Lastline Network and Email Defender On-Premises Release Notes

Version 9.8.1

New Features

Detection Improvements

  • LLAM-12143: Improved detection for Helldown Ransomware
  • LLAM-12116: Improved detection for Locky Ransomware
  • LLAM-12115: Improved detection for Linux version of Interlock Ransomware
  • LLAM-12070: Improved detection for Sdum
  • LLAM-12064: Improved detection for Interlock Ransomware
  • LLAM-12061: Improved detection for Lynx Ransomware
  • LLAM-12025: Improved detection for Gafgyt Ddos
  • LLAM-11958: Improved detection of phishing pages
  • LLAM-11911: Improved detection for SAgent
  • LLAM-11910: Improved detection for Poseidon
  • LLAM-11907: Improved detection for JS Dropper
  • LLAM-11906: Improved detection for Dunihi
  • LLAM-11888: Improved detection for AuKill
  • LLAM-11877: Improved detection for Darkgate
  • LLAM-11876: Improved detection for Dojos
  • LLAM-11874: Improved detection for Pantera LNK Agent
  • LLAM-11873: Improved detection for AsyncRAT
  • LLAM-11872: Improved detection for Powershell IOC's of Discoteka Stealer
  • LLAM-11870: Improved detection for Powershell Kematian Stealer
  • LLAM-11864: Improved detection for BAT file IOC's of Discoteka Stealer
  • LLAM-11848: Improved detection for Boxter
  • LLAM-11837: Improved detection for Oyster Loader
  • LLAM-11832: Improved detection for Farfli keylogger
  • LLAM-11831: Improved detection for SatanStealer
  • LLAM-11822: Improved detection for JuicyPotato MSIL trojan
  • LLAM-11820: Improved detection for Warmcookie backdoor
  • LLAM-11814: Improved detection for Tellyouthepass ransomware
  • LLAM-11796: Improved detection for Kryptik
  • LLAM-11745: Improved detection for Observer Stealer
  • LLAM-11743: Improved detection for KiteShield Packer trojan
  • LLAM-11742: Improved detection for Chisel hacktool
  • LLAM-11741: Improved detection for JuicyPotato hacktool
  • LLAM-11710: Improved detection for Samstealer
  • LLAM-11699: Improved detection for Striker
  • LLAM-11698: Improved detection for Lockbit Blackbyte Ransomware
  • LLAM-11696: Improved detection for MSIL ShellcodeLoader
  • LLAM-11687: Improved detection for BAT Stealer
  • LLAM-11673: Improved detection for Pikabot
  • LLAM-11652: Improved detection for bad IIS module
  • LLAM-11647: Improved detection for Laterdectus IcedID samples
  • LLAM-11646: Improved detection for Onenote IceID Downloader
  • LLAM-11638: Improved detection for Goldoon Botnet Targeting D-Link Devices
  • LLAM-11588: Improved detection for Golang reversessh
  • LLAM-11587: Improved detection for UPSTYLE Backdoor (CVE-2024-3400)
  • LLAM-11571: Improved detection for AgentTesla
  • LLAM-11564: Improved detection for Snowlight
  • LLAM-11560: Improved detection for Tasos
  • LLAM-11555: Improved detection for ShellScript downloader
  • LLAM-11548: Improved detection for SparkRat
  • LLAM-11519: Improved detection for AVKill BAT
  • LLAM-11518: Improved detection for PetitPotato
  • LLAM-11517: Improved detection for Rekoobe
  • LLAM-11515: Improved detection for z0Miner Shellscript
  • LLAM-11503: Improved detection for XRed Backdoor
  • LLAM-11501: Improved detection for Bifrose
  • LLAM-11487: Improved detection for Stealers
  • LLAM-11485: Improved detection for Jkwerlo Ransomware
  • LLAM-11484: Improved detection for Dridex Trojan
  • LLAM-11482: Improved detection for Pikabot Trojan
  • LLAM-11474: Improved detection for Turla Backdoor
  • LLAM-11464: Improved detection for Korplug RAT
  • LLAM-11460: Improved detection for DarkVNC
  • LLAM-11455: Improved detection for Netwalker Ransomware
  • LLAM-11418: Improved detection for Modiloader
  • LLAM-11407: Improved detection for Wing Ransomware
  • LLAM-11401: Improved detection for Beast Ransomware
  • LLAM-11400: Improved detection for Chaos Ransomware
  • LLAM-11396: Improved detection for Kimsuky RAT
  • LLAM-11392: Improved detection for FritzFrog
  • LLAM-11391: Improved detection for PurpleFox Rootkits
  • LLAM-11390: Improved detection for Pterodo Malware
  • LLAM-11388: Improved detection for Trigona Ransomware
  • LLAM-11384: Improved detection for Grandoreiro malware
  • LLAM-11375: Improved detection for BianLian Agent samples
  • LLAM-11374: Improved detection for SmokeLoader
  • LLAM-11372: Improved detection for TeslaRvng Ransomware
  • LLAM-11363: Improved detection for JS GootLoader
  • LLAM-11314: Improved detection for Kuiper Ransomware
  • LLAM-11305: Improved detection for Agensla Pure Crypter
  • LLAM-11304: Improved detection for IceFire Ransomware
  • LLAM-11298: Improved detection for SeaTurtle Malware
  • LLAM-11282: Improved detection for JJS downloader used in Pikabot Spam Campaign
  • LLAM-11281: Improved detection for MIMIC Ransomware
  • LLAM-11280: Improved detection for Cobaltstrike Beacon
  • LLAM-11279: Improved detection for Medusa Ransomware
  • LLAM-11276: Improved detection for Mirai-Based NoaBot
  • LLAM-11261: Improved detection for Mirai
  • LLAM-11259: Improved detection for Powershell Downloader
  • LLAM-11243: Improved detection for Fiber Injector
  • LLAM-11242: Improved detection for ZGRat Backdoor
  • LLAM-11238: Improved detection for CStealer
  • LLAM-11218: Improved detection for BATLoader
  • LLAM-11177: Improved detection for Danabot SpyBanker
  • LLAM-11176: Improved detection for MSIL OrcusRat
  • LLAM-11163: Improved detection for BAT samples of Setter Downloader
  • LLAM-11153: Improved detection for Spyder downloader which deliver the Remcos Trojan
  • LLAM-11112: Improved detection for sysaid-cve-2023-47246

Bug Fixes and Improvements

  • USER-147: Users will now have their session time out after 60 minutes of inactivity. Users will also be prompted before the timeout happens in case they would like to continue their session.
  • SENT-3896: Fix to an issue where an appliance using silicom NICs may never fail-close after a reconfiguration.
  • SENT-3928: Fix to an issue in the IDS engine that would cause a signature reload to fail to release the detection engine when reloading IDS signatures. This would cause a slow memory leak in the service over long periods of time.
  • SENT-3990: Fix to an issue that would cause the IDS service to crash in case it was configured to perform blocking for identified malicious actions.
  • SENT-4009: Fix to an issue in the sensor appliance where the sensor watchdog would not recover from failures of the sniffing service, that would then require to be restarted manually.
  • SENT-4025: Fix to an issue where custom IDS variables were not correctly taken into account by the appliance.
  • PLTF-4078: Improve performance of processing of email information on the Manager. Prior to this fix, installations where Sensors were monitoring a very large amount of email could lag behind in recording the email detections in the Manager's database and displaying them in the UI.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Defender On-Premises:

  • Lastline Manager version 1150.2
  • Lastline Engine version 1150.2
  • Lastline Data Node version 1150.2
  • Lastline Sensor version 1372

Released Sandbox Images Versions

The sandbox images version will remain at 2022-07-16-01.

Distribution Upgrade

Version 9.4.5 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 9.8.1, you must be running Bionic as the operating system distribution.

You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.

For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.

9.8