VMRay Analyzer 1.10 is here: STIX/CybOX, SIEM, PowerShell & more

We’ve just released V 1.10 and we’re well on the way to building the ultimate Panopticon for malware. To reach that goal with automated malware analysis and detection, three criteria must be met:

  1. The analyzer must scale
  2. The analyzer must avoid detection & evasion by the malware being analyzed
  3. The analysis results must be complete and accurate

In our prior 1.9 release we addressed scalability through our hyperscale architecture. Because of VMRay’s agentless hypervisor-based approach, there is nothing about the analysis per se that malware can detect. However, malware can look at the target machine and make an inference as to whether or not the machine is ‘real’. Creating realistic target machines was a prime objective that we blogged about earlier, and we’ve added more functionality to facilitate that in our new 1.10 release.

 

 

Scalability and detection evasion count for nothing if the end result isn’t an accurate, actionable analysis. To that end we’ve made several enhancements to how VMRay analyses browser exploits and other malware. We’ve also enhanced our scoring system, the VMRay Threat Identifier (VTI) engine, adding user-editable rules and customization.

 

 

Lastly, interoperability and ease of integration are critical for enabling timely action. To that end we now support CybOX (STIX) formats in reports. VMRay supports SIEM integration by publishing analysis alerts in Syslog/CEF format.

 

 

Key new features are:

  • Customizable Severity Scoring in VTI engine
  • Improved Opswat Metadefender & VirusTotal integration, including support for on-premise Metadefender Core installation
  • Reports available in  STIX/CybOX format
  • SIEM integration through syslog/CEF output
  • Added many new network configuration options (easy VPN integration, use of custom gateway, etc.)
  • Preview support for Java malware (.jar and .class files)
  • Expanded support for HTML, Macromedia Flash and Powershell malware
  • Support for current Internet Explorer versions in browser analysis
  • Preview of Firefox and Chrome browser analysis support
  • Support for custom email templates (can be edited in the web interface)
  • Added Adobe Reader DC support
  • Improved user interaction for PowerPoint analyses: Analyzer now clicks through slides automatically
  • Improved randomization: Analyzer can now generated random documents (Office documents, images, etc.) in VM before analysis starts
  • Extended hook support: You can now have multiple independent hook files for
    easier integration
  • Samples can now be submitted from remote HTTP(s) URLs instead of having to upload them directly (works with both web interface and API)

 

Follow us on Twitter @VMRay to get updates as we blog about what’s new in more detail.