assemblyline 4.7.3.dev13__tar.gz → 4.7.3.dev15__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (178) hide show
  1. {assemblyline-4.7.3.dev13/assemblyline.egg-info → assemblyline-4.7.3.dev15}/PKG-INFO +1 -1
  2. assemblyline-4.7.3.dev15/assemblyline/VERSION +1 -0
  3. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/helper.py +10 -6
  4. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/base.py +1 -1
  5. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/malware_config.py +71 -3
  6. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15/assemblyline.egg-info}/PKG-INFO +1 -1
  7. assemblyline-4.7.3.dev13/assemblyline/VERSION +0 -1
  8. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/LICENCE.md +0 -0
  9. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/MANIFEST.in +0 -0
  10. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/README.md +0 -0
  11. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/__init__.py +0 -0
  12. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/cachestore/__init__.py +0 -0
  13. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/__init__.py +0 -0
  14. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/archiving.py +0 -0
  15. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/attack_map.py +0 -0
  16. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/backupmanager.py +0 -0
  17. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/banner.py +0 -0
  18. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/bundling.py +0 -0
  19. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/caching.py +0 -0
  20. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/chunk.py +0 -0
  21. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/classification.py +0 -0
  22. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/classification.yml +0 -0
  23. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/cleanup_filestore.py +0 -0
  24. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/codec.py +0 -0
  25. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/comms.py +0 -0
  26. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/constants.py +0 -0
  27. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/custom.magic +0 -0
  28. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/custom.yara +0 -0
  29. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/dict_utils.py +0 -0
  30. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/digests.py +0 -0
  31. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/dispatcher.py +0 -0
  32. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/entropy.py +0 -0
  33. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/exceptions.py +0 -0
  34. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/file.py +0 -0
  35. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/forge.py +0 -0
  36. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/heuristics.py +0 -0
  37. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/hexdump.py +0 -0
  38. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/identify.py +0 -0
  39. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/identify_defaults.py +0 -0
  40. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/importing.py +0 -0
  41. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/iprange.py +0 -0
  42. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/isotime.py +0 -0
  43. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/log.py +0 -0
  44. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/logformat.py +0 -0
  45. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/lucene.lark +0 -0
  46. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/memory_zip.py +0 -0
  47. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/metrics.py +0 -0
  48. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/net.py +0 -0
  49. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/net_static.py +0 -0
  50. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/null.py +0 -0
  51. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/path.py +0 -0
  52. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/postprocess.py +0 -0
  53. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/random_user.py +0 -0
  54. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/security.py +0 -0
  55. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/signaturing.py +0 -0
  56. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/str_utils.py +0 -0
  57. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/tag_safelist.yml +0 -0
  58. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/tagging.py +0 -0
  59. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/threading.py +0 -0
  60. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/uid.py +0 -0
  61. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/common/version.py +0 -0
  62. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datasource/__init__.py +0 -0
  63. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datasource/al.py +0 -0
  64. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datasource/alert.py +0 -0
  65. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datasource/common.py +0 -0
  66. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/__init__.py +0 -0
  67. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/bulk.py +0 -0
  68. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/collection.py +0 -0
  69. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/exceptions.py +0 -0
  70. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/store.py +0 -0
  71. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/support/__init__.py +0 -0
  72. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/support/build.py +0 -0
  73. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/support/schemas.py +0 -0
  74. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/__init__.py +0 -0
  75. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/__init__.py +0 -0
  76. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/azure.py +0 -0
  77. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/base.py +0 -0
  78. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/ftp.py +0 -0
  79. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/http.py +0 -0
  80. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/local.py +0 -0
  81. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/s3.py +0 -0
  82. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/filestore/transport/sftp.py +0 -0
  83. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/__init__.py +0 -0
  84. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/common.py +0 -0
  85. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/__init__.py +0 -0
  86. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/alert.py +0 -0
  87. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/alerter_heartbeat.py +0 -0
  88. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/archive_heartbeat.py +0 -0
  89. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/changes.py +0 -0
  90. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/dispatcher_heartbeat.py +0 -0
  91. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/dispatching.py +0 -0
  92. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/elastic_heartbeat.py +0 -0
  93. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/expiry_heartbeat.py +0 -0
  94. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/ingest_heartbeat.py +0 -0
  95. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/metrics.py +0 -0
  96. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/retrohunt_heartbeat.py +0 -0
  97. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/scaler_heartbeat.py +0 -0
  98. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/scaler_status_heartbeat.py +0 -0
  99. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/service_heartbeat.py +0 -0
  100. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/service_timing_heartbeat.py +0 -0
  101. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/submission.py +0 -0
  102. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/task.py +0 -0
  103. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/messages/vacuum_heartbeat.py +0 -0
  104. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/__init__.py +0 -0
  105. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/actions.py +0 -0
  106. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/alert.py +0 -0
  107. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/apikey.py +0 -0
  108. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/badlist.py +0 -0
  109. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/cached_file.py +0 -0
  110. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/config.py +0 -0
  111. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/emptyresult.py +0 -0
  112. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/error.py +0 -0
  113. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/file.py +0 -0
  114. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/filescore.py +0 -0
  115. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/heuristic.py +0 -0
  116. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/__init__.py +0 -0
  117. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/file.py +0 -0
  118. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/filetypes/__init__.py +0 -0
  119. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/filetypes/pe.py +0 -0
  120. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/ontology.py +0 -0
  121. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/__init__.py +0 -0
  122. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/antivirus.py +0 -0
  123. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/http.py +0 -0
  124. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/network.py +0 -0
  125. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/process.py +0 -0
  126. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/sandbox.py +0 -0
  127. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/signature.py +0 -0
  128. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/replay.py +0 -0
  129. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/result.py +0 -0
  130. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/retrohunt.py +0 -0
  131. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/safelist.py +0 -0
  132. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/service.py +0 -0
  133. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/service_delta.py +0 -0
  134. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/signature.py +0 -0
  135. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/statistics.py +0 -0
  136. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/submission.py +0 -0
  137. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/submission_summary.py +0 -0
  138. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/submission_tree.py +0 -0
  139. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/tagging.py +0 -0
  140. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/user.py +0 -0
  141. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/user_favorites.py +0 -0
  142. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/user_settings.py +0 -0
  143. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/workflow.py +0 -0
  144. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/random_data/__init__.py +0 -0
  145. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/random_data/create_test_data.py +0 -0
  146. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/random_data/sample_rules.yar +0 -0
  147. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/random_data/sample_suricata.rules +0 -0
  148. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/randomizer.py +0 -0
  149. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/py.typed +0 -0
  150. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/__init__.py +0 -0
  151. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/__init__.py +0 -0
  152. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/cache.py +0 -0
  153. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/counters.py +0 -0
  154. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/daily_quota_tracker.py +0 -0
  155. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/events.py +0 -0
  156. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/exporting_counter.py +0 -0
  157. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/hash.py +0 -0
  158. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/lock.py +0 -0
  159. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/queues/__init__.py +0 -0
  160. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/queues/comms.py +0 -0
  161. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/queues/multi.py +0 -0
  162. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/queues/named.py +0 -0
  163. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/queues/priority.py +0 -0
  164. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/set.py +0 -0
  165. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/remote/datatypes/user_quota_tracker.py +0 -0
  166. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/run/__init__.py +0 -0
  167. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/run/cli.py +0 -0
  168. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/run/pubsub_reader.py +0 -0
  169. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/run/suricata_importer.py +0 -0
  170. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/run/yara_importer.py +0 -0
  171. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline.egg-info/SOURCES.txt +0 -0
  172. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline.egg-info/dependency_links.txt +0 -0
  173. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline.egg-info/entry_points.txt +0 -0
  174. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline.egg-info/requires.txt +0 -0
  175. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline.egg-info/top_level.txt +0 -0
  176. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/pyproject.toml +0 -0
  177. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/setup.cfg +0 -0
  178. {assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/setup.py +0 -0
{assemblyline-4.7.3.dev13/assemblyline.egg-info → assemblyline-4.7.3.dev15}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: assemblyline
3
- Version: 4.7.3.dev13
3
+ Version: 4.7.3.dev15
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.7.3.dev15/assemblyline/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.7.3.dev15
{assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/datastore/helper.py RENAMED
@@ -598,7 +598,7 @@ class AssemblylineDatastore(object):
598
598
 
599
599
  @elasticapm.capture_span(span_type='datastore')
600
600
  def get_or_create_file_tree(self, submission, max_depth, cl_engine=forge.get_classification(),
601
- user_classification=None):
601
+ user_classification=None, get_full_tree: bool = False):
602
602
  # Generate cache key
603
603
  if user_classification is not None:
604
604
  user_classification = cl_engine.normalize_classification(user_classification, long_format=False)
@@ -616,8 +616,12 @@ class AssemblylineDatastore(object):
616
616
  num_files = len(list({x[:64] for x in submission['results']}))
617
617
  max_score = submission['max_score']
618
618
 
619
- # Load / Validate cache tree if exist
620
- cached_tree = self.submission_tree.get_if_exists(cache_key, as_obj=False)
619
+ # bypass cache if the full tree is requested as the cache may hold a non-full version
620
+ if get_full_tree:
621
+ cached_tree = None
622
+ else:
623
+ # Load / Validate cache tree if exist
624
+ cached_tree = self.submission_tree.get_if_exists(cache_key, as_obj=False)
621
625
  if cached_tree:
622
626
  tree = json.loads(cached_tree['tree'])
623
627
  if self._is_valid_tree(tree, num_files, max_score):
@@ -704,8 +708,8 @@ class AssemblylineDatastore(object):
704
708
  file_sha256 = current_file['sha256']
705
709
  file_name = current_file['name']
706
710
 
707
- # Check if the file not already in the tree and if its allowed to be processed
708
- if file_sha256 not in tree_branch \
711
+ # Check if the file not already in the tree (unless full tree is requested) and if its allowed to be processed
712
+ if (get_full_tree or file_sha256 not in tree_branch) \
709
713
  and file_sha256 not in forbidden_files \
710
714
  and file_sha256 not in missing_files:
711
715
 
@@ -726,7 +730,7 @@ class AssemblylineDatastore(object):
726
730
  # Process each children of the file
727
731
  for new_child in files.get(file_sha256, []):
728
732
  # Check if the file has already been processed elsewhere in the tree
729
- if new_child['sha256'] in tree_cache:
733
+ if not get_full_tree and new_child['sha256'] in tree_cache:
730
734
  truncated = True
731
735
  else:
732
736
  # Process file children
{assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/base.py RENAMED
@@ -78,7 +78,7 @@ SHA256_REGEX = r"^[a-f0-9]{64}$"
78
78
  MAC_REGEX = r"^(?:(?:[0-9a-f]{2}-){5}[0-9a-f]{2}|(?:[0-9a-f]{2}:){5}[0-9a-f]{2})$"
79
79
  URI_PATH = r"([/?#]\S*)"
80
80
  # Used for finding URIs in a blob
81
- URI_REGEX = f"((?:(?:[A-Za-z][A-Za-z0-9+.-]*:)//)(?:[^/?#\\s]+@)?({IP_REGEX}|{DOMAIN_REGEX})(?::\\d{{1,5}})?" \
81
+ URI_REGEX = f"((?:(?:[A-Za-z][A-Za-z0-9+.-]*:)//)(?:[^/?#\\s]*@)?({IP_REGEX}|{DOMAIN_REGEX})(?::\\d{{1,5}})?" \
82
82
  f"{URI_PATH}?)"
83
83
  # Used for direct matching
84
84
  FULL_URI = f"^{URI_REGEX}$"
{assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15}/assemblyline/odm/models/ontology/results/malware_config.py RENAMED
@@ -1,6 +1,9 @@
1
1
  from assemblyline import odm
2
2
  from assemblyline.common.attack_map import attack_map
3
- from assemblyline.odm.models.ontology.results.network import REQUEST_METHODS, LOOKUP_TYPES
3
+ from assemblyline.odm.models.ontology.results.network import (
4
+ LOOKUP_TYPES,
5
+ REQUEST_METHODS,
6
+ )
4
7
 
5
8
  # Based on model in MaCo framework
6
9
  CATEGORIES = ["adware", "apt", "backdoor", "banker", "bootkit", "bot", "browser_hijacker", "bruteforcer",
@@ -8,7 +11,7 @@ CATEGORIES = ["adware", "apt", "backdoor", "banker", "bootkit", "bot", "browser_
8
11
  "infostealer", "keylogger", "loader", "obfuscator", "pos", "proxy", "rat", "ransomware",
9
12
  "reverse_proxy", "rootkit", "scanner", "scareware", "spammer", "trojan", "virus", "wiper",
10
13
  "webshell", "worm"]
11
- CONNECTION_USAGE = ["c2", "upload", "download", "propagate", "tunnel", "other", "ransom", "decoy"]
14
+ CONNECTION_USAGE = ["c2", "upload", "download", "propagate", "tunnel", "other", "ransom", "decoy", "dead_drop_resolver"]
12
15
 
13
16
 
14
17
  @odm.model(description="Encryption details")
@@ -21,6 +24,8 @@ class Encryption(odm.Model):
21
24
  iv = odm.Optional(odm.Text(), description="Initialization Vector")
22
25
  seed = odm.Optional(odm.Text(), description="Seed")
23
26
  nonce = odm.Optional(odm.Text(), description="Nonce value")
27
+ password = odm.Optional(odm.Text(), description="Password")
28
+ salt = odm.Optional(odm.Text(), description="Salt")
24
29
  constants = odm.Optional(odm.List(odm.Text()), description="Constants")
25
30
  usage = odm.Optional(odm.Enum(values=["config", "communication", "binary", "ransom", "other"]),
26
31
  description="Purpose of encryptions")
@@ -103,6 +108,15 @@ class DNS(odm.Model):
103
108
  usage = odm.Optional(odm.Enum(values=CONNECTION_USAGE), description="Purpose of DNS connection")
104
109
 
105
110
 
111
+ @odm.model(description="Usage of ICMP")
112
+ class ICMP(odm.Model):
113
+ type = odm.Optional(odm.Integer(), description="ICMP type")
114
+ code = odm.Optional(odm.Integer(), description="ICMP code")
115
+ header = odm.Optional(odm.Text(), description="Non-standard header fields")
116
+ hostname = odm.Optional(odm.Text(), description="Hostname")
117
+ usage = odm.Optional(odm.Enum(values=CONNECTION_USAGE), description="Purpose of ICMP connection")
118
+
119
+
106
120
  @odm.model(description="Usage of General TCP/UDP connection")
107
121
  class GeneralConnection(odm.Model):
108
122
  client_ip = odm.Optional(odm.IP(), description="Client IP")
@@ -125,7 +139,7 @@ class Service(odm.Model):
125
139
  class Cryptocurrency(odm.Model):
126
140
  coin = odm.Optional(odm.Text(), description="Name of coin used")
127
141
  address = odm.Optional(odm.Text(), description="Wallet address")
128
- random_amount = odm.Optional(odm.Integer(), description="Ransom amount")
142
+ ransom_amount = odm.Optional(odm.Float(), description="Ransom amount")
129
143
  usage = odm.Optional(odm.Enum(values=['ransomware', 'miner', 'other']), description="Use of cryptocurrency")
130
144
 
131
145
 
@@ -187,6 +201,58 @@ class Registry(odm.Model):
187
201
  description="Use of registry key")
188
202
 
189
203
 
204
+ SCHEDULED_TASK_USAGE = ["persistence", "defense_evasion", "privilege_escalation",
205
+ "lateral_movement", "staging_data", "other"]
206
+ SCHEDULED_TASK_OPERATIONS = ["CHANGE", "CREATE", "DELETE", "END", "QUERY", "RUN"]
207
+ SCHEDULED_TASK_SCHEDULE_TYPES = ["MINUTE", "HOURLY", "DAILY", "WEEKLY", "MONTHLY",
208
+ "ONCE", "ONSTART", "ONLOGON", "ONIDLE", "ONEVENT", "OTHER"]
209
+ SCHEDULED_TASK_RUN_AS = ["SYSTEM", "USER"]
210
+ SCHEDULED_TASK_RUN_LEVELS = ["HIGHEST", "LIMITED"]
211
+ SCHEDULED_TASK_OUTPUT_FORMATS = ["TABLE", "LIST", "CSV"]
212
+
213
+
214
+ @odm.model(description="Scheduled task usage by malware")
215
+ class ScheduledTask(odm.Model):
216
+ usage = odm.Optional(odm.Enum(values=SCHEDULED_TASK_USAGE), description="Scheduled task usage")
217
+ raw_command = odm.Optional(odm.Text(), description="Raw command used for the scheduled task")
218
+ task_type = odm.Optional(odm.Enum(values=SCHEDULED_TASK_OPERATIONS), description="Task operation type")
219
+ schedule_type = odm.Optional(odm.Enum(values=SCHEDULED_TASK_SCHEDULE_TYPES), description="Task schedule type")
220
+ task_name = odm.Optional(odm.Text(), description="Name of the scheduled task")
221
+ task_run = odm.Optional(odm.Text(), description="Program or command that the task runs")
222
+ remote_computer = odm.Optional(odm.Text(), description="Name or IP of a remote computer")
223
+ user_domain = odm.Optional(odm.Text(), description="User account domain")
224
+ user_account = odm.Optional(odm.Text(), description="User account to use when running the task")
225
+ user_password = odm.Optional(odm.Text(), description="Password for the user account")
226
+ run_as = odm.Optional(odm.Enum(values=SCHEDULED_TASK_RUN_AS), description="Account to run the task as")
227
+ run_as_domain = odm.Optional(odm.Text(), description="Domain of the account to run the task as")
228
+ run_as_user = odm.Optional(odm.Text(), description="User of the account to run the task as")
229
+ run_as_password = odm.Optional(odm.Text(), description="Password of the account to run the task as")
230
+ modifier = odm.Optional(odm.Text(), description="Modifier for the schedule type")
231
+ day = odm.Optional(odm.Text(), description="How often the task runs within its schedule type")
232
+ month = odm.Optional(odm.Text(), description="Month(s) during which the scheduled task should run")
233
+ idle_time = odm.Optional(odm.Text(), description="Idle time to wait before running the task")
234
+ start_time = odm.Optional(odm.Text(), description="Start time to run the task (HH:mm 24-hour)")
235
+ interval = odm.Optional(odm.Text(), description="Repetition interval for the task")
236
+ end_time = odm.Optional(odm.Text(), description="End time for the task")
237
+ duration = odm.Optional(odm.Text(), description="Duration for which the task should run")
238
+ kill = odm.Optional(odm.Boolean(), description="Terminate task if it runs longer than end time or duration")
239
+ start_date = odm.Optional(odm.Text(), description="Start date to run the task (MM/dd/yyyy)")
240
+ end_date = odm.Optional(odm.Text(), description="End date to run the task (MM/dd/yyyy)")
241
+ channel_name = odm.Optional(odm.Text(), description="Event log channel for event-based task")
242
+ interactive = odm.Optional(odm.Boolean(), description="Task runs only when user is logged on interactively")
243
+ no_password = odm.Optional(odm.Boolean(), description="Task does not require a password")
244
+ auto_delete = odm.Optional(odm.Boolean(), description="Task will be deleted after it runs")
245
+ xml = odm.Optional(odm.Text(), description="XML file containing the task definition")
246
+ v1 = odm.Optional(odm.Boolean(), description="Create using version 1 task scheduler")
247
+ force = odm.Optional(odm.Boolean(), description="Create/delete the task and suppress warnings")
248
+ run_level = odm.Optional(odm.Enum(values=SCHEDULED_TASK_RUN_LEVELS), description="Run level for the task")
249
+ delay_time = odm.Optional(odm.Text(), description="Wait time to delay running the task after trigger")
250
+ hresult = odm.Optional(odm.Text(), description="Process exit code in HRESULT format")
251
+ output_format = odm.Optional(odm.Enum(values=SCHEDULED_TASK_OUTPUT_FORMATS), description="Query output format")
252
+ no_header = odm.Optional(odm.Boolean(), description="Display column headers in output")
253
+ add_advanced_properties = odm.Optional(odm.Boolean(), description="Display all properties in output")
254
+
255
+
190
256
  @odm.model(description="Extracted Malware Configuration")
191
257
  class MalwareConfig(odm.Model):
192
258
  config_extractor = odm.Keyword(description="Name of extractor")
@@ -216,6 +282,7 @@ class MalwareConfig(odm.Model):
216
282
  ssh = odm.Optional(odm.List(odm.Compound(SSH)), description="SSHs")
217
283
  proxy = odm.Optional(odm.List(odm.Compound(Proxy)), description="Proxies")
218
284
  dns = odm.Optional(odm.List(odm.Compound(DNS)), description="DNS")
285
+ icmp = odm.Optional(odm.List(odm.Compound(ICMP)), description="ICMPs")
219
286
  tcp = odm.Optional(odm.List(odm.Compound(GeneralConnection)), description="TCPs")
220
287
  udp = odm.Optional(odm.List(odm.Compound(GeneralConnection)), description="UDPs")
221
288
  encryption = odm.Optional(odm.List(odm.Compound(Encryption)), description="Encryptions")
@@ -223,5 +290,6 @@ class MalwareConfig(odm.Model):
223
290
  cryptocurrency = odm.Optional(odm.List(odm.Compound(Cryptocurrency)), description="Cryptocurrencies")
224
291
  paths = odm.Optional(odm.List(odm.Compound(Path)), description="Paths")
225
292
  registry = odm.Optional(odm.List(odm.Compound(Registry)), description="Registry")
293
+ scheduled_tasks = odm.Optional(odm.List(odm.Compound(ScheduledTask)), description="Scheduled Tasks")
226
294
 
227
295
  other = odm.Optional(odm.Mapping(odm.Any()), description="Other information")
{assemblyline-4.7.3.dev13 → assemblyline-4.7.3.dev15/assemblyline.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: assemblyline
3
- Version: 4.7.3.dev13
3
+ Version: 4.7.3.dev15
4
4
  Summary: Assemblyline 4 - Automated malware analysis framework
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-base
6
6
  Author: CCCS Assemblyline development team
assemblyline-4.7.3.dev13/assemblyline/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.7.3.dev13