Get to know

# Brad Duncan

*** ** * ** ***

Blogs by Brad Duncan  
Sort By: Recent  
Recent Popular

*** ** * ** ***

[![Fake Flash Updaters Push Cryptocurrency Miners](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Fake Flash Updaters Push Cryptocurrency Miners](https://www2.paloaltonetworks.com/blog/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/)

Unit 42 investigates a recent Fake Flash update pushing cryptocurrency mining software. Get the full report.  
Oct 11, 2018  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[![Customizing Wireshark - Changing Your Column Display](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/08/unit42-customizing-wireshark-changing-column-display/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Customizing Wireshark - Changing Your Column Display](https://www2.paloaltonetworks.com/blog/2018/08/unit42-customizing-wireshark-changing-column-display/)

Unit 42 shares a lesson on customizing Wireshark to better meet security researcher needs.  
Aug 16, 2018  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[![Malware Team Up: Malspam Pushing Emotet + Trickbot](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/07/unit42-malware-team-malspam-pushing-emotet-trickbot/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Malware Team Up: Malspam Pushing Emotet + Trickbot](https://www2.paloaltonetworks.com/blog/2018/07/unit42-malware-team-malspam-pushing-emotet-trickbot/)

Unit 42 examines Emotet and Trickbot, best known as banking malware and information stealers targeting Windows-based computers.  
Jul 18, 2018  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[![Rig EK One Year Later: From Ransomware to Coin Miners and Information Stealers](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/02/unit42-rig-ek-one-year-later-from-ransomware-to-coin-miners-and-information-stealers/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Rig EK One Year Later: From Ransomware to Coin Miners and Information Steal...](https://www2.paloaltonetworks.com/blog/2018/02/unit42-rig-ek-one-year-later-from-ransomware-to-coin-miners-and-information-stealers/)

What a difference a year makes! As the dominant exploit kit (EK) in our current threat landscape, Rig EK has gone through significant changes. How much has Rig EK changed? In order ...  
Feb 26, 2018  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[![Compromised Servers \& Fraud Accounts: Recent Hancitor Attacks](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/02/unit42-compromised-servers-fraud-accounts-recent-hancitor-attacks/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Compromised Servers \& Fraud Accounts: Recent Hancitor Attacks](https://www2.paloaltonetworks.com/blog/2018/02/unit42-compromised-servers-fraud-accounts-recent-hancitor-attacks/)

Unit 42 tracks how attackers use fraudulent accounts and compromise infrastructures of legitimate businesses to deliver Hancitor malware.  
Feb 07, 2018  
By [Vicky Ray](https://www.paloaltonetworks.com/blog/author/vicky-khan/?ts=markdown "Posts by Vicky Ray") and [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

Load more

*** ** * ** ***

Blogs by Brad Duncan  
Sort By: Popular  
Popular Recent

*** ** * ** ***

[![Campaign Evolution: EITest from October through December 2016](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/01/unit42-campaign-evolution-eitest-october-december-2016/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Campaign Evolution: EITest from October through December 2016](https://www2.paloaltonetworks.com/blog/2017/01/unit42-campaign-evolution-eitest-october-december-2016/)

EITest is a name originally coined by Malwarebytes Labs in 2014 to describe a campaign that uses exploit kits (EKs) to deliver malware. Until early January 2016, "EITest" was used as a ...  
Jan 12, 2017  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2016/03/locky-ransomware-installed-through-nuclear-ek/)

## [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Locky Ransomware Installed Through Nuclear EK](https://www2.paloaltonetworks.com/blog/2016/03/locky-ransomware-installed-through-nuclear-ek/)

In February 2016, Unit 42 published detailed analysis of Locky ransomware. We certainly weren't the only ones who saw this malware, and many others have also reported on it. Since that time, ...  
Mar 21, 2016  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2016/03/unit42-campaign-evolution-darkleech-to-pseudo-darkleech-and-beyond/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Campaign Evolution: Darkleech to Pseudo-Darkleech and Beyond](https://www2.paloaltonetworks.com/blog/2016/03/unit42-campaign-evolution-darkleech-to-pseudo-darkleech-and-beyond/)

In 2015, Sucuri published two blog posts, one in March describing a pseudo-Darkleech campaign targeting WordPress sites, and another about its evolution the following December. Sites compromised by this campaign redirected unsuspecting ...  
Mar 22, 2016  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2016/03/unit42-how-the-eltest-campaigns-path-to-angler-ek-evolved-over-time/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [How the EITest Campaign's Path to Angler EK Evolved Over Time](https://www2.paloaltonetworks.com/blog/2016/03/unit42-how-the-eltest-campaigns-path-to-angler-ek-evolved-over-time/)

In October 2014, Malwarebytes identified a campaign based on thousands of compromised websites that kicked off an infection chain to Angler exploit kit (EK). It was named "EITest" campaign, because "EITest" was ...  
Mar 31, 2016  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2016/04/afraidgate-major-exploit-kit-campaign-swaps-locky-ransomware-for-cryptxxx/)

## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Afraidgate: Major Exploit Kit Campaign Swaps Locky Ransomware for CryptXXX](https://www2.paloaltonetworks.com/blog/2016/04/afraidgate-major-exploit-kit-campaign-swaps-locky-ransomware-for-cryptxxx/)

In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransomware. This campaign uses gates registered through FreeDNS at ...  
Apr 28, 2016  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")

*** ** * ** ***

Load more  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language