Blog - Intezer

Blog

 2

Reimagining the Malware Analysis Experience

Itai Tevet, CEO of Intezer, shares the company’s vision for a simplified, consolidated malware analysis experience.   Since its inception, Intezer has...
20 July 2021

Top Blogs

 6

New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...
and
20 July 2021
 7

Targeted Phishing Attack against Ukrainian Government Expands to Georgia

In May 2021, Fortinet published a report about the early stages of an ongoing phishing attack against the Ukrainian government. The attack, initially...
14 July 2021
 9

Global Phishing Campaign Targets Energy Sector and its Suppliers

Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...
and
7 July 2021
 4

Covering the Infection Chain: Analyze Documents and Scripts with Intezer Analyze

Malware threats come in many forms. You can now analyze more of them with Intezer Analyze   We have made a major...
7 July 2021
 4

Genetic Analysis and Lessons Learned from REvil Attack

Validating your Software Supply Chain for Tampering SolarWinds, Codecov and now Kaseya are the latest supply chain attacks we know about. In...
5 July 2021
 8

Klingon RAT Holding on for Dear Life

With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...
17 June 2021
 6

Top 10 Linux Server Hardening and Security Best Practices

If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
9 June 2021
 2

Reduce the Attack Surface with These Unique Runtime Features

Prioritize immediate risks in your cloud production environment Recently added Intezer Protect features for reducing the likelihood of an attack have a unique...
8 June 2021
 6

Wrapping Up a Year of Infamous Bazar Campaigns

Bazar is the latest tool developed by the TrickBot gang Common malware used for cybercrime such as Agent Tesla, Dridex and Formbook...
27 May 2021
Subscribe to our blog Subscribe
Read more
 5

Why Relying on the Cloud Provider for Security is Not Enough

73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...
20 May 2021
 5

9 Tools to Use Right Now to Improve Azure Platform Security

Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
18 May 2021
 5

7 Most Important AWS Security Tools

Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...
12 May 2021
 6

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data

In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...
11 May 2021
 7

HabitsRAT Used to Target Linux and Windows Servers

We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...
20 April 2021
 4

How to Secure Cloud Non-Native Workloads

Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...
15 April 2021
 5

Royal Flush: Privilege Escalation Vulnerability in Azure Functions

One of the most common benefits of transitioning to cloud services is the shared responsibility for securing your assets. But cloud providers...
8 April 2021
 6

Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...
6 April 2021
 5

Cloud-Native Security 101

The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components...
1 April 2021
 5

Cloud Security Fundamentals: Servers to Containers & Everything In-Between

With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...
24 March 2021
 3

Accelerate Incident Response with Intezer Analyze Volatility Plugin

Significantly reduce memory forensics time from hours to minutes Memory analysis is a core component of a typical incident response process. In many cases...
23 March 2021
 3

Announcing Configuration Checks and Vulnerability Management

We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
22 March 2021
 4

Top 10 Cloud Malware Threats

They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...
16 March 2021
 10

New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...
and
10 March 2021
 13

When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?

Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...
2 March 2021
 4

Kaiji Goes Through Update but Code Reuse Detects It

Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...
26 February 2021
 3

Year of the Gopher: 2020 Go Malware Round-Up

Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...
25 February 2021
 3

2020 Set a Record for New Linux Malware Families

Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
24 February 2021
 16

ELF Malware Analysis 101: Part 3 - Advanced Analysis

Getting Caught Up to Speed So far in this series we have profiled the ELF threat landscape and covered the most common...
17 February 2021
 3

New Feature: Get More Context for your Analysis with TTPs

Classifying a threat is just the first step in a malware analyst’s investigation. You know it’s malicious but what does it do?...
16 February 2021
 6

Do You Really Need Kubernetes?

Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing...
3 February 2021
 3

Fix your Misconfigured Docker API Ports

It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of...
28 January 2021
 8

How We Escaped Docker in Azure Functions

Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months...
27 January 2021
 3

Swat Away Pesky Linux Cryptominers in Runtime

Cryptocurrency is trending. Bitcoin traded at a record high nearly $42,000 this month. Now Ether, the world’s second largest cryptocurrency, is closing in...
22 January 2021
 7

Cloud Workload Security: Part 4 - Explaining the Security Features of GCP

When it comes to securing your workloads in the cloud, having a well-defined security strategy with the right controls means that the...
20 January 2021
 7

Transitioning Traditional Apps into the Cloud

For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone....
14 January 2021
 6

A Rare Look Inside a Cryptojacking Campaign and its Profit

Intro Linux threats are becoming more frequent. A common type of Linux threat is cryptojacking, which is the unauthorized use of an...
13 January 2021
 4

Proactive Hunting with Intezer

What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....
6 January 2021
 6

Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets

Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors...
5 January 2021
 6

Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers

Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed...
29 December 2020
 3

Top Linux Cloud Threats of 2020

We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware,...
21 December 2020
 2

8 Reasons to Try Intezer Protect Community Edition

Last week we launched the community edition of Intezer Protect. With strong Linux threat detection, low overhead and no slowdown in performance, Intezer Protect is...
15 December 2020
 7

Cloud Workload Security: Part 3 - Explaining Azure’s Security Features

Cloud security management will always remain an ongoing journey, as threats keep evolving and organizations need to keep updating their cloud security...
11 December 2020
 < 1

An Important Update

We’re rolling out an important update to the Intezer Analyze community edition to better accommodate our users. Effective December 17 community users will have...
10 December 2020
 8

A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy

Summary In November, we uncovered COVID-19 phishing lures that were used to deliver the Go version of Zebrocy. Zebrocy is mainly used...
9 December 2020
 2

Intezer Protect Community Edition Now Available

Free runtime protection for your cloud workloads Get Started Today we go live with the Intezer Protect community edition. After a few months...
7 December 2020
 4

Not Another Linux Security Blog

Blogs about Linux cloud security are nothing new. However, most are filled with technical jargon that can make them difficult to understand....
1 December 2020
 5

Stantinko’s Proxy After Your Apache Server

Intro It is common for threat actors to evolve their Linux malware. BlackTech with their new ELF_PLEAD malware and Winnti’s PWNLNX tool are recent examples....
24 November 2020
 7

Cloud Workload Security: Part 2 - Security Features of AWS

This article is the second post in our five-part series on security in the cloud today. In Part 1, we discussed what...
18 November 2020
 3

CVE-2020-16995: Microsoft Azure Network Watcher Linux Extension EoP

Intro In our last blog post we disclosed an escalation of privileges vulnerability in Microsoft Azure App Services. In this post, we’ll describe...
10 November 2020
 3

Exploiting a Vulnerable Version of Apache Struts

Code execution is the key ingredient in any successful cyber attack. Exploiting a misconfiguration or vulnerability are some of the more common...
4 November 2020
 2

TrickBot or Treat 2.0

In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...
29 October 2020
 6

Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center

For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in...
27 October 2020
 6

Are Containers More Secure Than VMs?

Stop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many...
22 October 2020
 3

New Threat Intel Features in Intezer Analyze

We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying...
21 October 2020
 9

Cloud Workload Security: What You Need to Know - Part 1

Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with...
14 October 2020
 6

Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure

Main Findings We discovered two vulnerabilities in Microsoft Azure. They existed in a popular cloud service called Azure App Services—specifically impacting Linux...
8 October 2020
 4

Emotet Evolves but Code Remains Mostly the Same

Just after the publication of this post the US-CERT released an alert about Emotet. Evolution is the result of adaptations that take...
6 October 2020
 11

A Storm is Brewing: IPStorm Now Has Linux Malware

Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...
and
1 October 2020
 3

VB2020 - Advanced Pasta Threat: Mapping Malware Use of Open Source Offensive Security Tools

The term Offensive Security Tool, also known as OST, is a controversial subject within the InfoSec community. It often sparks fierce debate...
30 September 2020
 4

Looking Back on the Last Decade of Linux APT Attacks

APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...
16 September 2020
 5

Complementing Your CSPM with Runtime Cloud Workload Protection

There are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment,...
10 September 2020
 3

TTPs Matrix for Linux Cloud Servers with Detection Methods

Taking inspiration from the MITRE ATT&CK® framework, we previously developed a matrix categorizing adversary tactics and techniques for Linux cloud servers. Linux...
9 September 2020
 5

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks

Introduction TeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using...
8 September 2020
 7

Turning Open Source Against Malware

Introduction Offensive Security Tools are any kind of functionality meant to facilitate intrusions and security bypasses in order to achieve the former....
3 September 2020
 16

ELF Malware Analysis 101 Part 2: Initial Analysis 

Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...
19 August 2020
 2

Community Beta Announcement

Update: Intezer Protect community edition is out of Beta and now available to everyone. Get Started Today we go live with the...
17 August 2020
 7

Watch Your Containers: Doki Infecting Docker Servers in the Cloud

Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has...
and
28 July 2020
 6

What is Zero Trust Execution? Definition, Adoption & More

Zero Trust Execution is the industry recommended practice for securing workloads in the cloud. It provides a tight grip on your workloads...
22 July 2020
 4

Accelerate Memory Forensics with Intezer Analyze

Incident investigations usually begin with a triggered alert. One of the sensors deployed across your organization claims that suspicious activity has occurred...
16 July 2020
 6

Best Practices for Securing a Kubernetes Environment

Kubernetes (K8s) is the universal solution for container orchestration nowadays. This open-source tool allows a cluster to automatically scale, distribute, and handle...
15 July 2020
 2

Community Ghidra Plugin is Here

Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst...
13 July 2020
 8

A Comparison of Cloud Workload Protection Strategies

Cloud Workload Protection (CWP) refers to the security of workloads running in the cloud in any type of computing environment, e.g. physical...
9 July 2020
 2

Get Access to our Weekly Linux Threat Feed

With an emphasis placed on protecting Windows endpoints, the antivirus industry is struggling to detect Linux threats. In a 2019 study conducted by...
29 June 2020
 2

Detect Malware Associated with the Most Exploited CVEs

Unpatched or undetected software vulnerabilities are a common method for malware delivery once exploited by attackers. Last month, the US-CERT urged IT...
25 June 2020
 2

IDA Pro Plugin Now Available to the Community

The Intezer Analyze IDA Pro plugin is now available to community users! IDA Pro is the most common reverse engineering platform for...
24 June 2020
 5

Best Practices for Securing a Docker Runtime Environment

The move to containerized workloads has proven to be a revolutionary step in the evolution of software engineering and distributed systems. One...
17 June 2020
 6

ELF Malware Analysis 101: Linux Threats No Longer an Afterthought

Introduction Linux has a large presence in the operating systems market because it’s open-sourced, free, and software development oriented—meaning its rich ecosystem...
16 June 2020
 2

Intezer Contribution to IBM X-Force Cloud Threat Landscape Report

We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating...
10 June 2020
 4

Building a Robust App Control Strategy for your Cloud Workloads

The use of Application Control—commonly referred to as whitelisting or Zero Trust Execution—is considered to be a robust and essential Cloud Workload...
2 June 2020
 2

Intezer Analyze May Community Roundup

See below some of the threats our community detected this month 1. Fileless Dridex sample, originally with five detections in VirusTotal, contains a payload...
27 May 2020
 2

Mapping Binaries Inside a Microsoft Azure Cloud Server

Linux has become the “go-to” OS in cloud computing, running 90% of the public cloud workload. Linux usage has even surpassed Windows...
26 May 2020
 6

The Evolution of APT15’s Codebase 2020

The Ke3chang group, also known as APT15, is an alleged Chinese government-backed cluster of teams known to target various high-profile entities spanning...
21 May 2020
 < 1

Intezer Recognized as Key Player in Latest Gartner Market Guide

Intezer Protect, Intezer’s new Cloud Workload Protection Platform (CWPP), has been recognized in the latest Gartner Market Guide only four months since...
12 May 2020
 2

Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks

Recently attackers exploited vulnerabilities in the popular SaltStack infrastructure automation software to infect cloud servers. Several organizations and open-source projects had to...
11 May 2020
 5

Kaiji: New Chinese Linux malware turning to Golang

It is not often that you see a botnet’s tooling written from scratch. The Internet of things (IoT) botnet ecosystem is relatively well-documented by...
4 May 2020
 5

What is Cloud Workload Protection?

Cloud Workload Protection is the protection and overall security of workloads running in the cloud in any type of computing environment. As...
29 April 2020
 2

Intezer Analyze community roundup

Maze ransomware, APT41 and Lazarus highlight this month’s community samples 1. More_eggs variant with low Antivirus detections has modified string encoding mechanisms...
27 April 2020
 2

Malicious APKs share code during Covid-19 pandemic

Threat actors are exploiting fear and uncertainty to spread Covid-19 themed malicious Android package kits (APKs) onto users’ mobile devices. APKs pose...
23 April 2020
 3

Pre-runtime vulnerability scans or runtime protection: Which is better for your IaaS security?

Under Armour’s famous slogan sums up the mission perfectly: We Must Protect this House. As adoption of cloud services continues, security teams...
16 April 2020
 2

TTPs matrix for Linux cloud servers

Checklist for protecting your Linux cloud servers against cyber attacks Taking inspiration from the MITRE ATT&CK® framework, we have developed a matrix categorizing...
15 April 2020
 3

Search for revealing strings in Intezer Analyze

Accelerate your file investigations with new and improved string reuse capabilities in Intezer Analyze Users of Intezer Analyze may have noticed new...
31 March 2020
 7

Fantastic payloads and where we find them

Attackers have long used evasion features in their malware to avoid detection by security products and analysis systems. One of the most...
30 March 2020
 < 1

Maintain compliance while transitioning to the cloud

Conducting business in a cloud environment presents unique security challenges, including achieving and maintaining compliance with regulations that were designed with traditional...
26 March 2020
 5

Evasion Techniques Dissected: A Mirai Case Study

Code reuse analysis vs. signature-based detection We are often asked the question, “what sets your approach apart from other malware detection solutions?”...
and
24 March 2020
 3

Ransomware and Spyware Top Intezer Analyze Community Detections

This month’s community highlights span a variety of file formats — APK, ELF and PE. 1) Anubis [Link to Analysis] Anubis is...
27 February 2020
 < 1

The Human Element at RSA Conference

This year’s RSA Conference theme is the Human Element. At Intezer, we introduce an innovative approach called Genetic Malware Analysis which reveals the...
19 February 2020
 2

Intezer Featured in IBM X-Force Threat Index

Banking trojans and ransomware were the top innovators in 2019 malware code evolution Drawing on previous IBM X-Force collaboration in detecting new...
11 February 2020
 7

New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset

Introduction Our researchers Paul Litvak and Michael Kajilolti have discovered a new campaign conducted by APT34 employing an updated toolset. Based on uncovered...
and
30 January 2020
 6

Linux Rekoobe Operating with New, Undetected Malware Samples

Introduction Our research team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC...
20 January 2020
 4

Introducing runtime Cloud Workload Protection Platform (CWPP) Intezer Protect

Unveiling our Cloud Workload Protection Platform (CWPP) which defends your cloud servers in runtime against the leading cause of cyber attacks: unauthorized and malicious...
14 January 2020
 2

Intezer Protect: How it Works

Intezer Protect is our NEW runtime Cloud Workload Protection Platform (CWPP). Powered by Genetic Malware Analysis technology, this solution continuously monitors the code...
14 January 2020
 4

Intezer Analyze Community: 2019 Recap and Trends

Emotet, Trickbot, and Lazarus were the most common threats detected by the community in 2019. Linux threats, with code connections to Mirai,...
6 January 2020
 3

2019: A Year-in-Review

What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...
19 December 2019
 10

ChinaZ Updates Toolkit by Introducing New, Undetected Malware

Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...
13 December 2019
 < 1

Now Supporting Genetic Malware Analysis for Android Applications

We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...
12 December 2019
 2

Exploring the Chinese DDoS Threat Landscape [Research Report]

Distributed denial-of-service attacks were on the rise in 2018 and continuing into 2019, ranging from a high volume of Mirai attacks to...
10 December 2019
 4

Intezer Analyze Community: Buhtrap, Divergent, Kronos, and More

In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...
25 November 2019
 3

Revealing the Origins of Software

Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...
21 November 2019
 3

Genetic Malware Analysis for Golang

Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
20 November 2019
 7

ACBackdoor: Analysis of a New Multiplatform Backdoor

Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...
18 November 2019
 7

PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers

Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...
12 November 2019
 3

Intezer Analyze Community Halloween Edition: Trickbot or Treat!

In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...
31 October 2019
 2

Intezer Analyze Use Case: Visibility Among Global SOCs

For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
16 October 2019
 14

Mapping the Connections Inside Russia's APT Ecosystem

This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If...
and
24 September 2019
 3

Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns

Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...
20 September 2019
 6

Why we Should be Paying More Attention to Linux Threats

In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
19 September 2019
 < 1

MoP - "Master of Puppets" - Advanced malware tracking framework revealed at BlackHat Arsenal 2019.

At BlackHat Arsenal 2019 Intezer’s researcher, Omri Ben-Bassat, revealed open-source tool called MoP (“Master of Puppets”) which is a framework for reverse...
14 August 2019
 4

Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More

In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...
1 August 2019
 < 1

Siemplify and Intezer: Incorporate Genetic Malware Analysis into your SOAR Platform (Video)

One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the problem...
30 July 2019
 3

Intezer Analyze Community: Mapping Code Connections Between Malware Samples

In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...
29 July 2019
 8

Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...
and
24 July 2019
 8

EvilGnome: Rare Malware Spying on Linux Desktop Users

Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system...
17 July 2019
 10

How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers

Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...
10 July 2019
 4

Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More

1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...
8 July 2019
 3

Intezer and IBM Resilient Integrate to Enrich Threat Investigations with Genetic Malware Analysis

I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to...
27 June 2019
 2

HiddenWasp and the Emergence of Linux-based Threats

This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
26 June 2019
 7

Executable and Linkable Format 101 Part 4: Dynamic Linking

This is a new post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the...
25 June 2019
 4

Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May

1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...
30 May 2019
 12

HiddenWasp Malware Stings Targeted Linux Systems

Overview • Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems. • The malware is still...
29 May 2019
 5

A Straw-by-Straw Analysis: The Zero-Trust Approach for your Alert Haystack

This blog post serves as a preview to an Infosecurity Europe tech talk that will be presented on Wednesday, June 5, 2019....
23 May 2019
 5

Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud

Pacha Group is a crypto-mining threat actor we at Intezer discovered and profiled in a blog post published on February 28, 2019....
9 May 2019
 < 1

War on the Cloud: Cybercriminals Competing for Cryptocurrency Mining Foothold

The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back...
9 May 2019
 4

Top Five Community Uploads | April 2019

This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...
29 April 2019
 4

Genetic Malware Analysis Use Cases: Financial Services

2018 saw an increase in distributed denial-of-service (DDoS) attacks and phishing campaigns targeting financial services institutions. Malware, in particular, continues to play...
25 April 2019
 5

Meet the Team: Shaul Holtzman

Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
22 April 2019
 5

Scan the Memory of Entire Endpoints using Genetic Malware Analysis

I am excited to announce the launch of a new Endpoint Analysis solution, located within the Intezer Analyze™ platform. The Endpoint Analysis solution consists...
8 April 2019
 3

Top Five Community Uploads | March 2019

Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...
26 March 2019
 10

Technical Analysis: Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers

Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...
28 February 2019
 2

Pacha Group, A New Threat Actor Deploying Undetected Cryptojacking Campaigns on Linux Servers

Key Takeaways: • Intezer has evidence of a new threat actor, calling it Pacha Group, which has been deploying undetected cryptojacking campaigns...
28 February 2019
 2

Top Five Community Uploads | February 2019

As manager of the free Intezer Analyze community edition I witness first hand the interesting samples our users upload on a daily...
25 February 2019
 3

New! API for the Intezer Analyze Community

On behalf of Intezer, I am pleased to announce the release of an API for the Intezer Analyze community edition. Members of...
15 January 2019
 3

What is Genetic Malware Analysis?

At Intezer, we view malware analysis as a key component in properly and effectively responding to security incidents. We have introduced a...
10 January 2019
 12

ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups

Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...
7 January 2019
 < 1

Verifying Code Reuse Between Ursnif and 'Brexit' Malware Campaign Targeting the United Kingdom

Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using...
11 December 2018
 2

Making Malware Human: A SANS Product Review of Intezer Analyze™

Alerts can enter an organization at inconceivable rates. Security teams are tasked with sifting through countless alerts, making it difficult to prioritize...
4 December 2018
 8

Muhstik Botnet Reloaded: New Variants Targeting phpMyAdmin Servers

The Muhstik botnet was first exposed by Netlab360 researchers in May 2018. This botnet targeted mainly GPON routers. At Intezer we found that Muhstik is extending its spectrum...
12 November 2018
 < 1

The Researchers' View: Insights from Leading Global Security Researchers

At Intezer information sharing is a key component of our makeup and reflected in our technology. In the spirit of industry collaboration...
8 November 2018
 4

Paleontology: The Unknown Origins of Lazarus Malware

INTRODUCTION         As seen by security researchers across the world and proven in a joint research by McAfee and Intezer, Lazarus, one of...
31 October 2018
 2

APT37: Final1stspy Reaping the FreeMilk

Researchers at Palo Alto Networks recently published a report regarding the NOKKI malware, which has shared code with KONNI and, although not in...
3 October 2018
 3

Intezer Analyze™ ELF Support Release: Hakai Variant Case Study

ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...
and
30 August 2018
 5

Prince of Persia: The Sands of Foudre

Introduction In the past couple years, Palo Alto Networks reported on the “Prince of Persia” malware campaign which is believed to be...
17 August 2018
 4

Code, Strings and what’s in between

Our technology is based on genetic analysis of files. So far, we’ve focused mainly on detection of code reuse, as part of...
13 August 2018
 9

Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families

This research is a joint effort of Christiaan Beek, lead scientist & sr. principal engineer at McAfee, and Jay Rosenberg, senior security researcher...
and
6 August 2018
 5

Mitigating Emotet, The Most Common Banking Trojan

Recently, Proofpoint released a fairly surprising report, stating that Banking Trojans have surpassed Ransomware as the top malware threat found in email....
26 July 2018
 4

Product Updates

In this blog post we’d like to share with you some details about our latest cool developments. New User Interface: We’ve recently...
5 July 2018
 5

MirageFox: APT15 Resurfaces With New Tools Based On Old Ones

APT15 Background Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we...
14 June 2018
 3

Digital Certificates- When the Chain of Trust is Broken

As stated in a previous blog entry, it is common for malware authors to sign malicious files with “legitimate” digital certificates in...
5 June 2018
 7

Iron Cybercrime Group Under The Scope

In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam’s leaked RCS source code....
29 May 2018
 7

Executable and Linkable Format 101 Part 3: Relocations

In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...
23 April 2018
 2

NEW: Intezer Compromise Assessment Service

GET AN INDEPENDENT EXAMINATION OF YOUR IT ENVIRONMENT TO DETECT ANY EXISTING CYBER ATTACK IN YOUR NETWORK Intezer, today announced the release...
10 April 2018
 3

Unpacking reveals a file’s true DNA

After launching Intezer community edition in November 2017, we noticed that many of our users uploaded packed samples. Yet packed files don’t reveal the...
3 April 2018
 2

Building Your Bullet Proof Incident Response Plan

Cyber security is constantly evolving, and therefore rife with challenges. Whether hobbyist hackers or state-sponsored threat actors are targeting organizations, internal security...
15 March 2018
 2

Yet Another Distraction? A New Version of North Korean Ransomware Hermes Has Emerged

Detecting Reused Ransomware Whether we’re dealing with a criminal threat actor looking to steal money from their victims using ransomware or malware...
8 February 2018
 6

Executable and Linkable Format 101. Part 2: Symbols

In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the...
7 February 2018
 5

Executable and Linkable Format 101 - Part 1 Sections and Segments

Introduction This marks the first of several blog posts that will focus on Executable and Linkable Format (ELF) files. In this series,...
2 January 2018
 6

BLOCKBUSTED: Lazarus, Blockbuster, and North Korea

As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code...
12 December 2017
 3

Don’t Be Fooled By Malware Signed with Stolen Certificates - How Intezer Analyze™ Detects Major Breaches in Security

Recent research conducted by the Cyber Security Research Institute (CSRI) demonstrates how easy and common it is for threat actors to purchase...
7 December 2017
 2

Intezer Analyze™ FREE community edition

This isn’t a gimmick, we’re providing this quota FREE of charge. Intezer Analyze™ was created by incident team experts for incident response...
14 November 2017
 3

IcedID Banking Trojan Shares Code with Pony 2.0 Trojan

IBM X-Force recently released an excellent report  on a new banking trojan named IcedID that is being distributed using computers already infected...
13 November 2017
 2

Silence of the Moles

Kaspersky Labs published a technical analysis of a new malware, Silence that is aimed at attacking financial institutions. After uploading the loader...
1 November 2017
 4

Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...
26 October 2017
 3

NotPetya Returns as Bad Rabbit

Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations...
24 October 2017
 2

Cyber Threat Diversion: Managing the False Positive Madness

Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each...
24 October 2017
 4

Meet the Founders: Alon Cohen

Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now,...
17 October 2017
 4

North Korea and Iran Use CodeProject to Develop Their Malware

Software developers and malware authors share a desire to work smart, not hard In the software development world, engineers frequently use ready-made...
10 October 2017
 5

Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...
2 October 2017
 4

Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner

Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products,...
20 September 2017
 4

Intezer Community Tip: How to Optimize ssdeep Comparisons with ElasticSearch

Why Standard Hash Functions Aren’t Helpful In Memory At Intezer, we specialize in analyzing code from memory to deal with injections, process...
19 September 2017
 5

New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2

Our previous blog post was a short brief of new Agent.BTZ variants that we found. This second part in the series will...
13 September 2017
 4

About the Founders: Meet Itai Tevet

Itai Tevet was the self-described ‘PC kid’ whose fascination with technology led to a strong interest in information security–an interest that benefited...
6 September 2017
 5

Why Identifying ‘Good or Bad’ is Not Enough

Throughout my career, I have witnessed many cyber security professionals adopting a “shoot and don’t ask questions” approach when dealing with malware....
29 August 2017
 3

GDPR: How to Bring Your Incident Response Plan Up to Speed

Every organization that is impacted by the sharing and storage of data are discussing the General Data Protection Regulation (GDPR), a recently...
23 August 2017
 4

New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2

Agent.BTZ–also known as ComRAT–is one of the world’s oldest known state-sponsored threats, mainly known for the 2008 Pentagon breach. Technically speaking, Agent.BTZ...
7 August 2017
 4

“EternalMiner” Copycats exploiting SambaCry for cryptocurrency mining

About eight weeks ago, a critical RCE vulnerability present in every Samba version since 2010 was reported and patched.  This vulnerability is...
26 July 2017
 3

Without a Trace: The Dangers of Fileless Malware

Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable...
10 July 2017
 2

Introducing Cybersecurity DNA: the Intezer Company Blog

Have you ever searched for a needle in a haystack? In the world of cyber security, it might be that one problematic...
1 July 2017
 2

How to Defend Against IRONGATE-like malware?

A lot of the recent buzz in the InfoSec community was about the IRONGATE malware. IRONGATE was recently discovered by FireEye while hunting for...
16 June 2016

    First Name
    Last Name
    Job Title
    Company
    Email
    Country

    © Intezer.com 2021 All rights reserved