Release Notes for v1.9.3
Date: 26 March, 2024
Added:
- Python Unpacking & Decompilation for PyInstaller, Nuitka, and py2exe

- Extended the malware configuration extractor to support the Cobalt Strike malware family

- Included disassembly of exported functions for Windows binaries
- Threat indicator to flag when executable files have two different sections with the same section name
- Extraction of VBA macro code from DWG files (shown as OLE Stream in File Details section)
- Support for MITRE Att&ack technique mapping from Yara rule metadata

- New DotnetInfo tab in the File Details section for .NET executables
- Added the “auditor” role, which functions as a read-only admin role
- MISP integration options in Admin Settings, see details at MISP
- Added support for new Sandbox installations on Ubuntu 22.04 (it will be possible to upgrade the OS on older installations with the next major release coming later in 2024)
Changed:
- Improved proxy handling and proxy related bug fixes, see configuration details at Proxy Usage
- Enhanced script language detection using the guesslang library
- Fine-tuned several threat indicators to reduce false positive ratio
- Return "Unknown" verdict if no threat indicators are generated for URL and file submissions
- Improved detection for phishing calendar invites
- Enhanced recursive analysis of active content containers (email, Office documents, PDF, etc.)
- Improved scan process for corrupt OLE2 documents
- Return HTTP 429 responses to new scan requests when the scan queue is full
- Long-running scans are cancelled after user-defined timeout
- Show queue count statistics in Admin Panel/Statistics/Jobs/Scan Health
- Enhanced system resilience by continuing interrupted scans after a queue restart
- Improved URL rendering to bypass simple human verification check boxes (e.g. Cloudflare)
Fixed:
- Resolved issues with license actions (deactivation, inconsistent states)
- Fixed several issues with existing threat indicators (ELF binaries, URL extraction, EML)
- Enhanced Application Security measures, especially for URL emulation
- Invitation links should work even if the "Sign up" feature is disabled
- Extended functional tests for the Webservice API and resolved potential runtime issues
- Fixed simple search not working for tags, e.g. #html
- URL preview should be displayed automatically on URL details page
- Only execute Similarity Search if the original verdict matches the specified configuration
Was this page helpful?