Palo Alto Networks

419 Scam

NetWire and MITRE ChopShop

On August 4, Unit 42, the Palo Alto Networks threat intelligence team, released a tool to decrypt the traffic from a Remote Administration Tool (RAT) named NetWire (part of the NetWiredRC malware family). For details of the encryption protocol used please see our earlier post here.

The previously released protocol decoder and parser was originally built as a stand-alone module. As part of Unit 42’s mission to contribute to the se...

Unit 42

Aug 25, 2014

By Phil Da Silva

Palo Alto Networks

Products and Services

Partners

Cybersecurity, Reports, Threat Prevention, Unit 42

Palo Alto Networks Provides a New Breed of Intelligence to Detect and Preve...

Back in June, Microsoft patched 59 Internet Explorer vulnerabilities and Palo Alto Networks discovered 21 of them, all rated critical. Then in July, w...

Aug 05, 2014

By Tim Treat

Threat Advisories - Advisories, Unit 42

New Release: Decrypting NetWire C2 Traffic

On July 22, Palo Alto Networks threat intelligence team, Unit 42, released our first report on the evolution of “Silver Spaniel” 419 scammers. Of particular note is how these actors use a Remote Administration...

Aug 04, 2014

By Phil Da Silva, Rob Downs and Ryan Olson