Get to know # Juan Cortes *** ** * ** *** Blogs by Juan Cortes Sort By: Recent Recent Popular *** ** * ** *** [![VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://www.paloaltonetworks.com.au/blog/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/) Unit 42 gives a walkthrough of the analysis of the VERMIN malware, details links between the activity observed, and IOCs for all activity discovered. Jan 29, 2018 By [Tom Lancaster](https://www.paloaltonetworks.com/blog/author/tom-lancaster/?ts=markdown "Posts by Tom Lancaster") and [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") *** ** * ** *** [![Operation Blockbuster Goes Mobile](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2017/11/unit42-operation-blockbuster-goes-mobile/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Operation Blockbuster Goes Mobile](https://www.paloaltonetworks.com.au/blog/2017/11/unit42-operation-blockbuster-goes-mobile/) Operation Blockbuster goes mobile: Unit 42 identifies cluster of malware samples targeting Samsung devices and Korean language speakers. Nov 20, 2017 By [Anthony Kasza](https://www.paloaltonetworks.com/blog/author/anthony-kasza/?ts=markdown "Posts by Anthony Kasza"), [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") and [Micah Yates](https://www.paloaltonetworks.com/blog/author/micah-yates/?ts=markdown "Posts by Micah Yates") *** ** * ** *** [![FreeMilk: A Highly Targeted Spear Phishing Campaign](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [FreeMilk: A Highly Targeted Spear Phishing Campaign](https://www.paloaltonetworks.com.au/blog/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/) Unit 42 uncovers FreeMilk: a highly targeted spear phishing campaign using hijacked conversations to deliver malware. Oct 05, 2017 By [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") and [Esmid Idrizovic](https://www.paloaltonetworks.com/blog/author/esmid-idrizovic/?ts=markdown "Posts by Esmid Idrizovic") *** ** * ** *** [![LabyREnth Capture the Flag (CTF): Mobile Track Solutions](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/blog-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2016/09/unit42-labyrenth-capture-the-flag-ctf-mobile-track-solutions/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [LabyREnth Capture the Flag (CTF): Mobile Track Solutions](https://www.paloaltonetworks.com.au/blog/2016/09/unit42-labyrenth-capture-the-flag-ctf-mobile-track-solutions/) Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We'll be revealing the solutions to one challenge track per week. Next up, the Mobile track. Mobile ... Sep 29, 2016 By [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell"), [Jeff White](https://www.paloaltonetworks.com/blog/author/jeff-white/?ts=markdown "Posts by Jeff White"), [Tyler Halfpop](https://www.paloaltonetworks.com/blog/author/tyler-halfpop/?ts=markdown "Posts by Tyler Halfpop"), [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") and [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") *** ** * ** *** [](https://www.paloaltonetworks.com.au/blog/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Attack Campaign on the Government of Thailand Delivers Bookworm Trojan](https://www.paloaltonetworks.com.au/blog/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/) Unit 42 recently published a blog on a newly identified Trojan called Bookworm, which discussed the architecture and capabilities of the malware and alluded to Thailand being the focus of the threat ... Nov 24, 2015 By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone"), [Mike Scott](https://www.paloaltonetworks.com/blog/author/mike-scott/?ts=markdown "Posts by Mike Scott") and [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") *** ** * ** *** Load more *** ** * ** *** Blogs by Juan Cortes Sort By: Popular Popular Recent *** ** * ** *** [![LabyREnth Capture the Flag (CTF): Mobile Track Solutions](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/blog-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2016/09/unit42-labyrenth-capture-the-flag-ctf-mobile-track-solutions/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [LabyREnth Capture the Flag (CTF): Mobile Track Solutions](https://www.paloaltonetworks.com.au/blog/2016/09/unit42-labyrenth-capture-the-flag-ctf-mobile-track-solutions/) Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We'll be revealing the solutions to one challenge track per week. Next up, the Mobile track. Mobile ... Sep 29, 2016 By [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell"), [Jeff White](https://www.paloaltonetworks.com/blog/author/jeff-white/?ts=markdown "Posts by Jeff White"), [Tyler Halfpop](https://www.paloaltonetworks.com/blog/author/tyler-halfpop/?ts=markdown "Posts by Tyler Halfpop"), [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") and [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") *** ** * ** *** [![VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://www.paloaltonetworks.com.au/blog/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/) Unit 42 gives a walkthrough of the analysis of the VERMIN malware, details links between the activity observed, and IOCs for all activity discovered. Jan 29, 2018 By [Tom Lancaster](https://www.paloaltonetworks.com/blog/author/tom-lancaster/?ts=markdown "Posts by Tom Lancaster") and [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") *** ** * ** *** [![Operation Blockbuster Goes Mobile](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2017/11/unit42-operation-blockbuster-goes-mobile/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Operation Blockbuster Goes Mobile](https://www.paloaltonetworks.com.au/blog/2017/11/unit42-operation-blockbuster-goes-mobile/) Operation Blockbuster goes mobile: Unit 42 identifies cluster of malware samples targeting Samsung devices and Korean language speakers. Nov 20, 2017 By [Anthony Kasza](https://www.paloaltonetworks.com/blog/author/anthony-kasza/?ts=markdown "Posts by Anthony Kasza"), [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") and [Micah Yates](https://www.paloaltonetworks.com/blog/author/micah-yates/?ts=markdown "Posts by Micah Yates") *** ** * ** *** [![FreeMilk: A Highly Targeted Spear Phishing Campaign](https://www.paloaltonetworks.com.au/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com.au/blog/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [FreeMilk: A Highly Targeted Spear Phishing Campaign](https://www.paloaltonetworks.com.au/blog/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/) Unit 42 uncovers FreeMilk: a highly targeted spear phishing campaign using hijacked conversations to deliver malware. Oct 05, 2017 By [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") and [Esmid Idrizovic](https://www.paloaltonetworks.com/blog/author/esmid-idrizovic/?ts=markdown "Posts by Esmid Idrizovic") *** ** * ** *** [](https://www.paloaltonetworks.com.au/blog/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Attack Campaign on the Government of Thailand Delivers Bookworm Trojan](https://www.paloaltonetworks.com.au/blog/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/) Unit 42 recently published a blog on a newly identified Trojan called Bookworm, which discussed the architecture and capabilities of the malware and alluded to Thailand being the focus of the threat ... Nov 24, 2015 By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone"), [Mike Scott](https://www.paloaltonetworks.com/blog/author/mike-scott/?ts=markdown "Posts by Mike Scott") and [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language