Joakim Kennedy, Author at Intezer

YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”

The Stage: The Dark Web Market for YouTube Account Access In 2006, the term “data is the new oil” was coined. Ever...


Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat

Symbiote is a new Linux® malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on...


Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations 

A recently developed malware framework called Elephant is being delivered in targeted spear phishing campaigns using spoofed Ukrainian governmental email addresses. The...


New Conversation Hijacking Campaign Delivering IcedID

This post describes the technical analysis of a new campaign detected by Intezer’s research team, which initiates attacks with a phishing email...


Radare Plugin is Here for Intezer Community

When you reverse engineer code as part of an incident response team, you want to quickly get information about what kind of...


Detection Rules for Sysjoker (and How to Make Them With Osquery)

On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...


All Your Go Binaries are Belong to Us

The skillset of performing binary analysis may to some appear to be limited to a few undeadly souls. While it may look...


New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk

Research between Intezer and Checkmarx describes ChainJacking, a type of software supply chain attack that could be potentially exploited by threat actors...


Teaching Capa New Tricks: Analyzing Capabilities in PE and ELF Files

When analyzing malware, one of the goals in addition to identifying what malware it is, is to understand what it does when...


Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike

Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...


HabitsRAT Used to Target Linux and Windows Servers

We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...


New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...


When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?

Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...


A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy

Summary In November, we uncovered COVID-19 phishing lures that were used to deliver the Go version of Zebrocy. Zebrocy is mainly used...

New: Connect Microsoft Defender with Intezer's Autonomous SOC solutionNew: Connect Microsoft Defender with Intezer's Autonomous SOC solution Learn more
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt