Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-19Palo Alto Networks Unit 42Dominik Reichel
@online{reichel:20210219:ironnetinjector:07c7f33, author = {Dominik Reichel}, title = {{IronNetInjector: Turla’s New Malware Loading Tool}}, date = {2021-02-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ironnetinjector/}, language = {English}, urldate = {2021-02-20} } IronNetInjector: Turla’s New Malware Loading Tool
Agent.BTZ TurlaRPC
2021-02-17Palo Alto Networks Unit 42Nathaniel Quist
@online{quist:20210217:watchdog:1cd1353, author = {Nathaniel Quist}, title = {{WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years}}, date = {2021-02-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/watchdog-cryptojacking/}, language = {English}, urldate = {2021-02-20} } WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years
2021-02-05Palo Alto Networks Unit 42Nadav Markus, Efi Barkayev, Gal De Leon
@online{markus:20210205:exploits:3fbf70d, author = {Nadav Markus and Efi Barkayev and Gal De Leon}, title = {{Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)}}, date = {2021-02-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2020-25213/}, language = {English}, urldate = {2021-02-09} } Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing
2021-02-03Palo Alto Networks Unit 42Jay Chen, Aviv Sasson, Ariel Zelivansky
@online{chen:20210203:hildegard:f3ca3bc, author = {Jay Chen and Aviv Sasson and Ariel Zelivansky}, title = {{Hildegard: New TeamTNT Malware Targeting Kubernetes}}, date = {2021-02-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/}, language = {English}, urldate = {2021-02-04} } Hildegard: New TeamTNT Malware Targeting Kubernetes
TeamTNT
2021-01-28Palo Alto Networks Unit 42Aviv Sasson
@online{sasson:20210128:proocean:1d9aa09, author = {Aviv Sasson}, title = {{Pro-Ocean: Rocke Group’s New Cryptojacking Malware}}, date = {2021-01-28}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/}, language = {English}, urldate = {2021-01-29} } Pro-Ocean: Rocke Group’s New Cryptojacking Malware
Pro-Ocean
2021-01-19Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210119:wireshark:be0c831, author = {Brad Duncan}, title = {{Wireshark Tutorial: Examining Emotet Infection Traffic}}, date = {2021-01-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-emotet-infection/}, language = {English}, urldate = {2021-01-21} } Wireshark Tutorial: Examining Emotet Infection Traffic
Emotet GootKit IcedID QakBot TrickBot
2021-01-11Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210111:xhunt:20574a1, author = {Robert Falcone}, title = {{xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement}}, date = {2021-01-11}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/}, language = {English}, urldate = {2021-01-18} } xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
2021-01-07Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210107:ta551:6346c62, author = {Brad Duncan}, title = {{TA551: Email Attack Campaign Switches from Valak to IcedID}}, date = {2021-01-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ta551-shathak-icedid/}, language = {English}, urldate = {2021-01-11} } TA551: Email Attack Campaign Switches from Valak to IcedID
IcedID
2020-12-23Palo Alto Networks Unit 42Unit 42
@online{42:20201223:timeline:466b51a, author = {Unit 42}, title = {{A Timeline Perspective of the SolarStorm Supply-Chain Attack}}, date = {2020-12-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline}, language = {English}, urldate = {2020-12-26} } A Timeline Perspective of the SolarStorm Supply-Chain Attack
SUNBURST TEARDROP
2020-12-17Palo Alto Networks Unit 42Matt Tennis
@online{tennis:20201217:supernova:74719e2, author = {Matt Tennis}, title = {{SUPERNOVA: SolarStorm’s Novel .NET Webshell}}, date = {2020-12-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/solarstorm-supernova/}, language = {English}, urldate = {2020-12-18} } SUPERNOVA: SolarStorm’s Novel .NET Webshell
SUPERNOVA
2020-12-14Palo Alto Networks Unit 42Unit 42
@online{42:20201214:threat:032b92d, author = {Unit 42}, title = {{Threat Brief: SolarStorm and SUNBURST Customer Coverage}}, date = {2020-12-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/}, language = {English}, urldate = {2020-12-15} } Threat Brief: SolarStorm and SUNBURST Customer Coverage
Cobalt Strike SUNBURST
2020-12-14Palo Alto Networks Unit 42Unit42
@online{unit42:20201214:pymicropsia:9f0baec, author = {Unit42}, title = {{PyMICROPSIA: New Information-Stealing Trojan from AridViper}}, date = {2020-12-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pymicropsia/}, language = {English}, urldate = {2020-12-15} } PyMICROPSIA: New Information-Stealing Trojan from AridViper
2020-12-10Palo Alto Networks Unit 42Xiao Zhang, Yang Ji, Jim Fitzgerald, Yue Chen, Claud Xiao
@online{zhang:20201210:pgminer:c16e05d, author = {Xiao Zhang and Yang Ji and Jim Fitzgerald and Yue Chen and Claud Xiao}, title = {{PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pgminer-postgresql-cryptocurrency-mining-botnet/}, language = {English}, urldate = {2020-12-11} } PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL
2020-12-10Palo Alto Networks Unit 42Unit42
@online{unit42:20201210:threat:6ac31af, author = {Unit42}, title = {{Threat Brief: FireEye Red Team Tool Breach}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/}, language = {English}, urldate = {2020-12-15} } Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike
2020-12-09Palo Alto Networks Unit 42Yanhui Jia, Chris Navarrete, Haozhe Zhang
@online{jia:20201209:njrat:f7f3b49, author = {Yanhui Jia and Chris Navarrete and Haozhe Zhang}, title = {{njRAT Spreading Through Active Pastebin Command and Control Tunnel}}, date = {2020-12-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control}, language = {English}, urldate = {2020-12-11} } njRAT Spreading Through Active Pastebin Command and Control Tunnel
NjRAT
2020-12-08Palo Alto Networks Unit 42Doel Santos, Brittany Barbehenn, Robert Falcone
@online{santos:20201208:threat:033a653, author = {Doel Santos and Brittany Barbehenn and Robert Falcone}, title = {{Threat Assessment: Egregor Ransomware}}, date = {2020-12-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/}, language = {English}, urldate = {2020-12-09} } Threat Assessment: Egregor Ransomware
Egregor
2020-11-09Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20201109:xhunt:1d9f468, author = {Robert Falcone}, title = {{xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy
2020-11-09Palo Alto Networks Unit 42Jin Chen, Tao Yan, Taojie Wang, Yu Fu
@online{chen:20201109:closer:b1c72cf, author = {Jin Chen and Tao Yan and Taojie Wang and Yu Fu}, title = {{A Closer Look at the Web Skimmer}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/web-skimmer/}, language = {English}, urldate = {2020-11-11} } A Closer Look at the Web Skimmer
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:indicators:1ec9384, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/}, language = {English}, urldate = {2020-11-12} } Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777
Cobalt Strike PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:last:11cf9f2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Last, but Not Least: Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/3}, language = {English}, urldate = {2020-11-12} } Last, but Not Least: Defray777
PyXie RansomEXX