bumped version to 0.56.2

decalage2 · May 7, 2021 · 1b33934 · 1b33934
1 parent a1f5b28
commit 1b33934
Show file tree

Hide file tree

Showing 9 changed files with 70 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -26,6 +26,18 @@ Note: python-oletools is not related to OLETools published by BeCubed Software.
 News
 ----
 
+- **2021-05-07 v0.56.2**:
+    - olevba:
+        - updated plugin_biff to v0.0.22 to fix a bug (issues #647, #674)
+    - olevba, mraptor:
+        - added detection of Workbook_BeforeClose (issue #518)
+    - rtfobj:
+        - fixed bug when OLE package class name ends with null characters (issue #507, PR #648)
+    - oleid:
+        - fixed bug in check_excel (issue #584, PR #585)
+    - clsid:
+        - added several CLSIDs related to MS Office click-to-run issue CVE-2021-27058
+        - added checks to ensure that all CLSIDs are uppercase (PR #678) 
 - **2021-04-02 v0.56.1**:
     - olevba:
         - fixed bug when parsing some malformed files (issue #629)

diff --git a/oletools/README.html b/oletools/README.html
@@ -23,6 +23,30 @@ <h1 id="python-oletools">python-oletools</h1>
 <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p>
 <h2 id="news">News</h2>
 <ul>
+<li><strong>2021-05-07 v0.56.2</strong>:
+<ul>
+<li>olevba:
+<ul>
+<li>updated plugin_biff to v0.0.22 to fix a bug (issues #647, #674)</li>
+</ul></li>
+<li>olevba, mraptor:
+<ul>
+<li>added detection of Workbook_BeforeClose (issue #518)</li>
+</ul></li>
+<li>rtfobj:
+<ul>
+<li>fixed bug when OLE package class name ends with null characters (issue #507, PR #648)</li>
+</ul></li>
+<li>oleid:
+<ul>
+<li>fixed bug in check_excel (issue #584, PR #585)</li>
+</ul></li>
+<li>clsid:
+<ul>
+<li>added several CLSIDs related to MS Office click-to-run issue CVE-2021-27058</li>
+<li>added checks to ensure that all CLSIDs are uppercase (PR #678)</li>
+</ul></li>
+</ul></li>
 <li><strong>2021-04-02 v0.56.1</strong>:
 <ul>
 <li>olevba:
@@ -106,7 +130,7 @@ <h3 id="tools-to-analyze-the-structure-of-ole-files">Tools to analyze the struct
 <li><a href="https://github.com/decalage2/oletools/wiki/olemap">olemap</a>: to display a map of all the sectors in an OLE file.</li>
 </ul>
 <h2 id="projects-using-oletools">Projects using oletools:</h2>
-<p>oletools are used by a number of projects and online malware analysis services, including <a href="https://github.com/IntegralDefense/ACE">ACE</a>, <a href="https://sandbox.anlyz.io/">Anlyz.io</a>, <a href="https://www.cse-cst.gc.ca/en/assemblyline">AssemblyLine</a>, <a href="https://github.com/ctxis/CAPE">CAPE</a>, <a href="https://cincan.io">CinCan</a>, <a href="https://github.com/cuckoosandbox/cuckoo">Cuckoo Sandbox</a>, <a href="https://github.com/cryps1s/DARKSURGEON">DARKSURGEON</a>, <a href="https://sandbox.deepviz.com/">Deepviz</a>, <a href="https://diario.elevenpaths.com/">DIARIO</a>, <a href="https://dridex.malwareconfig.com">dridex.malwareconfig.com</a>, <a href="https://github.com/ninoseki/eml_analyzer">EML Analyzer</a>, <a href="https://certsocietegenerale.github.io/fame/">FAME</a>, <a href="https://github.com/fireeye/flare-vm">FLARE-VM</a>, <a href="https://www.hybrid-analysis.com/">Hybrid-analysis.com</a>, <a href="https://github.com/certego/IntelOwl">IntelOwl</a>, <a href="https://www.document-analyzer.net/">Joe Sandbox</a>, <a href="https://github.com/lmco/laikaboss">Laika BOSS</a>, <a href="https://github.com/sbidy/MacroMilter">MacroMilter</a>, <a href="https://mailcow.email/">mailcow</a>, <a href="https://malshare.io">malshare.io</a>, <a href="https://github.com/Tigzy/malware-repo">malware-repo</a>, <a href="https://www.adlice.com/download/mrf/">Malware Repository Framework (MRF)</a>, <a href="https://bazaar.abuse.ch/">MalwareBazaar</a>, <a href="https://github.com/HeinleinSupport/olefy">olefy</a>, <a href="https://github.com/scVENUS/PeekabooAV">PeekabooAV</a>, <a href="https://github.com/bontchev/pcodedmp">pcodedmp</a>, <a href="https://github.com/CIRCL/PyCIRCLean">PyCIRCLean</a>, <a href="https://remnux.org/">REMnux</a>, <a href="https://github.com/countercept/snake">Snake</a>, <a href="https://app.sndbox.com">SNDBOX</a>, <a href="https://github.com/ldbo/SpuriousEmu">SpuriousEmu</a>, <a href="https://github.com/target/strelka">Strelka</a>, <a href="https://stoq.punchcyber.com/">stoQ</a>, <a href="https://github.com/TheHive-Project/Cortex-Analyzers">TheHive/Cortex</a>, <a href="https://tsurugi-linux.org/">TSUGURI Linux</a>, <a href="https://github.com/MalwareCantFly/Vba2Graph">Vba2Graph</a>, <a href="http://viper.li/">Viper</a>, <a href="https://github.com/decalage2/ViperMonkey">ViperMonkey</a>, <a href="https://yomi.yoroi.company">YOMI</a>, and probably <a href="https://www.virustotal.com">VirusTotal</a>. And quite a few <a href="https://github.com/search?q=oletools&amp;type=Repositories">other projects on GitHub</a>. (Please <a href="(http://decalage.info/contact)">contact me</a> if you have or know a project using oletools)</p>
+<p>oletools are used by a number of projects and online malware analysis services, including <a href="https://github.com/IntegralDefense/ACE">ACE</a>, <a href="https://sandbox.anlyz.io/">Anlyz.io</a>, <a href="https://www.cse-cst.gc.ca/en/assemblyline">AssemblyLine</a>, <a href="https://github.com/ctxis/CAPE">CAPE</a>, <a href="https://cincan.io">CinCan</a>, <a href="https://github.com/cuckoosandbox/cuckoo">Cuckoo Sandbox</a>, <a href="https://github.com/cryps1s/DARKSURGEON">DARKSURGEON</a>, <a href="https://sandbox.deepviz.com/">Deepviz</a>, <a href="https://diario.elevenpaths.com/">DIARIO</a>, <a href="https://dridex.malwareconfig.com">dridex.malwareconfig.com</a>, <a href="https://github.com/ninoseki/eml_analyzer">EML Analyzer</a>, <a href="https://certsocietegenerale.github.io/fame/">FAME</a>, <a href="https://github.com/fireeye/flare-vm">FLARE-VM</a>, <a href="https://www.hybrid-analysis.com/">Hybrid-analysis.com</a>, <a href="https://github.com/certego/IntelOwl">IntelOwl</a>, <a href="https://www.document-analyzer.net/">Joe Sandbox</a>, <a href="https://github.com/lmco/laikaboss">Laika BOSS</a>, <a href="https://github.com/sbidy/MacroMilter">MacroMilter</a>, <a href="https://mailcow.email/">mailcow</a>, <a href="https://malshare.io">malshare.io</a>, <a href="https://github.com/Tigzy/malware-repo">malware-repo</a>, <a href="https://www.adlice.com/download/mrf/">Malware Repository Framework (MRF)</a>, <a href="https://bazaar.abuse.ch/">MalwareBazaar</a>, <a href="https://github.com/HeinleinSupport/olefy">olefy</a>, <a href="https://github.com/scVENUS/PeekabooAV">PeekabooAV</a>, <a href="https://github.com/bontchev/pcodedmp">pcodedmp</a>, <a href="https://github.com/CIRCL/PyCIRCLean">PyCIRCLean</a>, <a href="https://remnux.org/">REMnux</a>, <a href="https://github.com/countercept/snake">Snake</a>, <a href="https://app.sndbox.com">SNDBOX</a>, <a href="https://splunkbase.splunk.com/app/5365/">Splunk add-on for MS O365 Email</a>, <a href="https://github.com/ldbo/SpuriousEmu">SpuriousEmu</a>, <a href="https://github.com/target/strelka">Strelka</a>, <a href="https://stoq.punchcyber.com/">stoQ</a>, <a href="https://github.com/TheHive-Project/Cortex-Analyzers">TheHive/Cortex</a>, <a href="https://tsurugi-linux.org/">TSUGURI Linux</a>, <a href="https://github.com/MalwareCantFly/Vba2Graph">Vba2Graph</a>, <a href="http://viper.li/">Viper</a>, <a href="https://github.com/decalage2/ViperMonkey">ViperMonkey</a>, <a href="https://yomi.yoroi.company">YOMI</a>, and probably <a href="https://www.virustotal.com">VirusTotal</a>. And quite a few <a href="https://github.com/search?q=oletools&amp;type=Repositories">other projects on GitHub</a>. (Please <a href="(http://decalage.info/contact)">contact me</a> if you have or know a project using oletools)</p>
 <h2 id="download-and-install">Download and Install:</h2>
 <p>The recommended way to download and install/update the <strong>latest stable release</strong> of oletools is to use <a href="https://pip.pypa.io/en/stable/installing/">pip</a>:</p>
 <ul>

diff --git a/oletools/README.rst b/oletools/README.rst
@@ -29,6 +29,31 @@ Software.
 News
 ----
 
+-  **2021-05-07 v0.56.2**:
+
+   -  olevba:
+
+      -  updated plugin_biff to v0.0.22 to fix a bug (issues #647, #674)
+
+   -  olevba, mraptor:
+
+      -  added detection of Workbook_BeforeClose (issue #518)
+
+   -  rtfobj:
+
+      -  fixed bug when OLE package class name ends with null characters
+         (issue #507, PR #648)
+
+   -  oleid:
+
+      -  fixed bug in check_excel (issue #584, PR #585)
+
+   -  clsid:
+
+      -  added several CLSIDs related to MS Office click-to-run issue
+         CVE-2021-27058
+      -  added checks to ensure that all CLSIDs are uppercase (PR #678)
+
 -  **2021-04-02 v0.56.1**:
 
    -  olevba:
@@ -182,7 +207,8 @@ Repository Framework (MRF) <https://www.adlice.com/download/mrf/>`__,
 `PyCIRCLean <https://github.com/CIRCL/PyCIRCLean>`__,
 `REMnux <https://remnux.org/>`__,
 `Snake <https://github.com/countercept/snake>`__,
-`SNDBOX <https://app.sndbox.com>`__,
+`SNDBOX <https://app.sndbox.com>`__, `Splunk add-on for MS O365
+Email <https://splunkbase.splunk.com/app/5365/>`__,
 `SpuriousEmu <https://github.com/ldbo/SpuriousEmu>`__,
 `Strelka <https://github.com/target/strelka>`__,
 `stoQ <https://stoq.punchcyber.com/>`__,

diff --git a/oletools/common/clsid.py b/oletools/common/clsid.py
@@ -43,7 +43,7 @@
 # 2018-04-18       PL: - added known-bad CLSIDs from Cuckoo sandbox (issue #290)
 # 2018-05-08       PL: - added more CLSIDs (issues #299, #304), merged and sorted
 
-__version__ = '0.56'
+__version__ = '0.56.2'
 
 
 # REFERENCES:

diff --git a/oletools/mraptor.py b/oletools/mraptor.py
@@ -63,7 +63,7 @@
 # 2020-04-20 v0.56 PL: - added keywords RUN and CALL for XLM macros (issue #562)
 # 2021-04-14       PL: - added Workbook_BeforeClose (issue #518)
 
-__version__ = '0.56.2.dev1'
+__version__ = '0.56.2'
 
 #------------------------------------------------------------------------------
 # TODO:

diff --git a/oletools/oleid.py b/oletools/oleid.py
@@ -60,7 +60,7 @@
 #                        improve encryption detection for ppt
 # 2021-05-07 v0.56.2 MN: - fixed bug in check_excel (issue #584, PR #585)
 
-__version__ = '0.56.2.dev3'
+__version__ = '0.56.2'
 
 
 #------------------------------------------------------------------------------

diff --git a/oletools/olevba.py b/oletools/olevba.py
@@ -235,7 +235,7 @@
 #                        for issue #619)
 # 2021-04-14       PL: - added detection of Workbook_BeforeClose (issue #518)
 
-__version__ = '0.56.2.dev2'
+__version__ = '0.56.2'
 
 #------------------------------------------------------------------------------
 # TODO:

diff --git a/oletools/rtfobj.py b/oletools/rtfobj.py
@@ -95,7 +95,7 @@
 # 2021-05-06 v0.56.2 DD: - fixed bug when OLE package class name ends with null
 #                          characters (issue #507, PR #648)
 
-__version__ = '0.56.2.dev3'
+__version__ = '0.56.2'
 
 # ------------------------------------------------------------------------------
 # TODO:

diff --git a/setup.py b/setup.py
@@ -52,7 +52,7 @@
 #--- METADATA -----------------------------------------------------------------
 
 name         = "oletools"
-version      = '0.56.2.dev3'
+version      = '0.56.2'
 desc         = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
 long_desc    = open('oletools/README.rst').read()
 author       = "Philippe Lagadec"