Cisco Talos Blog

September 21, 2021 08:11

TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines

News summary * Cisco Talos recently discovered a new backdoor used by the Russian Turla APT group. * We have seen infections in the U.S., Germany and, more recently, in Afghanistan. * It is likely used as a stealth second-chance backdoor to keep access to infected devices *

March 31, 2021 09:02

Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools

By Nick Lister and Holger Unterbrink, with contributions from Vanja Svajcer. News summary * Cisco Talos recently discovered a new campaign targeting video game players and other PC modders. * Talos detected a new cryptor used in several different malware campaigns hidden

January 6, 2021 09:00

A Deep Dive into Lokibot Infection Chain

Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we'll provide a technical breakdown of one of the latest Lokibot campaigns. Talos also has a new script to unpack the dropper's third stage. The actors behind Lokibot usu

December 17, 2020 09:02

Talos tools of the trade

By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the l

October 20, 2020 11:12

Dynamic Data Resolver - Version 1.0.1 beta

By Holger Unterbrink. 12/17/20 Update: A new version of this software and associated blog can be found here Cisco Talos is releasing a new beta version of Dynamic Data Resolver (DDR) today. This release comes with a new architecture for samples using multi-threading. The proce

September 3, 2020 11:05

Salfram: Robbing the place without removing your name tag

Threat summary * Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. * The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and

August 10, 2020 11:01

Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x

By Cory Duplantis. One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snap

May 28, 2020 10:59

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

10/20/20 Update: A new version of this software and associated blog can be found here Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is d