Modat Magnify v1.4.0: New Detections, Search Enhancements & More
- MODAT Team
- Oct 15, 2025
- 2 min read
Updated: 4 days ago
The Hague · October 15, 2025 · Product Update
Version 1.4.0 brings some of your most requested features to Modat Magnify. Here's what's new.
A Redesigned Query Guide and Resource Center
Finding the right syntax should never slow down an investigation. We've improved the Query Guide with refined navigation and richer examples for faster reference, and launched a new Resource Center — a single hub for tags, documentation, and feature updates.
New Tag: SMS Gateway
Our latest tag gives visibility into telecom and messaging systems. You can now identify and monitor exposed SMS Gateway endpoints — search instantly using:
New Search Operators and Protocol Support
This release adds several new capabilities to help you discover more with better precision and flexibility
has_tls search field: Filter results by whether a service has TLS, directly in your query.has_tls
PPTP protocol support: Discover PPTP services with service=pptp.
Case-sensitive search: Use the ~~ and == operators for exact, case-sensitive matching.
New Query Operators Added
We've expanded what you can query and how. Three new operators are now available:
Certificate full-text search: Query certificate content directly, e.g., cert~"Subject: CN=*.example.com".
Defanged IP support: Submit defanged addresses as-is, with ip=1[.]1.1.1.
Service URI search: Service URI is now a searchable field service_uri=1.1.1.1:80/tcp.
Detection Enhancements, Search Precision & History Comparison (Beta)
We've enhanced Magnify's detection and insight capabilities across the board:
New detections: C2 servers, OT devices, and Healthcare devices.
Substring search: Now enabled for text fields, excluding banners, headers, HTML, and certificate fields.
Increased token size limit: Raised to 256 characters.
Search pivots: Now available in HTML, headers, banners, and certificates.
History Comparison (Beta): Compare infrastructure changes between different scans.
Pivot in new tabs: Ctrl+Click to open search pivots in new tabs.
TLS Certificate Serial Number: cert.serial is now searchable.
JSON beautify: A beautify button for JSON content within HTML.
Interactive Product Tour: Added to help new users onboard to the latest features.
New Detections Added
We've expanded our malware and infrastructure coverage significantly in this release:
New malware & C2 detections: Matanbuchus C2, Crocodilus, ZeroTrace, Stealer 4.11, Airavat RAT, FiercePhish, Olympus Stealer, and Byakugan Stealer.
OT detections: Added coverage for ProSoft, Siemens, and Schneider devices.
Detection and Search Improvements
A focused set of engine improvements makes queries more reliable and results more accurate:
Quotation parsing: Improved parsing and escaping for more consistent query behavior.
AI query correction: Enhanced AI-based query correction for better search suggestions.
Query complexity: Limit raised to 50 elements.
Anycast and DNS detection: Improved coverage across both.
CVE search: Fixed bugs for more reliable CVE search results.
Murdoc Botnet Detection and Search Enhancements
Detection for the Murdoc Botnet has been added to Magnify. Alongside this, we'veimproved search notations and AI search suggestions and increased the maximum query complexity from 20 to 50 elements.
DNS Enhancements and CVE Bug Fixes
Improved DNS collection: Additional sources have been added to broaden DNS coverage.
CVE search bug fixes: Resolved issues affecting CVE search accuracy.
All features are live now. Log in to explore, or reach out to the team at support@modat.io with any questions.
