Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-20Palo Alto Networks Unit 42Robert Falcone, Mike Harbison, Josh Grunzweig
@online{falcone:20220120:threat:4aad471, author = {Robert Falcone and Mike Harbison and Josh Grunzweig}, title = {{Threat Brief: Ongoing Russia and Ukraine Cyber Conflict}}, date = {2022-01-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/}, language = {English}, urldate = {2022-01-24} } Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
WhisperGate
2021-12-29Palo Alto Networks Unit 42Zhanhao Chen, Daiping Liu, Wanjin Li, Jielong Xu
@online{chen:20211229:strategically:0d2fa74, author = {Zhanhao Chen and Daiping Liu and Wanjin Li and Jielong Xu}, title = {{Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends}}, date = {2021-12-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/}, language = {English}, urldate = {2022-01-05} } Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
Chrysaor SUNBURST
2021-12-02Palo Alto Networks Unit 42Robert Falcone, Peter Renals
@online{falcone:20211202:expands:dfaebce, author = {Robert Falcone and Peter Renals}, title = {{APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus}}, date = {2021-12-02}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/}, language = {English}, urldate = {2021-12-02} } APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Godzilla Webshell
2021-11-17Twitter (@Unit42_Intel)Unit 42
@online{42:20211117:matanbuchus:9e3556c, author = {Unit 42}, title = {{Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike}}, date = {2021-11-17}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1461004489234829320}, language = {English}, urldate = {2021-11-25} } Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot
2021-11-07Palo Alto Networks Unit 42Robert Falcone, Jeff White, Peter Renals
@online{falcone:20211107:targeted:121be00, author = {Robert Falcone and Jeff White and Peter Renals}, title = {{Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer}}, date = {2021-11-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/}, language = {English}, urldate = {2021-12-02} } Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite
2021-11-05Twitter (@Unit42_Intel)Unit 42
@online{42:20211105:ta551:98c564e, author = {Unit 42}, title = {{Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops}}, date = {2021-11-05}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1458113934024757256}, language = {English}, urldate = {2021-11-17} } Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike
2021-10-14Palo Alto Networks Unit 42Yue Guan, Jin Chen, Leo Olson, Wayne Xin, Daiping Liu
@online{guan:20211014:attackers:ff202a1, author = {Yue Guan and Jin Chen and Leo Olson and Wayne Xin and Daiping Liu}, title = {{Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes}}, date = {2021-10-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/exploits-interactsh/}, language = {English}, urldate = {2021-10-25} } Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
2021-10-07Palo Alto Networks Unit 42Peter Renals
@online{renals:20211007:silverterrier:e682411, author = {Peter Renals}, title = {{SilverTerrier – Nigerian Business Email Compromise}}, date = {2021-10-07}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/silverterrier-nigerian-business-email-compromise/}, language = {English}, urldate = {2021-10-11} } SilverTerrier – Nigerian Business Email Compromise
2021-09-30Palo Alto Networks Unit 42Brady Stout
@online{stout:20210930:credential:c5ca608, author = {Brady Stout}, title = {{Credential Harvesting at Scale Without Malware}}, date = {2021-09-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/credential-harvesting/}, language = {English}, urldate = {2021-10-11} } Credential Harvesting at Scale Without Malware
2021-09-15Palo Alto Networks Unit 42Anna Chung, Swetha Balla
@online{chung:20210915:phishing:15f054e, author = {Anna Chung and Swetha Balla}, title = {{Phishing Eager Travelers}}, date = {2021-09-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/travel-themed-phishing/}, language = {English}, urldate = {2021-09-19} } Phishing Eager Travelers
Dridex
2021-09-10Palo Alto Networks Unit 42Lucas Hu
@online{hu:20210910:phishingjs:289c504, author = {Lucas Hu}, title = {{PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection}}, date = {2021-09-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/javascript-based-phishing/}, language = {English}, urldate = {2021-09-14} } PhishingJS: A Deep Learning Model for JavaScript-Based Phishing Detection
2021-08-30Palo Alto Networks Unit 42Brock Mammen, Haozhe Zhang
@online{mammen:20210830:new:de3acd2, author = {Brock Mammen and Haozhe Zhang}, title = {{New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)}}, date = {2021-08-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/}, language = {English}, urldate = {2021-08-31} } New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305)
Mirai
2021-08-24Palo Alto Networks Unit 42Ruchna Nigam, Doel Santos
@online{nigam:20210824:ransomware:dfd3e4b, author = {Ruchna Nigam and Doel Santos}, title = {{Ransomware Groups to Watch: Emerging Threats}}, date = {2021-08-24}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/emerging-ransomware-groups/}, language = {English}, urldate = {2021-08-24} } Ransomware Groups to Watch: Emerging Threats
HelloKitty AvosLocker HelloKitty hive LockBit
2021-07-30Twitter (@Unit42_Intel)Unit 42
@online{42:20210730:bazarloader:43bdc2c, author = {Unit 42}, title = {{Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability}}, date = {2021-07-30}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1421117403644186629?s=20}, language = {English}, urldate = {2021-08-02} } Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike
2021-07-27Palo Alto Networks Unit 42Mike Harbison, Alex Hinchliffe
@online{harbison:20210727:thor:5d6d793, author = {Mike Harbison and Alex Hinchliffe}, title = {{THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group}}, date = {2021-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thor-plugx-variant/}, language = {English}, urldate = {2021-07-29} } THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX
2021-07-19Palo Alto Networks Unit 42Mark Lim
@online{lim:20210719:evade:51a9e1f, author = {Mark Lim}, title = {{Evade Sandboxes With a Single Bit – the Trap Flag}}, date = {2021-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/single-bit-trap-flag-intel-cpu/}, language = {English}, urldate = {2021-07-26} } Evade Sandboxes With a Single Bit – the Trap Flag
lampion
2021-07-15Palo Alto Networks Unit 42Robert Falcone, Alex Hinchliffe, Quinn Cooke
@online{falcone:20210715:mespinoza:cabb0ab, author = {Robert Falcone and Alex Hinchliffe and Quinn Cooke}, title = {{Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools}}, date = {2021-07-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/gasket-and-magicsocks-tools-install-mespinoza-ransomware/}, language = {English}, urldate = {2021-07-20} } Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools
Gasket Mespinoza
2021-07-06paloalto Networks Unit 42John Martineau
@online{martineau:20210706:understanding:b8b39b6, author = {John Martineau}, title = {{Understanding REvil: The Ransomware Gang Behind the Kaseya Attack}}, date = {2021-07-06}, organization = {paloalto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/revil-threat-actors/}, language = {English}, urldate = {2021-07-08} } Understanding REvil: The Ransomware Gang Behind the Kaseya Attack
Gandcrab REvil
2021-07-03Palo Alto Networks Unit 42Unit 42
@online{42:20210703:threat:b329d9c, author = {Unit 42}, title = {{Threat Brief: Kaseya VSA Ransomware Attack}}, date = {2021-07-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/threat-brief-kaseya-vsa-ransomware-attacks/}, language = {English}, urldate = {2021-07-12} } Threat Brief: Kaseya VSA Ransomware Attack
REvil
2021-06-18Palo Alto Networks Unit 42Richard Hickman
@online{hickman:20210618:conti:9b8903f, author = {Richard Hickman}, title = {{Conti Ransomware Gang: An Overview}}, date = {2021-06-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/conti-ransomware-gang/}, language = {English}, urldate = {2021-07-02} } Conti Ransomware Gang: An Overview
Conti