Welcome to the next installment of our new changelog-style Triage Thursday blogposts. If this is your first time here this is where we summarise the detection and feature releases to the Triage sandbox for the past week, so that you can stay up to date with what’s new both in the platform and in the wider threat landscape.
Not signed up yet? Head over to tria.ge to register for a free account!
Let’s dive straight in!
New Families This week
- Added detection and extraction for MilleniumRAT family
- Added detection and extraction for Fakecheck family
- Added detection for Forest Tiger family
Updates for Existing Rules
- Added configuration extractor support for the Domain Generation Algorithm (DGA) used in recent Bumblebee variant
- Updated XWorm extractor to fix issue extracting multiple C2s
- Made some updates to behavioural rules around persistence
If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
You can contact us directly through the website, or using the Feedback option on an analysis report page.