macOS Threats: Automate Mac Alert Triage with Intezer
We are happy to announce that Intezer now supports scanning macOS files. 😁 Intezer’s Autonomous SecOps solution automates security operations processes, including alert...
Stay Ahead of the Latest Threats with Threat Family Tracking
TL;DR – You can now subscribe to threat actors/malware families in Intezer and receive notifications for new IoCs and detection opportunities. Staying...
Automate Alert Triage and Response Tasks with Intezer EDR Connect
Integrate with SentinelOne, CrowdStrike, and More One of the biggest pain points of cyber security teams is alert fatigue – trying to...
Scale Incident Response with Detection Engineering: Intezer Detect & Hunt
Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are...
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Malware researchers require a diverse skill set usually gained over time through experience and self-training. Reverse engineering (RE) is an integral part of...
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...
Targeted Phishing Attack against Ukrainian Government Expands to Georgia
In May 2021, Fortinet published a report about the early stages of an ongoing phishing attack against the Ukrainian government. The attack, initially...
Wrapping Up a Year of Infamous Bazar Campaigns
Bazar is the latest tool developed by the TrickBot gang Common malware used for cybercrime such as Agent Tesla, Dridex and Formbook...
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...
ELF Malware Analysis 101: Part 3 - Advanced Analysis
Getting Caught Up to Speed So far in this series we have profiled the ELF threat landscape and covered the most common...
Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors...
Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers
Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed...
Stantinko’s Proxy After Your Apache Server
Intro It is common for threat actors to evolve their Linux malware. BlackTech with their new ELF_PLEAD malware and Winnti’s PWNLNX tool are recent examples....
A Storm is Brewing: IPStorm Now Has Linux Malware
Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...