Update

• Updated formbookscan config pattern
• Updated datper yara rule
• Updated Emotet yara rule
• Updated ursnifscan typo

New

• Added support Linux memory scan (linux_malconfscan)
• Added module for AsyncRat
• Added module for ELF PLEAD
• Added module for wellmess (win and linux)

Update

• Updated Agenttesla yara rule
• Updated support for old QuasarRAT

Update

• Updated AgentTesla Yara rule
• Updated Emotet Yara rule
• Updated Remcos module and Yara rule

Update

• Added support for new types of AgentTesla
• Added support for new type of Ursnif

Bug fix

• Fixed an issue that caused an error when analyzing cobaltstrikescan access type

Update

• Updated PlugX Yara rule
• Updated TSCookie config pattern rule
• Updated QuasarRAT scan module

New

• Added x64 support to malstrscan
• Added support for Njrat
• Added support for TrickBot
• Added support for Remcos
• Added support for QuasarRAT
• Added support for static configuration type Ursnif
• Added support for new types of TSCookie
• Added new function in emotetscan

Update

• Updated Ursnif yara rule
• Updated nanocorescan pattern rule
• Updated version info of PlugX configuration data

Bug fix

• Fixed an issue of emotetscan function
• Fixed bug that cannot do rescan with ursnifscan
• Fixed a bug that ursnifscan can not parse data without PE header
• Fixed a bug that quasarscan fails to decode config
• Fixed a bug where datperscan did not successful termination when config decoding failed

First released version.