Blog.

Welcome back to our Triage Thursday™ blog series! We’re excited to share this week’s detection updates with you. In these quick posts, we highlight the latest malware families detections that have been added.

New Windows Families This Week

• Added detection and extraction for Overlord, Windows RAT
  • Overlord sample:
    • 260610-t9wr4sex5k
• Added detection and extraction for OnyxC2, Windows backdoor
  • OnyxC2 sample:
    • 260610-t5e9kadt9s
• Added extraction support for XoriumStealer, Windows stealer
  • XoriumStealer sample:
    • 260610-t5fkbsdt9t
• Added detection for KralcanStealer, Windows NodeJS stealer
  • KralcanStealer sample:
    • 260610-t5kjaaew8l
• Added detection for LokiRAT, Windows RAT
  • LokiRAT sample:
    • 260610-t5fkbsdt9v
• Added detection for SilentNet, Java-based stealer
  • SilentNet sample:
    • 260611-lpw85sbz4m
• Added detection for TiFlux, RMM tool abused as backdoor
  • sample: 260610-t5eyssew8k

Detection for Android

• Added detection for GPlayed, Android trojan
  • GPlayed sample:
    • 260610-t5bldaew7m
• Added detection for HilalRAT, Android RAT
  • HilalRAT sample:
    • 260610-t5mzeadv2w
• Added detection for KnSpy, Android spyware
  • KnSpy sample:
    • 260610-v6gz8ae17l
• Added detection for KSREMOTE, Android infostealer
  • KSREMOTE sample:
    • 260610-t5mcwaew8n
• Added detection for Loki, Android infostealer
  • Loki sample:
    • 260610-t5mnmsew8r
• Added detection for LokiBot, Android banking trojan
  • LokiBot sample:
    • 260610-t5dqqsdt81
• Added detection for LuckyCat, Android RAT
  • LuckyCat sample:
    • 260610-t5mcwaew8p
• Added detection for LunaSpy, Android spyware
  • LunaSpy sample:
    • 260610-t5l24sdv2v

Detection for Linux Families

• Added detection for Vulcan, multi-architecture Linux botnet
  • Vulcan sample:
    • 260610-t5fv4adt9w
• Added detection for Minocat, Linux tunneler
  • Minocat sample:
    • 260610-t5ctfaew7r
• Added detection for PUMAKIT, Linux rootkit
  • PUMAKIT sample:
    • 260611-ls5dxsaz3z

Detection for Ransomware

• Anubis (Windows version) sample:
  • 260611-lvvx9sbz6q
• Akira (Linux version) sample:
  • 260610-t5chnsew7q
• BQTLock (Linux version) sample:
  • 260611-lwm9tabz7n

Updates for Existing Families

• Updated detection and extraction for Vidar v2.0 new version
  • Vidar sample:
    • 260611-gqnk6sax3p
• Updated signatures for BlackBasta ransomware
  • BlackBasta sample:
    • 260610-t5lfksdv2t
• Updated detection for new version of BTMOB, Android RAT
  • BTMOB sample:
    • 260610-vwpbjsdx3w

If you have any feedback, questions, or issues about Triage™ feel free to reach out to us any time - we do our best to respond to all feedback but even if we can’t get back to you straight away your files will go into our list of things to review and help us prioritize tasks.

You can find us directly through the website, or using the Feedback option on an analysis report page.

Not signed up yet? Head over to tria.ge to register for a free account.