Blog.

Welcome back to our Triage Thursday blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Families This Week

• Added detection and extraction for ServStart, Windows backdoor
  • ServStart sample:
    • 260212-rqfknset4f
• Added detection and extraction for GhostPenguin, Linux backdoor
  • GhostPenguin sample:
    • 260212-rp93wset2d
• Added extraction support for CoffLoader, Windows loader
  • CoffLoader sample:
    • 260212-rqbxgset3d
• Added detection for PixStealer, Android banking trojan
  • PixStealer sample:
    • 260212-rp79ases8h
• Added detection for PegasusLoader, Windows loader
  • PegasusLoader sample:
    • 260212-rvsqssex4h
• Added detection for MicroStealer, Java based stealer
  • MicroStealer sample:
    • 260212-rv6mnaex6g
• Added detection for DattoRMM, Windows RMM software
  • sample:
    • 260212-rqch1set3f
• Added detection for GobRAT, Linux RAT
  • GobRAT sample:
    • 260212-rqbayset2h
• Added detection for PassCat, Windows hacktool
  • PassCat sample:
    • 260212-rqfknset4g
• Added detection for DOPLUGS, a variant of Plugx
  • DOPLUGS sample:
    • 260212-rp9gcses9f
• Added detection for KazakRAT, Windows RAT
  • KazakRAT sample:
    • 260212-rqe9xaet4e
• Added detection for Farfli family, Windows backdoor
  • Farfli sample:
    • 260212-rp93wset2c
• Added detection for PUBLOAD Loader & Shellcode. Windows APT
  • PUBLOAD sample:
    • 260212-rqapeset2g
• Added detection for ProRat, Windows RAT
  • ProRat sample:
    • 260212-rqadnaet2e
• Added detection for Stihat family, Windows worm
  • Stihat sample:
    • 260212-rp7yjaes8f

Added Detection for Windows Stealer Families

• UnixStelaer sample:
  • 260212-rp79ases8g
• BRSStealer sample:
  • 260212-rqctsaet3h
• RootTeamStealer sample:
  • 260212-rqapeset2f
• ScarletStealer sample:
  • 260212-rqdfbaet4a
• Zeromax sample:
  • 260212-rp9gcses9g
• QvoidStealer sample:
  • 260212-rp8vtses9d

New Ransomware Detection

• Cactus sample:
  • 260212-rqd2vaet4b
• Vohuk sample:
  • 260212-rp86laes9e
• NominatusCrypto sample:
  • 260212-r1hssae17c
• AESRT sample:
  • 260212-rqbxgset3c
• Pandora sample:
  • 260212-rp9r5aes9h

Updates for Existing Families

• Updated detection for Novablight, Windows stealer
  • Novablight sample:
    • 260212-rrsxdsev3b

If you have any feedback, questions, or issues about Triage feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.