ReversingLabs Insights™ Insights
  • Forgot your password?
By logging in, you agree that you have read and accepted the terms of service set forth in the ReversingLabs, Inc. End User License Agreement
  • ReversingLabs
  • What's New
  • Cookie Policy
  • Privacy Policy
  • End User License Agreement
ReversingLabs Insights™, 6.1.10-1   |   TiCore Version: 4.0.6-1

ReversingLabs Insights (RLI) v6.1.10 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

RLI v6.1.10 integrates the latest version of ReversingLabs’ industry leading static analysis engine TitaniumCore v4.0.6, adding new machine learning models for Potentially Unwanted Application (PUA)/ Adware detection and malicious AutoIt scripts. This TitaniumCore update additionally delivers:

  • Better Malware detection rules through updates to our malware classification machine learning models and various classification databases to further improve detection accuracy
  • Updated Certificate white and blacklists deliver improved certificate reputation baselines and broader coverage
  • Improved format support, notably extracting embedded Excel formulas into separate textual files
  • Expanded format support enabling unpacking and identification of additional file formats
  • Updated YARA rules for identifying additional 30+ ransomware files
  • Quality Improvements through delivery of prioritized bug fixes

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

  • Upload maximum file size warning and enforcement added for all files that are 400 MB or greater for improved reliability of analysis, better usability and generally helping our users with awareness and operation within system specifications. Users should contact support or their Account relationship manager for further information and options.

Integrations / Automation (SOC Managers, CISO, Administrators)

  • Invalid report message handling for all dynamic analysis integration platforms has been improved, helping RLI users to quickly understand if an invalid report has been generated for a configured sandbox solution.

See the full release notes on the ReversingLabs Customer Portal (login required).

ReversingLabs Insights(RLI) v6.1 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

RLI v6.1 integrates the latest version of ReversingLabs’ industry leading static analysis engine TitaniumCore v4.0.5-2, adding new machine learning classification technology to detect malicious Excel4 macros. This TiCore update additionally delivers;

  • Better Malware detection rules through updates to our malware classification machine learning models and various classification databases to further improve detection accuracy
  • Updated Certificate white and blacklists deliver improved certificate reputation baselines and broader coverage
  • Better Quality through delivery of performance improvements and prioritized bug fixes

RCA 2 Classification: ReversingLabs Classification Algorithm v2; Superseding the existing MWP (MalWare Presence) classification algorithm, RCA2 improves file classification reliability by providing a unified classification algorithm that takes advantage of all classifiers, classification components and internal research innovation available to ReversingLabs

  • RLI’s RCA2 transition began in 2020 with the introduction of MWP/RCA2 Compatibility API. The MWP/RCA2 Compatibility API enabled delivery of RCA2 classifications in MWP format
  • RLI v6.1 continues the RCA2 transition by not only incorporating RCA2 data and terminology across the UI and APIs, but also by implementing user-based classification overrides, enabling the setting of sample classification according to desired security outcomes and desired tolerances; fundamentally enabling Graylist management amongst other new use cases.
  • RLI v6.1 includes a RCA2 mapping tool-tip/hover explanation within the UI as a method to more easily interpret results, helping users understand the mapping from legacy MWP output (Trust Factor and ThreatLevel - Range 1-5) to Risk Score (UI, - Range 1-10)

TitaniumCloud User Overrides enable users to save File Classification Overrides in TitaniumCloud and to use TitaniumCloud to propagate the classification. Previously, overrides could be stored only locally (on A1000 appliances)

Goodware Overrides provide users with a method of propagating Goodware Classification from a highly trusted Top-container file to all of its embedded file objects, improving classification efficacy by reducing False Positives caused by low threat embedded files

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

Summary Page Winning Classification Display: Updates to the sample summary page to better illustrate for the user how the data displayed resulted in the classification shown

  • RL Analysis table will be minimized unless processing is still taking place or if a sample has not been sent for TiCloud analysis, this will help avoid any ambiguity between the Classification Reason tile while these conditions exist
  • RL Analysis table, when expanded, will show a highlighted ‘winning classification’
  • A new clear human readable 'Classification explanation bar' will be displayed at the top of RL analysis table to clearly advise a user when a sample has been classified based on extracted files, Goodware Overrides, or Local and Cloud user overrides

Feeds and Tags page deprecation: Feeds and Tags are now available via Advanced Search using tag and vertical keywords; with all Historic Feed and Tags data available, enabling specific and granular query building. Any interface links leading to these pages will now perform an Advanced Search query instead

Advanced Search and Search Keywords (RCA2): riskscore, replaces and combines the trustfactor and threatlevel keywords. It accepts values from 0 to 10, reserving the bottom half (0-5) of the range for the previous trust factor values, and the upper half (6-10) for threat level. Additionally, Files classified as known are now referred to as goodware. This affects the classification keyword, which now expects queries to use goodware instead of known.

General User Interface Overhaul and Simplification: Refreshed user interface, improving both the look and the usability of the appliance. Changes include, but are not limited to: new font, a tweaked color palette, improved iconography, restyled buttons

On-demand re-processing of samples is available for user selection upon landing on the Sample Summary page in order to receive the latest static analysis, improving security efficacy and security outcomes

Integrations / Automation (SOC Managers, CISO, Administrators)

URL Submission and Query Hardening via backend improvements to ensure less failed URL analyses due to network restrictions and to accommodate fuller and richer URL hunting workflows in subsequent releases

Scanner Monitoring: A list of six antivirus scanners and their results is now highlighted in the Multi-Scanner results tile on the Sample Summary pages, in addition to the usual scanner result counts, in order to highlight a selection of AV scanner efficacy and results

See the full release notes on the ReversingLabs Customer Portal (login required).