January 15, 2020


Disk Image Deception

11 min read

Cisco's Computer Security Incident Response Team (CSIRT) detected a large and ongoing malspam campaign leveraging the .IMG file extension to bypass automated malware analysis tools and infect machines with a variety of Remote Access Trojans. During our investigation, we observed multiple tactics, techniques, and procedures (TTPs) that defenders can monitor for in their environments. Our incident response and security monitoring team's analysis on a suspicious phishing attack uncovered some helpful improvements in our detection capabilities and timing.

April 25, 2019


JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan

1 min read

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give...