assemblyline 4.3.2.dev35__tar.gz → 4.3.2.dev36__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. {assemblyline-4.3.2.dev35/assemblyline.egg-info → assemblyline-4.3.2.dev36}/PKG-INFO +1 -1
  2. assemblyline-4.3.2.dev36/assemblyline/VERSION +1 -0
  3. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/custom.yara +4 -2
  4. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36/assemblyline.egg-info}/PKG-INFO +1 -1
  5. assemblyline-4.3.2.dev35/assemblyline/VERSION +0 -1
  6. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/LICENCE.md +0 -0
  7. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/MANIFEST.in +0 -0
  8. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/README.md +0 -0
  9. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/__init__.py +0 -0
  10. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/cachestore/__init__.py +0 -0
  11. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/__init__.py +0 -0
  12. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/archiving.py +0 -0
  13. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/attack_map.py +0 -0
  14. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/backupmanager.py +0 -0
  15. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/banner.py +0 -0
  16. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/bundling.py +0 -0
  17. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/caching.py +0 -0
  18. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/chunk.py +0 -0
  19. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/classification.py +0 -0
  20. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/classification.yml +0 -0
  21. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/cleanup_filestore.py +0 -0
  22. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/codec.py +0 -0
  23. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/comms.py +0 -0
  24. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/constants.py +0 -0
  25. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/custom.magic +0 -0
  26. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/dict_utils.py +0 -0
  27. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/digests.py +0 -0
  28. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/entropy.py +0 -0
  29. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/exceptions.py +0 -0
  30. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/forge.py +0 -0
  31. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/frequency.c +0 -0
  32. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/frequency.pyx +0 -0
  33. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/heuristics.py +0 -0
  34. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/hexdump.py +0 -0
  35. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/identify.py +0 -0
  36. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/identify_defaults.py +0 -0
  37. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/importing.py +0 -0
  38. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/iprange.py +0 -0
  39. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/isotime.py +0 -0
  40. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/log.py +0 -0
  41. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/logformat.py +0 -0
  42. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/lucene.lark +0 -0
  43. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/memory_zip.py +0 -0
  44. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/metrics.py +0 -0
  45. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/net.py +0 -0
  46. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/net_static.py +0 -0
  47. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/null.py +0 -0
  48. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/path.py +0 -0
  49. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/postprocess.py +0 -0
  50. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/random_user.py +0 -0
  51. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/security.py +0 -0
  52. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/signaturing.py +0 -0
  53. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/str_utils.py +0 -0
  54. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/tag_safelist.yml +0 -0
  55. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/tagging.py +0 -0
  56. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/uid.py +0 -0
  57. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/version.py +0 -0
  58. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datasource/__init__.py +0 -0
  59. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datasource/al.py +0 -0
  60. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datasource/alert.py +0 -0
  61. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datasource/common.py +0 -0
  62. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/__init__.py +0 -0
  63. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/bulk.py +0 -0
  64. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/collection.py +0 -0
  65. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/exceptions.py +0 -0
  66. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/helper.py +0 -0
  67. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/store.py +0 -0
  68. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/support/__init__.py +0 -0
  69. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/support/build.py +0 -0
  70. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/datastore/support/schemas.py +0 -0
  71. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/__init__.py +0 -0
  72. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/__init__.py +0 -0
  73. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/azure.py +0 -0
  74. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/base.py +0 -0
  75. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/ftp.py +0 -0
  76. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/http.py +0 -0
  77. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/local.py +0 -0
  78. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/s3.py +0 -0
  79. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/filestore/transport/sftp.py +0 -0
  80. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/__init__.py +0 -0
  81. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/base.py +0 -0
  82. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/common.py +0 -0
  83. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/__init__.py +0 -0
  84. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/alert.py +0 -0
  85. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/alerter_heartbeat.py +0 -0
  86. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/archive_heartbeat.py +0 -0
  87. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/changes.py +0 -0
  88. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/dispatcher_heartbeat.py +0 -0
  89. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/dispatching.py +0 -0
  90. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/expiry_heartbeat.py +0 -0
  91. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/ingest_heartbeat.py +0 -0
  92. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/metrics.py +0 -0
  93. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/scaler_heartbeat.py +0 -0
  94. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/scaler_status_heartbeat.py +0 -0
  95. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/service_heartbeat.py +0 -0
  96. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/service_timing_heartbeat.py +0 -0
  97. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/submission.py +0 -0
  98. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/task.py +0 -0
  99. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/messages/vacuum_heartbeat.py +0 -0
  100. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/__init__.py +0 -0
  101. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/actions.py +0 -0
  102. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/alert.py +0 -0
  103. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/cached_file.py +0 -0
  104. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/config.py +0 -0
  105. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/emptyresult.py +0 -0
  106. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/error.py +0 -0
  107. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/file.py +0 -0
  108. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/filescore.py +0 -0
  109. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/heuristic.py +0 -0
  110. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/__init__.py +0 -0
  111. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/filetypes/__init__.py +0 -0
  112. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/filetypes/pe.py +0 -0
  113. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/ontology.py +0 -0
  114. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/__init__.py +0 -0
  115. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/antivirus.py +0 -0
  116. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/malware_config.py +0 -0
  117. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/network.py +0 -0
  118. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/process.py +0 -0
  119. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/sandbox.py +0 -0
  120. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/ontology/results/signature.py +0 -0
  121. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/replay.py +0 -0
  122. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/result.py +0 -0
  123. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/safelist.py +0 -0
  124. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/service.py +0 -0
  125. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/service_delta.py +0 -0
  126. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/signature.py +0 -0
  127. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/statistics.py +0 -0
  128. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/submission.py +0 -0
  129. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/submission_summary.py +0 -0
  130. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/submission_tree.py +0 -0
  131. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/tagging.py +0 -0
  132. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/user.py +0 -0
  133. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/user_favorites.py +0 -0
  134. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/user_settings.py +0 -0
  135. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/models/workflow.py +0 -0
  136. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/random_data/__init__.py +0 -0
  137. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/random_data/create_test_data.py +0 -0
  138. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/random_data/sample_rules.yar +0 -0
  139. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/random_data/sample_suricata.rules +0 -0
  140. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/odm/randomizer.py +0 -0
  141. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/__init__.py +0 -0
  142. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/__init__.py +0 -0
  143. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/counters.py +0 -0
  144. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/events.py +0 -0
  145. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/exporting_counter.py +0 -0
  146. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/hash.py +0 -0
  147. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/lock.py +0 -0
  148. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/queues/__init__.py +0 -0
  149. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/queues/comms.py +0 -0
  150. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/queues/multi.py +0 -0
  151. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/queues/named.py +0 -0
  152. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/queues/priority.py +0 -0
  153. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/set.py +0 -0
  154. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/remote/datatypes/user_quota_tracker.py +0 -0
  155. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/run/__init__.py +0 -0
  156. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/run/cli.py +0 -0
  157. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/run/pubsub_reader.py +0 -0
  158. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/run/suricata_importer.py +0 -0
  159. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/run/yara_importer.py +0 -0
  160. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline.egg-info/SOURCES.txt +0 -0
  161. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline.egg-info/dependency_links.txt +0 -0
  162. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline.egg-info/requires.txt +0 -0
  163. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline.egg-info/top_level.txt +0 -0
  164. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/setup.cfg +0 -0
  165. {assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/setup.py +0 -0
{assemblyline-4.3.2.dev35/assemblyline.egg-info → assemblyline-4.3.2.dev36}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline
3
- Version: 4.3.2.dev35
3
+ Version: 4.3.2.dev36
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.3.2.dev36/assemblyline/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.3.2.dev36
{assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36}/assemblyline/common/custom.yara RENAMED
@@ -718,8 +718,9 @@ rule code_batch {
718
718
  $obf1 = /%[^:\n\r%]+:~[ \t]*[\-+]?\d{1,3},[ \t]*[\-+]?\d{1,3}%/
719
719
  // Example: %blah1%%blah2%%blah3%%blah4%%blah5%%blah6%%blah7%%blah8%%blah9%%blah10%
720
720
  $obf2 = /\%([^:\n\r\%]+(\%\%)?)+\%/
721
+ $power1 = /(^|\n|@|&)\^?p(\^|%.+%)?o(\^|%.+%)?w(\^|%.+%)?e(\^|%.+%)?r(\^|%.+%)?s(\^|%.+%)?h(\^|%.+%)?e(\^|%.+%)?l(\^|%.+%)?l(\^|%.+%)?(\.(\^|%.+%)?e(\^|%.+%)?x(\^|%.+%)?e(\^|%.+%)?)?.+(-c|-command)(\^|%.+%)?[ \t]/i
721
722
  // powershell does not need to be followed with -c or -command for it to be considered batch
722
- $power = /(^|\n|@|&|\b)\^?p(\^|%.+%)?o(\^|%.+%)?w(\^|%.+%)?e(\^|%.+%)?r(\^|%.+%)?s(\^|%.+%)?h(\^|%.+%)?e(\^|%.+%)?l(\^|%.+%)?l(\^|%.+%)?(\.(\^|%.+%)?e(\^|%.+%)?x(\^|%.+%)?e(\^|%.+%)?)?.+(-c|-command)?(\^|%.+%)?[ \t]/i
723
+ $power2 = /(^|\n|@|&|\b)\^?p(\^|%.+%)?o(\^|%.+%)?w(\^|%.+%)?e(\^|%.+%)?r(\^|%.+%)?s(\^|%.+%)?h(\^|%.+%)?e(\^|%.+%)?l(\^|%.+%)?l(\^|%.+%)?(\.(\^|%.+%)?e(\^|%.+%)?x(\^|%.+%)?e(\^|%.+%)?)?.+(-c|-command)?(\^|%.+%)?[ \t]/i
723
724
  $cmd1 = /(^|\n|@|&)(echo|netsh|goto|pkgmgr|del|netstat|timeout|taskkill|vssadmin|tasklist|schtasks)[ \t][\/]?\w+/i
724
725
  $cmd2 = /(^|\n|@|&)net[ \t]+(share|stop|start|accounts|computer|config|continue|file|group|localgroup|pause|session|statistics|time|use|user|view)/i
725
726
  $cmd3 = /(^|\n|@|&)reg[ \t]+(delete|query|add|copy|save|load|unload|restore|compare|export|import|flags)[ \t]+/i
@@ -733,7 +734,8 @@ rule code_batch {
733
734
  condition:
734
735
  (mime startswith "text" or $bom at 0)
735
736
  and (for 1 of ($obf1) :( # > 3 )
736
- or ($power and 1 of ($cmd*))
737
+ or $power1
738
+ or ($power2 and 1 of ($cmd*))
737
739
  or for 1 of ($cmd*) :( # > 3 )
738
740
  or $exp
739
741
  or (2 of ($cmd*)
{assemblyline-4.3.2.dev35 → assemblyline-4.3.2.dev36/assemblyline.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline
3
- Version: 4.3.2.dev35
3
+ Version: 4.3.2.dev36
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.3.2.dev35/assemblyline/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.3.2.dev35