Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-29SentinelOneAlex Delamotte, Jim Walter
@online{delamotte:20230629:rhysida:bd98b88, author = {Alex Delamotte and Jim Walter}, title = {{Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army}}, date = {2023-06-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army/}, language = {English}, urldate = {2023-07-05} } Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army
Rhysida
2023-03-13SentinelOneJim Walter
@online{walter:20230313:catb:ea73312, author = {Jim Walter}, title = {{CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking}}, date = {2023-03-13}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/}, language = {English}, urldate = {2023-03-15} } CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking
CatB
2023-02-15SentinelOneJim Walter
@online{walter:20230215:recent:12930ef, author = {Jim Walter}, title = {{Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family}}, date = {2023-02-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/recent-tzw-campaigns-revealed-as-part-of-globeimposter-malware-family/}, language = {English}, urldate = {2023-02-17} } Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
GlobeImposter
2022-09-15SentinelOneJim Walter
@online{walter:20220915:from:0d72348, author = {Jim Walter}, title = {{From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder}}, date = {2022-09-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-slam-anatomy-of-a-publicly-available-ransomware-builder/}, language = {English}, urldate = {2022-09-26} } From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder
Slam
2022-09-08Sentinel LABSAleksandar Milenkoski, Jim Walter
@online{milenkoski:20220908:crimeware:9c7be9a, author = {Aleksandar Milenkoski and Jim Walter}, title = {{Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection}}, date = {2022-09-08}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/}, language = {English}, urldate = {2022-09-10} } Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
AgendaCrypt Black Basta BlackCat PLAY
2022-08-25SentinelOneJim Walter
@online{walter:20220825:bluesky:1d0f4f0, author = {Jim Walter}, title = {{BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar}}, date = {2022-08-25}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/bluesky-ransomware-ad-lateral-movement-evasion-and-fast-encryption-puts-threat-on-the-radar/}, language = {English}, urldate = {2022-08-30} } BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
BlueSky Cobalt Strike JuicyPotato
2022-07-21Sentinel LABSJim Walter, Aleksandar Milenkoski
@online{walter:20220721:lockbit:e7279b7, author = {Jim Walter and Aleksandar Milenkoski}, title = {{LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques}}, date = {2022-07-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/}, language = {English}, urldate = {2022-07-25} } LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
LockBit
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:f0328ef, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility}, language = {English}, urldate = {2022-07-25} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit BRONZE STARLIGHT
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:da3d5d1, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/}, language = {English}, urldate = {2022-04-29} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-03-29SentinelOneJames Haughom, Antonis Terefos, Jim Walter, Jeff Cavanaugh, Nick Fox, Shai Tilias
@online{haughom:20220329:from:5e4b8cc, author = {James Haughom and Antonis Terefos and Jim Walter and Jeff Cavanaugh and Nick Fox and Shai Tilias}, title = {{From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection}}, date = {2022-03-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/hive-ransomware-deploys-novel-ipfuscation-technique/}, language = {English}, urldate = {2022-03-31} } From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
Cobalt Strike Hive
2022-01-18SentinelOneJim Walter
@online{walter:20220118:blackcat:39c437d, author = {Jim Walter}, title = {{BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims}}, date = {2022-01-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/}, language = {English}, urldate = {2022-01-19} } BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims
BlackCat
2021-12-23SentinelOneJim Walter
@online{walter:20211223:new:1768cb6, author = {Jim Walter}, title = {{New Rook Ransomware Feeds Off the Code of Babuk}}, date = {2021-12-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/new-rook-ransomware-feeds-off-the-code-of-babuk/}, language = {English}, urldate = {2021-12-31} } New Rook Ransomware Feeds Off the Code of Babuk
Rook
2021-10-28Sentinel LABSJim Walter, Niranjan Jayanand
@online{walter:20211028:spook:1ab988d, author = {Jim Walter and Niranjan Jayanand}, title = {{Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t}}, date = {2021-10-28}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/spook-ransomware-prometheus-derivative-names-those-that-pay-shames-those-that-dont/}, language = {English}, urldate = {2021-11-03} } Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t
Prometheus
2021-08-23Sentinel LABSJim Walter, Juan Andrés Guerrero-Saade
@online{walter:20210823:hive:5a17aae, author = {Jim Walter and Juan Andrés Guerrero-Saade}, title = {{Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare}}, date = {2021-08-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hive-attacks-analysis-of-the-human-operated-ransomware-targeting-healthcare/}, language = {English}, urldate = {2021-08-25} } Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Hive
2021-04-01SentinelOneJim Walter
@online{walter:20210401:avaddon:6735c18, author = {Jim Walter}, title = {{Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage}}, date = {2021-04-01}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/avaddon-raas-breaks-public-decryptor-continues-on-rampage/}, language = {English}, urldate = {2021-04-09} } Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage
Avaddon
2021-03-08Sentinel LABSJim Walter
@online{walter:20210308:hellokitty:e063f92, author = {Jim Walter}, title = {{HelloKitty Ransomware Lacks Stealth, But Still Strikes Home}}, date = {2021-03-08}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hellokitty-ransomware-lacks-stealth-but-still-strikes-home/}, language = {English}, urldate = {2021-03-11} } HelloKitty Ransomware Lacks Stealth, But Still Strikes Home
HelloKitty
2021-02-03SentinelOneJim Walter
@online{walter:20210203:zeoticus:b4fee76, author = {Jim Walter}, title = {{Zeoticus 2.0 | Ransomware With No C2 Required}}, date = {2021-02-03}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/zeoticus-2-0-ransomware-with-no-c2-required/}, language = {English}, urldate = {2021-02-04} } Zeoticus 2.0 | Ransomware With No C2 Required
Zeoticus
2020-12-23Sentinel LABSMarco Figueroa, James Haughom, Jim Walter
@online{figueroa:20201223:solarwinds:ff463f0, author = {Marco Figueroa and James Haughom and Jim Walter}, title = {{SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan}}, date = {2020-12-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/solarwinds-understanding-detecting-the-supernova-webshell-trojan/}, language = {English}, urldate = {2020-12-26} } SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
SUPERNOVA
2020-12-23Sentinel LABSMarco Figueroa, James Haughom, Jim Walter
@online{figueroa:20201223:solarwinds:993b625, author = {Marco Figueroa and James Haughom and Jim Walter}, title = {{SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan}}, date = {2020-12-23}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/solarwinds-understanding-detecting-the-supernova-webshell-trojan}, language = {English}, urldate = {2022-07-25} } SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
SUPERNOVA BRONZE SPIRAL
2020-11-25SentinelOneJim Walter
@online{walter:20201125:egregor:5727f7a, author = {Jim Walter}, title = {{Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone}}, date = {2020-11-25}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/}, language = {English}, urldate = {2020-12-08} } Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
Cobalt Strike Egregor