Triage Thursday

URLScan Integration and Updates for Emotet and Zloader


It’s Triage Thursday again already, and that means it’s time for another update roundup. We haven’t got much to cover this week - upcoming features are keeping us busy - but we’ve made some updates to the configuration extractors for a couple of common families:

We are also pleased to share that integration with is coming to Triage. URL submissions will be passed to the service and the verdict included in the Triage report to augment our handling of web-based threats/phishing pages. We will be releasing this feature over the next few days - keep an eye on our Twitter for news.

If you discover any issues or missing detections while using Triage, please do send us feedback. It’s a big help in deciding what we should be prioritising. You can reach us directly through the website, on Twitter, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to to register for a free account!

ZLoader Configuration Extraction

We have further improved our support for the ZLoader family, fixing an issue that prevented some of the latest samples triggering the configuration extractor.

As usual we will continue to monitor new versions of this family and apply updates as required.


Emotet Update

As it has a bad habit of doing, Emotet made some more changes which meant it wasn’t recognised by our configuration extraction. We’ve added support for this new variant and Emotet should once again be fully supported.

Many thanks to James Quinn (@lazyactivist192) for providing information on these changes which made the update much simpler.


You may also like: