CRAT wants to plunder your endpoints
By Asheer Malhotra. Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as “Hansom.” CRAT has been attributed to the Lazarus […]
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although […]
GravityRAT – The Two-Year Evolution Of An APT Targeting India
GravityRAT malware has implemented new features, such as file exfiltration, remote command execution capability and anti-vm techniques. Consistent evolution and innovation beyond standard remote code execution is concerning.
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
This post was authored by Warren Mercer, Paul Rascagneres and Vitor Ventura INTRODUCTION Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 […]