Cisco Talos Intelligence Blog

June 3, 2021 08:06

Necro Python bot adds new exploits and Tezos mining to its bag of tricks

By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay. News summary * Some malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and

April 21, 2021 07:04

A year of Fajan evolution and Bloomberg themed campaigns

By Vanja Svajcer. News summary * Some malware campaigns are designed to spread malware to as many people as possible — while some others carefully choose their targets. Cisco Talos recently discovered a malware campaign that does not fit in any of the two categories. This ac

December 1, 2020 11:12

Xanthe - Docker aware miner

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command NEWS SUMMARY * Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways. * Cisco Talos recently discovered a cryptocur

October 13, 2020 10:10

Lemon Duck brings cryptocurrency miners back into the spotlight

By Vanja Svajcer, with contributions from Caitlin Huey. * We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently recorded increased activity

July 22, 2020 11:07

Prometei botnet and its quest for Monero

NEWS SUMMARY * We are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Pro

April 2, 2020 11:04

AZORult brings friends to the party

By Vanja Svajcer. NEWS SUMMARY * We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way. * Here, we discuss a multi-pronged cyber

February 18, 2020 11:02

Building a bypass with MSBuild

By Vanja Svajcer. NEWS SUMMARY * Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. * We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. * These threats demonstrate techniques T1127 (Trusted Developer

November 13, 2019 11:11

Hunting for LoLBins

By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud service

August 27, 2019 11:08

China Chopper still active 9 years later

By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is a we