malware

May 15, 2017

MANUFACTURING

WannaCry and Ransomware: How Manufacturers Can Reduce Risk

Friday, May 12 looked like a typical day for most folks as they went into work looking to finish off their day and head into the weekend. But as the day progressed, many organizations across the globe quickly realized that their TGIF was going to be spent dealing with a ransomware attack known as WannaCry. […]

May 3, 2017

THREAT RESEARCH

KONNI: A Malware Under The Radar For Years

Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. […]

April 14, 2017

THREAT RESEARCH

Threat Round-up for Apr 7 – Apr 14

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between April 7 and April 14. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

April 3, 2017

THREAT RESEARCH

Introducing ROKRAT

This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live […]

March 23, 2017

THREAT RESEARCH

How Malformed RTF Defeats Security Engines

This post is authored by Paul Rascagneres with contributions from Alex McDonnell Executive Summary Talos has discovered a new spam campaign used to infect targets with the well known  Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the […]

March 17, 2017

THREAT RESEARCH

Threat Round-up for the Week of Mar 13 – Mar 17

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed over the past week. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from […]

February 10, 2017

SECURITY

Indicators of Compromise and where to find them

Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry reports, Threat Grid sample […]

December 7, 2016

THREAT RESEARCH

Floki Bot Strikes, Talos and Flashpoint Respond

This blog post was authored by Ben Baker, Edmund Brumaghin, Mariano Graziano, and Jonas Zaddach Executive Summary Floki Bot is a new malware variant that has recently been offered for sale on various darknet markets. It is based on the same codebase that was used by the infamous Zeus trojan, the source code of which […]

November 1, 2016

PARTNER

The 3 S’s of Success: Security. Software. Simplicity.

Our most profitable partners sell security. And the underpinning of security solutions is software. Yet profit isn’t the only reason you should amp up your security practice. With cyberattacks increasing...