Cisco Talos Intelligence Blog

September 3, 2020 11:09

Salfram: Robbing the place without removing your name tag

Threat summary * Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. * The campaigns distributed various malware payloads including Gozi ISFB, ZLoader, SmokeLoader and

August 10, 2020 11:08

Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x

By Cory Duplantis. One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snap

May 28, 2020 10:05

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

10/20/20 Update: A new version of this software and associated blog can be found here Executive summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is d

August 28, 2019 10:08

RAT Ratatouille: Backdooring PCs with leaked RATs

Executive summary Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to attack organizations and individuals around the world. The source code asso

July 1, 2019 11:07

RATs and stealers rush through “Heaven’s Gate” with new loader

By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flyin