Embedded Engine

v1.7.1

Release date: 05/24/2024

New Features and Improvements
  • Ensured support for Ubuntu 22.04
  • Added new threat indicators
  • Disabled IP address OSINT lookups to avoid false positive findings
  • Added verdict to IOCs on the UI
  • Reduced false positive / false negative detection
  • Updated YARA rule-set
  • Fixed office file emulation errors
Verdict for IOCs

Verdict for IOCs

v1.7.0

Release date: 04/26/2024

New Features and Improvements
  • Malware config extraction support
  • Python Unpacking & Decompilation for PyInstaller, Nuitka, and py2exe
  • Improved error reporting
  • Added long path support on Windows
  • Added HTTP redirection support
  • Included disassembly of exported functions for Windows binaries
  • Threat indicator to flag when executable files have two different sections with the same section name
  • Extraction of VBA macro code from DWG files (shown as OLE Stream in File Details section)
  • Enhanced script language detection using the guesslang library
  • Fine-tuned several threat indicators to reduce false positive ratio
  • Improved detection for phishing calendar invites
  • Enhanced recursive analysis of active content containers (email, Office documents, PDF, etc.)
  • Improved scan process for corrupt OLE2 documents
  • Fixed several issues with existing threat indicators (ELF binaries, URL extraction, EML)
Improved error reporting

Improved error reporting

v1.6.0

Release date: 01/29/2024

New Features and Improvements
  • Improved engine performance and stability
  • Implemented configurable OPSWAT Reputation secret in engine global config
  • New indicators for Windows APIs related to specific activities
  • Implemented flagging for LSASS dump using minidump
  • Extracted remote templates inside xTable struct in MS Office documents
  • Implemented parser for Debian packages
  • Expanded malware configuration extractors to encompass the latest and most pertinent threats
  • Improved detection of dynamic syscalls using the HellsGate bypass technique
  • Enhanced Quishing and Phishing email detection
  • Improved the capabilities of Batch, CSV, HTA, JavaScript, LNK, PowerShell, VBA, and VBScript emulation and fine-tuned timeout handling
  • Fixed several UTF-8 parsing issues in content parsers (related to HTML & OLE files)
  • Ensured that all whitelisted submissions get the Benign verdict
  • Improved the stability of concurrent OSINT lookup tasks

v1.5.0

Release date: 11/06/2023

New Features and Improvements
  • Updated Threat Indicators
  • Improved office file emulation
  • Improved PE file analysis
  • Updated YARA rule-set
  • Improved disassembly for x64 architecture
  • Improved file type detection
  • New IOC types for Crypto wallets
  • New Executive Summary (ChatGPT report)
Executive Summary

Executive Summary

Crypto Wallets

Crypto Wallets

Known issues
  • Crypto Wallets IOCs sometimes parsed and displayed incorrectly on the UI

v1.4.0

Release date: 09/22/2023

New Features and Improvements
  • Support filenames with various Unicode characters
  • Support unpacking of 64-bit executables
  • Support malicious documents embedded in PDF files hidden as ActiveMime objects in MHTML format
  • New threat indicators to detect the WikiLoader malware family (Microsoft Office files)
  • Detection and extraction of embedded RTF files in Office documents, as described in CVE-2023-36884
  • Enhance Threat Indicator for Mavinject
  • Improved office file emulation
  • Improved application security
  • Improved large file processing

v1.3.4

Release date: 08/02/2023

New Features and Improvements
  • Updated Threat Indicators
  • Improved office file emulation
  • Improved verdict calculation

v1.3.3

Release date: 07/07/2023

New Features and Improvements
  • Fixed global config “reset to defaults” feature
  • Improved office file emulation
  • Updated YARA ruleset
  • Updated Threat Indicators
  • Updated verdict calculation

v1.3.2

Release date: 06/14/2023

New Features and Improvements
  • Updated logging for MetaDefender Core support package
  • Improved handling of embedded JavaScript files

v1.3.1

Release date: 06/05/2023

New Features and Improvements
  • Enabled XML file support by default
  • Updated reputation sources
  • Improved verdict calculation
  • Fixed global config reset to default values feature
  • Fixed report generation for files including Email IOCs

v1.3.0

Release date: 05/26/2023

New Features and Improvements
  • Updated YARA rule database
  • YARA matches displayed on MDCore UI
  • Dependency check on startup

v1.2.0

Release date: 05/17/2023

New Features and Improvements
  • Scan results are extended with the list of IOCs
  • Rapid mode support added and enabled by default
  • Reputation lookup support added and enabled by default
  • Reputation lookup verdict improvements
  • Improved embedded engine performance

v1.1.0

Release date: 05/08/2023

New Features and Improvements
  • Improved Microsoft Office file handling
  • Security and performance improvements

v1.0.0

Release date: 04/06/2023

New Features and Improvements
  • First versions of Embedded and Remote engines for MetaDefender Core customers
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard