Threat Research

All Blog
Internet Weather
Threat Research
Threat Intelligence 101
Eli Woodward
3
read time
April 22, 2026

Unmasking DPRK Cyber Threat Actors: Fake IT Worker Infrastructure & Post-Exposure Analysis

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

Will Thomas
5
read time
April 1, 2026

Stranger Strings: Yurei Ransomware Operator Toolkit Exposed

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

Will Thomas
5
read time
March 25, 2026

Industrial Cybersecurity Risks from Internet-Exposed ICS Devices

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

Will Thomas
5
read time
March 18, 2026

The Beast Returns: Analysis of a Beast Ransomware Server

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

Will Thomas
5
read time
January 21, 2026

Scattered Spider Attacks | Infrastructure and TTP Analysis

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

Will Thomas
5
read time
August 4, 2025

Fingerprinting Malware C2s with Tags

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
May 22, 2025

Inside DanaBot’s Infrastructure: In Support of Operation Endgame II

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
6
read time
February 3, 2025

Tracing the Path From SmartApeSG to NetSupport RAT

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
11
read time
December 20, 2024

Jingle Shells: How Virtual Offices Enable a Facade of Legitimacy

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
8
read time
October 29, 2024

An Introduction to Operational Relay Box (ORB) Networks - Unpatched, Forgotten, and Obscured

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
6
read time
August 13, 2024

FIN7: The Truth Doesn't Need to be so STARK

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
7
read time
August 8, 2024

Botnet 7777: Are You Betting on a Compromised Router?

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
1
read time
April 4, 2024

Latrodectus: This Spider Bytes Like Ice

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
14
read time
March 6, 2024

Coper / Octo - A Conductor for Mobile Mayhem… With Eight Limbs?

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
15
read time
August 7, 2023

Visualizing Qakbot Infrastructure Part II: Uncharted Territory

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
11
read time
July 28, 2023

Inside the IcedID BackConnect Protocol (Part 2)

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
June 15, 2023

Darth Vidar: The Aesir Strike Back

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
6
read time
May 17, 2023

Visualizing QakBot Infrastructure

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
April 19, 2023

AllaKore(d) the SideCopy Train

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
March 17, 2023

MoqHao Part 3: Recent Global Targeting Trends

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
February 25, 2023

Desde Chile con Malware (From Chile with Malware)

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
7
read time
January 27, 2023

A Blog with NoName

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
8
read time
January 19, 2023

Darth Vidar: The Dark Side of Evolving Threat Infrastructure

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
9
read time
December 21, 2022

Inside the IcedID BackConnect Protocol

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
3
read time
December 9, 2022

Iranian Exploitation Activities Continue as of November 2022

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
7
read time
November 3, 2022

Inside the V1 Raccoon Stealer’s Den

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
10
read time
October 7, 2022

A Visualizza into Recent IcedID Campaigns:

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
8
read time
September 10, 2022

Seychelles, Seychelles, on the C(2) Shore

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
September 6, 2022

Mythic Case Study: Assessing Common Offensive Security Tools

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

tcblogposts
6
read time
July 12, 2022

An Analysis of Infrastructure linked to the Hagga Threat Actor

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
June 29, 2022

The Sliding Scale of Threat Actor Sophistication When Reacting to 0-day Vulnerabilities

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
4
read time
May 25, 2022

Bablosoft; Lowering the Barrier of Entry for Malicious Actors

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
6
read time
May 3, 2022

Sliver Case Study: Assessing Common Offensive Security Tools

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
4
read time
March 23, 2022

Raccoon Stealer – An Insight into Victim “Gates”

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
4
read time
January 26, 2022

Analysis of a Management IP Address linked to Molerats APT

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
4
read time
August 11, 2021

MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
3
read time
July 8, 2021

Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
9
read time
July 2, 2021

Transparent Tribe APT Infrastructure Mapping - Part 2

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
3
read time
May 19, 2021

Tracking BokBot (IcedID) Infrastructure

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
4
read time
April 16, 2021

Transparent Tribe APT Infrastructure Mapping - Part 1

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
2
read time
March 15, 2021

FIN8: BADHATCH Threat Indicator Enrichment

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
2
read time
January 26, 2021

GhostDNSbusters (Part 3)

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
2
read time
January 10, 2021

MoqHao Part 1: Identifying Phishing Infrastructure

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
5
read time
September 8, 2020

GhostDNSbusters

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

tcblogposts
3
read time
May 28, 2020

LDAPt Your DNS Configuration to Prevent Internal Domain Leakages

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...

S2 Research Team
3
read time
March 3, 2020

Gamaredon: An Insight Into Victimology Using Recon

About Team Cymru Internet weather reports Our Internet weather reports are intended to provide data and technical analysis of significant...