Assemblyline services¶
Services currently installed on a system can be found under Help > Service Listing.
This is the list of all the services that are bundled with Assemblyline and that are maintained by the Assemblyline team:
| Service Name | Speciality | Description | Source |
|---|---|---|---|
| APIVector | Windows binaries | Extracts library imports from windows PE files or memory dump to generate api vector classification. | link |
| APKaye | Android APK | APKs are decompiled and inspected. Network indicators and information found in the APK manifest file are displayed | link |
| AntiVirus | Anti-virus | Generic ICAP client to integrate with most Anti-virus enterprise scanners | link |
| Batchdeobfuscator | Deobfuscation | Deobfuscate batch file through variable resolution | link |
| CAPA | Windows binaries | CAPA open-source tool integration | link |
| Characterize | Entropy analysis | Partitions the file and calculates visual entropy for each partition, extract Exif metadata | link |
| ConfigExtractor | IoC extraction | Extract malware configuration file, allowing to get list of C2, encryption material etc. | link |
| CAPE | Sandbox | Provides dynamic malware analysis through sandboxing. | link |
| DeobfuScripter | Deobfuscation | Static script de-obfuscator. The purpose is not to get surgical de-obfuscation, but rather to extract obfuscated IOCs. | link |
| ELF | Linux binaries | Extracts attributes (sections, segments, ...) from ELF files using LIEF | link |
| ELFPARSER | Linux binaries | ELFParser open-source tool integration | link |
| EmlParser | Parse emails using GOVCERT-LU eml_parser library while extracting header information, attachments, URIs | link | |
| Espresso | Java | All classes are extracted, decompiled, and analyzed for malicious behaviour | link |
| Extract | Compressed file | This service extracts embedded files from file containers (like ZIP, RAR, 7z, ...) | link |
| Floss | IoC extraction | Automatically extract obfuscated strings from malware using FireEye Labs Obfuscated String Solver | link |
| FrankenStrings | IoC extraction | This service performs file and IOC extractions using pattern matching, simple encoding decoder and script de-obfuscators | link |
| Intezer | File genome identification | Interface between Intezer Analyze API 2.0, submits file for analysis if hash is not present in Intezer database | link |
| IPArse | Apple IOS | Analyze Apple apps | link |
| JsJaws | Javascript | Analyze malicious Javascript | link |
| MetaPeek | Meta data analysis | Checks submission metadata for indicators of potential malicious behaviour (double file extensions, ...) | link |
| Oletools | Office documents | This service extracts metadata, network information and reports anomalies in Microsoft OLE and XML documents using the Python library py-oletools by Philippe Lagadec - http://www.decalage.info | link |
| Overpower | PowerShell | De-obfuscate PowerShell scripts | link |
| PDFId | This service extracts metadata from PDFs using Didier Stevens PDFId & PDFParse | link | |
| PE | Windows binaries | Extract attributes (imports, exports, sections, ...) from PE files using LIEF | link |
| PeePDF | This service uses the Python PeePDF library information from PDFs including JavaScript blocks which it will attempt to de-obfuscate, if necessary, for further analysis | link | |
| PixAxe | Images | Extract text from images | link |
| Safelist | Safelisting | Allow for hash, IoC and signature safelisting, including support for downloading NSRL | link |
| Sigma | Eventlog signatures | Scan event logs (e.g. from sandbox or a compromised host) using Sigma | link |
| Suricata | Network signatures | Scan network capture (.pcap) submitted and extracted from analysis via Suricata | link |
| Swiffer | Adobe Shockwave | This service extracts metadata and performs anomaly detection on Adobe Shockwave (.swf) files | link |
| TagCheck | Tag signatures | YARA signatures on Assemblyline Tags (build your own signatures to hit on specific tags) | link |
| TorrentSlicer | Torrent files | Extracts information from torrent files | link |
| Unpacker | UPX Unpacker | This service unpacks UPX packed executables for further analysis | link |
| Unpac.me | Unpacker | Integrate with unpac.me | link |
| URLCreator | URL File creation | Create URI files from URLs tags that are seemingly malicious | link |
| URLDownloader | URL Fetching | Fetches URLs from URI files | link |
| ViperMonkey | Office documents | ViperMonkey is a VBA Emulation engine by http://www.decalage.info | link |
| VirusTotal | Anti-virus | This service checks (and optionally submits) files/URLs to VirusTotal for analysis. | link |
| XLMMacroDeobfuscator | Office documents | Analyze Excel 4.0 macros | link |
| YARA | File signatures | Signature for file | link |
End of life, no longer actively supported:
| Service Name | Speciality | Description | Source |
|---|---|---|---|
| Cuckoo | Sandbox | Provides dynamic malware analysis through sandboxing. | link |
| IntezerStatic | File genome identification | Interface between Intezer Analyze API 2.0, performs hash lookups of submitted file | link |
| Lastline | Sandbox | Provides dynamic malware analysis through sandboxing. | link |
| MetaDefender | Anti-virus | Service for OPSWAT MetaDefender anti-virus (multi-engine) | link |
| PEFile | Windows binaries | This service extracts attributes (imports, exports, section names, ...) from windows PE files using the Python library pefile | link |
| VirusTotalDynamic | Anti-virus | Checks and actively sends files to VirusTotal for analysis. | link |
| VirusTotalStatic | Anti-virus | Checks VirusTotal for existing analysis about submitted file. | link |