Ryan Robinson, Author at Intezer
4

Detection Rules for Lightning Framework (and How to Make Them With Osquery)

On 21 July, 2022, we released a blog post about a new malware called Lightning Framework. Lightning is a modular malware framework...

7

Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware ⚡

Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has modular plugins and the ability to install rootkits. Year...

7

New Conversation Hijacking Campaign Delivering IcedID

This post describes the technical analysis of a new campaign detected by Intezer’s research team, which initiates attacks with a phishing email...

11

Boost Your SOC Skills: How to Detect Good Apps Gone Bad

Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...

10

Make your First Malware Honeypot in Under 20 Minutes

A “honeypot” is a metaphor that references using honey as bait for a lure or trap. Honeypots have served many purposes in...

7

New SysJoker Backdoor Targets Windows, Linux, and macOS

Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...

9

Misconfigured Airflows Leak Thousands of Credentials from Popular Services

This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...

8

Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike

Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...

10

How to Detect Cobalt Strike

Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular both in...

6

New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...

9

Global Phishing Campaign Targets Energy Sector and its Suppliers

Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...

8

Klingon RAT Holding on for Dear Life

With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...

© Intezer.com 2022 All rights reserved
Launching Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC TeamLaunching Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC Team Learn more