Release Notes for v1.9.3

Date: 26 March, 2024

Added:

  • Python Unpacking & Decompilation for PyInstaller, Nuitka, and py2exe
  • Extended the malware configuration extractor to support the Cobalt Strike malware family
  • Included disassembly of exported functions for Windows binaries
  • Threat indicator to flag when executable files have two different sections with the same section name
  • Extraction of VBA macro code from DWG files (shown as OLE Stream in File Details section)
  • Support for MITRE Att&ack technique mapping from Yara rule metadata
  • New DotnetInfo tab in the File Details section for .NET executables
  • Added the “auditor” role, which functions as a read-only admin role
  • MISP integration options in Admin Settings, see details at MISP
  • Added support for new Sandbox installations on Ubuntu 22.04 (it will be possible to upgrade the OS on older installations with the next major release coming later in 2024)

Changed:

  • Improved proxy handling and proxy related bug fixes, see configuration details at Proxy Usage
  • Enhanced script language detection using the guesslang library
  • Fine-tuned several threat indicators to reduce false positive ratio
  • Return "Unknown" verdict if no threat indicators are generated for URL and file submissions
  • Improved detection for phishing calendar invites
  • Enhanced recursive analysis of active content containers (email, Office documents, PDF, etc.)
  • Improved scan process for corrupt OLE2 documents
  • Return HTTP 429 responses to new scan requests when the scan queue is full
  • Long-running scans are cancelled after user-defined timeout
  • Show queue count statistics in Admin Panel/Statistics/Jobs/Scan Health
  • Enhanced system resilience by continuing interrupted scans after a queue restart
  • Improved URL rendering to bypass simple human verification check boxes (e.g. Cloudflare)

Fixed:

  • Resolved issues with license actions (deactivation, inconsistent states)
  • Fixed several issues with existing threat indicators (ELF binaries, URL extraction, EML)
  • Enhanced Application Security measures, especially for URL emulation
  • Invitation links should work even if the "Sign up" feature is disabled
  • Extended functional tests for the Webservice API and resolved potential runtime issues
  • Fixed simple search not working for tags, e.g. #html
  • URL preview should be displayed automatically on URL details page
  • Only execute Similarity Search if the original verdict matches the specified configuration
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard