With the recent wave of OneNote documents being used to deliver malware, we added support in ACCE to extract those malicious components for further analysis. Added support also for Royal Ransomware, Collector Stealer and others, as well as updated support for Snow Loader and more.

With recent updates to DC3-MWCP enabling recursion through the use of YARA matching, we updated the ACCE backend to facilitate this workflow, prompting a major version increment to 2.0.

This release consists of the following:

Recategegorized LoopAddTS as DarkWire Crypter and added support for Crypter and Shellcode variants

Added support for Turian Backdoor

Added support for reported Turla malware

Added support for Silence Group malware

Continued kordesii conversions to dragodis/rugosa

Happy New Year! Please find our first release notes of the year below, with much more to come in 2023!

As a reminder, you can create an account on our Research ACCE instance to view the examples provided in the links.