Cisco Talos Blog

April 26, 2018 11:11

GravityRAT - The Two-Year Evolution Of An APT Targeting India

This blog post is authored by Warren Mercer and Paul Rascagneres. Update: 4/30 Since the publication of the blog post, one of the anti-VM capability was commented a lot on Twitter: the detection of Virtual Machines by checking the temperature of the system. We decided to add mo

By Paul Rascagneres
April 26, 2018 09:54

Vulnerability Spotlight: Hyland Perceptive Document Filters Multiple Vulnerabilites

Vulnerabilities discovered by Marcin 'Icewall' Noga from Talos Overview Talos has discovered multiple vulnerabilities in Hyland Perceptive Document Filters software. This software is a toolkit that allows developers to read and extract metadata from a file. It supports

By Paul Rascagneres
Vulnerability Spotlight
April 2, 2018 11:48

Fake AV Investigation Unearths KevDroid, New Android Malware

This blog post is authored by Warren Mercer, Paul Rascagneres, Vitor Ventura and with contributions from Jungsoo An. Summary Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was m

By Paul Rascagneres
RAT
February 26, 2018 13:03

Who Wasn’t Responsible for Olympic Destroyer?

Summary Absent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The threat actor responsible for the attack has

By Paul Rascagneres, Martin Lee
February 7, 2018 00:48

Targeted Attacks In The Middle East

This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attacks affecting the Middle East. This campaign contains the following elements, which are described in detail in this article. * The use of allege

By Paul Rascagneres
January 16, 2018 00:57

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An.  A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious

By Paul Rascagneres
RAT
January 10, 2018 09:03

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 

By Paul Rascagneres
December 19, 2017 10:57

Virus Bulletin Publication And Presentation

Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task

By Paul Rascagneres
November 28, 2017 00:52

ROKRAT Reloaded

This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Executive Summary Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloade

By Paul Rascagneres
RAT