This repository has been archived by the owner on Dec 10, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
phantom-html.html
90 lines (88 loc) · 9.66 KB
/
phantom-html.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<title>phantom-html.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<br/>
<style type="text/css">
<!--
p {margin: 0; padding: 0;} .ft10{font-size:26px;font-family:Times;color:#4b1d6c;}
.ft11{font-size:13px;font-family:Times;color:#333333;}
.ft12{font-size:13px;font-family:Times;color:#1154cc;}
.ft13{font-size:18px;font-family:Times;color:#333333;}
.ft14{font-size:10px;font-family:Times;color:#5f5f5f;}
.ft15{font-size:13px;line-height:21px;font-family:Times;color:#333333;}
.ft16{font-size:13px;line-height:20px;font-family:Times;color:#333333;}
-->
</style>
</head>
<body bgcolor="#A0A0A0" vlink="blue" link="blue">
<div id="page1-div" style="position:relative;width:918px;height:1188px;">
<img width="918" height="1188" src="phantom001.png" alt="background image"/>
<p style="position:absolute;top:131px;left:108px;white-space:nowrap" class="ft10"><b>ReversingLabs A1000</b> </p>
<p style="position:absolute;top:198px;left:108px;white-space:nowrap" class="ft15">This app supports using ReversingLabs Advanced File Analysis to 'detonate file' on the A1000 <br/>Advanced Malware Analysis Appliance. </p>
<p style="position:absolute;top:253px;left:108px;white-space:nowrap" class="ft15">The A1000 appliance is a powerful threat detection and file analysis platform that integrates other <br/>ReversingLabs technologies (TitaniumCore - the automated static analysis solution, and <br/>TitaniumCloud File Reputation Service) to provide detailed information on each file's status and <br/>threat capabilities. </p>
<p style="position:absolute;top:351px;left:108px;white-space:nowrap" class="ft15">The A1000 makes it easy to upload multiple samples for analysis. It can process, unpack, and <br/>classify them in a matter of milliseconds, and display detailed analysis reports. Historical analysis <br/>results are preserved in a database to enable in-depth searching, and malware samples are <br/>continually reanalyzed to ensure the most up-to-date file reputation status. </p>
<p style="position:absolute;top:449px;left:108px;white-space:nowrap" class="ft15">The A1000 relies on several threat classification methods, including YARA rules and ReversingLabs <br/>hashing algorithm (RHA) that classifies files based on their functional similarity. </p>
<p style="position:absolute;top:504px;left:108px;white-space:nowrap" class="ft11"><a href="http://www.reversinglabs.com/products/malware-analysis-appliance.html">For more information, consult the official product website.</a> </p>
<p style="position:absolute;top:553px;left:108px;white-space:nowrap" class="ft13"><b>Configuration Variables </b></p>
<p style="position:absolute;top:591px;left:108px;white-space:nowrap" class="ft15">The configuration variables in the table below are required for this app to operate on A1000. These <br/>are specified when configuring an asset in Phantom. </p>
<p style="position:absolute;top:646px;left:162px;white-space:nowrap" class="ft14"><b>VARIABLE</b></p>
<p style="position:absolute;top:644px;left:222px;white-space:nowrap" class="ft11"> </p>
<p style="position:absolute;top:646px;left:299px;white-space:nowrap" class="ft14"><b>REQUIRED</b></p>
<p style="position:absolute;top:644px;left:359px;white-space:nowrap" class="ft11"> </p>
<p style="position:absolute;top:646px;left:417px;white-space:nowrap" class="ft14"><b>TYPE</b></p>
<p style="position:absolute;top:644px;left:449px;white-space:nowrap" class="ft11"> </p>
<p style="position:absolute;top:646px;left:563px;white-space:nowrap" class="ft14"><b>DESCRIPTION</b></p>
<p style="position:absolute;top:644px;left:644px;white-space:nowrap" class="ft11"> </p>
<p style="position:absolute;top:681px;left:131px;white-space:nowrap" class="ft11">verify_server_cert </p>
<p style="position:absolute;top:681px;left:304px;white-space:nowrap" class="ft11">required </p>
<p style="position:absolute;top:681px;left:407px;white-space:nowrap" class="ft11">boolean </p>
<p style="position:absolute;top:681px;left:510px;white-space:nowrap" class="ft15">If selected, plugin will <br/>accept self-signed <br/>certificates. </p>
<p style="position:absolute;top:745px;left:131px;white-space:nowrap" class="ft11">api_key </p>
<p style="position:absolute;top:745px;left:304px;white-space:nowrap" class="ft11">required </p>
<p style="position:absolute;top:745px;left:407px;white-space:nowrap" class="ft11">string </p>
<p style="position:absolute;top:745px;left:510px;white-space:nowrap" class="ft15">API Key obtained from <br/>A1000 used for <br/>authentication. </p>
<p style="position:absolute;top:809px;left:131px;white-space:nowrap" class="ft11">base_url </p>
<p style="position:absolute;top:809px;left:304px;white-space:nowrap" class="ft11">required </p>
<p style="position:absolute;top:809px;left:407px;white-space:nowrap" class="ft11">string </p>
<p style="position:absolute;top:809px;left:510px;white-space:nowrap" class="ft15">Base URL to A1000 <br/>instance. </p>
<p style="position:absolute;top:852px;left:131px;white-space:nowrap" class="ft11">timeout </p>
<p style="position:absolute;top:852px;left:304px;white-space:nowrap" class="ft11">required </p>
<p style="position:absolute;top:852px;left:407px;white-space:nowrap" class="ft11">numeric </p>
<p style="position:absolute;top:852px;left:510px;white-space:nowrap" class="ft15">Analysis timeout in <br/>minutes. </p>
<p style="position:absolute;top:917px;left:108px;white-space:nowrap" class="ft13"><b>How to Configure the App </b></p>
<p style="position:absolute;top:968px;left:108px;white-space:nowrap" class="ft16">Access the Asset Settings tab on the Asset Configuration page. The variables described in the <br/>previous section are displayed in this tab. </p>
</div>
</body>
</html>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<title>phantom-html.html</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<br/>
<style type="text/css">
<!--
p {margin: 0; padding: 0;} .ft20{font-size:13px;font-family:Times;color:#333333;}
.ft21{font-size:18px;font-family:Times;color:#333333;}
.ft22{font-size:13px;font-family:Times;color:#3379b7;}
.ft23{font-size:14px;font-family:Times;color:#000000;}
.ft24{font-size:13px;line-height:20px;font-family:Times;color:#333333;}
.ft25{font-size:18px;line-height:36px;font-family:Times;color:#333333;}
.ft26{font-size:13px;line-height:21px;font-family:Times;color:#333333;}
-->
</style>
</head>
<body bgcolor="#A0A0A0" vlink="blue" link="blue">
<div id="page2-div" style="position:relative;width:918px;height:1188px;">
<img width="918" height="1188" src="phantom002.png" alt="background image"/>
<p style="position:absolute;top:469px;left:790px;white-space:nowrap" class="ft20"> </p>
<p style="position:absolute;top:513px;left:108px;white-space:nowrap" class="ft24">The "Base URL" field requires the host address of the A1000 appliance. Select the "Verify server <br/>certificate" checkbox to allow only commercial certificates, not the self-signed certificates. </p>
<p style="position:absolute;top:577px;left:108px;white-space:nowrap" class="ft24">The "API Key" contains the the authentication token obtained from an A1000 instance used for <br/>accessing the A1000 REST API. </p>
<p style="position:absolute;top:641px;left:108px;white-space:nowrap" class="ft24">The "Detonate timeout" variable defines how long the app should wait for the results from the A1000 <br/>appliance. </p>
<p style="position:absolute;top:705px;left:108px;white-space:nowrap" class="ft26"><b>Supported Actions <br/></b>detonate file - Analyze the file in the A1000 Advanced Malware Analysis Appliance and retrieve the <br/>analysis results. </p>
<p style="position:absolute;top:797px;left:108px;white-space:nowrap" class="ft26">test connectivity - Validate the asset configuration for connectivity. This action logs into the device <br/>to check the connection and credentials. </p>
</div>
</body>
</html>