Welcome to another Triage Thursday! We always enjoy keeping you in the loop about the latest updates we’ve made to the Triage in this blog series. This week, we’ve added a couple of new malware families for various operating systems we support, including Windows, Linux, macOS, and Android, as well as configuration extraction for these malware families.
We highly value your feedback, so please do not hesitate to share your thoughts with us. If you come across any issues, please let us know, and we will be happy to assist you. Thank you for being a part of our community!
Without further ado, let’s check what’s new this week:
New Families This Week
- Added detection and extraction for Pureland Stealer macOS family in x86 and ARM64
- Added detection and extraction for Zloader x64 new version with DGA extraction support
- Added detection and extraction for Stealc new version
- Added detection and extraction for Amadey x64bit new version
- Added detection and extraction for VajraSpy Android RAT family
- Added detection and extraction for AndrMonitor Android stalkerware
- Added detection for SMSWorm Android malware family
- Added detection for krustyloader Linux family
Updates for Existing Families
- Updated Socks5Systemz to extract more samples
- Updated Lumma stealer ioc for new samples
- Updated signatures for epsilon files and C2 domain
- Fixed detection for Revengerat to avoid false positive cases
If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
As always feel free to reach out to us any time directly through the website, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account.