Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor
Cisco Secure Workload can directly support both initial steps to assist in the identification of compromised assets and the application of network restrictions to control network traffic through central automation of distributed firewalls at the workload level.
Trickbot: A primer
In recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat landscape. It has gone through a diverse set of changes since it was first discovered in 2016, including adding features that focus on Windows 10 and modules that target point of sale […]
Metamorfo Banking Trojan Keeps Its Sights on Brazil
Cisco Talos recently identified two ongoing malware distribution campaigns being used to infect victims with banking trojans, specifically financial institutions' customers in Brazil.
Smoking Guns – Smoke Loader learned new tricks
Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following...
CCleaner Command and Control Causes Concern
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]
Malware Meets SysAdmin – Automation Tools Gone Bad
This post was authored by Alex Chiu and Xabier Ugarte Pedrero. Talos recently spotted a targeted phishing attack with several unique characteristics that are not normally seen. While we monitor phishing campaigns used to distribute threats such as Dridex, Upatre, and Cryptowall, targeted phishing attacks are more convincing because the format of the message is personalized […]
Ding! Your RAT has been delivered
This post was authored by Nick Biasini Talos is constantly observing malicious spam campaigns delivering various different types of payloads. Common payloads include things like Dridex, Upatre, and various versions of Ransomware. One less common payload that Talos analyzes periodically are Remote Access Trojans or RATs. A recently observed spam campaign was using freeware remote […]