Malware Analysis
Federal Law Enforcement Training Center’s 2016 Cybercrime Conference
1 min read
Cisco Systems is participating in the Federal Law Enforcement Training Center’s (FLETC) Cybercrime Conference, held July 6-8, 2016, in Glynco, Georgia. The purpose of this event is to foster education and awareness of the current threats and innovations that may impact today’s law enforcement officers and the manner in which they deal with cybercrime. The […]
Research Spotlight: ROPMEMU – A Framework for the Analysis of Complex Code Reuse Attacks
1 min read
The post was authored by Mariano Graziano. Executive Summary Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in response to better mitigations. Code-reuse attacks, such as return-oriented programming (ROP), are […]
Research Spotlight: The Resurgence of Qbot
1 min read
The post was authored by Ben Baker. Qbot, AKA Qakbot, has been around for since at least 2008, but it recently experienced a large surge in development and deployments. Qbot primarily targets sensitive information like banking credentials. Here we are unveiling recent changes to the malware that haven’t been made public yet. Qbot’s primary means […]
Detecting Ransomware From The Outside Looking In
2 min read
Most malware analysis technologies, like sandboxes, put some sort of hook or software inside their analysis environment in order to observe what is actually happening. This could be a specific DLL file, or a debugger. The problem with this approach is that malware authors are aware of it, they look for it, and they build […]
AMP Threat Grid Renews the Support of Law Enforcement
2 min read
In March 2015, Cisco created the AMP Threat Grid for Law Enforcement Program, empowering state and local law enforcement agencies with its dynamic malware analysis and threat intelligence platform. Cisco has renewed the program and made it a permanent part of Cisco Gives. Law Enforcement investigators can register for the program on the new Cisco […]
Teslacrypt 3.0.1 – Tales from the Crypt(o)!
1 min read
This post is authored by Andrea Allievi and Holger Unterbrink Executive Summary Ransomware is malicious software that is designed to hold users’ files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit […]
Down the Rabbit Hole: Botnet Analysis for Non-Reverse Engineers
9 min read
This post is authored by Earl Carter & Holger Unterbrink. Overview Talos is often tasked with mapping the backend network for a specific piece of malware. One approach is to first reverse engineer the sample and determine exactly how it operates. But what if there is no time or resources to take the sample apart? […]
Cognitive Research: Learning Detectors of Malicious Network Traffic
9 min read
This post was authored by Karel Bartos, Vojtech Franc, & Michal Sofka. Malware is constantly evolving and changing. One way to identify malware is by analyzing the...
AMP Threat Grid Empowers Law Enforcement to Fight Cybercrime
2 min read
Recognizing the critical need for state and local law enforcement agencies to have state-of-the art technologies to effectively fight digital crime, Cisco is creating the AMP Threat Grid for Law Enforcement Program. The program is designed to empower those working to protect our communities from cybercriminals with its dynamic malware analysis and threat intelligence platform. […]