Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-09Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20201109:xhunt:1d9f468, author = {Robert Falcone}, title = {{xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy
2020-11-09Palo Alto Networks Unit 42Jin Chen, Tao Yan, Taojie Wang, Yu Fu
@online{chen:20201109:closer:b1c72cf, author = {Jin Chen and Tao Yan and Taojie Wang and Yu Fu}, title = {{A Closer Look at the Web Skimmer}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/web-skimmer/}, language = {English}, urldate = {2020-11-11} } A Closer Look at the Web Skimmer
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:indicators:1ec9384, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/}, language = {English}, urldate = {2020-11-12} } Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777
Cobalt Strike PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:last:11cf9f2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Last, but Not Least: Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/3}, language = {English}, urldate = {2020-11-12} } Last, but Not Least: Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:next:c911bb5, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Next Up: “PyXie Lite”}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/2/}, language = {English}, urldate = {2020-11-09} } Next Up: “PyXie Lite”
Defray PyXie
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:when:8e743b9, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/}, language = {English}, urldate = {2020-11-12} } When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:linking:152fbf2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Linking Vatet, PyXie and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/4}, language = {English}, urldate = {2020-11-12} } Linking Vatet, PyXie and Defray777
PyXie RansomEXX
2020-10-29Palo Alto Networks Unit 42Brittany Barbehenn, Doel Santos, Brad Duncan
@online{barbehenn:20201029:threat:de33a6d, author = {Brittany Barbehenn and Doel Santos and Brad Duncan}, title = {{Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector}}, date = {2020-10-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ryuk-ransomware/}, language = {English}, urldate = {2020-11-02} } Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
Anchor BazarBackdoor Ryuk TrickBot
2020-10-29Palo Alto Networks Unit 42Ruian Duan, Zhanhao Chen, Seokkyung Chung, Janos Szurdi, Jingwei Fan
@online{duan:20201029:domain:413ffab, author = {Ruian Duan and Zhanhao Chen and Seokkyung Chung and Janos Szurdi and Jingwei Fan}, title = {{Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee}}, date = {2020-10-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/domain-parking/}, language = {English}, urldate = {2020-11-02} } Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet
2020-10-14Palo Alto Networks Unit 42Ken Hsu, Yue Guan, Vaibhav Singhal, Qi Deng
@online{hsu:20201014:two:aa1efb9, author = {Ken Hsu and Yue Guan and Vaibhav Singhal and Qi Deng}, title = {{Two New IoT Vulnerabilities Identified with Mirai Payloads}}, date = {2020-10-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/}, language = {English}, urldate = {2020-10-23} } Two New IoT Vulnerabilities Identified with Mirai Payloads
Mirai
2020-09-04Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200904:thanos:b5eb551, author = {Robert Falcone}, title = {{Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa}}, date = {2020-09-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thanos-ransomware/}, language = {English}, urldate = {2020-09-06} } Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
PowGoop Hakbit
2020-08-27Palo Alto Networks Unit 42Aviv Sasson
@online{sasson:20200827:cetus:52c6ea8, author = {Aviv Sasson}, title = {{Cetus: Cryptojacking Worm Targeting Docker Daemons}}, date = {2020-08-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/}, language = {English}, urldate = {2020-08-31} } Cetus: Cryptojacking Worm Targeting Docker Daemons
Cetus
2020-08-21Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20200821:wireshark:d98d5ed, author = {Brad Duncan}, title = {{Wireshark Tutorial: Decrypting HTTPS Traffic}}, date = {2020-08-21}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/}, language = {English}, urldate = {2020-08-25} } Wireshark Tutorial: Decrypting HTTPS Traffic
Dridex
2020-07-24Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20200724:evolution:a372b2b, author = {Brad Duncan}, title = {{Evolution of Valak, from Its Beginnings to Mass Distribution}}, date = {2020-07-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/valak-evolution/}, language = {English}, urldate = {2020-08-05} } Evolution of Valak, from Its Beginnings to Mass Distribution
Valak
2020-07-22Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200722:oilrig:4c26a7f, author = {Robert Falcone}, title = {{OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory}}, date = {2020-07-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/}, language = {English}, urldate = {2020-07-23} } OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
RDAT OilRig
2020-06-24Palo Alto Networks Unit 42Ken Hsu, Durgesh Sangvikar, Zhibin Zhang, Chris Navarrete
@online{hsu:20200624:lucifer:5fc044c, author = {Ken Hsu and Durgesh Sangvikar and Zhibin Zhang and Chris Navarrete}, title = {{Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices}}, date = {2020-06-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/}, language = {English}, urldate = {2020-06-24} } Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Lucifer
2020-05-28Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20200528:goodbye:87a0245, author = {Brad Duncan}, title = {{Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module}}, date = {2020-05-28}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/}, language = {English}, urldate = {2020-05-29} } Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
TrickBot
2020-05-18Palo Alto Networks Unit 42Asher Davila, Yang Ji
@online{davila:20200518:eleethub:d605473, author = {Asher Davila and Yang Ji}, title = {{Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding}}, date = {2020-05-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/los-zetas-from-eleethub-botnet/}, language = {English}, urldate = {2020-05-20} } Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
PerlBot
2020-04-14Palo Alto Networks Unit 42Adrian McCabe, Vicky Ray, Juan Cortes
@online{mccabe:20200414:malicious:9481b60, author = {Adrian McCabe and Vicky Ray and Juan Cortes}, title = {{Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns}}, date = {2020-04-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/}, language = {English}, urldate = {2020-04-14} } Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns
Agent Tesla EDA2
2020-04-13Palo Alto Networks Unit 42Bryan Lee, Robert Falcone, Jen Miller-Osborn
@online{lee:20200413:apt41:fdd4c46, author = {Bryan Lee and Robert Falcone and Jen Miller-Osborn}, title = {{APT41 Using New Speculoos Backdoor to Target Organizations Globally}}, date = {2020-04-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/}, language = {English}, urldate = {2020-04-14} } APT41 Using New Speculoos Backdoor to Target Organizations Globally
Speculoos APT41