Security ROI: Time & Resource Savings for IR/SOC Teams
Automation can augment your security team to help you manage never-ending alerts, reduce skill gaps, and respond faster.
SOC Level Up: Introduction to Sigma Rules
Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used across multiple environments. By learning how Sigma rules work and how to create them, you can take your SOC skills to the next level. Detecting security breaches inside an infrastructure is heavily based […]
Scale Incident Response with Detection Engineering: Intezer Detect & Hunt
Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are facing a severe resource shortage. There are more open positions than people to staff, and on top of that, it is difficult to find talent with the required skills. Although there are many […]
Detection Rules for Sysjoker (and How to Make Them With Osquery)
On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS, and Linux. At the time of the publication, the Linux and macOS versions were not detected by any scanning engines on VirusTotal. As a consequence to this, we decided to release a followup […]
The Role of Malware Analysis in Cybersecurity
Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because of its versatility. It may involve a virus to a devastating ransomware attack. Security analysts use methods and tools to analyze suspicious files in search of malware. In this post, we’ll explore the […]
ChinaZ Updates Toolkit by Introducing New, Undetected Malware
Introduction ChinaZ is a Chinese cybercrime group and the author of several DDoS malware. We have profiled this group in a previous article discussing connections between ChinaZ and other Chinese threat actors. Recently, we have discovered new tools being utilized by ChinaZ which have low detection rates in comparison to the group’s other, more common malware. VirusTotal […]
PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack groups This is a mutual research between Intezer and IBM’s X-Force IRIS team We have found a new and undetected ransomware threat that is being used for targeted attacks against production servers of enterprises. Using code […]
Intezer Analyze Community Halloween Edition: Trickbot or Treat!
In the spirit of Halloween we’re spotlighting three “spooky” threats detected by the Intezer Analyze community in October. And as a special treat, we’re giving away three code-based YARA signatures, made possible by our Genetic Malware Analysis technology, which can be used to hunt for additional variants of these threats! 1) Trickbot [Link to Analysis] […]
Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems (NAS servers). We have now identified a new QNAPCrypt sample which is being used by the same threat actor group. The authors behind this new ransomware instance have revealed enough evidence for us […]