Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-03paloalto Netoworks: Unit42Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu, Siddhart Shibiraj
@online{sangvikar:20221103:cobalt:9a81f6f, author = {Durgesh Sangvikar and Chris Navarrete and Matthew Tennis and Yanhui Jia and Yu Fu and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild}}, date = {2022-11-03}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-team-server/}, language = {English}, urldate = {2022-11-03} } Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-10-31paloalto Netoworks: Unit42Or Chechik
@online{chechik:20221031:banking:c421ac8, author = {Or Chechik}, title = {{Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure}}, date = {2022-10-31}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/banking-trojan-techniques/}, language = {English}, urldate = {2022-10-31} } Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure
Dridex Kronos TrickBot Zeus
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-03-24paloalto Netoworks: Unit42Unit42
@online{unit42:20220324:threat:8b3586f, author = {Unit42}, title = {{Threat Brief: Lapsus$ Group}}, date = {2022-03-24}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/lapsus-group/}, language = {English}, urldate = {2022-03-25} } Threat Brief: Lapsus$ Group
RedLine Stealer
2022-03-16paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Andrew Guan, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220316:cobalt:015f5df, author = {Chris Navarrete and Durgesh Sangvikar and Andrew Guan and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect}}, date = {2022-03-16}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/}, language = {English}, urldate = {2022-03-18} } Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
Cobalt Strike
2022-01-17Github (pan-unit42)Brad Duncan
@online{duncan:20220117:iocs:2a5e814, author = {Brad Duncan}, title = {{IOCs for Astaroth/Guildma malware infection}}, date = {2022-01-17}, organization = {Github (pan-unit42)}, url = {https://github.com/pan-unit42/tweets/blob/master/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt}, language = {English}, urldate = {2022-01-25} } IOCs for Astaroth/Guildma malware infection
Astaroth
2021-11-17Twitter (@Unit42_Intel)Unit 42
@online{42:20211117:matanbuchus:9e3556c, author = {Unit 42}, title = {{Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike}}, date = {2021-11-17}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1461004489234829320}, language = {English}, urldate = {2021-11-25} } Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot
2021-11-05Twitter (@Unit42_Intel)Unit 42
@online{42:20211105:ta551:98c564e, author = {Unit 42}, title = {{Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops}}, date = {2021-11-05}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1458113934024757256}, language = {English}, urldate = {2021-11-17} } Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike
2021-10-18paloalto Netoworks: Unit42Brad Duncan
@online{duncan:20211018:case:bdd95ff, author = {Brad Duncan}, title = {{Case Study: From BazarLoader to Network Reconnaissance}}, date = {2021-10-18}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/bazarloader-network-reconnaissance/}, language = {English}, urldate = {2021-10-22} } Case Study: From BazarLoader to Network Reconnaissance
BazarBackdoor Cobalt Strike
2021-08-10paloalto Netoworks: Unit42Ruchna Nigam, Haozhe Zhang, Zhibin Zhang
@online{nigam:20210810:new:ee88c46, author = {Ruchna Nigam and Haozhe Zhang and Zhibin Zhang}, title = {{New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices}}, date = {2021-08-10}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/}, language = {English}, urldate = {2021-08-20} } New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
QNAPCrypt
2021-07-30Twitter (@Unit42_Intel)Unit 42
@online{42:20210730:bazarloader:43bdc2c, author = {Unit 42}, title = {{Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability}}, date = {2021-07-30}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1421117403644186629?s=20}, language = {English}, urldate = {2021-08-02} } Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike
2021-03-17Palo Alto Networks Unit 42Unit42
@techreport{unit42:20210317:ransomware:504cc32, author = {Unit42}, title = {{Ransomware Threat Report 2021}}, date = {2021-03-17}, institution = {Palo Alto Networks Unit 42}, url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf}, language = {English}, urldate = {2021-03-19} } Ransomware Threat Report 2021
RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker
2020-12-14Palo Alto Networks Unit 42Unit42
@online{unit42:20201214:pymicropsia:9f0baec, author = {Unit42}, title = {{PyMICROPSIA: New Information-Stealing Trojan from AridViper}}, date = {2020-12-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pymicropsia/}, language = {English}, urldate = {2020-12-15} } PyMICROPSIA: New Information-Stealing Trojan from AridViper
2020-12-10Palo Alto Networks Unit 42Unit42
@online{unit42:20201210:threat:6ac31af, author = {Unit42}, title = {{Threat Brief: FireEye Red Team Tool Breach}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/}, language = {English}, urldate = {2020-12-15} } Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike
2020-09-07Github (pan-unit42)Brad Duncan
@online{duncan:20200907:collection:09ab7be, author = {Brad Duncan}, title = {{Collection of recent Dridex IOCs}}, date = {2020-09-07}, organization = {Github (pan-unit42)}, url = {https://github.com/pan-unit42/tweets/blob/master/2020-09-07-Dridex-IOCs.txt}, language = {English}, urldate = {2020-09-15} } Collection of recent Dridex IOCs
Cutwail Dridex
2020-01-23Palo Alto Networks Unit 42Adrian McCabe, Unit42
@online{mccabe:20200123:fractured:399ff15, author = {Adrian McCabe and Unit42}, title = {{The Fractured Statue Campaign: U.S. Government Targeted in Spear-Phishing Attacks}}, date = {2020-01-23}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/}, language = {English}, urldate = {2020-01-26} } The Fractured Statue Campaign: U.S. Government Targeted in Spear-Phishing Attacks
CARROTBALL CarrotBat Syscon
2020Palo Alto Networks Unit 42Unit42
@online{unit42:2020:wastedlockerransomware:7c809d3, author = {Unit42}, title = {{Wastedlocker-ransomware}}, date = {2020}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/wastedlocker-ransomware/}, language = {English}, urldate = {2020-10-02} } Wastedlocker-ransomware
WastedLocker
2019-10-19Palo Alto Networks Unit 42Unit42
@online{unit42:20191019:rat:4a5f30b, author = {Unit42}, title = {{商用RATのエコシステム: Unit 42、高機能商用RAT Blackremote RATの作者を公開後数日で特定}}, date = {2019-10-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.jp/blackremote-money-money-money-a-swedish-actor-peddles-an-expensive-new-rat/}, language = {Japanese}, urldate = {2020-03-25} } 商用RATのエコシステム: Unit 42、高機能商用RAT Blackremote RATの作者を公開後数日で特定
BlackRemote
2019-10-15Palo Alto Networks Unit 42Unit42
@online{unit42:20191015:blackremote:a39e171, author = {Unit42}, title = {{Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT}}, date = {2019-10-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/blackremote-money-money-money-a-swedish-actor-peddles-an-expensive-new-rat/}, language = {English}, urldate = {2020-01-08} } Blackremote: Money Money Money – A Swedish Actor Peddles an Expensive New RAT
BlackRemote
2019-01-08paloalto Netoworks: Unit42Robert Falcone, Bryan Lee
@online{falcone:20190108:darkhydrus:3996fa4, author = {Robert Falcone and Bryan Lee}, title = {{DarkHydrus delivers new Trojan that can use Google Drive for C2 communications}}, date = {2019-01-08}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/}, language = {English}, urldate = {2020-01-07} } DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
RogueRobinNET DarkHydrus