Click here to download all references as Bib-File.
| 2021-04-15 ⋅ Palo Alto Networks Unit 42 ⋅ Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials CHINACHOPPER |
| 2021-01-11 ⋅ Palo Alto Networks Unit 42 ⋅ xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement |
| 2020-12-08 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Assessment: Egregor Ransomware Egregor |
| 2020-11-09 ⋅ Palo Alto Networks Unit 42 ⋅ xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control Snugy |
| 2020-09-04 ⋅ Palo Alto Networks Unit 42 ⋅ Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa PowGoop Hakbit |
| 2020-07-22 ⋅ Palo Alto Networks Unit 42 ⋅ OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory RDAT OilRig |
| 2020-04-13 ⋅ Palo Alto Networks Unit 42 ⋅ APT41 Using New Speculoos Backdoor to Target Organizations Globally Speculoos APT41 |
| 2020-03-03 ⋅ Palo Alto Networks Unit 42 ⋅ Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations Downeks JhoneRAT Molerat Loader Spark |
| 2020-01-27 ⋅ Palo Alto Networks Unit 42 ⋅ xHunt Campaign: New Watering Hole Identified for Credential Harvesting |
| 2019-12-04 ⋅ Palo Alto Networks Unit 42 ⋅ xHunt Campaign: xHunt Actor’s Cheat Sheet |
| 2019-10-10 ⋅ Palo Alto Networks Unit 42 ⋅ xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection CASHY200 |
| 2019-09-23 ⋅ Palo Alto Networks Unit 42 ⋅ xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations Hisoka |
| 2019-07-08 ⋅ SANS ⋅ Hunting Webshells: Tracking TwoFace TwoFace |
| 2019-05-28 ⋅ Palo Alto Networks Unit 42 ⋅ Emissary Panda Attacks Middle East Government Sharepoint Servers CHINACHOPPER HyperSSL |
| 2019-04-30 ⋅ Palo Alto Networks Unit 42 ⋅ Behind the Scenes with OilRig BONDUPDATER |
| 2019-04-17 ⋅ Palo Alto Networks Unit 42 ⋅ Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign The Gorgon Group |
| 2019-04-16 ⋅ DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent |
| 2019-03-04 ⋅ Palo Alto Networks Unit 42 ⋅ New Python-Based Payload MechaFlounder Used by Chafer APT39 |
| 2019-02-13 ⋅ Youtube (SANS Digital Forensics & Incident Response) ⋅ Hunting Webshells: Tracking TwoFace - SANS Threat Hunting Summit 2018 TwoFace |
| 2019-01-08 ⋅ paloalto Netoworks: Unit42 ⋅ DarkHydrus delivers new Trojan that can use Google Drive for C2 communications RogueRobinNET DarkHydrus |