Dragon News

Dragon News

An inside look at the world of Team Cymru. Cybersecurity tools, tips, news and views.

Categories


Archives


Tags


Dragon News

Dragon News

An inside look at the world of Team Cymru. Cybersecurity tools, tips, news and views.


RIPE 72 – Copenhagen

While in Copenhagen during May, I had the opportunity to attend my first RIPE event. As a self-confessed non-geek, I wasn’t entirely sure what I was letting myself in for at RIPE 72. What I found, was a group of passionate technologists, as demonstrated by the pride with which the delegates immediately donned the obligatory, ‘Super Geek’...

GOZNYM MALWARE

ARTICLE OVERVIEW Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with Nymaim-based origins Recent active related C2s at 194.149.138.49, 54.186.122.88, 82.13.46.90, 168.235.72.204...

A Look Inside Cerber Ransomware

The “Cerber” family of ransomware first appeared in open source reporting in March 2016, with victims readily identified by the “.cerber” extension left on encrypted files. Unlike many other ransomware variants, Cerber is designed to encrypt a victim’s file system immediately, without receiving “confirmation” or instructions from a command...

Former Scotland Yard detective discusses cybercrime and threat intelligence (CSO Online)

Our very own, Steve Santorelli was interviewed on the CSO Online blog. In the quote below he discusses how Team Cymru came to be. We were founded over a decade ago by four geeks who became obsessed with understanding the motivations behind the early denial of service and malware attacks. What makes us unique is that, from the very early days, we have...

DiamondFox, Nivdort, ProxyBack malware families added to Botnet Analysis and Reporting Service (BARS)

Two weeks ago, the DiamondFox, Nivdort, ProxyBack malware families were added into Team Cymru’s Botnet Analysis & Reporting Service (BARS). What is ProxyBack? ProxyBack is malware that turns infected computers into a network of proxy computers, which are then leased out to other people. Once infected, the computer establishes an outbound connection...