Why should you use correlation rules on top of traditional signatures?

February 4, 2020 | Javier Ruiz
Javier Ruiz

Javier Ruiz

Javier Ruiz is a Security Researcher working in AT&T Alien Labs team. He is very passionate about the InfoSec world and loves to do investigation and contribute to the community. Prior to working in security roles he studied Telecommunication Engineering and also has a masters degree in cybersecurity. His main passion is focused on analyzing malware, reverse engineering and learning about new ways of attacking endpoint systems.

February 4, 2020 | Javier Ruiz

Why should you use correlation rules on top of traditional signatures?

The AT&T Cybersecurity Alien Labs team is in charge of writing correlation rules and releasing threat intelligence updates on a day-to-day basis. When researchers in the team find new malware families or threats, we always try to find the best approach to keep our customers protected. In this blog, we will look into some of the differences between…

March 5, 2019 | Javier Ruiz

Troubleshooting TrickBot and RevengeRAT Malware with USM Anywhere

MITRE ATT&CK™ (Adversarial Tactics, Techniques and Common Knowledge) is a framework for understanding attackers’ behaviors and actions. We are pleased to announce that AlienVault USM Anywhere and Open Threat Exchange (OTX)  now include MITRE ATT&CK™ information. By mapping alarms to their corresponding ATT&CK techniques,…

Get the latest security news in your inbox.

Subscribe via email


December 17, 2018 | Javier Ruiz

Malware Analysis using Osquery | Part 3

In part 1 of this blog series, we analyzed malware behaviour, and, in part 2, we learned how to detect persistence tricks used in malware attacks. Still, there are more types of events that we can observe with Osquery when malicious activity happens. So, in the last blog post of the series, we will discuss how to detect another example of a…

September 6, 2018 | Javier Ruiz

Malware Analysis using Osquery Part 2

In the first part of this series, we saw how you can use Osquery to analyze and extract valuable information about malware’s behavior. In that post, we followed the activity of the known Emotet loader, popular for distributing banking trojans. Using Osquery, we were able to discover how it infects a system using a malicious Microsoft Office document…

July 31, 2018 | Javier Ruiz

Malware Analysis using Osquery Part 1

Tools like Sysmon and Osquery are useful in detecting anomalous behavior on endpoints. These tools give us good visibility of what’s happening on endpoints by logging multiple types of events, which we can forward to a SIEM or other correlation system for analysis. In this blog series, we’ll analyze different malware families, looking at the types…

June 1, 2018 | Javier Ruiz

Satan Ransomware Spawns New Methods to Spread

Today, we are sharing an example of how previously known malware keeps evolving and adding new techniques to infect more systems. BleepingComputer first reported on Satan ransomware in January 2017. Recently, Satan Ransomware was identified as using the EternalBlue exploit to spread across compromised environments (BartBlaze’s blog). This is the same exploit associated with a previous WannaCry Ransomware campaign.…