Palo Alto Networks

ConfuserEx

OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan

The OilRig group remains highly active in their attack campaigns while they continue to evolve their toolset. On January 8, 2018, Unit 42 observed the OilRig threat group carry out an attack on an insurance agency based in the Middle East. Just over a week later, on January 16, 2018, we observed an attack on a Middle Eastern financial institution. In both attacks, the OilRig group attempted to deliver a new Trojan that we are tracking as OopsIE....

Unit 42

Feb 23, 2018

By Bryan Lee and Robert Falcone

Palo Alto Networks

Products and Services

Partners

Unit 42

VERMIN: Quasar RAT and Custom Malware Used In Ukraine

Palo Alto Networks Unit 42 has discovered a new malware family written using the Microsoft .NET Framework which the authors call "VERMIN"; an ironic term for a RAT (Remote Access Tool). Cursory investigation in...

Jan 29, 2018

By Tom Lancaster and Juan Cortes

Unit 42

Kazuar: Multiplatform Espionage Backdoor with API Access

Unit 42 researchers have uncovered a backdoor Trojan used in an espionage campaign. The developers refer to this tool by the name Kazuar, which is a Trojan written using the Microsoft .NET Framework that offers...

May 03, 2017

By Brandon Levene, Robert Falcone and Tyler Halfpop

Malware, Threat Prevention, Unit 42

Investigating the LuminosityLink Remote Access Trojan Configuration

In recent weeks, I’ve spent time investigating the LuminosityLink Remote Access Trojan’s (RAT) embedded configuration. For those unaware, LuminosityLi...

Jul 08, 2016

By Josh Grunzweig