Cobalt strike
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although […]
Building a bypass with MSBuild
By Vanja Svajcer. In one of our previous posts, we discussed the usage of default operating system functionality and other legitimate executables to execute the so-called “living-off-the-land” approach to the post-compromise phase of an attack. We called those binaries LoLBins. Since then, Cisco Talos has analyzed telemetry we received from Cisco products and attempted to […]
Hunting For LolBins
Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of staying undetected within an organisation, usually during post-exploitation attack phases. Living-off-the-land tactics […]