Blog.

It’s Thursday, so you know what time it is: Triage Thursday! We’re here to share what we’ve found and give you the lowdown on the latest malware trends, helping you tackle those pesky threat actors out there.

Without further ado, let’s jump right into the updates we’ve got for you!

New Families This Week

• Added detection and extraction for XTinyLoader, Windows stealer and loader
  • XTinyLoader Analysis
    • 250815-rb96qsxqw3
    • 250815-rb8mxabl8z
• Added detection for Lynx, Windows ransomware
  • Lynx Analysis
    • 250815-rbnbzax1bs
    • 250815-rbl4xax1az
• Added detection for TONEINS, Windows loader used by Earth Preta APT group
  • TONEINS Analysis
    • 250815-rbgjesxqt5
    • 250815-rbf8nabl5t
• Added detection for Plusdrop malware, Windows backdoor used in TOUGHPROGRESS campaign by APT41 group
  • Plusdrop Analysis
    • 250815-rh1wmsxqz8
    • 250815-rkzrcsxq15
• Added detection for Dtrack family, Windows RAT
  • Dtrack Analysis
    • 250815-rbh29abl5x
    • 250815-rbd4asbl4z

Updates for Existing Families

• Updated INC Ransomware detection with Linux variant
  • INC Ransomware Analysis
    • 250815-rb4zqabl8w
    • 250815-rbl4xabl6v

New Exploit Detection

• Added detection for archives exploited with CVE-2025-8088
  • CVE-2025-8088 Analysis
    • 250815-rcca4ax1cx
    • 250815-rcar9sbl9t

Updates for Existing Behavioral Signatures

• Extended behavioral signature for detecting adding malicious root CA/Cert installation
  • 250815-rwm7psxrz2

If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.