Malware Analysis

September 14, 2016


H1N1: Technical analysis reveals new capabilities – part 2

This is the second blog in a 3 part series that provides an in-depth technical analysis on the H1N1 malware. You can read the first entry here where I covered the evolution of H1N1, its infection vector and obfuscation techniques. This blog will provide an overview of its execution. H1N1 Execution Execution flow is broken down […]

September 13, 2016


H1N1: Technical analysis reveals new capabilities

This blog is the first in a 3 part series that will provide an in-depth technical analysis on the H1N1 malware. I’ll be looking at how H1N1 has evolved, its obfuscation, analyzing its execution including new information stealing and user account control bypass capabilities, and finally exploring how we are both using and influencing security tools […]

June 17, 2016


Federal Law Enforcement Training Center’s 2016 Cybercrime Conference

Cisco Systems is participating in the Federal Law Enforcement Training Center’s (FLETC) Cybercrime Conference, held July 6-8, 2016, in Glynco, Georgia. The purpose of this event is to foster education and awareness of the current threats and innovations that may impact today’s law enforcement officers and the manner in which they deal with cybercrime. The […]

June 1, 2016


Research Spotlight: ROPMEMU – A Framework for the Analysis of Complex Code Reuse Attacks

The post was authored by Mariano Graziano. Executive Summary Attacks have grown more and more complex over the years. The evolution of the threat landscape has demonstrated this where adversaries have had to modify their tactics to bypass mitigations and compromise systems in response to better mitigations. Code-reuse attacks, such as return-oriented programming (ROP), are […]

April 28, 2016


Research Spotlight: The Resurgence of Qbot

The post was authored by Ben Baker. Qbot, AKA Qakbot, has been around for since at least 2008, but it recently experienced a large surge in development and deployments. Qbot primarily targets sensitive information like banking credentials. Here we are unveiling recent changes to the malware that haven’t been made public yet. Qbot’s primary means […]

March 30, 2016


Detecting Ransomware From The Outside Looking In

Most malware analysis technologies, like sandboxes, put some sort of hook or software inside their analysis environment in order to observe what is actually happening. This could be a specific DLL file, or a debugger. The problem with this approach is that malware authors are aware of it, they look for it, and they build […]

March 17, 2016


AMP Threat Grid Renews the Support of Law Enforcement

In March 2015, Cisco created the AMP Threat Grid for Law Enforcement Program, empowering state and local law enforcement agencies with its dynamic malware analysis and threat intelligence platform. Cisco has renewed the program and made it a permanent part of Cisco Gives. Law Enforcement investigators can register for the program on the new Cisco […]

March 16, 2016


Teslacrypt 3.0.1 – Tales from the Crypt(o)!

This post is authored by Andrea Allievi and Holger Unterbrink Executive Summary Ransomware is malicious software that is designed to hold users’ files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit […]

September 30, 2015


Down the Rabbit Hole: Botnet Analysis for Non-Reverse Engineers

This post is authored by Earl Carter & Holger Unterbrink. Overview Talos is often tasked with mapping the backend network for a specific piece of malware. One approach is to first reverse engineer the sample and determine exactly how it operates. But what if there is no time or resources to take the sample apart? […]