Milano 1.1.0 Release with Linux and Mac OSx IOC’s Now Included

As promised, we have updated Milano to version 1.1.0. This version can be obtained through our Rook Labs GitHub page, or via the Milano releases page which includes the Win32 version Milano 1.1.0 release. This new release contains an updated list of IOC’s (154 in total) specifically focusing on indicators for Linux and Mac OSx all found in the Hacking Team files. Adding to this release we have added more functionality to Milano. Users can now leverage their own OpenIOC (OpenIOC v1.0 or OpenIOC v1.1) files. We also made a few tweaks to our reporting function. Overall, our goal is to add more flexibility and ease of use. More details can be found in the README and ChangeLog.txt files (links provided below).

All of the following files are available inside of the release archives, but we are including direct links to them here for convenience:

1. Latest/updated IOC file archive: https://github.com/RookLabs/milano/blob/master/milano_iocs.tar.gz?raw=true
2. Latest/updated README.md5: https://raw.githubusercontent.com/RookLabs/milano/master/README.md
3. Latest/updated ChangeLog.txt: https://raw.githubusercontent.com/RookLabs/milano/master/ChangeLog.txt
4. All Hacking Team files found in IOC files with analysis notes: https://www.rooksecurity.com/?post_type=download&p=3181&preview=true

• A — VirusTotal (VT) identified the file as malicious
• B — An analyst has manually review and determined to be malicious
• C — Was utilized as a file in at least one of the projects
• D — Not in VT, Google, or can not determine intent

As always we appreciate all of the continuous support through comments, emails, and blog posts. The massive recognition has truly elevated this project internally and has drawn quite a bit of excitement from the team. From everyone on the Rook team, Thank You. We plan to continue on this path by providing more tools and information enabling users and teams to better protect themselves. Stay tuned, Rook has quite a bit more up our sleeves.

Change Log for Milano 1.1.0:

----------------------
| Version 1.1.0      |
| Date    07/30/2015 |
----------------------
- Updated/augmented IOC files, the result of completed Hacking Team leaked-project analysis.
- Updated IOC files include Mac and Linux based IOC's.
- Removed quick scan mode. After further research we have found Deep Scan mode to provide the most accurate results.
- Milano can now be provided custom IOC files (located under the openioc folder).
- Users are able to add their own IOCs under openioc/user-added/openioc_1.0 or openioc/user-added/openioc_1.1 (depending on the IOC file format).
- Latest IOCs always available in the milano_iocs.tar.gz archive (in the root of the repo).
- Bug fix that was preventing program completion in POSIX operating systems (related to trying to check character and block devices).
- Improved report output (now reports completion time in minutes).