All Posts
5
min read

Threatray Release v2024.07

Published on
July 18, 2024
Copy link
Share on LinkedIn
Share on X/Twitter
Share on Facebook

We are proud to announce Threatray release v2024.07. Dive in below to discover its highlights.

IDA Pro Plugin

Starting today, we’re bringing the power of Binary Intelligence capabilities directly to the disassembler. Our new IDA Pro plugin seamlessly integrates Threatray’s identification and hunting capabilities into your reversing workflows. The plugin enables you to:

  • Identify benign and malicious functions and annotate them, cutting down on reversing time and letting you focus on the relevant pieces of code.
  • Retrohunt for individual functions through 100M+ binaries in seconds and rapidly discover similar samples to pivot to.
  • Cluster samples to efficiently pinpoint shared or unique code.

Download the plugin here: Threatray IDA Pro Plugin.

Enhanced OSINT Hunting

Our unique OSINT Hunt feature, which identifies similar samples referenced in threat reports related to the one you are analyzing, has been significantly enhanced. Utilizing large language models, we process each report and provide summaries, mentioned malware families and more. This allows you to quickly grasp the report's content before delving deeper, making it easier than ever to access relevant intelligence.

Additionally, we have added over 3,500 new OSINT threat reports in the past few months.

Benign Code Detection

Threatray actively indexes benign code, such as runtime libraries, third-party libraries, and legitimate software. Threatray detects benign code down to a single function, aiding in the quick identification of legitimate executables used in attacks, like DLL side-loading, and helping you ignore less relevant code during reverse engineering. Soon, we will be adding thousands of libraries to enhance code attribution capabilities, significantly expanding and accelerating the attribution of unknown code and the speed of binary analysis.

Threat Tracking Updates

In the past few months, we have added 240 new high-quality detection signatures, notably expanding our APT coverage for China, North Korea, and Russia.

Some highlights include RawDoor (APT31), WINELOADER (APT29), TrollAgent (Kimsuky), TinyTurlaNG (Turla), Kapeka, QUICKTOW, ITCHYSPARK, and many more (APT44).

Additionally, we have added 2,500 new community YARA rules.

New Resources

Check out our resources with lots of new content. A series of tutorial videos introduces you to the basics of Threatray:

  • Detection and Identification
  • Hunting and Pivoting
  • Reverse engineering with the IDA Pro Plugin
  • Creating YARA rules for Detection Engineering and Hunting

We have also extended our user guides to help you better learn how the platform works.

More to explore…

Botconf 2022, Qakbot malware family evolution

Qakbot Malware Family Evolution

May 1, 2022

Antti Tikkanen joins Threatray as an advisor

We’re very pleased to announce that Antti Tikkanen has joined the Threatray team as an advisor!

February 21, 2023

Trellix_Discord, I Want to Play a Game

Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game.

October 20, 2023

Ready to find out how Threatray can protect your organization?

Talk to an expert