Malware Analysis Archives

HabitsRAT Used to Target Linux and Windows Servers

We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...

Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...

Top 10 Cloud Malware Threats

They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...

New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...

When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?

Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...

Year of the Gopher: 2020 Go Malware Round-Up

Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...

ELF Malware Analysis 101: Part 3 - Advanced Analysis

Getting Caught Up to Speed So far in this series we have profiled the ELF threat landscape and covered the most common...

New Feature: Get More Context for your Analysis with TTPs

Classifying a threat is just the first step in a malware analyst’s investigation. You know it’s malicious but what does it do?...

Proactive Hunting with Intezer

What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....

Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets

Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors...

Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers

Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed...

ELF Malware Analysis 101 Part 2: Initial Analysis

Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...

Intezer Analyze Community: 2019 Recap and Trends

Emotet, Trickbot, and Lazarus were the most common threats detected by the community in 2019. Linux threats, with code connections to Mirai,...

2019: A Year-in-Review

What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...

ChinaZ Updates Toolkit by Introducing New, Undetected Malware

Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...

< 1

Now Supporting Genetic Malware Analysis for Android Applications

We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...

Intezer Analyze Community: Buhtrap, Divergent, Kronos, and More

In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...

Revealing the Origins of Software

Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...

Genetic Malware Analysis for Golang

Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...

ACBackdoor: Analysis of a New Multiplatform Backdoor

Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...

PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers

Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...

Intezer Analyze Community Halloween Edition: Trickbot or Treat!

In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...

Intezer Analyze Use Case: Visibility Among Global SOCs

For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...

Mapping the Connections Inside Russia's APT Ecosystem

This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If...

Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns

Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...

Why we Should be Paying More Attention to Linux Threats

In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...

Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More

In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...

< 1

Siemplify and Intezer: Incorporate Genetic Malware Analysis into your SOAR Platform (Video)

One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the problem...

Intezer Analyze Community: Mapping Code Connections Between Malware Samples

In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...

Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...

EvilGnome: Rare Malware Spying on Linux Desktop Users

Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system...

How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers

Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...

Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More

1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...

Intezer and IBM Resilient Integrate to Enrich Threat Investigations with Genetic Malware Analysis

I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to...

HiddenWasp and the Emergence of Linux-based Threats

This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...

Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May

1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...

Top Five Community Uploads | April 2019

This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...

Genetic Malware Analysis Use Cases: Financial Services

2018 saw an increase in distributed denial-of-service (DDoS) attacks and phishing campaigns targeting financial services institutions. Malware, in particular, continues to play...

Meet the Team: Shaul Holtzman

Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....

Scan the Memory of Entire Endpoints using Genetic Malware Analysis

I am excited to announce the launch of a new Endpoint Analysis solution, located within the Intezer Analyze™ platform. The Endpoint Analysis solution consists...

Top Five Community Uploads | March 2019

Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...

Technical Analysis: Pacha Group Deploying Undetected Cryptojacking Campaigns on Linux Servers

Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...

Pacha Group, A New Threat Actor Deploying Undetected Cryptojacking Campaigns on Linux Servers

Key Takeaways: • Intezer has evidence of a new threat actor, calling it Pacha Group, which has been deploying undetected cryptojacking campaigns...

Top Five Community Uploads | February 2019

As manager of the free Intezer Analyze community edition I witness first hand the interesting samples our users upload on a daily...

What is Genetic Malware Analysis?

At Intezer, we view malware analysis as a key component in properly and effectively responding to security incidents. We have introduced a...

ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups

Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...

Used by

Used for

Capabilities

Security for