Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-05-15SentinelOnePhil Stokes
@online{stokes:20200515:guide:42eb247, author = {Phil Stokes}, title = {{A Guide to macOS Threat Hunting and Incident Response}}, date = {2020-05-15}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ&xs=123009}, language = {English}, urldate = {2022-03-28} } A Guide to macOS Threat Hunting and Incident Response
2020-05-14SentinelOneJason Reaves
@online{reaves:20200514:deep:1ee83b6, author = {Jason Reaves}, title = {{Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant}}, date = {2020-05-14}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-reversing-the-dropper-variant/}, language = {English}, urldate = {2020-05-18} } Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
TrickBot
2020-05-11SentinelOneGal Kristal
@online{kristal:20200511:anatomy:4ece947, author = {Gal Kristal}, title = {{The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration}}, date = {2020-05-11}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/the-anatomy-of-an-apt-attack-and-cobaltstrike-beacons-encoded-configuration/}, language = {English}, urldate = {2020-05-13} } The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
Cobalt Strike
2020-05-04SentinelOneJim Walter
@online{walter:20200504:meet:7943fa2, author = {Jim Walter}, title = {{Meet NEMTY Successor, Nefilim/Nephilim Ransomware}}, date = {2020-05-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meet-nemty-successor-nefilim-nephilim-ransomware/}, language = {English}, urldate = {2020-06-22} } Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Nefilim Nemty
2020-04-08SentinelOneJason Reaves
@online{reaves:20200408:deep:87b83bb, author = {Jason Reaves}, title = {{Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations}}, date = {2020-04-08}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-hidden-anchor-bot-nexus-operations/}, language = {English}, urldate = {2020-04-13} } Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Anchor TrickBot
2020-03-04SentinelOneJason Reaves
@online{reaves:20200304:breaking:8262e7e, author = {Jason Reaves}, title = {{Breaking TA505’s Crypter with an SMT Solver}}, date = {2020-03-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/breaking-ta505s-crypter-with-an-smt-solver/}, language = {English}, urldate = {2020-03-04} } Breaking TA505’s Crypter with an SMT Solver
Clop CryptoMix MINEBRIDGE
2020-02-26SentinelOneJason Reaves
@online{reaves:20200226:revealing:2c3fc63, author = {Jason Reaves}, title = {{Revealing the Trick | A Deep Dive into TrickLoader Obfuscation}}, date = {2020-02-26}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/}, language = {English}, urldate = {2020-02-27} } Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
TrickBot
2020-02-25SentinelOneJim Walter
@online{walter:20200225:dprk:735f095, author = {Jim Walter}, title = {{DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity}}, date = {2020-02-25}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/dprk-hidden-cobra-update-north-korean-malicious-cyber-activity/}, language = {English}, urldate = {2020-02-27} } DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
ARTFULPIE BISTROMATH BUFFETLINE CHEESETRAY HOPLIGHT HOTCROISSANT SLICKSHOES
2020-02-05SentinelOneVitali Kremez
@online{kremez:20200205:prorussian:4fab984, author = {Vitali Kremez}, title = {{Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting}}, date = {2020-02-05}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting/}, language = {English}, urldate = {2020-02-09} } Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
Pteranodon
2020-01-23SentinelOneJim Walter
@online{walter:20200123:new:8d4a9c2, author = {Jim Walter}, title = {{New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware}}, date = {2020-01-23}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/}, language = {English}, urldate = {2020-01-27} } New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
Snake
2020-01-09SentinelOneVitali Kremez, Joshua Platt, Jason Reaves
@online{kremez:20200109:toptier:4f8de90, author = {Vitali Kremez and Joshua Platt and Jason Reaves}, title = {{Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets}}, date = {2020-01-09}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/}, language = {English}, urldate = {2020-01-13} } Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
TrickBot WIZARD SPIDER
2019-11-21SentinelOneMario Ciccarelli
@online{ciccarelli:20191121:going:0e7cac5, author = {Mario Ciccarelli}, title = {{Going Deep | A Guide to Reversing Smoke Loader Malware}}, date = {2019-11-21}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/going-deep-a-guide-to-reversing-smoke-loader-malware/}, language = {English}, urldate = {2020-01-07} } Going Deep | A Guide to Reversing Smoke Loader Malware
SmokeLoader
2019-08-29SentinelOneDaniel Bunce
@online{bunce:20190829:gootkit:b379f2c, author = {Daniel Bunce}, title = {{Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities}}, date = {2019-08-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/gootkit-banking-trojan-persistence-other-capabilities/}, language = {English}, urldate = {2020-01-08} } Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities
GootKit
2019-08-15SentinelOneDaniel Bunce
@online{bunce:20190815:gootkit:1052b18, author = {Daniel Bunce}, title = {{Gootkit Banking Trojan | Deep Dive into Anti-Analysis Features}}, date = {2019-08-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/gootkit-banking-trojan-deep-dive-anti-analysis-features/}, language = {English}, urldate = {2019-12-20} } Gootkit Banking Trojan | Deep Dive into Anti-Analysis Features
GootKit
2019-05-20SentinelOneSentinelOne
@online{sentinelone:20190520:goznym:f994be3, author = {SentinelOne}, title = {{GozNym Banking Malware: Gang Busted, But Is That The End?}}, date = {2019-05-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/goznym-banking-malware-gang-busted/}, language = {English}, urldate = {2023-04-18} } GozNym Banking Malware: Gang Busted, But Is That The End?
Nymaim
2018-09-20SentinelOnePhil Stokes
@online{stokes:20180920:trail:79336e9, author = {Phil Stokes}, title = {{On the Trail of OSX.FairyTale | Adware Playing at Malware}}, date = {2018-09-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/}, language = {English}, urldate = {2020-01-08} } On the Trail of OSX.FairyTale | Adware Playing at Malware
FailyTale
2017-11-28SentinelOneArnaud Abbati
@online{abbati:20171128:osxcpumeaner:23f69f0, author = {Arnaud Abbati}, title = {{OSX.CPUMEANER: New Cryptocurrency Mining Trojan Targets MacOS}}, date = {2017-11-28}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/osx-cpumeaner-miner-trojan-software-pirates/}, language = {English}, urldate = {2019-12-05} } OSX.CPUMEANER: New Cryptocurrency Mining Trojan Targets MacOS
CpuMeaner
2017-08-23SentinelOneArnaud Abbati
@online{abbati:20170823:cs:1ecb9bb, author = {Arnaud Abbati}, title = {{CS: Go Hacks for Mac – OSX.Pwnet.A}}, date = {2017-08-23}, organization = {SentinelOne}, url = {https://sentinelone.com/blog/osx-pwnet-a-csgo-hack-and-sneaky-miner/}, language = {English}, urldate = {2019-08-07} } CS: Go Hacks for Mac – OSX.Pwnet.A
Pwnet
2016-11-08SentinelOneArnaud Abbati
@online{abbati:20161108:analysis:374eea4, author = {Arnaud Abbati}, title = {{Analysis of IOS.GUIINJECT Adware Library}}, date = {2016-11-08}, organization = {SentinelOne}, url = {https://sentinelone.com/blogs/analysis-ios-guiinject-adware-library/}, language = {English}, urldate = {2022-09-12} } Analysis of IOS.GUIINJECT Adware Library
GuiInject
2016-05-05SentinelOneJoseph Landry
@online{landry:20160505:sophisticated:8ba2d0d, author = {Joseph Landry}, title = {{Sophisticated New Packer Identified in CryptXXX Ransomware Sample}}, date = {2016-05-05}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/sophisticated-new-packer-identified-in-cryptxxx-ransomware-sample/}, language = {English}, urldate = {2020-12-20} } Sophisticated New Packer Identified in CryptXXX Ransomware Sample
CryptXXXX