ReversingLabs Insights™ Insights
  • Forgot your password?
By logging in, you agree that you have read and accepted the terms of service set forth in the ReversingLabs, Inc. End User License Agreement
  • ReversingLabs
  • What's new
  • Cookie Policy
  • Privacy Policy
  • End User License Agreement
ReversingLabs Insights™, 6.0.5-2   |   TitaniumCore Version: 4.0.4.0

ReversingLabs Insights(RLI) v6.0 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

RLI 6.0 includes the latest major version of the ReversingLabs’ industry leading static analysis engine TitaniumCore 4.0.2 delivering a number of significant enhancements:

  • Indicator transparency gives a human-readable explanation for why an indicator appears within a sample analysis, helping users to better understand object intent.
  • Indicators are mapped to MITRE ATT&CK framework, an industry wide standard for describing threats and actor behaviors.
  • “Certificates” section overhaul for better metadata explainability and renaming to “Signatures”.
  • Interactive storyteller with better sample descriptions, including clickable links, enabling even novice RLI users to pivot through RL’s extensive local and cloud data simply.
  • Predicted file names now use file metadata and construct a probable original file name, which helps users better distinguish files that only have a hash value as their file name.
  • Email files are now treated as a native identification type, delivering better support for various email formats on the RLI appliance.
  • To receive the richer TitaniumCore 4.0.2 sample reports, samples analyzed with older versions of the engine can be easily reanalyzed with one-click operation.

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

  • Advanced Search is now available on all RLI appliances enabling unlimited local queries for all users, even on air-gapped systems.
  • Threat Intelligence Cards are utilising ReversingLabs’ extensive file metadata to provide an informative, educational overview and analytics on malware types and families in an easily accessible format.
  • Sample summary improvements make it easier to read the critical sample classification information at a glance. Changes include: sample summary header redesign, new analysis status tables, and reorganized sidebar menu.
  • New RLI Dashboard YARA Widget offers users a quick insight into their local and cloud YARA matches. Matches can easily be filtered either by time or by rulesets favorited by the current user and by match source.

Integrations / Automation (SOC Managers, CISO, Administrators)

  • RL Cloud Sandbox is a new Dynamic Analysis (DA) integration that further enhances RLI’s File Analysis capabilities, delivering users better efficacy in their security outcomes. This service is based on RL’s DA API’s and is turned on by default so that RLI files are enriched with existing DA metadata. It is possible to automate DA analysis for files with no report available.

RLI v6.0.4 Patch Release Highlights

  • RLI 6.0.4 patch release delivers improved quality and better security outcomes for our users. The patch incorporates TitaniumCore v4.0.3, which enables enhancement for Malware detection rules through newly-updated malware classification machine learning models. The patch additionally adds RL Cloud Sandbox quota usage insights and resolves a number of minor and moderate bugs.

RLI v6.0.5 Patch Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts) RLI 6.0.5 patch release delivers improved quality and better security outcomes for our users. The patch incorporates TitaniumCore v4.0.4, enabling;

  • Better Malware detection rules through implementation of new malicious VBA macro machine learning classification technology and update to remaining threat detection databases to further improve detection accuracy
  • Identify more files and greater file format coverage with Titanium Core 4.0.4, notably Docker, AutoIt, and improved Office Word support
  • Improved Certificate and miscellaneous archive validation delivering improved certificate reputation baselines and broader coverage
  • More YARA hunting rules with broader coverage

The release additionally improves upon overall quality and usability with a number of prioritized defect resolutions. For full details please see the full release notes on the ReversingLabs Customer Portal (login required).

See the full release notes on the ReversingLabs Customer Portal (login required).