LOKI version 0.24.3

• Various bugfixes
• Python3 compatibility

LOKI version 0.24.2

• Disabled IceWater YARA rule download until yara-python supports hash.md5() again (feature is missing in yara-python-3.6.3)

LOKI version 0.24.1

• Upgraded YARA from 3.5.0 to 3.6.2

The upgrade provides full support for PE module features used in LOKI's 'signature-base'.

Issues: with "pe.imphash"

LOKI version 0.24.0

• Integration of IceWater's public YARA signatures to improve the coverage of common malware families
• Showing 'references' in YARA rule matches

LOKI version 0.23.3

• Bugfix: Unicode filename passed to YARA matching as external variable

LOKI version 0.23.2

• Bugfix in filename parameter that is used in YARA matching

LOKI version 0.23.1

• Bugfix: Removed predefined string excludes

LOKI version 0.23.0

• Feature: Remote syslog logging feature (-r syslogserver)
• Feature: Statistical script analysis to detect obfuscated code (--scriptanalysis)
• Change: Reduced 'Warning' level score from 70 to 60

Send LOKI's logs to a remote syslog server (e.g. Splunk)

Script analysis (first POC; optional)

LOKI version 0.22.1

• Making Double Pulsar rootkit check optional (--rootkit) due to issue with Symantec Endpoint Protection

LOKI version 0.22.0

• Platform dependant line separator in log files (\r\n on Windows, \n on other platforms)
• System name in default log file (e.g. loki-WORKSTATION1.log)
• Bugfix: unicode characters in OSError messages during directory walk