Malpedia Library

Click here to download all references as Bib-File.•

2020-12-17 ⋅ Palo Alto Networks Unit 42 ⋅ Matt Tennis
SUPERNOVA: SolarStorm’s Novel .NET Webshell
SUPERNOVA

2020-12-14 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Threat Brief: SolarStorm and SUNBURST Customer Coverage
Cobalt Strike SUNBURST

2020-12-14 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
PyMICROPSIA: New Information-Stealing Trojan from AridViper

2020-12-10 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike

2020-12-10 ⋅ Palo Alto Networks Unit 42 ⋅ Claud Xiao, Jim Fitzgerald, Xiao Zhang, Yang Ji, Yue Chen
PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL

2020-12-09 ⋅ Palo Alto Networks Unit 42 ⋅ Chris Navarrete, Haozhe Zhang, Yanhui Jia
njRAT Spreading Through Active Pastebin Command and Control Tunnel
NjRAT

2020-12-08 ⋅ Palo Alto Networks Unit 42 ⋅ Brittany Barbehenn, Doel Santos, Robert Falcone
Threat Assessment: Egregor Ransomware
Egregor

2020-11-09 ⋅ Palo Alto Networks Unit 42 ⋅ Jin Chen, Tao Yan, Taojie Wang, Yu Fu
A Closer Look at the Web Skimmer

2020-11-09 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy

2020-11-06 ⋅ Palo Alto Networks Unit 42 ⋅ CRYPSIS, Drew Schmitt, Ryan Tracey
Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777
Cobalt Strike PyXie RansomEXX

2020-11-06 ⋅ Palo Alto Networks Unit 42 ⋅ CRYPSIS, Drew Schmitt, Ryan Tracey
Last, but Not Least: Defray777
PyXie RansomEXX

2020-11-06 ⋅ Palo Alto Networks Unit 42 ⋅ CRYPSIS, Drew Schmitt, Ryan Tracey
When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777
PyXie RansomEXX

2020-11-06 ⋅ Palo Alto Networks Unit 42 ⋅ CRYPSIS, Drew Schmitt, Ryan Tracey
Linking Vatet, PyXie and Defray777
PyXie RansomEXX

2020-11-06 ⋅ Palo Alto Networks Unit 42 ⋅ CRYPSIS, Drew Schmitt, Ryan Tracey
Next Up: “PyXie Lite”
Defray PyXie

2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan, Brittany Barbehenn, Doel Santos
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
Anchor BazarBackdoor Ryuk TrickBot

2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Janos Szurdi, Jingwei Fan, Ruian Duan, Seokkyung Chung, Zhanhao Chen
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet

2020-10-14 ⋅ Palo Alto Networks Unit 42 ⋅ Ken Hsu, Qi Deng, Vaibhav Singhal, Yue Guan
Two New IoT Vulnerabilities Identified with Mirai Payloads
Mirai

2020-09-04 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
PowGoop Hakbit

2020-09-03 ⋅ Palo Alto Networks Unit 42 ⋅ Haozhe Zhang, Qi Deng, Ruchna Nigam, Zhibin Zhang
Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
Mirai PerlBot

2020-09-02 ⋅ Palo Alto Networks Unit 42 ⋅ Janos Szurdi, Zhanhao Chen
Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
Azorult