Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-15SentinelOnePhil Stokes
@online{stokes:20211115:infect:a1d440c, author = {Phil Stokes}, title = {{Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma}}, date = {2021-11-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macma/}, language = {English}, urldate = {2021-11-17} } Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma
CDDS
2021-11-11SentinelOneNiranjan Jayanand
@online{jayanand:20211111:is:b8f1a8b, author = {Niranjan Jayanand}, title = {{Is SquirrelWaffle the New Emotet? How to Detect the Latest MalSpam Loader}}, date = {2021-11-11}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/is-squirrelwaffle-the-new-emotet-how-to-detect-the-latest-malspam-loader/}, language = {English}, urldate = {2021-11-12} } Is SquirrelWaffle the New Emotet? How to Detect the Latest MalSpam Loader
Squirrelwaffle
2021-10-18SentinelOneAntonis Terefos
@online{terefos:20211018:karma:04248e2, author = {Antonis Terefos}, title = {{Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree}}, date = {2021-10-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/karma-ransomware-an-emerging-threat-with-a-hint-of-nemty-pedigree/}, language = {English}, urldate = {2021-10-24} } Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree
Karma Nemty
2021-09-30SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20210930:new:c3f26e0, author = {Amitai Ben Shushan Ehrlich}, title = {{New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education}}, date = {2021-09-30}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/new-version-of-apostle-ransomware-reemerges-in-targeted-attack-on-higher-education/}, language = {English}, urldate = {2021-10-11} } New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Apostle
2021-09-20SentinelOnePhil Stokes
@online{stokes:20210920:defeating:452749e, author = {Phil Stokes}, title = {{Defeating macOS Malware Anti-Analysis Tricks with Radare2}}, date = {2021-09-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/defeating-macos-malware-anti-analysis-tricks-with-radare2/}, language = {English}, urldate = {2021-10-11} } Defeating macOS Malware Anti-Analysis Tricks with Radare2
EvilQuest
2021-09-13SentinelOneAntonio Pirozzi, Antonio Cocomazzi
@online{pirozzi:20210913:hide:345ced5, author = {Antonio Pirozzi and Antonio Cocomazzi}, title = {{Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms}}, date = {2021-09-13}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/}, language = {English}, urldate = {2021-09-14} } Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
Zloader
2021-09-08SentinelOneJuan Andrés Guerrero-Saade, Igor Tsemakhovich
@techreport{guerrerosaade:20210908:egomaniac:9397249, author = {Juan Andrés Guerrero-Saade and Igor Tsemakhovich}, title = {{Egomaniac: An Unscrupulous Turkish-Nexus Threat Actor}}, date = {2021-09-08}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2021/09/SentinelOne_-SentinelLabs_EGoManiac_WP_V4.pdf}, language = {English}, urldate = {2021-10-24} } Egomaniac: An Unscrupulous Turkish-Nexus Threat Actor
Ahtapot Rad Turkojan
2021-09-01SentinelOneSentinelOne
@online{sentinelone:20210901:watchtower:65a4e3f, author = {SentinelOne}, title = {{WatchTower | August 2021 TLP: WHITE | Intelligence-Driven Threat Hunting}}, date = {2021-09-01}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/watchtower1-white/watchtower_aug2021_white_132a}, language = {English}, urldate = {2021-09-02} } WatchTower | August 2021 TLP: WHITE | Intelligence-Driven Threat Hunting
2021-08-23SentinelOneYi-Jhen Hsieh, Joey Chen
@techreport{hsieh:20210823:shadowpad:58780f1, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage}}, date = {2021-08-23}, institution = {SentinelOne}, url = {https://conference.hitb.org/hitbsecconf2021sin/materials/D1T1%20-%20%20ShadowPad%20-%20A%20Masterpiece%20of%20Privately%20Sold%20Malware%20in%20Chinese%20Espionage%20-%20Yi-Jhen%20Hsieh%20&%20Joey%20Chen.pdf}, language = {English}, urldate = {2022-07-18} } ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage
PlugX ShadowPad
2021-07-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210729:meteorexpress:0e9bb5a, author = {Juan Andrés Guerrero-Saade}, title = {{MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll}}, date = {2021-07-29}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/}, language = {English}, urldate = {2021-07-29} } MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
Meteor
2021-07-26SentinelOnePhil Stokes
@online{stokes:20210726:detecting:5795d48, author = {Phil Stokes}, title = {{Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger}}, date = {2021-07-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/}, language = {English}, urldate = {2021-07-26} } Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
Xloader
2021-07-08SentinelOneIdan Weizman, Antonio Pirozzi
@online{weizman:20210708:conti:db03f2a, author = {Idan Weizman and Antonio Pirozzi}, title = {{Conti Unpacked: Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis}}, date = {2021-07-08}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked}, language = {English}, urldate = {2021-07-12} } Conti Unpacked: Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis
Conti
2021-06-24SentinelOneMarco Figueroa
@online{figueroa:20210624:evasive:7f0d507, author = {Marco Figueroa}, title = {{Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros}}, date = {2021-06-24}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/}, language = {English}, urldate = {2021-06-29} } Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros
IcedID
2021-06-21SentinelOneSentinelOne
@online{sentinelone:20210621:darkradiation:03c7054, author = {SentinelOne}, title = {{DarkRadiation | Abusing Bash For Linux and Docker Container Ransomware}}, date = {2021-06-21}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/darkradiation-abusing-bash-for-linux-and-docker-container-ransomware/}, language = {English}, urldate = {2021-06-23} } DarkRadiation | Abusing Bash For Linux and Docker Container Ransomware
DarkRadiation
2021-06-16SentinelOneAntonio Pirozzi
@online{pirozzi:20210616:gootloader:b2ba777, author = {Antonio Pirozzi}, title = {{Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets}}, date = {2021-06-16}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/}, language = {English}, urldate = {2021-06-21} } Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
GootLoader
2021-06-08SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210608:thundercats:8eac3cd, author = {Juan Andrés Guerrero-Saade}, title = {{ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op}}, date = {2021-06-08}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op/}, language = {English}, urldate = {2021-06-09} } ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
Mail-O SManager Tmanger
2021-06-01SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210601:noblebaron:20dd227, author = {Juan Andrés Guerrero-Saade}, title = {{NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks}}, date = {2021-06-01}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/}, language = {English}, urldate = {2021-06-09} } NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
Cobalt Strike
2021-05-25SentinelOneAmitai Ben Shushan Ehrlich
@techreport{ehrlich:20210525:from:ebe10c3, author = {Amitai Ben Shushan Ehrlich}, title = {{From Wiper to Ransomware: The Evolution of Agrius}}, date = {2021-05-25}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2021/05/SentinelLabs_From-Wiper-to-Ransomware-The-Evolution-of-Agrius.pdf}, language = {English}, urldate = {2022-12-08} } From Wiper to Ransomware: The Evolution of Agrius
Apostle DEADWOOD
2021-05-20SentinelOneMarco Figueroa
@online{figueroa:20210520:caught:04692f1, author = {Marco Figueroa}, title = {{Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers}}, date = {2021-05-20}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/caught-in-the-cloud-how-a-monero-cryptominer-exploits-docker-containers/}, language = {English}, urldate = {2021-05-26} } Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers
2021-05-10SentinelOneSentinelOne
@online{sentinelone:20210510:meet:e3c28b4, author = {SentinelOne}, title = {{Meet DarkSide and Their Ransomware – SentinelOne Customers Protected}}, date = {2021-05-10}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/meet-darkside-and-their-ransomware-sentinelone-customers-protected/}, language = {English}, urldate = {2021-05-13} } Meet DarkSide and Their Ransomware – SentinelOne Customers Protected
DarkSide