Dragon News Blog

Virtual offices have revolutionized the way businesses operate. They provide cost-effective flexibility by eliminating the need for...

Although not a new concept, Operational Relay Box (ORB) networks—often referred to as "covert," "mesh," or "obfuscated" networks—are...

First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions...

Firstly, we extend our thanks to Chris Fearnley and Gi7w0rm, two threat researchers who assisted us behind the scenes with our...

For this research, we partnered with Proofpoint’s Threat Research  team in a collaborative effort to provide a comprehensive overview of...

Analysis of an Android Malware-as-a-Service Operation Coper, a descendant of the Exobot malware family, was first observed in the wild in...

A Data-Driven Approach Based on Analysis of Network Telemetry In this blog post, we will provide an update on our high-level analysis of...

Introduction In this blog post, we will provide an update on our continued analysis and tracking of infrastructure associated with...

At the beginning of this year, we released a detailed publication on Vidar infrastructure, encompassing both the primary administrative...

A Data-Driven Approach based on Analysis of Network Telemetry This blog post seeks to draw out some high-level trends and anomalies based...

Identifying Connected Infrastructure and Management Activities Introduction This blog post seeks to build on recent public reporting on...

Introduction This blog post is part of an ongoing series of analysis on MoqHao (also referred to as Wroba and XLoader), a malware family...

Spoiler Alert: They weren't actually from Chile. Introduction This blog post provides a short update on our ongoing tracking of...

UPDATE: Since publishing this blog piece, we have worked in cooperation with Stark Industries Solutions to assist in the reduction of...

Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar...

Deriving Threat Actor TTPs from Management Infrastructure Tracking You can find our previous work on Stage 1 and Stage 2 of IcedID’s...

Telemetry Data Suggests 107.173.231.114 Remains an Active IOC Introduction This blog provides a short update on Team Cymru’s ongoing...

Exposing links to Kharkiv (Ukraine) and the CC2BTC Marketplace Introduction Team Cymru’s S2 Research Team has blogged previously on the...

Reconstructing Threat Actor Metrics with Pure Signal™ Recon Introduction IcedID (also known as BokBot) started life in early 2017 as a...

An overview of a bulletproof hosting provider named ELITETEAM. Introduction: What is “Bulletproof Hosting” (BPH)? Bulletproof hosting...