Seychelles, Seychelles, on the C(2) Shore
An overview of a bulletproof hosting provider named ELITETEAM. Introduction: What is “Bulletproof Hosting” (BPH)? Bulletproof hosting...
Dragon News Blog
tcblogposts
- 6 days ago
- 5 min
Team Cymru Myth vs Fact
Team Cymru has a clear mission: To Save and Improve Human Lives. We strive to meet this mission by equipping network defenders with...
S2 Research Team
- Sep 5
- 4 min
Mythic Case Study: Assessing Common Offensive Security Tools
Having covered the Sliver C2 framework in a previous post (May 2022), this blog will continue our examination of Cobalt Strike...
tcblogposts
- Jul 12
- 6 min
An Analysis of Infrastructure linked to the Hagga Threat Actor
Summary As this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future...
S2 Research Team
- Jun 29
- 5 min
The Sliding Scale of Threat Actor Sophistication When Reacting to 0-day Vulnerabilities
Threat Telemetry Analysis for the Disclosure of CVE-2022-26134 SUMMARY Team Cymru’s S2 Research Team has highlighted why it is important...
S2 Research Team
- May 25
- 4 min
Bablosoft; Lowering the Barrier of Entry for Malicious Actors
Free-to-use browser automation framework creates thriving criminal community Summary Evidence suggests an increasing number of threat...
S2 Research Team
- May 3
- 6 min
Sliver Case Study: Assessing Common Offensive Security Tools
The Use of the Sliver C2 Framework for Malicious Purposes The proliferation of Cobalt Strike during the early 2020s has been undeniable,...
-
- Apr 7
- 4 min
MoqHao Part 2: Continued European Expansion
Monitoring Roaming Mantis Operations with Pure Signal™ Recon This blog is a product of ongoing collaboration with @ninoseki, a...
S2 Research Team
- Mar 23
- 4 min
Raccoon Stealer – An Insight into Victim “Gates”
Tracking Infostealers with Team Cymru's Botnet Analysis and Reporting Service (BARS) Raccoon Stealer is one of 40-plus malware families...
S2 Research Team
- Feb 3
- 4 min
Insight into North Korean ‘Internet Outages’
Understanding the 'How' and 'When' The first month of 2022 saw the return of North Korean ballistic missile testing. Reports of several...
S2 Research Team
- Jan 26
- 4 min
Analysis of a Management IP Address linked to Molerats APT
Enrichment of Zscaler Research into Middle Eastern Espionage Attacks Key Findings Higher order infrastructure, utilizing IP addresses...
S2 Research Team
- Nov 3, 2021
- 4 min
Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns
A Case Study on the Value of Threat Reconnaisance The contents of this blog were shared with Team Cymru’s community partners in the first...
S2 Research Team
- Oct 5, 2021
- 1 min
Collaborative Research on the CONTI Ransomware Group
An Insight into the 'Customer' Negotiation Process and Some Lessons Learnt Ransomware remains one of the pre-eminent cyber threats, with...
S2 Research Team
- Aug 11, 2021
- 4 min
MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
Using Pure Signal™ Intelligence to Determine the Scale and Impact of Threat Activity Having last looked at the MoqHao (or Roaming Mantis)...
S2 Research Team
- Jul 8, 2021
- 3 min
Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign
How Victimology Tells a Story beyond the Standard Crypto-jacking Tale Co-authored by Andy Kraus and Dan Heywood Cloud security provider...
S2 Research Team
- Jul 2, 2021
- 8 min
Transparent Tribe APT Infrastructure Mapping
Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure October 2020 – June 2021 Introduction Transparent Tribe...
S2 Research Team
- May 19, 2021
- 3 min
Tracking BokBot (IcedID) Infrastructure
Mapping a Vast and Currently Active IcedID Network BokBot (also known as IcedID) started life as a banking trojan using...
S2 Research Team
- Apr 16, 2021
- 4 min
Transparent Tribe APT Infrastructure Mapping
Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021 INTRODUCTION Transparent Tribe (APT36, Mythic Leopard,...
S2 Research Team
- Mar 15, 2021
- 2 min
FIN8: BADHATCH Threat Indicator Enrichment
FIN8 research identifies ongoing campaigns against entities in Germany, Sweden and the US. INTRODUCTION Last week (10 March 2021),...
S2 Research Team
- Jan 26, 2021
- 2 min
GhostDNSbusters (Part 3)
Illuminating GhostDNS Infrastructure This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br...