Version 7.4
New features
- Support for custom routing of analysis traffic
- URL analysis improvements
- Microsoft Office macro analysis improvements
- Improved analysis of analysis artifacts
- Bug fixes and improvements
Support for custom routing of analysis traffic
In the default configuration, traffic generated inside the Lastline analysis sandbox is routed to the Internet via a secure tunnel. This tunnel allows us to anonymize the public IP of our customers and to avoid getting blacklisted when connecting to malware command-and-control infrastructure by periodically rotating this IP.
Even more, the tunnel prevents malware running inside the sandbox from accessing services in the local network of the customer in which the system runs.
For customers who do not want to make use of this feature, the lastline_setup configuration utility now allows to specify a custom network connection for routing sandbox traffic to the Internet. While this does not give the same security guarantees as the default configuration, it allows customers with stringent privacy concerns to control the traffic routing, as described in more detail in the installation manual.
URL analysis improvements
Reports for URL analyses now include strings that have been observed during an analysis. They are listed in the "Memory contents" section of the report.
Microsoft Office macro analysis improvements
Reports for Microsoft Office documents containing macro code now contain more information about VBA macro anomalies.
Improved analysis of analysis artifacts
Artifacts encountered as part of an analysis run are now analyzed in more detail. For example, any applications found as part of a URL analysis or found embedded in documents are included linked as extra analysis run to the original analysis report.
Bug fixes and improvements
- More robust filetype detection for script types.
- Improved filetype detection for obfuscated MIME structures.
- Expanded analysis of archive contents, including script files and nested archives.
- Support for RAR archives of version 5+, ACE archives, and Windows Script Files.
- Improved coverage of DMG images and MIME archives.
- Fix analysis submission file cache, clearing unneeded files faster.
- More robust file scoring to avoid analysis runs taking longer to score than needed.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use on-premise:
- Lastline Analyst version 705
Deprecation of API methods
No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.