A Straw-by-Straw Analysis: The Zero-Trust Approach for Your Alert Haystack
One of the greatest challenges security operations center (SOC) teams face is the high volume of daily alerts about suspicious files and...
How to Write YARA Rules That Minimize False Positives
Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower...
Boost Your SOC Skills: How to Detect Good Apps Gone Bad
Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...
TeamTNT Cryptomining Explosion 🧨
This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive...
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Already familiar with assembly language and disassemblers? Check out Reverse Engineering for Beginners Part 2 to dig into how malware is packed,...
Teaching Capa New Tricks: Analyzing Capabilities in PE and ELF Files
When analyzing malware, one of the goals in addition to identifying what malware it is, is to understand what it does when...
HabitsRAT Used to Target Linux and Windows Servers
We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...
When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...
Kaiji Goes Through Update but Code Reuse Detects It
Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...
Year of the Gopher: 2020 Go Malware Round-Up
Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...
Accelerate Reverse Engineering with Intezer Analyze IDA Pro Plugin
IDA Pro is the most common reverse engineering platform for disassembling computer software. The Intezer Analyze IDA Pro plugin accelerates reverse engineering...
Intezer Analyze Community: 2019 Recap and Trends
Emotet, Trickbot, and Lazarus were the most common threats detected by the community in 2019. Linux threats, with code connections to Mirai,...
2019: A Year-in-Review
What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...
Now Supporting Genetic Malware Analysis for Android Applications
We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...
Intezer Analyze Community: Buhtrap, Divergent, Kronos, and More
In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...
Revealing the Origins of Software
Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...
Genetic Malware Analysis for Golang
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...
Intezer Analyze Community Halloween Edition: Trickbot or Treat!
In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...
Intezer Analyze Use Case: Visibility Among Global SOCs
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
Mapping the Connections Inside Russia's APT Ecosystem
This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If...
Why we Should be Paying More Attention to Linux Threats
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...
Siemplify and Intezer: Incorporate Genetic Malware Analysis into your SOAR Platform (Video)
One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the problem...
Intezer Analyze Community: Mapping Code Connections Between Malware Samples
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...
How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers
Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...
Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...
HiddenWasp and the Emergence of Linux-based Threats
This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May
1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...
HiddenWasp Malware Stings Targeted Linux Systems
Overview • Intezer has discovered a new, sophisticated malware that we have named “HiddenWasp”, targeting Linux systems. • The malware is still...
Top Five Community Uploads | April 2019
This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...
Meet the Team: Shaul Holtzman
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
Scan the Memory of Entire Endpoints using Genetic Malware Analysis
Update January 2023: For the most recent information about our solutions for endpoint forensics and memory analysis, check out this blog. I...
Top Five Community Uploads | March 2019
Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...
What is Genetic Malware Analysis?
At Intezer, we view malware analysis as a key component in properly and effectively responding to security incidents. We have introduced a...
ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...