                                  CHANGELOG

Cuckoo Sandbox 1.0 (2014-01-09)
===============================

* Introduced Auxiliary modules
* Added option to set sniffing interface for each virtual machine
* Added option to set snapshot for each virtual machine
* Added pagination to API
* Added option to REST API to return compressed archives of files ("all" and "dropped")
* Added option to set Result Server IP and port for each virtual machine
* Added processing module for volatility to analyze memory dumps, disabled by default
* Added new "reported" status for analysis tasks
* Added automated rescheduling of locked tasks at startup
* Added tags to machines
* Added reduced behavioral events
* Added new Django/Mongo-powered web interface
* Added Windows analyzer auxiliary module to disguise the analysis environment
* Added VBS, CPL and RTF analysis package
* Added generic analysis package to execute samples via cmd.exe
* Added MAEC 4.0.1 reporting module
* Added filter for private networks in Network Analysis processing module
* Added max_analysis_count to cuckoo.conf to automatically shutdown Cuckoo
* Added check for available disk space
* Added support for BSON logging format
* Added option to specify a custom DLL to the analyzer and the analysis packages
* Added ICMP protocol dissection
* Added ESX Virtual Machine Manager
* Slightly improved CuckooMon's stealthiness and stability
* Refactored processing to improve performances
* Refactored signature engine, introducing event-based signatures to improve performances
* Refactored generation of process tree
* Transitioned network sniffer to auxiliary module
* Renamed MachineManagers to Machinery modules
* Renamed Metadata to MMDef reporting module
* Fixed virtual machine clock, now is updated to current time or specified by user via --clock option
* Fixed bug in Human auxiliary module, now moving cursor to absolute positions
* Fixed issue in Human auxiliary module, using SetCursorPos instead of mouse_event
* Fixed issues with resolving relative filenames in CuckooMon
* Removed support for GrayLog2
* Removed pickle reporting module
* Removed MAEC 1.1 reporting module

Cuckoo Sandbox 0.6 (2013-04-15)
===============================

* Added procmemdump option to all analysis packages
* Added randomization of folders and pipes in the analysis machines
* Added checks to block injection of Cuckoo's agent and analyzer
* Added configuration file for processing modules
* Added result server to collect logs, files, screenshots and all results in real-time
* Added option for enabling/disabling generation of CSV logs
* Added REST API function to delete analysis task
* Added matching of Yara signatures against dropped files
* Added default fail-over on "exe" package if can't automatically identify the correct one
* Added password option to zip package
* Improved human auxiliary module
* Improved Sleep() bypass
* Improved dump of dropped files by tracking writing operations
* Improved creation of screenshots by calculating a diff threshold
* Fixed memory error issues
* Fixed bugs in analysis procedure logic and in deletion of original files
* Fixed bugs in MongoDB reporting module
* Fixed bugs in HTML reporting module
* Fixed bugs in VirusTotal processing module
* Fixed bug in handling GetLastError() result
* Fixed bug in network traffic capture
* Fixed bug in submission and creation of tasks in the database
* Removed hooks for NtOpenProcess, NtClose, NtAllocateVirtualMemory and VirtualFreeEx because of stability issues

Cuckoo Sandbox 0.5 (2012-12-20)
===============================

* Added native support for URL analysis
* Added full memory dump of the virtual machine
* Added base class for libvirt machine managers
* Added auxiliary modules for Windows analyzer
* Added Jar analysis package
* Added Java Applet analysis package
* Added Zip analysis package
* Added option to enforce full timeout execution
* Added support for Graylog2 logging
* Transitioned internal database to SQLAlchemy
* Added logging of analysis errors into the database
* Added logging of guest executions into the database
* Added logging of active analysis machines into the database
* Added logging of details of submitted samples into the database
* Added functionality for automatic version lookup to get notified of available updates
* Added possibility to order processing and reporting modules
* Added extraction of strings from analyzed binaries
* Added Yara signature with indicators of possible virtualization-aware samples
* Added dissection of intercepted SMTP traffic
* Added a REST API server to interact with Cuckoo
* Added user interaction emulation (clicking dialogs buttons and mouse movements)
* Added support for Windows 7 execution
* Added support for dumping queried and modified registry data
* Added more functions to be hooked and logged
* Added simple functionality to omit injection into Cuckoo processes
* Added support for dumping files with relative paths
* Added shared VirusTotal API key
* Introduced fairly smart way of skipping Sleep calls
* Unified utility for results processing and reports generation
* Improved analysis process logic
* Improved automatic analysis package selection
* Improved process injection and process following
* Improved dumping of modified files
* Improved logging to reduce the amount of useless entries
* Improved unicode support
* Improved management of analysis machines parallel execution
* Improved internal management of plugins and modules
* Improved dissection of intercepted DNS traffic
* Fixed bugs in connection with the agent
* Fixed some issues in dumping dropped files
* Fixed bug in termination of tcpdump processes
* Fixed bugs in MongoDB reporting module
* Fixed issues with internal DNS resolution

Cuckoo Sandbox 0.4.2 (2012-09-08)
=================================

* Added support for VMWare Workstation
* Added VirtualBox status change monitor and option "timeout" to virtualbox.conf
* Added log file processing size limit and option "analysis_size_limit" to cuckoo.conf
* Added directory submission to submit.py utility
* Added community.py utility to sync custom modules from the community repository
* Fixed missing critical_timeout implementation
* Fixed delete_original race condition
* Fixed some bugs in virtual machine management
* Fixed submission with relative path
* Fixed UTF-8 chars handling in analysis.log
* Fixed race conditions in Windows analyzer
* Some minor fixes

Cuckoo Sandbox 0.4.1 (2012-08-09)
=================================

* Added Yara signatures to HTML report
* Replaced pyssdeep with pydeep
* Added support for signatures' version requirements
* Added unit tests
* Fixed delete_original race condition
* Fixed reconstruction of registry keys
* Fixed logging in cuckoomon
* Improved exception handling

Cuckoo Sandbox 0.4 (2012-07-24)
===============================

* Completely re-engineered the code base
* Replaced hooking mechanism and DLL with new, more solid code
* Removed dependency from VirtualBox
* Added support for KVM
* Introduced XMLRPC-based agent that handles the data exchange between host and guests
* Refactored the project structure
* Removed processor.py script
* Introduced support for multiple platforms and multiple analyzers
* Introduced support for custom virtualization modules
* Introduced support for custom post-analysis processing modules
* Introduced support for custom behavioral signatures
* Added VirusTotal support
* Added Yara support
* Added MongoDB reporting module
* Added HPFeeds reporting module
* Refactored Windows analyzer
* Refactored the analysis packages structure
* Introduced support for analysis packages' options
* Refactored Windows analyzer's API functions
* Introduced process memory dump support
* Introduced support for QueueUserAPC injection

Cuckoo Sandbox 0.3.2 (2012-02-04)
=================================

* Introduced MAEC analysis report.
* Introduced MAEC metadata report.
* Introduced Python pickled report.
* Added base64 encoded screenshots to CuckooDict.
* Added screenshots to HTML report.
* Added static analysis Python modules.
* Added static analysis to HTML report.
* Added list of unique involved hosts to HTML report.
* Added forced restore of snapshot at startup before checking if a virtual machine is in a valid state.
* Added forced restore of snapshots at Cuckoo's termination.
* Improved logging capabilities.
* Added invocation of processor.py also at analysis failures.
* Added IPv6 support to PCAP processing.
* Added option to delete original files after submission.
* Added folder for additional files and data to drop.
* Added API category and parent ID to raw behavioral logs entries.
* Removed distorm3.dll as a system dependency.
* Fixed issue with dumped files' names.
* Fixed bug in web server's search functionality.
* Fixed generation of analysis duration time and timestamps.
* Fixed bug in acquisition of a user-specified virtual machine.
* Fixed PHP analysis package.
* Fixed processing of screenshots and refactored their file names to a 3 digit format.
* Fixed bugs on encoding special characters in analysis data and network packets.
* Decreased default analysis timeout.
* Removed instructions trace functionalities and analysis package.

Cuckoo Sandbox 0.3.1 (2011-12-28)
=================================

* Reintroduced an older version of cmonitor, in order to address troubles encountered in 0.3 release.
* Fixed a bug in files dump caused by invalid/not regular files such as named pipes.
* Disabled suspended mode in browsers' packages.

Cuckoo Sandbox 0.3 (2011-12-27)
===============================

* Introduced minimal web server with web interface to browse through the analysis reports.
* Added a reporting engine, configurable via reporting.conf, which supports reporting modules.
* Added HTML report.
* Added TXT report.
* Added JSON data export.
* Introduced support to URL submission.
* Added possibility to specify on which virtual machine run the analysis.
* Added database interaction functions to search analysis by MD5.
* Introduced DLL analysis package.
* Introduced assembly instructions trace analysis package.
* Added MD5 filtering of dropped files.
* Added libmagic bindings to identify file types.
* Added pydoc comments to all sources.
* Added CRC32 hash.
* Added ssdeep hash.
* Added process tree generation class.
* Added UDP connections extraction.
* Distorm3 built-in into cmonitor
* Fixed cmonitor.
* Fixed chook.
* Migrated Cuckoo to Python's logging library.
* Improved Cuckoo User Guide.
* Added changelog file.
* Some minor fixes.

Cuckoo Sandbox 0.2 (2011-11-02)
===============================

First stable release, completely refactored.

Cuckoo Sandbox 0.1 beta (2011-02-05)
====================================

First public beta release.
