malware-repo ============ Malware Repository Framework Official page: https://www.adlice.com/download/mrf/ ## Version 7.1 Renamed "groups" table to comply with MySQL reserved names (please launch Install script) Compatibility for MySQL 8.0 Compatibility for PHP 8.2 Fixed issue with group/ungroup Added libzip to DockerFile Small fixes ## Version 7.0 !!IMPORTANT!! Migrated to Python 3 !!IMPORTANT!! Replaced "automatic_upload" by "never_upload" in config, to avoid uploading private samples to 3rd party (see doc) Added Cron registration button Added Any.RUN feature, now can upload files and get score/report link Added version check (install page) Added dockerfile and docker-compose scripts, to easily create instance with Docker (see doc) Added samples comparison (ssdeep based) Added samples grouping Added group mention in discussions Added ability to download bulk as ZIP password protected Added per user Hybrid Analysis key (settings) Added ability for admins to create new users Fixed Hybrid Analysis score parsing ## Version 6.2 Added profile page Added per user API key for VirusTotal (user settings) Added ability to dump PE section Added ability to dump PE resource Moved PE data storage to filesystem Moved Bin2Img data storage to filesystem Added email alerts (user settings) Added email alert on new sample comment Added email alert on new discussion answer Added YED scan results (Shows matching yara rules and threat name) Added author on discussion page Added Hybrid Analysis module Added PE certificates information (serial) Added Install script and shortcut in admin panel Fixed digisig display issue Fixed comments not removed if sample removed Fixed tag link Fixed discussions sorting Fixed discussion "resolved" style Fixed permissions issues in API ## Version 6.1 Added dashboard Added deferred scanning, performed by a dedicated Cron script Added default permissions on new user Added restrictions to actions on UI side Added ability to edit display name Added discussions Added ability to edit discussion Added public discussions Added notifications (sample scanned, VT analysis complete, Cuckoo analysis complete) Added notifications for discussions (new comment on my discussion, new comment of discussion I'm following) Added "public mode" for public repositories Added UI locks, so that users won't get displayed actions they can't perform Fixed copyright year Fixed URL tracker now checks if file exists before uploading Fixed PE strings module, now lising Unicode and Ansi strings Moved sample comments to a separate tab Fixed an issue with admin pages and pagination leading to a loss of configuration Fixed sample page doesn't load same data twice on tab switching ## Version 6.0 Fixed URL duplicate issue Fixed Tags duplicate issue Added Ajax Pace everywhere (progress) Complete front-end refactoring using Ampleadmin theme Moved to datatables library Pagination refactoring Storage is now segmented this way: a/1/b/2/a1b2aaaaaaaaaaaaa, for better filesystem performances (run migrator) Replaced upload date by last seen date: uploading same file will update it and display the item at the top PHP7 support Added "analyzing..." label after all chunks are uploaded for better clarity Added search by MIME type Added search by time range Added PE Verson Info Added PE Resource icons Improved PE scan display Added removal confirmation everywhere Added remove old samples script in Cron Added ability to remove Cuckoo reports (cukoo tab) Added Cuckoo bulk submission Added VirusTotal bulk submission Added Cuckoo score Replaced comment field by a full commenting system Added URL tracker Added TrID module Added Bin2Img module ## Version 5.1 Refactored pdfdata module, moving to peepdf library (PDFData module) Added Submit PDF streams back to the repository (PDFData module) Added Download PDF streams (PDFData module) Added Define Vendors priority for VirusTotal threat name copy (VT module) Added Automatic comment on VirusTotal upload (with config) (VT module) Added Raw strings extraction (PEData) Added Choose machine when submitting to Cuckoo (Cuckoo module) Added Choose options when submitting to Cuckoo (with config) (Cuckoo module) ## Version 5.0 Complete refactoring with OOP Complete refactoring in a modular way Complete database schema refactoring (optimized for speed) Added "Refresh" button Added "Private" property, now owner/admin can lock down a sample to prevent write operations Added Imphash (PEData module) Added PDB path (PEData module) Added Office data module Added PDF data module Added digisig field into sample view Added HexView tab Added Statistics page Added Cuckoo page Changed comments font, now using Courier (fixed width font) Replaced search tab by a collapsable box Moved threat color decision to server side for better customization Fixed a bug in modal dialogs where scrollbars were not used Fixed a bug in bulk removal Fixed sporadic JS errors breaking the logic Removed Quick edit (deprecation) ## Version 4.3 Added Bulk download Added ability to disable modules Added ssdeep scan Added PE scan Added MIME type Added program icon Added avatar on sample page Added PHP7 support Added ability to edit uploader Added Cuckoo combobox as filter Replaced old editor by tinymce editor Fixed delete button Fixed Cuckoo cron Fixed VirusTotal status (added "Not Checked") Fixed Github link target Fixed responsiveness Fixed sample page title Fixed dropdown menu on mobile devices Fixed URL search Fixed Comment truncated at 65k characters Fixed favorite filter display Fixed URLs display Fixed Cuckoo link on sample page Fixed CDN links Fixed incorrect VirusTotal scan display Fixed incorrect Cuckoo scan display ## Version 4.2 Sample page Using new modular installer Changed favorite filter for a checkbox Added user rights management Now comments have a WISIWIG editor Added tooltip for bulk selection and favorite Added Github project link in the sidebar Added URLs description name Fixed Signout redirection issue Fixed bug when menu wasn't showing because of too few samples Fixed overwritting of existing sample Fixed menu not showing on IE/Chrome Fixed page scrolling on Editing/Save Fixed URLs search Fixed Comment/URLs refresh when re-opening modal editors ## Version 4.1 Added Clear filters button Performance improvments (queries optimizations) Fixed a bug preventing upload of archives Fixed a bug preventing upload of password protected archives Fixed a bug where DOCX and pseudo Zip files where extracted Fixed footer link Fixed short name with a new config field (on left panel collapsed) Fixed comment, url, tags search Added URLs filter Fixed responsiveness Fixed tooltips Added avatars in users management menus ## Version 4.0 New UI, based on AdminLTE Using more recent versions of bootstrap and Jquery ## Version 3.4 Cuckoo: Now you can rescan files Cuckoo: Fixed filename (useful for package selection) VirusTotal: Fixed filename Cuckoo: Added scan parameters in config file Fixed a bug preventing comment to be stored Fixed VirusTotal uploads with PHP 5.6+ Fixed Cuckoo uploads with PHP 5.6+ ## Version 3.3 Added URLs to API Moved sample comment in meta table (!Breaks backward compatibility!) Cuckoo: now storing only database ID instead so that all links are dynamic (!Breaks backward compatibility!) Cuckoo: removed unused report field (!Breaks backward compatibility!) Cuckoo: compatible with version 2 Cuckoo: Now able to retrieve and reference old sample reports ## Version 3.2 Added EULA Added cron for VirusTotal and Cuckoo status refresh Added URLs sample information Added ability to send comment on VirusTotal Better tags search and storage Added ZIp extraction (no password for now) Now comment is displayed/modified into a modal dialog (this allows big comments) ## Version 3.1 UI fixes UI improvements Added tags Added favorites Added more data collapsable row Moved some fields into collapsed row fixed a lot of bugs ## Version 3.0 Code reorganization, with now only one config file to change Added installer script Moved filters into a search tab UI tweaks and improvements ## Version 2.0 Yes, there's no version 1 :) Added REST API, even for the UI Added Authentication with UserCake. Every user has an API key. User can only delete/edit its own samples, unless the user is admin. Ability to send samples with REST API, an API key is needed. Now samples keep the uploader in database. Now samples have editable comment field. Comment can also be sent via API. Fixed a lot of bugs. Improved UI. Added ability to NOT automatically upload to VirusTotal Now deployment is easy with the install script ## Version 0.4 Cuckoo reports are now saved on disk, locally. So that you don't need your cuckoo machine to be up and running to view a report. All queries are now properly escaped. Added VT score filter. ## Version 0.3 Added VT re-scan button Added Cuckoo support, and cuckoo scan button + results Added pagination Fixed bugs ## Version 0.2 Added Edit button, can change vendor name Fixed VT scan when file is unknown Now files uploaded are shown first ## Version 0.1 Initial release