Merge branch 'release/3.5.8'

Author: nusantara-self

.github/workflows/build.yml

@@ -1,5 +1,17 @@
 # Changelog
 
+## [3.5.7](https://github.com/TheHive-Project/Cortex-Analyzers/tree/3.5.7) (2025-03-28)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/3.5.6...3.5.7)
+
+## [3.5.6](https://github.com/TheHive-Project/Cortex-Analyzers/tree/3.5.6) (2025-03-28)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/3.5.5...3.5.6)
+
+## [3.5.5](https://github.com/TheHive-Project/Cortex-Analyzers/tree/3.5.5) (2025-03-28)
+
+[Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/3.5.4...3.5.5)
+
 ## [3.5.4](https://github.com/TheHive-Project/Cortex-Analyzers/tree/3.5.4) (2025-03-28)
 
 [Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/3.5.3...3.5.4)
@@ -8,6 +20,11 @@
 
 - \[FR\] CI Refactor - ARM64 support & GHCR migration [\#1343](https://github.com/TheHive-Project/Cortex-Analyzers/issues/1343)
 
+**Merged pull requests:**
+
+- CI Refactor - GHCR.io migration / ARM64 Support [\#1341](https://github.com/TheHive-Project/Cortex-Analyzers/pull/1341) ([nusantara-self](https://github.com/nusantara-self))
+- CI Refactor - GHCR.io migration / ARM64 Support [\#1342](https://github.com/TheHive-Project/Cortex-Analyzers/pull/1342) ([nusantara-self](https://github.com/nusantara-self))
+
 ## [3.5.3](https://github.com/TheHive-Project/Cortex-Analyzers/tree/3.5.3) (2025-03-18)
 
 [Full Changelog](https://github.com/TheHive-Project/Cortex-Analyzers/compare/3.5.2...3.5.3)

CHANGELOG.md

@@ -12,12 +12,11 @@
 #
 # 
 
-
-
 FROM python:3-slim
 WORKDIR /worker
-COPY . EmlParser
-RUN test ! -e EmlParser/requirements.txt || pip install --no-cache-dir -r EmlParser/requirements.txt
 RUN apt update
-RUN apt install -y wkhtmltopdf libmagic1
-ENTRYPOINT EmlParser/parse.py
+RUN apt install -y wkhtmltopdf python3-magic
+COPY requirements.txt EmlParser/
+RUN test ! -e EmlParser/requirements.txt || pip install --no-cache-dir -r EmlParser/requirements.txt
+COPY . EmlParser/
+ENTRYPOINT ["python", "EmlParser/parse.py"]

analyzers/EmlParser/Dockerfile

@@ -1,5 +1,5 @@
 cortexutils
 future
 requests
-git+https://github.com/maltiverse/python-maltiverse
+maltiverse
 PyJWT

analyzers/Maltiverse/Dockerfile

@@ -1,9 +1,14 @@
-FROM python:3.7
+FROM python:3-slim
 
 WORKDIR /worker
 COPY . MalwareClustering
-RUN apt update                                                  && \
-    apt install -y -q libfuzzy-dev libimage-exiftool-perl       && \
-    rm -rf /var/lib/apt/lists/*
+# Install build tools and dependencies for C extensions
+RUN apt update && apt install -y --no-install-recommends \
+build-essential \
+python3-dev \
+libfuzzy-dev \
+python3-magic \
+libimage-exiftool-perl && \
+rm -rf /var/lib/apt/lists/*
 RUN pip3 install --no-cache-dir -r MalwareClustering/requirements.txt
-ENTRYPOINT MalwareClustering/malwareclustering.py
+ENTRYPOINT ["python", "MalwareClustering/malwareclustering.py"]

analyzers/Maltiverse/requirements.txt

@@ -1,9 +1,9 @@
-FROM python:3.9
+FROM python:3-slim
 WORKDIR /worker
 COPY . Jupyter_Responder
 RUN test ! -e Jupyter_Responder/requirements.txt || pip install --no-cache-dir -r Jupyter_Responder/requirements.txt
 
 RUN apt update &&\
      apt install patch &&\
      patch $(python3 -c "from papermill import iorw; print(iorw.__file__)") Jupyter_Responder/papermill_iorw.patch 
-ENTRYPOINT Jupyter_Responder/jupyter.py
+ENTRYPOINT ["python", "Jupyter_Responder/jupyter.py"]

analyzers/MalwareClustering/Dockerfile

@@ -1,23 +1,51 @@
-FROM python:3.10-slim
+FROM python:3-alpine
 
-# Install system components
-RUN apt-get update  && apt-get install -y curl gnupg apt-transport-https
+# See : https://learn.microsoft.com/en-us/powershell/scripting/install/install-alpine?view=powershell-7.5
 
-# Import the public repository GPG keys
-RUN curl -sS https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
+# Install base dependencies
+RUN apk add --no-cache \
+    ca-certificates \
+    less \
+    ncurses-terminfo-base \
+    krb5-libs \
+    libgcc \
+    libintl \
+    libssl3 \
+    libstdc++ \
+    tzdata \
+    userspace-rcu \
+    zlib \
+    icu-libs \
+    curl
 
-# Register the Microsoft Product feed
-RUN sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-bullseye-prod bullseye main" > /etc/apt/sources.list.d/microsoft.list'
+# Install additional packages from Alpine edge main repository
+RUN apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \
+    lttng-ust \
+    openssh-client
 
-# Install PowerShell (/usr/bin/pwsh)
-RUN apt-get update && apt-get install -y powershell
+# Download the PowerShell .tar.gz archive
+RUN curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.5.0/powershell-7.5.0-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz
 
-COPY install_deps.ps1 .
-RUN pwsh -File install_deps.ps1
+# Create the target folder where PowerShell will be placed
+RUN mkdir -p /opt/microsoft/powershell/7
+
+# Extract PowerShell into the target folder
+RUN tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7
+
+# Set execute permissions on the PowerShell binary
+RUN chmod +x /opt/microsoft/powershell/7/pwsh
+
+# Create a symbolic link to pwsh in /usr/bin for easy access
+RUN ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
 
 WORKDIR /worker
-COPY requirements.txt .
-RUN pip3 install --no-cache-dir -r requirements.txt
-COPY . .
 
-ENTRYPOINT ["python3", "ms_defender_office.py"]
+# Copy the requirements for MSDefenderOffice365 and install them
+COPY requirements.txt MSDefenderOffice365/
+RUN pip3 install --no-cache-dir -r MSDefenderOffice365/requirements.txt
+
+# Copy the rest of the analyzer code into the MSDefenderOffice365 folder
+COPY . MSDefenderOffice365/
+
+# Set the entrypoint using JSON array syntax for proper OS signal handling
+ENTRYPOINT ["python3", "MSDefenderOffice365/ms_defender_office.py"]

responders/Jupyter_Responder/Dockerfile

@@ -5,11 +5,11 @@ WORKDIR /worker
 # install runtime dependencies.
 RUN apk add --no-cache file-dev
 
-COPY requirements.txt VirusTotalDownloader/
+COPY requirements.txt VirustotalDownloader/
 
 # Install Python dependencies from requirements.txt
-RUN test ! -e VirusTotalDownloader/requirements.txt || pip install --no-cache-dir -r VirusTotalDownloader/requirements.txt
+RUN test ! -e VirustotalDownloader/requirements.txt || pip install --no-cache-dir -r VirustotalDownloader/requirements.txt
 
-COPY . VirusTotalDownloader
+COPY . VirustotalDownloader
 
-ENTRYPOINT ["python", "VirusTotalDownloader/VirustotalDownloader.py"]
+ENTRYPOINT ["python", "VirustotalDownloader/VirustotalDownloader.py"]