adding potential for multiple contributions

huntresslabs · Sep 4, 2024 · e37ac6a · e37ac6a
1 parent fcb45e2
commit e37ac6a
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 45 deletions.
diff --git a/app/contribute/page.tsx b/app/contribute/page.tsx
@@ -1,12 +1,9 @@
 "use client";
 
 import { useState, useEffect } from 'react';
+import { RogueApp } from '../../lib/types';
 import styles from '../../styles/Contribute.module.css';
 
-interface RogueApp {
-  contributor: string;
-}
-
 interface Contributor {
   name: string;
   count: number;
@@ -30,11 +27,11 @@ export default function Contribute() {
       const contributorMap: { [key: string]: number } = {};
 
       data.forEach(app => {
-        if (contributorMap[app.contributor]) {
-          contributorMap[app.contributor]++;
-        } else {
-          contributorMap[app.contributor] = 1;
-        }
+        app.contributors
+          .filter(contributor => contributor !== "Huntress Research Team") // No need to pat ourselves on the back here.
+          .forEach(contributor => {
+            contributorMap[contributor] = (contributorMap[contributor] || 0) + 1;
+          });
       });
 
       const contributorsList = Object.keys(contributorMap).map(name => ({
@@ -53,15 +50,22 @@ export default function Contribute() {
       <main className={styles.main}>
         <h1 className={styles.title}>Contribute to RogueApps</h1>
         <p>We'd love to hear your stories of RogueApps that you've seen!</p>
-        <p>If you want to contribute to the RogueApps project, please <a href="https://github.com/huntresslabs/rogueapps/issues/new?assignees=&labels=new+rogueapp&projects=&template=custom.md&title=%5BNew+RogueApp%5D%3A+%28RogueApp+Name%29">open an Issue in the official GitHub repository.</a> Please follow the issue template and include details about the observed TTPs for the RogueApp. <b>Please do not submit any sensitive, private, or proprietary information.</b></p>
-
+        <p>
+          If you want to contribute to the RogueApps project, please{' '}
+          <a href="https://github.com/huntresslabs/rogueapps/issues/new?assignees=&labels=new+rogueapp&projects=&template=custom.md&title=%5BNew+RogueApp%5D%3A+%28RogueApp+Name%29">
+            open an Issue in the official GitHub repository.
+          </a>{' '}
+          Please follow the issue template and include details about the observed TTPs for the RogueApp.{' '}
+          <b>Please do not submit any sensitive, private, or proprietary information.</b>
+        </p>
+
         <hr className={styles.divider} />
-        
+
         <h2 className={styles.thankYou}>Thank you to our Contributors! 💖</h2>
         <div className={styles.contributorGrid}>
           {contributors.map((contributor, index) => (
             <div key={index} className={styles.contributorItem}>
-             🔥 {contributor.name} <span className={styles.yellowText}>x {contributor.count}</span>
+              🔥 {contributor.name} <span className={styles.yellowText}>x {contributor.count}</span>
             </div>
           ))}
         </div>

diff --git a/app/page.tsx b/app/page.tsx
@@ -22,10 +22,10 @@ export default function Home() {
   const filteredApps = rogueApps.filter(app =>
     app.appDisplayName?.toLowerCase().includes(searchTerm.toLowerCase()) ||
     app.description?.toLowerCase().includes(searchTerm.toLowerCase()) ||
-    app.contributor?.toLowerCase().includes(searchTerm.toLowerCase()) ||
-    app.mitreTTP?.join(', ').toLowerCase().includes(searchTerm.toLowerCase()) ||
-    app.tags?.join(' ').toLowerCase().includes(searchTerm.toLowerCase()) ||
-    app.permissions?.some(permission => 
+    (Array.isArray(app.contributors) ? app.contributors.join(', ').toLowerCase().includes(searchTerm.toLowerCase()) : false) ||
+    (Array.isArray(app.mitreTTP) ? app.mitreTTP.join(', ').toLowerCase().includes(searchTerm.toLowerCase()) : false) ||
+    (Array.isArray(app.tags) ? app.tags.join(' ').toLowerCase().includes(searchTerm.toLowerCase()) : false) ||
+    app.permissions?.some(permission =>
       permission.resource?.toLowerCase().includes(searchTerm.toLowerCase()) ||
       permission.permission?.toLowerCase().includes(searchTerm.toLowerCase()) ||
       permission.type?.toLowerCase().includes(searchTerm.toLowerCase())
@@ -62,21 +62,28 @@ export default function Home() {
               <p>{app.description}</p>
               {expandedCard === index && (
                 <div className={styles.cardDetails}>
-                  <p><strong>App ID:</strong> {app.appId}</p>
-                  <p><strong>Owner Organization ID:</strong> {app.appOwnerOrganizationId}</p>
-                  <p><strong>Publisher:</strong> {app.appPublisherName}</p>
-                  <p><strong>Contributor:</strong> {app.contributor}</p>
-                  <p><strong>MITRE TTP:</strong> {app.mitreTTP.join(', ')}</p>
-                  <p><strong>Tags:</strong> {app.tags.join(', ')}</p>
-                  <h4>Permissions:</h4>
+                  <p><strong>App ID: </strong> {app.appId}</p>
+                  <p><strong>Owner Organization ID: </strong> {app.appOwnerOrganizationId}</p>
+                  <p><strong>Publisher: </strong> {app.appPublisherName}</p>
+                  <p>
+                    <strong>Contributors: </strong>
+                    {Array.isArray(app.contributors) && app.contributors.length > 0
+                      ? app.contributors.length === 1
+                        ? app.contributors[0]
+                        : app.contributors.join(', ')
+                      : 'N/A'}
+                  </p>
+                  <p><strong>MITRE TTP: </strong> {Array.isArray(app.mitreTTP) ? app.mitreTTP.join(', ') : 'N/A'}</p>
+                  <p><strong>Tags: </strong> {Array.isArray(app.tags) ? app.tags.join(', ') : 'N/A'}</p>
+                  <h4>Permissions: </h4>
                   <ul className={styles.tealList}>
                     {app.permissions.map((permission, permIndex) => (
                       <li key={permIndex}>
                         <code>{permission.resource}:</code> <code>{permission.permission}</code> (<code>{permission.type}</code>)
                       </li>
                     ))}
                   </ul>
-                  <h4>References:</h4>
+                  <h4>References: </h4>
                   <ul className={styles.tealList}>
                     {app.references.map((ref, refIndex) => (
                       <li key={refIndex}>
@@ -100,12 +107,19 @@ export default function Home() {
             <h3>{filteredApps[expandedCard].appDisplayName}</h3>
             <p>{filteredApps[expandedCard].description}</p>
             <div className={styles.cardDetails}>
-              <p><strong>App ID:</strong> {filteredApps[expandedCard].appId}</p>
-              <p><strong>Owner Organization ID:</strong> {filteredApps[expandedCard].appOwnerOrganizationId}</p>
-              <p><strong>Publisher:</strong> {filteredApps[expandedCard].appPublisherName}</p>
-              <p><strong>Contributor:</strong> {filteredApps[expandedCard].contributor}</p>
-              <p><strong>MITRE TTP:</strong> {filteredApps[expandedCard].mitreTTP.join(', ')}</p>
-              <p><strong>Tags:</strong> {filteredApps[expandedCard].tags.join(', ')}</p>
+              <p><strong>App ID: </strong> {filteredApps[expandedCard].appId}</p>
+              <p><strong>Owner Organization ID: </strong> {filteredApps[expandedCard].appOwnerOrganizationId}</p>
+              <p><strong>Publisher: </strong> {filteredApps[expandedCard].appPublisherName}</p>
+              <p>
+                <strong>Contributors: </strong>
+                {Array.isArray(filteredApps[expandedCard].contributors) && filteredApps[expandedCard].contributors.length > 0
+                  ? filteredApps[expandedCard].contributors.length === 1
+                    ? filteredApps[expandedCard].contributors[0]
+                    : filteredApps[expandedCard].contributors.join(', ')
+                  : 'N/A'}
+              </p>
+              <p><strong>MITRE TTP:</strong> {Array.isArray(filteredApps[expandedCard].mitreTTP) ? filteredApps[expandedCard].mitreTTP.join(', ') : 'N/A'}</p>
+              <p><strong>Tags:</strong> {Array.isArray(filteredApps[expandedCard].tags) ? filteredApps[expandedCard].tags.join(', ') : 'N/A'}</p>
               <h4>Permissions:</h4>
               <ul className={styles.tealList}>
                 {filteredApps[expandedCard].permissions.map((permission, permIndex) => (

diff --git a/lib/types.ts b/lib/types.ts
@@ -1,7 +1,7 @@
 export interface Permission {
   resource: string;
-  permission: string;       
-  type: "Delegated" | "Application";  
+  permission: string;
+  type: "Delegated" | "Application";
 }
 
 export interface RogueApp {
@@ -18,6 +18,6 @@ export interface RogueApp {
   mitreTTP: string[];
 
   // Contributor data
-  contributor: string;
+  contributors: string[];
   dateAdded: string;
 }
diff --git a/public/rogueapps.json b/public/rogueapps.json
@@ -28,23 +28,28 @@
         "type": "Delegated"
       }
     ],
-    "tags": ["BEC", "email", "spam"],
+    "tags": [
+      "BEC",
+      "email",
+      "spam"
+    ],
     "references": [
       "https://www.emclient.com/",
       "https://www.huntress.com/blog/legitimate-apps-as-traitorware-for-persistent-microsoft-365-compromise",
       "https://cybercorner.tech/malicious-usage-of-em-client-in-business-email-compromise/"
-      ],
+    ],
     "mitreTTP": [],
-
-    "contributor": "Huntress Research Team",
+    "contributors": [
+      "Huntress Research Team"
+    ],
     "dateAdded": "2024-08-05"
   },
   {
     "appId": "ff8d92dc-3d82-41d6-bcbd-b9174d163620",
     "appDisplayName": "PerfectData Software",
-    "appOwnerOrganizationId": "unknown", 
+    "appOwnerOrganizationId": "unknown",
     "appPublisherName": "PerfectData Software Ltd.",
-    "appPublisherId": "unknown", 
+    "appPublisherId": "unknown",
     "description": "An application that can export mailboxes for backup purposes. Used maliciously to exfiltrate data and stage financial fraud transactions.",
     "permissions": [
       {
@@ -73,15 +78,21 @@
         "type": "Delegated"
       }
     ],
-    "tags": ["exfiltration", "BEC", "backup"],
+    "tags": [
+      "exfiltration",
+      "BEC",
+      "backup"
+    ],
     "references": [
       "https://cybercorner.tech/malicious-azure-application-perfectdata-software-and-office365-business-email-compromise/",
       "https://darktrace.com/blog/how-abuse-of-perfectdata-software-may-create-a-perfect-storm-an-emerging-trend-in-account-takeovers",
       "https://www.secureworks.com/blog/qr-phishing-leads-to-microsoft-365-account-compromise",
       "https://github.com/randomaccess3/detections/blob/main/M365_Oauth_Apps/MaliciousOauthAppDetections.json"
     ],
     "mitreTTP": [],
-    "contributor": "Huntress Research Team",
+    "contributors": [
+      "Huntress Research Team"
+    ],
     "dateAdded": "2024-08-14"
   },
   {
@@ -128,7 +139,11 @@
         "type": "Application"
       }
     ],
-    "tags": ["BEC", "spam", "phishing"],
+    "tags": [
+      "BEC",
+      "spam",
+      "phishing"
+    ],
     "references": [
       "https://int.supermailer.de/",
       "https://www.darkreading.com/endpoint-security/supermailer-abuse-email-security-super-sized-credential-theft",
@@ -142,7 +157,9 @@
       "T1588.002",
       "T1657"
     ],
-    "contributor": "Syne0",
+    "contributors": [
+      "Syne0"
+    ],
     "dateAdded": "2024-08-23"
   }
-]
+]