Quantcast
Channel: Research Archives - Intezer
Browsing all 49 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Verifying Code Reuse Between Ursnif and ‘Brexit’ Malware Campaign Targeting...

Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using Brexit as a topical lure to attract...

View Article



Image may be NSFW.
Clik here to view.

ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat...

Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. An example of these...

View Article

Image may be NSFW.
Clik here to view.

Executable and Linkable Format 101 Part 4: Dynamic Linking

This is a new post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the format and the current Linux threat landscape. Part 1 (Sections and Segments)...

View Article

Image may be NSFW.
Clik here to view.

EvilGnome: Rare Malware Spying on Linux Desktop Users

Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web...

View Article

Image may be NSFW.
Clik here to view.

Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

  Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux machines in newer campaigns...

View Article


Image may be NSFW.
Clik here to view.

Mapping the Connections Inside Russia’s APT Ecosystem

This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If the names Turla, Sofacy, and APT29 strike fear into your heart,...

View Article

Image may be NSFW.
Clik here to view.

PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks...

Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack groups This is a mutual research between Intezer and IBM’s...

View Article

Image may be NSFW.
Clik here to view.

Verifying Code Reuse Between Ursnif and ‘Brexit’ Malware Campaign Targeting...

Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using Brexit as a topical lure to attract...

View Article


Image may be NSFW.
Clik here to view.

ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat...

Introduction Distributed denial-of-service (DDoS) attacks were on the rise in 2018, ranging from a high volume of Mirai attacks to more sophisticated botnets targeting enterprises. An example of these...

View Article


Image may be NSFW.
Clik here to view.

Executable and Linkable Format 101 Part 4: Dynamic Linking

This is a new post in our Executable and Linkable Format (ELF) 101 series, where the goal is to spread awareness about the format and the current Linux threat landscape. Part 1 (Sections and Segments)...

View Article

Image may be NSFW.
Clik here to view.

EvilGnome: Rare Malware Spying on Linux Desktop Users

Introduction Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web...

View Article

Image may be NSFW.
Clik here to view.

Watching the WatchBog: New BlueKeep Scanner and Linux Exploits

  Overview We have discovered a new version of WatchBog—a cryptocurrency-mining botnet operational since late 2018—that we suspect has compromised more than 4,500 Linux machines in newer campaigns...

View Article

Image may be NSFW.
Clik here to view.

Mapping the Connections Inside Russia’s APT Ecosystem

This research is a joint effort conducted by Omri Ben-Bassat from Intezer and Itay Cohen from Check Point Research. Prologue пролог If the names Turla, Sofacy, and APT29 strike fear into your heart,...

View Article


Image may be NSFW.
Clik here to view.

PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks...

Analysis by Intezer and IBM X-Force points its origins to a Malware-as-a-Service (MaaS) provider utilized by the Cobalt Gang and FIN6 attack groups This is a mutual research between Intezer and IBM’s...

View Article

Image may be NSFW.
Clik here to view.

Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers

Intro In early December, we discovered a new, undetected worm written in Golang. This worm continues the popular 2020 trend of multi-platform malware developed in Golang. The worm attempts to spread...

View Article


Image may be NSFW.
Clik here to view.

Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto...

Already with thousands of victims. Intro With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors wishing to leverage these capitals for their own...

View Article

Image may be NSFW.
Clik here to view.

A Rare Look Inside a Cryptojacking Campaign and its Profit

Intro Linux threats are becoming more frequent. A common type of Linux threat is cryptojacking, which is the unauthorized use of an IT system for the purpose of mining cryptocurrency. While...

View Article


Image may be NSFW.
Clik here to view.

How We Escaped Docker in Azure Functions

Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months we identified vulnerabilities in Microsoft Azure Network...

View Article

Image may be NSFW.
Clik here to view.

Year of the Gopher: 2020 Go Malware Round-Up

Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few years, almost an increase of 2000% new malware written in Go has been found in...

View Article

Image may be NSFW.
Clik here to view.

New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to be developed by Chinese nation-state...

View Article
Browsing all 49 articles
Browse latest View live




Latest Images