Merge pull request target#431 from target/email-js-pdf-update-01292024

Enhancements: JNLP Signature, ScanEmail Preview Image, IOC Support, and Dependency Optimization
ryanohoro · Jan 29, 2024 · b37e761 · b37e761
2 parents 7c632da + 78c46f2
commit b37e761
Show file tree

Hide file tree

Showing 12 changed files with 1,529 additions and 1,388 deletions.
diff --git a/configs/python/backend/backend.yaml b/configs/python/backend/backend.yaml
@@ -108,6 +108,10 @@ scanners:
           - 'message/rfc822'
           - 'email_file'
       priority: 5
+      options:
+        create_thumbnail: True
+        thumbnail_header: False
+        thumbnail_size: [ 500, 500 ]
   'ScanEncryptedDoc':
     - positive:
         flavors:

diff --git a/configs/python/backend/taste/taste.yara b/configs/python/backend/taste/taste.yara
@@ -773,6 +773,19 @@ rule batch_file {
         $a at 0
 }
 
+rule jnlp_file {
+    meta:
+        description = "Detect JNLP (Java Network Launch Protocol) files"
+        author = "Paul Hutelmyer"
+        reference = "https://docs.oracle.com/javase/tutorial/deployment/webstart/deploying.html"
+        type = "script"
+    strings:
+        $jnlp_header = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" nocase
+        $jnlp_tag = "<jnlp" nocase
+    condition:
+        $jnlp_header at 0 and $jnlp_tag
+}
+
 rule javascript_file {
     meta:
         type = "script"

diff --git a/docs/README.md b/docs/README.md
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "strelka-worker"
-version = "0.23.10.19"
+version = "0.24.01.19"
 description = "Strelka's backend Python worker"
 authors = [
     "Paul Hutelmyer <[email protected]>",
@@ -16,13 +16,13 @@ boltons = "23.0.0"
 boto3 = "1.28.60"
 construct = "2.10.68"
 cryptography = "41.0.6"
+dncil = "1.0.2"
+dnfile = "0.14.1"
 docker = "6.1.3"
+dotnetfile = "0.2.4"
 eml-parser = "1.17.5"
 esprima = "4.0.1"
-flare-capa = "6.1.0"
 formulas = "1.2.6"
-grpcio-tools = "1.59.0"
-grpcio = "1.59.0"
 html5lib = "1.1"
 inflection = "0.5.1"
 jsbeautifier = "1.14.9"
@@ -44,12 +44,12 @@ opentelemetry-exporter-otlp-proto-grpc = "1.17.0"
 opentelemetry-exporter-otlp-proto-http = "1.17.0"
 opentelemetry-sdk = "1.17.0"
 pefile = "2023.2.7"
-pillow-avif-plugin = "1.4.1"
-pillow-heif = "^0.13.1"
+pillow-avif-plugin = "1.4.2"
+pillow-heif = "^0.14.0"
 pgpdump3 = "1.5.2"
 py-tlsh = "4.7.2"
 pycdlib = "1.14.0"
-pycryptodomex = "3.18.0"
+pycryptodomex = "3.20.0"
 pyelftools = "0.29"
 pygments = "2.15.0"
 pylzma = "0.5.0"
@@ -75,6 +75,7 @@ ssdeep = "3.4"
 tldextract = "3.4.0"
 tnefparse = "1.4.0"
 validators = "0.20.0"
+weasyprint = "60.2"
 xlrd2 = "1.3.4"
 xlrd = "2.0.1"
 xmltodict = "0.13.0"