IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
By Asheer Malhotra. * Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. * These maldocs use malicious macros to deliver a multist
Tor2Mine is up to their old tricks — and adds a few new ones
By Kendall McKay and Joe Marshall. Threat summary * Cisco Talos has identified a resurgence of activity by Tor2Mine, a cryptocurrency mining group that was likely last active in 2018. Tor2Mine is deploying additional malware to harvest credentials and steal more money, includ
The wolf is back...
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. * We assess w
The basics of a ransomware infection as Snake, Maze expands
There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a
Trickbot: A primer
The group behind Trickbot has expanded its activities beyond credential theft into leasing malware to APT groups.
Threat actors attempt to capitalize on coronavirus outbreak
* Coronavirus is dominating the news and threat actors are taking advantage. * Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to try and incr
Breaking down a two-year run of Vivin’s cryptominers
News Summary * There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. * "Vivin" has consistently evolved over the past few years, despite having poor operational security
Emotet is back after a summer break
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking tro
Malvertising: Online advertising's darker side
Executive summary One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements (aka malvertising) and allowing content to remain online, accessible for the average user. The days of installing a basic ad blocker