v3.4.1

Features:

• Added vx-underground's Virus Exchange as a new source
• Additional checks on Polyswarm and AssemblyLine responses check for the proper response.

Full Changelog: v3.3.0...v3.4.1

V3.3.0

Can now upload to an AssemblyLine instance.
Ability to hash all files in the current dir and check to see if any of them match a hash being looked for and if found, won't re-download them. Useful when using the --read flag.

v3.2.1

Features added:

• Ability to download from Assemblyline
• When downloading from Triage, sometimes the hash is contained inside a sandbox artifact. Mlget will now extract the artifact's contents and save the file being searched for and then removes the rest of the archive.

Bug Fix:

• MalwareBazaar requires a trailing slash on their API's url. This will now check if it does not exists and add it.
• --from flag for Triage now works for tr versus tg.

v3.0.1

Fix minor typos and remove AnyRun reference from the help menu as that option is not available yet.

v3.0.0

Bug Fixes:

• Malpedia works again

Features Added:

• Downloaded file is hashed and compared against the hash requested
• URLScanIO source added - 16th source queried

Breaking Changes:

• If using JoeSandbox, delete and recreate the config entries as the URL was updated to be inline with how the rest of the URLs are formatted (/v2 was moved from the code to the config)

v2.5.2 - Read option reads file from URL

Updated the --read option to now take a URL - which it will download and treat as reading a file of hashes from disk.

Examples:

mlget --read https://raw.githubusercontent.com/avast/ioc/master/OperationDragonCastling/samples.sha256

mlget --read https://raw.githubusercontent.com/eset/malware-ioc/master/mustang_panda/samples.sha256

v2.5 - FileScan.io and VxShare Added

• Added two more sources:
  • FileScanIO
  • VxShare
• Fixed a bug with the Inquest downloader.
• Fixed a bug with the UnpacMe downloader.
• Fixed a bug with the Malpedia downloader.
• Added some sanity checks when parsing an input file.

v2.4 - Unpacme + Malpedia added to source list

Added two new sources bringing the total number of sources to 13.

• Unpacme
  • Only works on sha256 hashes
• Malpedia
  • Only works on md5 and sha256 hashes

Added a version flag check.

Fixed some minor logic flaws.

v2.3.1 Bug fixes

Full Changelog: v2.2.6...v2.3.1

v2.3 - Objective-See

Added the ability to query Objective-See's malware list.

Warning: This is a hack due to the fact that:

• There is no real API (that I know of)
• The malware json list is downloaded prior to any look-ups occurring
• The SHA256 hashes are extracted from VirusTotal links inside the json file; so, can only query on SHA256 hashes. Not all of the samples have a VT link thus some will be skipped.
• The zip files contain multiple files; so, must pass the --noextraction flag in order to download the sample from Objective-See