Pulling Back the Curtains on EncodedCommand PowerShell Attacks

A note to readers: The code samples included within this blog post may trigger alerts from your security software. Please note that this does not indicate an infection or an attack; rather, it is a notification that the code could be malicious if it were live. PowerShell has continued to gain in popularity over the

Aveo Malware Family Targets Japanese Speaking Users

(This blog post is also available in Japanese.) Palo Alto Networks has identified a malware family known as ‘Aveo’ that is being used to target Japanese speaking users. The ‘Aveo’ malware name comes from an embedded debug string within the binary file. The Aveo malware family has close ties to the previously discussed FormerFirstRAT malware

Unit 42 Researchers Recognized in MSRC Top 100 List

Four Palo Alto Networks threat intelligence researchers were recently recognized in the Microsoft Security Response Center (MSRC) Bounty Program Top 100 list announced at Black Hat USA 2016. Congratulations to Bo Qu, Tao Yan, Hui Gao,  and Tongbo Luo!

Fresh Baked HOMEKit-made Cookles – With a DarkHotel Overlap

Threat actors tend to reuse certain tools, a trend we observed during recent Unit 42 research published on MNKit. In this post, we will discuss a fresh toolkit, which on the surface, appeared similar to MNKit, but functionally was found to be quite different. This toolkit, which we named “HOMEKit”, is similar to MNKit in

Palo Alto Networks Researchers Discover Two Critical Internet Explorer Vulnerabilities

Palo Alto Networks researchers discovered two new critical Internet Explorer (IE) vulnerabilities affecting IE versions 9, 10, and 11. Both are included in Microsoft’s July 2016 Security Bulletin, and documented in Microsoft Security Bulletin MS16-084. In our continued commitment to the security research community, these vulnerabilities were disclosed to Microsoft through our participation in the Microsoft Active Protections Program

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on