Welcome back to another episode of our Triage Thursday blogpost! In our latest update, we’ve added detection of a few recently noticed families and expanded behavioral detection for Windows. This will help us catch more sneaky and suspicious behaviors!
We’ve also updated our Print to PDF support this week, meaning now you’ll get a properly formatted report rather than relying on the web formatting. This should make the files a lot more readable, especially for bigger and more complex analyses. It is intended to be a high level summary of the findings rather than a full dump of IOCs etc., and we hope it helps with sharing reports outside the sandbox itself.
New Families This Week
- Added detection and extraction for XploitSPY open source Android RAT
- Added ransom note extractor for DragonForce a variant of Lockbit ransomware
Updates for Existing Behavioral Signatures
- Extended behavioral detection from Mitre Att&ck framework v.15.1 for Windows to detect execution and defense evasion techniques
If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
You can find us directly through the website, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account.