ReversingLabs A1000 Malware Analysis Platform™ A1000

Reset password

Forgot your password? Enter your email in the form below and we'll send you instructions for creating a new one.

  • ReversingLabs
  • What's New
  • Cookie Policy
  • Privacy Policy
  • End User License Agreement
ReversingLabs A1000 Malware Analysis Platform™, 6.1.10-1   |   TiCore Version: 4.0.6-1

A1000 v6.1.10 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

A1000 v6.1.10 integrates the latest version of ReversingLabs’ industry leading static analysis engine TitaniumCore v4.0.6, adding new machine learning models for Potentially Unwanted Application (PUA)/ Adware detection and malicious AutoIt scripts. This TitaniumCore update additionally delivers:

  • Better Malware detection rules through updates to our malware classification machine learning models and various classification databases to further improve detection accuracy
  • Updated Certificate white and blacklists deliver improved certificate reputation baselines and broader coverage
  • Improved format support, notably extracting embedded Excel formulas into separate textual files
  • Expanded format support enabling unpacking and identification of additional file formats
  • Updated YARA rules for identifying additional 30+ ransomware files
  • Quality Improvements through delivery of prioritized bug fixes

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

  • Upload maximum file size warning and enforcement added for all files that are 400 MB or greater for improved reliability of analysis, better usability and generally helping our users with awareness and operation within system specifications. Users should contact RL Support or their Account relationship manager for further information and options.

Integrations / Automation (SOC Managers, CISO, Administrators)

  • Migration of YARA rules on A1000 from LDAP to OIDC users is now supported, improving ease of administration
  • Invalid report message handling for all dynamic analysis integration platforms has been improved, helping A1000 users to quickly understand if an invalid report has been generated for a configured sandbox solution.

See the full release notes on the ReversingLabs Customer Portal (login required).

A1000 v6.1 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

A1000 v6.1 integrates the latest version of ReversingLabs’ industry leading static analysis engine TitaniumCore v4.0.5-2, adding new machine learning classification technology to detect malicious Excel4 macros. This TiCore update additionally delivers:

  • Better Malware detection rules through updates to our malware classification machine learning models and various classification databases to further improve detection accuracy
  • Updated Certificate white and blacklists deliver improved certificate reputation baselines and broader coverage
  • Better Quality through delivery of performance improvements and prioritized bug fixes

RCA 2 Classification: ReversingLabs Classification Algorithm v2; Superseding the existing MWP (MalWare Presence) classification algorithm, RCA2 improves file classification reliability by providing a unified classification algorithm that takes advantage of all classifiers, classification components and internal research innovation available to ReversingLabs

  • A1000’s RCA2 transition began in 2020 with the introduction of MWP/RCA2 Compatibility API. The MWP/RCA2 Compatibility API enabled delivery of RCA2 classifications in MWP format
  • A1000 v6.1 continues the RCA2 transition by not only incorporating RCA2 data and terminology across the UI and APIs, but also by implementing user-based classification overrides, enabling the setting of sample classification according to desired security outcomes and desired tolerances; fundamentally enabling Graylist management amongst other new use cases.
  • A1000 v6.1 includes a RCA2 mapping tool-tip/hover explanation within the UI as a method to more easily interpret results, helping users understand the mapping from legacy MWP output (Trust Factor and ThreatLevel - Range 1-5) to Risk Score (UI, - Range 1-10)

TitaniumCloud User Overrides enable users to save File Classification Overrides in TitaniumCloud and to use TitaniumCloud to propagate the classification. Previously, overrides could be stored only locally (on the A1000 appliance)

Goodware Overrides provide users with a method of propagating Goodware Classification from a highly trusted Top-container file to all of its embedded file objects, improving classification efficacy by reducing False Positives caused by low threat embedded files

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

Summary Page Winning Classification Display: Updates to the sample summary page to better illustrate for the user how the data displayed resulted in the classification shown

  • RL Analysis table will be minimized unless processing is still taking place or if a sample has not been sent for TiCloud analysis, this will help avoid any ambiguity between the Classification Reason tile while these conditions exist
  • RL Analysis table, when expanded, will show a highlighted ‘winning classification’
  • A new clear human readable 'Classification explanation bar' will be displayed at the top of RL analysis table to clearly advise a user when a sample has been classified based on extracted files, Goodware Overrides, or Local and Cloud user overrides

Feeds and Tags page deprecation: Feeds and Tags are now available via Advanced Search using tag and vertical keywords; with all Historic Feed and Tags data available, enabling specific and granular query building. Any interface links leading to these pages will now perform an Advanced Search query instead

Advanced Search and Search Keywords (RCA2): riskscore, replaces and combines the trustfactor and threatlevel keywords. It accepts values from 0 to 10, reserving the bottom half (0-5) of the range for the previous trust factor values, and the upper half (6-10) for threat level. Additionally, Files classified as known are now referred to as goodware. This affects the classification keyword, which now expects queries to use goodware instead of known.

General User Interface Overhaul and Simplification: Refreshed user interface, improving both the look and the usability of the appliance. Changes include, but are not limited to: new font, a tweaked color palette, improved iconography, restyled buttons

On-demand re-processing of samples is available for user selection upon landing on the Sample Summary page in order to receive the latest static analysis, improving security efficacy and security outcomes

Integrations / Automation (SOC Managers, CISO, Administrators)

URL Submission and Query Hardening via backend improvements to ensure less failed URL analyses due to network restrictions and to accommodate fuller and richer URL hunting workflows in subsequent releases

Azure DataLake Connector: For collecting file samples from connected ADL containers (maximum of five) and then submitting them for analysis. Enables automatic file sorting into folders based on whether a file is clean or threat bearing.

Scanner Monitoring: Users can specify a list of antivirus scanners that are interesting or important to them. This information will be highlighted in the Multi-Scanner results tile on the Sample Summary pages, in addition to the usual scanner result counts. The feature may be configured on the A1000 from: Configuration > Multi Scanner Tile Configuration

See the full release notes on the ReversingLabs Customer Portal (login required).