Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-10Twitter (@teamcymru_S2)Team Cymru
@online{cymru:20220310:crimson:a646aac, author = {Team Cymru}, title = {{Tweet on Crimson RAT infrastructure used by APT36}}, date = {2022-03-10}, organization = {Twitter (@teamcymru_S2)}, url = {https://twitter.com/teamcymru_S2/status/1501955802025836546}, language = {English}, urldate = {2022-03-14} } Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT
2022-03-08Team CymruJames Shank
@online{shank:20220308:record:89bbecc, author = {James Shank}, title = {{Record breaking DDoS Potential Discovered: CVE-2022-26143}}, date = {2022-03-08}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/}, language = {English}, urldate = {2022-03-28} } Record breaking DDoS Potential Discovered: CVE-2022-26143
2022-01-26Team CymruJosh Hopkins
@online{hopkins:20220126:analysis:4513e29, author = {Josh Hopkins}, title = {{Analysis of a Management IP Address linked to Molerats APT}}, date = {2022-01-26}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/01/26/analysis-of-a-management-ip-address-linked-to-molerats-apt/}, language = {English}, urldate = {2022-02-02} } Analysis of a Management IP Address linked to Molerats APT
2021-11-03Team Cymrutcblogposts
@online{tcblogposts:20211103:webinject:f4d41bb, author = {tcblogposts}, title = {{Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance}}, date = {2021-11-03}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/11/03/webinject-panel-administration-a-vantage-point-into-multiple-threat-actor-campaigns/}, language = {English}, urldate = {2021-11-08} } Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance
DoppelDridex IcedID QakBot Zloader
2021-08-11Team CymruJosh Hopkins
@online{hopkins:20210811:moqhao:91b7e4c, author = {Josh Hopkins}, title = {{MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan}}, date = {2021-08-11}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/08/11/moqhao-part-1-5-high-level-trends-of-recent-campaigns-targeting-japan/}, language = {English}, urldate = {2022-03-28} } MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
MoqHao
2021-07-08Team CymruAndy Kraus, Dan Heywood
@online{kraus:20210708:enriching:09e07f6, author = {Andy Kraus and Dan Heywood}, title = {{Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign}}, date = {2021-07-08}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/07/08/enriching-threat-intelligence-for-the-carbine-loader-crypto-jacking-campaign/}, language = {English}, urldate = {2021-07-11} } Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign
2021-07-02Team CymruJoshua Picolet
@online{picolet:20210702:transparent:329d046, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure}}, date = {2021-07-02}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/}, language = {English}, urldate = {2021-07-11} } Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure
Crimson RAT
2021-05-19Team CymruJosh Hopkins, Andy Kraus, Nick Byers
@online{hopkins:20210519:tracking:45749be, author = {Josh Hopkins and Andy Kraus and Nick Byers}, title = {{Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network}}, date = {2021-05-19}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/05/19/tracking-bokbot-infrastructure/}, language = {English}, urldate = {2021-05-26} } Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
IcedID
2021-04-16Team CymruJoshua Picolet
@online{picolet:20210416:transparent:645e443, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}}, date = {2021-04-16}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/}, language = {English}, urldate = {2021-04-19} } Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT
2021-03-15Team CymruJosh Hopkins
@online{hopkins:20210315:fin8:838cdc2, author = {Josh Hopkins}, title = {{FIN8: BADHATCH Threat Indicator Enrichmen}}, date = {2021-03-15}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/03/15/fin8-badhatch-threat-indicator-enrichment/}, language = {English}, urldate = {2021-03-18} } FIN8: BADHATCH Threat Indicator Enrichmen
BADHATCH
2021-02-05Team CymruDavid Monnier
@online{monnier:20210205:kobalos:e8f562f, author = {David Monnier}, title = {{Kobalos Malware Mapping Potentially Impacted Networks and IP Address Mapping}}, date = {2021-02-05}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/02/05/kobalos-malware-mapping/}, language = {English}, urldate = {2021-02-06} } Kobalos Malware Mapping Potentially Impacted Networks and IP Address Mapping
Kobalos
2021-01-27Team CymruJames Shank
@online{shank:20210127:taking:fa40609, author = {James Shank}, title = {{Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts}}, date = {2021-01-27}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/27/taking-down-emotet/}, language = {English}, urldate = {2021-01-29} } Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
Emotet
2021-01-26Team CymruJosh Hopkins, Manabu Niseki, CERT-BR
@online{hopkins:20210126:ghostdnsbusters:d295f93, author = {Josh Hopkins and Manabu Niseki and CERT-BR}, title = {{GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure}}, date = {2021-01-26}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/26/illuminating-ghostdns-infrastructure-part-3/}, language = {English}, urldate = {2021-01-29} } GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure
2021-01-20Team CymruAndy Kraus
@online{kraus:20210120:moqhao:e1742ce, author = {Andy Kraus}, title = {{MoqHao Part 1: Identifying Phishing Infrastructure}}, date = {2021-01-20}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/20/moqhao-part-1-identifying-phishing-infrastructure/}, language = {English}, urldate = {2022-04-12} } MoqHao Part 1: Identifying Phishing Infrastructure
MoqHao
2021-01-18Twitter (@teamcymru)Team Cymru
@online{cymru:20210118:apt36:e2e83ce, author = {Team Cymru}, title = {{Tweet on APT36 CrimsonRAT C2}}, date = {2021-01-18}, organization = {Twitter (@teamcymru)}, url = {https://twitter.com/teamcymru/status/1351228309632385027}, language = {English}, urldate = {2021-01-21} } Tweet on APT36 CrimsonRAT C2
Crimson RAT
2020-10-07Team CymruBrian Eckman
@online{eckman:20201007:ghostdnsbusters:9a32391, author = {Brian Eckman}, title = {{GhostDNSbusters (Part 2)}}, date = {2020-10-07}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2020/10/07/ghostdnsbusters-part-2/}, language = {English}, urldate = {2020-10-12} } GhostDNSbusters (Part 2)
2020-09-30Team CymruJames Shank, Jacomo Piccolini
@techreport{shank:20200930:pandamic:f210107, author = {James Shank and Jacomo Piccolini}, title = {{Pandamic: Emissary Pandas in the Middle East}}, date = {2020-09-30}, institution = {Team Cymru}, url = {https://vblocalhost.com/uploads/VB2020-Shank-Piccolini.pdf}, language = {English}, urldate = {2021-04-16} } Pandamic: Emissary Pandas in the Middle East
HyperBro HyperSSL
2020-09-08Team CymruNick Byers, Manabu Niseki, CERT-BR
@online{byers:20200908:ghostdnsbusters:9531dcd, author = {Nick Byers and Manabu Niseki and CERT-BR}, title = {{GhostDNSbusters: Illuminating GhostDNS Infrastructure}}, date = {2020-09-08}, organization = {Team Cymru}, url = {https://team-cymru.com/2020/09/08/ghostdnsbusters/}, language = {English}, urldate = {2020-09-15} } GhostDNSbusters: Illuminating GhostDNS Infrastructure
2020-06-22Team CymruDave Munson
@online{munson:20200622:quick:1045211, author = {Dave Munson}, title = {{Quick Wins with Network Flow Analysis}}, date = {2020-06-22}, organization = {Team Cymru}, url = {https://web.archive.org/web/20220128032410/https://team-cymru.com/blog/2020/06/22/quick-wins-with-network-flow-analysis/}, language = {English}, urldate = {2022-03-28} } Quick Wins with Network Flow Analysis
2020-03-25Team CymruTeam Cymru
@online{cymru:20200325:how:b1d8c31, author = {Team Cymru}, title = {{How the Iranian Cyber Security Agency Detects Emissary Panda Malware}}, date = {2020-03-25}, organization = {Team Cymru}, url = {https://team-cymru.com/2020/03/25/how-the-iranian-cyber-security-agency-detects-emissary-panda-malware/}, language = {English}, urldate = {2020-07-13} } How the Iranian Cyber Security Agency Detects Emissary Panda Malware
HyperBro