Malpedia Library

Click here to download all references as Bib-File.•

2025-01-17 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet about affiliates of DarkScorpius using Social Engineering via MS Teams
UNC4393

2024-10-10 ⋅ paloalto Netoworks: Unit42 ⋅ Benjamin Chang, Micah Yates, Pranay Kumar Chhaparwal
Lynx Ransomware: A Rebranding of INC Ransomware
INC Lynx

2024-04-16 ⋅ paloalto Netoworks: Unit42 ⋅ paloalto Networks: Unit42
ContactForms campaign pushing SSLoad malware
SSLoad

2024-04-11 ⋅ paloalto Netoworks: Unit42 ⋅ paloalto Networks: Unit42
Contact Forms Campaign Pushes SSLoad Malware
SSLoad

2024-03-05 ⋅ CIP ⋅ paloalto Networks: Unit42, State Service of Special Communication and Information Protection of Ukraine (CIP)
Semi-Annual Chronicles of UAC-0006 Operations
SmokeLoader

2023-09-15 ⋅ paloalto Netoworks: Unit42 ⋅ Amer Elsad, Austin Dever, Kristopher Russo
Threat Group Assessment: Muddled Libra

2023-07-20 ⋅ paloalto Netoworks: Unit42 ⋅ Lior Rochberger, Shimi Cohen
Threat Group Assessment: Mallox Ransomware
TargetCompany

2023-05-09 ⋅ paloalto Netoworks: Unit42 ⋅ Anthony Galiette, Daniel Bunce, Doel Santos
Threat Assessment: Royal Ransomware
Royal Ransom Royal Ransom

2023-04-11 ⋅ Twitter (@Unit42_Intel) ⋅ Unit42
Tweet on change of IcedID backconnect traffic port from 8080 to 443
IcedID

2023-01-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
Chinese Playful Taurus Activity in Iran
turian

2022-12-20 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Unidentified VBS 005 (Telegram Loader)

2022-11-03 ⋅ paloalto Netoworks: Unit42 ⋅ Chris Navarrete, Durgesh Sangvikar, Matthew Tennis, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike

2022-10-31 ⋅ paloalto Netoworks: Unit42 ⋅ Or Chechik
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure
Dridex Kronos TrickBot Zeus

2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit42
Clean Ursa
PowerShower Inception Framework

2022-03-24 ⋅ paloalto Netoworks: Unit42 ⋅ Unit42
Threat Brief: Lapsus$ Group
RedLine Stealer

2022-03-16 ⋅ paloalto Netoworks: Unit42 ⋅ Andrew Guan, Chris Navarrete, Durgesh Sangvikar, Siddhart Shibiraj, Yanhui Jia, Yu Fu
Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
Cobalt Strike

2022-01-17 ⋅ Github (pan-unit42) ⋅ Brad Duncan
IOCs for Astaroth/Guildma malware infection
Astaroth

2021-11-17 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot

2021-11-05 ⋅ Twitter (@Unit42_Intel) ⋅ Unit 42
Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike

2021-10-18 ⋅ paloalto Netoworks: Unit42 ⋅ Brad Duncan
Case Study: From BazarLoader to Network Reconnaissance
BazarBackdoor Cobalt Strike