Research Archives - Intezer
6

Phishing Campaign Targets Chinese Nuclear Energy Industry

Intezer has been tracking activity targeting the energy sector and noted a campaign with techniques that align with those of Bitter APT,...

7

Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware ⚡

Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has modular plugins and the ability to install rootkits. Year...

10

OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow

Linux is a popular operating system for servers and cloud infrastructures, and as such it’s not a surprise that it attracts threat...

9

Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations 

A recently developed malware framework called Elephant is being delivered in targeted spear phishing campaigns using spoofed Ukrainian governmental email addresses. The...

5

Detection Rules for Sysjoker (and How to Make Them With Osquery)

On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...

7

New SysJoker Backdoor Targets Windows, Linux, and macOS

Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...

4

Exposed Prefect Workflows Could Lead to Disruptive Attacks

Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...

3

Intezer Analyze Transforms for Maltego

We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you...

6

New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...

7

Targeted Phishing Attack against Ukrainian Government Expands to Georgia

In May 2021, Fortinet published a report about the early stages of an ongoing phishing attack against the Ukrainian government. The attack, initially...

9

Global Phishing Campaign Targets Energy Sector and its Suppliers

Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...

8

Klingon RAT Holding on for Dear Life

With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...

10

New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to...

3

Year of the Gopher: 2020 Go Malware Round-Up

Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...

8

How We Escaped Docker in Azure Functions

Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months...

6

A Rare Look Inside a Cryptojacking Campaign and its Profit

Intro Linux threats are becoming more frequent. A common type of Linux threat is cryptojacking, which is the unauthorized use of an...

3

Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets

Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors...

6

Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers

Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed...

7

PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers

Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack...

6

Mapping the Connections Inside Russia's APT Ecosystem

This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If...

8

Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux...

8

EvilGnome: Rare Malware Spying on Linux Desktop Users

Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system...

5

Executable and Linkable Format 101 Part 4: Dynamic Linking

This is a new post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the...

12

ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups

Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated...

< 1

Verifying Code Reuse Between Ursnif and 'Brexit' Malware Campaign Targeting the United Kingdom

Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using...

New: Connect Microsoft Defender with Intezer's Autonomous SOC solutionNew: Connect Microsoft Defender with Intezer's Autonomous SOC solution Learn more
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt