Softpedia >Linux >Linux Distributions >REMnux >  Changelog

REMnux Changelog

What's new in REMnux 6.0

Jun 8, 2015
  • I’m excited to announce the v6 release of the REMnux distro, which helps analysts examine malware using free utilities in a Linux environment. REMnux v6 updates the tools that were present in the earlier revisions of the distro and introduces several new ones. Moreover, it implements major architectural changes behind the scenes to allow REMnux users to easily apply future updates without having to download the full REMnux environment from scratch.
  • Get REMnux v6:
  • The simplest way to get the latest REMnux distribution is to download its virtual appliance OVA file, then import it into your favorite virtualization application such as VMware Workstation and VirtualBox. After starting the imported virtual machine, run the “update-remnux full” command to update its software. For detailed instructions, please see REMnux installation instructions.
  • Alternatively, you can add the REMnux distro to an existing physical or virtual system that’s running a compatible version of Ubuntu, including SIFT Workstation. You can accomplish this by running the REMnux installation script as explained in the documentation.
  • After installing REMnux v6, you’ll be able to get updates by running the “update-remnux” command. Follow REMnux accounts on Twitter, Facebook and Google Plus to receive notifications when its malware analysis packages are updated or when new ones are added to the toolkit.
  • Tools Added to REMnux v6:
  • REMnux v6 includes the following tools that have not been a part of the distribution in earlier releases.
  • pedump, readpe.py: Statically examine properties of a Windows PE file
  • virustotal-tools: Interact with the VirusTotal database from the command-line
  • Nginx: Web server, which replaces Tiny HTTPD that was present on REMnux earlier
  • VolDiff: Compare memory forensics images to spot changes using Volatility
  • Rule Editor: Edit IOC Yara, Snort and OpenIOC rules, replacing its precursor Yara Editor
  • Rekall: Memory forensics tool and framework
  • m2elf: Create an ELF binary file out of shellcode
  • Yara Rules: Signatures for spotting malicious characteristics in files
  • OfficeDissector MASTIFF plugins: Examine Microsoft Office XML-based files using MASTIFF
  • Docker: Run applications as isolated containers on the local host
  • AndroGuard: Analyze suspicious Android applications
  • vtTool: Determine the specimen’s malware family name by querying VirusTotal
  • oletools, libolecf: Analyze Microsoft Office OLE2 files
  • tcpflow: Examine network traffic and carve PCAP capture files
  • passive.py: Perform passive DNS lookups using the pdns library
  • CapTipper: Examine network traffic and carve PCAP capture files
  • oledump: Examine suspicious Microsoft Office files
  • CFR: Decompile suspicious Java class files
  • update-remnux: Update the distro, upgrading its software and installing newly-added tools
  • REMnux v6 also includes the following libraries, which software developers can use for building new malware analysis tools and tasks.
  • IOC Writer: Python library for creating and editing OpenIOC objects
  • Cybox: Python library for parsing, manipulating, and generating CybOX content
  • diStorm3, Capstone: Python libraries for disassembling binary files
  • pylibemu: Python library for accessing libemu shellcode emulation functionality
  • Yara Library: Python library to identify and classify malware samples
  • olefile: Python library to read/write Microsoft Office OLE2 files
  • PyV8: Python wrapper library for the V8 JavaScript engine
  • pyssdeep: Python wrapper library for the ssdeep fuzzy hashing tool
  • pyexiftool: Python wrapper library for the ExifTool
  • OfficeDissector: Python library to suspicious Microsoft Office XML-based files
  • pdns: Python library for performing passive DNS lookups
  • Javassist: Java library that assists with examining Java bytecode
  • For a listing of the malware analysis utilities available on REMnux, see its documentation site, which includes a spreadsheet and a mind map of the tools and offers some usage tips.
  • Updated REMnux Architecture:
  • A major goal of the v6 release of REMnux, beyond upgrading and expanding the tool set, is to modernize the distro’s foundation while retaining the familiar look and feel. People familiar with the earlier REMnux releases should be able to use the environment without having to adjust their habits. Most importantly, REMnux v6 users can receive future updates to the distro using the “update-remnux” script without having download a whole new virtual machine to perform upgrades.
  • To accomplish these objectives, REMnux v6 is based on Ubuntu 14.04 64-bit. It’s a popular and stable OS that will be around for a while, because it’s a Long Term Support (LTS) release. Also, REMnux now relies heavily on Debian packages hosted in its repository to facilitate convenient updates.
  • As the result, REMnux can be installed on any new or existing system running Ubuntu 14.04 64-bit, regardless whether it’s a physical or virtual machine. This release is designed to be compatible with SIFT Workstation, so that people can install both distributions onto the same system, if they wish.

New in REMnux 4.0 (Apr 24, 2013)

  • Key updates to existing tools and components:
  • Core system: Upgraded the underlying Ubuntu OS components and packages; increased default RAM of the virtual appliance to 512MB; replaced OpenJDK with Oracle Java 7 runtime.
  • Memory analysis: Updated Volatility to version 2.2.
  • PDF analysis: Updated pdfid and pdf-parser, Origami, peepdf
  • Web analysis: Updated SWFTools, V8, libemu, NetworkMiner, Burp Proxy, Wireshark, Firefox and its add-ons.
  • Other changes: Updated xorsearch, DensityScout, Pyew, passive-dns, ClamAV, capabilities.yara; replaced FreeMind with XMind
  • New tools added to REMnux:
  • Windows tools: Installed Wine; added OfficeMalScanner, Malzilla
  • XOR analysis: Added NoMoreXOR, brutexor, XORBruteForcer
  • PE file analysis: Added pev, dism-this, ExeScan, udis86 (udcli), autorule (/usr/local/autorule), distool
  • Other file analysis: Added extract_swf.py, ExifTool, MASTIFF
  • Other additions: Added hack-functions (/usr/local/hack-functions), bulk_extractor, ProcDot

New in REMnux 3.0 (Dec 16, 2011)

  • REMnux was rebuilt to be based on Ubuntu 11.10 to improve maintainability, while maintaining backwards compatibility wherever practical.
  • The desktop environment on REMnux has been migrated to use LXDE for improved usability, while maintaining the lightweight nature of the distribution.
  • The malware analysis tools available in the earlier version of REMnux have been upgraded to the latest stable versions to provide the latest features and improvements. The most significant updates include:
  • Volatility Framework 2.0 for memory forensics with the latest malware and timeliner modules
  • Origami Framework 1.2.3 for PDF analysis, including pdfcop, pdfextract, pdfwalker, pdfsh, etc.
  • REMnux includes several malware analysis tools that were not present in earlier versions of the distribution, including:
  • Network analysis: NetworkMiner, ngrep, pdnstool
  • PDF analysis: PDF X-Ray Lite (pdfxray_lite and swf_mastah), peepdf
  • JavaScript analysis: Chrome JavaScript engine (d8), js-beautify
  • Examining files: Hachoir (hachoir-subfile, hachoir-metadata, hachoir-urwid), pyew, densityscout, findaes
  • Other: jd-gui, xxxswf.py, freemind, xpdf, xortool