Malware Analysis Archives - Intezer

Malware Analysis

Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
< 1

An Important Update

We’re rolling out an important update to the Intezer Analyze community edition to better accommodate our users. Effective December 17 community users will have...


A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy

Summary In November, we uncovered COVID-19 phishing lures that were used to deliver the Go version of Zebrocy. Zebrocy is mainly used...


Stantinko’s Proxy After Your Apache Server

Intro It is common for threat actors to evolve their Linux malware. BlackTech with their new ELF_PLEAD malware and Winnti’s PWNLNX tool are recent examples....


TrickBot or Treat 2.0

In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...


New Threat Intel Features in Intezer Analyze

We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying...


Emotet Evolves but Code Remains Mostly the Same

Just after the publication of this post the US-CERT released an alert about Emotet. Evolution is the result of adaptations that take...


A Storm is Brewing: IPStorm Now Has Linux Malware

Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...


VB2020 - Advanced Pasta Threat: Mapping Malware Use of Open Source Offensive Security Tools

The term Offensive Security Tool, also known as OST, is a controversial subject within the InfoSec community. It often sparks fierce debate...


Looking Back on the Last Decade of Linux APT Attacks

APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...


Turning Open Source Against Malware

Introduction Offensive Security Tools are any kind of functionality meant to facilitate intrusions and security bypasses in order to achieve the former....


ELF Malware Analysis 101 Part 2: Initial Analysis 

Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...


Accelerate Memory Forensics with Intezer Analyze

Incident investigations usually begin with a triggered alert. One of the sensors deployed across your organization claims that suspicious activity has occurred...


Community Ghidra Plugin is Here

Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst...


Detect Malware Associated with the Most Exploited CVEs

Unpatched or undetected software vulnerabilities are a common method for malware delivery once exploited by attackers. Last month, the US-CERT urged IT...


IDA Pro Plugin Now Available to the Community

The Intezer Analyze IDA Pro plugin is now available to community users! IDA Pro is the most common reverse engineering platform for...


ELF Malware Analysis 101: Linux Threats No Longer an Afterthought

Introduction Linux has a large presence in the operating systems market because it’s open-sourced, free, and software development oriented—meaning its rich ecosystem...


The Evolution of APT15’s Codebase 2020

The Ke3chang group, also known as APT15, is an alleged Chinese government-backed cluster of teams known to target various high-profile entities spanning...


Kaiji: New Chinese Linux malware turning to Golang

It is not often that you see a botnet’s tooling written from scratch. The Internet of things (IoT) botnet ecosystem is relatively well-documented by...


Intezer Analyze community roundup

Maze ransomware, APT41 and Lazarus highlight this month’s community samples 1. More_eggs variant with low Antivirus detections has modified string encoding mechanisms...


Malicious APKs share code during Covid-19 pandemic

Threat actors are exploiting fear and uncertainty to spread Covid-19 themed malicious Android package kits (APKs) onto users’ mobile devices. APKs pose...


Search for revealing strings in Intezer Analyze

Accelerate your file investigations with new and improved string reuse capabilities in Intezer Analyze Users of Intezer Analyze may have noticed new...


Fantastic payloads and where we find them

Attackers have long used evasion features in their malware to avoid detection by security products and analysis systems. One of the most...


Evasion Techniques Dissected: A Mirai Case Study

Code reuse analysis vs. signature-based detection We are often asked the question, “what sets your approach apart from other malware detection solutions?”...

< 1

Accelerate Reverse Engineering with Intezer's IDA Pro Plugin

IDA Pro is the most common reverse engineering platform for disassembling computer software. The...


Ransomware and Spyware Top Intezer Analyze Community Detections

This month’s community highlights span a variety of file formats — APK, ELF and PE. 1) Anubis [Link to Analysis] Anubis is...

< 1

The Human Element at RSA Conference

This year’s RSA Conference theme is the Human Element. At Intezer, we introduce an innovative approach called Genetic Malware Analysis which reveals the...


Intezer Featured in IBM X-Force Threat Index

Banking trojans and ransomware were the top innovators in 2019 malware code evolution Drawing on previous IBM X-Force collaboration in detecting new...


New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset

Introduction Our researchers Paul Litvak and Michael Kajilolti have discovered a new campaign conducted by APT34 employing an updated toolset. Based on uncovered...


Linux Rekoobe Operating with New, Undetected Malware Samples

Introduction Our research team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC...

Subscribe to our blog Subscribe
© 2021 All rights reserved