Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-13Palo Alto Networks Unit 42Jeff White
@online{white:20220913:originlogger:92a4758, author = {Jeff White}, title = {{OriginLogger: A Look at Agent Tesla’s Successor}}, date = {2022-09-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/originlogger/}, language = {English}, urldate = {2022-09-16} } OriginLogger: A Look at Agent Tesla’s Successor
Agent Tesla OriginLogger
2021-11-07Palo Alto Networks Unit 42Robert Falcone, Jeff White, Peter Renals
@online{falcone:20211107:targeted:121be00, author = {Robert Falcone and Jeff White and Peter Renals}, title = {{Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer}}, date = {2021-11-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/}, language = {English}, urldate = {2021-12-02} } Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite
2021-06-16Palo Alto Networks Unit 42Jeff White, Kyle Wilhoit
@online{white:20210616:matanbuchus:e514a4b, author = {Jeff White and Kyle Wilhoit}, title = {{Matanbuchus: Malware-as-a-Service with Demonic Intentions}}, date = {2021-06-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/matanbuchus-malware-as-a-service/}, language = {English}, urldate = {2021-06-21} } Matanbuchus: Malware-as-a-Service with Demonic Intentions
Matanbuchus BelialDemon
2021-03-08Palo Alto Networks Unit 42Jeff White
@online{white:20210308:analyzing:9b932a3, author = {Jeff White}, title = {{Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells}}, date = {2021-03-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/china-chopper-webshell/}, language = {English}, urldate = {2021-03-11} } Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
CHINACHOPPER
2018-02-27Palo Alto Networks Unit 42Jeff White
@online{white:20180227:dissecting:4a4c07e, author = {Jeff White}, title = {{Dissecting Hancitor’s Latest 2018 Packer}}, date = {2018-02-27}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/02/unit42-dissecting-hancitors-latest-2018-packer/}, language = {English}, urldate = {2019-12-20} } Dissecting Hancitor’s Latest 2018 Packer
Hancitor
2017-09-25Palo Alto Networks Unit 42Jeff White
@online{white:20170925:analyzing:92167ce, author = {Jeff White}, title = {{Analyzing the Various Layers of AgentTesla’s Packing}}, date = {2017-09-25}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layers-agentteslas-packing/}, language = {English}, urldate = {2019-12-20} } Analyzing the Various Layers of AgentTesla’s Packing
Agent Tesla
2017-05-31ropgadget.comJeff White
@online{white:20170531:writing:1ad3f1b, author = {Jeff White}, title = {{Writing PCRE's for applied passive network defense [Emotet]}}, date = {2017-05-31}, organization = {ropgadget.com}, url = {http://ropgadget.com/posts/defensive_pcres.html}, language = {English}, urldate = {2020-03-06} } Writing PCRE's for applied passive network defense [Emotet]
Emotet
2016-08-30Palo Alto Networks Unit 42Jeff White
@online{white:20160830:pythons:10b7e3c, author = {Jeff White}, title = {{Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation}}, date = {2016-08-30}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2016/08/unit42-pythons-and-unicorns-and-hancitoroh-my-decoding-binaries-through-emulation/}, language = {English}, urldate = {2019-12-20} } Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation
2016-08-22Palo Alto Networks Unit 42Jeff White
@online{white:20160822:vb:7220081, author = {Jeff White}, title = {{VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick}}, date = {2016-08-22}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellcode-for-hancitor-reveal-new-techniques-behind-uptick/}, language = {English}, urldate = {2019-12-20} } VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
Hancitor
2016-02-25Palo Alto Networks Unit 42Jeff White
@online{white:20160225:keybase:676bd3f, author = {Jeff White}, title = {{KeyBase Threat Grows Despite Public Takedown: A Picture is Worth a Thousand Words}}, date = {2016-02-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/keybase-threat-grows-despite-public-takedown-a-picture-is-worth-a-thousand-words/}, language = {English}, urldate = {2020-01-10} } KeyBase Threat Grows Despite Public Takedown: A Picture is Worth a Thousand Words
KeyBase