Vanja Svajcer
@vanjasvajcer.bsky.social
Something, something - Cisco Talos Threat Intelligence
We published our findings about a Python variant of a Golang RAT used by Famous Chollima (aka Wagemole). This has been recently used with limited success.
blog.talosintelligence.com/python-versi...
blog.talosintelligence.com/python-versi...
Famous Chollima deploying Python version of GolangGhost RAT
Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in Ind...
blog.talosintelligence.com
June 18, 2025 at 10:13 AM
We published our findings about a Python variant of a Golang RAT used by Famous Chollima (aka Wagemole). This has been recently used with limited success.
blog.talosintelligence.com/python-versi...
blog.talosintelligence.com/python-versi...
Some documentation on the learning process for BYOVD drivers. I presented this at the AVAR conference so this is a follow up post blog.talosintelligence.com/exploring-vu...
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers.
blog.talosintelligence.com
December 19, 2024 at 11:20 AM
Some documentation on the learning process for BYOVD drivers. I presented this at the AVAR conference so this is a follow up post blog.talosintelligence.com/exploring-vu...
I started looking at this because a document uploaded to VT was similar to documents with Picasso loader and I thought it could be a new variant. It turns out there is generator MacroPack generating these docs.
blog.talosintelligence.com/threat-actor...
blog.talosintelligence.com/threat-actor...
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date ...
blog.talosintelligence.com
September 3, 2024 at 6:12 PM
I started looking at this because a document uploaded to VT was similar to documents with Picasso loader and I thought it could be a new variant. It turns out there is generator MacroPack generating these docs.
blog.talosintelligence.com/threat-actor...
blog.talosintelligence.com/threat-actor...