JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams.
Malware
DNSpionage brings out the Karkoff
In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...
Email – From Novelty to Nefarious
How a revolutionary technology was usurped for evil, and what we can do about it Since its inception, email has gone from a novelty, to a necessity, to at...
Ransomware or Wiper? LockerGoga Straddles the Line
LockerGoga is a ransomware variant that, while lacking sophistication, can still cause extensive damage to organizations or individuals. Talos has also seen wiper malware impersonate ransomware, such as NotPetya.
GlitchPOS: New PoS malware for sale
Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker. Executive summary Point-of-sale malware is
Combing Through Brushaloader Amid Massive Detection Uptick
Brushaloader is an evolving threat that is being actively developed and refined over time as attackers identify areas of improvement and add additional functionality. Ensure PowerShell logging is enabled and configured on endpoints.
ExileRAT shares C2 with LuckyCat, targets Tibet
Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....
What we learned by unpacking a recent wave of Imminent RAT infections using AMP
Cisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's (AMP) Exploit Prevention engine. AMP successfully...
Threat Hunting for the Holidays
Cisco Threat Response demystifies and proactively speeds threat hunting for the stealthiest one percent of threats that can compromise your endpoints, exfiltrate your data, and disrupt your services becomes imperative.