" ]
|
|
next:
|
|
enter-hash: "file == 'Hash'"
|
|
upload: "file == 'File'"
|
|
|
|
enter-hash:
|
|
name: Please enter the hash
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
hash:
|
|
type: string
|
|
title: Please enter the hash value
|
|
minlength: 32
|
|
next:
|
|
virustotal: "hash != ''"
|
|
|
|
upload:
|
|
name: Upload the malware
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: object
|
|
x-display: file
|
|
title: Please upload the malware
|
|
next:
|
|
hash: "malware"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['upload'].data['malware']"
|
|
next:
|
|
virustotal:
|
|
|
|
virustotal:
|
|
name: Send hash to VirusTotal
|
|
type: automation
|
|
automation: vt.hash
|
|
args:
|
|
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
|
# next:
|
|
# known-malware: "score > 5"
|
|
# sandbox: "score < 6" # unknown-malware
|