Blog - Intezer

Blog

Cybersecurity DNA

Muhstik Botnet Reloaded: New Variants Targeting phpMyAdmin Servers

12 Nov 2018

The Muhstik botnet was first exposed by Netlab360 researchers in May 2018. This botnet targeted mainly GPON routers. At Intezer we found that Muhstik is extending its spectrum...

By Ignacio Sanmillan

The Researcher View: Insights from Leading Global Security Researchers

08 Nov 2018

At Intezer, information sharing is a key component of our makeup, and reflected in our technology. In the spirit of industry collaboration,...

Paleontology: The Unknown Origins of Lazarus Malware

31 Oct 2018

INTRODUCTION As seen by security researchers across the world and proven in a joint research by McAfee and Intezer, Lazarus, one of...

By Jay Rosenberg

APT37: Final1stspy Reaping the FreeMilk

03 Oct 2018

Researchers at Palo Alto Networks recently published a report regarding the NOKKI malware, which has shared code with KONNI and, although not in...

By Jay Rosenberg

Intezer Analyze™ ELF Support Release: Hakai Variant Case Study

30 Aug 2018

ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...

By Jay Rosenberg

Prince of Persia: The Sands of Foudre

17 Aug 2018

Introduction In the past couple years, Palo Alto Networks reported on the “Prince of Persia” malware campaign which is believed to be...

By Jay Rosenberg

Code, Strings and what’s in between

13 Aug 2018

Our technology is based on genetic analysis of files. So far, we’ve focused mainly on detection of code reuse, as part of...

Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families

06 Aug 2018

This research is a joint effort of Christiaan Beek, lead scientist & sr. principal engineer at McAfee, and Jay Rosenberg, senior security researcher...

By Jay Rosenberg

Mitigating Emotet, The Most Common Banking Trojan

26 Jul 2018

Recently, Proofpoint released a fairly surprising report, stating that Banking Trojans have surpassed Ransomware as the top malware threat found in email....

Product Updates

05 Jul 2018

In this blog post we’d like to share with you some details about our latest cool developments. New User Interface: We’ve...

MirageFox: APT15 Resurfaces With New Tools Based On Old Ones

14 Jun 2018

APT15 Background Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we...

By Jay Rosenberg

Digital Certificates- When the Chain of Trust is Broken

05 Jun 2018

As stated in a previous blog entry, it is common for malware authors to sign malicious files with “legitimate” digital certificates in...

Iron Cybercrime Group Under The Scope

29 May 2018

In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam’s leaked RCS source code....

By Omri Ben Bassat

Executable and Linkable Format 101 Part 3: Relocations

23 Apr 2018

In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...

By Ignacio Sanmillan

NEW: Intezer Compromise Assessment Service

10 Apr 2018

GET AN INDEPENDENT EXAMINATION OF YOUR IT ENVIRONMENT TO DETECT ANY EXISTING CYBER ATTACK IN YOUR NETWORK Intezer, today announced the...

Unpacking reveals a file’s true DNA

03 Apr 2018

After launching Intezer community edition in November 2017, we noticed that many of our users uploaded packed samples. Yet packed files don’t reveal the...

Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies

28 Mar 2018

Introduction Cyber attacks from the Lazarus Group, a threat actor associated with North Korea, has not slowed down and their malware toolset...

By Jay Rosenberg

Building Your Bullet Proof Incident Response Plan

15 Mar 2018

Cyber security is constantly evolving, and therefore rife with challenges. Whether hobbyist hackers or state-sponsored threat actors are targeting organizations, internal security...

2018 Winter Cyber Olympics: Code Similarities with Cyber Attacks in Pyeongchang

12 Feb 2018

Olympic Code Similarities Following up on reports by McAfee and Cisco Talos related to hacking during the winter Olympics of 2018 in...

By Jay Rosenberg

Yet Another Distraction? A New Version of North Korean Ransomware Hermes Has Emerged

08 Feb 2018

Detecting Reused Ransomware Whether we’re dealing with a criminal threat actor looking to steal money from their victims using ransomware or malware...

By Jay Rosenberg

Executable and Linkable Format 101. Part 2: Symbols

07 Feb 2018

In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the...

By Ignacio Sanmillan

Executable and Linkable Format 101 - Part 1 Sections and Segments

02 Jan 2018

Introduction This marks the first of several blog posts that will focus on Executable and Linkable Format (ELF) files. In this series,...

By Ignacio Sanmillan

BLOCKBUSTED: Lazarus, Blockbuster, and North Korea

12 Dec 2017

As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code...

By Jay Rosenberg

Don’t Be Fooled By Malware Signed with Stolen Certificates - How Intezer Analyze™ Detects Major Breaches in Security

07 Dec 2017

Recent research conducted by the Cyber Security Research Institute (CSRI) demonstrates how easy and common it is for threat actors to purchase...

Intezer Analyze™ FREE community edition

14 Nov 2017

This isn’t a gimmick, we’re providing this quota FREE of charge. Intezer Analyze™ was created by incident team experts for incident...

IcedID Banking Trojan Shares Code with Pony 2.0 Trojan

13 Nov 2017

IBM X-Force recently released an excellent report on a new banking trojan named IcedID that is being distributed using computers already infected...

By Jay Rosenberg

Silence of the Moles

01 Nov 2017

Kaspersky Labs published a technical analysis of a new malware, Silence that is aimed at attacking financial institutions. After uploading the loader...

By Jay Rosenberg

NotPetya Returns as Bad Rabbit

24 Oct 2017

Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations...

By Jay Rosenberg

Cyber Threat Diversion: Managing the False Positive Madness

24 Oct 2017

Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each...

Meet the Founders: Alon Cohen

17 Oct 2017

Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now,...

North Korea and Iran Use CodeProject to Develop Their Malware

10 Oct 2017

Software developers and malware authors share a desire to work smart, not hard In the software development world, engineers frequently use ready-made...

Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

02 Oct 2017

Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...

By Jay Rosenberg

Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner

20 Sep 2017

Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products,...

By Jay Rosenberg

Intezer Community Tip: How to Optimize ssdeep Comparisons with ElasticSearch

19 Sep 2017

Why Standard Hash Functions Aren’t Helpful In Memory At Intezer, we specialize in analyzing code from memory to deal with injections, process...

By Jonathan Abrahamy

New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2

13 Sep 2017

Our previous blog post was a short brief of new Agent.BTZ variants that we found. This second part in the series will...

By Omri Ben Bassat

About the Founders: Meet Itai Tevet

06 Sep 2017

Itai Tevet was the self-described ‘PC kid’ whose fascination with technology led to a strong interest in information security–an interest that benefited...

Why Identifying ‘Good or Bad’ is Not Enough

29 Aug 2017

Throughout my career, I have witnessed many cyber security professionals adopting a “shoot and don’t ask questions” approach when dealing with malware....

GDPR: How to Bring Your Incident Response Plan Up to Speed

23 Aug 2017

Every organization that is impacted by the sharing and storage of data are discussing the General Data Protection Regulation (GDPR), a recently...

New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2

07 Aug 2017

Agent.BTZ–also known as ComRAT–is one of the world’s oldest known state-sponsored threats, mainly known for the 2008 Pentagon breach. Technically speaking, Agent.BTZ...

By Omri Ben Bassat

“EternalMiner” Copycats exploiting SambaCry for cryptocurrency mining

26 Jul 2017

About eight weeks ago, a critical RCE vulnerability present in every Samba version since 2010 was reported and patched. This vulnerability is...

By Omri Ben Bassat

Without a Trace: The Dangers of Fileless Malware

10 Jul 2017

Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable...

By Research team

Introducing Cybersecurity DNA: the Intezer Company Blog

01 Jul 2017

Have you ever searched for a needle in a haystack? In the world of cyber security, it might be that one problematic...

How to Defend Against IRONGATE-like malware?

16 Jun 2016

A lot of the recent buzz in the InfoSec community was about the IRONGATE malware. IRONGATE was recently discovered by FireEye while hunting for...

By Research team

© Intezer.com 2018 All rights reserved