Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-20paloalto Netoworks: Unit42Lior Rochberger, Shimi Cohen
@online{rochberger:20230720:threat:eaf1994, author = {Lior Rochberger and Shimi Cohen}, title = {{Threat Group Assessment: Mallox Ransomware}}, date = {2023-07-20}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/mallox-ransomware/}, language = {English}, urldate = {2023-07-24} } Threat Group Assessment: Mallox Ransomware
TargetCompany
2023-05-09paloalto Netoworks: Unit42Doel Santos, Daniel Bunce, Anthony Galiette
@online{santos:20230509:threat:c231c7f, author = {Doel Santos and Daniel Bunce and Anthony Galiette}, title = {{Threat Assessment: Royal Ransomware}}, date = {2023-05-09}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/royal-ransomware/}, language = {English}, urldate = {2023-05-10} } Threat Assessment: Royal Ransomware
Royal Ransom Royal Ransom
2023-04-11Twitter (@Unit42_Intel)Unit42
@online{unit42:20230411:change:c20334e, author = {Unit42}, title = {{Tweet on change of IcedID backconnect traffic port from 8080 to 443}}, date = {2023-04-11}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1645851799427874818}, language = {English}, urldate = {2023-04-18} } Tweet on change of IcedID backconnect traffic port from 8080 to 443
IcedID
2023-01-18Palo Alto Networks Unit 42Unit42
@online{unit42:20230118:chinese:65e6e4b, author = {Unit42}, title = {{Chinese Playful Taurus Activity in Iran}}, date = {2023-01-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/playful-taurus/}, language = {English}, urldate = {2023-01-23} } Chinese Playful Taurus Activity in Iran
turian
2022-12-20Palo Alto Networks Unit 42Unit42
@online{unit42:20221220:russias:75dec0c, author = {Unit42}, title = {{Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine}}, date = {2022-12-20}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/trident-ursa/}, language = {English}, urldate = {2023-01-25} } Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
Unidentified VBS 005 (Telegram Loader)
2022-11-03paloalto Netoworks: Unit42Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu, Siddhart Shibiraj
@online{sangvikar:20221103:cobalt:9a81f6f, author = {Durgesh Sangvikar and Chris Navarrete and Matthew Tennis and Yanhui Jia and Yu Fu and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild}}, date = {2022-11-03}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-team-server/}, language = {English}, urldate = {2022-11-03} } Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild
Cobalt Strike
2022-10-31paloalto Netoworks: Unit42Or Chechik
@online{chechik:20221031:banking:c421ac8, author = {Or Chechik}, title = {{Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure}}, date = {2022-10-31}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/banking-trojan-techniques/}, language = {English}, urldate = {2022-10-31} } Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure
Dridex Kronos TrickBot Zeus
2022-07-18Palo Alto Networks Unit 42Unit42
@online{unit42:20220718:clean:f042eb1, author = {Unit42}, title = {{Clean Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/clean-ursa}, language = {English}, urldate = {2022-08-26} } Clean Ursa
PowerShower Inception Framework
2022-03-24paloalto Netoworks: Unit42Unit42
@online{unit42:20220324:threat:8b3586f, author = {Unit42}, title = {{Threat Brief: Lapsus$ Group}}, date = {2022-03-24}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/lapsus-group/}, language = {English}, urldate = {2022-03-25} } Threat Brief: Lapsus$ Group
RedLine Stealer
2022-03-16paloalto Netoworks: Unit42Chris Navarrete, Durgesh Sangvikar, Andrew Guan, Yu Fu, Yanhui Jia, Siddhart Shibiraj
@online{navarrete:20220316:cobalt:015f5df, author = {Chris Navarrete and Durgesh Sangvikar and Andrew Guan and Yu Fu and Yanhui Jia and Siddhart Shibiraj}, title = {{Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect}}, date = {2022-03-16}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/}, language = {English}, urldate = {2022-03-18} } Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
Cobalt Strike
2022-01-17Github (pan-unit42)Brad Duncan
@online{duncan:20220117:iocs:2a5e814, author = {Brad Duncan}, title = {{IOCs for Astaroth/Guildma malware infection}}, date = {2022-01-17}, organization = {Github (pan-unit42)}, url = {https://github.com/pan-unit42/tweets/blob/master/2022-01-17-IOCs-for-Astaroth-Guildma-infection.txt}, language = {English}, urldate = {2022-01-25} } IOCs for Astaroth/Guildma malware infection
Astaroth
2021-11-17Twitter (@Unit42_Intel)Unit 42
@online{42:20211117:matanbuchus:9e3556c, author = {Unit 42}, title = {{Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike}}, date = {2021-11-17}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1461004489234829320}, language = {English}, urldate = {2021-11-25} } Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike
Cobalt Strike QakBot
2021-11-05Twitter (@Unit42_Intel)Unit 42
@online{42:20211105:ta551:98c564e, author = {Unit 42}, title = {{Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops}}, date = {2021-11-05}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1458113934024757256}, language = {English}, urldate = {2021-11-17} } Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops
BazarBackdoor Cobalt Strike
2021-10-18paloalto Netoworks: Unit42Brad Duncan
@online{duncan:20211018:case:bdd95ff, author = {Brad Duncan}, title = {{Case Study: From BazarLoader to Network Reconnaissance}}, date = {2021-10-18}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/bazarloader-network-reconnaissance/}, language = {English}, urldate = {2021-10-22} } Case Study: From BazarLoader to Network Reconnaissance
BazarBackdoor Cobalt Strike
2021-08-10paloalto Netoworks: Unit42Ruchna Nigam, Haozhe Zhang, Zhibin Zhang
@online{nigam:20210810:new:ee88c46, author = {Ruchna Nigam and Haozhe Zhang and Zhibin Zhang}, title = {{New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices}}, date = {2021-08-10}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/}, language = {English}, urldate = {2021-08-20} } New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
QNAPCrypt
2021-07-30Twitter (@Unit42_Intel)Unit 42
@online{42:20210730:bazarloader:43bdc2c, author = {Unit 42}, title = {{Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability}}, date = {2021-07-30}, organization = {Twitter (@Unit42_Intel)}, url = {https://twitter.com/Unit42_Intel/status/1421117403644186629?s=20}, language = {English}, urldate = {2021-08-02} } Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability
BazarBackdoor Cobalt Strike
2021-03-17Palo Alto Networks Unit 42Unit42
@techreport{unit42:20210317:ransomware:504cc32, author = {Unit42}, title = {{Ransomware Threat Report 2021}}, date = {2021-03-17}, institution = {Palo Alto Networks Unit 42}, url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf}, language = {English}, urldate = {2021-03-19} } Ransomware Threat Report 2021
RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker
2020-12-14Palo Alto Networks Unit 42Unit42
@online{unit42:20201214:pymicropsia:9f0baec, author = {Unit42}, title = {{PyMICROPSIA: New Information-Stealing Trojan from AridViper}}, date = {2020-12-14}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/pymicropsia/}, language = {English}, urldate = {2020-12-15} } PyMICROPSIA: New Information-Stealing Trojan from AridViper
2020-12-10Palo Alto Networks Unit 42Unit42
@online{unit42:20201210:threat:6ac31af, author = {Unit42}, title = {{Threat Brief: FireEye Red Team Tool Breach}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/}, language = {English}, urldate = {2020-12-15} } Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike
2020-09-23paloalto Netoworks: Unit42Brad Duncan
@online{duncan:20200923:case:078ee7f, author = {Brad Duncan}, title = {{Case Study: Emotet Thread Hijacking, an Email Attack Technique}}, date = {2020-09-23}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/emotet-thread-hijacking/}, language = {English}, urldate = {2022-11-28} } Case Study: Emotet Thread Hijacking, an Email Attack Technique
Emotet