Christophe Vandeplas
842f91a4db
chg: [doc] Big doc revamp #680
2024-08-12 11:23:10 +02:00
chrisr3d
38047f2718
chg: [joe_import] Changed the user configuration param `Import PE` into `Import Executable`
2022-03-07 23:04:37 +01:00
chrisr3d
b2c8f79220
fix: Making pep8 happy
2020-01-24 15:17:35 +01:00
Georg Schölly
04685ea63e
joe: (1) allow users to disable PE object import (2) set 'to_ids' to False
2020-01-24 14:51:38 +01:00
chrisr3d
aa3e873845
fix: Making pep8 happy + added joe_import module in the init list
2019-06-04 11:33:42 +10:00
chrisr3d
0d40830a7f
fix: Some quick fixes
...
- Fixed strptime matching because months are
expressed in abbreviated format
- Made data loaded while the parsing function is
called, in case it has to be called multiple
times at some point
2019-06-03 18:35:58 +10:00
chrisr3d
74b73f9332
chg: Moved JoeParser class to make it reachable from expansion & import modules
2019-05-29 11:26:14 +10:00
Georg Schölly
9377a892f4
support url analyses
2019-05-28 16:19:35 +02:00
Georg Schölly
380b8d46ba
improve forwards-compatibility
2019-05-28 16:14:59 +02:00
chrisr3d
8ac651562e
fix: Making pep8 & travis happy
2019-05-23 16:13:49 +02:00
chrisr3d
be05de62c0
add: Parsing MITRE ATT&CK tactic matrix related to the Joe report
2019-05-23 15:59:52 +02:00
chrisr3d
e608107a09
add: Parsing domains, urls & ips contacted by processes
2019-05-22 17:12:49 +02:00
chrisr3d
cfec9a6b1c
fix: Added references between processes and the files they drop
2019-05-22 15:27:04 +02:00
chrisr3d
191034d311
add: Starting parsing dropped files
2019-05-21 23:37:53 +02:00
chrisr3d
417c306ace
fix: Avoiding network connection object duplicates
2019-05-20 15:59:18 +02:00
chrisr3d
72e5f0099d
fix: Avoid creating a signer info object when the pe is not signed
2019-05-20 10:52:34 +02:00
chrisr3d
54f5fa6fa9
fix: Avoiding dictionary indexes issues
...
- Using tuples as a dictionary indexes is better
than using generators...
2019-05-20 09:19:38 +02:00
chrisr3d
0d5f867825
add: Starting parsing network behavior fields
2019-05-17 22:18:11 +02:00
chrisr3d
f9515c14d0
fix: Avoiding attribute & reference duplicates
2019-05-16 16:14:25 +02:00
chrisr3d
2246fc0d02
add: Parsing registry activities under processes
2019-05-16 16:11:43 +02:00
chrisr3d
067b229224
fix: Handling case of multiple processes in behavior field
...
- Also starting parsing file activities
2019-05-15 22:06:55 +02:00
chrisr3d
d195b554a5
fix: Testing if some fields exist before trying to import them
...
- Testing for pe itself, pe versions and pe signature
2019-05-15 22:05:03 +02:00
chrisr3d
fc8a56d1d9
fix: Removed test print
2019-05-15 15:49:29 +02:00
chrisr3d
29e681ef81
add: Parsing processes called by the file analyzed in the joe sandbox report
2019-05-13 17:30:01 +02:00
chrisr3d
d39fb7da18
add: Parsing some object references at the end of the process
2019-05-13 17:29:07 +02:00
chrisr3d
728386d8a0
add: [new_module] Module to import data from Joe sandbox reports
...
- Parsing file, pe and pe-section objects from the
report file info field
- Deeper file info parsing to come
- Other fields parsing to come as well
2019-05-08 16:52:49 +02:00