Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-12-02Palo Alto Networks Unit 42Dominik Reichel, Esmid Idrizovic, Bob Jung
@online{reichel:20221202:blowing:0698d7a, author = {Dominik Reichel and Esmid Idrizovic and Bob Jung}, title = {{Blowing Cobalt Strike Out of the Water With Memory Analysis}}, date = {2022-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/}, language = {English}, urldate = {2022-12-05} } Blowing Cobalt Strike Out of the Water With Memory Analysis
Cobalt Strike
2022-11-21Palo Alto Networks Unit 42Kristopher Russo
@online{russo:20221121:threat:86205c7, author = {Kristopher Russo}, title = {{Threat Assessment: Luna Moth Callback Phishing Campaign}}, date = {2022-11-21}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/}, language = {English}, urldate = {2022-11-25} } Threat Assessment: Luna Moth Callback Phishing Campaign
BazarBackdoor Conti
2022-11-18Palo Alto Networks Unit 42Akshata Rao, Zong-Yu Wu, Wenjun Hu
@online{rao:20221118:ai:33376a7, author = {Akshata Rao and Zong-Yu Wu and Wenjun Hu}, title = {{An AI Based Solution to Detecting the DoubleZero .NET Wiper}}, date = {2022-11-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/doublezero-net-wiper/}, language = {English}, urldate = {2022-11-25} } An AI Based Solution to Detecting the DoubleZero .NET Wiper
DoubleZero
2022-09-27Palo Alto Networks Unit 42Mark Lim
@online{lim:20220927:more:5992cc3, author = {Mark Lim}, title = {{More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID}}, date = {2022-09-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/}, language = {English}, urldate = {2022-09-30} } More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID
PhotoLoader
2022-09-26Palo Alto Networks Unit 42Daniela Shalev, Itay Gamliel
@online{shalev:20220926:hunting:3489fdb, author = {Daniela Shalev and Itay Gamliel}, title = {{Hunting for Unsigned DLLs to Find APTs}}, date = {2022-09-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unsigned-dlls/}, language = {English}, urldate = {2022-09-30} } Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak
2022-09-16Palo Alto Networks Unit 42Jin Chen, Lei Xu, Andrew Guan, Zhibin Zhang, Yu Fu
@online{chen:20220916:zeroday:4a1fc29, author = {Jin Chen and Lei Xu and Andrew Guan and Zhibin Zhang and Yu Fu}, title = {{Zero-Day Exploit Detection Using Machine Learning}}, date = {2022-09-16}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/injection-detection-machine-learning/}, language = {English}, urldate = {2022-09-30} } Zero-Day Exploit Detection Using Machine Learning
2022-09-13Palo Alto Networks Unit 42Jeff White
@online{white:20220913:originlogger:92a4758, author = {Jeff White}, title = {{OriginLogger: A Look at Agent Tesla’s Successor}}, date = {2022-09-13}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/originlogger/}, language = {English}, urldate = {2022-09-16} } OriginLogger: A Look at Agent Tesla’s Successor
Agent Tesla OriginLogger
2022-09-06Palo Alto Networks Unit 42Chao Lei, Zhibin Zhang, Cecilia Hu, Aveek Das
@online{lei:20220906:mirai:7fbf864, author = {Chao Lei and Zhibin Zhang and Cecilia Hu and Aveek Das}, title = {{Mirai Variant MooBot Targeting D-Link Devices}}, date = {2022-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/moobot-d-link-devices/}, language = {English}, urldate = {2022-09-16} } Mirai Variant MooBot Targeting D-Link Devices
MooBot Mirai
2022-08-29Palo Alto Networks Unit 42Janos Szurdi
@online{szurdi:20220829:tor:0d33ef9, author = {Janos Szurdi}, title = {{Tor 101: How Tor Works and its Risks to the Enterprise}}, date = {2022-08-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/tor-traffic-enterprise-networks/}, language = {English}, urldate = {2022-09-20} } Tor 101: How Tor Works and its Risks to the Enterprise
2022-08-25Palo Alto Networks Unit 42Amer Elsad
@online{elsad:20220825:threat:b1026e7, author = {Amer Elsad}, title = {{Threat Assessment: Black Basta Ransomware}}, date = {2022-08-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware}, language = {English}, urldate = {2022-08-30} } Threat Assessment: Black Basta Ransomware
Black Basta
2022-08-25Palo Alto Networks Unit 42Amer Elsad
@online{elsad:20220825:threat:b3514ed, author = {Amer Elsad}, title = {{Threat Assessment: Black Basta Ransomware}}, date = {2022-08-25}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware/}, language = {English}, urldate = {2022-10-05} } Threat Assessment: Black Basta Ransomware
Black Basta QakBot
2022-08-23Palo Alto Networks Unit 42Lucas Hu
@online{hu:20220823:legitimate:5496feb, author = {Lucas Hu}, title = {{Legitimate SaaS Platforms Being Used to Host Phishing Attacks}}, date = {2022-08-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/platform-abuse-phishing/}, language = {English}, urldate = {2022-09-20} } Legitimate SaaS Platforms Being Used to Host Phishing Attacks
2022-08-10Palo Alto Networks Unit 42Muhammad Umer Khan, Lee Wei, Yang Ji, Wenjun Hu
@online{khan:20220810:bluesky:a8e0325, author = {Muhammad Umer Khan and Lee Wei and Yang Ji and Wenjun Hu}, title = {{BlueSky Ransomware: Fast Encryption via Multithreading}}, date = {2022-08-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bluesky-ransomware/}, language = {English}, urldate = {2022-09-06} } BlueSky Ransomware: Fast Encryption via Multithreading
BlueSky RedLine Stealer
2022-08-10Palo Alto Networks Unit 42Anthony Galiette, Daniel Bunce, Doel Santos, Shawn Westfall
@online{galiette:20220810:novel:9849ff4, author = {Anthony Galiette and Daniel Bunce and Doel Santos and Shawn Westfall}, title = {{Novel News on Cuba Ransomware: Greetings From Tropical Scorpius}}, date = {2022-08-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/}, language = {English}, urldate = {2022-08-11} } Novel News on Cuba Ransomware: Greetings From Tropical Scorpius
Cuba ROMCOM RAT
2022-08-03Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20220803:flight:a8efd82, author = {Brad Duncan}, title = {{Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware}}, date = {2022-08-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bumblebee-malware-projector-libra/}, language = {English}, urldate = {2022-08-08} } Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
BazarBackdoor BumbleBee Cobalt Strike Conti
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:iron:f7586c5, author = {Unit 42}, title = {{Iron Taurus}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/iron-taurus/}, language = {English}, urldate = {2022-07-29} } Iron Taurus
CHINACHOPPER Ghost RAT Wonknu ZXShell APT27
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:granite:aaa5c01, author = {Unit 42}, title = {{Granite Taurus}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/granite-taurus}, language = {English}, urldate = {2022-08-30} } Granite Taurus
APT10
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:trident:310d54a, author = {Unit 42}, title = {{Trident Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/tridentursa}, language = {English}, urldate = {2022-08-25} } Trident Ursa
Gamaredon Group