Jay Rosenberg, Author at Intezer

Paleontology: The Unknown Origins of Lazarus Malware

INTRODUCTION         As seen by security researchers across the world and proven in a joint research by McAfee and Intezer, Lazarus, one of...


APT37: Final1stspy Reaping the FreeMilk

Researchers at Palo Alto Networks recently published a report regarding the NOKKI malware, which has shared code with KONNI and, although not in...


Intezer Analyze™ ELF Support Release: Hakai Variant Case Study

ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...


Prince of Persia: The Sands of Foudre

Introduction In the past couple years, Palo Alto Networks reported on the “Prince of Persia” malware campaign which is believed to be...


Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families

This research is a joint effort of Christiaan Beek, lead scientist & sr. principal engineer at McAfee, and Jay Rosenberg, senior security researcher...


MirageFox: APT15 Resurfaces With New Tools Based On Old Ones

APT15 Background Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we...


Yet Another Distraction? A New Version of North Korean Ransomware Hermes Has Emerged

Detecting Reused Ransomware Whether we’re dealing with a criminal threat actor looking to steal money from their victims using ransomware or malware...


BLOCKBUSTED: Lazarus, Blockbuster, and North Korea

As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code...


IcedID Banking Trojan Shares Code with Pony 2.0 Trojan

IBM X-Force recently released an excellent report  on a new banking trojan named IcedID that is being distributed using computers already infected...


Silence of the Moles

Kaspersky Labs published a technical analysis of a new malware, Silence that is aimed at attacking financial institutions. After uploading the loader...


NotPetya Returns as Bad Rabbit

Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations...


Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...


Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner

Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products,...

New: Connect Microsoft Defender with Intezer's Autonomous SOC solutionNew: Connect Microsoft Defender with Intezer's Autonomous SOC solution Learn more
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt