* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate)
* 419 Evolution

# Palo Alto Networks

## 419 Evolution

[](https://www.paloaltonetworks.com.au/blog/2015/06/keybase-keylogger-malware-family-exposed/)  
[KeyBase Keylogger Malware Family Exposed
\----------------------------------------](https://www.paloaltonetworks.com.au/blog/2015/06/keybase-keylogger-malware-family-exposed/)

In recent months, our team has been tracking a keylogger malware family named KeyBase that has been in the wild since February 2015. The malware comes equipped with a variety of features and can be purchased for $50 directly from the author. It has been deployed in attacks against organizations across many industries and is predominantly delivered via phishing emails.  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown)  
[Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)  
Jun 04, 2015  
By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?ts=markdown "Posts by Unit 42")

## Palo Alto Networks

*** ** * ** ***

[Announcements](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

*** ** * ** ***

[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

*** ** * ** ***

[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

*** ** * ** ***

[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

*** ** * ** ***

[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

*** ** * ** ***

[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

*** ** * ** ***

[](https://www.paloaltonetworks.com.au/blog/2015/02/examining-cybercrime-underground-part-1-crypters/)  
[Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Examining the Cybercrime Underground, Part 1: Crypters](https://www.paloaltonetworks.com.au/blog/2015/02/examining-cybercrime-underground-part-1-crypters/)

This post is the first in a new series titled Examining the Cybercrime Underground. Each post will delve into different aspects of how cybercriminals operate, using current examples of tools and techniques. Wha...  
Feb 19, 2015  
By [Tomer Bar](https://www.paloaltonetworks.com/blog/author/tomer-bar/?ts=markdown "Posts by Tomer Bar")  
[](https://www.paloaltonetworks.com.au/blog/2014/12/dont-miss-single-threat-intelligence-update-unit-42/)  
[Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Don't Miss A Single Threat Intelligence Update from Unit 42!](https://www.paloaltonetworks.com.au/blog/2014/12/dont-miss-single-threat-intelligence-update-unit-42/)

Unit 42 is the Palo Alto Networks threat intelligence team. Made up of accomplished cybersecurity researchers and industry experts, Unit 42 gathers, researches, analyzes, and provi...  
Dec 29, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/listen-evolved-419-scammers-targeting-enterprise/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Listen: How Evolved 419 Scammers Are Targeting the Enterprise](https://www.paloaltonetworks.com.au/blog/2014/08/listen-evolved-419-scammers-targeting-enterprise/)

Unit 42, the Palo Alto Networks threat intelligence team, will be appearing on a live webcast and Q\&A with Dark Reading tomorrow, Thursday, August 28 at 2:00 p.m. EDT.  
Aug 27, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/netwire-mitre-chopshop/)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [NetWire and MITRE ChopShop](https://www.paloaltonetworks.com.au/blog/2014/08/netwire-mitre-chopshop/)

On August 4, Unit 42, the Palo Alto Networks threat intelligence team, released a tool to decrypt the traffic from a Remote Administration Tool (RAT) named NetWire (part of the NetWiredRC malware family). For details of the encryption protocol used please see our earli...  
Aug 25, 2014  
By [Phil Da Silva](https://www.paloaltonetworks.com/blog/author/phil-da-silva/?ts=markdown "Posts by Phil Da Silva")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-news-week-august-22/)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week -- August 22](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-news-week-august-22/)

Here's a roundup of this week's top Palo Alto Networks news.  
Aug 22, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/look-back-unit-42/)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

## [A Look Back at Unit 42](https://www.paloaltonetworks.com.au/blog/2014/08/look-back-unit-42/)

Unit 42, the Palo Alto Networks threat intelligence team, is made up of accomplished cybersecurity researchers and industry experts. Unit 42 gathers, researches and analyzes up-to-the-minute threat intelligence, sharing insights with Palo Alto Networks customers, partne...  
Aug 22, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-news-week-august-8/)  
[Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Lightboard](https://www.paloaltonetworks.com/blog/category/lightboard/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

## [Palo Alto Networks News of the Week -- August 8](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-news-week-august-8/)

Here's a roundup of this week's top Palo Alto Networks news.  
Aug 08, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/black-hat-2014-threat-intelligence-emphasis-context/)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Black Hat 2014: Threat Intelligence With an Emphasis On Context](https://www.paloaltonetworks.com.au/blog/2014/08/black-hat-2014-threat-intelligence-emphasis-context/)

A few weeks ago we formally introduced Unit 42, the new threat intelligence team at Palo Alto Networks. Following the release Unit 42's inaugural research paper, 419 Evolution, man...  
Aug 06, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-provides-new-breed-intelligence-detect-prevent/)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Palo Alto Networks Provides a New Breed of Intelligence to Detect and Preve...](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-provides-new-breed-intelligence-detect-prevent/)

Back in June, Microsoft patched 59 Internet Explorer vulnerabilities and Palo Alto Networks discovered 21 of them, all rated critical. Then in July, w...  
Aug 05, 2014  
By [Tim Treat](https://www.paloaltonetworks.com/blog/author/tim-treat/?ts=markdown "Posts by Tim Treat")  
[](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-news-week-august-1/)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Ignite](https://www.paloaltonetworks.com/blog/category/ignite/?ts=markdown), [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

## [Palo Alto Networks News of the Week -- August 1](https://www.paloaltonetworks.com.au/blog/2014/08/palo-alto-networks-news-week-august-1/)

Here's a roundup of top Palo Alto Networks news from the last week in July.  
Aug 01, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/07/meet-unit-42-team-black-hat-2014/)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Meet the Unit 42 Team at Black Hat 2014](https://www.paloaltonetworks.com.au/blog/2014/07/meet-unit-42-team-black-hat-2014/)

Black Hat USA 2014 kicks off next week, and along with our product and solution experts, you'll meet team leads from Unit 42, the Palo Alto Networks threat intelligence team.  
Jul 28, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://www.paloaltonetworks.com.au/blog/2014/07/palo-alto-networks-news-week-july-25/)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Palo Alto Networks News of the Week -- July 25](https://www.paloaltonetworks.com.au/blog/2014/07/palo-alto-networks-news-week-july-25/)

Here's a roundup of this week's top Palo Alto Networks news.  
Jul 25, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson") [](https://www.paloaltonetworks.com.au/blog/2014/07/unit-42-new-era-threat-intelligence/)  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Unit 42: A New Era In Threat Intelligence](https://www.paloaltonetworks.com.au/blog/2014/07/unit-42-new-era-threat-intelligence/)

Today we would like to officially introduce our new threat intelligence team, Unit 42, and announce the release of our first research paper, 419 Evolution.  
Jul 22, 2014  
By [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson")  
Load more blogs

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language