Blog.

Welcome back to our Triage Thursday blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight which families are being monitored each day so you can stay in the loop.

We truly appreciate your help! If you spot any malware that we might have missed, please don’t hesitate to give us a shout. Your insights are super helpful! You can reach out anytime through our website or by clicking the Feedback option on an analysis report page. Thanks for being a part of our community!

New Families This Week

• Added detection and extraction for MorpheusLoader family, Windows loader
  • MorpheusLoader Analysis
    • 250912-f9a9hshj7t
    • 250912-f9b6tasvht
• Added detection and extraction for Lazarus Stealer, Android banking trojan
  • Lazarus Stealer Analysis
    • 250912-f9bv2shj7v
• Added detection and extraction for Gorillabot, Linux botnet
  • Gorillabot Analysis
    • 250912-f9ab8asvgz
    • 250912-f9ayrasvg1
• Added detection and extraction for SikkahBot, Android malware
  • SikkahBot Analysis
    • 250912-f9c34shj7y
• Added detection for Mozi family, Linux botnet
  • Mozi Analysis
    • 250912-f9cgkssvhv
    • 250912-f8yy7ayps7
• Added detection for XClient family, Windows trojan
  • XClient Analysis
    • 250912-f8wttshj3x
    • 250912-f8w5lasvex
• Added detection for GhostEngine malware, Windows trojan
  • GhostEngine Analysis
    • 250912-f8vxjasvev
• Added detection for MgBot malware, Windows backdoor
  • MgBot Analysis
    • 250912-f8peragr9y
    • 250912-f8nhfsgr9x
• Added detection for PennyWise family, Windows stealer
  • PennyWise Analysis
    • 250912-f8qb2shj2s
    • 250912-f8p2aagr91

New Ransomware Detection

• Added detection for Yurei, Windows ransomware
  • Yurei Analysis
    • 250912-f9ea6sypv5
    • 250912-f9elyahj71
• Added detection for Bert, cross-platform ransomware
  • Bert Analysis
    • 250912-f89qpahj6z
    • 250912-f892fssvgy
• Added detection for Diavol, Windows ransomware
  • Diavol Analysis
    • 250912-f8j52asvds
    • 250912-f8krkasvdv
• Added detection for CyberVolk, Windows ransomware
  • CyberVolk Analysis
    • 250912-f82ebahj4w
    • 250912-f9amzshj7s
• Added detection for Hellcat, Windows ransomware
  • Hellcat Analysis
    • 250912-f88tdsypv2
    • 250912-f8846asvgw

Updates for Existing Families

• Updated detection to X-agent, MacOS backdoor
  • X-agent Analysis
    • 230401-eyvncahc4x
    • 220204-pm9cgaabdj
• Updated detection for Warmcookie, Windows backdoor
  • Warmcookie Analysis
    • 250912-f9cgkshj7w

If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.