The Intelligent Sandbox updated content packages for versions 4.8, 4.10, 4.12, 4.14, 5.0, and 5.2 are now available.
The detection packages add detection updates to Intelligent Sandbox. The updates include the following changes:
- Coverage for MortalKombat ransomware.
- Coverage for LockBit ransomware.
- Coverage for Lilith ransomware.
- Rules to detect Remcos RAT Ransomware.
- Rules to detect Input capture by keylogging.
- Rules to detect data querying from local system like system files, configuration files or local databases.
- Rules to detect clearing of windows event logs.
For more details on changes and fixes, read the Release Notes.
Package details by version are as follows:
- atd-detection-img-5.2.0.230310-5.2.0.x86_64.rpm
- atd-detection-img-5.0.0.230310-5.0.0.x86_64.rpm
- atd-detection-img-4.14.2.230310-4.14.2.x86_64.rpm
- atd-detection-img-4.12.4.230310-4.12.4.x86_64.rpm
- atd-detection-img-4.10.2.230310-4.10.2.x86_64.rpm
- atd-detection-img-4.8.2.230310-4.8.2.x86_64.rpm
Customers can update to the detection package using the following two options:
- Product UI: Access on the Intelligent Sandbox/ATD UI at: Manage, Image & Software, Content Update, Detection Pkg.
- Product Downloads site: Customers can download the content updates, behind appropriate grant numbers, from the Product Downloads site.