Linux Rekoobe Operating with New, Undetected Malware Samples
Introduction Our research team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC...
ChinaZ Updates Toolkit by Introducing New, Undetected Malware
Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...
ACBackdoor: Analysis of a New Multiplatform Backdoor
Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...
Watching the WatchBog: New BlueKeep Scanner and Linux Exploits
Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...
HiddenWasp Malware Stings Targeted Linux Systems
Overview • Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems. • The malware is still...
Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
Pacha Group is a crypto-mining threat actor we at Intezer discovered and profiled in a blog post published on February 28, 2019....
Technical Analysis: Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers
Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...
ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...
Muhstik Botnet Reloaded: New Variants Targeting phpMyAdmin Servers
The Muhstik botnet was first exposed by Netlab360 researchers in May 2018. This botnet targeted mainly GPON routers. At Intezer we found that Muhstik is extending its spectrum...
Intezer Analyze™ ELF Support Release: Hakai Variant Case Study
ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...
Executable and Linkable Format 101 Part 3: Relocations
In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...