Threat Research

January 27, 2017

THREAT RESEARCH

Matryoshka Doll Reconnaissance Framework

This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid s…

January 18, 2017

THREAT RESEARCH

Without Necurs, Locky Struggles

This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis. The main driver beh…

November 28, 2016

THREAT RESEARCH

Cerber Spam: Tor All the Things!

This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor. Executive Summary Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almost constant basis. Recen…

November 22, 2016

THREAT RESEARCH

Fareit Spam: Rocking Out to a New File Type

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape including the email threat landscape. Lately this landscape has been dominated with Locky distribution. During a recent Locky vacation Talos noticed an interesting shift in file types being used to distribute anot…

October 31, 2016

THREAT RESEARCH

Sundown EK: You Better Take Care

This post was authored by Nick Biasini Over the last six months the exploit kit landscape has seen some major changes. These changes began with Nuclear ceasing operations in April/May and arrests in Russia coinciding with the end of Angler in June. Recently, Neutrino has been added to the list of e…

September 29, 2016

THREAT RESEARCH

Want Tofsee My Pictures? A Botnet Gets Aggressive

This post was authored by Edmund Brumaghin Summary Tofsee is multi-purpose malware that has been in existence for several years, operating since at least 2013. It features a number of modules that are used to carry out various activities such as sending spam messages, conducting click fraud, mining…

September 1, 2016

THREAT RESEARCH

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted

This blog authored by Nick Biasini. Exploit kits are a class of threat that indiscriminately aims to compromise all users. Talos has continued to monitor this threat over time resulting in large scale research and even resulting in a large scale takedown. The focus of this investigation is on the to…

July 7, 2016

THREAT RESEARCH

Connecting the Dots Reveals Crimeware Shake-up

This Post Authored by Nick Biasini For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the landscape, causing a shake-up that hadn’t been seen before.  For a period of three weeks the internet was safer, if only for a short time. Still to date…

June 30, 2016

THREAT RESEARCH

Gotta be SWIFT for this Spam Campaign!

Talos have observed a large uptick in the Zepto ransomware and have identified a method of distribution for the Zepto ransomware, Spam Email. Locky/Zepto continue to be well known ransomware variants and as such we will focus on the spam email campaign. We found 137,731 emails in the last 4 days usi…