We are proud to announce Threatray release v2024.07. Dive in below to discover its highlights.
IDA Pro Plugin
Starting today, we’re bringing the power of Binary Intelligence capabilities directly to the disassembler. Our new IDA Pro plugin seamlessly integrates Threatray’s identification and hunting capabilities into your reversing workflows. The plugin enables you to:
- Identify benign and malicious functions and annotate them, cutting down on reversing time and letting you focus on the relevant pieces of code.
- Retrohunt for individual functions through 100M+ binaries in seconds and rapidly discover similar samples to pivot to.
- Cluster samples to efficiently pinpoint shared or unique code.
Download the plugin here: Threatray IDA Pro Plugin.
Enhanced OSINT Hunting
Our unique OSINT Hunt feature, which identifies similar samples referenced in threat reports related to the one you are analyzing, has been significantly enhanced. Utilizing large language models, we process each report and provide summaries, mentioned malware families and more. This allows you to quickly grasp the report's content before delving deeper, making it easier than ever to access relevant intelligence.
Additionally, we have added over 3,500 new OSINT threat reports in the past few months.
Benign Code Detection
Threatray actively indexes benign code, such as runtime libraries, third-party libraries, and legitimate software. Threatray detects benign code down to a single function, aiding in the quick identification of legitimate executables used in attacks, like DLL side-loading, and helping you ignore less relevant code during reverse engineering. Soon, we will be adding thousands of libraries to enhance code attribution capabilities, significantly expanding and accelerating the attribution of unknown code and the speed of binary analysis.
Threat Tracking Updates
In the past few months, we have added 240 new high-quality detection signatures, notably expanding our APT coverage for China, North Korea, and Russia.
Some highlights include RawDoor (APT31), WINELOADER (APT29), TrollAgent (Kimsuky), TinyTurlaNG (Turla), Kapeka, QUICKTOW, ITCHYSPARK, and many more (APT44).
Additionally, we have added 2,500 new community YARA rules.
New Resources
Check out our resources with lots of new content. A series of tutorial videos introduces you to the basics of Threatray:
- Detection and Identification
- Hunting and Pivoting
- Reverse engineering with the IDA Pro Plugin
- Creating YARA rules for Detection Engineering and Hunting
We have also extended our user guides to help you better learn how the platform works.