Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-24Palo Alto Networks Unit 42Mark Lim, Riley Porter
@online{lim:20220624:there:7a3b762, author = {Mark Lim and Riley Porter}, title = {{There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families}}, date = {2022-06-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/api-hammering-malware-families/}, language = {English}, urldate = {2022-06-27} } There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
BazarBackdoor Zloader
2022-06-13Palo Alto Networks Unit 42Unit 42
@online{42:20220613:gallium:d89b0b2, author = {Unit 42}, title = {{GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool}}, date = {2022-06-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pingpull-gallium/}, language = {English}, urldate = {2022-06-15} } GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
2022-06-10Palo Alto Networks Unit 42Doel Santos, Daniel Bunce
@online{santos:20220610:exposing:f66db25, author = {Doel Santos and Daniel Bunce}, title = {{Exposing HelloXD Ransomware and x4k}}, date = {2022-06-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/helloxd-ransomware}, language = {English}, urldate = {2022-06-11} } Exposing HelloXD Ransomware and x4k
2022-06-09Palo Alto Networks Unit 42Amer Elsad, JR Gumarin, Abigail Barr
@online{elsad:20220609:lockbit:3cfa609, author = {Amer Elsad and JR Gumarin and Abigail Barr}, title = {{LockBit 2.0: How This RaaS Operates and How to Protect Against It}}, date = {2022-06-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/lockbit-2-ransomware/}, language = {English}, urldate = {2022-06-11} } LockBit 2.0: How This RaaS Operates and How to Protect Against It
LockBit
2022-05-19Palo Alto Networks Unit 42Saqib Khanzada
@online{khanzada:20220519:weaponization:969a179, author = {Saqib Khanzada}, title = {{Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies}}, date = {2022-05-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/excel-add-ins-dridex-infection-chain}, language = {English}, urldate = {2022-05-23} } Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies
Dridex
2022-05-17Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20220517:emotet:5f61714, author = {Brad Duncan}, title = {{Emotet Summary: November 2021 Through January 2022}}, date = {2022-05-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/}, language = {English}, urldate = {2022-05-29} } Emotet Summary: November 2021 Through January 2022
Emotet
2022-05-12Palo Alto Networks Unit 42Tyler Halfpop
@online{halfpop:20220512:harmful:163b756, author = {Tyler Halfpop}, title = {{Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla}}, date = {2022-05-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/}, language = {English}, urldate = {2022-05-17} } Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
Agent Tesla
2022-05-06Palo Alto Networks Unit 42Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220506:cobalt:8248108, author = {Chris Navarrete and Durgesh Sangvikar and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding}}, date = {2022-05-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-metadata-encoding-decoding/}, language = {English}, urldate = {2022-05-09} } Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike
2022-04-08Palo Alto Networks Unit 42Shimi Cohen, Inbal Shalev, Irena Damsky
@online{cohen:20220408:new:6c99a64, author = {Shimi Cohen and Inbal Shalev and Irena Damsky}, title = {{New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns}}, date = {2022-04-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/solarmarker-malware/}, language = {English}, urldate = {2022-04-14} } New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
solarmarker
2022-03-31Palo Alto Networks Unit 42Haozhe Zhang, Ken Hsu, Tao Yan, Qi Deng
@online{zhang:20220331:cve202222965:62238d6, author = {Haozhe Zhang and Ken Hsu and Tao Yan and Qi Deng}, title = {{CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)}}, date = {2022-03-31}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/}, language = {English}, urldate = {2022-04-06} } CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)
2022-03-24Palo Alto Networks Unit 42Unit 42
@techreport{42:20220324:ransomware:5478011, author = {Unit 42}, title = {{Ransomware Threat Report 2022}}, date = {2022-03-24}, institution = {Palo Alto Networks Unit 42}, url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}, language = {English}, urldate = {2022-03-28} } Ransomware Threat Report 2022
2022-02-22Palo Alto Networks Unit 42Unit 42
@online{42:20220222:russiaukraine:63a2dfc, author = {Unit 42}, title = {{Russia-Ukraine Crisis: How to Protect Against the Cyber Impact}}, date = {2022-02-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/}, language = {English}, urldate = {2022-03-02} } Russia-Ukraine Crisis: How to Protect Against the Cyber Impact
HermeticWiper
2022-02-15Palo Alto Networks Unit 42Saqib Khanzada, Tyler Halfpop, Micah Yates, Brad Duncan
@online{khanzada:20220215:new:822e8f9, author = {Saqib Khanzada and Tyler Halfpop and Micah Yates and Brad Duncan}, title = {{New Emotet Infection Method}}, date = {2022-02-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/new-emotet-infection-method/}, language = {English}, urldate = {2022-02-17} } New Emotet Infection Method
Emotet
2022-02-03Palo Alto Networks Unit 42Unit 42
@online{42:20220203:russias:920c595, author = {Unit 42}, title = {{Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine}}, date = {2022-02-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/}, language = {English}, urldate = {2022-02-07} } Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
Pteranodon Gamaredon Group
2022-01-27Palo Alto Networks Unit 42Amanda Tanner, Alex Hinchliffe, Doel Santos
@online{tanner:20220127:threat:15f076d, author = {Amanda Tanner and Alex Hinchliffe and Doel Santos}, title = {{Threat Assessment: BlackCat Ransomware}}, date = {2022-01-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/blackcat-ransomware/}, language = {English}, urldate = {2022-02-01} } Threat Assessment: BlackCat Ransomware
BlackCat
2022-01-25Palo Alto Networks Unit 42Yaron Samuel
@online{samuel:20220125:weaponization:3f900f4, author = {Yaron Samuel}, title = {{Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies}}, date = {2022-01-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/excel-add-ins-malicious-xll-files-agent-tesla/}, language = {English}, urldate = {2022-01-28} } Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies
Agent Tesla
2022-01-20Palo Alto Networks Unit 42Robert Falcone, Mike Harbison, Josh Grunzweig
@online{falcone:20220120:threat:4aad471, author = {Robert Falcone and Mike Harbison and Josh Grunzweig}, title = {{Threat Brief: Ongoing Russia and Ukraine Cyber Conflict}}, date = {2022-01-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/}, language = {English}, urldate = {2022-01-24} } Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
WhisperGate
2021-12-29Palo Alto Networks Unit 42Zhanhao Chen, Daiping Liu, Wanjin Li, Jielong Xu
@online{chen:20211229:strategically:0d2fa74, author = {Zhanhao Chen and Daiping Liu and Wanjin Li and Jielong Xu}, title = {{Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends}}, date = {2021-12-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/}, language = {English}, urldate = {2022-01-05} } Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
Chrysaor SUNBURST
2021-12-02Palo Alto Networks Unit 42Robert Falcone, Peter Renals
@online{falcone:20211202:expands:dfaebce, author = {Robert Falcone and Peter Renals}, title = {{APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus}}, date = {2021-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/}, language = {English}, urldate = {2021-12-02} } APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Godzilla Webshell
2021-11-07Palo Alto Networks Unit 42Robert Falcone, Jeff White, Peter Renals
@online{falcone:20211107:targeted:121be00, author = {Robert Falcone and Jeff White and Peter Renals}, title = {{Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer}}, date = {2021-11-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/}, language = {English}, urldate = {2021-12-02} } Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite