Malpedia Library

2018-12-12 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
Dear Joohn: The Sofacy Group’s Global Campaign
APT28

2018-11-20 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
APT28

2018-11-20 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
Cannon

2018-11-16 ⋅ Palo Alto Networks Unit 42 ⋅ Kyle Wilhoit, Robert Falcone
Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
OilRig

2018-11-05 ⋅ Palo Alto Networks Unit 42 ⋅ Tom Lancaster
Inception Attackers Target Europe with Year-old Office Vulnerability
PowerShower Inception Framework

2018-11-05 ⋅ Palo Alto Networks Unit 42 ⋅ Tom Lancaster
Inception Attackers Target Europe with Year-old Office Vulnerability
PowerShower

2018-10-25 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
New Techniques to Uncover and Attribute Cobalt Gang Commodity Builders and Infrastructure Revealed
Cobalt

2018-10-01 ⋅ Palo Alto Networks Unit 42 ⋅ Josh Grunzweig
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT
Nokki

2018-09-27 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Josh Grunzweig
New KONNI Malware attacking Eurasia and Southeast Asia
Nokki

2018-09-17 ⋅ Palo Alto Networks Unit 42 ⋅ Claud Xiao, Cong Zheng, Xingyu Jin
Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
Xbash

2018-09-12 ⋅ Palo Alto Networks Unit 42 ⋅ Kyle Wilhoit, Robert Falcone
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
OilRig

2018-09-12 ⋅ Palo Alto Networks Unit 42 ⋅ Kyle Wilhoit, Robert Falcone
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
BONDUPDATER

2018-09-09 ⋅ Palo Alto Networks Unit 42 ⋅ Ruchna Nigam
Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall
Bashlite Mirai

2018-09-06 ⋅ Palo Alto Networks Unit 42 ⋅ Dominik Reichel, Esmid Idrizovic
Slicing and Dicing CVE-2018-5002 Payloads: New CHAINSHOT Malware
Chainshot

2018-08-07 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
DarkHydrus Uses Phishery to Harvest Credentials in the Middle East
DarkHydrus

2018-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT

2018-07-31 ⋅ Palo Alto Networks Unit 42 ⋅ Kaoru Hayashi, Vicky Ray
Bisonal Malware Used in Attacks Against Russia and South Korea
Korlia

2018-07-31 ⋅ Palo Alto Networks Unit 42 ⋅ Kaoru Hayashi, Vicky Ray
Bisonal Malware Used in Attacks Against Russia and South Korea

2018-07-27 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone, Tom Lancaster
New Threat Actor Group DarkHydrus Targets Middle East Government
RogueRobin DarkHydrus

2018-07-25 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
OilRig Targets Technology Service Provider and Government Agency with QUADAGENT
OilRig