Skip to content

Add support for VMRay sandbox results for capa dynamic analysis #2148

New issue
New issue
Closed
Closed
Add support for VMRay sandbox results for capa dynamic analysis#2148
Labels
dynamicrelated to dynamic analysis flavorvmrayrelated to VMRay sandbox report analysis
Milestone
v7.3
@mr-tz

Description

@mr-tz
mr-tz
opened on Jun 14, 2024

We're working on adding support to parse VMRay result files for capa dynamic processing.

To add this functionality tasks include:

  • identify relevant VMRay files, so far flog.xml and summary_v2.json
  • add the respective pydantic models to parse relevant data
  • add a VMRayExtractor
    • add base extractor
    • add scope extractors
### Tasks
- [x] undo formatting changes / apply correct lints/formatting
- [x] complete extractor.py implementation analogous to CAPE (almost done)
- [x] complete/cleanup call.py
- [x] complete/cleanup file.py
- [x] complete global.py
- [x] add process.py - get_threads(?)
- [x] complete/cleanup models.py
- [x] add test archives - clarify if/how can publish
- [x] add tests/test_vmray_models.py to test VMRay models
- [x] add tests/test_vmray_features.py to test feature presence and counts

Metadata

Metadata

Assignees

No one assigned

    Labels

    dynamicrelated to dynamic analysis flavorvmrayrelated to VMRay sandbox report analysis

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions