Ire identifies another LOTUSLITE specimen
Microsoft Research 1 month ago
Microsoft's Project Ire, an AI agent for malware classification, identified a LOTUSLITE backdoor variant that shared behavioral patterns with known samples but had a different hash not flagged by major security vendors. The sample was detected by only 1 of 72 security vendors on May 28, rising to 7 of 70 by June 4, while CrowdStrike Falcon, SentinelOne, Sophos, and others still missed it. Ire's behavior-based analysis caught the variant through function-by-function reverse engineering without relying on signature matching, demonstrating how agentic analysis can identify malware that escapes traditional detection methods.