Old dog, new tricks – Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign...
Fake AV Investigation Unearths KevDroid, New Android Malware
Talos identified two variants of the Android Remote Administration Tool (RAT) with the capability to steal information on the compromised device (contacts, SMS and phone history) and record phone calls.
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We […]
New KONNI Campaign References North Korean Missile Capabilities
This blog was authored by Paul Rascagneres Executive Summary We recently wrote about the KONNI Remote Access Trojan (RAT) which has been distributed by a small number of campaigns over the past 3 years. We have identified a new distribution campaign which took place on 4th July. The malware used in this campaign has similar […]
Delphi Used To Score Against Palestine
Executive Summary This blog was authored by Paul Rascagneres and Warren Mercer with contributions from Emmanuel Tacheau, Vanja Svajcer and Martin Lee. Talos continuously monitors malicious emails campaigns. We identified one specific spear phishing campaign launched against targets within Palestine, and specifically against Palestinian law enforcement agencies. This campaign started in April 2017, using a […]
KONNI: A Malware Under The Radar For Years
Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. […]
This blog was authored by Warren Mercer and Paul Rascagneres with contributions from Matthew Molyett. Executive Summary A few weeks ago, Talos published research on a Korean MalDoc. As we previously discussed this actor is quick to cover their tracks and very quickly cleaned up their compromised hosts. We believe the compromised infrastructure was live […]
Malware Meets SysAdmin – Automation Tools Gone Bad
This post was authored by Alex Chiu and Xabier Ugarte Pedrero. Talos recently spotted a targeted phishing attack with several unique characteristics that are not normally seen. While we monitor phishing campaigns used to distribute threats such as Dridex, Upatre, and Cryptowall, targeted phishing attacks are more convincing because the format of the message is personalized […]