v3.4.5

Fix to get Malware Bazaar's new auth requirement working. Plus some additional test cases.

https://bazaar.abuse.ch/api/#auth_key

v3.4.3

Bugfix

• Correctly handle Malware Bazaar API response when a sha256 hash is not found.

v3.4.2

• Corrected how Triage files are handled. The triage API may return a sample id where the hash is found in the sandbox run but the sample needs further processing to get the actual file. This behavior is expected (confirmed by the good folks at Triage). The additional processing is left to the user.
• Added support for Malware Bazaar's API key requirement
• Updated the API URL for PolySwarm (user should not need to do anything to the config/yml file)
• Updated the checks in VxShare to detect when a 500 is returned
• Updated the checks for Hybrid Analysis tell the user the hash was not found versus telling the user that a Not Authorized error occurred
• Removed the default URL for Cape Sandbox
• Added additional test cases

v3.4.1

Features:

• Added vx-underground's Virus Exchange as a new source
• Additional checks on Polyswarm and AssemblyLine responses check for the proper response.

Full Changelog: v3.3.0...v3.4.1

V3.3.0

Can now upload to an AssemblyLine instance.
Ability to hash all files in the current dir and check to see if any of them match a hash being looked for and if found, won't re-download them. Useful when using the --read flag.

v3.2.1

Features added:

• Ability to download from Assemblyline
• When downloading from Triage, sometimes the hash is contained inside a sandbox artifact. Mlget will now extract the artifact's contents and save the file being searched for and then removes the rest of the archive.

Bug Fix:

• MalwareBazaar requires a trailing slash on their API's url. This will now check if it does not exists and add it.
• --from flag for Triage now works for tr versus tg.

v3.0.1

Fix minor typos and remove AnyRun reference from the help menu as that option is not available yet.

v3.0.0

Bug Fixes:

• Malpedia works again

Features Added:

• Downloaded file is hashed and compared against the hash requested
• URLScanIO source added - 16th source queried

Breaking Changes:

• If using JoeSandbox, delete and recreate the config entries as the URL was updated to be inline with how the rest of the URLs are formatted (/v2 was moved from the code to the config)

v2.5.2 - Read option reads file from URL

Updated the --read option to now take a URL - which it will download and treat as reading a file of hashes from disk.

Examples:

mlget --read https://raw.githubusercontent.com/avast/ioc/master/OperationDragonCastling/samples.sha256

mlget --read https://raw.githubusercontent.com/eset/malware-ioc/master/mustang_panda/samples.sha256

v2.5 - FileScan.io and VxShare Added

• Added two more sources:
  • FileScanIO
  • VxShare
• Fixed a bug with the Inquest downloader.
• Fixed a bug with the UnpacMe downloader.
• Fixed a bug with the Malpedia downloader.
• Added some sanity checks when parsing an input file.