Xanthe - Docker aware miner
By Vanja Svajcer and Adam Pridgen, Cisco Incident Command NEWS SUMMARY * Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways. * Cisco Talos recently discovered a cryptocur
Lemon Duck brings cryptocurrency miners back into the spotlight
By Vanja Svajcer, with contributions from Caitlin Huey. * We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently recorded increased activity
Prometei botnet and its quest for Monero
NEWS SUMMARY * We are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling
AZORult brings friends to the party
By Vanja Svajcer. NEWS SUMMARY * We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way. * Here, we discuss a multi-pronged cyber
Building a bypass with MSBuild
By Vanja Svajcer. NEWS SUMMARY * Living-off-the-land binaries (LoLBins) continue to pose a risk to security defenders. * We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. * These threats demonstrate techniques T1127 (Trusted Developer
Hunting for LoLBins
By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legiti
China Chopper still active 9 years later
By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is
10 years of virtual dynamite: A high-level retrospective of ATM malware
ATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states.
