Threat Hunting Archives - Intezer

Threat Hunting


Threat Hunting Rule Extraction and Use Cases

TL;DR: You can now extract IOCs and behavioral indicators to a hunting rule format for your endpoint security system. This enables you...


Detection Rules for Lightning Framework (and How to Make Them With Osquery)

On 21 July, 2022, we released a blog post about a new malware called Lightning Framework. Lightning is a modular malware framework...


Stay Ahead of the Latest Threats with Threat Family Tracking

TL;DR – You can now subscribe to threat actors/malware families in Intezer and receive notifications for new IoCs and detection opportunities. Staying...


SOC Level Up: Threat Hunting and Detection With Sigma

Sigma is a universal markup language for analyzing logs, which you can use to write threat hunting and detection rules for evolving...


How to Write YARA Rules That Minimize False Positives

Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower...


Security ROI: Time & Resource Savings for IR/SOC Teams

Automation can augment your security team to help you manage never-ending alerts, reduce skill gaps, and respond...


SOC Level Up: Introduction to Sigma Rules

Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...


Scale Incident Response with Detection Engineering: Intezer Detect & Hunt

Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are...


Detection Rules for Sysjoker (and How to Make Them With Osquery)

On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...


The Role of Malware Analysis in Cybersecurity

Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because...


Proactive Threat Hunting with Intezer

What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....


TrickBot or Treat 2.0

In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...


Using YARA Rules to Turn Open Source Against Malware

Introduction Offensive Security Tools are any kind of functionality meant to facilitate intrusions and security bypasses in order to achieve the former....


TTPs matrix for Linux cloud servers

Checklist for protecting your Linux cloud servers against cyber attacks Taking inspiration from the MITRE ATT&CK® framework, we have developed a matrix categorizing...

< 1

The Human Element at RSA Conference

This year’s RSA Conference theme is the Human Element. At Intezer, we introduce an innovative approach called Genetic Malware Analysis which reveals the...


2019: A Year-in-Review

What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...


ChinaZ Updates Toolkit by Introducing New, Undetected Malware

Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...

< 1

Now Supporting Genetic Malware Analysis for Android Applications

We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...


Revealing the Origins of Software

Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...


ACBackdoor: Analysis of a New Multiplatform Backdoor

Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...


Intezer Analyze Community Halloween Edition: Trickbot or Treat!

In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...


Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns

Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...

Subscribe to our blog Subscribe
© 2022 All rights reserved
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
CrowdStrike + Intezer: Automation for Alert Triage, Response, and HuntingCrowdStrike + Intezer: Automation for Alert Triage, Response, and Hunting Learn more