Last Updated: February 23, 2023

CHANGELOG

• Docker 17.09.0+ (If run on Windows, Linux mode must be enabled)
• docker-compose 1.20.1+
• Python 3.9+ (for build scripts)
• IDA Pro 8.2.2
  • libxcb-xinerama
  • libxcb-icccm
  • libxcb-image
  • libxcb-keysyms
  • libxcb-randr
  • libxcb-render-util
  • libxcb-xkb
  • libxkbcommon-x11
  • libsecret
• Hex-Rays Decompiler for x86 and x64
• Ghidra Software Engineering Suite 10.2.3
• All CT provided code
• Open source libraries:
• anytree >= 2.8.0
• asn1crypto >= 1.4.0
• bitarray >= 1.2.1
• cashaddress >= 1.0.6
• certvalidator >= 0.11
• cffi >= 1.15.0
• click >= 7.1.2
• construct 2.9.45
• DC3-MWCP == 3.10.1
• defusedxml == 0.7.1
• docstring-parser >= 0.7.3
• Dragodis == 0.7.1
• eventlet == 0.30.2
• flask ~= 2.0.0
• flask-log-request-id~=0.10.1
• future >= 0.18.2
• gunicorn ~= 20.0.4
• itsdangerous==2.0.1
• javaobj-py3==0.4.3
• js_regex
• jsbeautifier >= 1.10.3
• kordesii == 2.5.2
• lief ~= 0.10.1
• LnkParse3 >= 1.1.0
• lxml ~= 4.7.1
• msg_parser >= 1.2.0
• msoffcrypto-tool >= 4.11.0
• mutf8 == 1.0.5
• numpy >= 1.18.2
• olefile >= 0.46
• oletools ~= 0.60
• oscrypto >= 1.2.1
• pefile >= 2019.4.18
• PIL >= 7.2.0
• py7zr >= 0.9.7
• pyasn1 >= 0.4.8
• pyxlsb2 == 0.0.5
• pyasn1-modules >= 0.2.8
• pycdlib==1.13.0
• pyelftools >= 0.25
• pygments >= 2.2
• pyparsing == 2.3.0
• PyPDF2 ~=1.26.0
• pypng >= 0.0.20
• pysha3 >= 1.0
• pytest >= 3.9
• pytest-console-scripts >= 1.1.0
• python-docx ~= 0.8
• pyyaml >= 3.13
• rarfile ~= 4.0
• regex >= 2020.2.20
• Rugosa == 0.7.0
• setuptools >= 18.0
• setuptools-scm >= 6.0.1
• six >= 1.15.0
• sly >= 0.4
• tabulate >= 0.8.9
• XLMMacroDeobfuscator == 0.1.6
• xlrd2 == 1.2.6
• yara-python == 4.2.3

If the machine(s) running ACCE do not have an internet connection, an internet-connected machine must be used to build the individual Docker images (using the above requirements). Once the images have been built, they may be run on an air-gaped network. All other required software is downloaded and/or installed as part of the Docker image build process.

YARA signatures are designed to detect byte patterns within binary files for the purposes of marshalling ingested files to targeted code for the extraction of embedded components and/or configuration data. The YARA signatures are not designed for deployment to an organizations defensive products, as there is no guarantee against false-positive identifications for non-malicious content.