We are proud to announce Threatray release v2024.10. Dive in below to discover its highlights.
Private YARA Rules
Private YARA rules provide you with greater control over how you use Threatray detection, classification and intelligence capabilities. Starting today, you can upload your own YARA rules directly into the platform to enhance detection and enrich analysis results. You have the flexibility to decide whether your rules should be used for detection and malware classification or be used purely for intelligence purposes.
Upload your rules through the in-browser editor, and they will automatically apply to all new submissions—whether static file analysis, memory dumps from dynamic analyses, or memory extracted via our endpoint scanner.
For more details, visit: Threatray Docs - Private YARA rules
DLL Side-Loading Support
DLL side-loading, a popular technique for stealthy malicious code execution, is now fully supported by Threatray. Our submission process allows you to upload an archive of files to be executed together in the same dynamic sandbox environment. You can specify the entry point file and add any necessary command-line parameters, giving you the freedom to analyze complex attack chains.
Dark Mode
Dark mode is here! Switch over to an eye-friendly color palette for a more relaxed experience during late-night threat hunting.
More Product Updates
Version 2.1.0 of our IDA Pro Plugin is now available, packed with improvements for a smoother user experience. The update allows for seamless navigation between code detections, cluster analysis results and function-level retro-hunting insights. You can also pivot effortlessly to the Web UI for further analysis of matching results. Download the latest version and explore the full changelog here: Threatray IDA Pro Plugin.
Threat Tracking Updates
We’ve expanded our malware detection and classification capabilities, adding 190 new high-quality detection signatures and updating 300 existing ones. Our improved coverage includes tools used by ransomware gangs and advanced persistent threats (APT), particularly with a focus on China.
Notable new additions:
- BeaverTail (DPRK)
- MoonPeak (DPRK)
- KlogExe & FPSpy (Kimsuky, DPRK)
- SugarGh0st (CN)
- DeedRAT (CN)
- KTLVdoor (Earth Lusca, CN)
- DodgeBox (APT41, CN)
- SnipBot
- SILKLOADER
- BadSpace
- FrostyGoop
- AilurophileStealer
- NexeBackdoor
In addition, we've integrated 130 new community YARA rules and added 3,500 new OSINT threat reports.