Malware Analysis
How to Analyze Malicious PDF Files
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used...
How to Analyze Malicious Microsoft Office Files
Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in...
What's New in Intezer's FREE Community Edition
With a free account, you get a trial of Intezer’s Autonomous SOC capabilities and ongoing access for advanced malware analysis. In the...
How LNK Files Are Abused by Threat Actors
LNK files are based on the Shell Link Binary file format, also known as Windows shortcuts. But what seems a relatively simple...
Summary of Symbiote Research (A New, Nearly-Impossible-to-Detect Linux Threat)
In pop culture, a symbiote often gives a host superhuman ability (and occasionally also hilarious inner monologue). But in real life, parasitic...
How You Can Use Our New Open-Source Database Access Control Tool
Use this open-source Just-In-Time database access control tool (integrated with directory service, slack, and SIEM) to secure your...
TeamTNT Cryptomining Explosion 🧨
This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive...
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Already familiar with assembly language and disassemblers? Check out Reverse Engineering for Beginners Part 2 to dig into how malware is packed,...
The Role of Malware Analysis in Cybersecurity
Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because...
All Your Go Binaries are Belong to Us
The skillset of performing binary analysis may to some appear to be limited to a few undeadly souls. While it may look...
The State of Malware Analysis
Malware is the thorn in the side of security analysts everywhere. The main question when getting a suspicious file alert is, “Is...
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratch Linux malware is fully undetected by vendors Has...
Intezer Analyze Transforms for Maltego
We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you...
How to Detect Cobalt Strike
Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular both in...
What MITRE D3FEND™ Techniques Does Intezer Analyze Implement?
The MITRE Corporation recently released MITRE D3FEND™, a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. D3FEND provides defense techniques that...
Fast Insights for a Microsoft-Signed Netfilter Rootkit
Automate malware analysis of Netfilter rootkit and other advanced threats. Obtain deep insights without long, manual effort. News broke in June about a...
Securing the Software Supply Chain
How to scope, plan, and execute an effective supply chain security initiative. Supply Chain is Latest Land Grab for Cyber Attackers Software...
Reimagining the Malware Analysis Experience
Itai Tevet, CEO of Intezer, shares the company’s vision for a simplified, consolidated malware analysis experience. Since its inception, Intezer has strived...
Covering the Infection Chain: Analyze Documents and Scripts with Intezer Analyze
Malware threats come in many forms. You can now analyze more of them with Intezer Analyze We have made a major expansion...
Genetic Analysis and Lessons Learned from REvil Attack
Validating your Software Supply Chain for Tampering SolarWinds, Codecov and now Kaseya are the latest supply chain attacks we know about. In...
Klingon RAT Holding on for Dear Life
With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...
Wrapping Up a Year of Infamous Bazar Campaigns
Bazar is the latest tool developed by the TrickBot gang Common malware used for cybercrime such as Agent Tesla, Dridex and Formbook...
HabitsRAT Used to Target Linux and Windows Servers
We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...
Accelerate Incident Response with Intezer Analyze Volatility Plugin
Significantly reduce memory forensics time from hours to minutes Memory analysis is a core component of a typical incident response process. In many cases...
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...
When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...
Year of the Gopher: 2020 Go Malware Round-Up
Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...
ELF Malware Analysis 101: Part 3 - Advanced Analysis
Getting Caught Up to Speed So far in this series we have profiled the ELF threat landscape and covered the most common...
Get More Context for Your Analysis with TTPs
Learn more about how Intezer works here and its automated incident response process, which provides you with TTPs and so much more....
New Threat Intel Features in Intezer Analyze
We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying...
Emotet Evolves but Code Remains Mostly the Same
Just after the publication of this post the US-CERT released an alert about Emotet. Evolution is the result of adaptations that take...
ELF Malware Analysis 101 Part 2: Initial Analysis
Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...
Accelerate Memory Forensics with Intezer Analyze
Incident investigations usually begin with a triggered alert. One of the sensors deployed across your organization claims that suspicious activity has occurred...
Community Ghidra Plugin is Here
Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst...
Detect Malware Associated with the Most Exploited CVEs
Unpatched or undetected software vulnerabilities are a common method for malware delivery once exploited by attackers. Last month, the US-CERT urged IT...
IDA Pro Plugin Now Available to the Community
The Intezer Analyze IDA Pro plugin is now available to community users! IDA Pro is the most common reverse engineering platform for...
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Linux has a large presence in the operating systems market because it’s open-sourced, free, and software development oriented—meaning its rich ecosystem provides...
Intezer Analyze May Community Roundup
See below some of the threats our community detected this month 1. Fileless Dridex sample, originally with five detections in VirusTotal, contains a payload...
Mapping Binaries Inside a Microsoft Azure Cloud Server
Linux has become the “go-to” OS in cloud computing, running 90% of the public cloud workload. Linux usage has even surpassed Windows...
Intezer Analyze community roundup
Maze ransomware, APT41 and Lazarus highlight this month’s community samples 1. More_eggs variant with low Antivirus detections has modified string encoding mechanisms...
Malicious APKs share code during Covid-19 pandemic
Threat actors are exploiting fear and uncertainty to spread Covid-19 themed malicious Android package kits (APKs) onto users’ mobile devices. APKs pose...
Evasion Techniques Dissected: A Mirai Case Study
Code reuse analysis vs. signature-based detection We are often asked the question, “what sets your approach apart from other malware detection solutions?”...
Accelerate Reverse Engineering with Intezer Analyze IDA Pro Plugin
IDA Pro is the most common reverse engineering platform for disassembling computer software. The Intezer Analyze IDA Pro plugin accelerates reverse engineering...
Intezer Featured in IBM X-Force Threat Index
Banking trojans and ransomware were the top innovators in 2019 malware code evolution Drawing on previous IBM X-Force collaboration in detecting new...
Intezer Analyze Community: Buhtrap, Divergent, Kronos, and More
In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...
Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...
Intezer Analyze Community: Mapping Code Connections Between Malware Samples
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...
Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...
HiddenWasp and the Emergence of Linux-based Threats
This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
Executable and Linkable Format 101 Part 4: Dynamic Linking
This is the 4th post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the...
Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May
1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...
Top Five Community Uploads | April 2019
This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...
Meet the Team: Shaul Holtzman
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
Top Five Community Uploads | March 2019
Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...
Top Five Community Uploads | February 2019
As manager of the free Intezer Analyze community edition I witness first hand the interesting samples our users upload on a daily...
What is Genetic Malware Analysis?
At Intezer, we view malware analysis as a key component in properly and effectively responding to security incidents. We have introduced a...
Verifying Code Reuse Between Ursnif and 'Brexit' Malware Campaign Targeting the United Kingdom
Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using...
Code, Strings and what’s in between
Our technology is based on genetic analysis of files. So far, we’ve focused mainly on detection of code reuse, as part of...
Product Updates for June 2018
In this blog post we’d like to share with you some details about our latest cool developments. New User Interface: We’ve recently...
Executable and Linkable Format 101 Part 3: Relocations
In our previous post, we went through the concept of symbols and their functionality. In this post we will introduce the concept...
Unpacking reveals a file’s true DNA
After launching Intezer community edition in November 2017, we noticed that many of our users uploaded packed samples. Yet packed files don’t reveal the...
Building Your Bullet Proof Incident Response Plan
Cyber security is constantly evolving, and therefore rife with challenges. Whether hobbyist hackers or state-sponsored threat actors are targeting organizations, internal security...
Executable and Linkable Format 101. Part 2: Symbols
In our previous post, we focused on understanding the relationship between sections and segments, which serve as the foundation for understanding the...
Don’t Be Fooled By Malware Signed with Stolen Certificates
Recent research conducted by the Cyber Security Research Institute (CSRI) demonstrates how easy and common it is for threat actors to purchase...
Meet the Founders: Alon Cohen
Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now,...