In preparation to the upcoming release of Viper, in the next days I'll be previewing some of the changes and improvements as well as introduce you to the functioning of old and new modules in details.
Among other things, we improved the shell by adding better auto-completion of file paths, auto-completion of command and module names and by allowing to sequence multiple commands at once. For example in the following casts we find samples matching the "rat" tag, open the first result and try to automatically extract and decode its config.
Another interesting improvement contributed by Kevin is automated tagging of files that match all the enabled Yara signatures. Viper will tag files with the values in the Yara rule's "tags" meta field, or with the rule's name if tags are not provided. The following cast shows how this functions:
Many new Yara signatures have been created, collected from other repositories or contributed by their authors. The number of rules available now is quite high and an important work will be to sort them, rule out duplicates and create adequate tags for each rule. If you're interested in helping on this you can find us on GitHub.
This is the current changelog:
Things are changing fast, so expect it to grow soon. The development has been slowly getting through the summer, but as we get back at writing more code and hopefully involving new developers, we'll speed up the releases.
In the next posts I'll go through the details of some of the available modules so you can have a glance at the versatility and power of Viper. I encourage you to try it already for yourself, Kevin put together a good installation tutorial here.
published on 2014-08-26 15:00:00 by nex