Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-17Team CymruTeam Cymru
@online{cymru:20230517:visualizing:a560ffb, author = {Team Cymru}, title = {{Visualizing QakBot Infrastructure}}, date = {2023-05-17}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/visualizing-qakbot-infrastructure}, language = {English}, urldate = {2023-05-21} } Visualizing QakBot Infrastructure
QakBot
2023-04-19Team CymruS2 Research Team
@online{team:20230419:allakored:9832ba9, author = {S2 Research Team}, title = {{AllaKore(d) the SideCopy Train}}, date = {2023-04-19}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/allakore-d-the-sidecopy-train}, language = {English}, urldate = {2023-04-22} } AllaKore(d) the SideCopy Train
AllaKore
2023-04-04Team CymruTeam Cymru, S2 Research Team
@online{cymru:20230404:blog:94e7e30, author = {Team Cymru and S2 Research Team}, title = {{A Blog with NoName}}, date = {2023-04-04}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/a-blog-with-noname}, language = {English}, urldate = {2023-05-05} } A Blog with NoName
Dosia
2023-03-16Team CymruS2 Research Team
@online{team:20230316:moqhao:b249827, author = {S2 Research Team}, title = {{MoqHao Part 3: Recent Global Targeting Trends}}, date = {2023-03-16}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/moqhao-part-3-recent-global-targeting-trends}, language = {English}, urldate = {2023-03-20} } MoqHao Part 3: Recent Global Targeting Trends
MoqHao
2023-02-24Team CymruTeam Cymru
@online{cymru:20230224:desde:d9ec280, author = {Team Cymru}, title = {{Desde Chile con Malware (From Chile with Malware)}}, date = {2023-02-24}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/from-chile-with-malware}, language = {English}, urldate = {2023-03-13} } Desde Chile con Malware (From Chile with Malware)
IcedID PhotoLoader
2023-01-19Team CymruS2 Research Team
@online{team:20230119:darth:4a19fc1, author = {S2 Research Team}, title = {{Darth Vidar: The Dark Side of Evolving Threat Infrastructure}}, date = {2023-01-19}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure}, language = {English}, urldate = {2023-01-19} } Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Vidar
2022-12-21Team CymruS2 Research Team
@online{team:20221221:inside:8298d24, author = {S2 Research Team}, title = {{Inside the IcedID BackConnect Protocol}}, date = {2022-12-21}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol}, language = {English}, urldate = {2022-12-24} } Inside the IcedID BackConnect Protocol
IcedID
2022-10-07Team CymruS2 Research Team
@online{team:20221007:visualizza:0ed3fe8, author = {S2 Research Team}, title = {{A Visualizza into Recent IcedID Campaigns: Reconstructing Threat Actor Metrics with Pure Signal™ Recon}}, date = {2022-10-07}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/a-visualizza-into-recent-icedid-campaigns}, language = {English}, urldate = {2022-10-10} } A Visualizza into Recent IcedID Campaigns: Reconstructing Threat Actor Metrics with Pure Signal™ Recon
IcedID PhotoLoader
2022-09-29Team CymruS2 Research Team
@online{team:20220929:seychelles:2d1a3c1, author = {S2 Research Team}, title = {{Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM.}}, date = {2022-09-29}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore}, language = {English}, urldate = {2022-10-10} } Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM.
Amadey Raccoon RedLine Stealer SmokeLoader STOP
2022-09-05Team CymruS2 Research Team
@online{team:20220905:mythic:bd40e35, author = {S2 Research Team}, title = {{Mythic Case Study: Assessing Common Offensive Security Tools}}, date = {2022-09-05}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/mythic-case-study-assessing-common-offensive-security-tools}, language = {English}, urldate = {2022-09-13} } Mythic Case Study: Assessing Common Offensive Security Tools
2022-07-12Team CymruKyle Krejci
@online{krejci:20220712:analysis:de83dd7, author = {Kyle Krejci}, title = {{An Analysis of Infrastructure linked to the Hagga Threat Actor}}, date = {2022-07-12}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/07/12/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor}, language = {English}, urldate = {2022-07-15} } An Analysis of Infrastructure linked to the Hagga Threat Actor
Agent Tesla
2022-05-25Team CymruS2 Research Team
@online{team:20220525:bablosoft:90f50c4, author = {S2 Research Team}, title = {{Bablosoft; Lowering the Barrier of Entry for Malicious Actors}}, date = {2022-05-25}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/}, language = {English}, urldate = {2022-05-29} } Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-04-29Team CymruJoshua Picolet
@online{picolet:20220429:sliver:44c5312, author = {Joshua Picolet}, title = {{Sliver Case Study: Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes}}, date = {2022-04-29}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/sliver-case-study-assessing-common-offensive-security-tools}, language = {English}, urldate = {2022-11-02} } Sliver Case Study: Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes
Sliver
2022-04-07Team CymruJosh Hopkins
@online{hopkins:20220407:moqhao:459286e, author = {Josh Hopkins}, title = {{MoqHao Part 2: Continued European Expansion}}, date = {2022-04-07}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion/}, language = {English}, urldate = {2022-04-12} } MoqHao Part 2: Continued European Expansion
MoqHao
2022-03-23Team CymruJosh Hopkins, Brian Eckman, Andy Kraus, Paul Welte
@online{hopkins:20220323:raccoon:8af8713, author = {Josh Hopkins and Brian Eckman and Andy Kraus and Paul Welte}, title = {{Raccoon Stealer – An Insight into Victim “Gates”}}, date = {2022-03-23}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/03/23/raccoon-stealer-an-insight-into-victim-gates/}, language = {English}, urldate = {2022-03-25} } Raccoon Stealer – An Insight into Victim “Gates”
Raccoon
2022-03-10Twitter (@teamcymru_S2)Team Cymru
@online{cymru:20220310:crimson:a646aac, author = {Team Cymru}, title = {{Tweet on Crimson RAT infrastructure used by APT36}}, date = {2022-03-10}, organization = {Twitter (@teamcymru_S2)}, url = {https://twitter.com/teamcymru_S2/status/1501955802025836546}, language = {English}, urldate = {2022-03-14} } Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT
2022-03-08Team CymruJames Shank
@online{shank:20220308:record:89bbecc, author = {James Shank}, title = {{Record breaking DDoS Potential Discovered: CVE-2022-26143}}, date = {2022-03-08}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/}, language = {English}, urldate = {2022-03-28} } Record breaking DDoS Potential Discovered: CVE-2022-26143
2022-01-26Team CymruJosh Hopkins
@online{hopkins:20220126:analysis:4513e29, author = {Josh Hopkins}, title = {{Analysis of a Management IP Address linked to Molerats APT}}, date = {2022-01-26}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/01/26/analysis-of-a-management-ip-address-linked-to-molerats-apt/}, language = {English}, urldate = {2022-02-02} } Analysis of a Management IP Address linked to Molerats APT
2021-11-03Team Cymrutcblogposts
@online{tcblogposts:20211103:webinject:f4d41bb, author = {tcblogposts}, title = {{Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance}}, date = {2021-11-03}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/11/03/webinject-panel-administration-a-vantage-point-into-multiple-threat-actor-campaigns/}, language = {English}, urldate = {2021-11-08} } Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance
DoppelDridex IcedID QakBot Zloader
2021-08-11Team CymruJosh Hopkins
@online{hopkins:20210811:moqhao:91b7e4c, author = {Josh Hopkins}, title = {{MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan}}, date = {2021-08-11}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/08/11/moqhao-part-1-5-high-level-trends-of-recent-campaigns-targeting-japan/}, language = {English}, urldate = {2022-03-28} } MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
MoqHao