Articles
Threat Roundup for February 28 to March 6
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 28 and Mar 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral cha…
Bisonal: 10 years of play
Bisonal is a remote access trojan (RAT) that’s part of the Tonto Team arsenal. The peculiarity of the RAT is that it’s been in use for more than 10 years — this is an uncommon and long period for malware. Over the years, it has evolved and adapted mechanisms to avoid detection while keep…
Threat Roundup for February 21 to February 28
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 21 and Feb 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
New Research Paper: Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem
Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the ability o…
Threat Roundup for February 14 to February 21
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 14 and Feb 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral ch…
ObliqueRAT: New RAT hits victims’ endpoints via malicious documents
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.” These maldocs use malicious macros to deliver the second stage RAT payload. This campaign…
Building a bypass with MSBuild
By Vanja Svajcer. In one of our previous posts, we discussed the usage of default operating system functionality and other legitimate executables to execute the so-called “living-off-the-land” approach to the post-compromise phase of an attack. We called those binaries LoLBins. Since the…
Threat Roundup for February 7 to February 14
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 7 and Feb 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral cha…
Threat actors attempt to capitalize on coronavirus outbreak
By Nick Biasini and Edmund Brumaghin. Coronavirus is dominating the news and threat actors are taking advantage. Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to t…