Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-27Palo Alto Networks Unit 42Mike Harbison, Alex Hinchliffe
@online{harbison:20210727:thor:5d6d793, author = {Mike Harbison and Alex Hinchliffe}, title = {{THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group}}, date = {2021-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thor-plugx-variant/}, language = {English}, urldate = {2021-07-29} } THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX
2021-07-19Palo Alto Networks Unit 42Mark Lim
@online{lim:20210719:evade:51a9e1f, author = {Mark Lim}, title = {{Evade Sandboxes With a Single Bit – the Trap Flag}}, date = {2021-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/single-bit-trap-flag-intel-cpu/}, language = {English}, urldate = {2021-07-26} } Evade Sandboxes With a Single Bit – the Trap Flag
lampion
2021-07-15Palo Alto Networks Unit 42Robert Falcone, Alex Hinchliffe, Quinn Cooke
@online{falcone:20210715:mespinoza:cabb0ab, author = {Robert Falcone and Alex Hinchliffe and Quinn Cooke}, title = {{Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools}}, date = {2021-07-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/}, language = {English}, urldate = {2021-07-20} } Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools
Gasket Mespinoza
2021-07-03Palo Alto Networks Unit 42Unit 42
@online{42:20210703:threat:b329d9c, author = {Unit 42}, title = {{Threat Brief: Kaseya VSA Ransomware Attack}}, date = {2021-07-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-brief-kaseya-vsa-ransomware-attacks/}, language = {English}, urldate = {2021-07-12} } Threat Brief: Kaseya VSA Ransomware Attack
REvil
2021-06-18Palo Alto Networks Unit 42Richard Hickman
@online{hickman:20210618:conti:9b8903f, author = {Richard Hickman}, title = {{Conti Ransomware Gang: An Overview}}, date = {2021-06-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/conti-ransomware-gang/}, language = {English}, urldate = {2021-07-02} } Conti Ransomware Gang: An Overview
Conti
2021-06-16Palo Alto Networks Unit 42Jeff White, Kyle Wilhoit
@online{white:20210616:matanbuchus:e514a4b, author = {Jeff White and Kyle Wilhoit}, title = {{Matanbuchus: Malware-as-a-Service with Demonic Intentions}}, date = {2021-06-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/matanbuchus-malware-as-a-service/}, language = {English}, urldate = {2021-06-21} } Matanbuchus: Malware-as-a-Service with Demonic Intentions
Matanbuchus BelialDemon
2021-06-09Palo Alto Networks Unit 42Doel Santos
@online{santos:20210609:prometheus:e4fdf9e, author = {Doel Santos}, title = {{Prometheus Ransomware Gang: A Group of REvil?}}, date = {2021-06-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/prometheus-ransomware/}, language = {English}, urldate = {2021-06-09} } Prometheus Ransomware Gang: A Group of REvil?
Hakbit Prometheus REvil
2021-06-08Palo Alto Networks Unit 42Nathaniel Quist
@online{quist:20210608:teamtnt:87da08d, author = {Nathaniel Quist}, title = {{TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint}}, date = {2021-06-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/teamtnt-cryptojacking-watchdog-operations/}, language = {English}, urldate = {2021-06-09} } TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint
2021-06-07Palo Alto Networks Unit 42Daniel Prizmant
@online{prizmant:20210607:siloscape:b3b03a8, author = {Daniel Prizmant}, title = {{Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments}}, date = {2021-06-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/siloscape/}, language = {English}, urldate = {2021-06-09} } Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
2021-06-04Palo Alto Networks Unit 42Nathaniel Quist
@online{quist:20210604:teamtnt:21e0fe5, author = {Nathaniel Quist}, title = {{TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations}}, date = {2021-06-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments/}, language = {English}, urldate = {2021-06-09} } TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations
2021-05-19Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210519:bazarcall:60c6562, author = {Brad Duncan}, title = {{BazarCall: Call Centers Help Spread BazarLoader Malware}}, date = {2021-05-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bazarloader-malware/}, language = {English}, urldate = {2021-05-20} } BazarCall: Call Centers Help Spread BazarLoader Malware
BazarBackdoor campoloader
2021-05-12Palo Alto Networks Unit 42Ramarcus Baylor
@online{baylor:20210512:darkside:f63c2c2, author = {Ramarcus Baylor}, title = {{DarkSide Ransomware Gang: An Overview}}, date = {2021-05-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/darkside-ransomware/}, language = {English}, urldate = {2021-05-13} } DarkSide Ransomware Gang: An Overview
DarkSide
2021-04-29Palo Alto Networks Unit 42Robert Falcone, Simon Conant
@online{falcone:20210429:new:df553b4, author = {Robert Falcone and Simon Conant}, title = {{New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)}}, date = {2021-04-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/westeal/}, language = {English}, urldate = {2021-05-19} } New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)
WeControl WeSteal
2021-04-15Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210415:actor:8428e3f, author = {Robert Falcone}, title = {{Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials}}, date = {2021-04-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/exchange-server-credential-harvesting/}, language = {English}, urldate = {2021-04-19} } Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
CHINACHOPPER
2021-04-13Palo Alto Networks Unit 42Doel Santos
@online{santos:20210413:threat:7154f80, author = {Doel Santos}, title = {{Threat Assessment: Clop Ransomware}}, date = {2021-04-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/clop-ransomware/}, language = {English}, urldate = {2021-04-14} } Threat Assessment: Clop Ransomware
Clop
2021-04-09Palo Alto Networks Unit 42Yanhui Jia, Chris Navarrete
@online{jia:20210409:emotet:c376dd2, author = {Yanhui Jia and Chris Navarrete}, title = {{Emotet Command and Control Case Study}}, date = {2021-04-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emotet-command-and-control/}, language = {English}, urldate = {2021-04-12} } Emotet Command and Control Case Study
Emotet
2021-04-08Palo Alto Networks Unit 42Ken Hsu, Vaibhav Singhal, Ashutosh Chitwadgi
@online{hsu:20210408:attackers:c68051d, author = {Ken Hsu and Vaibhav Singhal and Ashutosh Chitwadgi}, title = {{Attackers Conducting Cryptojacking Operation Against U.S. Education Organizations}}, date = {2021-04-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/attackers-conducting-cryptojacking-u-s-education-organizations/}, language = {English}, urldate = {2021-04-12} } Attackers Conducting Cryptojacking Operation Against U.S. Education Organizations
2021-04-07Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210407:wireshark:3c806d8, author = {Brad Duncan}, title = {{Wireshark Tutorial: Examining Traffic from Hancitor Infections}}, date = {2021-04-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-hancitor-followup-malware/}, language = {English}, urldate = {2021-04-12} } Wireshark Tutorial: Examining Traffic from Hancitor Infections
Hancitor
2021-04-05Palo Alto Networks Unit 42Ashutosh Chitwadgi, Ashkan Hosseini
@online{chitwadgi:20210405:2020:cc3fe6d, author = {Ashutosh Chitwadgi and Ashkan Hosseini}, title = {{2020 Phishing Trends With PDF Files}}, date = {2021-04-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files/}, language = {English}, urldate = {2021-04-12} } 2020 Phishing Trends With PDF Files
2021-04-01Palo Alto Networks Unit 42Vijay Prakash, Brad Duncan
@online{prakash:20210401:wireshark:4778091, author = {Vijay Prakash and Brad Duncan}, title = {{Wireshark Tutorial: Decrypting RDP Traffic}}, date = {2021-04-01}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-rdp-traffic/}, language = {English}, urldate = {2021-04-09} } Wireshark Tutorial: Decrypting RDP Traffic