All Posts
5
min read

Threatray Release v2024.10

Published on
October 21, 2024
Copy link
Share on LinkedIn
Share on X/Twitter
Share on Facebook

We are proud to announce Threatray release v2024.10. Dive in below to discover its highlights.

Private YARA Rules

Private YARA rules provide you with greater control over how you use Threatray detection, classification and intelligence capabilities. Starting today, you can upload your own YARA rules directly into the platform to enhance detection and enrich analysis results. You have the flexibility to decide whether your rules should be used for detection and malware classification or be used purely for intelligence purposes. 

Upload your rules through the in-browser editor, and they will automatically apply to all new submissions—whether static file analysis, memory dumps from dynamic analyses, or memory extracted via our endpoint scanner.

For more details, visit: Threatray Docs - Private YARA rules 

DLL Side-Loading Support

DLL side-loading, a popular technique for stealthy malicious code execution, is now fully supported by Threatray. Our submission process allows you to upload an archive of files to be executed together in the same dynamic sandbox environment. You can specify the entry point file and add any necessary command-line parameters, giving you the freedom to analyze complex attack chains.

Dark Mode

Dark mode is here! Switch over to an eye-friendly color palette for a more relaxed experience during late-night threat hunting.

More Product Updates

Version 2.1.0 of our IDA Pro Plugin is now available, packed with improvements for a smoother user experience. The update allows for seamless navigation between code detections, cluster analysis results and function-level retro-hunting insights. You can also pivot effortlessly to the Web UI for further analysis of matching results. Download the latest version and explore the full changelog here: Threatray IDA Pro Plugin.

Threat Tracking Updates

We’ve expanded our malware detection and classification capabilities, adding 190 new high-quality detection signatures and updating 300 existing ones. Our improved coverage includes tools used by ransomware gangs and advanced persistent threats (APT), particularly with a focus on China.

Notable new additions:

  • BeaverTail (DPRK)
  • MoonPeak (DPRK)
  • KlogExe & FPSpy (Kimsuky, DPRK)
  • SugarGh0st (CN)
  • DeedRAT (CN)
  • KTLVdoor (Earth Lusca, CN)
  • DodgeBox (APT41, CN)
  • SnipBot
  • SILKLOADER
  • BadSpace
  • FrostyGoop
  • AilurophileStealer
  • NexeBackdoor

In addition, we've integrated 130 new community YARA rules and added 3,500 new OSINT threat reports.

More to explore…

Join us at Virus Bulletin Conference in London (4-6 October)!

Looking forward to this year’s edition of Virus Bulletin (4-6 october, London).

August 24, 2023

Threatray at Bsides 2022, Binary code as a searchable IOC

Key takeaways from our presentation @ Bsides Zurich by Carlos Rubio, our lead Malware Researcher and Jonas Wagner, co-founder and CTO.

September 25, 2022

Antti Tikkanen joins Threatray as an advisor

We’re very pleased to announce that Antti Tikkanen has joined the Threatray team as an advisor!

February 21, 2023

Ready to find out how Threatray can protect your organization?

Talk to an expert