KeyBase Keylogger Malware Family Exposed

In recent months, our team has been tracking a keylogger malware family named KeyBase that has been in the wild since February 2015. The malware comes equipped with a variety of features and can be purchased for $50 directly from the author. It has been deployed in attacks against organizations across many industries and is

Examining the Cybercrime Underground, Part 1: Crypters

This post is the first in a new series titled Examining the Cybercrime Underground. Each post will delve into different aspects of how cybercriminals operate, using current examples of tools and techniques. What are their tools of the trade? How do they get them? How do they overcome challenges posed by security and anti-fraud systems? How do

Don’t Miss A Single Threat Intelligence Update from Unit 42!

Unit 42 is the Palo Alto Networks threat intelligence team. Made up of accomplished cybersecurity researchers and industry experts, Unit 42 gathers, researches, analyzes, and provides insights into the latest cyber threats, then shares them with Palo Alto Networks customers, partners and the broader community to better protect enterprise, service provider, and government computing environments. You

NetWire and MITRE ChopShop

On August 4, Unit 42, the Palo Alto Networks threat intelligence team, released a tool to decrypt the traffic from a Remote Administration Tool (RAT) named NetWire (part of the NetWiredRC malware family).  For details of the encryption protocol used please see our earlier post here. The previously released protocol decoder and parser was originally

Black Hat 2014: Threat Intelligence With an Emphasis On Context

A few weeks ago we formally introduced Unit 42, the new threat intelligence team at Palo Alto Networks. Following the release Unit 42’s inaugural research paper, 419 Evolution, many of the team leads are on the scene here at Black Hat 2014 in Las Vegas. It’s a chance for the security community at large to

Palo Alto Networks Provides a New Breed of Intelligence to Detect and Prevent

Back in June, Microsoft patched 59 Internet Explorer vulnerabilities and Palo Alto Networks discovered 21 of them, all rated critical. Then in July, we released findings about evolved Nigerian 419 scammers from Unit 42, the new Palo Alto Networks threat intelligence team. The way we perform cybersecurity research is opening the door to a new

Meet the Unit 42 Team at Black Hat 2014

Black Hat USA 2014 kicks off next week, and along with our product and solution experts, you’ll meet team leads from Unit 42, the Palo Alto Networks threat intelligence team. Last week we celebrated the official launch of Unit 42, along with the release of 419 Evolution, a new report examining the evolution of Nigerian

Palo Alto Networks News of the Week – July 25

Here’s a roundup of this week’s top Palo Alto Networks news.     We are happy to officially introduce our new threat intelligence team, Unit 42, and the release of its first research paper, 419 Evolution. Check out some of the great global coverage from this announcement:

Unit 42: A New Era In Threat Intelligence

Today we would like to officially introduce our new threat intelligence team, Unit 42, and announce the release of our first research paper, 419 Evolution. Unit 42 uses data collected from the Palo Alto Networks security platform to provide context into an attacker’s motivations and methods. Using our Critical Intelligence Requirements developed by our leadership, we

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on