Threatray

New blog post: how AI + code intelligence can help analysts rapidly identify trojanized DLLs and accelerate malware investigations. We preview our upcoming AI analysis feature, combining LLMs with Threatray’s code similarity engine to surface suspicious functionality, separate benign code from attacker logic, and speed up triage. Read it here: https://t.co/EslsyLZmqr

🚀 We are proud to announce the availability of Threatray Release v2.2, bringing a powerful set of enhancements and new capabilities to the platform. 🔍 Function-level retro-hunting and pivoting is now available directly in the UI. Point and click on any unknown function to hunt for similar functions across our database of over 1 billion malware and goodware functions - uncovering relationships in seconds and accelerating analysis, pivoting, and detection workflows. 🧠 We’ve significantly improved our Go and Rust library identification engine, yielding up to 40 % more goodware function identifications, while reducing false matches. Library attribution is now more specific, enabling clearer distinction between known good code and potential threats. 👁️ YARA matches are now better visible throughout the UI, making detection results more accessible and intuitive. YARA classification works alongside our core code similarity engine, helping analysts quickly see all relevant classification and detection signals in one place. Explore all the new features and improvements: https://t.co/WJpZ8CFVLt

We analyzed a .NET multi-stage malware delivery system active since early 2022 that deploys commodity stealers and RATs through a three-stage loading process. Through our code reuse technology, we discovered more than 20,000 samples spanning three years, delivering 10 distinct malware families. The payloads notably include AgentTesla, FormBook, and Remcos - with VIPKeylogger and NovaStealer among recent additions. We identified a stable code pattern in the third stage that enabled us to create a YARA rule for detecting this loader. Find the full analysis with YARA rule here: https://t.co/YareiUYOHz #cybersecurity #malware #threatintel

🚀 We are proud to announce the availability of Threatray Release v2.0, bringing a huge set of additions and improvements to the platform. ✅ The introduction of Goodware Identification enhances analysis by identifying benign code from runtime, third-party libraries and legitimate executables at the function level, streamlining processes such as detecting backdoors, creating YARA rules, and focusing on relevant code. 📊 We bring Code Intelligence to a new level, providing a detailed breakdown of malicious and benign code within binaries, along with capability analysis. These features accelerate investigation and triage of unknown binary code. ⚙️The IDA Pro plugin enhances reverse engineering with features such as cluster analysis to identify code overlaps and function-level retro-hunt to search through our vast code repository. We bring YARA rule development, malware tracking, and code reuse research to the next level. 🌐 Our new Chrome Extension allows for fast threat report analysis by summarizing reports, annotating hashes with malware family classifications, and enabling direct pivoting to detailed analysis in the Threatray platform. See details and screenshots here: https://t.co/3O8xI0fgUn