Reset password

Forgot your password? Enter your email in the form below and we'll send you instructions for creating a new one.

E-mail:

ReversingLabs
What's New
Cookie Policy
Privacy Policy
End User License Agreement

ReversingLabs A1000 Malware Analysis Platform™, 6.3.1-32 | TiCore Version: 4.0.8-1

A1000 v6.3.1 Release Highlights

Dynamic & Network Analysis

Improved usability of the FireEye section on the Sample Summary page, with visual uniformity in line with our other supported third-party sandbox integrations
Improved URL submission usability with more descriptive error information provided to users when the A1000 fails to scrape a submitted URL, providing users help with debugging

Maintenance & Operations

Security compliance updates in v6.3.1 include fixes for Python Django and Go technologies, ensuring security compliance coverage for our users
Quality improvements through a number of prioritized defect fixes, notably improved handling of a particular case where the TitaniumCore Goodware classification was not being propagated correctly to overall file classification, and a fringe case where the unknown classification was returned if the appliance’s TitaniumCloud reputation source was disabled by an administrator
YARA Rules per rulesets limits have been relaxed following a period of performance monitoring, enabling greater efficiency in customer workflows
Privacy Policy updated in v6.3.1 to provide users with improved readability

See the full release notes on the ReversingLabs Customer Portal (login required).

A1000 v6.3 Release Highlights

Static Analysis

TitaniumCore v4.0.8 delivers further improved certificate reputation baselines through the adding of time limits to recently leaked certificates and updates to publisher trust ratings within the RL data corpus
TitaniumCore v4.0.7, initially integrated into the v6.2.2 February 2022 patch release, is included with A1000 v6.3.The release improves Excel format support through extracting embedded formulas into separate textual files, expanding macro code extraction and enhancing password protected document decryption. This update also delivers on the following outcomes for our users:

Updated malware classification machine learning models
Improved classification efficacy through updated malware detection rules
Even more files classified through RHA
More YARA classification rules with broader coverage
Improved certificate reputation baselines
Quality improvements through delivery of prioritized bug fixes

attack-tactic and attack-technique advanced search keywords have been added, allowing users to search for samples based on detected ATT&CK framework attacks and techniques

Dynamic and Network Analysis

RL Cloud Sandbox:

Usability Refresh The analysis results pages have been redesigned for readability and now show all information on a single page, with general file details and classifications at the top, followed by a table listing all analyses performed on the sample. Additionally, tabbed navigation is now added for refreshed Network and Behavioral analysis information, and newly added Dropped Files and MITRE ATT&CK
MITRE ATT&CK tab added, linking to a table of MITRE ATT&CK Techniques detected during dynamic analysis
Dropped Files tab added, listing files that the sample dropped during dynamic analysis. If available locally, these files can be interacted with and inspected like any other file on the A1000
Behavior and Network Analysis refresh with revised key data overview and user-friendly navigation
ZIP Archive Support is now a supported filetype, configurable to automatically analyze uploaded ZIP archives
Merged and Historic Reports now allow users to more easily switch between the merged analysis report and any of the individual reports within the UI using a dropdown menu above the tabbed section

Network Threat Intelligence API Integration Sample Summary Pages for URL submissions now contain an additional tab displaying results of the ReversingLabs TitaniumCloud URL Threat Intelligence service. For URL submissions no longer accessible, this tab will display any data held by ReversingLabs or third party URL reputation information, if available

Workflows

‘Download Logs’ button: Users can now easily and quickly download support logs using the Download logs button on the Administration > System Status page, enabling more efficient support troubleshooting and triage
Submit File (Password & Platform) button, configurable via administration, has been added, enabling submission of password protected .ZIP file archives. This enables the submitting of suspicious and malicious files, for example; email attachments, as password-protected archives to the A1000, along with the additional option of selecting the RL Cloud Sandbox platform to which the extracted file will be submitted
GUI Upload Priority: Files uploaded using the user interface are now prioritized over files uploaded using other upload methods (eg. REST API, Connectors, Automation scripts) streamlining workflows for A1000 interface users
Predicted filenames generated by TitaniumCore are now visible on the Sample Summary pages and returned via the Report Summary API and Full Report API in the proposed_filename response field
MITRE & ATTACK section of the Sample Summary report has been updated to be consistent with the MITRE ATT&CK section in the sidebar menu. Both are now presented as tables
Embedded File Type Statistics pie chart has been improved for better readability when displaying samples with a large number of extracted file types. The Statistics section in general will be overhauled in a future release

Maintenance

SWAP Memory controls: A new configuration option has been added to Administration > Configuration > General, allowing the users to disable the usage of SWAP memory on the appliance
URL submissions forwarded to Joe Sandbox integrations will now be submitted as a URL, using the Joe Sandbox Browse URL API
Security compliance updates in v6.3 include a number of updates for backend services
Quality improvements through a number of prioritized defect fixes, including restoration of ‘Comments’ to the sidebar of Sample Summary pages

See the full release notes on the ReversingLabs Customer Portal (login required).

A1000 v6.2.2 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

A1000 v6.2.2 integrates the latest version of ReversingLabs’ industry leading static analysis engine TitaniumCore v4.0.7. In addition to better format support through extracting embedded Excel formulas into separate textual files, this update delivers on the following outcomes for our users:

Updated malware classification machine learning models
Improved classification efficacy through updated malware detection rules
Even more files classified through RHA
More YARA classification rules with broader coverage
Improved certificate reputation baselines
Quality improvements through delivery of prioritized bug fixes

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

Security compliance updates in v6.2.2 include a number of updates for backend services
Quality improvements through a number of prioritized defect fixes, notably improved reliability for local appliance URL processing
Updated Privacy Policy

Integrations / Automation (SOC Managers, CISO, Administrators)

GUI Configuration for setting resource and usage limits has been added for better supportability

See the full release notes on the ReversingLabs Customer Portal (login required).

A1000 v6.2.1 Release Highlights

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

Security compliance updates: v6.2.1 includes a number of security compliance updates, notably Python Django and a number of backend technologies, ensuring security coverage for our users
Usability issues were resolved in v6.2.1, notably around navigation from within the sample summary page
Improved performance through a reduction in database transactions, configuration optimization, and various backend task tweaks
Quality improvements through a number of prioritized defect fixes, including improvements around automated re-submission of samples to JoeSandbox integrations, along with improved reliability and error handling for URL processing

Integrations / Automation (SOC Managers, CISO, Administrators)

Skip reanalysis functionality is now available and configurable for the A1000 REST /api/samples/list API
429 error code is returned to users on Sample Upload API requests where queues and/or appliance memory usage are too high

See the full release notes on the ReversingLabs Customer Portal (login required).