Get to know # Brandon Levene *** ** * ** *** Blogs by Brandon Levene Sort By: Recent Recent Popular *** ** * ** *** [![SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/04/unit42-squirtdanger-swiss-army-knife-malware-veteran-malware-author-thebottle/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheB...](https://www2.paloaltonetworks.com/blog/2018/04/unit42-squirtdanger-swiss-army-knife-malware-veteran-malware-author-thebottle/) Unit 42 unravels TheBottle's activities and his newest malware family Apr 17, 2018 By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig"), [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Kyle Wilhoit](https://www.paloaltonetworks.com/blog/author/kyle-wilhoit/?ts=markdown "Posts by Kyle Wilhoit") and [Pat Litke](https://www.paloaltonetworks.com/blog/author/pat-litke/?ts=markdown "Posts by Pat Litke") *** ** * ** *** [![Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent](https://www2.paloaltonetworks.com/blog/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/) Unit 42 observes the Patchwork group continuing to use weaponized legitimate documents to deliver their updated BADNEWS payload. Mar 07, 2018 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Brittany Ash](https://www.paloaltonetworks.com/blog/author/brittany-ash/?ts=markdown "Posts by Brittany Ash") *** ** * ** *** [![Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/03/unit42-sure-ill-take-new-combojack-malware-alters-clipboards-steal-cryptocurrency/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Sure, I'll take that! New ComboJack Malware Alters Clipboards to Steal Cryp...](https://www2.paloaltonetworks.com/blog/2018/03/unit42-sure-ill-take-new-combojack-malware-alters-clipboards-steal-cryptocurrency/) Unit 42 discovers ComboJack, a new currency stealer that alters clipboards to steal cryptocurrency. Mar 05, 2018 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene") and [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") *** ** * ** *** [![Everybody Gets One: QtBot Used to Distribute Trickbot and Locky](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/11/unit42-everybody-gets-one-qtbot-used-distribute-trickbot-locky/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Everybody Gets One: QtBot Used to Distribute Trickbot and Locky](https://www2.paloaltonetworks.com/blog/2017/11/unit42-everybody-gets-one-qtbot-used-distribute-trickbot-locky/) Unit 42 investigates QtBot downloader used to distribute Trickbot and Locky. Nov 01, 2017 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Brandon Young](https://www.paloaltonetworks.com/blog/author/brandon-young/?ts=markdown "Posts by Brandon Young") and [Dominik Reichel](https://www.paloaltonetworks.com/blog/author/dominik-reichel/?ts=markdown "Posts by Dominik Reichel") *** ** * ** *** [![Kazuar: Multiplatform Espionage Backdoor with API Access](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Kazuar: Multiplatform Espionage Backdoor with API Access](https://www2.paloaltonetworks.com/blog/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/) Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign. May 03, 2017 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone") and [Tyler Halfpop](https://www.paloaltonetworks.com/blog/author/tyler-halfpop/?ts=markdown "Posts by Tyler Halfpop") *** ** * ** *** Load more *** ** * ** *** Blogs by Brandon Levene Sort By: Popular Popular Recent *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists](https://www2.paloaltonetworks.com/blog/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/) Malware writers have always sought to develop feature-rich, easy to use tools that are also somewhat hard to detect via both host- and network-based detection systems. For many years, one of the ... Apr 21, 2016 By [Micah Yates](https://www.paloaltonetworks.com/blog/author/micah-yates/?ts=markdown "Posts by Micah Yates"), [Mike Scott](https://www.paloaltonetworks.com/blog/author/mike-scott/?ts=markdown "Posts by Mike Scott"), [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene") and [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/) ## [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Tracking MiniDionis: CozyCar's New Ride Is Related to Seaduke](https://www2.paloaltonetworks.com/blog/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/) Executive Summary Unit 42 has uncovered a new campaign from the CozyDuke threat actors, aka CozyCar \[1\], leveraging malware that appears to be related to the Seaduke malware described earlier this week ... Jul 14, 2015 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone") and [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/) ## [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Retefe Banking Trojan Targets Sweden, Switzerland and Japan](https://www2.paloaltonetworks.com/blog/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/) Retefe is one of the most targeted banking Trojans currently in the wild. While other families such as Zeus and Citadel are widely adopted by attackers targeting banking websites around the world, ... Aug 20, 2015 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig"), [Bryan Lee](https://www.paloaltonetworks.com/blog/author/bryan-lee/?ts=markdown "Posts by Bryan Lee") and [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2015/08/rtf-exploit-installs-italian-rat-uwarrior/) ## [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [RTF Exploit Installs Italian RAT: uWarrior](https://www2.paloaltonetworks.com/blog/2015/08/rtf-exploit-installs-italian-rat-uwarrior/) Unit 42 researchers have observed a new Remote Access Tool (RAT) constructed by an unknown actor of Italian origin. This RAT, referred to as uWarrior because of embedded PDB strings, has been ... Aug 24, 2015 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone"), [Tomer Bar](https://www.paloaltonetworks.com/blog/author/tomer-bar/?ts=markdown "Posts by Tomer Bar") and [Tom Keigher](https://www.paloaltonetworks.com/blog/author/tkeigher/?ts=markdown "Posts by Tom Keigher") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/) ## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware](https://www2.paloaltonetworks.com/blog/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/) The Gh0st malware is a widely used remote administration tool (RAT) that originated in China in the early 2000s. It has been the subject of many analysis reports, including those describing targeted ... Sep 08, 2015 By [Brandon Levene](https://www.paloaltonetworks.com/blog/author/brandon-levene/?ts=markdown "Posts by Brandon Levene"), [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone") and [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language