Release Notes
Date: 14 September, 2023
This version is not suitable for a clean installation due to breaking changes introduced in Docker 25. Please use version 1.9.2 or later for clean installations!
Added:
- New License Management interface added to the Web UI: License Activation
- Automatically generate an executive summary with OpenAI’s GPT large language model (LLM): ChatGPT (Executive Summary)
- Support different retention periods for different verdicts
- The /api/scan/file API endpoint accepts base64-encoded file content in the JSON request body
- Support filenames with various unicode characters
- Support unpacking of 64-bit executables
- Integrated "Detect It Easy" to identify characteristics of executable files related to compilation and packing
- Support malicious documents embedded in PDF files hidden as ActiveMime objects in MHTML format
- New threat indicators to detect the WikiLoader malware family (Microsoft Office files)
- Detection and extraction of embedded RTF files in Office documents, as described in CVE-2023-36884
- Detect XOR decoding routine near the executable entry point
- Enhance Threat Indicator for Mavinject
](https://uploads.developerhub.io/prod/XX2D/8pplvmn0ly267eeq3e215xchiyulj183dxclsar858xnmml7pp9niav3lnni9ueq.png)
Adversaries may abuse mavinject.exe to proxy execution of malicious code. Mavinject.exe is the Microsoft Application Virtualization Injector, a Windows utility that can inject code into external processes as part of Microsoft Application Virtualization (App-V) See example and new threat indicator.
Changed:
- Faster scan processing time
- Enhanced logging to provide more relevant information
- Improved VBA emulation to support additional features
- Refined emulation error handling for higher success ratio
- Enhanced threat indicators and verdict calculation
- Improved string analysis
- Optimized disk space utilization & clean-up mechanisms
- Enhanced MITRE mapping for user clarity
- Enhanced flagging for suspicious imported APIs and modules
Fixed:
- Added version locks for dependencies in various emulator components
- Improved application security
- Incorrect detection of zip bombs
- Incorrect condition for the emulation of ActiveMime files
- Improved processing of large sample files
Was this page helpful?
