We are thrilled to announce the launch of MetaDefender Sandbox v1.9.2, a substantial update that furthers our commitment to advanced cybersecurity. This release encompasses several high-level enhancements, each comprising specific technical improvements designed to strengthen your security posture.
Enhanced Threat Detection and Analysis
In this release, we've focused on enhancing the capability of MetaDefender Sandbox to detect and analyze sophisticated threats:
- Advanced indicators for Windows APIs.
- Flagging for LSASS dump using minidump.
- Expanded malware configuration extractors.
- Improved detection of dynamic syscalls using the HellsGate bypass technique.
Expanded File Analysis Capabilities
Understanding the need for comprehensive file analysis, we've introduced new parsers and improved existing ones:
- Parser for Debian packages.
- Extraction of remote templates in MS Office documents.
- UTF-8 parsing improvements in content parsers, specifically for HTML & OLE files.
Enhanced Email Security
Recognizing the rise in email-based threats, we've bolstered our detection mechanisms:
- Enhanced Quishing and Phishing email detection.
Improved Emulation and Performance
To keep pace with complex scripts and file types, we've upgraded our emulation capabilities and performance handling:
- Enhanced capabilities for Batch, CSV, HTA, JavaScript, LNK, PowerShell, VBA, and VBScript emulation.
- Fine-tuned timeout handling for optimized performance.
System and Application Stability
Ensuring a stable and secure application environment has been a key focus
- Enhanced Application Security measures, particularly for PowerShell emulation.
- Resolved file scanning issues and fixed incomplete invitation URLs in User Management.
- Improved stability of concurrent OSINT lookup tasks.
Improved Traceability and Reporting
To assist in detailed analysis and tracking, we've enhanced our logging and reporting features
- Extended log messages for better traceability.
- Fixed the MISP format when exporting scan reports.
The Latest Report
From a phishing email to data exfiltration. Here you can see how MetaDefender Sandbox manages obfuscation and two encryption layers until it reaches valuable IOCs. In this campaign, phishing emails containing an Office document are sent to the victims.
This document has a malicious macro which decrypts a second layer JavaScript. Then, it decrypts an additional JavaScript that contains the malicious capabilities and C2 information. This final payload has capabilities to profile the victim, gain persistence and exfiltrate data to the C2 system. This case shows how MetaDefender Sandbox and its emulation system can effectively adapt themselves to the polymorphic nature of obfuscation techniques used in this phishing campaign.
Closing Thoughts
MetaDefender Sandbox v1.9.2 is more than an update; it's a testament to our dedication to staying ahead in the cybersecurity arena. We invite you to explore these enhancements and experience how they can fortify your defenses against the latest threats.
The rebranding from OPSWAT Filescan Sandbox to MetaDefender Sandbox does not impact your licensing or the functionality of the product. It is simply a change in name, reflecting our ongoing commitment to innovation and excellence in security solutions.
This new update is available for download on the myOPSWAT portal. We have ensured that the upgrade process remains as straightforward and user-friendly as before, allowing for a seamless transition to the latest version.
For a comprehensive overview of all updates, visit our website or contact our support team. Your feedback is invaluable to us, and we look forward to hearing your thoughts on this new release. Stay secure with MetaDefender Sandbox v1.9.2, your reliable partner in advanced threat detection and analysis.
