This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive...
As part of our ongoing effort to allow you to investigate any security incident, we have made an important expansion to the...
Save time during incident response with these tips and tools to help your team accelerate HD, memory, and live...
All the most common file types that can be used to deliver malicious code, including Microsoft Office files, are supported in Intezer...
Malware researchers require a diverse skill set usually gained over time through experience and self-training. Reverse engineering (RE) is an integral part of...
Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because...
The skillset of performing binary analysis may to some appear to be limited to a few undeadly souls. While it may look...
Research between Intezer and Checkmarx describes ChainJacking, a type of software supply chain attack that could be potentially exploited by threat actors...
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
When analyzing malware, one of the goals in addition to identifying what malware it is, is to understand what it does when...
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...
We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you...
Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular both in...
The MITRE Corporation recently released MITRE D3FEND™, a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. D3FEND provides defense techniques that...
Automate malware analysis of Netfilter rootkit and other advanced threats. Obtain deep insights without long, manual effort. News broke in June about a...
Itai Tevet, CEO of Intezer, shares the company’s vision for a simplified, consolidated malware analysis experience. Since its inception, Intezer has strived...
In May 2021, Fortinet published a report about the early stages of an ongoing phishing attack against the Ukrainian government. The attack, initially...
Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...
Malware threats come in many forms. You can now analyze more of them with Intezer Analyze We have made a major expansion...
With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...
Bazar is the latest tool developed by the TrickBot gang Common malware used for cybercrime such as Agent Tesla, Dridex and Formbook...
We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...
New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...
They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...
We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...
Dov Lerner from Cybersixgill contributed to this report Intro Programmers frequently reuse code, as recycling something that is already written and functional is...
Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...
Getting Caught Up to Speed So far in this series we have profiled the ELF threat landscape and covered the most common...
Classifying a threat is just the first step in a malware analyst’s investigation. You know it’s malicious but what does it do?...
What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....
Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors...
Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed...
Introduction In the previous article we profiled the ELF malware landscape and explained how malware infects systems. We discussed the current lack...
IDA Pro is the most common reverse engineering platform for disassembling computer software. The Intezer Analyze IDA Pro plugin accelerates reverse engineering...
Emotet, Trickbot, and Lazarus were the most common threats detected by the community in 2019. Linux threats, with code connections to Mirai,...
What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...
Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous...
We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...
In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1)...
Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
Introduction We have discovered an undetected Linux backdoor which does not have any known connections to other threat groups. VirusTotal detection rate...
Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...
In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special...
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If...
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been...
One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the problem...
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was...
Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...
Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system...
Introduction It is rare to see ransomware being used to target the Linux operating system. However, cyber criminals seem to adapt to...
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend...
I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to...
This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group...
This month’s Intezer Analyze community findings include malware employed by two cyber espionage groups linked to the Russian government and an endpoint...
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
I am excited to announce the launch of a new Endpoint Analysis solution, located within the Intezer Analyze™ platform. The Endpoint Analysis solution consists...
Last month I published a blog post highlighting notable uploads made by the Intezer Analyze community during the month of February. In...
Introduction Cryptomining malware, also known as cryptojacking or cryptocurrency mining malware, refers to software developed to take over a computer’s resources and...
Key Takeaways: • Intezer has evidence of a new threat actor, calling it Pacha Group, which has been deploying undetected cryptojacking campaigns...
As manager of the free Intezer Analyze community edition I witness first hand the interesting samples our users upload on a daily...