2019: A Year-in-Review
What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important features to our Genetic Malware Analysis product: Intezer Analyze, and expanded our client portfolio with the addition of many diverse customers including Fortune 500 companies, cutting edge startups, and elite government agencies. In […]
ChinaZ Updates Toolkit by Introducing New, Undetected Malware
Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous article discussing connections between ChinaZ and other Chinese threat actors. Recently, we have discovered new tools being utilized by ChinaZ which have low detection rates in comparison to the group’s other, more common malware. VirusTotal […]
Intezer Analyze Community: Buhtrap, Divergent, Kronos, and More
In this month’s community highlights we see a range of malware types, including banking trojans, exploit kits, and nation-state sponsored threats. 1) Divergent [Link to Analysis] Divergent is a malware family which is used for generating profit, mainly by taking advantage of click-fraud techniques against its victims. This malware causes an infected machine to issue requests to […]
Revealing the Origins of Software with Genetic Analysis
Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage, such as stealing data, installing a backdoor, or deleting sensitive materials, they must run code on a target’s computer or server (in the cloud or on-premise). While traditional anomaly detection solutions can effectively alert us […]
Genetic Malware Analysis for Golang
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and classify malware written in Go, within seconds! Why is this Important? Golang, also known as Go, is Google’s open-source programming language which has become popular among developers in the Windows and Linux platforms. While […]
PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack groups This is a mutual research between Intezer and IBM’s X-Force IRIS team We have found a new and undetected ransomware threat that is being used for targeted attacks against production servers of enterprises. Using code […]
Intezer Analyze Community Halloween Edition: Trickbot or Treat!
In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special treat, we’re giving away three code-based YARA signatures, made possible by our Genetic Malware Analysis technology, which can be used to hunt for additional variants of these threats! 1) Trickbot [Link to Analysis] […]
Intezer Analyze Use Case: Visibility Among Global SOCs
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for organizations to have several security operations centers (SOCs) disseminated globally in regions such as the Americas, APAC, and EMEA. While individual SOCs may be focused on protecting a specific region, these teams can […]
Mapping the Connections Inside Russia’s APT Ecosystem
This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If the names Turla, Sofacy, and APT29 strike fear into your heart, you are not alone. These are known to be some of the most advanced, sophisticated and notorious APT groups out there, and […]
Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems (NAS servers). We have now identified a new QNAPCrypt sample which is being used by the same threat actor group. The authors behind this new ransomware instance have revealed enough evidence for us […]