When a host is infected or otherwise compromised, security professionals need to quickly review packet captures of suspicious network traffic to identify affected hosts and users. This tutorial offers tips on how to gather pcap data using Wireshark, the widely used network protocol analysis tool.
Redaman is banking malware first noted in 2015 that targets recipients who conduct transactions using Russian financial institutions. We have found versions of Redaman in Russian language mass-distribution campaigns during the last four months of 2018.
As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review packet captures (pcaps) of network traffic generated by malware samples. To better accomplish this work, I use a customized Wireshark column display as described my previous blog about using Wireshark. Today’s post provides more tips for analysts to
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Unit 42 investigates a recent Fake Flash update pushing cryptocurrency mining software. Get the full report.
Unit 42 shares a lesson on customizing Wireshark to better meet security researcher needs.
Unit 42 examines Emotet and Trickbot, best known as banking malware and information stealers targeting Windows-based computers.
What a difference a year makes! As the dominant exploit kit (EK) in our current threat landscape, Rig EK has gone through significant changes. How much has Rig EK changed? In order to find out, we compared activity levels, malware payloads, and network traffic characteristics from January of 2017 with January of 2018. The contrast
Unit 42 tracks how attackers use fraudulent accounts and compromise infrastructures of legitimate businesses to deliver Hancitor malware.
Unit 42 investigates Boleto Mestre, a malspam campaign impersonating invoice documents of a popular Brazilian payment method.
Unit 42 uncovers HoeflerText popups delivering RAT malware to Google Chrome users.
Unit 42 examines the evolution of malspam targeting Microsoft windows hosts in Brazil.
Unit 42 investigates recent developments in the EITest & pseudo-Darkleech campaigns contributing to the decline of Rig exploit kits.
Unit 42 identifies a new malicious spam campaign using United States Postal Service themed emails redirecting to fake Microsoft Word online sites.
Unit 42 discovers malspam campaign using hosting providers to spread ransomware.
EITest is a name originally coined by Malwarebytes Labs in 2014 to describe a campaign that uses exploit kits (EKs) to deliver malware. Until early January 2016, “EITest” was used as a variable name in the attacker’s malicious injected script in pages on legitimate websites compromised by this campaign. While the variable name is gone,
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.