Ignacio Sanmillan, Author at Intezer

Linux Rekoobe Operating with New, Undetected Malware Samples

Introduction Our research team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC...


ChinaZ Updates Toolkit by Introducing New, Undetected Malware

Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...


ACBackdoor: Analysis of a New Multiplatform Backdoor

Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...


Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...


How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers

Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...


HiddenWasp Malware Stings Targeted Linux Systems

Overview • Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems. • The malware is still...


Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud

Pacha Group is a crypto-mining threat actor we at Intezer discovered and profiled in a blog post published on February 28, 2019....


Technical Analysis: Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers

Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...


ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups

Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...


Muhstik Botnet Reloaded: New Variants Targeting phpMyAdmin Servers

The Muhstik botnet was first exposed by Netlab360 researchers in May 2018. This botnet targeted mainly GPON routers. At Intezer we found that Muhstik is extending its spectrum...


Intezer Analyze™ ELF Support Release: Hakai Variant Case Study

ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...


Executable and Linkable Format 101 Part 3: Relocations

In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...


Executable and Linkable Format 101. Part 2: Symbols

In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the...


Executable and Linkable Format 101 - Part 1 Sections and Segments

This marks the first of several blog posts that will focus on Executable and Linkable Format (ELF) files. In this series, we’ll...

New: Connect Microsoft Defender with Intezer's Autonomous SOC solutionNew: Connect Microsoft Defender with Intezer's Autonomous SOC solution Learn more
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt