21 new analyzers and a new docker-based system for integrations
Added a new way to integrate analysis tools as separated Docker-based analyzers. PEframe is the first of this kind.
21 New analyzers:
- PEframe: Perform static analysis on Portable Executable malware and malicious MS Office documents
- MalwareBazaar_Get_File: Check if a particular malware sample is known to MalwareBazaar
- Censys_Search: scan an IP address against Censys View API
- URLhaus: Query a domain or URL against URLhaus API
- MalwareBazaar_Get_Observable: Check if a particular malware hash is known to MalwareBazaar
- GreyNoise: scan an IP against the Greynoise API (requires API key)
- ONYPHE: search an observable in the ONYPHE
- HoneyDB_Get: IP lookup service
- Threatminer_PDNS: retrieve PDNS data from Threatminer API
- Threatminer_Reports_Tagging: retrieve reports from Threatminer API
- Threatminer_Subdomains: retrieve subdomains from Threatminer API
- ActiveDNS_Google: Retrieve current domain resolution with Google DoH (DNS over HTTPS)
- ActiveDNS_CloudFlare: Retrieve current domain resolution with CloudFlare DoH (DNS over HTTPS)
- ActiveDNS_Classic: Retrieve current domain resolution with default DNS
- Auth0: scan an IP against the Auth0 API
- Securitytrails_IP_Neighbours: scan an IP against securitytrails API for neighbour IPs
- Securitytrails_Details: scan a domain against securitytrails API for general details
- Securitytrails_Subdomains: scan a domain against securitytrails API for subdomains
- Securitytrails_Tags: scan a domain against securitytrails API for tags
- Securitytrails_History_WHOIS: scan a domain against securitytrails API for historical WHOIS
- Securitytrails_History_DNS: scan a domain against securitytrails API for historical DNS