Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Detecting The Agent Tesla Malware Family

By Keith J. Jones – July 2, 2024

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple... Read more »

Detecting Gozi Banking Malware

By Keith J. Jones – September 7, 2023

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your... Read more »

Give me my stats!

By Keith J. Jones – September 20, 2020

I often develop packages for Zeek in cluster mode. In this configuration, it can be difficult to debug your package because it is a continually running environment with real, and often unpredictable, network data. If you add to that other packages... Read more »