Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-15Palo Alto Networks Unit 42Anna Chung, Swetha Balla
@online{chung:20210915:phishing:15f054e, author = {Anna Chung and Swetha Balla}, title = {{Phishing Eager Travelers}}, date = {2021-09-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/travel-themed-phishing/}, language = {English}, urldate = {2021-09-19} } Phishing Eager Travelers
Dridex
2021-09-10Palo Alto Networks Unit 42Lucas Hu
@online{hu:20210910:phishingjs:289c504, author = {Lucas Hu}, title = {{PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection}}, date = {2021-09-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/javascript-based-phishing/}, language = {English}, urldate = {2021-09-14} } PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection
2021-08-30Palo Alto Networks Unit 42Brock Mammen, Haozhe Zhang
@online{mammen:20210830:new:de3acd2, author = {Brock Mammen and Haozhe Zhang}, title = {{New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)}}, date = {2021-08-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/}, language = {English}, urldate = {2021-08-31} } New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)
Mirai
2021-08-24Palo Alto Networks Unit 42Ruchna Nigam, Doel Santos
@online{nigam:20210824:ransomware:dfd3e4b, author = {Ruchna Nigam and Doel Santos}, title = {{Ransomware Groups to Watch: Emerging Threats}}, date = {2021-08-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emerging-ransomware-groups/}, language = {English}, urldate = {2021-08-24} } Ransomware Groups to Watch: Emerging Threats
HelloKitty AvosLocker HelloKitty hive LockBit
2021-07-30Twitter (@Unit42_Intel)Unit 42
@online{42:20210730:bazarloader:43bdc2c, author = {Unit 42}, title = {{Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability}}, date = {2021-07-30}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1421117403644186629?s=20}, language = {English}, urldate = {2021-08-02} } Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike
2021-07-27Palo Alto Networks Unit 42Mike Harbison, Alex Hinchliffe
@online{harbison:20210727:thor:5d6d793, author = {Mike Harbison and Alex Hinchliffe}, title = {{THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group}}, date = {2021-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thor-plugx-variant/}, language = {English}, urldate = {2021-07-29} } THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX
2021-07-19Palo Alto Networks Unit 42Mark Lim
@online{lim:20210719:evade:51a9e1f, author = {Mark Lim}, title = {{Evade Sandboxes With a Single Bit – the Trap Flag}}, date = {2021-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/single-bit-trap-flag-intel-cpu/}, language = {English}, urldate = {2021-07-26} } Evade Sandboxes With a Single Bit – the Trap Flag
lampion
2021-07-15Palo Alto Networks Unit 42Robert Falcone, Alex Hinchliffe, Quinn Cooke
@online{falcone:20210715:mespinoza:cabb0ab, author = {Robert Falcone and Alex Hinchliffe and Quinn Cooke}, title = {{Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools}}, date = {2021-07-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/}, language = {English}, urldate = {2021-07-20} } Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools
Gasket Mespinoza
2021-07-06paloalto Networks Unit 42John Martineau
@online{martineau:20210706:understanding:b8b39b6, author = {John Martineau}, title = {{Understanding REvil: The Ransomware Gang Behind the Kaseya Attack}}, date = {2021-07-06}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/revil-threat-actors/}, language = {English}, urldate = {2021-07-08} } Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil
2021-07-03Palo Alto Networks Unit 42Unit 42
@online{42:20210703:threat:b329d9c, author = {Unit 42}, title = {{Threat Brief: Kaseya VSA Ransomware Attack}}, date = {2021-07-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-brief-kaseya-vsa-ransomware-attacks/}, language = {English}, urldate = {2021-07-12} } Threat Brief: Kaseya VSA Ransomware Attack
REvil
2021-06-18Palo Alto Networks Unit 42Richard Hickman
@online{hickman:20210618:conti:9b8903f, author = {Richard Hickman}, title = {{Conti Ransomware Gang: An Overview}}, date = {2021-06-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/conti-ransomware-gang/}, language = {English}, urldate = {2021-07-02} } Conti Ransomware Gang: An Overview
Conti
2021-06-16Palo Alto Networks Unit 42Jeff White, Kyle Wilhoit
@online{white:20210616:matanbuchus:e514a4b, author = {Jeff White and Kyle Wilhoit}, title = {{Matanbuchus: Malware-as-a-Service with Demonic Intentions}}, date = {2021-06-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/matanbuchus-malware-as-a-service/}, language = {English}, urldate = {2021-06-21} } Matanbuchus: Malware-as-a-Service with Demonic Intentions
Matanbuchus BelialDemon
2021-06-09Palo Alto Networks Unit 42Doel Santos
@online{santos:20210609:prometheus:e4fdf9e, author = {Doel Santos}, title = {{Prometheus Ransomware Gang: A Group of REvil?}}, date = {2021-06-09}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/prometheus-ransomware/}, language = {English}, urldate = {2021-06-09} } Prometheus Ransomware Gang: A Group of REvil?
Hakbit Prometheus REvil
2021-06-08Palo Alto Networks Unit 42Nathaniel Quist
@online{quist:20210608:teamtnt:87da08d, author = {Nathaniel Quist}, title = {{TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint}}, date = {2021-06-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/teamtnt-cryptojacking-watchdog-operations/}, language = {English}, urldate = {2021-06-09} } TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint
2021-06-07Palo Alto Networks Unit 42Daniel Prizmant
@online{prizmant:20210607:siloscape:b3b03a8, author = {Daniel Prizmant}, title = {{Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments}}, date = {2021-06-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/siloscape/}, language = {English}, urldate = {2021-06-09} } Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
2021-06-04Palo Alto Networks Unit 42Nathaniel Quist
@online{quist:20210604:teamtnt:21e0fe5, author = {Nathaniel Quist}, title = {{TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations}}, date = {2021-06-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments/}, language = {English}, urldate = {2021-06-09} } TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations
2021-05-19Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210519:bazarcall:60c6562, author = {Brad Duncan}, title = {{BazarCall: Call Centers Help Spread BazarLoader Malware}}, date = {2021-05-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bazarloader-malware/}, language = {English}, urldate = {2021-05-20} } BazarCall: Call Centers Help Spread BazarLoader Malware
BazarBackdoor campoloader
2021-05-12Palo Alto Networks Unit 42Ramarcus Baylor
@online{baylor:20210512:darkside:f63c2c2, author = {Ramarcus Baylor}, title = {{DarkSide Ransomware Gang: An Overview}}, date = {2021-05-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/darkside-ransomware/}, language = {English}, urldate = {2021-05-13} } DarkSide Ransomware Gang: An Overview
DarkSide
2021-04-29Palo Alto Networks Unit 42Robert Falcone, Simon Conant
@online{falcone:20210429:new:df553b4, author = {Robert Falcone and Simon Conant}, title = {{New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)}}, date = {2021-04-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/westeal/}, language = {English}, urldate = {2021-05-19} } New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)
WeControl WeSteal
2021-04-15Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210415:actor:8428e3f, author = {Robert Falcone}, title = {{Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials}}, date = {2021-04-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/exchange-server-credential-harvesting/}, language = {English}, urldate = {2021-04-19} } Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
CHINACHOPPER