Dragon News Blog

Having covered the Sliver C2 framework in a previous post, this blog will continue our examination of Cobalt Strike “alternatives”,...

Summary As this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future...

Threat Telemetry Analysis for the Disclosure of CVE-2022-26134 SUMMARY Team Cymru’s S2 Research Team has highlighted why it is important...

Free-to-use browser automation framework creates thriving criminal community Summary Evidence suggests an increasing number of threat...

The Use of the Sliver C2 Framework for Malicious Purposes The proliferation of Cobalt Strike during the early 2020s has been undeniable,...

Monitoring Roaming Mantis Operations with Pure Signal™ Recon This blog is a product of ongoing collaboration with @ninoseki, a...

Tracking Infostealers with Team Cymru's Botnet Analysis and Reporting Service (BARS) Raccoon Stealer is one of 40-plus malware families...

About Team Cymru Internet weather reports: Our Internet weather reports are intended to provide data and technical analysis of...

Enrichment of Zscaler Research into Middle Eastern Espionage Attacks Key Findings Higher order infrastructure, utilizing IP addresses...

A Case Study on the Value of Threat Reconnaisance The contents of this blog were shared with Team Cymru’s community partners in the first...

An Insight into the 'Customer' Negotiation Process and Some Lessons Learnt Ransomware remains one of the pre-eminent cyber threats, with...

Using Pure Signal™ Intelligence to Determine the Scale and Impact of Threat Activity Having last looked at the MoqHao (or Roaming Mantis)...

How Victimology Tells a Story beyond the Standard Crypto-jacking Tale Co-authored by Andy Kraus and Dan Heywood Cloud security provider...

Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure October 2020 – June 2021 Introduction Transparent Tribe...

Mapping a Vast and Currently Active IcedID Network BokBot (also known as IcedID) started life as a banking trojan using...

Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021 INTRODUCTION Transparent Tribe (APT36, Mythic Leopard,...

FIN8 research identifies ongoing campaigns against entities in Germany, Sweden and the US. INTRODUCTION Last week (10 March 2021),...

Illuminating GhostDNS Infrastructure This research was undertaken in collaboration with Manabu Niseki (@ninoseki on Twitter) and CERT.br...

Cyber Reconnaissance with Team Cymru's Pure Signal™ Platform In mid-January, Twitter users @NaomiSuzuki_ and @KesaGataMe0 identified...

Cyber Reconnaissance with Team Cymru's Pure Signal™ Platform Twitter user @BaoshengbinCumt posted malware hash...