Threat Research
Matryoshka Doll Reconnaissance Framework
This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid s…
Without Necurs, Locky Struggles
This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis. The main driver beh…
Cerber Spam: Tor All the Things!
This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor. Executive Summary Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almost constant basis. Recen…
Fareit Spam: Rocking Out to a New File Type
This post authored by Nick Biasini Talos is constantly monitoring the threat landscape including the email threat landscape. Lately this landscape has been dominated with Locky distribution. During a recent Locky vacation Talos noticed an interesting shift in file types being used to distribute anot…
Sundown EK: You Better Take Care
This post was authored by Nick Biasini Over the last six months the exploit kit landscape has seen some major changes. These changes began with Nuclear ceasing operations in April/May and arrests in Russia coinciding with the end of Angler in June. Recently, Neutrino has been added to the list of e…
Want Tofsee My Pictures? A Botnet Gets Aggressive
This post was authored by Edmund Brumaghin Summary Tofsee is multi-purpose malware that has been in existence for several years, operating since at least 2013. It features a number of modules that are used to carry out various activities such as sending spam messages, conducting click fraud, mining…
Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted
This blog authored by Nick Biasini. Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued to monitor this threat over time resulting in large scale research and even resulting in a large scale takedown. The focus of this investigation is on the to…
Connecting the Dots Reveals Crimeware Shake-up
This Post Authored by Nick Biasini For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the landscape, causing a shake-up that hadn’t been seen before. For a period of three weeks the internet was safer, if only for a short time. Still to date…
Gotta be SWIFT for this Spam Campaign!
Talos have observed a large uptick in the Zepto ransomware and have identified a method of distribution for the Zepto ransomware, Spam Email. Locky/Zepto continue to be well known ransomware variants and as such we will focus on the spam email campaign. We found 137,731 emails in the last 4 days usi…