ReversingLabs Insights™ Insights
  • Forgot your password?
By logging in, you agree that you have read and accepted the terms of service set forth in the ReversingLabs, Inc. End User License Agreement
  • ReversingLabs
  • What's New
  • Cookie Policy
  • Privacy Policy
  • End User License Agreement
ReversingLabs Insights™, 6.2.0-31   |   TiCore Version: 4.0.6-1

RLI v6.2 Release Highlights

Classification / Innovation (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts)

RLI v6.2 integrates the latest version of ReversingLabs’ industry leading static analysis engine TitaniumCore v4.0.6-1, adding new machine learning models for Potentially Unwanted Application (PUA)/ Adware detection and malicious AutoIt scripts. This TitaniumCore update additionally delivers:

  • Better Malware detection rules through updates to our malware classification machine learning models and various classification databases to further improve detection accuracy
  • Updated Certificate white and blacklists deliver improved certificate reputation baselines and broader coverage
  • Improved format support notably extracting embedded Excel formulas into separate textual files
  • Expanded format support enabling unpacking and identification of additional file formats
  • Updated YARA rules for identifying additional 30+ ransomware files
  • Quality Improvements through delivery of prioritized bug fixes
  • RLI v6.2 integrates new and updated Metadata components from ReversingLabs’ industry-leading static analysis engine TitaniumCore, enabling richer hunting investigations and workflows:
    • Info - Displays Binary Layer, File information, Hashes, Overlays, Validation, Unpacking, Errors, Warnings, and Properties details
    • Application - Displays Application Identity and Capabilities details
    • Application (PE) - Displays Analysis, DOS Header, Rich Header, File Header, Optional Header, Version Info, CodeViews, and Taggant details
    • Security - Displays Exploits, Features and Properties details
    • Email - Displays Message, Contact, Appointment and Task details
    • Document - Displays Document Object and Capabilities details
    • Mobile - Displays Capabilities, Windows Phone, and Windows Store Package Object details
    • iOS - Displays iOS Object, Application Bundle, and Download Info details
    • Behavior - Displays Copy, Rename, Process Start, Shortcut, Remove, Edit INI, and URI details
    • Android - Displays Android Object and Android Application details
    • Additionally users may view the following component details - .NET object, ELF, MachO, Dex, Software Package, Signatures, Certificates, Protection, HTML, Browser, Tag, Malware Configuration, Strings, Interesting Strings, Behavior Registry, Classification, MITRE ATT&CK, Image

Enterprise Readiness / Usability (Tier 1 and Tier 2 Analysts, Threat Hunters, Security Analysts, SOC Managers)

  • TitaniumCloud/T1000 connection status indicator added to the upper right section of the RLI interface, helping users better understand the connectivity to a reputation source from any given screen; helping customers resolve configuration/connectivity issues faster.
  • Sample Summary introduces a new tab mechanic for better usability, helping users to quickly get to the information they need for their workflow. Additionally, the home icon has been moved to the sidebar for easier navigation.
  • Advanced Search: similar-to keyword searches for functionally similar files to the sent hash, enabling fast pivoting to similar samples under investigation within a user’s environment. Users may learn more about RHA (ReversingLabs Hashing algorithm) file similarity by checking the ReversingLabs website or the Analyzing Files with RHA Similarity Algorithm section in the product documentation.
  • uri: keyword search allows users to search for submitted samples containing a given URI. URI* returns all URI’s submitted to the appliance. Previously all files and URI’s were searchable from the filename: keyword. To search for files by uri source from which they were downloaded, users should continue to use the uri-source:keyword
  • General UX Updates: Font weight increased to improve ease of use.
  • Dynamic Analysis Error Reporting enhancement for if an analysis fails; the sample summary page will now indicate that the displayed result is that of the last successful analysis along with the Action column showing the error that caused the last attempt to fail.

Integrations / Automation (SOC Managers, CISO, Administrators)

  • Download Samples from TitaniumCloud through API enabling automated download of interesting samples in investigation and hunting workflows. Downloading from TitaniumCloud is optional and can be set through parameters. In case disk space is almost full, error will be returned.

See the full release notes on the ReversingLabs Customer Portal (login required).