Additional TinyTurla C2 and tooling information blog.talosintelligence.com/tinyturla-ng-t…

GhostSec’s joint ransomware operation and evolution of their arsenal blog.talosintelligence.com/ghostsec-ghost…

Continuing our research into the #Turla APT, we now have a rundown of the full kill chain this group is using as part of its #TinyTurla operations, including the most recent tooling we discovered. More details up on the blog now cs.co/6010k27Rs

While hunting for maldocs/lures I stumbled upon this virus that looked interesting and it was still active in some organizations in Ukraine blog.talosintelligence.com/offlrouter-vir…

I released the second part to my "Exploring malicious Windows drivers" series 👀 it focuses mainly on the I/O system, IRPs and the basics of IOCTLs blog.talosintelligence.com/exploring-mali…

Details on APT41 activity blog.talosintelligence.com/chinese-hackin…

This started as an investigation into a maldoc with obfuscated VBA code and some unused legit functions lead to discovery of other maldocs generated by MacroPack. blog.talosintelligence.com/threat-actors-…

DragonRank, a Chinese-speaking SEO manipulator service provider blog.talosintelligence.com/dragon-rank-se…

Preliminary Schedule finally online tinyurl.com/yya5jdxf #BalCCon #BalCCon2k24 #infosec #Hacking #NoviSad kost Vanja Svajcer @[email protected] (Fediverse) Crypto Lek Marc R Malware Utkonos Kirils Solovjovs Max Goran_Mahovlic …..

Talos discovered previously undocumented backdoors and additional components used by Romcom blog.talosintelligence.com/uat-5647-romco…

Gophish and a new Powershell RAT blog.talosintelligence.com/gophish-powerr…

I presented part of this work on learning about vulnerable Windows drivers at this year's AVAR. This is a follow up post blog.talosintelligence.com/exploring-vuln…

We published our findings about a Python variant of a Golang RAT used by Famous Chollima (aka Wagemole). This has been recently used with limited success. blog.talosintelligence.com/python-version…

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities blog.talosintelligence.com/maas-operation…

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks. blog.talosintelligence.com/new-chaos-rans…

Using LLMs as a reverse engineering sidekick blog.talosintelligence.com/using-llm-as-a…

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.” blog.talosintelligence.com/ps1bot-malvert…

Although these malware families have historically been associated with campaigns attributed to Naikon or BackdoorDiplomacy, our analysis indicates a connection. blog.talosintelligence.com/how-rainyday-t…

DPRK alligned Famous Chollima keeps their operational tempo high and although not the most sophisticated actors, they have been consistently adding new features to their tools. blog.talosintelligence.com/beavertail-and…

Dynamic binary instrumentation (DBI) with DynamoRio blog.talosintelligence.com/dynamic-binary…