Library

Publications

Title	Date	File Type
Function Identification and Recovery Signature Tool Angel M. Villegas	2016-10-19	pdf
Subverting Operating System Properties through Evolutionary DKOM Attacks Mariano Graziano, Lorenzo Flore, Andrea Lanzi, and Davide Balzarotti	2016-07-07	pdf
ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks Mariano Graziano, Davide Balzarotti, and Alain Zidouemba	2016-05-30	pdf
Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware Talos	2014-04-01	pdf
Deconstructing and Defending Against Group 72 Andrea Allievi, Joel Esler, Douglas Goddard, Shaun Hurley, Martin Lee, Craig Williams, and Alain Zidouemba.	2014-11-11	pdf
Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone Nick Biasini with contributions from Joel Esler, Warren Mercer, Melissa Taylor, and Craig Williams	2015-10-06	html
Zeus Trojan Analysis Alex Kirk	2015-03-09	html
Threat Spotlight: Angler Lurking in the Domain Shadows Talos	2015-04-30	pdf
CryptoWall 4: The Evolution Continues Andrea Allievi and Holger Unterbrink with contributions from Warren Mercer	2016-04-20	pdf
Protecting Windows and Mac Users Against the “Kyle and Stan” Malvertising Network Shaun Hurley, David McDaniel, and Armin Pelkmann	2015-10-02	pdf
Content-Type Mismatch Detection Alex Kirk	2010-01-01	html
ROKRAT Whitepaper: A sophisticated malware campaign targeting South Korean government officials involved in reunification Warren Mercer, Paul Rascagneres, Matthew Molyett	2017-06-02	pdf
Take the RIG Pill Down the Rabbit Hole By Holger Unterbrink, with contributions by Christopher Marczewski	2017-06-20	pdf
Wiper Malware whitepaper Vitor Ventura (@_vventura)	2018-05-08	pdf
Cisco Talos Email Status Portal overview	2020-09-02	PDF
Process Control through Counterfeit Comms: Using and abusing built-in functionality to own a PLC Jared Rittle and Patrick DeSantis	2018-10-02	pdf
List of bitcoin wallets in recent sextortion campaigns Jaeson Schultz	2018-10-31	txt
List of malicious Facebook groups taken down by Cisco Talos Jonathan Munshaw and Jaeson Schultz	2019-04-02	Excel spreadsheet
The art and science of detecting Cobalt Strike Nicholas Mavis	2020-09-17	PDF
Emotet IOCs Jaeson Schultz	2019-09-17	txt
Blocking cryptocurrency mining using Cisco Security products Alex McDonnell, with contributions from Nicholas Mavis, Spenser Reinhardt, Josh Reynolds and Alan Smith	2019-01-16	PDF
CISO Advisory: Government & Risk management Martin Lee and Jon Munshaw	2019-10-24	PDF
Cisco Advisory: Security architecture Joe Marshall and Jon Munshaw	2019-10-30	PDF
Data breach pay-for-homework document	2020-09-24	PDF
What to expect when you're electing: Information hygiene and the human levels of disinformation Azim Khodjibaev and Ryan Pentney	2020-10-01	PDF
IR Quarterly Trends TAR Q4 2019 One Pager Cisco Talos	2020-01-30	PDF
IR Quarterly Trends TAR Q2 2020 One Pager Cisco Talos	2020-04-13	PDF
IR Quarterly Trends TAR Q1 2020 One Pager Cisco Talos	2020-03-01	PDF
Cisco Talos Incident Response Threat Assessment Report for Q3 2020 David Liebenberg, Kendall McKay, Jonathan Munshaw	2020-06-15	PDF
What to expect when you're electing: What Talos learned after 4 years of research and hands-on experience Matt Olney	2020-07-16	PDF
What to expect when you're electing: The building blocks of political disinformation campaigns Nick Biasini, Kendall McKay and Matt Valites	2020-08-26	PDF
IR Quarterly Trends Q4 2020 David Liebenberg and Caitlin Huey	2020-09-01	PDF
RAMBO: Run-time packer Analysis with Multiple Branch Observation Xabier Ugarte-Pedrero, Davide Balzarotti, , Igor Santos, and Pablo G. Bringas	2015-07-07	PDF
Talos' advice to election officials ahead of the 2020 election Matthew Olney	2020-10-15	PDF
One-pager: Examining Maze after its big year David Liebenberg, Kendall McKay, Jonathan Munshaw	2020-11-30	PDF
Cisco Talos Incident Response Threat Assessment Report for Q1 2021 Jonathan Munshaw	2020-12-09	PDF
Interview with a LockBit ransomware operator Azim Khodjibaev, Dmytro Korzhevin and Kendall McKay	2021-02-02	PDF
Ryuk remains a formidable ransomware threat Caitlin Huey, David Liebenberg, Kendall McKay and Jon Munshaw	2021-02-28	PDF
Cisco Talos Incident Response trends from Winter 2020-21	2021-03-24	PDF
Cisco Talos Incident Response Threat Assessment Report for Q2 2021	2021-08-11	PDF
CTIR Case Study: Evicting Maze Cisco Talos Incident Response	2021-05-16	PDF
CTIR Case Study: Cobalt Strikes Out Cisco Talos Incident Response	2021-05-16	PDF
CTIR Emergency Response Service CTIR	2021-05-27	pdf
InSideCopy: How this APT continues to evolve its arsenal Asheer Malhotra and Justin Thattil	2021-07-07	PDF
SolarMarker overview Jonathan Munshaw	2021-07-29	PDF
ServHelper overview	2021-08-12	PDF
Conti ransomware playbook translated to English Talos Threat Intelligence and Interdiction Team	2021-09-02	PDF
Overview of Operation: Armor Piercer	2021-09-23	PDF
Talos Incident Response threat assessment report (Q3 2021)	2021-10-28	PDF
Cisco Talos Incident Response Threat Assessment Report for Q4 2021 Jonathan Munshaw, David Liebenberg and Caitlin Huey	2022-01-21	PDF
ZTE router vulnerability deep dive: How an attacker could exploit two vulnerabilities to gain full control Marcin "Icewall" Noga	2022-03-07	PDF
Executive guidance on the ongoing situation in Ukraine (translated to Ukrainian)	2022-03-30	PDF
Overview of CyclopsBlink router malware (translated to Ukrainian)	2022-03-30	PDF
Current Executive Guidance for Ongoing Cyberattacks in Ukraine (translated to Ukrainian) Nick Biasini	2022-03-03	pdf
Cisco Talos Incident Response Threat Assessment Report for Q1 2022	2022-04-26	PDF
Threat advisory:Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools (translated to Ukrainian) Chris Neal	2022-03-09	pdf
Threat Advisory: HermeticWiper (translated to Ukrainian) Asheer Malhotra	2022-02-24	pdf
Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion (translated to Ukrainian) Edmund Brumaghin	2022-03-14	pdf
Threat Assessment Report: BlackCat ransomware	2022-04-27	PDF
Threat Advisory: CaddyWiper (translated to Ukrainian) Asheer Malhotra	2022-03-15	pdf
Conti and Hive ransomware operations: Leveraging victim chats for insights Kendall McKay, Paul Eubanks and Jaime Filson	2022-05-02	PDF
Talos Incident Response Quarterly Threat Report (Q2 2022) Caitlin Huey	2022-07-26	PDF
Talos overview of information-stealers Aliza Johnson and Jonathan Munshaw	2022-08-04	PDF
Talos Incident Response Q3 2022 Quarterly Recap Caitlin Huey	2022-10-25	PDF
Gamaredon overview Asheer Malhotra and Guilherme Venere	2022-10-10	PDF
Gamaredon Overview (translated to Ukrainian) Asheer Malhotra and Guilherme Venere	2022-10-25	pdf
Threat Advisory: DoubleZero (translated to Ukrainian) Asheer Malhotra	2022-03-24	pdf
Cisco stands on guard with our customers in Ukraine (translated to Ukrainian) Nick Biasini	2022-03-03	pdf
Protecting Major Events - An Incident Response Blueprint Jerzy "Yuri" Kramars and Dr. Giannis Tziakouris	2022-12-02	pdf
Ukraine Summary Report: Cisco Talos 2022 Year in Review Cisco Talos	2022-12-14	pdf
Cisco Talos 2022 Year in Review Cisco Talos	2022-12-14	pdf
APT Summary Report: Cisco Talos 2022 Year in Review Cisco Talos	2023-01-17	pdf
Threat Landscape Summary Report: Cisco Talos 2022 Year in Review Cisco Talos	2023-01-24	pdf
Ransomware and Commodity Loaders Summary Report: Cisco Talos 2022 Year in Review Cisco Talos	2023-02-02	pdf
Talos Incident Response Q1 2023 Quarterly Recap Caitlin Huey and Jonathan Munshaw	2023-04-25	PDF
Cybersecurity for businesses of all sizes: A blueprint for protection Giannis Tziakouris & Jerzy ‘Yuri’ Kramarz	--	PDF
Threat Overview: Data theft extortion Jacob Finn and Jonathan Munshaw	--	PDF
Hacktivism, explained Lexi DiSchola and Jonathan Munshaw	--	PDF
Talos Incident Response Q3 2023 Quarterly Recap Nicole Hoffman, Caitlin Huey and Jonathan Munshaw	--	PDF
Cisco Talos Incident Response Q1 2024 Quarterly Trends report Nicole Hoffman	--	PDF

Library

Function Identification and Recovery Signature Tool

Angel M. Villegas

Subverting Operating System Properties through Evolutionary DKOM Attacks

Mariano Graziano, Lorenzo Flore, Andrea Lanzi, and Davide Balzarotti

ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks

Mariano Graziano, Davide Balzarotti, and Alain Zidouemba

Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware

Talos

Deconstructing and Defending Against Group 72

Andrea Allievi, Joel Esler, Douglas Goddard, Shaun Hurley, Martin Lee, Craig Williams, and Alain Zidouemba.

Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone

Nick Biasini with contributions from Joel Esler, Warren Mercer, Melissa Taylor, and Craig Williams

Zeus Trojan Analysis

Alex Kirk

Threat Spotlight: Angler Lurking in the Domain Shadows

Talos

CryptoWall 4: The Evolution Continues

Andrea Allievi and Holger Unterbrink with contributions from Warren Mercer

Protecting Windows and Mac Users Against the “Kyle and Stan” Malvertising Network

Shaun Hurley, David McDaniel, and Armin Pelkmann

Content-Type Mismatch Detection

Alex Kirk

ROKRAT Whitepaper: A sophisticated malware campaign targeting South Korean government officials involved in reunification

Warren Mercer, Paul Rascagneres, Matthew Molyett

Take the RIG Pill Down the Rabbit Hole

By Holger Unterbrink, with contributions by Christopher Marczewski

Wiper Malware whitepaper

Vitor Ventura (@_vventura)

Cisco Talos Email Status Portal overview

Process Control through Counterfeit Comms: Using and abusing built-in functionality to own a PLC

Jared Rittle and Patrick DeSantis

List of bitcoin wallets in recent sextortion campaigns

Jaeson Schultz

List of malicious Facebook groups taken down by Cisco Talos

Jonathan Munshaw and Jaeson Schultz

The art and science of detecting Cobalt Strike

Nicholas Mavis

Emotet IOCs

Jaeson Schultz

Blocking cryptocurrency mining using Cisco Security products

Alex McDonnell, with contributions from Nicholas Mavis, Spenser Reinhardt, Josh Reynolds and Alan Smith

CISO Advisory: Government & Risk management

Martin Lee and Jon Munshaw

Cisco Advisory: Security architecture

Joe Marshall and Jon Munshaw

Data breach pay-for-homework document

What to expect when you're electing: Information hygiene and the human levels of disinformation

Azim Khodjibaev and Ryan Pentney

IR Quarterly Trends TAR Q4 2019 One Pager

Cisco Talos

IR Quarterly Trends TAR Q2 2020 One Pager

Cisco Talos

IR Quarterly Trends TAR Q1 2020 One Pager

Cisco Talos

Cisco Talos Incident Response Threat Assessment Report for Q3 2020

David Liebenberg, Kendall McKay, Jonathan Munshaw

What to expect when you're electing: What Talos learned after 4 years of research and hands-on experience

Matt Olney

What to expect when you're electing: The building blocks of political disinformation campaigns

Nick Biasini, Kendall McKay and Matt Valites

IR Quarterly Trends Q4 2020

David Liebenberg and Caitlin Huey

RAMBO: Run-time packer Analysis with Multiple Branch Observation

Xabier Ugarte-Pedrero, Davide Balzarotti, , Igor Santos, and Pablo G. Bringas

Talos' advice to election officials ahead of the 2020 election

Matthew Olney

One-pager: Examining Maze after its big year

David Liebenberg, Kendall McKay, Jonathan Munshaw

Cisco Talos Incident Response Threat Assessment Report for Q1 2021

Jonathan Munshaw

Interview with a LockBit ransomware operator

Azim Khodjibaev, Dmytro Korzhevin and Kendall McKay

Ryuk remains a formidable ransomware threat

Caitlin Huey, David Liebenberg, Kendall McKay and Jon Munshaw

Cisco Talos Incident Response trends from Winter 2020-21

Cisco Talos Incident Response Threat Assessment Report for Q2 2021

CTIR Case Study: Evicting Maze

Cisco Talos Incident Response

CTIR Case Study: Cobalt Strikes Out