It’s Triage Thursday again already, and that means it’s time for another update roundup. We haven’t got much to cover this week - upcoming features are keeping us busy - but we’ve made some updates to the configuration extractors for a couple of common families:
We are also pleased to share that integration with Urlscan.io is coming to Triage. URL submissions will be passed to the service and the verdict included in the Triage report to augment our handling of web-based threats/phishing pages. We will be releasing this feature over the next few days - keep an eye on our Twitter for news.
If you discover any issues or missing detections while using Triage, please do send us feedback. It’s a big help in deciding what we should be prioritising. You can reach us directly through the website, on Twitter, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account!
ZLoader Configuration Extraction
We have further improved our support for the ZLoader family, fixing an issue that prevented some of the latest samples triggering the configuration extractor.
As usual we will continue to monitor new versions of this family and apply updates as required.
Analyses:
Emotet Update
As it has a bad habit of doing, Emotet made some more changes which meant it wasn’t recognised by our configuration extraction. We’ve added support for this new variant and Emotet should once again be fully supported.
Many thanks to James Quinn (@lazyactivist192) for providing information on these changes which made the update much simpler.
Analyses: