Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs
Learn about a new backdoor, novel XLL execution trick. AI-generated decoy documents, exploitation of a new WinRar CVE and more.
Beginner’s guide to malware analysis and reverse engineering
The article introduces a flexible and practical approach to malware analysis for beginners and experts alike.
The AI SOC Analyst Advantage: The Complete Package With Built-In Reverse Engineering
Imagine hiring the perfect Security Operations Center (SOC) analyst—one with expert-level reverse engineering skills, 24/7/365 availability, and every tool your team could possibly need. This is the reality Intezer’s Autonomous SOC delivers every day to modern security teams. Meet Your SOC AI Analyst Adopting Intezer’s Autonomous SOC platform is like onboarding a world-class security analyst, […]
XE Group: From Credit Card Skimming to Exploiting Zero-Days
Written by Nicole FIshbein, Joakim Kennedy and Justin Lentz Executive Summary This blog provides an in-depth analysis of XE Group’s recent operations based on a collaborative research effort with Solis Security. The team’s findings include detailed technical insights into the exploits used by XE Group, including their utilization of zero-day vulnerabilities (CVE-2024-57968 CVSS score 9.9, […]
Bringing Reverse Engineering to the Frontline of SecOps
In cybersecurity, initial alert triage is like detective work. It demands quick, detailed, and accurate analysis to separate real threats from false positives. But most Security Operations Centers (SOCs) face overwhelming challenges including skyrocketing alert volumes, resource shortages, and limited time for investigations. At Intezer, we’ve reimagined the triage process by bringing reverse engineering (RE)—a […]
Babble Babble Babble Babble Babble Babble BabbleLoader
Loaders, an Ever Evolving Market The pace of innovation and development in the malware detection market is relentless, the same goes for the development of malware itself. Constantly charging and adapting to create ever more evasive and capable payloads. One such sector of this market is the loader (also called crypter or packer) market. In […]
Technical Analysis of a Novel IMEEX Framework
The IMEEX framework is a newly discovered, custom-built malware designed to target Windows systems. Delivered as a 64-bit DLL, it offers attackers extensive control over compromised machines. This framework is notable for its robust capabilities, featuring a wide array of functionalities, including execution of additional modules, file manipulation, process management, registry modification, and remote command […]
There’s Something About CryptBot: Yet Another Silly Stealer (YASS)
Written by Ryan Robinson and Joakim Kennedy Recently Intezer was investigating a file that we came across during alert triage. This particular file piqued our interest due to the interesting delivery chain, and the even more interesting payload, an intricate infostealer. Intezer has amazing code genetic analysis technology, showing us overlaps of code reuse between […]
Dissecting SSLoad Malware: A Comprehensive Technical Analysis
Written by Nicole Fishbein and Ryan Robinson SSLoad is a stealthy malware that is used to infiltrate systems through phishing emails, gather reconnaissance and transmit it back to its operators while delivering various payloads. Recently, Unit42 highlighted an active campaign leveraging SSLoad in their attack arsenal. One attack vector involves a decoy Word document that delivers […]
Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk
Written by Nicole Fishbein and Ryan Robinson On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. […]