People of Palo Alto Networks: Kaoru Hayashi

posted by: on June 24, 2016 1:00 PM

filed in: People of Palo Alto Networks
tagged: ,


Technology is great. People are better. “People of Palo Alto Networks” celebrates the employees who preserve our unique culture of innovation and collaboration.

Episode 12

Kaoru Hayashi
Cyber Threat Intelligence Analyst, Unit 42

…Continue reading

Channel Scoop – June 24, 2016

Channel Scoop

Sit back and relax. Let us do the information gathering and give you the channel scoop. …Continue reading

Tracking Elirks Variants in Japan: Similarities to Previous Attacks

posted by: on June 23, 2016 4:00 PM

filed in: Cybersecurity, Threat Prevention, Unit 42
tagged: , , , ,

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese companies.

Elirks, less widely known than PlugX, is a basic backdoor Trojan, first discovered in 2010, that is primarily used to steal information from compromised systems. We mostly observe attacks using Elirks occurring in East Asia. One of the unique features of the malware is that it retrieves its C2 address by accessing a pre-determined microblog service or SNS. Attackers create accounts on those services and post encoded IP addresses or the domain names of real C2 servers in advance of distributing the backdoor. We have seen multiple Elirks variants using Japanese blog services for the last couple of years. Figure 1 shows embedded URL in an Elirks sample found in early 2016.

…Continue reading

Older posts →