Blog - Intezer
[contact-form-7 404 "Not Found"]

Blog

Cybersecurity DNA

Exploring the Chinese DDoS Threat Landscape [Research Report]

10 Dec 2019
Distributed denial-of-service attacks were on the rise in 2018 and continuing into 2019, ranging from a high volume of Mirai attacks to...
By Intezer

Intezer Analyze Community: Buhtrap, Divergent, Kronos, and More

25 Nov 2019
In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...
By

Revealing the Origins of Software Code

21 Nov 2019
Summary Nearly all cyber attacks require running software code. Regardless of the attack vector, in order for an adversary to create any...
By

Genetic Malware Analysis for Golang

20 Nov 2019
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
By

ACBackdoor: Analysis of a New Multiplatform Backdoor

18 Nov 2019
Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...
By

PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers

12 Nov 2019
Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...
By

Intezer Analyze Community Halloween Edition: Trickbot or Treat!

31 Oct 2019
In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...
By

Intezer Analyze Use Case: Visibility Among Global SOCs

16 Oct 2019
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
By

Mapping the Connections Inside Russia's APT Ecosystem

24 Sep 2019
This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If the...
By and

Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns

20 Sep 2019
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...
By

Why we Should be Paying More Attention to Linux Threats

19 Sep 2019
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
By

MoP - "Master of Puppets" - Advanced malware tracking framework revealed at BlackHat Arsenal 2019.

14 Aug 2019
At BlackHat Arsenal 2019 Intezer’s researcher, Omri Ben-Bassat, revealed open-source tool called MoP (“Master of Puppets”) which is a framework for reverse...
By

Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More

01 Aug 2019
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...
By

Siemplify and Intezer: Incorporate Genetic Malware Analysis into your SOAR Platform (Video)

30 Jul 2019
 One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the...
By

Intezer Analyze Community: Mapping Code Connections Between Malware Samples

29 Jul 2019
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...
By

Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

24 Jul 2019
  Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500...
By and

EvilGnome: Rare Malware Spying on Linux Desktop Users

17 Jul 2019
Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system...
By

How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers

10 Jul 2019
  Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt...
By

Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More

08 Jul 2019
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...
By

Intezer and IBM Resilient Integrate to Enrich Threat Investigations with Genetic Malware Analysis

27 Jun 2019
I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to...
By

HiddenWasp and the Emergence of Linux-based Threats

26 Jun 2019
This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
By

Executable and Linkable Format 101 Part 4: Dynamic Linking

25 Jun 2019
This is a new post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the...
By

Genetic Malware Analysis Use Cases: Government Agencies

20 Jun 2019
Key Takeaways Genetic Malware Analysis technology, based on identifying code similarities to known software, helps government agencies address the following cybersecurity challenges:...
By

Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May

30 May 2019
1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...
By

HiddenWasp Malware Stings Targeted Linux Systems

29 May 2019
  Overview • Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems. • The malware is...
By

A Straw-by-Straw Analysis: The Zero-Trust Approach for your Alert Haystack

23 May 2019
This blog post serves as a preview to an Infosecurity Europe tech talk that will be presented on Wednesday, June 5, 2019....
By

Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud

09 May 2019
Pacha Group is a crypto-mining threat actor we at Intezer discovered and profiled in a blog post published on February 28, 2019....
By

War on the Cloud: Cybercriminals Competing for Cryptocurrency Mining Foothold

09 May 2019
The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back...
By

Top Five Community Uploads | April 2019

29 Apr 2019
This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...
By

Genetic Malware Analysis Use Cases: Financial Services

25 Apr 2019
2018 saw an increase in distributed denial-of-service (DDoS) attacks and phishing campaigns targeting financial services institutions. Malware, in particular, continues to play...
By

Meet the Team: Shaul Holtzman

22 Apr 2019
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
By

Scan the Memory of Entire Endpoints using Genetic Malware Analysis

08 Apr 2019
I am excited to announce the launch of a new Endpoint Analysis solution, located within the Intezer Analyze™ platform. The Endpoint Analysis solution consists...
By

Top Five Community Uploads | March 2019

26 Mar 2019
Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...
By

Technical Analysis: Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers

28 Feb 2019
Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...
By

Pacha Group, A New Threat Actor Deploying Undetected Cryptojacking Campaigns on Linux Servers

28 Feb 2019
Key Takeaways: • Intezer has evidence of a new threat actor, calling it Pacha Group, which has been deploying undetected cryptojacking campaigns...
By

Top Five Community Uploads | February 2019

25 Feb 2019
As manager of the free Intezer Analyze community edition I witness first hand the interesting samples our users upload on a daily...
By

New! API for the Intezer Analyze Community

15 Jan 2019
On behalf of Intezer, I am pleased to announce the release of an API for the Intezer Analyze community edition. Members of...
By

What is Genetic Malware Analysis?

10 Jan 2019
At Intezer, we view malware analysis as a key component in properly and effectively responding to security incidents. We have introduced a...
By

ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups

07 Jan 2019
Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...
By

Verifying Code Reuse Between Ursnif and 'Brexit' Malware Campaign Targeting the United Kingdom

11 Dec 2018
Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using...
By

Making Malware Human: A SANS Product Review of Intezer Analyze™

04 Dec 2018
Alerts can enter an organization at inconceivable rates. Security teams are tasked with sifting through countless alerts, making it difficult to prioritize...
By

Muhstik Botnet Reloaded: New Variants Targeting phpMyAdmin Servers

12 Nov 2018
The Muhstik botnet was first exposed by Netlab360 researchers in May 2018. This botnet targeted mainly GPON routers. At Intezer we found that Muhstik is extending its spectrum...
By

The Researchers' View: Insights from Leading Global Security Researchers

08 Nov 2018
At Intezer information sharing is a key component of our makeup and reflected in our technology. In the spirit of industry collaboration...
By

Paleontology: The Unknown Origins of Lazarus Malware

31 Oct 2018
INTRODUCTION         As seen by security researchers across the world and proven in a joint research by McAfee and Intezer, Lazarus, one of...
By

APT37: Final1stspy Reaping the FreeMilk

03 Oct 2018
Researchers at Palo Alto Networks recently published a report regarding the NOKKI malware, which has shared code with KONNI and, although not in...
By

Intezer Analyze™ ELF Support Release: Hakai Variant Case Study

30 Aug 2018
ELF SUPPORT We would like to proudly announce that Intezer Analyze™ now supports genetic malware analysis for ELF binaries! You may now...
By and

Prince of Persia: The Sands of Foudre

17 Aug 2018
Introduction In the past couple years, Palo Alto Networks reported on the “Prince of Persia” malware campaign which is believed to be...
By

Code, Strings and what’s in between

13 Aug 2018
Our technology is based on genetic analysis of files. So far, we’ve focused mainly on detection of code reuse, as part of...
By

Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families

06 Aug 2018
This research is a joint effort of Christiaan Beek, lead scientist & sr. principal engineer at McAfee, and Jay Rosenberg, senior security researcher...
By and

Mitigating Emotet, The Most Common Banking Trojan

26 Jul 2018
Recently, Proofpoint released a fairly surprising report, stating that Banking Trojans have surpassed Ransomware as the top malware threat found in email....
By

Product Updates

05 Jul 2018
  In this blog post we’d like to share with you some details about our latest cool developments. New User Interface: We’ve...
By

MirageFox: APT15 Resurfaces With New Tools Based On Old Ones

14 Jun 2018
APT15 Background Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we...
By Jay Rosenberg

Digital Certificates- When the Chain of Trust is Broken

05 Jun 2018
As stated in a previous blog entry, it is common for malware authors to sign malicious files with “legitimate” digital certificates in...
By

Iron Cybercrime Group Under The Scope

29 May 2018
In April 2018, while monitoring public data feeds, we noticed an interesting and previously unknown backdoor using HackingTeam’s leaked RCS source code....
By Omri Ben Bassat

Executable and Linkable Format 101 Part 3: Relocations

23 Apr 2018
In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...
By

NEW: Intezer Compromise Assessment Service

10 Apr 2018
GET AN INDEPENDENT EXAMINATION OF YOUR IT ENVIRONMENT TO DETECT ANY EXISTING CYBER ATTACK IN YOUR NETWORK   Intezer, today announced the...
By Intezer

Unpacking reveals a file’s true DNA

03 Apr 2018
After launching Intezer community edition in November 2017, we noticed that many of our users uploaded packed samples. Yet packed files don’t reveal the...
By

Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies

28 Mar 2018
Introduction Cyber attacks from the Lazarus Group, a threat actor associated with North Korea, has not slowed down and their malware toolset...
By

Building Your Bullet Proof Incident Response Plan

15 Mar 2018
Cyber security is constantly evolving, and therefore rife with challenges. Whether hobbyist hackers or state-sponsored threat actors are targeting organizations, internal security...
By

2018 Winter Cyber Olympics: Code Similarities with Cyber Attacks in Pyeongchang

12 Feb 2018
Olympic Code Similarities Following up on reports by McAfee and Cisco Talos related to hacking during the winter Olympics of 2018 in...
By

Yet Another Distraction? A New Version of North Korean Ransomware Hermes Has Emerged

08 Feb 2018
Detecting Reused Ransomware Whether we’re dealing with a criminal threat actor looking to steal money from their victims using ransomware or malware...
By

Executable and Linkable Format 101. Part 2: Symbols

07 Feb 2018
In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the...
By

Executable and Linkable Format 101 - Part 1 Sections and Segments

02 Jan 2018
Introduction This marks the first of several blog posts that will focus on Executable and Linkable Format (ELF) files. In this series,...
By Ignacio Sanmillan

BLOCKBUSTED: Lazarus, Blockbuster, and North Korea

12 Dec 2017
As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code...
By Jay Rosenberg

Don’t Be Fooled By Malware Signed with Stolen Certificates - How Intezer Analyze™ Detects Major Breaches in Security

07 Dec 2017
Recent research conducted by the Cyber Security Research Institute (CSRI) demonstrates how easy and common it is for threat actors to purchase...
By Ari Eitan

Intezer Analyze™ FREE community edition

14 Nov 2017
This isn’t a gimmick, we’re providing this quota FREE of charge.   Intezer Analyze™ was created by incident team experts for incident...
By

IcedID Banking Trojan Shares Code with Pony 2.0 Trojan

13 Nov 2017
IBM X-Force recently released an excellent report  on a new banking trojan named IcedID that is being distributed using computers already infected...
By

Silence of the Moles

01 Nov 2017
Kaspersky Labs published a technical analysis of a new malware, Silence that is aimed at attacking financial institutions. After uploading the loader...
By

NotPetya Returns as Bad Rabbit

24 Oct 2017
Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations...
By

Cyber Threat Diversion: Managing the False Positive Madness

24 Oct 2017
Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each...
By

Meet the Founders: Alon Cohen

17 Oct 2017
Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now,...
By

North Korea and Iran Use CodeProject to Develop Their Malware

10 Oct 2017
Software developers and malware authors share a desire to work smart, not hard In the software development world, engineers frequently use ready-made...
By

Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers

02 Oct 2017
Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide...
By

Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner

20 Sep 2017
Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products,...
By Jay Rosenberg

Intezer Community Tip: How to Optimize ssdeep Comparisons with ElasticSearch

19 Sep 2017
Why Standard Hash Functions Aren’t Helpful In Memory At Intezer, we specialize in analyzing code from memory to deal with injections, process...
By Jonathan Abrahamy

New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2

13 Sep 2017
Our previous blog post was a short brief of new Agent.BTZ variants that we found. This second part in the series will...
By

About the Founders: Meet Itai Tevet

06 Sep 2017
Itai Tevet was the self-described ‘PC kid’ whose fascination with technology led to a strong interest in information security–an interest that benefited...
By Intezer

Why Identifying ‘Good or Bad’ is Not Enough

29 Aug 2017
Throughout my career, I have witnessed many cyber security professionals adopting a “shoot and don’t ask questions” approach when dealing with malware....
By

GDPR: How to Bring Your Incident Response Plan Up to Speed

23 Aug 2017
Every organization that is impacted by the sharing and storage of data are discussing the General Data Protection Regulation (GDPR), a recently...
By

New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2

07 Aug 2017
Agent.BTZ–also known as ComRAT–is one of the world’s oldest known state-sponsored threats, mainly known for the 2008 Pentagon breach. Technically speaking, Agent.BTZ...
By

“EternalMiner” Copycats exploiting SambaCry for cryptocurrency mining

26 Jul 2017
About eight weeks ago, a critical RCE vulnerability present in every Samba version since 2010 was reported and patched.  This vulnerability is...
By Omri Ben Bassat

Without a Trace: The Dangers of Fileless Malware

10 Jul 2017
Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable...
By Research team

Introducing Cybersecurity DNA: the Intezer Company Blog

01 Jul 2017
Have you ever searched for a needle in a haystack? In the world of cyber security, it might be that one problematic...
By

How to Defend Against IRONGATE-like malware?

16 Jun 2016
A lot of the recent buzz in the InfoSec community was about the IRONGATE malware. IRONGATE was recently discovered by FireEye while hunting for...
By

Popular Posts

Categories

© Intezer.com 2019 All rights reserved