Logo
Unit42 Logo
  • Tools
  • ATOMs
  • Security Consulting
  • About Us
  • Under Attack?
Pictorial representation of a threat actor like Muddled Libra
27,658
people reacted

Threat Group Assessment: Muddled Libra (Updated)

Muddled Libra uses the 0ktapus phishing kit, among other advanced tactics. We detail our observations of their activity using the MITRE ATT&CK framework.
Read More

14

11 min. read

A pictorial representation of a fake PoC distributing VenomRAT. A Trojan horse against a computer screen is on a green background. Palo Alto Networks logo. Unit 42 logo.
4,901
people reacted

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.
VenomRAT Hides in PoC Code

9

10 min. read

Cloud Threats: Original Research and In-Depth Analysis

Cloud Threats: Original Research and In-Depth Analysis

Learn more
Don't Panic!: The Unit 42 Podcast

Don't Panic!: The Unit 42 Podcast

Listen

Get updates from Unit 42

Please enter your email address!

loader

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

Please mark, I'm not a robot!

  • All
  • Threat Briefs
  • Threat Assessments
  • Reports
  • All
  • Threat Briefs
  • Threat Assessments
  • Reports
Fake CVE-2023-40477 Proof of Concept Leads to VenomRATA pictorial representation of a fake PoC distributing VenomRAT. A Trojan horse against a computer screen is on a green background. Palo Alto Networks logo. Unit 42 logo.
4,901
people reacted

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

  • By Robert Falcone
  • September 19, 2023 at 6:00 AM

9

10 min. read

Threat Group Assessment: Turla (aka Pensive Ursa)A pictorial representation of an APT such as Turla or Pensive Ursa.
3,250
people reacted

Threat Group Assessment: Turla (aka Pensive Ursa)

  • By Unit 42
  • September 15, 2023 at 6:00 AM

12

14 min. read

Trending

  • Unit 42 Attack Surface Threat Research: Constant Change in Cloud Contributes to 45% of New High/Critical Exposures Per Month by Unit 42
  • Threat Group Assessment: Muddled Libra (Updated) by Unit 42
  • Wireshark Tutorial: Display Filter Expressions by Brad Duncan
  • Wireshark Tutorial: Changing Your Column Display by Brad Duncan
  • Threat Group Assessment: Turla (aka Pensive Ursa) by Unit 42
Unit 42 Attack Surface Threat Research: Constant Change in Cloud Contributes to 45% of New High/Critical Exposures Per MonthCortex logo. Palo Alto Networks and Unit 42 logo lockup. 2023. Unit 42 Attack Surface Threat Report. EXPOSURE in a stylized format on a black background.
2,531
people reacted

Unit 42 Attack Surface Threat Research: Constant Change in Cloud Contributes to 45% of New High/Critical Exposures Per Month

  • By Unit 42
  • September 14, 2023 at 3:00 AM

3

4 min. read

Wireshark Tutorial: Display Filter ExpressionsA pictorial representation of changing column display in Wireshark. Binary is displayed on a computer monitor along with graphs and charts. The image is blue and white.
248,364
people reacted

Wireshark Tutorial: Display Filter Expressions

  • By Brad Duncan
  • September 8, 2023 at 6:00 AM

110

12 min. read

RedLine Stealer: Answers to Unit Wireshark QuizA pictorial representation of Wireshark traffic including RedLine Stealer.
2,217
people reacted

RedLine Stealer: Answers to Unit Wireshark Quiz

  • By Brad Duncan
  • September 1, 2023 at 6:00 AM

9

11 min. read

Wireshark Tutorial: Changing Your Column DisplayA pictorial representation of changing column display in Wireshark. Binary is displayed on a computer monitor along with graphs and charts. The image is green and white.
231,168
people reacted

Wireshark Tutorial: Changing Your Column Display

  • By Brad Duncan
  • August 31, 2023 at 5:00 AM

195

14 min. read

Why LaZagne Makes D-Bus API Vigilance CrucialA pictorial representation of malware distributed via D-Bus API attacks. An open laptop against a dark background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.
2,146
people reacted

Why LaZagne Makes D-Bus API Vigilance Crucial

  • By Siddharth Sharma
  • August 24, 2023 at 6:00 AM

6

6 min. read

Crossing the Line: Unit 42 Wireshark Quiz for RedLine StealerA pictorial representation of Wireshark traffic including RedLine Stealer.
3,089
people reacted

Crossing the Line: Unit 42 Wireshark Quiz for RedLine Stealer

  • By Brad Duncan
  • August 18, 2023 at 6:00 AM

11

4 min. read

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day VulnerabilityA pictorial representation of a vulnerability such as SugarCRM CVE-2023-22952. A stylized cloud with a lock hanging from it surrounded by technical tools. The Palo Alto Networks and Unit 42 logos.
5,062
people reacted

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability

  • By Margaret Zimmermann
  • August 10, 2023 at 3:15 PM

13

13 min. read

NodeStealer 2.0 – The Python Version: Stealing Facebook Business AccountsA pictorial representation of an infostealer like NodeStealer. An open laptop against an orange background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.
5,971
people reacted

NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts

  • By Lior Rochberger
  • August 1, 2023 at 6:00 AM

13

14 min. read

Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)A pictorial representation of a vulnerability such as CVE-2023-35078
5,576
people reacted

Threat Brief: Multiple Vulnerabilities Including Zero-Day Remote Unauthenticated API Access – CVE-2023-35078 – in Ivanti Endpoint Manager Mobile (Updated)

  • By Unit 42
  • July 28, 2023 at 5:42 PM

13

8 min. read

Threat Brief: RCE Vulnerability CVE-2023-3519 on Customer-Managed Citrix ServersA pictorial representation of a vulnerability such as CVE-2023-3519 affecting Citrix NetScaler.
6,162
people reacted

Threat Brief: RCE Vulnerability CVE-2023-3519 on Customer-Managed Citrix Servers

  • By Unit 42
  • July 28, 2023 at 4:00 PM

3

5 min. read

Ransomware Delivery URLs: Top Campaigns and TrendsA pictorial representation of ransomware, including ransomware delivered by URLs. The Palo Alto Networks and Unit 42 logos.
5,512
people reacted

Ransomware Delivery URLs: Top Campaigns and Trends

  • By Nabeel Mohamed, Fang Liu, Sophia Yao, Lee Wei Yeong, Song Yang and Shan Huang
  • July 28, 2023 at 6:00 AM

15

8 min. read

Threat Group Assessment: Mallox RansomwareA pictorial representation of the Mallox ransomware gang. A hand offers money to another hand holding keys. In the background is a computer screen with the biohazard symbol on it.
8,339
people reacted

Threat Group Assessment: Mallox Ransomware

  • By Lior Rochberger and Shimi Cohen
  • July 20, 2023 at 10:15 AM

18

10 min. read

P2PInfect: The Rusty Peer-to-Peer Self-Replicating WormA pictorial representation of threats to the cloud such as P2PInfect, the P2P worm written in Rust
8,154
people reacted

P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm

  • By William Gamazo and Nathaniel Quist
  • July 19, 2023 at 10:00 AM

13

11 min. read

loader gif
Sorry, no results were found.
Sorry, no results were found.
Clear

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2023 Palo Alto Networks, Inc. All rights reserved.