Cisco Blogs
Voice Search is currently unavailable
Powered by Google Web Speech API
We didn't hear that. Try again.
When autocomplete results are available use up and down arrows to review and enter to select

Cobalt strike

June 22, 2020

THREAT RESEARCH

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

1 min read

By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although […]

February 18, 2020

SECURITY

Building a bypass with MSBuild

1 min read

By Vanja Svajcer. In one of our previous posts, we discussed the usage of default operating system functionality and other legitimate executables to execute the so-called “living-off-the-land” approach to the post-compromise phase of an attack. We called those binaries LoLBins. Since then, Cisco Talos has analyzed telemetry we received from Cisco products and attempted to […]

November 13, 2019

THREAT RESEARCH

Hunting For LolBins

1 min read

Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of staying undetected within an organisation, usually during post-exploitation attack phases. Living-off-the-land tactics […]