ReversingLabs A1000 Malware Analysis Platform™ A1000

Reset password

Forgot your password? Enter your email in the form below and we'll send you instructions for creating a new one.

  • ReversingLabs
  • What's new
  • Cookie Policy
  • Privacy Policy
  • End User License Agreement
ReversingLabs A1000 Malware Analysis Platform™, 6.0.6-1   |   TitaniumCore Version: 4.0.5.0

A1000 v6.0 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

A1000 6.0 includes the latest major version of the ReversingLabs’ industry leading static analysis engine TitaniumCore 4.0.2 delivering a number of significant enhancements:

  • Indicator transparency gives a human-readable explanation for why an indicator appears within a sample analysis, helping users to better understand object intent.
  • Indicators are mapped to MITRE ATT&CK framework, an industry wide standard for describing threats and actor behaviors.
  • “Certificates” section overhaul for better metadata explainability and renaming to “Signatures”.
  • Interactive storyteller with better sample descriptions, including clickable links, enabling even novice A1000 users to pivot through RL’s extensive local and cloud data simply.
  • Predicted file names now use file metadata and construct a probable original file name, which helps users better distinguish files that only have a hash value as their file name.
  • Email files are now treated as a native identification type, delivering better support for various email formats on the A1000 appliance.
  • To receive the richer TitaniumCore 4.0.2 sample reports, samples analyzed with older versions of the engine can be easily reanalyzed with one-click operation.

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

  • Advanced Search is now available on all A1000 appliances enabling unlimited local queries for all users, even on air-gapped systems.
  • Threat Intelligence Cards are utilising ReversingLabs’ extensive file metadata to provide an informative, educational overview and analytics on malware types and families in an easily accessible format.
  • Sample summary improvements make it easier to read the critical sample classification information at a glance. Changes include: sample summary header redesign, new analysis status tables, and reorganized sidebar menu.
  • New A1000 Dashboard YARA Widget offers users a quick insight into their local and cloud YARA matches. Matches can easily be filtered either by time or by rulesets favorited by the current user and by match source.

Integrations / Automation (SOC Managers, CISO, Administrators)

  • RL Cloud Sandbox is a new Dynamic Analysis (DA) integration that further enhances A1000’s File Analysis capabilities, delivering users better efficacy in their security outcomes. This service is based on RL’s DA API’s and is turned on by default so that A1000 files are enriched with existing DA metadata. It is possible to automate DA analysis for files with no report available.

A1000 v6.0.4 Patch Release Highlights

  • A1000 6.0.4 patch release delivers improved quality and better security outcomes for our users. The patch incorporates TitaniumCore v4.0.3, which enables enhancement for Malware detection rules through newly-updated malware classification machine learning models. The patch additionally adds RL Cloud Sandbox quota usage insights and resolves a number of minor and moderate bugs.

A1000 v6.0.5 Patch Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts) A1000 v6.0.5 delivers improved quality and better security outcomes for our users. The patch incorporates TitaniumCore v4.0.4, enabling;

  • Better Malware detection rules through implementation of new malicious VBA macro machine learning classification technology and update to remaining threat detection databases to further improve detection accuracy
  • Identify more files and greater file format coverage with Titanium Core 4.0.4, notably Docker, AutoIt, and improved Office Word support
  • Improved Certificate and miscellaneous archive validation delivering improved certificate reputation baselines and broader coverage
  • More YARA hunting rules with broader coverage

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

Enterprise Password Vaulting use case support, helping with compliance and alignment to internal password policies

Integrations / Automation (SOC Managers, CISO, Administrators)

LDAP 'uniqueMember' support implementation, further enabling compliance and user access scenarios for our administrators

The release additionally improves upon overall quality and usability with a number of prioritized defect resolutions. For full details please see the full release notes on the ReversingLabs Customer Portal (login required).

A1000 v6.0.6 Patch Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

A1000 v6.0.6 delivers improved quality and better security outcomes for our users. The patch incorporates TitaniumCore v4.0.5, adding new machine learning classification technology to detect malicious Excel4 macros. This TiCore update additionally delivers;

  • Better Malware detection rules through updates to our malware classification machine learning models and various classification databases to further improve detection accuracy
  • Updated Certificate white and blacklists deliver improved certificate reputation baselines and broader coverage
  • Quality Improvements through delivery of prioritized bug fixes

Integrations / Automation (SOC Managers, CISO, Administrators)

OpenID Connect authentication has been reorganized and expanded with new configuration options enabling further usage scenarios for our customers. Given the extended feature set no longer requires it to be used only with OpenID, the OpenID Connect section has now been renamed to OAuth 2.0/OpenID Connect. SSO now inter-operates with Active Directory OIDC.

The release additionally improves upon overall quality and usability with a number of prioritized defect resolutions, notably around CAPE sandbox integration. For full details please see the full release notes on the ReversingLabs Customer Portal (login required).

See the full release notes on the ReversingLabs Customer Portal (login required).