The Intelligent Sandbox updated content package for versions 4.10, 4.12, 4.14, 5.0, and 5.2 are now available.
This detection package adds detection updates to Intelligent Sandbox. This update includes the following changes:
New Rules:
- Rules to detect WinRAR samples extracting files to a temp folder
- Rules to cover CVE-2023-38831
- Rules to detect suspicious file creation from a fake Recycle Bin folder
- Rules to detect Trojan Downloader activity utilizing BITS for file transfers
- Rules for increased coverage for Gh0st RAT
For more details about the changes and fixes, see the Release Notes.
This detection package is released using the common detection package format. To install and apply a common detection package, either use Intelligent Sandbox 5.2.2 or newer version, or install a patch of KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package if your Intelligent Sandbox is version 5.2.0 or earlier.
See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for details about the common detection package format.
See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for details about the common detection package format.
Package build number: 5.2.4.231212
Customers can update to the detection packages using the following two options:
Customers can update to the detection packages using the following two options:
- Product UI: Access on the Intelligent Sandbox (ATD) UI at Manage, Image & Software, Content Update, Detection Pkg
- Download Server: Customers can download the content updates, behind appropriate grant numbers, from the Download Server
For more information, see the Release Notes.