UnpacMe submissions are now scanned with open source community Yara rules, a new Hunt view can be used to quickly pivot on searchable data, and Goodware labels are automatically applied to unpacked samples.
Results are now enriched with SourceIntel OSINT data, Go samples are now processed with GoReSym symbol recovery, and both Search and Yara results now have customizable results filters.
Updated Yara Hunting to improve scan coverage and lookback, aded support for Yara 4.3, and updated support for bloated files
Updated capa to use the latest version 6.0.0, expanded Goodware corpus for testing Yara rules, and improved byte search performance.
This week we've launched a new IDA Search Plugin that allows analysts to efficiently search UnpacMe for related samples and overlapping code. The plugin can search through both malware samples and our collection of Goodware files.
Last month was somewhat of a milestone for us at UnpacMe as we onboarded our 10,000th user! To celebrate we are introducing a new Boosted plan.
Searches can now be shared with our new share search URL feature.
This week we've observed a substantial increase in Redline Stealer submissions. A large number of these are utilizing a hash-busted packer.
We have identified new variants of in2al5dp3in4er (invalid printer) packer being used to distribute Aurora Stealer and Vidar Stealer. These variants were observed to have low AV detection rates.
This week we've updated coverage for IcedId and an IcedId fork based on a newly observed version.