Get to know # Josh Grunzweig *** ** * ** *** Blogs by Josh Grunzweig Sort By: Recent Recent Popular *** ** * ** *** [![The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/11/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting S...](https://www2.paloaltonetworks.com/blog/2018/11/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/) Unit 42 uncovers a campaign leveraging a previously unreported customized dropper used to deliver lures primarily pertaining to the South Korean and North Korea region. Nov 29, 2018 By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Kyle Wilhoit](https://www.paloaltonetworks.com/blog/author/kyle-wilhoit/?ts=markdown "Posts by Kyle Wilhoit") *** ** * ** *** [![NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to D...](https://www2.paloaltonetworks.com/blog/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/) Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report. Oct 01, 2018 By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") *** ** * ** *** [![New KONNI Malware attacking Eurasia and Southeast Asia](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [New KONNI Malware attacking Eurasia and Southeast Asia](https://www2.paloaltonetworks.com/blog/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/) Unit 42 uncovers NOKKI, a type of malware with ties to the previously discovered KONNI malware family, used to attack Eurasia and Southeast Asia. Sep 27, 2018 By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Bryan Lee](https://www.paloaltonetworks.com/blog/author/bryan-lee/?ts=markdown "Posts by Bryan Lee") *** ** * ** *** [![The Gorgon Group: Slithering Between Nation State and Cybercrime](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [The Gorgon Group: Slithering Between Nation State and Cybercrime](https://www2.paloaltonetworks.com/blog/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/) Slithering between nation state and cybercrime: Unit 42 examines the Gorgon Group's unsophisticated yet effective attacks. Read the full report. Aug 02, 2018 By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone"), [David Fuertes](https://www.paloaltonetworks.com/blog/author/david-fuertes/?ts=markdown "Posts by David Fuertes"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Kyle Wilhoit](https://www.paloaltonetworks.com/blog/author/kyle-wilhoit/?ts=markdown "Posts by Kyle Wilhoit") *** ** * ** *** [![RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malwa...](https://www2.paloaltonetworks.com/blog/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/) Unit 42 investigates the RANCOR group's use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia Jun 26, 2018 By [Brittany Ash](https://www.paloaltonetworks.com/blog/author/brittany-ash/?ts=markdown "Posts by Brittany Ash"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Tom Lancaster](https://www.paloaltonetworks.com/blog/author/tom-lancaster/?ts=markdown "Posts by Tom Lancaster") *** ** * ** *** Load more *** ** * ** *** Blogs by Josh Grunzweig Sort By: Popular Popular Recent *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2015/07/recon-recap/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [REcon Recap: Here's What Caught My Eye](https://www2.paloaltonetworks.com/blog/2015/07/recon-recap/) A few weeks ago I was fortunate enough to attend REcon in Montreal, Canada. This conference focuses on reverse engineering and exploitation techniques and has been going on for roughly a decade. ... Jul 02, 2015 By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/09/unit-42-labyrenth-capture-the-flag-ctf-windows-track-7-9-solutions/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [LabyREnth Capture the Flag (CTF): Windows Track 7-9 Solutions](https://www2.paloaltonetworks.com/blog/2016/09/unit-42-labyrenth-capture-the-flag-ctf-windows-track-7-9-solutions/) Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We'll be revealing the solutions to one challenge track per week. Next up, the Windows track challenges ... Sep 22, 2016 By [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Esmid Idrizovic](https://www.paloaltonetworks.com/blog/author/esmid-idrizovic/?ts=markdown "Posts by Esmid Idrizovic") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/09/labyrenth-capture-the-flag-ctf-threat-track-solutions/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [LabyREnth Capture the Flag (CTF): Threat Track Solutions](https://www2.paloaltonetworks.com/blog/2016/09/labyrenth-capture-the-flag-ctf-threat-track-solutions/) Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We'll be revealing the solutions to one challenge track per week. Next up, the ... Sep 01, 2016 By [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell"), [Micah Yates](https://www.paloaltonetworks.com/blog/author/micah-yates/?ts=markdown "Posts by Micah Yates"), [Jeff White](https://www.paloaltonetworks.com/blog/author/jeff-white/?ts=markdown "Posts by Jeff White"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Anthony Kasza](https://www.paloaltonetworks.com/blog/author/anthony-kasza/?ts=markdown "Posts by Anthony Kasza") *** ** * ** *** [![LabyREnth Capture the Flag (CTF): Random Track Solutions](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2016/10/unit42-labyrenth-capture-flag-ctf-random-track-solutions/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [LabyREnth Capture the Flag (CTF): Random Track Solutions](https://www2.paloaltonetworks.com/blog/2016/10/unit42-labyrenth-capture-flag-ctf-random-track-solutions/) Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. Over the last several weeks, we revealed the solutions for each of the challenge tracks. The time ... Oct 06, 2016 By [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell"), [Jacob Soo](https://www.paloaltonetworks.com/blog/author/jacob-soo/?ts=markdown "Posts by Jacob Soo"), [Anthony Kasza](https://www.paloaltonetworks.com/blog/author/anthony-kasza/?ts=markdown "Posts by Anthony Kasza"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig") and [Tyler Halfpop](https://www.paloaltonetworks.com/blog/author/tyler-halfpop/?ts=markdown "Posts by Tyler Halfpop") *** ** * ** *** [](https://www2.paloaltonetworks.com/blog/2016/09/labyrenth-capture-the-flag-ctf-windows-track-1-6-solutions/) ## [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown) ### [LabyREnth Capture the Flag (CTF): Windows Track 1-6 Solutions](https://www2.paloaltonetworks.com/blog/2016/09/labyrenth-capture-the-flag-ctf-windows-track-1-6-solutions/) Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We'll be revealing the solutions to one challenge track per week. Next up, the Windows track challenges ... Sep 15, 2016 By [Richard Wartell](https://www.paloaltonetworks.com/blog/author/richard-wartell/?ts=markdown "Posts by Richard Wartell"), [Tyler Halfpop](https://www.paloaltonetworks.com/blog/author/tyler-halfpop/?ts=markdown "Posts by Tyler Halfpop"), [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig"), [Jeff White](https://www.paloaltonetworks.com/blog/author/jeff-white/?ts=markdown "Posts by Jeff White") and [Jacob Soo](https://www.paloaltonetworks.com/blog/author/jacob-soo/?ts=markdown "Posts by Jacob Soo") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language