SamSam: The Doctor Will See You, After He Pays The Ransom
Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distri
Malware Word Search: Identifying Angler's Dictionary
This post authored by Steve Poulson with contributions from Nick Biasini. Exploit kits are constantly evolving and changing. We recently wrote about some subtle Angler changes but then Angler changed drastically on March 8. In this blog post, we will briefly cover these changes,
Angler Attempts to Slip the Hook
This post authored by Nick Biasini with contributions from Joel Esler, Erick Galinkin and Melissa Taylor Talos has discussed at length the sophistication of the Angler exploit kit. One thing that always makes Angler stand apart is the speed with which they develop and implement
Threat Spotlight: Upatre - Say No to Drones, Say Yes to Malware
Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a mali
Threat Spotlight: SSHPsychos
Introduction Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help inform and protect
Threat Spotlight: Spam Served With a Side of Dridex
This post was authored by Nick Biasini with contributions from Kevin Brooks. Overview The use of macro enabled word documents has exploded over the last year, a primary example payload being Dridex. Last week, Talos researchers identified another short lived spam campaign that
Threat Spotlight: Angler Lurking in the Domain Shadows
Overview Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts of subdomains for both initial redirection and exploitation. This campaign has been largely attribu