Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-09Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20201109:xhunt:1d9f468, author = {Robert Falcone}, title = {{xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy
2020-09-04Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200904:thanos:b5eb551, author = {Robert Falcone}, title = {{Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa}}, date = {2020-09-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thanos-ransomware/}, language = {English}, urldate = {2020-09-06} } Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
PowGoop Hakbit
2020-07-22Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200722:oilrig:4c26a7f, author = {Robert Falcone}, title = {{OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory}}, date = {2020-07-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/}, language = {English}, urldate = {2020-07-23} } OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
RDAT OilRig
2020-04-13Palo Alto Networks Unit 42Bryan Lee, Robert Falcone, Jen Miller-Osborn
@online{lee:20200413:apt41:fdd4c46, author = {Bryan Lee and Robert Falcone and Jen Miller-Osborn}, title = {{APT41 Using New Speculoos Backdoor to Target Organizations Globally}}, date = {2020-04-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/}, language = {English}, urldate = {2020-04-14} } APT41 Using New Speculoos Backdoor to Target Organizations Globally
Speculoos APT41
2020-03-03Palo Alto Networks Unit 42Robert Falcone, Bryan Lee, Alex Hinchliffe
@online{falcone:20200303:molerats:990b000, author = {Robert Falcone and Bryan Lee and Alex Hinchliffe}, title = {{Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations}}, date = {2020-03-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/}, language = {English}, urldate = {2020-03-03} } Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
Downeks JhoneRAT Molerat Loader Spark
2020-01-27Palo Alto Networks Unit 42Robert Falcone, Brittany Barbehenn
@online{falcone:20200127:xhunt:9d0527b, author = {Robert Falcone and Brittany Barbehenn}, title = {{xHunt Campaign: New Watering Hole Identified for Credential Harvesting}}, date = {2020-01-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-new-watering-hole-identified-for-credential-harvesting/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: New Watering Hole Identified for Credential Harvesting
2019-12-04Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20191204:xhunt:9f95e2e, author = {Robert Falcone}, title = {{xHunt Campaign: xHunt Actor’s Cheat Sheet}}, date = {2019-12-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-actors-cheat-sheet/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: xHunt Actor’s Cheat Sheet
2019-10-10Palo Alto Networks Unit 42Robert Falcone, Brittany Barbehenn
@online{falcone:20191010:xhunt:df8aa36, author = {Robert Falcone and Brittany Barbehenn}, title = {{xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection}}, date = {2019-10-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/}, language = {English}, urldate = {2020-11-11} } xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection
CASHY200
2019-09-23Palo Alto Networks Unit 42Robert Falcone, Brittany Barbehenn
@online{falcone:20190923:xhunt:7d50e81, author = {Robert Falcone and Brittany Barbehenn}, title = {{xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations}}, date = {2019-09-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
Hisoka
2019-07-08SANSJosh M. Bryant, Robert Falcone
@techreport{bryant:20190708:hunting:7ce53d5, author = {Josh M. Bryant and Robert Falcone}, title = {{Hunting Webshells: Tracking TwoFace}}, date = {2019-07-08}, institution = {SANS}, url = {https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536345486.pdf}, language = {English}, urldate = {2020-01-09} } Hunting Webshells: Tracking TwoFace
TwoFace
2019-05-28Palo Alto Networks Unit 42Robert Falcone, Tom Lancaster
@online{falcone:20190528:emissary:dc0f942, author = {Robert Falcone and Tom Lancaster}, title = {{Emissary Panda Attacks Middle East Government Sharepoint Servers}}, date = {2019-05-28}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/}, language = {English}, urldate = {2020-01-09} } Emissary Panda Attacks Middle East Government Sharepoint Servers
CHINACHOPPER Unidentified 060
2019-04-30Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
@online{lee:20190430:behind:01b3010, author = {Bryan Lee and Robert Falcone}, title = {{Behind the Scenes with OilRig}}, date = {2019-04-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/}, language = {English}, urldate = {2020-01-06} } Behind the Scenes with OilRig
BONDUPDATER
2019-04-17Palo Alto Networks Unit 42Robert Falcone, Brittany Ash
@online{falcone:20190417:aggah:f17c88f, author = {Robert Falcone and Brittany Ash}, title = {{Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign}}, date = {2019-04-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/}, language = {English}, urldate = {2020-01-07} } Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
The Gorgon Group
2019-04-16Robert Falcone
@online{falcone:20190416:dns:fed953e, author = {Robert Falcone}, title = {{DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling}}, date = {2019-04-16}, url = {https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/}, language = {English}, urldate = {2019-12-03} } DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent
2019-03-04Palo Alto Networks Unit 42Robert Falcone, Brittany Ash
@online{falcone:20190304:new:5bf1cea, author = {Robert Falcone and Brittany Ash}, title = {{New Python-Based Payload MechaFlounder Used by Chafer}}, date = {2019-03-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/}, language = {English}, urldate = {2019-12-24} } New Python-Based Payload MechaFlounder Used by Chafer
APT39
2019-02-13Youtube (SANS Digital Forensics & Incident Response)Josh Bryant, Robert Falcone
@online{bryant:20190213:hunting:8c671bf, author = {Josh Bryant and Robert Falcone}, title = {{Hunting Webshells: Tracking TwoFace - SANS Threat Hunting Summit 2018}}, date = {2019-02-13}, organization = {Youtube (SANS Digital Forensics & Incident Response)}, url = {https://www.youtube.com/watch?v=GjquFKa4afU}, language = {English}, urldate = {2020-01-13} } Hunting Webshells: Tracking TwoFace - SANS Threat Hunting Summit 2018
TwoFace
2019-01-08paloalto Netoworks: Unit42Robert Falcone, Bryan Lee
@online{falcone:20190108:darkhydrus:3996fa4, author = {Robert Falcone and Bryan Lee}, title = {{DarkHydrus delivers new Trojan that can use Google Drive for C2 communications}}, date = {2019-01-08}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/}, language = {English}, urldate = {2020-01-07} } DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
RogueRobinNET DarkHydrus
2018-12-18paloalto Networks Unit 42Robert Falcone
@online{falcone:20181218:sofacy:3573b82, author = {Robert Falcone}, title = {{Sofacy Creates New ‘Go’ Variant of Zebrocy Tool}}, date = {2018-12-18}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/sofacy-creates-new-go-variant-of-zebrocy-tool/}, language = {English}, urldate = {2020-01-07} } Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
Zebrocy
2018-12-13Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20181213:shamoon:1623fe7, author = {Robert Falcone}, title = {{Shamoon 3 Targets Oil and Gas Organization}}, date = {2018-12-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/}, language = {English}, urldate = {2020-01-10} } Shamoon 3 Targets Oil and Gas Organization
DistTrack
2018-12-12Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
@online{lee:20181212:dear:0d9a44e, author = {Bryan Lee and Robert Falcone}, title = {{Dear Joohn: The Sofacy Group’s Global Campaign}}, date = {2018-12-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/}, language = {English}, urldate = {2020-01-08} } Dear Joohn: The Sofacy Group’s Global Campaign
Sofacy