A Blog with NoName
Further Insight into the Hacktivist Operation Targeting NATO and Affiliated Nations Key Findings NoName057(16) is a pro-Russian...
top of page
Dragon News Blog
S2 Research Team
- Jan 19
- 8 min
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar...
S2 Research Team
- Dec 21, 2022
- 9 min
Inside the IcedID BackConnect Protocol
Deriving Threat Actor TTPs from Management Infrastructure Tracking You can find our previous work on Stage 1 and Stage 2 of IcedID’s...
S2 Research Team
- Dec 8, 2022
- 3 min
Iranian Exploitation Activities Continue as of November 2022
Telemetry Data Suggests 107.173.231.114 Remains an Active IOC Introduction This blog provides a short update on Team Cymru’s ongoing...
S2 Research Team
- Nov 3, 2022
- 7 min
Inside the V1 Raccoon Stealer’s Den
Exposing links to Kharkiv (Ukraine) and the CC2BTC Marketplace Introduction Team Cymru’s S2 Research Team has blogged previously on the...
S2 Research Team
- Oct 7, 2022
- 10 min
A Visualizza into Recent IcedID Campaigns:
Reconstructing Threat Actor Metrics with Pure Signal™ Recon Introduction IcedID (also known as BokBot) started life in early 2017 as a...
S2 Research Team
- Sep 29, 2022
- 8 min
Seychelles, Seychelles, on the C(2) Shore
An overview of a bulletproof hosting provider named ELITETEAM. Introduction: What is “Bulletproof Hosting” (BPH)? Bulletproof hosting...
S2 Research Team
- Sep 5, 2022
- 4 min
Mythic Case Study: Assessing Common Offensive Security Tools
Having covered the Sliver C2 framework in a previous post (May 2022), this blog will continue our examination of Cobalt Strike...
tcblogposts
- Jul 12, 2022
- 6 min
An Analysis of Infrastructure linked to the Hagga Threat Actor
Summary As this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future...
S2 Research Team
- Jun 29, 2022
- 5 min
The Sliding Scale of Threat Actor Sophistication When Reacting to 0-day Vulnerabilities
Threat Telemetry Analysis for the Disclosure of CVE-2022-26134 SUMMARY Team Cymru’s S2 Research Team has highlighted why it is important...
S2 Research Team
- May 25, 2022
- 4 min
Bablosoft; Lowering the Barrier of Entry for Malicious Actors
Free-to-use browser automation framework creates thriving criminal community Summary Evidence suggests an increasing number of threat...
S2 Research Team
- May 3, 2022
- 6 min
Sliver Case Study: Assessing Common Offensive Security Tools
The Use of the Sliver C2 Framework for Malicious Purposes The proliferation of Cobalt Strike during the early 2020s has been undeniable,...
S2 Research Team
- Apr 7, 2022
- 4 min
MoqHao Part 2: Continued European Expansion
Monitoring Roaming Mantis Operations with Pure Signal™ Recon This blog is a product of ongoing collaboration with @ninoseki, a...
S2 Research Team
- Mar 23, 2022
- 4 min
Raccoon Stealer – An Insight into Victim “Gates”
Tracking Infostealers with Team Cymru's Botnet Analysis and Reporting Service (BARS) Raccoon Stealer is one of 40-plus malware families...
S2 Research Team
- Feb 3, 2022
- 4 min
Insight into North Korean ‘Internet Outages’
Understanding the 'How' and 'When' The first month of 2022 saw the return of North Korean ballistic missile testing. Reports of several...
S2 Research Team
- Jan 26, 2022
- 4 min
Analysis of a Management IP Address linked to Molerats APT
Enrichment of Zscaler Research into Middle Eastern Espionage Attacks Key Findings Higher order infrastructure, utilizing IP addresses...
S2 Research Team
- Nov 3, 2021
- 4 min
Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns
A Case Study on the Value of Threat Reconnaisance The contents of this blog were shared with Team Cymru’s community partners in the first...
S2 Research Team
- Oct 5, 2021
- 1 min
Collaborative Research on the CONTI Ransomware Group
An Insight into the 'Customer' Negotiation Process and Some Lessons Learnt Ransomware remains one of the pre-eminent cyber threats, with...
S2 Research Team
- Aug 11, 2021
- 4 min
MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
Using Pure Signal™ Intelligence to Determine the Scale and Impact of Threat Activity Having last looked at the MoqHao (or Roaming Mantis)...
S2 Research Team
- Jul 8, 2021
- 3 min
Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign
How Victimology Tells a Story beyond the Standard Crypto-jacking Tale Co-authored by Andy Kraus and Dan Heywood Cloud security provider...
bottom of page