RAT

October 30, 2019

SECURITY

Remote Access Trojans

You’re working for a high-profile technology company, close to releasing a market-changing product to the public. It’s a highly contested space, with many competitors, both domestic and international. There’s also...

September 24, 2019

THREAT RESEARCH

How Tortoiseshell created a fake veteran hiring website to host malware

Cisco Talos discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Symantec had previously identified the actor as Tortoiseshell.

August 28, 2019

THREAT RESEARCH

RAT Ratatouille – Backdooring PCs with leaked RATs

Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to...

February 4, 2019

THREAT RESEARCH

ExileRAT shares C2 with LuckyCat, targets Tibet

Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....

November 27, 2018

THREAT RESEARCH

DNSpionage Campaign Targets Middle East

DNSpionage Campaign Targets Middle East This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United...

October 15, 2018

THREAT RESEARCH

Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign...

April 2, 2018

THREAT RESEARCH

Fake AV Investigation Unearths KevDroid, New Android Malware

Talos identified two variants of the Android Remote Administration Tool (RAT) with the capability to steal information on the compromised device (contacts, SMS and phone history) and record phone calls.

January 15, 2018

THREAT RESEARCH

Korea In The Crosshairs

This article exposes the malicious activities of Group 123 during 2017. We assess with high confidence that Group 123 was responsible for six campaigns targeting both Korean and Non-Korean institutions.

November 27, 2017

THREAT RESEARCH

ROKRAT Reloaded

This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We […]