Bridging Threat Models and Detections: Formal Verification Via CADP

Threat detection systems rely on rule-based logic to identify adversarial behaviors, yet the conformance of these rules to high-level threat models is rarely verified formally. We present a formal verification framework that models both detection logic and attack trees as labeled transition syste...

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover...

Attacks, Vulnerabilities and Actors 17 July to 23 July 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of eleven attacks executed, nine vulnerabilities, and three different adversaries...

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher...

New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs

By Waqas LokiBot, a notorious Trojan active since 2015, specializes in stealing sensitive information from Windows machines, posing a significant threat to user data. This is a post from HackRead.com Read the original post: New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs...

Threat Roundup for March 31 to April 7

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 31 and April 7. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Unveiling the Malicious Tactics of LokiBot Malware

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary LokiBot is a constantly evolving information-stealing malware that creates a backdoor on infected machines to collect sensitive data, and it uses ISO files and API...

Threat Round up for February 10 to February 17

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 10 and Feb. 17. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Jan. 13 and Jan. 20. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Threat Round up for December 9 to December 16

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Dec. 9 and Dec. 16. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Threat Roundup for September 16 to September 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 16 and Sept. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

2021 Top Malware Strains

Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...

Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans RATs and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of...

Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

A Windows living-off-the-land binary LOLBin known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. LOLBins are legitimate, native utilities used daily in various computing environments, that cybercriminals use to evade...

New Campaign Sees LokiBot Delivered Via Multiple Methods

We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities...

ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit CVE-2021-36942 to compromise Windows Domain Controllers earlier this week. Using ProxyShell...

Threat Source newsletter (Jan. 7, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers and welcome to the first Threat Source newsletter of 2021. We hit the ground running already this year with a new Beers with Talos episode. It was recorded back in 2020, but the lessons regarding ransomware attacks and how actors...

A Deep Dive into Lokibot Infection Chain

By Irshad Muhammad, with contributions from Holger Unterbrink. News summary Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we'll provide a technical breakdown of one of the latest Lokibot campaigns.Talos also has a new script to unpack the...

LokiBot Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA with contributions...

Spammers Smuggle LokiBot Via URL Obfuscation Tactic

Spammers have started using a tricky URL obfuscation technique that sidesteps detection – and ultimately infects victims with the LokiBot trojan. The tactic was uncovered in recent spear-phishing emails with PowerPoint attachments, which contain a malicious macro. When the PowerPoint file is...