Hatching Triage Java API client version 1.4 release notes

The main page for this API client can be found here. In this release, minor changes were made. Below, the changes are explained in detail. One can find the library’s code here. The latest release of the precompiled JAR can be found here.

Table of contents

Renaming packages

To avoid name collision with other classes, a more unique package name has been used. From version 1.4 onward, all packages start with triageapi. This might cause some failed class reference in a project, but can easily be resolved.

Using timezones

The LocalDateTime objects in Java are not including any timezone information. Using a different timezone than UTC might cause some samples to go “missing”, as Triage’s timezone is set to UTC. When searching for samples within a time frame, it can get tricky. As such, the client now converts any given time object to the same moment in time in UTC format. Use your own system’s default timezone when creating such objects when calling this function. This information is also included in the updated Javadoc.

Family detection support

Some changes have been made to the getFamilies functions. The main logic is now present in a new function that takes a Set as its first argument, providing increased accuracy when getting the involved families. The overload that takes a TriageReport object as its first argument, now also includes the tags from the static report to said object, further improving the family detection function set.

Future work

Suggestions are welcome, either via one of the methods mentioned below, or via an issue on the Github repository. I will maintain this library to add more features in the future.

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit or DM me on Twitter @Libranalysis.