diff --git a/doc/README.md b/doc/README.md
index 02506ab..0ca9b3e 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -414,6 +414,52 @@ Module to query IPRep data for IP addresses.
-----
+#### [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py)
+
+
+
+Query Joe Sandbox API with a submission url to get the json report and extract its data that is parsed and converted into MISP attributes and objects.
+
+This url can by the way come from the result of the [joesandbox_submit expansion module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py).
+- **features**:
+>Module using the new format of modules able to return attributes and objects.
+>
+>The module returns the same results as the import module [joe_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joe_import.py) taking directly the json report as input.
+>
+>Even if the introspection will allow all kinds of links to call this module, obviously only the ones presenting a sample or url submission in the Joe Sandbox API will return results.
+>
+>To make it work you will need to fill the 'apikey' configuration with your Joe Sandbox API key and provide a valid link as input.
+- **input**:
+>Link of a Joe Sandbox sample or url submission.
+- **output**:
+>MISP attributes & objects parsed from the analysis report.
+- **references**:
+>https://www.joesecurity.org, https://www.joesandbox.com/
+- **requirements**:
+>jbxapi: Joe Sandbox API python3 library
+
+-----
+
+#### [joesandbox_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py)
+
+
+
+A module to submit files or URLs to Joe Sandbox for an advanced analysis, and return the link of the submission.
+- **features**:
+>The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.
+>
+>It is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link.
+- **input**:
+>Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.
+- **output**:
+>Link of the data in input submitted to Joe Sandbox.
+- **references**:
+>https://www.joesecurity.org, https://www.joesandbox.com/
+- **requirements**:
+>jbxapi: Joe Sandbox API python3 library
+
+-----
+
#### [macaddress_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/macaddress_io.py)
@@ -798,6 +844,24 @@ Module to get information from ThreatMiner.
-----
+#### [urlhaus](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py)
+
+
+
+Query of the URLhaus API to get additional information about the input attribute.
+- **features**:
+>Module using the new format of modules able to return attributes and objects.
+>
+>The module takes one of the attribute type specified as input, and query the URLhaus API with it. If any result is returned by the API, attributes and objects are created accordingly.
+- **input**:
+>A domain, hostname, url, ip, md5 or sha256 attribute.
+- **output**:
+>MISP attributes & objects fetched from the result of the URLhaus API query.
+- **references**:
+>https://urlhaus.abuse.ch/
+
+-----
+
#### [urlscan](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlscan.py)
@@ -1231,6 +1295,26 @@ Module to import MISP objects about financial transactions from GoAML files.
-----
+#### [joeimport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joeimport.py)
+
+
+
+A module to import data from a Joe Sandbox analysis json report.
+- **features**:
+>Module using the new format of modules able to return attributes and objects.
+>
+>The module returns the same results as the expansion module [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) using the submission link of the analysis to get the json report.
+>
+>
+- **input**:
+>Json report of a Joe Sandbox analysis.
+- **output**:
+>MISP attributes & objects parsed from the analysis report.
+- **references**:
+>https://www.joesecurity.org, https://www.joesandbox.com/
+
+-----
+
#### [mispjson](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/mispjson.py)
Module to import MISP JSON format for merging MISP events.
diff --git a/doc/expansion/joesandbox_query.json b/doc/expansion/joesandbox_query.json
new file mode 100644
index 0000000..1a94edb
--- /dev/null
+++ b/doc/expansion/joesandbox_query.json
@@ -0,0 +1,9 @@
+{
+ "description": "Query Joe Sandbox API with a submission url to get the json report and extract its data that is parsed and converted into MISP attributes and objects.\n\nThis url can by the way come from the result of the [joesandbox_submit expansion module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_submit.py).",
+ "logo": "logos/joesandbox.png",
+ "requirements": ["jbxapi: Joe Sandbox API python3 library"],
+ "input": "Link of a Joe Sandbox sample or url submission.",
+ "output": "MISP attributes & objects parsed from the analysis report.",
+ "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
+ "features": "Module using the new format of modules able to return attributes and objects.\n\nThe module returns the same results as the import module [joe_import](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/joe_import.py) taking directly the json report as input.\n\nEven if the introspection will allow all kinds of links to call this module, obviously only the ones presenting a sample or url submission in the Joe Sandbox API will return results.\n\nTo make it work you will need to fill the 'apikey' configuration with your Joe Sandbox API key and provide a valid link as input."
+}
diff --git a/doc/expansion/joesandbox_submit.json b/doc/expansion/joesandbox_submit.json
new file mode 100644
index 0000000..ce0cb1f
--- /dev/null
+++ b/doc/expansion/joesandbox_submit.json
@@ -0,0 +1,9 @@
+{
+ "description": "A module to submit files or URLs to Joe Sandbox for an advanced analysis, and return the link of the submission.",
+ "logo": "logos/joesandbox.png",
+ "requirements": ["jbxapi: Joe Sandbox API python3 library"],
+ "input": "Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.",
+ "output": "Link of the data in input submitted to Joe Sandbox.",
+ "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
+ "features": "The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.\n\nIt is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link."
+}
diff --git a/doc/expansion/urlhaus.json b/doc/expansion/urlhaus.json
new file mode 100644
index 0000000..8e5cef3
--- /dev/null
+++ b/doc/expansion/urlhaus.json
@@ -0,0 +1,9 @@
+{
+ "description": "Query of the URLhaus API to get additional information about the input attribute.",
+ "logo": "logos/urlhaus.png",
+ "requirements": [],
+ "input": "A domain, hostname, url, ip, md5 or sha256 attribute.",
+ "output": "MISP attributes & objects fetched from the result of the URLhaus API query.",
+ "references": ["https://urlhaus.abuse.ch/"],
+ "features": "Module using the new format of modules able to return attributes and objects.\n\nThe module takes one of the attribute type specified as input, and query the URLhaus API with it. If any result is returned by the API, attributes and objects are created accordingly."
+}
diff --git a/doc/import_mod/joeimport.json b/doc/import_mod/joeimport.json
new file mode 100644
index 0000000..ceba4ab
--- /dev/null
+++ b/doc/import_mod/joeimport.json
@@ -0,0 +1,9 @@
+{
+ "description": "A module to import data from a Joe Sandbox analysis json report.",
+ "logo": "logos/joesandbox.png",
+ "requirements": [],
+ "input": "Json report of a Joe Sandbox analysis.",
+ "output": "MISP attributes & objects parsed from the analysis report.",
+ "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
+ "features": "Module using the new format of modules able to return attributes and objects.\n\nThe module returns the same results as the expansion module [joesandbox_query](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) using the submission link of the analysis to get the json report.\n\n"
+}
diff --git a/doc/logos/joesandbox.png b/doc/logos/joesandbox.png
new file mode 100644
index 0000000..8072f6e
Binary files /dev/null and b/doc/logos/joesandbox.png differ
diff --git a/doc/logos/urlhaus.png b/doc/logos/urlhaus.png
new file mode 100644
index 0000000..b291350
Binary files /dev/null and b/doc/logos/urlhaus.png differ