Welcome to another Triage Thursday series blog post! We’re glad to have you with us, whether you’re a longstanding fan of Triage or a newcomer. In this post, we’ll be sharing the latest updates we’ve made to the sandbox over the past week. If you come across anything that is up to no good but we don’t catch, do let us know. We value your input and appreciate your continued support.
Let’s dive into what’s new this week!
New Families This Week
- Added detection and extraction for Brookrat
- Added detection and extraction for DazzelSpy macOS family
- Added detection and signature for AridViper Android spyware
- Added detection for KandyKorn macOS family
- Added detection for AllakoreRAT family
Updates for Existing Families
- Added detection and signature for undetected Pegasus Android sample
- Added detection for AdWind JAR&Class files
- Added detection yara rules and behavioral fallback for recent Pikabot version
- Updated detection and extraction support for recent Xworm variant
- Fixed extraction error with Smokeloader
Updates for Existing Behavioral Signatures
- Added behavioral detection for macOS
- Updated Windows behavioral Digital signature manipulation techniques
If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
As always feel free to reach out to us any time directly through the website, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account.