Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-05Team CymruS2 Research Team
@online{team:20220905:mythic:bd40e35, author = {S2 Research Team}, title = {{Mythic Case Study: Assessing Common Offensive Security Tools}}, date = {2022-09-05}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/mythic-case-study-assessing-common-offensive-security-tools}, language = {English}, urldate = {2022-09-13} } Mythic Case Study: Assessing Common Offensive Security Tools
2022-07-12Team CymruKyle Krejci
@online{krejci:20220712:analysis:de83dd7, author = {Kyle Krejci}, title = {{An Analysis of Infrastructure linked to the Hagga Threat Actor}}, date = {2022-07-12}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/07/12/an-analysis-of-infrastructure-linked-to-the-hagga-threat-actor}, language = {English}, urldate = {2022-07-15} } An Analysis of Infrastructure linked to the Hagga Threat Actor
Agent Tesla
2022-05-25Team CymruS2 Research Team
@online{team:20220525:bablosoft:90f50c4, author = {S2 Research Team}, title = {{Bablosoft; Lowering the Barrier of Entry for Malicious Actors}}, date = {2022-05-25}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/}, language = {English}, urldate = {2022-05-29} } Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-04-29Team CymruJoshua Picolet
@online{picolet:20220429:sliver:44c5312, author = {Joshua Picolet}, title = {{Sliver Case Study: Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes}}, date = {2022-04-29}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/04/29/sliver-case-study-assessing-common-offensive-security-tools/}, language = {English}, urldate = {2022-05-05} } Sliver Case Study: Assessing Common Offensive Security Tools The Use of the Sliver C2 Framework for Malicious Purposes
Sliver
2022-04-07Team CymruJosh Hopkins
@online{hopkins:20220407:moqhao:459286e, author = {Josh Hopkins}, title = {{MoqHao Part 2: Continued European Expansion}}, date = {2022-04-07}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion/}, language = {English}, urldate = {2022-04-12} } MoqHao Part 2: Continued European Expansion
MoqHao
2022-03-23Team CymruJosh Hopkins, Brian Eckman, Andy Kraus, Paul Welte
@online{hopkins:20220323:raccoon:8af8713, author = {Josh Hopkins and Brian Eckman and Andy Kraus and Paul Welte}, title = {{Raccoon Stealer – An Insight into Victim “Gates”}}, date = {2022-03-23}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/03/23/raccoon-stealer-an-insight-into-victim-gates/}, language = {English}, urldate = {2022-03-25} } Raccoon Stealer – An Insight into Victim “Gates”
Raccoon
2022-03-10Twitter (@teamcymru_S2)Team Cymru
@online{cymru:20220310:crimson:a646aac, author = {Team Cymru}, title = {{Tweet on Crimson RAT infrastructure used by APT36}}, date = {2022-03-10}, organization = {Twitter (@teamcymru_S2)}, url = {https://twitter.com/teamcymru_S2/status/1501955802025836546}, language = {English}, urldate = {2022-03-14} } Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT
2022-03-08Team CymruJames Shank
@online{shank:20220308:record:89bbecc, author = {James Shank}, title = {{Record breaking DDoS Potential Discovered: CVE-2022-26143}}, date = {2022-03-08}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/03/08/record-breaking-ddos-potential-discovered-cve-2022-26143/}, language = {English}, urldate = {2022-03-28} } Record breaking DDoS Potential Discovered: CVE-2022-26143
2022-01-26Team CymruJosh Hopkins
@online{hopkins:20220126:analysis:4513e29, author = {Josh Hopkins}, title = {{Analysis of a Management IP Address linked to Molerats APT}}, date = {2022-01-26}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/01/26/analysis-of-a-management-ip-address-linked-to-molerats-apt/}, language = {English}, urldate = {2022-02-02} } Analysis of a Management IP Address linked to Molerats APT
2021-11-03Team Cymrutcblogposts
@online{tcblogposts:20211103:webinject:f4d41bb, author = {tcblogposts}, title = {{Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance}}, date = {2021-11-03}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/11/03/webinject-panel-administration-a-vantage-point-into-multiple-threat-actor-campaigns/}, language = {English}, urldate = {2021-11-08} } Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns - A Case Study on the Value of Threat Reconnaisance
DoppelDridex IcedID QakBot Zloader
2021-08-11Team CymruJosh Hopkins
@online{hopkins:20210811:moqhao:91b7e4c, author = {Josh Hopkins}, title = {{MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan}}, date = {2021-08-11}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/08/11/moqhao-part-1-5-high-level-trends-of-recent-campaigns-targeting-japan/}, language = {English}, urldate = {2022-03-28} } MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan
MoqHao
2021-07-08Team CymruAndy Kraus, Dan Heywood
@online{kraus:20210708:enriching:09e07f6, author = {Andy Kraus and Dan Heywood}, title = {{Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign}}, date = {2021-07-08}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/07/08/enriching-threat-intelligence-for-the-carbine-loader-crypto-jacking-campaign/}, language = {English}, urldate = {2021-07-11} } Enriching Threat Intelligence for the Carbine Loader Crypto-jacking Campaign
2021-07-02Team CymruJoshua Picolet
@online{picolet:20210702:transparent:329d046, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure}}, date = {2021-07-02}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/}, language = {English}, urldate = {2021-07-11} } Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure
Crimson RAT
2021-05-19Team CymruJosh Hopkins, Andy Kraus, Nick Byers
@online{hopkins:20210519:tracking:45749be, author = {Josh Hopkins and Andy Kraus and Nick Byers}, title = {{Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network}}, date = {2021-05-19}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/05/19/tracking-bokbot-infrastructure/}, language = {English}, urldate = {2021-05-26} } Tracking BokBot Infrastructure Mapping a Vast and Currently Active BokBot Network
IcedID
2021-04-16Team CymruJoshua Picolet
@online{picolet:20210416:transparent:645e443, author = {Joshua Picolet}, title = {{Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021}}, date = {2021-04-16}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/}, language = {English}, urldate = {2021-04-19} } Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT
2021-03-15Team CymruJosh Hopkins
@online{hopkins:20210315:fin8:838cdc2, author = {Josh Hopkins}, title = {{FIN8: BADHATCH Threat Indicator Enrichmen}}, date = {2021-03-15}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/03/15/fin8-badhatch-threat-indicator-enrichment/}, language = {English}, urldate = {2021-03-18} } FIN8: BADHATCH Threat Indicator Enrichmen
BADHATCH
2021-02-05Team CymruDavid Monnier
@online{monnier:20210205:kobalos:e8f562f, author = {David Monnier}, title = {{Kobalos Malware Mapping Potentially Impacted Networks and IP Address Mapping}}, date = {2021-02-05}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/02/05/kobalos-malware-mapping/}, language = {English}, urldate = {2021-02-06} } Kobalos Malware Mapping Potentially Impacted Networks and IP Address Mapping
Kobalos
2021-01-27Team CymruJames Shank
@online{shank:20210127:taking:fa40609, author = {James Shank}, title = {{Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts}}, date = {2021-01-27}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/27/taking-down-emotet/}, language = {English}, urldate = {2021-01-29} } Taking Down Emotet How Team Cymru Leveraged Visibility and Relationships to Coordinate Community Efforts
Emotet
2021-01-26Team CymruJosh Hopkins, Manabu Niseki, CERT-BR
@online{hopkins:20210126:ghostdnsbusters:d295f93, author = {Josh Hopkins and Manabu Niseki and CERT-BR}, title = {{GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure}}, date = {2021-01-26}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/26/illuminating-ghostdns-infrastructure-part-3/}, language = {English}, urldate = {2021-01-29} } GhostDNSbusters (Part 3) Illuminating GhostDNS Infrastructure
2021-01-20Team CymruAndy Kraus
@online{kraus:20210120:moqhao:e1742ce, author = {Andy Kraus}, title = {{MoqHao Part 1: Identifying Phishing Infrastructure}}, date = {2021-01-20}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2021/01/20/moqhao-part-1-identifying-phishing-infrastructure/}, language = {English}, urldate = {2022-04-12} } MoqHao Part 1: Identifying Phishing Infrastructure
MoqHao