Welcome back to our Triage Thursday™ blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.
New Windows Families This Week
- Added detection and extraction for Eimeria malware, Windows RAT
- Eimeria sample:
- Added detection and extraction for GovTI family, Linux stealer
- GovTI sample:
- Added detection and extraction for Netherhound malware, Windows stealer
- Netherhound sample:
- Added detection for CookiePlus, Windows loader used by Lazarus
- CookiePlus sample:
- Added detection for DarkRAT, Windows RAT
- DarkRAT sample:
- Added detection for BoratRAT family, Windows RAT
- BoratRAT sample:
- Added detection for CrossRAT malware, Windows RAT
- CrossRAT sample:
- Added detection for DeimosC2 family, cross-platform stealer
- DeimosC2 sample:
- Added detection for Tedy family, Windows trojan
- Tedy sample:
- Added detection for Mardom family, Windows trojan
- Mardom sample:
- Added detection for ChinaZ family, Linux DDoS bot
- ChinaZ sample:
- Added detection for VoltStealer
- VoltStealer sample:
- Added detection for LedgerChecker Stealer
- LedgerChecker sample:
- Added detection for ISLOnlineRMM Remote Management Tool * 260508-n6j19agv2y
Detection for Android
- Added detection for Gustuff, Android banking trojan
- Gustuff sample:
- Added detection for HawkShaw, Android RAT
- HawkShaw sample:
- Added detection for PackChat, Android spyware
- PackChat sample:
- Added detection for MysteryBot, Android banking trojan
- MysteryBot sample:
- Added detection for Mudwater, Android spyware
- Mudwater sample:
- Added detection for RedAlert2, Android banking trojan
- RedAlert2 sample:
- Added detection for HenBox, Android info stealer
- HenBox sample:
- Added detection for JadeRAT, Android surveillanceware tool
- JadeRAT sample:
- Added detection for KevDroid, Android RAT
- KevDroid sample:
- Added detection for Shopper, Android trojan
- Shopper sample:
- Added detection for Sauron Locker, Android ransomware
- SauronLocker sample:
- Added detection for Riltok, Android banking trojan
- Riltok sample:
- Added detection for ResidentBat, Android spyware
- ResidentBat sample:
Detection for Ransomware
- VECT sample:
- NightSky sample:
- HolyGhost sample:
- CMLocker sample:
- ChupaCabra sample:
- PenterWare sample:
- Cash sample:
- Charmant sample:
- Checkmail sample:
- Bazek sample:
- Beast sample:
- Amogus sample:
Updates for Existing Families
- Updated detection and extraction for Phorphiex spam module, Windows bot
- Phorphiex sample:
- Updated detection for x86 variant of Amadey, version 5.78
- Amadey sample:
- Updated extraction for AsyncRAT samples with plain-text config
- AsyncRAT sample:
- Updated detection for BrainCipher Linux variant
- BrainCipher sample:
If you have any feedback, questions, or issues about Triage™ feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.
You can find us directly through the website, or using the Feedback option on an analysis report page.
Not signed up yet? Head over to tria.ge to register for a free account.