Intezer Analyze Use Case: Visibility Among Global SOCs
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for organizations to have several security operations centers (SOCs) disseminated globally in regions such as the Americas, APAC, and EMEA. While individual SOCs may be focused on protecting a specific region, these teams can […]
Mapping the Connections Inside Russia’s APT Ecosystem
This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If the names Turla, Sofacy, and APT29 strike fear into your heart, you are not alone. These are known to be some of the most advanced, sophisticated and notorious APT groups out there, and […]
Why we Should be Paying More Attention to Linux Threats
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of Linux-based threats. This threat ecosystem is heavily concentrated with financial driven crypto-miners and DDoS botnet tools which primarily target vulnerable Linux servers. In addition, more sophisticated threats utilizing rare evasion techniques exist within […]
Intezer Analyze Community: GonnaCry, HawkEye, BXAQ and More
In July, Intezer Analyze community detections included GonnaCry ransomware, the HawkEye malware kit, and BXAQ, the spyware that Chinese authorities have been installing onto foreign travelers’ Android devices. 1) GonnaCry [Link to Analysis] GonnaCry is an open-source ransomware designed for the Linux platform. GonnaCry’s source code is downloaded from GitHub and utilized by attackers to […]
Intezer Analyze Community: Mapping Code Connections Between Malware Samples
In addition to highlighting five notable file uploads and endpoint scans made by our community users each month, I thought it was important to visualize the code reuse connections between the malware detected and their respective malware families. The following graphic represents a mapping of file uploads made to the Intezer Analyze community in June […]
Intezer Analyze Community: BlackSquid, RobbinHood Ransomware and More
1) BlackSquid [Link to Analysis] BlackSquid is a Monero crypto-miner which was recently discovered by researchers at Trend Micro. According to Trend Micro, BlackSquid uses up to eight different exploits to stealthily infect web servers and it can also laterally propagate through a network in a worm-like fashion. In order to avoid detection, the malware […]
Intezer and IBM Resilient Integrate to Enrich Threat Investigations with Genetic Malware Analysis
I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to enrich their incident response with unique information gleaned from Genetic Malware Analysis technology, including code and string reuse, malware family classification and threat actor attribution. As a result, incident responders will be better […]
Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May
1) Pirpi (APT3) [Link to Analysis] APT3, commonly referred to as Gothic Panda, TG-0110 and Buckeye, is a Chinese cyber espionage group linked to the Chinese Ministry of State Security (MSS). At its inception, the group targeted government organizations in the United States but since March 2016 it has targeted primarily Hong Kong government agencies. […]
Meet the Team: Shaul Holtzman
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats. 1. When did you start working at Intezer? I joined Intezer in April 2018. I had heard about the company when it was founded in 2015. I knew of the founders, specifically Itai […]
Fileless Malware: Scanning Endpoint Memory with Genetic Analysis
Update January 2023: For the most recent information about our solutions for endpoint forensics and memory analysis, check out this blog. I am excited to announce the launch of a new Endpoint Memory Analysis solution, located within the Intezer Analyze platform. The Endpoint Analysis solution consists of a zero-installation scanner that analyzes every single piece of code […]