This is a release version of the P2A hypervisor-based sandbox. For more info, please refer to the information section. Technical issues are to be reported to the P2A Support team and other requests to the the RDP team of Orange Cyberdefense.

P2A v7.6 (2024-02-12)

Support for more zip file formats (multipart mode)

  • Support for more archive file formats in multipart mode analysis [see https://www.7-zip.org/]
  • Detection engine improved
  • Bugs fix
  • Powershell tls/ssl
  • File format detection
  • Zip extraction
  • Graphical user interface stop button
  • Analysis date when error happens in some cases
  • ...
  • Patch anti-vm
  • Documentation

P2A v7.5 (2023-06-13)

Added support for EML files

  • Support for EML files (multipart analysis : urls and attachments).
  • Support for files named with non ascii characters.
  • Bugs fix.
  • Note : for mutlipart analyses, the subparts results are available in the resulting json under de key subparts={analysis_id1 : result_url1, ...}

P2A v7.4 (2023-04-23)

  • Malicious File Detection available in API
  • Improved performance and stability
  • Enabled Datalake domain reputation integration
  • Updated Firefox (111) and Chrome (95)
  • Add OneNote support

P2A v7.3 (2023-02-20)

system upgrade

  • Ubuntu upgrade (from bionic to focal).
  • Kernel upgrade (kvm + qemu).
  • Security enhancement (front-end/back-end data encryption ...).
  • Bugs fix (tor, rescan, nitro -6 ...).
  • Web api improvement (submitting files, urls, online files and Hash).
  • NOTE (api): sync mode is deprecated and will be removed next release.

P2A v7.2 (2022-10-26)

Malware configs extraction

  • Added new section : Extract of Malware Configuration(visible whenever configs are extracted). Malware configs are also present in the results json file (key = mwcfg).
  • Bugs fix
  • Web api will be updated in the next release, p2a python client will be provided and curl commands will have little changes.

P2A v7.1 (2022-06-16)

Static analysis of submitted sample

  • Yara analysis of submitted file
  • Large files submission through python-API ( size > 50Mo )
  • The reason of maintenance is now shown
  • Improvement : users can now disable all hooks with one option
  • Windows templates updated
  • Added the possibility to download PDF report through WEB-API
  • Bugs fixing
  • Some server improvement
  • Anti-VM techniques improvement

P2A v7.0 (2022-04-13)

Custom command line and fixes

  • Fixed an issue that caused analysis graphical overflow with too long URL
  • Fixed "search by hash" feature that crashed in some rare cases
  • Fixed some documentation issues
  • Fixed an issue with admin feature to switch from normal to okta user
  • Fixed some graphical issues on the GUI
  • Added support page and new support email for technical bugs
  • Added .pptm files support
  • Added "public share" feature that allows sharing an analysis with unauthenticated users
  • Added the possibility for admins to change users email address
  • Added a new feature that allows specifying custom command line when running an analysis (Advanced tab)
  • Added a feature that allows admins to delete submitted samples
  • Added the possibility to submit an analysis through API directly in "shared" mode

P2A v6.2 (2022-02-15)

Increased URL max size

  • Fixed an issue with web API that caused bad result on "Dangerous" match
  • Increased URL max size from 256 to 2048
  • General optimization
  • Minor bug fixes

P2A v6.1 (2022-01-26)

Analyze by hash and command line arguments

  • Several bug fixes including a bug that caused webserver crash when a user went over their daily quota.
  • New feature: analyze files by simply providing their hash
  • New feature: provide command line parameters for all types of files in "Advanced" tab
  • Improvement: users are now informed when they are visualizing an empty analysis (missing stream.bin file)
  • Fixed documentation issues for API
  • Fixed an issue that prevented giving extra arguments to DLLs

P2A v6.0 (2021-11-22)

Bug fixes and improvements

  • Improved admin panel
  • Disabled email change feature for Okta users
  • UI Menu fixes
  • Improved modules management based on installation system
  • Vulnerability fix: restricted sample download-by-hash feature to admins
  • Fixed configuration issues
  • Fixed other minor bugs

P2A v5.5 (2021-11-02)

API search by date and documentation fixes

  • New feature in API search endpoint: possibility to specify starting and ending date (see API documentation)
  • Fixed many documentation mistakes
  • Adjusted all errors and descriptions in English language
  • Added support of .ppam files
  • Changed Internal Login button title for clarity
  • Deleted PFAV and P2M buttons
  • Upgraded maintenance page by adding more information
  • Minor bug fixes

P2A v5.4 (2021-10-25)

Several improvements and new API endpoints

  • Changed /api-web endpoint to /api/submit but /api-web still works as legacy endpoint
  • Improved history API endpoint to work with current session (in addition to API login)
  • Added new API endpoint that allows downloading samples associated to an analysis ID
  • Added new API endpoint that allows searching for analysis: filter by filename, hash, author, signature
  • Added new section to API result containing all network connections including: source IP, destination IP and destination port
  • Fixed a rare bug that caused a crash through API when no memory dump was generated
  • Fixed few timeout issues worker-side
  • Fixed a collision issue on local and okta accounts
  • Fixed bad syntax on documentation and general improvement
  • Enabled internal login button on login page

P2A v5.3 (2021-10-12)

UI Fixes

  • Added the possibility for users to prevent auto-upload of their files on Multi-Upload page: the option can be changed in user parameters
  • Added a favicon to P2A website
  • Fixed colors of some error/warning messages and buttons

P2A v5.2 (2021-10-07)

Okta authentication system

  • Added new authentication system to P2A: OpenID connect through Okta
  • The new authentication system will be used for all internal users but local authentication is still supported for external users
  • Adding a new button on login page: "Internal login" in order to use the Okta system: the button is disabled for now

P2A v5.1 (2021-09-27)

Hash addition and bug fixes

  • Fixed an issue that prevented submission for TDC users
  • Fixed an issue related to domains display that caused the web server crash in special cases
  • Added md5 and sha1 hashes to submitted samples: those values are now displayed on web and API result

P2A v5.0 (2021-09-14)

Bug fixes, datalake implementation and new api endpoint

  • Improved analysis share system: added share button even on public analysis
  • Added a new API endpoint to fetch last analysis list
  • Fixed an issue that caused crash when submitting a DLL without any export
  • Fixed an issue that caused crash when submitting to Free Mode without any extension
  • Added domain name reputation scores (from Datalake) to analysis result page

P2A v4.5 (2021-09-02)

Major fixes

  • Fixed an issue that displayed the file size instead of hash in web API result
  • Removed flash support for the P2A multi-upload page
  • Removed returned webserver verbose information
  • Fixed self-XSS on submit page
  • Fixed issues related to user permissions

P2A v4.4 (2021-08-26)

Analysis sharing system

  • Addition of a "Share" button on analysis result page allowing to generate a URL with a unique token allowing to share a private analysis with a connected user
  • Possibility to withdraw or regenerate the sharing token at any time

P2A v4.3 (2021-08-20)

Global improvements and important bug fixes

  • Fixed inetsim according to new Perl version
  • Fixed an issue preventing submission of URLs containing unicode characters
  • Deactivated experimental AI engine by default
  • Fixed a temporary issue that prevented analysis deletion
  • Overall stabilization

P2A v4.2 (2021-07-05)

Improvements of Vital submission

  • Replaced VITAL submission filename with its hash SHA256
  • Removed a debug message when submitting to VITAL
  • Fixed VITAL submission to adapt to the new API syntax
  • Several minor fixes

P2A v4.1 (2021-06-10)

Important bug fixes

  • Fixed a bug in PFAV and VITAL implementations that prevented getting the correct result in some cases
  • Fixed some unclear parts of the documentation
  • Fixed an issue with P2A rulesets not being updated after server reboot
  • Fixed several typographical
  • Fixed other minor bugs
  • Introduction of the IA detection engine

P2A v4.0 (2021-02-17)

Tor submission mode

  • Added a new network submission mode that allows routing network traffic through tor choosing a specific exit node country
  • Fixed a bug that prevented downloading files containing "%20" space character
  • Minor bug fixes

P2A v3.6 (2020-12-22)

Better detection and bug fixes

  • Bug fixes related to detection of msiexec malicious process run
  • Added zerologon hooks
  • Fixed a bug related to deactivated user accounts
  • Added a maintenance mode

P2A v3.5 (2020-10-14)

Vital integration and API improvements

  • API result improvement: added domain and IP list
  • VITAL results integrated in web analysis result for each memory dump
  • PFAV result bug fixes (csrf exempt request)

P2A v3.4 (2020-09-21)

WEB-API improvements

  • Addition of a "sync" parameter in the WEB API submission options (WEB API is now asynch by default)
  • Improved WEB API operation routes
  • Redesign of the WEB API documentation
  • Minor bug fixes

P2A v3.3 (2020-09-04)

Datalake and minor improvements

  • Better handling of APK files
  • Sending IOC of public malicious detection to Datalake
  • Improvements of events display (added reason)

P2A v2.1 (2020-06-23)

Better privacy settings and stability improvement

  • Deleted email address in web result for privacy reasons
  • Improved overall stability
  • Bug fixes in ajax return process

P2A v3.2 (2020-08-03)

Hooks management system and vulnerability fixes

  • Fixed CSRF vulnerability on some formulas
  • Fixed an issue that prevented email modification
  • Improved hooks management system

P2A v3.1 (2020-07-23)

Several bug fixes and adjustements

  • Fixed several bugs in free mode (zip upload,
  • Improved the waiting template
  • Disallowed using no vnc option with free mode

P2A v3.0 (2020-07-16)

Free mode option

  • Added a new submission mode: free mode (Options general tab)
  • Possibility to submit multiple files in a zip
  • Possibility to setup the virtual machine 10 minutes before analysis start
  • Possibility to choose which specific processes to analyze (Advanced tab)
  • Fixed minor bugs in introspection engine
  • Several front-end bug fixes leading to global stability improvement

P2A v2.0 (2020-06-16)

Simulated internet mode and improved detection

  • Released new network mode: simulated internet
  • Fixed minor bugs
  • Added detection process for malicious msiexec processes
  • Added new events in order to improve dynamic detection
  • Added a fake browser that triggers malware start process

P2A v1.2 (2020-04-04)

WEB-API and improved web results

  • Improved web analysis results
  • Fixed user api bugs (race condition)
  • Released a new API based on web endpoint (see documentation in API submenu)
  • Fixed other minor bugs

P2A v1.1 (2020-02-27)

Global improvements and bug fixes

  • Fixed display issues in event list (command_line tag)
  • Fixed bugs in introspection engine
  • Fixed word dumps issue
  • Added new logs for the introspection engine (new processes)
  • Improved documentation

P2A v1.0 (2020-01-02)

Added detection processes and stability improvement

  • Added a way to detect malicious programs running through msiexec client call.
  • Improved global stability of the platform
  • Several bug fixes

P2A v0.5 (2019-05-29)

Improvement of the browser support

  • Added a submission parameter to choose the browser between IE, Firefox and Chrome
  • Addition of export buttons in PNG and PDF in the results page (Analysis menu in the menu bar)
  • Added a password parameter to be used to decrypt the sample if it is an encrypted ZIP archive
  • Adding detection rules
  • All the added parameters can be configured in the user preferences in the "Preferences" menu

P2A v0.4 (2019-05-24)

Support of resource hooks

  • Addition of hooks on the windows API concerning PE resources
  • Improved disconnected antivirus scanning system
  • Fixed some web interface bugs
  • Adding detection rules

P2A v0.3 (2019-05-24)

Antivirus scan via PFAV added to P2A results

  • The memory artifacts recovered during the analysis are transferred to the anti virus of PFAV for analysis
  • Antivirus scans are done in offline mode, no information is transmitted to anti-virus publishers
  • By default only the first three memory artifacts are sent, the user can choose to send them all by clicking on the corresponding button
  • If the analysis is too old, the user can also choose to resubmit the dumps to benefit from signature updates
  • A bug has been fixed when submitting file URLs for download
  • Support for PPT and PPTX files has been added (launch in powerpoint)
  • The samples page has been updated

P2A v0.2 (2019-05-24)

New extensions support and bug fixes

  • HTML files are now run from the default browser. The error displayed in case of bad file extension is more intuitive.
  • New rulesets for several malware families
  • The user can now access all the files submitted through web or API in Samples pages
  • Bug fixes for the introspection module, the web client is more stable and displays more elements even in case of errors.

P2A v0.1 (2019-02-05)

Initial changelog

    Extension support:

  • Microsoft Word:
  • hta
  • mshtml
  • Microsoft Excel:
  • csv

    Web Interface:

  • Choice of virtual machine language
  • Displaying events by page (500/page)
  • All events are displayed by default
  • New event types: Mutex, Semaphores, NamedPipes, Events, DebugStrings, HookModifyData
  • Possibility to download stream.bin of the analysis

    Analysis:

  • Improvement of the automatic mouse moving function