Thursday, December 3, 2020

Network Simulation now live on Hybrid-Analysis!

We are proud to announce the availability of Network Simulation for file and URL detonations on Hybrid-Analysis.com! 

Network Simulation will block internet-bound traffic from reaching its destination, instead routing all traffic to an internal endpoint which responds to those outbound requests (DNS/HTTP(s)/etc...). This allows the submitter to collect crucial indicators and detonation details without ever directly contacting attacker-controlled infrastructure. 

To utilize this new feature, submit a new file or URL for analysis and expand "Runtime Options" found within the environment selector section:


Then select "Simulate Network Traffic" when customizing your detonation parameters:



That's it! When your sample is submitted, all traffic destined for the internet will be safely routed internally to feign internet availability. 

Happy Hunting!




Wednesday, August 12, 2020

New and Improved Threat Score!

Greetings from Sandboxland! From all of us at Hybrid Analysis, we hope this message finds you healthy and well. It’s been quite a long time since our last blog post… we’ve been busy working on platform enhancements and introducing new features to further improve your sandbox experience. One of the most exciting new features is the integration of a machine-learning powered threat score!

With this new feature, the sample and pertinent sandbox data will be scrutinized by a machine-learning model developed with CrowdStrike’s proven machine-learning technology, returning a threat score and associated verdict.  The objective of this undertaking was to achieve greater sensitivity and specificity while computing threat scores.  Initial analysis from a data set consisting of ~40K samples shows the new methodology to be quite effective, with a significant decrease in the False Positive Rate (FPR), while simultaneously increasing the True Positive Rate (TPR).  This feature is initially limited to non-URL submissions detonated in our Windows detonation environments with plans for further expansion as the model develops and matures.