assemblyline 4.3.2.dev38__tar.gz → 4.3.2.dev40__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. {assemblyline-4.3.2.dev38/assemblyline.egg-info → assemblyline-4.3.2.dev40}/PKG-INFO +1 -1
  2. assemblyline-4.3.2.dev40/assemblyline/VERSION +1 -0
  3. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/custom.yara +7 -5
  4. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40/assemblyline.egg-info}/PKG-INFO +1 -1
  5. assemblyline-4.3.2.dev38/assemblyline/VERSION +0 -1
  6. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/LICENCE.md +0 -0
  7. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/MANIFEST.in +0 -0
  8. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/README.md +0 -0
  9. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/__init__.py +0 -0
  10. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/cachestore/__init__.py +0 -0
  11. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/__init__.py +0 -0
  12. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/archiving.py +0 -0
  13. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/attack_map.py +0 -0
  14. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/backupmanager.py +0 -0
  15. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/banner.py +0 -0
  16. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/bundling.py +0 -0
  17. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/caching.py +0 -0
  18. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/chunk.py +0 -0
  19. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/classification.py +0 -0
  20. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/classification.yml +0 -0
  21. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/cleanup_filestore.py +0 -0
  22. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/codec.py +0 -0
  23. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/comms.py +0 -0
  24. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/constants.py +0 -0
  25. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/custom.magic +0 -0
  26. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/dict_utils.py +0 -0
  27. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/digests.py +0 -0
  28. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/entropy.py +0 -0
  29. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/exceptions.py +0 -0
  30. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/forge.py +0 -0
  31. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/frequency.c +0 -0
  32. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/frequency.pyx +0 -0
  33. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/heuristics.py +0 -0
  34. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/hexdump.py +0 -0
  35. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/identify.py +0 -0
  36. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/identify_defaults.py +0 -0
  37. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/importing.py +0 -0
  38. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/iprange.py +0 -0
  39. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/isotime.py +0 -0
  40. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/log.py +0 -0
  41. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/logformat.py +0 -0
  42. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/lucene.lark +0 -0
  43. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/memory_zip.py +0 -0
  44. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/metrics.py +0 -0
  45. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/net.py +0 -0
  46. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/net_static.py +0 -0
  47. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/null.py +0 -0
  48. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/path.py +0 -0
  49. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/postprocess.py +0 -0
  50. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/random_user.py +0 -0
  51. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/security.py +0 -0
  52. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/signaturing.py +0 -0
  53. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/str_utils.py +0 -0
  54. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/tag_safelist.yml +0 -0
  55. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/tagging.py +0 -0
  56. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/uid.py +0 -0
  57. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/version.py +0 -0
  58. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datasource/__init__.py +0 -0
  59. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datasource/al.py +0 -0
  60. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datasource/alert.py +0 -0
  61. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datasource/common.py +0 -0
  62. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/__init__.py +0 -0
  63. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/bulk.py +0 -0
  64. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/collection.py +0 -0
  65. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/exceptions.py +0 -0
  66. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/helper.py +0 -0
  67. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/store.py +0 -0
  68. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/support/__init__.py +0 -0
  69. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/support/build.py +0 -0
  70. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/datastore/support/schemas.py +0 -0
  71. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/__init__.py +0 -0
  72. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/__init__.py +0 -0
  73. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/azure.py +0 -0
  74. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/base.py +0 -0
  75. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/ftp.py +0 -0
  76. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/http.py +0 -0
  77. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/local.py +0 -0
  78. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/s3.py +0 -0
  79. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/filestore/transport/sftp.py +0 -0
  80. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/__init__.py +0 -0
  81. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/base.py +0 -0
  82. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/common.py +0 -0
  83. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/__init__.py +0 -0
  84. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/alert.py +0 -0
  85. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/alerter_heartbeat.py +0 -0
  86. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/archive_heartbeat.py +0 -0
  87. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/changes.py +0 -0
  88. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/dispatcher_heartbeat.py +0 -0
  89. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/dispatching.py +0 -0
  90. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/expiry_heartbeat.py +0 -0
  91. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/ingest_heartbeat.py +0 -0
  92. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/metrics.py +0 -0
  93. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/scaler_heartbeat.py +0 -0
  94. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/scaler_status_heartbeat.py +0 -0
  95. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/service_heartbeat.py +0 -0
  96. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/service_timing_heartbeat.py +0 -0
  97. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/submission.py +0 -0
  98. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/task.py +0 -0
  99. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/messages/vacuum_heartbeat.py +0 -0
  100. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/__init__.py +0 -0
  101. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/actions.py +0 -0
  102. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/alert.py +0 -0
  103. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/cached_file.py +0 -0
  104. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/config.py +0 -0
  105. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/emptyresult.py +0 -0
  106. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/error.py +0 -0
  107. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/file.py +0 -0
  108. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/filescore.py +0 -0
  109. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/heuristic.py +0 -0
  110. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/__init__.py +0 -0
  111. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/filetypes/__init__.py +0 -0
  112. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/filetypes/pe.py +0 -0
  113. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/ontology.py +0 -0
  114. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/__init__.py +0 -0
  115. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/antivirus.py +0 -0
  116. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/malware_config.py +0 -0
  117. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/network.py +0 -0
  118. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/process.py +0 -0
  119. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/sandbox.py +0 -0
  120. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/ontology/results/signature.py +0 -0
  121. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/replay.py +0 -0
  122. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/result.py +0 -0
  123. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/safelist.py +0 -0
  124. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/service.py +0 -0
  125. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/service_delta.py +0 -0
  126. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/signature.py +0 -0
  127. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/statistics.py +0 -0
  128. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/submission.py +0 -0
  129. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/submission_summary.py +0 -0
  130. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/submission_tree.py +0 -0
  131. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/tagging.py +0 -0
  132. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/user.py +0 -0
  133. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/user_favorites.py +0 -0
  134. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/user_settings.py +0 -0
  135. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/models/workflow.py +0 -0
  136. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/random_data/__init__.py +0 -0
  137. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/random_data/create_test_data.py +0 -0
  138. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/random_data/sample_rules.yar +0 -0
  139. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/random_data/sample_suricata.rules +0 -0
  140. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/odm/randomizer.py +0 -0
  141. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/__init__.py +0 -0
  142. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/__init__.py +0 -0
  143. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/counters.py +0 -0
  144. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/events.py +0 -0
  145. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/exporting_counter.py +0 -0
  146. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/hash.py +0 -0
  147. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/lock.py +0 -0
  148. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/queues/__init__.py +0 -0
  149. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/queues/comms.py +0 -0
  150. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/queues/multi.py +0 -0
  151. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/queues/named.py +0 -0
  152. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/queues/priority.py +0 -0
  153. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/set.py +0 -0
  154. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/remote/datatypes/user_quota_tracker.py +0 -0
  155. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/run/__init__.py +0 -0
  156. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/run/cli.py +0 -0
  157. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/run/pubsub_reader.py +0 -0
  158. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/run/suricata_importer.py +0 -0
  159. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/run/yara_importer.py +0 -0
  160. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline.egg-info/SOURCES.txt +0 -0
  161. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline.egg-info/dependency_links.txt +0 -0
  162. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline.egg-info/requires.txt +0 -0
  163. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline.egg-info/top_level.txt +0 -0
  164. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/setup.cfg +0 -0
  165. {assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/setup.py +0 -0
{assemblyline-4.3.2.dev38/assemblyline.egg-info → assemblyline-4.3.2.dev40}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline
3
- Version: 4.3.2.dev38
3
+ Version: 4.3.2.dev40
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.3.2.dev40/assemblyline/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.3.2.dev40
{assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40}/assemblyline/common/custom.yara RENAMED
@@ -5,6 +5,7 @@ code/javascript
5
5
  rule code_javascript {
6
6
  meta:
7
7
  type = "code/javascript"
8
+ score = 1
8
9
 
9
10
  strings:
10
11
  $not_html = /^\s*<\w/
@@ -439,10 +440,11 @@ rule code_ps1 {
439
440
 
440
441
  meta:
441
442
  type = "code/ps1"
443
+ score = 1
442
444
 
443
445
  strings:
444
- $ = /(Add-MpPreference|IWR|Start-BitsTransfer|Get-ExecutionPolicy|Get-Service|Where-Object|ConvertTo-HTML|Select-Object|Get-Process|Clear-History|ForEach-Object|Clear-Content|Compare-Object|New-ItemProperty|New-Object|New-WebServiceProxy|Set-Alias|Wait-Job|Get-Counter|Test-Path|Get-WinEvent|Start-Sleep|Set-Location|Get-ChildItem|Rename-Item|Stop-Process|Add-Type|Out-String|Write-Error|Invoke-(Expression|WebRequest))/i ascii wide
445
- $ = /(-ExclusionPath|-memberDefinition|-Name|-namespace|-passthru|-command|-TypeName|-join|-split|-sou|-dest|-property|-OutFile|-ExecutionPolicy Bypass|-uri)/i ascii wide
446
+ $ = /(IWR|Add-(MpPreference|Type)|Start-(BitsTransfer|Sleep)|Get-(ExecutionPolicy|Service|Process|Counter|WinEvent|ChildItem|Variable|Item)|Where-Object|ConvertTo-HTML|Select-Object|Clear-(History|Content)|ForEach-Object|Compare-Object|New-(ItemProperty|Object|WebServiceProxy)|Set-(Alias|Location|Item)|Wait-Job|Test-Path|Rename-Item|Stop-Process|Out-String|Write-Error|Invoke-(Expression|WebRequest))/i ascii wide
447
+ $ = /(-ExclusionPath|-memberDefinition|-Name|-namespace|-passthru|-command|-TypeName|-join|-split|-sou|-dest|-property|-OutFile|-ExecutionPolicy Bypass|-uri|-AllowStartIfOnBatteries|-MultipleInstances|-TaskName|-Trigger)/i ascii wide
446
448
  $ = /(\.Get(String|Field|Type|Method)|FromBase64String)\(/i ascii wide
447
449
  $ = /(System\.Net\.WebClient)/i ascii wide
448
450
  $ = /(Net\.ServicePointManager)/ ascii wide
@@ -712,7 +714,7 @@ rule code_batch {
712
714
 
713
715
  meta:
714
716
  type = "code/batch"
715
- score = 1
717
+ score = 2
716
718
 
717
719
  strings:
718
720
  $obf1 = /%[^:\n\r%]+:~[ \t]*[\-+]?\d{1,3},[ \t]*[\-+]?\d{1,3}%/
@@ -724,7 +726,7 @@ rule code_batch {
724
726
  $cmd1 = /(^|\n|@|&)(echo|netsh|goto|pkgmgr|del|netstat|timeout|taskkill|vssadmin|tasklist|schtasks)[ \t][\/]?\w+/i
725
727
  $cmd2 = /(^|\n|@|&)net[ \t]+(share|stop|start|accounts|computer|config|continue|file|group|localgroup|pause|session|statistics|time|use|user|view)/i
726
728
  $cmd3 = /(^|\n|@|&)reg[ \t]+(delete|query|add|copy|save|load|unload|restore|compare|export|import|flags)[ \t]+/i
727
- $cmd4 = /(^|\n|@|&)start[ \t]+(\/(min|b|wait|belownormal|abovenormal|realtime|high|normal|low|shared|seperate|max|i)[ \t]+|"\w*"[ \t]+)*["']?([A-Z]:)?([\\|\/]?[\w.]+)+['"]?/i
729
+ $cmd4 = /(^|\n|@|&)start[ \t]+(\/(min|b|wait|belownormal|abovenormal|realtime|high|normal|low|shared|seperate|max|i)[ \t]+|"\w*"[ \t]+)+["']?([A-Z]:)?([\\|\/]?[\w.]+)+['"]?/i
728
730
  $cmd5 = /(^|\n)exit\s*$/i
729
731
  $rem = /(^|\n|@|&)\^?r\^?e\^?m\^?[ \t]\w+/i
730
732
  $set = /(^|\n|@|&)\^?s\^?e\^?t\^?[ \t]\^?\w+\^?=\^?\w+/i
@@ -952,7 +954,7 @@ rule archive_xxe {
952
954
 
953
955
  meta:
954
956
  type = "archive/xxe"
955
- score = 1
957
+ score = 2
956
958
 
957
959
  strings:
958
960
  $header = "XXEncode 0.0 (PowerArchiver 2009: www.powerarchiver.com)"
{assemblyline-4.3.2.dev38 → assemblyline-4.3.2.dev40/assemblyline.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline
3
- Version: 4.3.2.dev38
3
+ Version: 4.3.2.dev40
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.3.2.dev38/assemblyline/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.3.2.dev38