Version 2023.1.1
New Features
Detection Improvements
- LLAM-9973: Improved detection of IcedID malware
- LLAM-10022: Improved detection of PoshC2 Implants
- LLAM-10048: Improved detection of DDoS Agent
- LLAM-10049: Improved detection of a Shellcode Loader
- LLAM-10099: Improved detection of PlugX malware
- LLAM-10294: Detection of silent command execution from a LNK file (informational)
- LLAM-10295: Improved detection of JuicyPotato hacktool
- LLAM-10296: Improved detection of FScan hacktool
- LLAM-10297: Improved detection of Goon hacktool
- LLAM-10318: Improved detection of a Webshell used by Dalbit APT group
- LLAM-10324: Improved detection of 3CS Supply Chain Attack malware
Deprecation of API Methods
The Lastline API documentation includes a deprecation schedule for deprecated Lastline API methods, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
Lastline Sensor version 1350.1
Distribution Upgrade
Sensor version 1220 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 1350, you must be running Bionic as the operating system distribution. You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded. For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.