Vanja Svajcer
@vanjasvajcer.bsky.social
📤 69
đź“Ą 104
đź“ť 4
Something, something - Cisco Talos Threat Intelligence
Famous Chollima and the evolution of OtterCookie
blog.talosintelligence.com/beavertail-a...
loading . . .
BeaverTail and OtterCookie evolve with a new Javascript module
Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).
https://blog.talosintelligence.com/beavertail-and-ottercookie/
2 months ago
0
0
0
We published our findings about a Python variant of a Golang RAT used by Famous Chollima (aka Wagemole). This has been recently used with limited success.
blog.talosintelligence.com/python-versi...
loading . . .
Famous Chollima deploying Python version of GolangGhost RAT
Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in Ind...
https://blog.talosintelligence.com/python-version-of-golangghost-rat/
6 months ago
0
0
0
Some documentation on the learning process for BYOVD drivers. I presented this at the AVAR conference so this is a follow up post
blog.talosintelligence.com/exploring-vu...
loading . . .
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about  malicious Windows drivers.
https://blog.talosintelligence.com/exploring-vulnerable-windows-drivers/
about 1 year ago
0
0
0
I started looking at this because a document uploaded to VT was similar to documents with Picasso loader and I thought it could be a new variant. It turns out there is generator MacroPack generating these docs.
blog.talosintelligence.com/threat-actor...
loading . . .
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date ...
https://blog.talosintelligence.com/threat-actors-using-macropack/
over 1 year ago
0
2
1
you reached the end!!
feeds!
log in
