9.8

23 Jan 2024

Version 9.8

New Features

Introduce Permission for Viewing Analysis Reports of Other Accounts

INTRODUCE PERMISSION FOR VIEWING ANALYSIS REPORTS OF OTHER ACCOUNTS

This introduces a new permission "Can View Analysis History". With this permission, a user is able to view the history of file and URL analysis submissions performed by any account under Analyst -> Submission History. Users without this permission are only able to view their own submissions.

Previously, only users with administrator permissions were able to view submissions from other accounts.

This new feature was tracked internally as FEAT-7762

Detection Improvements

LLAM-10326: Reduced false positives in script behavior analysis
LLAM-10825: Improved detection of Malform RTF
LLAM-11131: Improved detection for Info Stealer
LLAM-11139: Improved detection for MSIL Shellcode Downloader
LLAM-11130: Improved detection for Mirai Botnet
LLAM-11128: Improved detection of QiLin ransomware
LLAM-11095: Improved detection for Darkgate
LLAM-11117: Improved detection for Knight Ransom Loader
LLAM-10617: Improved detection for Boxter Runner
LLAM-10546: Improved detection of Parite malware
LLAM-10555: Improved detection of Rootkits
LLAM-10475: Improved detection of Nukesped malware
LLAM-10469: Improved detection of a Downloader
LLAM-10440: Improved detection of Keyplug malware
LLAM-10447: Improved detection of Amadey malware
LLAM-10237: Detection of Telegram bot (informational)
LLAM-10236: Improved detection of Disdroth trojan
LLAM-11032: Improved detection of Akira ransomware
LLAM-10922: Improved detection of Kryptik
LLAM-10902: Improved detection for Whirlpool Linux Backdoor
LLAM-10894: Improved detection of a Powershell Loader
LLAM-10895: Improved detection of Shellcode Runner
LLAM-10893: Improved detection for MathTypeObfs exploit
LLAM-10826: Improved detection for Nitrogen Installer
LLAM-10790: Improved detection for Amadey Clipper
LLAM-10961: Detection improvement for OilRig Trojan
LLAM-10859: Improved detection of Sapphire Stealer
LLAM-10856: Improved detection for elevation of UIAccess applications
LLAM-10775: Improved detection of Qakbot
LLAM-10787: Improved detection of Mallox ransomware
LLAM-10704: Improved detection for Invicta Stealer
LLAM-10670: Improved detection for Ponyshell Downloader
LLAM-10660: Improved detection for Perl Shellbot
LLAM-10695: Improved detection for Bandit stealer
LLAM-10693: Improved detection for IcedID trojan
LLAM-10685: Improved detection for Meduza Stealer
LLAM-10672: Improved detection for PyCrypter
LLAM-10649: Improved detection for GreetingGhoul Infostealer
LLAM-10615: Improved detection of Bruteforce hacktool
LLAM-10519: Improved detection for ClipBanker
LLAM-10525: Improved detection of Ransomwares
LLAM-10529: Improved detection of Nokoyawa ransomware
LLAM-10505: Improved detection for the RokRat Powershell starter.
LLAM-10473: Improved detection of Mirai MooBot
LLAM-10571: Improved detection of Earthworm hacktool
LLAM-10570: Improved detection of Buhti ransomware
LLAM-10545: Improved detection of Kimsuky malware
LLAM-10516: Improved detection of Python Stealer
LLAM-10474: Improved detection of CrimsonRAT
LLAM-10838: Improved detection for HookAMSI has been found in Raccoon Stealer.
LLAM-11159: Improved detection for Ddostf Botnet
LLAM-11137: Improved detection of Kinsing malware
LLAM-11166: Improved detection of BeaverTail malware
LLAM-11172: Improved detection of a VBS Downloader
LLAM-11120: Improved detection of RunPE Loader
LLAM-10563: Improved detection of BlackCat ransomware
LLAM-10562: Improved detection of Nanodump hacktool
LLAM-10543: Improved detection for Mirai Botnet
LLAM-9980: Improved detection of NTDLL unhooking evasion
LLAM-11129: Improved detection for Stealer Downloader
LLAM-11011: Improved detection for dotRunpeX Injector
LLAM-11018: Detection improvement for Stealer Loader
LLAM-11046: Improved detection for Poverty Stealer
LLAM-11121: Improved detection of BATLoaders
LLAM-10989: Improved detection for Lumma Stealer
LLAM-10990: Improved detection for Bunny Loader
LLAM-10975: Improved detection for MSIL Exploit CVE-2022-22718
LLAM-10957: Improved detection for Veeam Dumper
LLAM-10919: Improved detection of Webshell
LLAM-10915: Improved detection of Shellcode Runner
LLAM-10848: Improved detection for Logcleaner Hacktool
LLAM-10813: Improved detection of Mirai
LLAM-10920: Improved detection of Blueshell malware
LLAM-10852: Improved detection for DreamBus Botnet
LLAM-10849: Improved detection of Qbot
LLAM-10842: Improved detection for Shellscript miner
LLAM-10771: Improved detection of malware files in MEME#4CHAN attack
LLAM-10774: Improved detection for Linpeas Hacktool
LLAM-10762: Improved detection for Boxter Downloader
LLAM-10747: Improved detection of Prikormka malware
LLAM-10745: Improved detection of a Downloader
LLAM-10744: Improved detection of XWorm
LLAM-10735: Improved detection for Spyder trojan
LLAM-10742: Improved detection of Rootkits
LLAM-10743: Improved detection of persistence techniques used by malwares in MEME#4CHAN attack
LLAM-10668: Improved detection for Emeka Crypter
LLAM-10686: Improved detection for WarHawk backdoor
LLAM-10671: Improved detection for Mirai Condi Botnet
LLAM-10651: Improved detection for Clipper dropper
LLAM-10597: Improved detection for malicious LNK files executing msiexec.exe
LLAM-10595: Improved detection for malicious LNK files executing PowerShell
LLAM-10561: Improved detection of Ligolo hacktool
LLAM-10518: Improved detection for Qakbot
LLAM-9979: Improved detection of NTDLL unhooking evasion

Bug Fixes and Improvements

PLTF-3652: Fixed issue on the standby manager that could cause it to incorrectly authenticate to the active manager during install or upgrade, and could cause the standby manager to go into an Error state.
LLCC-2762: Improved database performance in environments with high disk throughput but high I/O latency, by increasing the number of concurrent I/O threads. Updated appliance diagnostic checks to account for this type of environment.

NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR FILE ANALYSIS ON WINDOWS 7

To ensure a satisfactory level of security, it is not advisable to use Windows 7. As a consequence, testing the maliciousness of files in this environment is no longer deemed relevant. Therefore, we have decided to gradually phase out the analysis of files on Windows 7. With this latest release, file analysis on Windows 7 will become optional. All analysis on Windows 7 will cease in the next major release.

EXPLICIT PROXY DEPRECATION

NSX Defender On-premise 9.8 is the last major release to support the use of the sensor explicit proxy capabilities. The sensor explicit proxy functionality allows to run a squid proxy on the appliance with basic TLS decapsulation functionality. This feature will no longer be available in the next major release of NSX Defender on-premise. Support for ICAP integrations will not be affected by this deprecation.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Detonator On-Premises:

Lastline Manager version 1150
Lastline Engine version 1150

Released Sandbox Images Versions

The sandbox images version will remain at 2022-07-16-01.

Distribution Upgrade

Version 9.4.5 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 9.8, you must be running Bionic as the operating system distribution.

You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.

For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.