13 matches found
Yurei Ransomware Uses Common Tools, Adds Stranger Things References
Team Cymru details the Yurei ransomware campaign, using standard tools and a few Stranger Things–named payloads to breach and encrypt systems...
INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime
INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure...
JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session...
QakBot Malware Operators Expand C2 Network with 15 New Servers
The operators associated with the QakBot aka QBot malware have set up 15 new command-and-control C2 servers as of late June 2023. The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed tha...
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect BC module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that start...
The WireX Botnet: An example of cross-organizational cooperation
Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...
DNS SOHO Router Pharming Attack Takes 300,000 Routers
More than 300,000 small office and home office routers, most in Europe and Asia, were compromised in a campaign that started in mid-December, continuing a rash of security incidents involving home and small business networking equipment. Researchers at Team Cymru published a report today on the...
[OS X Auditor] free Mac OS X computer forensics tool
OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the user...
Nmap NSE 6.01: asn-query
Maps IP addresses to autonomous system AS numbers. The script works by sending DNS TXT queries to a DNS server which in turn queries a third-party service provided by Team Cymru team-cymru.org using an in-addr.arpa style zone set up especially for use by Nmap. The responses to these queries conta...
Nmap NSE net: asn-query
Maps IP addresses to autonomous system AS numbers. The script works by sending DNS TXT queries to a DNS server which in turn queries a third-party service provided by Team Cymru team-cymru.org using an in-addr.arpa style zone set up especially for use by Nmap. The responses to these queries conta...
PandaLabs Uncovers the Cyber-Crime Black Market
Inventory is growing and prices are dropping on the cyber crime black market, according to a new report from security firm Panda Labs. Stolen banking credentials, malicious programs and stolen credit cards are all for sale online in what Panda experts say is a flourishing criminal black market...
The Malware Oscars Part 2
In part two of this three-part series, Team Cymru members discuss more of the most successful and innovative malware attacks of 2009...
asn-query NSE Script
Maps IP addresses to autonomous system AS numbers. The script works by sending DNS TXT queries to a DNS server which in turn queries a third-party service provided by Team Cymru using an in-addr.arpa style zone set up especially for use by Nmap. The responses to these queries contain both Origin...