Blog.

Welcome back to our Triage Thursday™ blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Windows Families This Week

• Added detection and extraction for Grunt aka Covenant, Windows loader
  • Grunt sample:
    • 260521-hky1dsay21
• Added detection and extraction for Corebot, Windows stealer
  • Corebot sample:
    • 260521-hshclsaz9w
• Added detection and extraction for EvolutionStealer, Windows stealer
  • EvolutionStealer sample:
    • 260521-hk8jtsay7y
• Added detection for NotDoor, Windows backdoor
  • NotDoor sample:
    • 260521-hkzlxsay3x
• Added detection for Jadtre, Windows trojan
  • Jadtre sample:
    • 260521-hk3zcaay41
• Added detection for VTFlooder, Windows trojan
  • VTFlooder sample:
    • 260521-hkvmzaax8z
• Added extraction support for UnixStealer, Windows stealer
  • UnixStealer sample:
    • 260521-hkxgkaax91
• Added detection for Empire, Windows post-exploitation framework
  • Empire sample:
    • 260521-hkxsbsay2v

Detection for Android

• Added detection for BuzzOut, Android spyware
  • BuzzOut sample:
    • 260521-hk3zcaay4z
• Added detection for Dark Caracal, Android surveillanceware
  • DarkCaracal sample:
    • 260521-ht24eaa13v
• Added detection for GoldenCup, Android spyware
  • GoldenCup sample:
    • 260521-hkwv2aax9x
• Added detection for Hornbill, Android surveillanceware
  • Hornbill sample:
    • 260521-hk222say4w
• Added detection for Moonshine, Android surveillanceware
  • Moonshine sample:
    • 260521-hk6egaay6x
• Added detection for SunBird, Android surveillanceware
  • SunBird sample:
    • 260521-hk394say5s

Detection for Linux Families

• Added detection for BruteEntry, Linux botnet
  • BruteEntry sample:
    • 260521-hk1h8aay31
• Added detection for PeerTime, Linux backdoor
  • PeerTime sample:
    • 260521-hkx34aay2w

APT Equation Group

• Added detection for Equation Drug platform, APT Equation Group
  • EquationDrug sample:
    • 260521-hwfyysa16w
• Added detection for FannyWorm, APT Equation Group
  • FannyWorm sample:
    • 260521-hk7yasay7x

Detection for Ransomware

• BallerWare sample:
  • 260521-hkx34aay2y
• Doitman sample:
  • 260521-hk7mjaay7v
• EduRansom sample:
  • 260521-hk4wmsay5t
• Ekati sample:
  • 260521-hnhgtaaz4z
• ElmersGlue sample:
  • 260521-hw7fxaa17z
• EncoderCSL sample:
  • 260521-hkw6ssax9z
• Encrpt3d sample:
  • 260521-hkxsbsay2s
• Erebus (Linux ransomware) sample:
  • 260521-hkv9haax9w
• Kangaroo sample:
  • 260521-hk5syaay51
• Lalia sample:
  • 260521-hk3nksay4y
• NBLock Black sample:
  • 260521-hkza6aay3w
• Odyssey sample:
  • 260521-hkvmzaax9s
• VileRansomware sample:
  • 260521-hkypmaay2z

Updates for Existing Families

• Updated detection and extraction for AdaptixC2, Linux and Windows versions
  • AdaptixC2 samples:
    • Linux samples:
      • 260521-hk2fhsay4t
      • 260521-hzjh9agz8l
    • Windows PNG hidden sample:
      • 260521-hkza6aay3t
• Updated detection and extraction for Ngate, Android NFC-based trojan
  • Ngate sample:
    • 260521-hk47eaay5w
• Updated detection and extraction for VanillRAT, Windows RAT
  • VanillaRAT sample:
    • 260521-hk5g6say5y
• Updated detection for HiddenTear aka Cryptear, Windows ransomware
  • HiddenTear sample:
    • 260521-hk5g6say5x

If you have any feedback, questions, or issues about Triage™ feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.