assemblyline 4.4.1.dev271__tar.gz → 4.4.1.dev273__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (167) hide show
  1. {assemblyline-4.4.1.dev271/assemblyline.egg-info → assemblyline-4.4.1.dev273}/PKG-INFO +1 -1
  2. assemblyline-4.4.1.dev273/assemblyline/VERSION +1 -0
  3. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/custom.yara +35 -0
  4. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273/assemblyline.egg-info}/PKG-INFO +1 -1
  5. assemblyline-4.4.1.dev271/assemblyline/VERSION +0 -1
  6. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/LICENCE.md +0 -0
  7. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/MANIFEST.in +0 -0
  8. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/README.md +0 -0
  9. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/__init__.py +0 -0
  10. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/cachestore/__init__.py +0 -0
  11. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/__init__.py +0 -0
  12. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/archiving.py +0 -0
  13. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/attack_map.py +0 -0
  14. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/backupmanager.py +0 -0
  15. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/banner.py +0 -0
  16. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/bundling.py +0 -0
  17. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/caching.py +0 -0
  18. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/chunk.py +0 -0
  19. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/classification.py +0 -0
  20. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/classification.yml +0 -0
  21. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/cleanup_filestore.py +0 -0
  22. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/codec.py +0 -0
  23. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/comms.py +0 -0
  24. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/constants.py +0 -0
  25. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/custom.magic +0 -0
  26. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/dict_utils.py +0 -0
  27. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/digests.py +0 -0
  28. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/entropy.py +0 -0
  29. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/exceptions.py +0 -0
  30. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/file.py +0 -0
  31. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/forge.py +0 -0
  32. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/frequency.c +0 -0
  33. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/frequency.pyx +0 -0
  34. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/heuristics.py +0 -0
  35. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/hexdump.py +0 -0
  36. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/identify.py +0 -0
  37. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/identify_defaults.py +0 -0
  38. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/importing.py +0 -0
  39. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/iprange.py +0 -0
  40. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/isotime.py +0 -0
  41. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/log.py +0 -0
  42. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/logformat.py +0 -0
  43. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/lucene.lark +0 -0
  44. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/memory_zip.py +0 -0
  45. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/metrics.py +0 -0
  46. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/net.py +0 -0
  47. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/net_static.py +0 -0
  48. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/null.py +0 -0
  49. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/path.py +0 -0
  50. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/postprocess.py +0 -0
  51. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/random_user.py +0 -0
  52. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/security.py +0 -0
  53. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/signaturing.py +0 -0
  54. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/str_utils.py +0 -0
  55. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/tag_safelist.yml +0 -0
  56. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/tagging.py +0 -0
  57. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/uid.py +0 -0
  58. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/version.py +0 -0
  59. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datasource/__init__.py +0 -0
  60. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datasource/al.py +0 -0
  61. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datasource/alert.py +0 -0
  62. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datasource/common.py +0 -0
  63. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/__init__.py +0 -0
  64. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/bulk.py +0 -0
  65. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/collection.py +0 -0
  66. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/exceptions.py +0 -0
  67. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/helper.py +0 -0
  68. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/store.py +0 -0
  69. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/support/__init__.py +0 -0
  70. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/support/build.py +0 -0
  71. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/datastore/support/schemas.py +0 -0
  72. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/__init__.py +0 -0
  73. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/__init__.py +0 -0
  74. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/azure.py +0 -0
  75. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/base.py +0 -0
  76. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/ftp.py +0 -0
  77. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/http.py +0 -0
  78. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/local.py +0 -0
  79. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/s3.py +0 -0
  80. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/filestore/transport/sftp.py +0 -0
  81. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/__init__.py +0 -0
  82. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/base.py +0 -0
  83. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/common.py +0 -0
  84. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/__init__.py +0 -0
  85. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/alert.py +0 -0
  86. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/alerter_heartbeat.py +0 -0
  87. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/archive_heartbeat.py +0 -0
  88. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/changes.py +0 -0
  89. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/dispatcher_heartbeat.py +0 -0
  90. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/dispatching.py +0 -0
  91. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/expiry_heartbeat.py +0 -0
  92. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/ingest_heartbeat.py +0 -0
  93. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/metrics.py +0 -0
  94. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/scaler_heartbeat.py +0 -0
  95. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/scaler_status_heartbeat.py +0 -0
  96. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/service_heartbeat.py +0 -0
  97. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/service_timing_heartbeat.py +0 -0
  98. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/submission.py +0 -0
  99. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/task.py +0 -0
  100. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/messages/vacuum_heartbeat.py +0 -0
  101. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/__init__.py +0 -0
  102. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/actions.py +0 -0
  103. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/alert.py +0 -0
  104. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/cached_file.py +0 -0
  105. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/config.py +0 -0
  106. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/emptyresult.py +0 -0
  107. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/error.py +0 -0
  108. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/file.py +0 -0
  109. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/filescore.py +0 -0
  110. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/heuristic.py +0 -0
  111. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/__init__.py +0 -0
  112. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/filetypes/__init__.py +0 -0
  113. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/filetypes/pe.py +0 -0
  114. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/ontology.py +0 -0
  115. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/__init__.py +0 -0
  116. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/antivirus.py +0 -0
  117. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/malware_config.py +0 -0
  118. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/network.py +0 -0
  119. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/process.py +0 -0
  120. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/sandbox.py +0 -0
  121. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/ontology/results/signature.py +0 -0
  122. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/replay.py +0 -0
  123. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/result.py +0 -0
  124. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/retrohunt.py +0 -0
  125. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/safelist.py +0 -0
  126. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/service.py +0 -0
  127. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/service_delta.py +0 -0
  128. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/signature.py +0 -0
  129. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/statistics.py +0 -0
  130. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/submission.py +0 -0
  131. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/submission_summary.py +0 -0
  132. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/submission_tree.py +0 -0
  133. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/tagging.py +0 -0
  134. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/user.py +0 -0
  135. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/user_favorites.py +0 -0
  136. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/user_settings.py +0 -0
  137. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/models/workflow.py +0 -0
  138. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/random_data/__init__.py +0 -0
  139. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/random_data/create_test_data.py +0 -0
  140. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/random_data/sample_rules.yar +0 -0
  141. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/random_data/sample_suricata.rules +0 -0
  142. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/odm/randomizer.py +0 -0
  143. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/__init__.py +0 -0
  144. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/__init__.py +0 -0
  145. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/counters.py +0 -0
  146. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/events.py +0 -0
  147. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/exporting_counter.py +0 -0
  148. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/hash.py +0 -0
  149. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/lock.py +0 -0
  150. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/queues/__init__.py +0 -0
  151. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/queues/comms.py +0 -0
  152. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/queues/multi.py +0 -0
  153. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/queues/named.py +0 -0
  154. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/queues/priority.py +0 -0
  155. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/set.py +0 -0
  156. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/remote/datatypes/user_quota_tracker.py +0 -0
  157. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/run/__init__.py +0 -0
  158. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/run/cli.py +0 -0
  159. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/run/pubsub_reader.py +0 -0
  160. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/run/suricata_importer.py +0 -0
  161. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/run/yara_importer.py +0 -0
  162. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline.egg-info/SOURCES.txt +0 -0
  163. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline.egg-info/dependency_links.txt +0 -0
  164. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline.egg-info/requires.txt +0 -0
  165. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline.egg-info/top_level.txt +0 -0
  166. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/setup.cfg +0 -0
  167. {assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/setup.py +0 -0
{assemblyline-4.4.1.dev271/assemblyline.egg-info → assemblyline-4.4.1.dev273}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline
3
- Version: 4.4.1.dev271
3
+ Version: 4.4.1.dev273
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.4.1.dev273/assemblyline/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.4.1.dev273
{assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273}/assemblyline/common/custom.yara RENAMED
@@ -1079,3 +1079,38 @@ rule code_a3x {
1079
1079
  condition:
1080
1080
  uint16(0) != 0x5A4D and any of them
1081
1081
  }
1082
+
1083
+ /*
1084
+ code/au3
1085
+ */
1086
+
1087
+ rule code_au3 {
1088
+
1089
+ meta:
1090
+ type = "code/au3"
1091
+ score = 2
1092
+
1093
+ strings:
1094
+ // Keywords: https://www.autoitscript.com/autoit3/docs/keywords.htm
1095
+ $strong_keywords = /(ExitLoop|EndFunc|#comments-start|#include-once|#NoTrayIcon|#OnAutoItStartRegister|#pragma|#RequireAdmin|EndWith|EndSwitch)\b/i ascii wide
1096
+
1097
+ // Macros: https://www.autoitscript.com/autoit3/docs/macros.htm
1098
+ // 5525cb089669d927874e4b21803cc5186e0e6acfee923990a4cf9c6289bfa4d8 only has one macro, so we should not rely on macros
1099
+
1100
+ // Functions: https://www.autoitscript.com/autoit3/docs/functions/
1101
+ $strong_functions = /(WinExists|DllCall|DllStructSetData|DllStructGetSize|DllStructGetData|DllStructCreate|DllStructGetPtr|DllCallbackGetPtr|DllCallAddress|StringInStr|StringLeft|StringStripWS|DllCallbackRegister|AdlibRegister|AdlibUnRegister|AutoItSetOption|AutoItWinGetTitle|AutoItWinSetTitle|DllCallbackFree|GUISetStateHttpSetUserAgent|IniReadSection|IniReadSectionNames|IniRenameSection|IniWriteSection|MouseClickDrag|MouseGetCursor|ObjCreateInterface|OnAutoItExitRegister|OnAutoItExitUnRegister|PixelChecksum|PixelGetColor|ProcessExists|ProcessGetStats|ProcessSetPriority|ProcessWaitClose|SendKeepActive|ShellExecuteWait|SoundSetWaveVolume|SplashImageOn|StatusbarGetText|StringCompare|StringFromASCIIArray|TCPCloseSocket|UDPCloseSocket|WinGetCaretPos|WinGetClassList|WinGetClientSize|WinGetProcess|WinMenuSelectItem|WinMinimizeAll|WinMinimizeAllUndo|WinWaitActive|WinWaitNotActive|GUICreate|GUICtl[a-zA-Z]{1,20}|GUISetState)\b/i ascii wide
1102
+
1103
+ $weak_functions = /(IsBinary|IsString|Execute|IsBool|StringMid|StringLen|FileExists)\b/i ascii wide
1104
+
1105
+ condition:
1106
+ // First off, we want at least one strong keyword
1107
+ #strong_keywords >= 1 and (
1108
+ // Next we are looking for a high-confidence amount of functions
1109
+ // If we have 5 or more strong functions, great
1110
+ #strong_functions >= 5 or (
1111
+ // If we have at least 10 functions, whether they are strong or weak, that's good too, but we need at
1112
+ // least 2 strong functions before we can be confident
1113
+ (#strong_functions + #weak_functions) >= 10 and #strong_functions >= 2
1114
+ )
1115
+ )
1116
+ }
{assemblyline-4.4.1.dev271 → assemblyline-4.4.1.dev273/assemblyline.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline
3
- Version: 4.4.1.dev271
3
+ Version: 4.4.1.dev273
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.4.1.dev271/assemblyline/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.4.1.dev271