This is a release version of the P2A hypervisor-based sandbox. For more info, please refer to the information section.
Technical issues are to be reported to the P2A Support team and other requests to the the RDP team of Orange Cyberdefense.
P2A v7.6 (2024-02-12)
Support for more zip file formats (multipart mode)
Support for more archive file formats in multipart mode analysis [see https://www.7-zip.org/]
Detection engine improved
Bugs fix
Powershell tls/ssl
File format detection
Zip extraction
Graphical user interface stop button
Analysis date when error happens in some cases
...
Patch anti-vm
Documentation
P2A v7.5 (2023-06-13)
Added support for EML files
Support for EML files (multipart analysis : urls and attachments).
Support for files named with non ascii characters.
Bugs fix.
Note : for mutlipart analyses, the subparts results are available in the resulting json under de key subparts={analysis_id1 : result_url1, ...}
P2A v7.4 (2023-04-23)
Malicious File Detection available in API
Improved performance and stability
Enabled Datalake domain reputation integration
Updated Firefox (111) and Chrome (95)
Add OneNote support
P2A v7.3 (2023-02-20)
system upgrade
Ubuntu upgrade (from bionic to focal).
Kernel upgrade (kvm + qemu).
Security enhancement (front-end/back-end data encryption ...).
Bugs fix (tor, rescan, nitro -6 ...).
Web api improvement (submitting files, urls, online files and Hash).
NOTE (api): sync mode is deprecated and will be removed next release.
P2A v7.2 (2022-10-26)
Malware configs extraction
Added new section : Extract of Malware Configuration(visible whenever configs are extracted). Malware configs are also present in the results json file (key = mwcfg).
Bugs fix
Web api will be updated in the next release, p2a python client will be provided and curl commands will have little changes.
P2A v7.1 (2022-06-16)
Static analysis of submitted sample
Yara analysis of submitted file
Large files submission through python-API ( size > 50Mo )
The reason of maintenance is now shown
Improvement : users can now disable all hooks with one option
Windows templates updated
Added the possibility to download PDF report through WEB-API
Bugs fixing
Some server improvement
Anti-VM techniques improvement
P2A v7.0 (2022-04-13)
Custom command line and fixes
Fixed an issue that caused analysis graphical overflow with too long URL
Fixed "search by hash" feature that crashed in some rare cases
Fixed some documentation issues
Fixed an issue with admin feature to switch from normal to okta user
Fixed some graphical issues on the GUI
Added support page and new support email for technical bugs
Added .pptm files support
Added "public share" feature that allows sharing an analysis with unauthenticated users
Added the possibility for admins to change users email address
Added a new feature that allows specifying custom command line when running an analysis (Advanced tab)
Added a feature that allows admins to delete submitted samples
Added the possibility to submit an analysis through API directly in "shared" mode
P2A v6.2 (2022-02-15)
Increased URL max size
Fixed an issue with web API that caused bad result on "Dangerous" match
Increased URL max size from 256 to 2048
General optimization
Minor bug fixes
P2A v6.1 (2022-01-26)
Analyze by hash and command line arguments
Several bug fixes including a bug that caused webserver crash when a user went over their daily quota.
New feature: analyze files by simply providing their hash
New feature: provide command line parameters for all types of files in "Advanced" tab
Improvement: users are now informed when they are visualizing an empty analysis (missing stream.bin file)
Fixed documentation issues for API
Fixed an issue that prevented giving extra arguments to DLLs
P2A v6.0 (2021-11-22)
Bug fixes and improvements
Improved admin panel
Disabled email change feature for Okta users
UI Menu fixes
Improved modules management based on installation system
Vulnerability fix: restricted sample download-by-hash feature to admins
Fixed configuration issues
Fixed other minor bugs
P2A v5.5 (2021-11-02)
API search by date and documentation fixes
New feature in API search endpoint: possibility to specify starting and ending date (see API documentation)
Fixed many documentation mistakes
Adjusted all errors and descriptions in English language
Added support of .ppam files
Changed Internal Login button title for clarity
Deleted PFAV and P2M buttons
Upgraded maintenance page by adding more information
Minor bug fixes
P2A v5.4 (2021-10-25)
Several improvements and new API endpoints
Changed /api-web endpoint to /api/submit but /api-web still works as legacy endpoint
Improved history API endpoint to work with current session (in addition to API login)
Added new API endpoint that allows downloading samples associated to an analysis ID
Added new API endpoint that allows searching for analysis: filter by filename, hash, author, signature
Added new section to API result containing all network connections including: source IP, destination IP and destination port
Fixed a rare bug that caused a crash through API when no memory dump was generated
Fixed few timeout issues worker-side
Fixed a collision issue on local and okta accounts
Fixed bad syntax on documentation and general improvement
Enabled internal login button on login page
P2A v5.3 (2021-10-12)
UI Fixes
Added the possibility for users to prevent auto-upload of their files on Multi-Upload page: the option can be changed in user parameters
Added a favicon to P2A website
Fixed colors of some error/warning messages and buttons
P2A v5.2 (2021-10-07)
Okta authentication system
Added new authentication system to P2A: OpenID connect through Okta
The new authentication system will be used for all internal users but local authentication is still supported for external users
Adding a new button on login page: "Internal login" in order to use the Okta system: the button is disabled for now
P2A v5.1 (2021-09-27)
Hash addition and bug fixes
Fixed an issue that prevented submission for TDC users
Fixed an issue related to domains display that caused the web server crash in special cases
Added md5 and sha1 hashes to submitted samples: those values are now displayed on web and API result
P2A v5.0 (2021-09-14)
Bug fixes, datalake implementation and new api endpoint
Improved analysis share system: added share button even on public analysis
Added a new API endpoint to fetch last analysis list
Fixed an issue that caused crash when submitting a DLL without any export
Fixed an issue that caused crash when submitting to Free Mode without any extension
Added domain name reputation scores (from Datalake) to analysis result page
P2A v4.5 (2021-09-02)
Major fixes
Fixed an issue that displayed the file size instead of hash in web API result
Removed flash support for the P2A multi-upload page
Removed returned webserver verbose information
Fixed self-XSS on submit page
Fixed issues related to user permissions
P2A v4.4 (2021-08-26)
Analysis sharing system
Addition of a "Share" button on analysis result page allowing to generate a URL with a unique token allowing to share a private analysis with a connected user
Possibility to withdraw or regenerate the sharing token at any time
P2A v4.3 (2021-08-20)
Global improvements and important bug fixes
Fixed inetsim according to new Perl version
Fixed an issue preventing submission of URLs containing unicode characters
Deactivated experimental AI engine by default
Fixed a temporary issue that prevented analysis deletion
Overall stabilization
P2A v4.2 (2021-07-05)
Improvements of Vital submission
Replaced VITAL submission filename with its hash SHA256
Removed a debug message when submitting to VITAL
Fixed VITAL submission to adapt to the new API syntax
Several minor fixes
P2A v4.1 (2021-06-10)
Important bug fixes
Fixed a bug in PFAV and VITAL implementations that prevented getting the correct result in some cases
Fixed some unclear parts of the documentation
Fixed an issue with P2A rulesets not being updated after server reboot
Fixed several typographical
Fixed other minor bugs
Introduction of the IA detection engine
P2A v4.0 (2021-02-17)
Tor submission mode
Added a new network submission mode that allows routing network traffic through tor choosing a specific exit node country
Fixed a bug that prevented downloading files containing "%20" space character
Minor bug fixes
P2A v3.6 (2020-12-22)
Better detection and bug fixes
Bug fixes related to detection of msiexec malicious process run
Added zerologon hooks
Fixed a bug related to deactivated user accounts
Added a maintenance mode
P2A v3.5 (2020-10-14)
Vital integration and API improvements
API result improvement: added domain and IP list
VITAL results integrated in web analysis result for each memory dump
PFAV result bug fixes (csrf exempt request)
P2A v3.4 (2020-09-21)
WEB-API improvements
Addition of a "sync" parameter in the WEB API submission options (WEB API is now asynch by default)
Improved WEB API operation routes
Redesign of the WEB API documentation
Minor bug fixes
P2A v3.3 (2020-09-04)
Datalake and minor improvements
Better handling of APK files
Sending IOC of public malicious detection to Datalake
Improvements of events display (added reason)
P2A v2.1 (2020-06-23)
Better privacy settings and stability improvement
Deleted email address in web result for privacy reasons
Improved overall stability
Bug fixes in ajax return process
P2A v3.2 (2020-08-03)
Hooks management system and vulnerability fixes
Fixed CSRF vulnerability on some formulas
Fixed an issue that prevented email modification
Improved hooks management system
P2A v3.1 (2020-07-23)
Several bug fixes and adjustements
Fixed several bugs in free mode (zip upload,
Improved the waiting template
Disallowed using no vnc option with free mode
P2A v3.0 (2020-07-16)
Free mode option
Added a new submission mode: free mode (Options general tab)
Possibility to submit multiple files in a zip
Possibility to setup the virtual machine 10 minutes before analysis start
Possibility to choose which specific processes to analyze (Advanced tab)
Fixed minor bugs in introspection engine
Several front-end bug fixes leading to global stability improvement
P2A v2.0 (2020-06-16)
Simulated internet mode and improved detection
Released new network mode: simulated internet
Fixed minor bugs
Added detection process for malicious msiexec processes
Added new events in order to improve dynamic detection
Added a fake browser that triggers malware start process
P2A v1.2 (2020-04-04)
WEB-API and improved web results
Improved web analysis results
Fixed user api bugs (race condition)
Released a new API based on web endpoint (see documentation in API submenu)
Fixed other minor bugs
P2A v1.1 (2020-02-27)
Global improvements and bug fixes
Fixed display issues in event list (command_line tag)
Fixed bugs in introspection engine
Fixed word dumps issue
Added new logs for the introspection engine (new processes)
Improved documentation
P2A v1.0 (2020-01-02)
Added detection processes and stability improvement
Added a way to detect malicious programs running through msiexec client call.
Improved global stability of the platform
Several bug fixes
P2A v0.5 (2019-05-29)
Improvement of the browser support
Added a submission parameter to choose the browser between IE, Firefox and Chrome
Addition of export buttons in PNG and PDF in the results page (Analysis menu in the menu bar)
Added a password parameter to be used to decrypt the sample if it is an encrypted ZIP archive
Adding detection rules
All the added parameters can be configured in the user preferences in the "Preferences" menu
P2A v0.4 (2019-05-24)
Support of resource hooks
Addition of hooks on the windows API concerning PE resources
Improved disconnected antivirus scanning system
Fixed some web interface bugs
Adding detection rules
P2A v0.3 (2019-05-24)
Antivirus scan via PFAV added to P2A results
The memory artifacts recovered during the analysis are transferred to the anti virus of PFAV for analysis
Antivirus scans are done in offline mode, no information is transmitted to anti-virus publishers
By default only the first three memory artifacts are sent, the user can choose to send them all by clicking on the corresponding button
If the analysis is too old, the user can also choose to resubmit the dumps to benefit from signature updates
A bug has been fixed when submitting file URLs for download
Support for PPT and PPTX files has been added (launch in powerpoint)
The samples page has been updated
P2A v0.2 (2019-05-24)
New extensions support and bug fixes
HTML files are now run from the default browser. The error displayed in case of bad file extension is more intuitive.
New rulesets for several malware families
The user can now access all the files submitted through web or API in Samples pages
Bug fixes for the introspection module, the web client is more stable and displays more elements even in case of errors.
P2A v0.1 (2019-02-05)
Initial changelog
Extension support:
Microsoft Word:
hta
mshtml
Microsoft Excel:
csv
Web Interface:
Choice of virtual machine language
Displaying events by page (500/page)
All events are displayed by default
New event types: Mutex, Semaphores, NamedPipes, Events, DebugStrings, HookModifyData
Possibility to download stream.bin of the analysis
Analysis:
Improvement of the automatic mouse moving function