Another week, another Triage Thursday blog post! If you’re new here, this is the perfect spot for you to learn all the new things about Triage Sandbox. We share all the latest updates over the past week, from the smallest detection updates to the biggest feature releases.
Besides our usual family and signature changelog this week we’ve got a couple of new things to announce:
Windows 11 and Android 13 VMs are now supported!
Earlier this week, some of you may have noticed that Android 13 and Windows 11 VMs appeared in the configuration options! These have been rolled out for all users on the public cloud and are currently expected to be available to our private customers from December 11th.
You can access the VMs under the Platform section during the submit process. For now we are not changing the default VM selection on Windows if you leave it on Automatic (Windows 7 and Windows 10) so that we don’t break automated workflows, but Researcher or private users can create new Profiles under Organization settings for easy use in API integrations etc.
We’d love to hear any thoughts you have, feel free to give it a try and share your experience with us!
As usual, we also have a few updates for our malware detections and configuration extractors, let’s check out what’s new this week!
New Families This Week
- Added detection and extraction for EasyStealer
- Added detection and extraction for DoNot Android spyware family
- Added detection for PureLogs stealer
- Added detection for SMSeye Android open-source SMS spyware
Updates for Existing Families
- Updated detection and extraction for Amos Stealer macOS v2
- Updated detection for Jupyter backdoor new version
- Updated detection and extraction for Vidar v6.x
- Updated detection and extraction for Lumma stealer as behavioral fallback
- Updated the rules to cover the latest undetected Irata samples
Updates for Existing Behavioral Signatures
- Extended execution and exfiltration IOCs for macOS
- Extended macOS heuristic signature for detecting System Information Discovery T1082 and T1083
If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
As always feel free to reach out to us any time directly through the website, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account.