Malware Analysis
An Important Update
We’re rolling out an important update to the Intezer Analyze community edition to better accommodate our users. Effective December 17 community users will have...
A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy
Summary In November, we uncovered COVID-19 phishing lures that were used to deliver the Go version of Zebrocy. Zebrocy is mainly used...
Stantinko’s Proxy After Your Apache Server
Intro It is common for threat actors to evolve their Linux malware. BlackTech with their new ELF_PLEAD malware and Winnti’s PWNLNX tool are recent examples....
TrickBot or Treat 2.0
In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...
New Threat Intel Features in Intezer Analyze
We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying...
Emotet Evolves but Code Remains Mostly the Same
Just after the publication of this post the US-CERT released an alert about Emotet. Evolution is the result of adaptations that take...
A Storm is Brewing: IPStorm Now Has Linux Malware
Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...
VB2020 - Advanced Pasta Threat: Mapping Malware Use of Open Source Offensive Security Tools
The term Offensive Security Tool, also known as OST, is a controversial subject within the InfoSec community. It often sparks fierce debate...
Looking Back on the Last Decade of Linux APT Attacks
APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...
Turning Open Source Against Malware
Introduction Offensive Security Tools are any kind of functionality meant to facilitate intrusions and security bypasses in order to achieve the former....
ELF Malware Analysis 101 Part 2: Initial Analysis
Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...
Accelerate Memory Forensics with Intezer Analyze
Incident investigations usually begin with a triggered alert. One of the sensors deployed across your organization claims that suspicious activity has occurred...
Community Ghidra Plugin is Here
Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst...
Detect Malware Associated with the Most Exploited CVEs
Unpatched or undetected software vulnerabilities are a common method for malware delivery once exploited by attackers. Last month, the US-CERT urged IT...
IDA Pro Plugin Now Available to the Community
The Intezer Analyze IDA Pro plugin is now available to community users! IDA Pro is the most common reverse engineering platform for...
ELF Malware Analysis 101: Linux Threats No Longer an Afterthought
Introduction Linux has a large presence in the operating systems market because it’s open-sourced, free, and software development oriented—meaning its rich ecosystem...
The Evolution of APT15’s Codebase 2020
The Ke3chang group, also known as APT15, is an alleged Chinese government-backed cluster of teams known to target various high-profile entities spanning...
Kaiji: New Chinese Linux malware turning to Golang
It is not often that you see a botnet’s tooling written from scratch. The Internet of things (IoT) botnet ecosystem is relatively well-documented by...
Intezer Analyze community roundup
Maze ransomware, APT41 and Lazarus highlight this month’s community samples 1. More_eggs variant with low Antivirus detections has modified string encoding mechanisms...
Malicious APKs share code during Covid-19 pandemic
Threat actors are exploiting fear and uncertainty to spread Covid-19 themed malicious Android package kits (APKs) onto users’ mobile devices. APKs pose...
Search for revealing strings in Intezer Analyze
Accelerate your file investigations with new and improved string reuse capabilities in Intezer Analyze Users of Intezer Analyze may have noticed new...
Fantastic payloads and where we find them
Attackers have long used evasion features in their malware to avoid detection by security products and analysis systems. One of the most...
Evasion Techniques Dissected: A Mirai Case Study
Code reuse analysis vs. signature-based detection We are often asked the question, “what sets your approach apart from other malware detection solutions?”...
Accelerate Reverse Engineering with Intezer's IDA Pro Plugin
IDA Pro is the most common reverse engineering platform for disassembling computer software. The...
Ransomware and Spyware Top Intezer Analyze Community Detections
This month’s community highlights span a variety of file formats — APK, ELF and PE. 1) Anubis [Link to Analysis] Anubis is...
The Human Element at RSA Conference
This year’s RSA Conference theme is the Human Element. At Intezer, we introduce an innovative approach called Genetic Malware Analysis which reveals the...
Intezer Featured in IBM X-Force Threat Index
Banking trojans and ransomware were the top innovators in 2019 malware code evolution Drawing on previous IBM X-Force collaboration in detecting new...