With the recent wave of OneNote documents being used to deliver malware, we added support in ACCE to extract those malicious components for further analysis. Added support also for Royal Ransomware, Collector Stealer and others, as well as updated support for Snow Loader and more.

With recent updates to DC3-MWCP enabling recursion through the use of YARA matching, we updated the ACCE backend to facilitate this workflow, prompting a major version increment to 2.0.

This release consists of the following:

Recategegorized LoopAddTS as DarkWire Crypter and added support for Crypter and Shellcode variants

Added support for Turian Backdoor

Added support for reported Turla malware

Added support for Silence Group malware

Continued kordesii conversions to dragodis/rugosa

Happy New Year! Please find our first release notes of the year below, with much more to come in 2023!

As a reminder, you can create an account on our Research ACCE instance to view the examples provided in the links.

As we continue adding support to ACCE, we wanted to provide more information about where are efforts are being directed, and are starting a new series that will correspond with new ACCE releases, dubbed “Release Notes”.

Each post will describe what the new release consists of, in terms of new or updated support, and will typically include links to example results on our Research ACCE instance.