Cisco Talos Blog

August 28, 2019 10:59

RAT Ratatouille: Backdooring PCs with leaked RATs

Executive summary Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to attack organizations and individuals around the world. The source code asso

July 1, 2019 11:20

RATs and stealers rush through “Heaven’s Gate” with new loader

By Holger Unterbrink and Edmund Brumaghin. Executive summary Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. F

October 15, 2018 12:00

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and othe

October 1, 2018 12:59

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

TALOS-2018-0626 / CVE-2018-3956 is an exploitable out-of-bounds read vulnerability which can disclose sensitive memory content and could be used, in conjunction with other vulnerabilities, to aid in full compromise. A specially crafted PDF file could trigger this vulnerability.