malware
Introducing ROKRAT
1 min read
This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live […]
How Malformed RTF Defeats Security Engines
1 min read
This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the […]
Threat Round-up for the Week of Mar 13 – Mar 17
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from […]
Indicators of Compromise and where to find them
4 min read
Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry reports, Threat Grid sample […]
Floki Bot Strikes, Talos and Flashpoint Respond
1 min read
This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamous Zeus trojan, the source code of which […]
The 3 S’s of Success: Security. Software. Simplicity.
2 min read
Our most profitable partners sell security. And the underpinning of security solutions is software. Yet profit isn’t the only reason you should amp up your security practice. With cyberattacks increasing...
Malicious Microsoft Office Documents Move Beyond InkPicture
3 min read
In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]
Advanced Malware Evasion Techniques HTTP-Evader
1 min read
Malware doesn’t play by the rules, so today’s IT infrastructure needs to provide several layers of defense for end-users. Some of the more common devices used to protect modern networks are Intrusion Prevention systems (IPS) and Firewalls. In recent years, there has been a lot of research on how evasion techniques bypass Intrusion Prevention systems […]
DNSChanger Outbreak Linked to Adware Install Base
4 min read
[Ed. note: This post was authored by Veronica Valeros, Ross Gibb, Eric Hulse, and Martin Rehak] Late last autumn, the detector described in one...