RAT

May 19, 2020

SECURITY

The Wolf Is Back…

Cisco Talos has discovered a new Android malware based on a leak of the DenDroid malware family. We named this malware “WolfRAT” due to strong links between this malware (and the command and control (C2) infrastructure) and Wolf Research, an infamous organization that developed interception and espionage-based malware and was publicly described by CSIS during VirusBulletin […]

April 16, 2020

SECURITY

PoetRAT Uses Covid-19 Lures To Attack Azerbajian

Cisco Talos has discovered a new malware campaign based on a previously unknown family we’re calling “PoetRAT.” At this time, we do not believe this attack is associated with an already known threat actor. Our research shows the malware was distributed using URLs that mimic some Azerbaijan government domains, thus we believe the adversaries in […]

January 16, 2020

SECURITY

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

Today, Cisco Talos is unveiling the details of a new RAT we have identified we’re calling “JhoneRAT.” This new RAT is dropped to the victims via malicious Microsoft Office documents. The dropper, along with the Python RAT, attempts to gather information on the victim’s machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB […]

October 30, 2019

SECURITY

Remote Access Trojans

You’re working for a high-profile technology company, close to releasing a market-changing product to the public. It’s a highly contested space, with many competitors, both domestic and international. There’s also...

September 24, 2019

THREAT RESEARCH

How Tortoiseshell created a fake veteran hiring website to host malware

Cisco Talos discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Symantec had previously identified the actor as Tortoiseshell.

August 28, 2019

THREAT RESEARCH

RAT Ratatouille – Backdooring PCs with leaked RATs

Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to...

February 4, 2019

THREAT RESEARCH

ExileRAT shares C2 with LuckyCat, targets Tibet

Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....

November 27, 2018

THREAT RESEARCH

DNSpionage Campaign Targets Middle East

DNSpionage Campaign Targets Middle East This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United...

October 15, 2018

THREAT RESEARCH

Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign...