MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
Using Pure Signalâ„¢ Intelligence to Determine the Scale and Impact of Threat Activity Having last looked at the MoqHao (or Roaming Mantis)...
top of page
Dragon News Blog
S2 Research Team
- Jul 8, 2021
- 3 min
Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign
How Victimology Tells a Story beyond the Standard Crypto-jacking Tale Co-authored by Andy Kraus and Dan Heywood Cloud security provider...
S2 Research Team
- Jul 2, 2021
- 8 min
Transparent Tribe APT Infrastructure Mapping
Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure October 2020 – June 2021 Introduction Transparent Tribe...
S2 Research Team
- May 19, 2021
- 3 min
Tracking BokBot (IcedID) Infrastructure
Mapping a Vast and Currently Active IcedID Network BokBot (also known as IcedID) started life as a banking trojan using...
S2 Research Team
- Apr 16, 2021
- 4 min
Transparent Tribe APT Infrastructure Mapping
Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021 INTRODUCTION Transparent Tribe (APT36, Mythic Leopard,...
S2 Research Team
- Mar 15, 2021
- 2 min
FIN8: BADHATCH Threat Indicator Enrichment
FIN8 research identifies ongoing campaigns against entities in Germany, Sweden and the US. INTRODUCTION Last week (10 March 2021),...
S2 Research Team
- Jan 26, 2021
- 2 min
GhostDNSbusters (Part 3)
Illuminating GhostDNS Infrastructure This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br...
S2 Research Team
- Jan 20, 2021
- 2 min
MoqHao Part 1: Identifying Phishing Infrastructure
Cyber Reconnaissance with Team Cymru's Pure Signalâ„¢ Platform In mid-January, Twitter users @NaomiSuzuki_ and @KesaGataMe0 identified...
S2 Research Team
- Dec 16, 2020
- 2 min
Mapping out AridViper Infrastructure Using Recon’s Malware Module
Cyber Reconnaissance with Team Cymru's Pure Signalâ„¢ Platform Twitter user @BaoshengbinCumt posted malware hash...
S2 Research Team
- Oct 7, 2020
- 4 min
GhostDNSbusters (Part 2)
Illuminating GhostDNS Infrastructure This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br...
S2 Research Team
- Sep 8, 2020
- 5 min
GhostDNSbusters
Illuminating GhostDNS Infrastructure This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br...
tcblogposts
- May 28, 2020
- 3 min
LDAPt Your DNS Configuration to Prevent Internal Domain Leakages
During these difficult times, users of many organisations find themselves working remotely, away from their usual office locations. For a...
tcblogposts
- Apr 3, 2020
- 2 min
Covid-19 Cyber Threat: DanaBot
COVID 19 is an ideal opportunity for malicious actors. With much of the global workforce working from home, we and our partners have seen...
S2 Research Team
- Mar 25, 2020
- 4 min
How the Iranian Cyber Security Agency Detects Emissary Panda Malware
March 25, 2020 S2 Research Team Other threat intelligence groups have previously publicised that the Chinese-attributed threat group,...
S2 Research Team
- Mar 3, 2020
- 3 min
Gamaredon: An Insight Into Victimology Using Recon
The Gamaredon Group is a threat actor group, believed to be aligned to Russia-state linked objectives. Community research into the group...
bottom of page