Palo Alto Networks

Trojan

Latest TeslaCrypt Ransomware Borrows Code From Carberp Trojan

In recent weeks, we have noticed changes in the TeslaCrypt ransomware malware family’s code base. OpenDNS recently discussed some of these changes regarding the encryption techniques in this newest variant. While reverse engineering the underlying code of these samples we discovered that the author of of TeslaCrypt borrowed code from the Carberp malware family in order to obfuscate strings and dynamically load libraries/functions. (more…)...

Malware

Threat Prevention

Unit 42

Oct 09, 2015

By Josh Grunzweig

Palo Alto Networks

Products and Services

Partners

Malware, Threat Prevention, Unit 42

Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media

On May 6 and May 11, 2015, Unit 42 observed two targeted attacks, the first against the U.S. government and the second on a European media company. Th...

Sep 23, 2015

By Robert Falcone and Jen Miller-Osborn

Malware, Threat Prevention, Unit 42

Banking Trojan Escelar Infects Thousands In Brazil and the US

Unit 42 for the past three months has been tracking a banking Trojan targeting victims in Brazil and the United States. Escelar originally surfaced in...

Aug 27, 2015

By Josh Grunzweig

Financial Services, Malware, Threat Prevention, Unit 42

Retefe Banking Trojan Targets Sweden, Switzerland and Japan

Retefe is one of the most targeted banking Trojans currently in the wild. While other families such as Zeus and Citadel are widely adopted by attacker...

Aug 20, 2015

By Brandon Levene, Robert Falcone, Josh Grunzweig, Bryan Lee and Ryan Olson

Malware, Unit 42

What’s Next in Malware After Kuluoz?

Regular readers of this blog have heard all about the infamous Kuluoz malware. This family was the latest evolution of the Asprox malware and at its peak in 2014 it accounted for 80% of all malware sessions we observed in WildFire. When the team published our Threat Lan...

Aug 10, 2015

By Ryan Olson

Malware, Threat Prevention, Unit 42

Unit 42 Technical Analysis: Seaduke

Earlier this week Symantec released a blog post detailing a new Trojan used by the ‘Duke’ family of malware. Within this blog post, a payload containing a function named ‘forkmeiamfamous’ was mentioned. While performing some research online...

Jul 14, 2015

By Josh Grunzweig

Malware, Unit 42

Evilgrab Delivered by Watering Hole Attack on President of Myanmar’s Websit...

On May 12, 2015, Unit 42 observed an apparent watering hole attack, also known as a strategic website compromise (SWC), involving the President of Myanmar's website. Visiting the m...

Jun 11, 2015

By Robert Falcone

Malware, Threat Prevention, Unit 42

PlugX Uses Legitimate Samsung Application for DLL Side-Loading

While threat actors using the PlugX Trojan typically leverage legitimate executables to load their malicious DLLs through a technique called DLL side-...

May 01, 2015

By Robert Falcone

Malware, Threat Prevention, Unit 42

Dridex Banking Trojan Begins 2015 with a Bang

In October, we called out a series of attacks installing the Dridex Trojan using macros in Microsoft Word documents. Those attacks continued over the last few months and in first two weeks of the new calendar y...

Jan 16, 2015

By Ryan Olson

Threat Prevention, Unit 42

Kuluoz Trends – October 2014

The Asprox/Kuluoz malware family has a special place in our hearts at Palo Alto Networks. This botnet-related Trojan malware has evolved from its 2007 roots into a simple and yet robust mass e-mail phishing threat that is the origin of a significant percentage of Intern...

Nov 07, 2014

By Rob Downs and Victor Ocho

Cybersecurity, Malware, Threat Prevention, Unit 42

Dridex Banking Trojan Distributed Through Word Documents

Dridex, the latest descendent of the Bugat/Feodo/Cridex banking Trojan lineage has been a constant source of attacks using the malware since its release in July. To date, Dridex has centered on sending executab...

Oct 24, 2014

By Ryan Olson

Malware, SCADA & ICS, Threat Prevention, Unit 42

Why Havex Is a Game-Changing Threat to Industrial Control Systems – Part 2

In part 1 of this 2-part blog series, we discussed why the Havex Trojan is a significant and concerning industry milestone. Here, in part 2, we look a...

Jul 18, 2014

By Del Rodillas

Cybersecurity, Malware, Threat Advisories - Advisories, Threat Prevention, Unit 42

Iptables Backdoor: Even Linux Is At Risk of Intrusion

A backdoor implant is an increasingly common mechanism for maintaining unauthorized access and control over a computer asset. The terms remote administration tool (RAT) and trojan...

Jul 16, 2014

By Jin Chen

Cybersecurity, Threat Advisories - Advisories, Threat Advisory/Analysis, Unit 42

The Latest Kuluoz Spam Campaign Kicks Off

At 06:47 PST on May 20 Palo Alto Networks WildFire detected the start of the latest Kuluoz spam campaign. The total number of e-mails detected quickly rose to over 30,000 per hour...

May 20, 2014

By Ryan Olson

Cybersecurity, Events, News of the Week, Partners, Vertical

Palo Alto Networks News of the Week – May 16

Interested in the top Palo Alto Networks news from this past week? It’s all right here.

May 16, 2014

By Chad Berndtson

Threat Advisories - Advisories, Threat Prevention, Unit 42

Funtasy Trojan Targets Spanish Android Users with Sneaky SMS Charges

(more…)

May 12, 2014

By Zhi Xu, Claud Xiao and Ryan Olson

Malware, Mobility, Threat Advisories - Advisories, Threat Prevention, Unit 42

Cardbuyer: New Smart Android Trojan Defeats Multi-factor Verification and S...

On April 21st our WildFire analysis cloud detected a new Android Trojan, which is currently completely undetected in VirusTotal and uses a new combina...

Apr 24, 2014

By Claud Xiao and Zhi Xu