Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-02Palo Alto Networks Unit 42Dominik Reichel, Esmid Idrizovic, Bob Jung
@online{reichel:20221202:blowing:0698d7a, author = {Dominik Reichel and Esmid Idrizovic and Bob Jung}, title = {{Blowing Cobalt Strike Out of the Water With Memory Analysis}}, date = {2022-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/}, language = {English}, urldate = {2022-12-05} } Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike
2022-07-19R136a1Dominik Reichel
@online{reichel:20220719:look:84e1e01, author = {Dominik Reichel}, title = {{A look into APT29's new early-stage Google Drive downloader}}, date = {2022-07-19}, organization = {R136a1}, url = {https://r136a1.info/2022/07/19/a-look-into-apt29s-new-early-stage-google-drive-downloader/}, language = {English}, urldate = {2022-10-19} } A look into APT29's new early-stage Google Drive downloader
BEATDROP BOOMBOX Gdrive Unidentified 098 (APT29 Slack Downloader)
2022-06-18R136a1Dominik Reichel
@online{reichel:20220618:using:791a20c, author = {Dominik Reichel}, title = {{Using dotnetfile to get a Sunburst timeline for intelligence gathering}}, date = {2022-06-18}, organization = {R136a1}, url = {https://r136a1.info/2022/06/18/using-dotnetfile-to-get-a-sunburst-timeline-for-intelligence-gathering/}, language = {English}, urldate = {2022-07-25} } Using dotnetfile to get a Sunburst timeline for intelligence gathering
SUNBURST
2022-05-22R136a1Dominik Reichel
@online{reichel:20220522:introduction:47edade, author = {Dominik Reichel}, title = {{Introduction of a PE file extractor for various situations}}, date = {2022-05-22}, organization = {R136a1}, url = {https://r136a1.info/2022/05/25/introduction-of-a-pe-file-extractor-for-various-situations/}, language = {English}, urldate = {2022-06-02} } Introduction of a PE file extractor for various situations
Cobalt Strike Matanbuchus
2021-02-19Palo Alto Networks Unit 42Dominik Reichel
@online{reichel:20210219:ironnetinjector:07c7f33, author = {Dominik Reichel}, title = {{IronNetInjector: Turla’s New Malware Loading Tool}}, date = {2021-02-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ironnetinjector/}, language = {English}, urldate = {2021-02-20} } IronNetInjector: Turla’s New Malware Loading Tool
Agent.BTZ IronNetInjector TurlaRPC
2021-01-04Twitter (@TheEnergyStory)Dominik Reichel
@online{reichel:20210104:some:9e72d62, author = {Dominik Reichel}, title = {{Some small detail on compiler used for TEARDROP}}, date = {2021-01-04}, organization = {Twitter (@TheEnergyStory)}, url = {https://twitter.com/TheEnergyStory/status/1346096298311741440}, language = {English}, urldate = {2021-01-11} } Some small detail on compiler used for TEARDROP
TEARDROP
2020-12-24Twitter (@TheEnergyStory)Dominik Reichel
@online{reichel:20201224:teardrop:8b014ba, author = {Dominik Reichel}, title = {{Tweet on TEARDROP sample}}, date = {2020-12-24}, organization = {Twitter (@TheEnergyStory)}, url = {https://twitter.com/TheEnergyStory/status/1342041055563313152}, language = {English}, urldate = {2021-01-01} } Tweet on TEARDROP sample
TEARDROP
2020-06-17paloalto Networks Unit 42Dominik Reichel, Esmid Idrizovic
@online{reichel:20200617:acidbox:556ade7, author = {Dominik Reichel and Esmid Idrizovic}, title = {{AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations}}, date = {2020-06-17}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/acidbox-rare-malware/}, language = {English}, urldate = {2020-06-18} } AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
AcidBox
2020-03-19Twitter (@TheEnergyStory)Dominik Reichel
@online{reichel:20200319:early:21fec54, author = {Dominik Reichel}, title = {{Tweet on early GuLoader samples dating back to October 2019}}, date = {2020-03-19}, organization = {Twitter (@TheEnergyStory)}, url = {https://twitter.com/TheEnergyStory/status/1240608893610459138}, language = {English}, urldate = {2021-01-05} } Tweet on early GuLoader samples dating back to October 2019
CloudEyE
2020-03-15Twitter (@TheEnergyStory)Dominik Reichel
@online{reichel:20200315:guloader:d3bc331, author = {Dominik Reichel}, title = {{GuLoader anti analysis/sandbox tricks}}, date = {2020-03-15}, organization = {Twitter (@TheEnergyStory)}, url = {https://twitter.com/TheEnergyStory/status/1239110192060608513}, language = {English}, urldate = {2021-01-05} } GuLoader anti analysis/sandbox tricks
CloudEyE
2018-09-06Palo Alto Networks Unit 42Dominik Reichel, Esmid Idrizovic
@online{reichel:20180906:slicing:b6b847f, author = {Dominik Reichel and Esmid Idrizovic}, title = {{Slicing and Dicing CVE-2018-5002 Payloads: New CHAINSHOT Malware}}, date = {2018-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/09/unit42-slicing-dicing-cve-2018-5002-payloads-new-chainshot-malware/}, language = {English}, urldate = {2019-12-20} } Slicing and Dicing CVE-2018-5002 Payloads: New CHAINSHOT Malware
Chainshot
2017-11-01Palo Alto Networks Unit 42Brandon Levene, Brandon Young, Dominik Reichel
@online{levene:20171101:everybody:9473c82, author = {Brandon Levene and Brandon Young and Dominik Reichel}, title = {{Everybody Gets One: QtBot Used to Distribute Trickbot and Locky}}, date = {2017-11-01}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2017/11/unit42-everybody-gets-one-qtbot-used-distribute-trickbot-locky/}, language = {English}, urldate = {2019-12-20} } Everybody Gets One: QtBot Used to Distribute Trickbot and Locky
QtBot
2017-09-06Palo Alto Networks Unit 42Dominik Reichel
@online{reichel:20170906:analysing:a5a6017, author = {Dominik Reichel}, title = {{Analysing a 10-Year-Old SNOWBALL}}, date = {2017-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/}, language = {English}, urldate = {2019-12-20} } Analysing a 10-Year-Old SNOWBALL
Babar
2017-03-28Palo Alto Networks Unit 42Brandon Levene, Dominik Reichel, Esmid Idrizovic
@online{levene:20170328:dimnie:a19c996, author = {Brandon Levene and Dominik Reichel and Esmid Idrizovic}, title = {{Dimnie: Hiding in Plain Sight}}, date = {2017-03-28}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/}, language = {English}, urldate = {2019-12-20} } Dimnie: Hiding in Plain Sight
Dimnie
2017-02-27Palo Alto Networks Unit 42Anthony Kasza, Dominik Reichel
@online{kasza:20170227:gamaredon:da1102c, author = {Anthony Kasza and Dominik Reichel}, title = {{The Gamaredon Group Toolset Evolution}}, date = {2017-02-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution}, language = {English}, urldate = {2022-08-25} } The Gamaredon Group Toolset Evolution
Pteranodon RMS Gamaredon Group
2017-02-27Palo Alto Networks Unit 42Anthony Kasza, Dominik Reichel
@online{kasza:20170227:gamaredon:322eb5f, author = {Anthony Kasza and Dominik Reichel}, title = {{The Gamaredon Group Toolset Evolution}}, date = {2017-02-27}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/}, language = {English}, urldate = {2019-12-20} } The Gamaredon Group Toolset Evolution
Pteranodon
2017-02-27Palo Alto Networks Unit 42Anthony Kasza, Dominik Reichel
@online{kasza:20170227:gamaredon:a88c3f8, author = {Anthony Kasza and Dominik Reichel}, title = {{The Gamaredon Group Toolset Evolution}}, date = {2017-02-27}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution}, language = {English}, urldate = {2019-12-20} } The Gamaredon Group Toolset Evolution
Gamaredon Group
2017-02-27Palo Alto Networks Unit 42Anthony Kasza, Dominik Reichel
@online{kasza:20170227:gamaredon:3d28d34, author = {Anthony Kasza and Dominik Reichel}, title = {{The Gamaredon Group Toolset Evolution}}, date = {2017-02-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution/}, language = {English}, urldate = {2020-01-09} } The Gamaredon Group Toolset Evolution
Gamaredon Group
2017-01-06Palo Alto Networks Unit 42Dominik Reichel
@online{reichel:20170106:2016:f928ad2, author = {Dominik Reichel}, title = {{2016 Updates to Shifu Banking Trojan}}, date = {2017-01-06}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/01/unit42-2016-updates-shifu-banking-trojan/}, language = {English}, urldate = {2019-12-20} } 2016 Updates to Shifu Banking Trojan
Shifu