malware

April 3, 2017

THREAT RESEARCH

Introducing ROKRAT

1 min read

This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live […]

March 23, 2017

THREAT RESEARCH

How Malformed RTF Defeats Security Engines

1 min read

This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known  Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the […]

March 17, 2017

THREAT RESEARCH

Threat Round-up for the Week of Mar 13 – Mar 17

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from […]

February 10, 2017

SECURITY

Indicators of Compromise and where to find them

4 min read

Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry reports, Threat Grid sample […]

December 7, 2016

THREAT RESEARCH

Floki Bot Strikes, Talos and Flashpoint Respond

1 min read

This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamous Zeus trojan, the source code of which […]

November 1, 2016

PARTNER

The 3 S’s of Success: Security. Software. Simplicity.

2 min read

Our most profitable partners sell security. And the underpinning of security solutions is software. Yet profit isn’t the only reason you should amp up your security practice. With cyberattacks increasing...

October 19, 2016

SECURITY

Malicious Microsoft Office Documents Move Beyond InkPicture

3 min read

In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]

June 14, 2016

SECURITY

Advanced Malware Evasion Techniques HTTP-Evader

1 min read

Malware doesn’t play by the rules, so today’s IT infrastructure needs to provide several layers of defense for end-users.  Some of the more common devices used to protect modern networks are Intrusion Prevention systems (IPS) and Firewalls. In recent years, there has been a lot of research on how evasion techniques bypass Intrusion Prevention systems […]

February 10, 2016

SECURITY

DNSChanger Outbreak Linked to Adware Install Base

4 min read

[Ed. note: This post was authored by Veronica Valeros, Ross Gibb, Eric Hulse, and Martin Rehak] Late last autumn, the detector described in one...