Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2019-09-23Palo Alto Networks Unit 42Brittany Barbehenn, Robert Falcone
xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
Hisoka
2019-07-08SANSJosh M. Bryant, Robert Falcone
Hunting Webshells: Tracking TwoFace
TwoFace
2019-05-28Palo Alto Networks Unit 42Robert Falcone, Tom Lancaster
Emissary Panda Attacks Middle East Government Sharepoint Servers
CHINACHOPPER HyperSSL
2019-04-30Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Behind the Scenes with OilRig
BONDUPDATER
2019-04-17Palo Alto Networks Unit 42Brittany Ash, Robert Falcone
Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
Hagga The Gorgon Group
2019-04-16Robert Falcone
DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent
2019-03-04Palo Alto Networks Unit 42Brittany Ash, Robert Falcone
New Python-Based Payload MechaFlounder Used by Chafer
APT39
2019-02-13Youtube (SANS Digital Forensics & Incident Response)Josh Bryant, Robert Falcone
Hunting Webshells: Tracking TwoFace - SANS Threat Hunting Summit 2018
TwoFace
2019-01-08paloalto Netoworks: Unit42Bryan Lee, Robert Falcone
DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
RogueRobinNET DarkHydrus
2018-12-18paloalto Networks Unit 42Robert Falcone
Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
Zebrocy
2018-12-13Palo Alto Networks Unit 42Robert Falcone
Shamoon 3 Targets Oil and Gas Organization
DistTrack
2018-12-12Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Dear Joohn: The Sofacy Group’s Global Campaign
APT28
2018-11-20Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
APT28
2018-11-20Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
Cannon
2018-11-16Palo Alto Networks Unit 42Kyle Wilhoit, Robert Falcone
Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
OilRig
2018-09-12Palo Alto Networks Unit 42Kyle Wilhoit, Robert Falcone
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
OilRig
2018-09-12Palo Alto Networks Unit 42Kyle Wilhoit, Robert Falcone
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
BONDUPDATER
2018-08-07Palo Alto Networks Unit 42Robert Falcone
DarkHydrus Uses Phishery to Harvest Credentials in the Middle East
DarkHydrus
2018-08-02Palo Alto Networks Unit 42David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT
2018-08-02David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
The Gorgon Group