Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-07Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210107:ta551:6346c62, author = {Brad Duncan}, title = {{TA551: Email Attack Campaign Switches from Valak to IcedID}}, date = {2021-01-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ta551-shathak-icedid/}, language = {English}, urldate = {2021-01-11} } TA551: Email Attack Campaign Switches from Valak to IcedID
IcedID
2020-12-23Palo Alto Networks Unit 42Unit 42
@online{42:20201223:timeline:466b51a, author = {Unit 42}, title = {{A Timeline Perspective of the SolarStorm Supply-Chain Attack}}, date = {2020-12-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline}, language = {English}, urldate = {2020-12-26} } A Timeline Perspective of the SolarStorm Supply-Chain Attack
SUNBURST TEARDROP
2020-12-17Palo Alto Networks Unit 42Matt Tennis
@online{tennis:20201217:supernova:74719e2, author = {Matt Tennis}, title = {{SUPERNOVA: SolarStorm’s Novel .NET Webshell}}, date = {2020-12-17}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/solarstorm-supernova/}, language = {English}, urldate = {2020-12-18} } SUPERNOVA: SolarStorm’s Novel .NET Webshell
SUPERNOVA
2020-12-14Palo Alto Networks Unit 42Unit42
@online{unit42:20201214:pymicropsia:9f0baec, author = {Unit42}, title = {{PyMICROPSIA: New Information-Stealing Trojan from AridViper}}, date = {2020-12-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pymicropsia/}, language = {English}, urldate = {2020-12-15} } PyMICROPSIA: New Information-Stealing Trojan from AridViper
2020-12-14Palo Alto Networks Unit 42Unit 42
@online{42:20201214:threat:032b92d, author = {Unit 42}, title = {{Threat Brief: SolarStorm and SUNBURST Customer Coverage}}, date = {2020-12-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/}, language = {English}, urldate = {2020-12-15} } Threat Brief: SolarStorm and SUNBURST Customer Coverage
Cobalt Strike SUNBURST
2020-12-10Palo Alto Networks Unit 42Xiao Zhang, Yang Ji, Jim Fitzgerald, Yue Chen, Claud Xiao
@online{zhang:20201210:pgminer:c16e05d, author = {Xiao Zhang and Yang Ji and Jim Fitzgerald and Yue Chen and Claud Xiao}, title = {{PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pgminer-postgresql-cryptocurrency-mining-botnet/}, language = {English}, urldate = {2020-12-11} } PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL
2020-12-10Palo Alto Networks Unit 42Unit42
@online{unit42:20201210:threat:6ac31af, author = {Unit42}, title = {{Threat Brief: FireEye Red Team Tool Breach}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/}, language = {English}, urldate = {2020-12-15} } Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike
2020-12-09Palo Alto Networks Unit 42Yanhui Jia, Chris Navarrete, Haozhe Zhang
@online{jia:20201209:njrat:f7f3b49, author = {Yanhui Jia and Chris Navarrete and Haozhe Zhang}, title = {{njRAT Spreading Through Active Pastebin Command and Control Tunnel}}, date = {2020-12-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/njrat-pastebin-command-and-control}, language = {English}, urldate = {2020-12-11} } njRAT Spreading Through Active Pastebin Command and Control Tunnel
NjRAT
2020-12-08Palo Alto Networks Unit 42Doel Santos, Brittany Barbehenn, Robert Falcone
@online{santos:20201208:threat:033a653, author = {Doel Santos and Brittany Barbehenn and Robert Falcone}, title = {{Threat Assessment: Egregor Ransomware}}, date = {2020-12-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/egregor-ransomware-courses-of-action/}, language = {English}, urldate = {2020-12-09} } Threat Assessment: Egregor Ransomware
Egregor
2020-11-09Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20201109:xhunt:1d9f468, author = {Robert Falcone}, title = {{xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/}, language = {English}, urldate = {2020-11-09} } xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control
Snugy
2020-11-09Palo Alto Networks Unit 42Jin Chen, Tao Yan, Taojie Wang, Yu Fu
@online{chen:20201109:closer:b1c72cf, author = {Jin Chen and Tao Yan and Taojie Wang and Yu Fu}, title = {{A Closer Look at the Web Skimmer}}, date = {2020-11-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/web-skimmer/}, language = {English}, urldate = {2020-11-11} } A Closer Look at the Web Skimmer
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:when:8e743b9, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/}, language = {English}, urldate = {2020-11-12} } When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:indicators:1ec9384, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/}, language = {English}, urldate = {2020-11-12} } Indicators of Compromise related to Cobaltstrike, PyXie Lite, Vatet and Defray777
Cobalt Strike PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:last:11cf9f2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Last, but Not Least: Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/3}, language = {English}, urldate = {2020-11-12} } Last, but Not Least: Defray777
PyXie RansomEXX
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:next:c911bb5, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Next Up: “PyXie Lite”}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/2/}, language = {English}, urldate = {2020-11-09} } Next Up: “PyXie Lite”
Defray PyXie
2020-11-06Palo Alto Networks Unit 42Ryan Tracey, Drew Schmitt, CRYPSIS
@online{tracey:20201106:linking:152fbf2, author = {Ryan Tracey and Drew Schmitt and CRYPSIS}, title = {{Linking Vatet, PyXie and Defray777}}, date = {2020-11-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/4}, language = {English}, urldate = {2020-11-12} } Linking Vatet, PyXie and Defray777
PyXie RansomEXX
2020-10-29Palo Alto Networks Unit 42Brittany Barbehenn, Doel Santos, Brad Duncan
@online{barbehenn:20201029:threat:de33a6d, author = {Brittany Barbehenn and Doel Santos and Brad Duncan}, title = {{Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector}}, date = {2020-10-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ryuk-ransomware/}, language = {English}, urldate = {2020-11-02} } Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
Anchor BazarBackdoor Ryuk TrickBot
2020-10-29Palo Alto Networks Unit 42Ruian Duan, Zhanhao Chen, Seokkyung Chung, Janos Szurdi, Jingwei Fan
@online{duan:20201029:domain:413ffab, author = {Ruian Duan and Zhanhao Chen and Seokkyung Chung and Janos Szurdi and Jingwei Fan}, title = {{Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee}}, date = {2020-10-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/domain-parking/}, language = {English}, urldate = {2020-11-02} } Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
Emotet
2020-10-14Palo Alto Networks Unit 42Ken Hsu, Yue Guan, Vaibhav Singhal, Qi Deng
@online{hsu:20201014:two:aa1efb9, author = {Ken Hsu and Yue Guan and Vaibhav Singhal and Qi Deng}, title = {{Two New IoT Vulnerabilities Identified with Mirai Payloads}}, date = {2020-10-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/iot-vulnerabilities-mirai-payloads/}, language = {English}, urldate = {2020-10-23} } Two New IoT Vulnerabilities Identified with Mirai Payloads
Mirai
2020-10-05paloalto Networks Unit 42Nathaniel Quist
@online{quist:20201005:blackt:d09e278, author = {Nathaniel Quist}, title = {{Black-T: New Cryptojacking Variant from TeamTnT}}, date = {2020-10-05}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/}, language = {English}, urldate = {2020-10-08} } Black-T: New Cryptojacking Variant from TeamTnT