assemblyline-v4-service 4.6.1.dev126__py3-none-any.whl → 4.6.1.dev129__py3-none-any.whl

assemblyline_v4_service/VERSION

@@ -1 +1 @@
-4.6.1.dev126
+4.6.1.dev129

assemblyline_v4_service/common/ocr.py

@@ -8,103 +8,76 @@ from assemblyline_v4_service.common.utils import PASSWORD_WORDS
 # The terms related to each indicator category
 OCR_INDICATORS_TERMS: dict[str, list[str]] = {
     "ransomware": [
-        # https://github.com/cuckoosandbox/community/blob/master/modules/signatures/windows/ransomware_message.py
-        "AES 128",
-        "AES 256",
-        "AES-128",
-        "AES-256",
-        "AES128",
-        "AES256",
-        "RSA 1024",
-        "RSA 2048",
-        "RSA 4096",
-        "RSA-1024",
-        "RSA-2048",
-        "RSA-4096",
-        "RSA1024",
-        "RSA2048",
-        "RSA4096",
-        "bitcoin",
-        "bootkit",
-        "decrypt",
-        "download tor",
-        "encrypt",
-        "enter code",
-        "has been locked",
-        "install tor",
-        "pay a fine",
-        "pay fine",
-        "pay the fine",
-        "payment",
-        "personal code",
-        "personal key",
-        "private code",
-        "private key",
-        "ransom",
-        "recover data",
-        "recover data",
-        "recover files",
-        "recover files",
-        "recover personal",
-        "recover the data",
-        "recover the files",
-        "recover them",
-        "recover your",
-        "restore data",
-        "restore files",
-        "restore the data",
-        "restore the files",
-        "rootkit",
-        "secret internet server",
-        "secret server",
-        "tor browser",
-        "tor gateway",
-        "tor-browser",
-        "tor-gateway",
-        "torbrowser",
-        "torgateway",
-        "torproject.org",
-        "unique key",
-        "victim",
-        "your code",
-        "your data",
-        "your documents",
-        "your files",
-        "your key",
-        # https://github.com/CAPESandbox/community/blob/815e21980f4b234cf84e78749447f262af2beef9/modules/signatures/office_macro.py
-        "bank account",
-        # https://github.com/CAPESandbox/community/blob/815e21980f4b234cf84e78749447f262af2beef9/modules/signatures/ransomware_message.py
-        "Attention!",
-        "BTC",
-        "HardwareID",
-        "bit coin",
-        "decrypter",
-        "decryptor",
-        "device ID",
-        "encrypted",
-        "encryption ID",
-        "ethereum",
-        "get back my",
-        "get back your",
-        "localbitcoins",
-        "military grade encryption",
-        "personal ID",
-        "personal identification code",
-        "personal identifier",
-        "recover datarecover the files",
-        "recover my",
-        "restore system",
-        "restore the system",
-        "unique ID",
-        "wallet address",
-        "what happend",
-        "what happened",
-        "your database",
-        "your network",
-        # Other
-        "coin",
-        "ether",
-        "litecoin",
+         "tor browser",
+         "torproject org",
+         "www torproject",
+         "www torproject org",
+         "https www torproject",
+         "https www torproject org",
+         "install tor",
+         "install tor browser",
+         "tor browser https",
+         "files encrypted",
+         "download install tor",
+         "download install tor browser",
+         "browser https www torproject",
+         "decrypt files",
+         "tor browser https www",
+         "private key",
+         "id snip",
+         "download tor",
+         "onion http",
+         "install tor browser https",
+         "https torproject",
+         "https torproject org",
+         "onion snip",
+         "torproject org download",
+         "www torproject org download",
+         "download tor browser",
+         "restore files",
+         "recover files",
+         "decryption software",
+         "pay ransom",
+         "decryption tool",
+         "data loss",
+         "tor browser open",
+         "data encrypted",
+         "important files",
+         "data stolen",
+         "damage files",
+         "decrypt file",
+         "tor browser http",
+         "leaked data",
+         "recover data",
+         "tor browser site",
+         "using tor",
+         "decrypt data",
+         "decrypt file free",
+         "install tor browser site",
+         "key snip",
+         "tor browser site https",
+         "using tor browser",
+         "decryption key",
+         "onion login",
+         "password snip",
+         "site https torproject",
+         "site https torproject org",
+         "tor browser download",
+         "browser https torproject",
+         "browser https torproject org",
+         "browser site https torproject",
+         "permanent data",
+         "permanent data loss",
+         "tor browser https torproject",
+         "torproject org open",
+         "contact soon possible",
+         "delete data",
+         "don try",
+         "encrypted data",
+         "https ibb",
+         "https ibb snip",
+         "ibb snip",
+         "onionmail org",
     ],
     "macros": [
         # https://github.com/cuckoosandbox/community/blob/17d57d46ccbca0327a8299cb93abba8604b74df7/modules/signatures/windows/office_enablecontent_ocr.py

assemblyline_v4_service/common/utils.py

@@ -122,7 +122,7 @@ def _is_dev_mode() -> bool:
         read_stack_trace = stack_trace.read()
 
         if any(msg in read_stack_trace
-               for msg in ['run_service_once', 'pytest', 'assemblyline_v4_service.testing.helper']):
+               for msg in ['run_service_once', 'pytest', 'assemblyline_service_utilites.testing.helper']):
             return True
 
     return False

{assemblyline_v4_service-4.6.1.dev126.dist-info → assemblyline_v4_service-4.6.1.dev129.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: assemblyline-v4-service
-Version: 4.6.1.dev126
+Version: 4.6.1.dev129
 Summary: Assemblyline 4 - Service base
 Home-page: https://github.com/CybercentreCanada/assemblyline-v4-service/
 Author: CCCS Assemblyline development team

{assemblyline_v4_service-4.6.1.dev126.dist-info → assemblyline_v4_service-4.6.1.dev129.dist-info}/RECORD

@@ -1,4 +1,4 @@
-assemblyline_v4_service/VERSION,sha256=6pqZcpwZtI83oqH5C7yeQYVyUNgSyZbBWiwYsTkN5ts,13
+assemblyline_v4_service/VERSION,sha256=j-GxfvH-ISXhp0S-FlEr2nW-LqV1e1fSv58r72aLE24,13
 assemblyline_v4_service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 assemblyline_v4_service/healthz.py,sha256=3QGBg0EZuXC6UN411HFwpLNEop9UvS9feFhvBUTP-k4,1576
 assemblyline_v4_service/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -8,12 +8,12 @@ assemblyline_v4_service/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5
 assemblyline_v4_service/common/api.py,sha256=Xzp8j4HCCfjPvNSGKiZl5ttH2_Itg47cjlH0NXNtth0,6849
 assemblyline_v4_service/common/base.py,sha256=psivTxiOeN2jqL3G3I26oY9JFK-qPuwrg5y_y_d7xYs,14127
 assemblyline_v4_service/common/helper.py,sha256=xs9quuf-M1JOdKieBqOmWaOece0CtzXFhhe85xQYmuY,3289
-assemblyline_v4_service/common/ocr.py,sha256=3fV0PyY3oui_ucAM9dkolP0VRYKACKJuGY4M64DudIE,8841
+assemblyline_v4_service/common/ocr.py,sha256=NgkFqAq2lRzIveYUulKJmiiWYqwf4siYbL59n1Ow02o,8350
 assemblyline_v4_service/common/ontology_helper.py,sha256=9Ad81qbddg_pRMupT8o_KzxbKgpodaRqpc3mPoEKLtw,8494
 assemblyline_v4_service/common/request.py,sha256=W7fqC2xQE3i5i2jlCDyUDp3ZqJQQqSshNW0mQfJMkFg,11792
 assemblyline_v4_service/common/result.py,sha256=9AqM6qCYiia_Bpyn_fBFhzNQMcqJbtFSiGjp57fXW2E,32713
 assemblyline_v4_service/common/task.py,sha256=dJsvRpW0x88CCF_LW6w87jQ_UKTVaOs2Gb117IDNiU8,14233
-assemblyline_v4_service/common/utils.py,sha256=umEtTF92Q_Boq0gaIaY8twlwNHAmQOK9HWN6piWR42w,3916
+assemblyline_v4_service/common/utils.py,sha256=FDFsFcI6wt-pWyeQYnDWivsPbtme5RqVyofmNiggh6Y,3922
 assemblyline_v4_service/dev/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 assemblyline_v4_service/dev/run_service_once.py,sha256=W9kR49IUbkt8tNXjCT40ZMh-8p5W_odxlkDx6nhTAYM,10656
 assemblyline_v4_service/dev/updater.py,sha256=b-FK6XPRZbETbl-SIYEhnYGT-W7EcQhnxwD6x2NMC7g,6411
@@ -24,7 +24,7 @@ assemblyline_v4_service/updater/client.py,sha256=tLY84gaGdFBVIDaMgRHIEa7x2S8jBl7
 assemblyline_v4_service/updater/gunicorn_config.py,sha256=p3j2KPBeD5jvMw9O5i7vAtlRgPSVVxIG9AO0DfN82J8,1247
 assemblyline_v4_service/updater/helper.py,sha256=GeXrfuPQL0RB5IGcgvx30vcCEehUueorw6SMSExjE9Q,10751
 assemblyline_v4_service/updater/updater.py,sha256=XiqabDp89-t_J6C3U33R-RvA5lMIahFW_MsAVUGyXok,31876
-assemblyline_v4_service-4.6.1.dev126.dist-info/licenses/LICENCE.md,sha256=NSkYo9EH8h5oOkzg4VhjAHF4339MqPP2cQ8msTPgl-c,1396
+assemblyline_v4_service-4.6.1.dev129.dist-info/licenses/LICENCE.md,sha256=NSkYo9EH8h5oOkzg4VhjAHF4339MqPP2cQ8msTPgl-c,1396
 test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 test/conftest.py,sha256=W3SieQpZsZpGEmtLqY4aIlxREDSsHceyCrFcFsWUM0U,1851
 test/test_healthz.py,sha256=DkeLUlrb7rGx3nZ04aADU9HXXu5mZTf_DBwT0xhzIv4,7
@@ -34,13 +34,13 @@ test/test_common/__init__.py,sha256=RkOm3vnVp5L947mD1jTo4bdOgLTZJ24_NX-kqfMn5a8,
 test/test_common/test_api.py,sha256=7wlo7wgB12T23zMLbwjJ3GIomLHqE_Qvs3xkibSsR1U,4902
 test/test_common/test_base.py,sha256=fuJSSlPxIDHq6HU1xbvaMFitw2z1spOZNHD2SJ4UUic,13346
 test/test_common/test_helper.py,sha256=sO6YAiBhKTqaxlpLhFYDuy2ZdbuF2cg07Ylzo83ZzQs,2575
-test/test_common/test_ocr.py,sha256=mt_PgElgwQKJmNrp2nRVx9NjfMedVk40I6IV317vATI,1753
+test/test_common/test_ocr.py,sha256=_z0VnwhMjxheudRbOustezIG3VUBXLiZMOuKLz50Ix0,1767
 test/test_common/test_ontology_helper.py,sha256=Q9-Eqeo8Ih7XlbFmlUAXCtgnfW8JCDqqlYFb56077h4,10331
 test/test_common/test_request.py,sha256=Ceyds8BNO1O0f1kH1VEb84faJcaupvSjVKIrGdHexsc,11842
 test/test_common/test_result.py,sha256=6BiOKxEPrKBjOY44jv3TY-yiXm0qI1ok_CZBnjP9TM4,45447
 test/test_common/test_task.py,sha256=P44mNcSe-3tJgDk9ppN3KbM7oN4LBVIuhONG-Gveh74,19007
 test/test_common/test_utils.py,sha256=TbnBxqpS_ZC5ptXR9XJX3xtbItD0mTbtiBxxdyP8J5k,5904
-assemblyline_v4_service-4.6.1.dev126.dist-info/METADATA,sha256=VnBfzxDjRWRT-XZq3yC5xnDrYrjo2ifG8R6WxcIUjtU,5625
-assemblyline_v4_service-4.6.1.dev126.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-assemblyline_v4_service-4.6.1.dev126.dist-info/top_level.txt,sha256=LpTOEaVCatkrvbVq3EZseMSIa2PQZU-2rhuO_FTpZgY,29
-assemblyline_v4_service-4.6.1.dev126.dist-info/RECORD,,
+assemblyline_v4_service-4.6.1.dev129.dist-info/METADATA,sha256=KtHzxRctLZMYSFxhuqv1UaegblOWnuyVT04yb1Cx7GU,5625
+assemblyline_v4_service-4.6.1.dev129.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+assemblyline_v4_service-4.6.1.dev129.dist-info/top_level.txt,sha256=LpTOEaVCatkrvbVq3EZseMSIa2PQZU-2rhuO_FTpZgY,29
+assemblyline_v4_service-4.6.1.dev129.dist-info/RECORD,,

test/test_common/test_ocr.py

@@ -40,4 +40,4 @@ def test_detections():
     assert detections("blah\nrecover them\nblah") == {}
 
     # Containing two ransomware strings
-    assert detections("blah\nrecover them\nblah\nencrypt") == {"ransomware": ["recover them", "encrypt"]}
+    assert detections("blah\nrecover data\nblah\nencrypted data") == {"ransomware": ["recover data", "encrypted data"]}