Java Dependency checking is fixed: Fixed Java dependency checking to no longer mismatch some Java versions
Deep CDR Triggers options added: New Deep CDR Trigger option is added to Workflow configs for a more granular setup option.
Removed Scan modes from configuration: Scan mode workflow config is no longer supported.
Context-Aware Threat Indicators: Improved threat indicators by factoring in the context of the analysis, leading to more accurate threat assessments.
Reduced False Positives: Lowered false positive rates for heuristically detected or non-clickable IP addresses and URLs, improving the accuracy of threat analysis.
Malicious Document Detection: Improved the detection of malicious documents, adding new indicators and reducing the risk of document-based attacks.
Enhanced Emulation: Increased emulation success rates, particularly through better recognition of file content types eligible for emulation.
Python Script Detection: Improved detection of malicious Python scripts, a growing vector for attacks.
Better XOR Decryption: Extended XOR decryption capabilities, improving analysis of encrypted malware.
Improved IOC Extraction: Enhanced the extraction of indicators of compromise (IOC) from emulation for a more comprehensive report.
YARA Rule Updates: Reviewed and vetted third-party YARA rules. By default, YARA rules are loaded with priority from the OPSWAT repository.
Symantec Quarantine Repair: Implemented a repair function for files restored from Symantec quarantine, ensuring files can be analysed post-restoration.
MSC File Support: Added the ability to identify and parse Microsoft Management Console (MSC) files, further broadening threat detection capabilities.
JPHP Support: Enhanced malware detection with the ability to parse and decompile JPHP files, expanding the range of supported file types and languages.
.NET API Call Detection: Added detection of unmanaged .NET API references, improving analysis of .NET-based malware.
OT Malware Detection: Introduced a YARA ruleset specifically for OT (Operational Technology) malware, expanding protection to critical infrastructure systems.
LNK File Threat Indicators: Strengthened detection for LNK icon smuggling and LNK-MOTW (Mark of the Web) bypass attacks, both common techniques in modern malware.
Ransomware Detection Enhancement: Added severity Yara rule matches related to ransomware, helping to prioritize and respond to ransomware threats more effectively.