Georg Schölly
|
9377a892f4
|
support url analyses
|
2019-05-28 16:19:35 +02:00 |
Georg Schölly
|
380b8d46ba
|
improve forwards-compatibility
|
2019-05-28 16:14:59 +02:00 |
chrisr3d
|
8ac651562e
|
fix: Making pep8 & travis happy
|
2019-05-23 16:13:49 +02:00 |
chrisr3d
|
be05de62c0
|
add: Parsing MITRE ATT&CK tactic matrix related to the Joe report
|
2019-05-23 15:59:52 +02:00 |
chrisr3d
|
e608107a09
|
add: Parsing domains, urls & ips contacted by processes
|
2019-05-22 17:12:49 +02:00 |
chrisr3d
|
cfec9a6b1c
|
fix: Added references between processes and the files they drop
|
2019-05-22 15:27:04 +02:00 |
chrisr3d
|
191034d311
|
add: Starting parsing dropped files
|
2019-05-21 23:37:53 +02:00 |
chrisr3d
|
417c306ace
|
fix: Avoiding network connection object duplicates
|
2019-05-20 15:59:18 +02:00 |
chrisr3d
|
72e5f0099d
|
fix: Avoid creating a signer info object when the pe is not signed
|
2019-05-20 10:52:34 +02:00 |
chrisr3d
|
54f5fa6fa9
|
fix: Avoiding dictionary indexes issues
- Using tuples as a dictionary indexes is better
than using generators...
|
2019-05-20 09:19:38 +02:00 |
chrisr3d
|
0d5f867825
|
add: Starting parsing network behavior fields
|
2019-05-17 22:18:11 +02:00 |
chrisr3d
|
f9515c14d0
|
fix: Avoiding attribute & reference duplicates
|
2019-05-16 16:14:25 +02:00 |
chrisr3d
|
2246fc0d02
|
add: Parsing registry activities under processes
|
2019-05-16 16:11:43 +02:00 |
chrisr3d
|
067b229224
|
fix: Handling case of multiple processes in behavior field
- Also starting parsing file activities
|
2019-05-15 22:06:55 +02:00 |
chrisr3d
|
d195b554a5
|
fix: Testing if some fields exist before trying to import them
- Testing for pe itself, pe versions and pe signature
|
2019-05-15 22:05:03 +02:00 |
chrisr3d
|
fc8a56d1d9
|
fix: Removed test print
|
2019-05-15 15:49:29 +02:00 |
chrisr3d
|
29e681ef81
|
add: Parsing processes called by the file analyzed in the joe sandbox report
|
2019-05-13 17:30:01 +02:00 |
chrisr3d
|
d39fb7da18
|
add: Parsing some object references at the end of the process
|
2019-05-13 17:29:07 +02:00 |
chrisr3d
|
728386d8a0
|
add: [new_module] Module to import data from Joe sandbox reports
- Parsing file, pe and pe-section objects from the
report file info field
- Deeper file info parsing to come
- Other fields parsing to come as well
|
2019-05-08 16:52:49 +02:00 |