Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-15Palo Alto Networks Unit 42Robert Falcone, Alex Hinchliffe, Quinn Cooke
@online{falcone:20210715:mespinoza:cabb0ab, author = {Robert Falcone and Alex Hinchliffe and Quinn Cooke}, title = {{Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools}}, date = {2021-07-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/}, language = {English}, urldate = {2021-07-20} } Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools
Gasket Mespinoza
2021-04-29Palo Alto Networks Unit 42Robert Falcone, Simon Conant
@online{falcone:20210429:new:df553b4, author = {Robert Falcone and Simon Conant}, title = {{New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)}}, date = {2021-04-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/westeal/}, language = {English}, urldate = {2021-05-19} } New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)
WeControl WeSteal
2021-04-15Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210415:actor:8428e3f, author = {Robert Falcone}, title = {{Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials}}, date = {2021-04-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/exchange-server-credential-harvesting/}, language = {English}, urldate = {2021-04-19} } Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
CHINACHOPPER
2021-01-11Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210111:xhunt:20574a1, author = {Robert Falcone}, title = {{xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement}}, date = {2021-01-11}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-webshell-xhunt-campaign/}, language = {English}, urldate = {2021-01-18} } xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
2020-12-08Palo Alto Networks Unit 42Doel Santos, Brittany Barbehenn, Robert Falcone
@online{santos:20201208:threat:033a653, author = {Doel Santos and Brittany Barbehenn and Robert Falcone}, title = {{Threat Assessment: Egregor Ransomware}}, date = {2020-12-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/}, language = {English}, urldate = {2020-12-09} } Threat Assessment: Egregor Ransomware
Egregor
2020-11-09Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20201109:xhunt:1d9f468, author = {Robert Falcone}, title = {{xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy
2020-09-04Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200904:thanos:b5eb551, author = {Robert Falcone}, title = {{Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa}}, date = {2020-09-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thanos-ransomware/}, language = {English}, urldate = {2020-09-06} } Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
PowGoop Hakbit
2020-07-30Palo Alto Networks Unit 42Alex Hinchliffe, Doel Santos, Adrian McCabe, Robert Falcone
@online{hinchliffe:20200730:threat:e1b5ad9, author = {Alex Hinchliffe and Doel Santos and Adrian McCabe and Robert Falcone}, title = {{Threat Assessment: WastedLocker Ransomware}}, date = {2020-07-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/wastedlocker/}, language = {English}, urldate = {2021-06-09} } Threat Assessment: WastedLocker Ransomware
WastedLocker
2020-07-22Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200722:oilrig:4c26a7f, author = {Robert Falcone}, title = {{OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory}}, date = {2020-07-22}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/}, language = {English}, urldate = {2020-07-23} } OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
RDAT OilRig
2020-04-13Palo Alto Networks Unit 42Bryan Lee, Robert Falcone, Jen Miller-Osborn
@online{lee:20200413:apt41:fdd4c46, author = {Bryan Lee and Robert Falcone and Jen Miller-Osborn}, title = {{APT41 Using New Speculoos Backdoor to Target Organizations Globally}}, date = {2020-04-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/}, language = {English}, urldate = {2020-04-14} } APT41 Using New Speculoos Backdoor to Target Organizations Globally
Speculoos APT41
2020-03-03Palo Alto Networks Unit 42Robert Falcone, Bryan Lee, Alex Hinchliffe
@online{falcone:20200303:molerats:990b000, author = {Robert Falcone and Bryan Lee and Alex Hinchliffe}, title = {{Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations}}, date = {2020-03-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/}, language = {English}, urldate = {2020-03-03} } Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
Downeks JhoneRAT Molerat Loader Spark
2020-01-27Palo Alto Networks Unit 42Robert Falcone, Brittany Barbehenn
@online{falcone:20200127:xhunt:9d0527b, author = {Robert Falcone and Brittany Barbehenn}, title = {{xHunt Campaign: New Watering Hole Identified for Credential Harvesting}}, date = {2020-01-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-new-watering-hole-identified-for-credential-harvesting/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: New Watering Hole Identified for Credential Harvesting
2019-12-04Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20191204:xhunt:9f95e2e, author = {Robert Falcone}, title = {{xHunt Campaign: xHunt Actor’s Cheat Sheet}}, date = {2019-12-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-actors-cheat-sheet/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: xHunt Actor’s Cheat Sheet
2019-10-10Palo Alto Networks Unit 42Robert Falcone, Brittany Barbehenn
@online{falcone:20191010:xhunt:df8aa36, author = {Robert Falcone and Brittany Barbehenn}, title = {{xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection}}, date = {2019-10-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/more-xhunt-new-powershell-backdoor-blocked-through-dns-tunnel-detection/}, language = {English}, urldate = {2020-11-11} } xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection
CASHY200
2019-09-23Palo Alto Networks Unit 42Robert Falcone, Brittany Barbehenn
@online{falcone:20190923:xhunt:7d50e81, author = {Robert Falcone and Brittany Barbehenn}, title = {{xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations}}, date = {2019-09-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations
Hisoka
2019-07-08SANSJosh M. Bryant, Robert Falcone
@techreport{bryant:20190708:hunting:7ce53d5, author = {Josh M. Bryant and Robert Falcone}, title = {{Hunting Webshells: Tracking TwoFace}}, date = {2019-07-08}, institution = {SANS}, url = {https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1536345486.pdf}, language = {English}, urldate = {2020-01-09} } Hunting Webshells: Tracking TwoFace
TwoFace
2019-05-28Palo Alto Networks Unit 42Robert Falcone, Tom Lancaster
@online{falcone:20190528:emissary:dc0f942, author = {Robert Falcone and Tom Lancaster}, title = {{Emissary Panda Attacks Middle East Government Sharepoint Servers}}, date = {2019-05-28}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/}, language = {English}, urldate = {2021-04-16} } Emissary Panda Attacks Middle East Government Sharepoint Servers
CHINACHOPPER HyperSSL
2019-04-30Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
@online{lee:20190430:behind:01b3010, author = {Bryan Lee and Robert Falcone}, title = {{Behind the Scenes with OilRig}}, date = {2019-04-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/}, language = {English}, urldate = {2020-01-06} } Behind the Scenes with OilRig
BONDUPDATER
2019-04-17Palo Alto Networks Unit 42Robert Falcone, Brittany Ash
@online{falcone:20190417:aggah:f17c88f, author = {Robert Falcone and Brittany Ash}, title = {{Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign}}, date = {2019-04-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/}, language = {English}, urldate = {2020-01-07} } Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
The Gorgon Group
2019-04-16Robert Falcone
@online{falcone:20190416:dns:fed953e, author = {Robert Falcone}, title = {{DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling}}, date = {2019-04-16}, url = {https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/}, language = {English}, urldate = {2019-12-03} } DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent