Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 7 and April 14. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats
This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks
This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve
Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system.
This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase
In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used
Malware doesn’t play by the rules, so today’s IT infrastructure needs to provide several layers of defense for end-users. Some of the more common devices used to protect modern networks are Intrusion Prevention systems (IPS) and Firewalls. In
