Click here to download all references as Bib-File.
2023-07-20 ⋅ paloalto Netoworks: Unit42 ⋅ Threat Group Assessment: Mallox Ransomware TargetCompany |
2023-05-09 ⋅ paloalto Netoworks: Unit42 ⋅ Threat Assessment: Royal Ransomware Royal Ransom Royal Ransom |
2023-04-11 ⋅ Twitter (@Unit42_Intel) ⋅ Tweet on change of IcedID backconnect traffic port from 8080 to 443 IcedID |
2023-01-18 ⋅ Palo Alto Networks Unit 42 ⋅ Chinese Playful Taurus Activity in Iran turian |
2022-12-20 ⋅ Palo Alto Networks Unit 42 ⋅ Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine Unidentified VBS 005 (Telegram Loader) |
2022-11-03 ⋅ paloalto Netoworks: Unit42 ⋅ Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild Cobalt Strike |
2022-10-31 ⋅ paloalto Netoworks: Unit42 ⋅ Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Dridex Kronos TrickBot Zeus |
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Clean Ursa PowerShower Inception Framework |
2022-03-24 ⋅ paloalto Netoworks: Unit42 ⋅ Threat Brief: Lapsus$ Group RedLine Stealer |
2022-03-16 ⋅ paloalto Netoworks: Unit42 ⋅ Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect Cobalt Strike |
2022-01-17 ⋅ Github (pan-unit42) ⋅ IOCs for Astaroth/Guildma malware infection Astaroth |
2021-11-17 ⋅ Twitter (@Unit42_Intel) ⋅ Tweet on Matanbuchus Loader used to deliver Qakbot (tag obama128b) and follow-up CobaltStrike Cobalt Strike QakBot |
2021-11-05 ⋅ Twitter (@Unit42_Intel) ⋅ Tweet on TA551 (Shathak) BazarLoader infection with CobaltStrike and DarkVNC drops BazarBackdoor Cobalt Strike |
2021-10-18 ⋅ paloalto Netoworks: Unit42 ⋅ Case Study: From BazarLoader to Network Reconnaissance BazarBackdoor Cobalt Strike |
2021-08-10 ⋅ paloalto Netoworks: Unit42 ⋅ New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices QNAPCrypt |
2021-07-30 ⋅ Twitter (@Unit42_Intel) ⋅ Tweet on BazarLoader infection leading to cobaltstrike and Powershell script file for PrintNightmare vulnerability BazarBackdoor Cobalt Strike |
2021-03-17 ⋅ Palo Alto Networks Unit 42 ⋅ Ransomware Threat Report 2021 RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker |
2020-12-14 ⋅ Palo Alto Networks Unit 42 ⋅ PyMICROPSIA: New Information-Stealing Trojan from AridViper |
2020-12-10 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Brief: FireEye Red Team Tool Breach Cobalt Strike |
2020-09-23 ⋅ paloalto Netoworks: Unit42 ⋅ Case Study: Emotet Thread Hijacking, an Email Attack Technique Emotet |