Malware Analysis using Osquery | Part 3

December 17, 2018 | Javier Ruiz
Javier Ruiz

Javier Ruiz

Javier Ruiz is a Security Researcher working in AT&T Alien Labs team. He is very passionate about the InfoSec world and loves to do investigation and contribute to the community. Prior to working in security roles he studied Telecommunication Engineering and also has a masters degree in cybersecurity. His main passion is focused on analyzing malware, reverse engineering and learning about new ways of attacking endpoint systems.

December 17, 2018 | Javier Ruiz

Malware Analysis using Osquery | Part 3

In part 1 of this blog series, we analyzed malware behaviour, and, in part 2, we learned how to detect persistence tricks used in malware attacks. Still, there are more types of events that we can observe with Osquery when malicious activity happens. So, in the last blog post of the series, we will discuss how to detect another example of a…

September 6, 2018 | Javier Ruiz

Malware Analysis using Osquery Part 2

In the first part of this series, we saw how you can use Osquery to analyze and extract valuable information about malware’s behavior. In that post, we followed the activity of the known Emotet loader, popular for distributing banking trojans. Using Osquery, we were able to discover how it infects a system using a malicious Microsoft Office document…

Get the latest security news in your inbox.

Subscribe via Email

July 31, 2018 | Javier Ruiz

Malware Analysis using Osquery Part 1

Tools like Sysmon and Osquery are useful in detecting anomalous behavior on endpoints. These tools give us good visibility of what’s happening on endpoints by logging multiple types of events, which we can forward to a SIEM or other correlation system for analysis.In this blog series, we’ll analyze different malware families, looking at the types…

June 1, 2018 | Javier Ruiz

Satan Ransomware Spawns New Methods to Spread

Today, we are sharing an example of how previously known malware keeps evolving and adding new techniques to infect more systems.BleepingComputer first reported on Satan ransomware in January 2017. Recently, Satan Ransomware was identified as using the EternalBlue exploit to spread across compromised environments (BartBlaze’s blog). This is the same exploit associated with a previous WannaCry Ransomware campaign.…

Watch a Demo ›