Neo23x0 Loki Versions Save

• PE-Sieve upgraded to fixed version 0.3.6

• fix: since we're still using the stable old version of PE-Sieve, the JSON structure change had to be reverted
• fix: string match display broke with yara-python upgrade (new structure)

• first release in which loki.exe and loki-upgrader.exe are a x64 binaries (better in-memory detection, changes in how SysWow64 / Sysnative gets processed etc.)
• end of x86 support / no pre-build executables anymore (the last 32bit version is LOKI version 0.46.2)
• fix: aligned with new PE-Sieve JSON output structure

• LAST 32bit version of the LOKI Windows binary
• fix: downgrading PE-Sieve to version 0.3.4 due to stability issues

• change wording when hash score is low ("Malware Hash" to "Suspicious Hash")

• package upgrades
• support for new hash IOC format (2nd column contains score)
• PE-Sieve upgrade

the new hash IOC format, which we're using in THOR for quite some time (with an optional 2nd column), allows us to set a score for hash IOCs, e.g. this new hash IOC list for malicious/vulnerable drivers from LOLDrivers project

• build with YARA 4.1.3
• PESieve update to v0.3.4

• fix: comparison issue
• fix: custom IOC initialisation issue
• fix: allow different python version

• workaround for "owner" field supported in THOR only

• new command line flags --allhds and --alldrives allow scanning all local hard drives or all drives in general including removable drives and network drives
• You can use --force to force scan a directory that has been excluded by default (e.g. /dev, /media, /mnt etc.)
• The usage description in the README has been updated