Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

September 26, 2019

THREAT RESEARCH

Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host

Cisco Talos recently discovered a new malware loader being used to deliver and infect systems with a previously undocumented malware payload called "Divergent."

September 24, 2019

THREAT RESEARCH

How Tortoiseshell created a fake veteran hiring website to host malware

Cisco Talos discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Symantec had previously identified the actor as Tortoiseshell.

September 20, 2019

THREAT RESEARCH

Threat Roundup for September 13 to September 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sep. 13 to Sep 20.

September 17, 2019

THREAT RESEARCH

Emotet is back after a summer break

Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire.

September 17, 2019

THREAT RESEARCH

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware.

September 13, 2019

THREAT RESEARCH

Threat Roundup for September 6 to September 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sep. 6. to Sep 13. As with previous roundups, this post isn't meant to be an in-depth analysis.

September 11, 2019

THREAT RESEARCH

Watchbog and the Importance of Patching

Cisco Incident Response (CSIRS) recently responded to an incident involving the Watchbog cryptomining botnet. By Luke DuCharme and Paul Lee.

September 6, 2019

THREAT RESEARCH

Threat Roundup for August 30 to September 6

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 30 and Sep. 6.

September 5, 2019

THREAT RESEARCH

GhIDA: Ghidra decompiler for IDA Pro

Executive Summary Cisco Talos is releasing two new tools for IDA Pro: GhIDA and Ghidraaas. GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler...