YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”
The Stage: The Dark Web Market for YouTube Account Access In 2006, the term “data is the new oil” was coined. Ever...
Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat
Symbiote is a new Linux® malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on...
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
A recently developed malware framework called Elephant is being delivered in targeted spear phishing campaigns using spoofed Ukrainian governmental email addresses. The...
New Conversation Hijacking Campaign Delivering IcedID
This post describes the technical analysis of a new campaign detected by Intezer’s research team, which initiates attacks with a phishing email...
Radare Plugin is Here for Intezer Community
When you reverse engineer code as part of an incident response team, you want to quickly get information about what kind of...
Detection Rules for Sysjoker (and How to Make Them With Osquery)
On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...
All Your Go Binaries are Belong to Us
The skillset of performing binary analysis may to some appear to be limited to a few undeadly souls. While it may look...
New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk
Research between Intezer and Checkmarx describes ChainJacking, a type of software supply chain attack that could be potentially exploited by threat actors...
Teaching Capa New Tricks: Analyzing Capabilities in PE and ELF Files
When analyzing malware, one of the goals in addition to identifying what malware it is, is to understand what it does when...
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...
HabitsRAT Used to Target Linux and Windows Servers
We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...