With the release of version 4.0 last year, the VMRay Platform took a huge leap forward and further solidified itself as the preeminent software for SOC and CERT teams that need automated analysis and detection of advanced threats. Version 4.1 further rounded out the offering with incremental yet significant enhancements, and this trend continues with version 4.2, which features a variety of new features and enhancements, the most important of which we highlight below.
Encrypted C2 traffic can be an opportunity for attackers to circumvent malware detection and analysis. To address this, we have added automatic decryption of network traffic originated in the detonation environment so that the decrypted information is now presented in both the Web Interface (i.e., Analysis Reports, Network tab, IOCs tab) and the Summary JSON. Decryption is accomplished through a mixture of invisible monitoring of relevant API calls with dumping the memory of relevant processes at the right time. ...read more!
