Hey there, Happy Thursday! It’s that time for our weekly update on what we’ve been up to over the past week. We’ve added some new family detection and configuration extraction on Triage, made some improvements to the existing ones, and included more behavioral signatures for macOS to catch those tricky unknowns.
We can’t wait for you to check out what’s new below, and please always feel free to share your thoughts with us!
New Families This Week
- Added detection and extraction for PrismX/RootRat toolsuite (Linux, macOS, and Windows) versions
- Added detection for recent Triada Android banking trojan
- Added fallback detection for Darkgate v6.x.x
- Added signature and rasnomnote detection for TargetCompany/Mallox
- Updated detection and extractor for new version Godfather banking trojan
Updates for Existing Families
- Updated detection for Gootloader
- Updated detection for Povertystealer
- Updated Asyncrat fallback detection to avoid false positive cases
Updates for Existing Behavioral Signatures
- Extended behavioral evasion, execution, and discovery indicators for macOS
If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
As always feel free to reach out to us any time directly through the website, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account.