Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-16Palo Alto Networks Unit 42Frank Lee, Scott Roland
@online{lee:20230316:beeware:1ad83b4, author = {Frank Lee and Scott Roland}, title = {{Bee-Ware of Trigona, An Emerging Ransomware Strain}}, date = {2023-03-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trigona-ransomware-update/}, language = {English}, urldate = {2023-03-20} } Bee-Ware of Trigona, An Emerging Ransomware Strain
Cryakl MimiKatz Trigona
2023-01-26Palo Alto Networks Unit 42Mike Harbison, Jen Miller-Osborn
@online{harbison:20230126:chinese:a83622f, author = {Mike Harbison and Jen Miller-Osborn}, title = {{Chinese PlugX Malware Hidden in Your USB Devices?}}, date = {2023-01-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/}, language = {English}, urldate = {2023-01-27} } Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2023-01-18Palo Alto Networks Unit 42Unit42
@online{unit42:20230118:chinese:65e6e4b, author = {Unit42}, title = {{Chinese Playful Taurus Activity in Iran}}, date = {2023-01-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/playful-taurus/}, language = {English}, urldate = {2023-01-23} } Chinese Playful Taurus Activity in Iran
turian
2022-12-27Palo Alto Networks Unit 42Esmid Idrizovic, Bob Jung, Daniel Raygoza, Sean Hughes
@online{idrizovic:20221227:navigating:4cd52c5, author = {Esmid Idrizovic and Bob Jung and Daniel Raygoza and Sean Hughes}, title = {{Navigating the Vast Ocean of Sandbox Evasions}}, date = {2022-12-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection/}, language = {English}, urldate = {2022-12-29} } Navigating the Vast Ocean of Sandbox Evasions
TrickBot Zebrocy
2022-12-20Palo Alto Networks Unit 42Unit42
@online{unit42:20221220:russias:75dec0c, author = {Unit42}, title = {{Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine}}, date = {2022-12-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trident-ursa/}, language = {English}, urldate = {2023-01-25} } Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Unidentified VBS 005 (Telegram Loader)
2022-12-12Palo Alto Networks Unit 42Oz Soprin, Shachar Roitman
@online{soprin:20221212:precious:3aff93e, author = {Oz Soprin and Shachar Roitman}, title = {{Precious Gemstones: The New Generation of Kerberos Attacks}}, date = {2022-12-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/next-gen-kerberos-attacks/}, language = {English}, urldate = {2023-02-17} } Precious Gemstones: The New Generation of Kerberos Attacks
2022-12-08Palo Alto Networks Unit 42Dror Alon
@online{alon:20221208:compromised:08b9dac, author = {Dror Alon}, title = {{Compromised Cloud Compute Credentials: Case Studies From the Wild}}, date = {2022-12-08}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/}, language = {English}, urldate = {2022-12-13} } Compromised Cloud Compute Credentials: Case Studies From the Wild
2022-12-02Palo Alto Networks Unit 42Dominik Reichel, Esmid Idrizovic, Bob Jung
@online{reichel:20221202:blowing:0698d7a, author = {Dominik Reichel and Esmid Idrizovic and Bob Jung}, title = {{Blowing Cobalt Strike Out of the Water With Memory Analysis}}, date = {2022-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/}, language = {English}, urldate = {2022-12-05} } Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike
2022-11-21Palo Alto Networks Unit 42Kristopher Russo
@online{russo:20221121:threat:86205c7, author = {Kristopher Russo}, title = {{Threat Assessment: Luna Moth Callback Phishing Campaign}}, date = {2022-11-21}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/}, language = {English}, urldate = {2022-11-25} } Threat Assessment: Luna Moth Callback Phishing Campaign
BazarBackdoor Conti
2022-11-18Palo Alto Networks Unit 42Akshata Rao, Zong-Yu Wu, Wenjun Hu
@online{rao:20221118:ai:33376a7, author = {Akshata Rao and Zong-Yu Wu and Wenjun Hu}, title = {{An AI Based Solution to Detecting the DoubleZero .NET Wiper}}, date = {2022-11-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/doublezero-net-wiper/}, language = {English}, urldate = {2022-11-25} } An AI Based Solution to Detecting the DoubleZero .NET Wiper
DoubleZero
2022-09-27Palo Alto Networks Unit 42Mark Lim
@online{lim:20220927:more:5992cc3, author = {Mark Lim}, title = {{More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID}}, date = {2022-09-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/}, language = {English}, urldate = {2022-09-30} } More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
PhotoLoader
2022-09-26Palo Alto Networks Unit 42Daniela Shalev, Itay Gamliel
@online{shalev:20220926:hunting:3489fdb, author = {Daniela Shalev and Itay Gamliel}, title = {{Hunting for Unsigned DLLs to Find APTs}}, date = {2022-09-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unsigned-dlls/}, language = {English}, urldate = {2022-09-30} } Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak
2022-09-16Palo Alto Networks Unit 42Jin Chen, Lei Xu, Andrew Guan, Zhibin Zhang, Yu Fu
@online{chen:20220916:zeroday:4a1fc29, author = {Jin Chen and Lei Xu and Andrew Guan and Zhibin Zhang and Yu Fu}, title = {{Zero-Day Exploit Detection Using Machine Learning}}, date = {2022-09-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/injection-detection-machine-learning/}, language = {English}, urldate = {2022-09-30} } Zero-Day Exploit Detection Using Machine Learning
2022-09-13Palo Alto Networks Unit 42Jeff White
@online{white:20220913:originlogger:92a4758, author = {Jeff White}, title = {{OriginLogger: A Look at Agent Tesla’s Successor}}, date = {2022-09-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/originlogger/}, language = {English}, urldate = {2022-09-16} } OriginLogger: A Look at Agent Tesla’s Successor
Agent Tesla OriginLogger
2022-09-06Palo Alto Networks Unit 42Chao Lei, Zhibin Zhang, Cecilia Hu, Aveek Das
@online{lei:20220906:mirai:7fbf864, author = {Chao Lei and Zhibin Zhang and Cecilia Hu and Aveek Das}, title = {{Mirai Variant MooBot Targeting D-Link Devices}}, date = {2022-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/moobot-d-link-devices/}, language = {English}, urldate = {2022-09-16} } Mirai Variant MooBot Targeting D-Link Devices
MooBot Mirai
2022-08-29Palo Alto Networks Unit 42Janos Szurdi
@online{szurdi:20220829:tor:0d33ef9, author = {Janos Szurdi}, title = {{Tor 101: How Tor Works and its Risks to the Enterprise}}, date = {2022-08-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/tor-traffic-enterprise-networks/}, language = {English}, urldate = {2022-09-20} } Tor 101: How Tor Works and its Risks to the Enterprise
2022-08-25Palo Alto Networks Unit 42Amer Elsad
@online{elsad:20220825:threat:b1026e7, author = {Amer Elsad}, title = {{Threat Assessment: Black Basta Ransomware}}, date = {2022-08-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware}, language = {English}, urldate = {2022-08-30} } Threat Assessment: Black Basta Ransomware
Black Basta
2022-08-25Palo Alto Networks Unit 42Amer Elsad
@online{elsad:20220825:threat:b3514ed, author = {Amer Elsad}, title = {{Threat Assessment: Black Basta Ransomware}}, date = {2022-08-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware/}, language = {English}, urldate = {2022-10-05} } Threat Assessment: Black Basta Ransomware
Black Basta QakBot
2022-08-23Palo Alto Networks Unit 42Lucas Hu
@online{hu:20220823:legitimate:5496feb, author = {Lucas Hu}, title = {{Legitimate SaaS Platforms Being Used to Host Phishing Attacks}}, date = {2022-08-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/platform-abuse-phishing/}, language = {English}, urldate = {2022-09-20} } Legitimate SaaS Platforms Being Used to Host Phishing Attacks
2022-08-10Palo Alto Networks Unit 42Muhammad Umer Khan, Lee Wei, Yang Ji, Wenjun Hu
@online{khan:20220810:bluesky:a8e0325, author = {Muhammad Umer Khan and Lee Wei and Yang Ji and Wenjun Hu}, title = {{BlueSky Ransomware: Fast Encryption via Multithreading}}, date = {2022-08-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bluesky-ransomware/}, language = {English}, urldate = {2022-09-06} } BlueSky Ransomware: Fast Encryption via Multithreading
BlueSky RedLine Stealer