Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-24Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20231024:israelhamas:313d369, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest}}, date = {2023-10-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/}, language = {English}, urldate = {2023-11-27} } The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
2023-09-21Sentinel LABSAleksandar Milenkoski, QGroup
@online{milenkoski:20230921:sandman:4735b8d, author = {Aleksandar Milenkoski and QGroup}, title = {{Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit}}, date = {2023-09-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/}, language = {English}, urldate = {2023-09-28} } Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit
LuaDream
2023-08-17SentinelOneAleksandar Milenkoski, Tom Hegel
@online{milenkoski:20230817:chinese:75e4289, author = {Aleksandar Milenkoski and Tom Hegel}, title = {{Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector}}, date = {2023-08-17}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/}, language = {English}, urldate = {2023-08-22} } Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cobalt Strike HUI Loader
2023-08-07SentinelOneTom Hegel, Aleksandar Milenkoski
@online{hegel:20230807:comrades:d449b68, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company}}, date = {2023-08-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/}, language = {English}, urldate = {2023-08-07} } Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-06-06Sentinel LABSAleksandar Milenkoski
@online{milenkoski:20230606:kimsuky:67b5083, author = {Aleksandar Milenkoski}, title = {{Kimsuky Strikes Again: New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence}}, date = {2023-06-06}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/}, language = {English}, urldate = {2023-06-09} } Kimsuky Strikes Again: New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
2023-05-23Aleksandar Milenkoski
@online{milenkoski:20230523:kimsuky:dd0cbc4, author = {Aleksandar Milenkoski}, title = {{Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit}}, date = {2023-05-23}, url = {https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/}, language = {English}, urldate = {2023-05-30} } Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
RandomQuery
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221
2023-02-16SentinelOneAleksandar Milenkoski, Collin Farr, Joey Chen, QGroup
@online{milenkoski:20230216:wip26:637cfde, author = {Aleksandar Milenkoski and Collin Farr and Joey Chen and QGroup}, title = {{WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks}}, date = {2023-02-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/}, language = {English}, urldate = {2023-05-24} } WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2023-01-12Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20230112:noname05716:b3cb836, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO}}, date = {2023-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/}, language = {English}, urldate = {2023-02-17} } NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Bobik Dosia NoName057(16)
2022-12-01SentinelOneAleksandar Milenkoski
@online{milenkoski:20221201:mystery:01fd910, author = {Aleksandar Milenkoski}, title = {{The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques}}, date = {2022-12-01}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/}, language = {English}, urldate = {2023-12-04} } The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
2022-11-07SentinelOneAleksandar Milenkoski
@online{milenkoski:20221107:socgholish:63649b2, author = {Aleksandar Milenkoski}, title = {{SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders}}, date = {2022-11-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/}, language = {English}, urldate = {2022-12-01} } SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders
FAKEUPDATES
2022-09-22SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Amitai Ben, Shushan Ehrlich
@techreport{milenkoski:20220922:mystery:bd4bb11, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Amitai Ben and Shushan Ehrlich}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09-22}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/09/S1_-SentinelLabs_Metador.pdf}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09-22SentinelOneJuan Andrés Guerrero-Saade, Amitai Ben Shushan Ehrlich, Aleksandar Milenkoski
@online{guerrerosaade:20220922:mystery:225b76e, author = {Juan Andrés Guerrero-Saade and Amitai Ben Shushan Ehrlich and Aleksandar Milenkoski}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09-22}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/}, language = {English}, urldate = {2023-12-04} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09-08Sentinel LABSAleksandar Milenkoski, Jim Walter
@online{milenkoski:20220908:crimeware:9c7be9a, author = {Aleksandar Milenkoski and Jim Walter}, title = {{Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection}}, date = {2022-09-08}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/}, language = {English}, urldate = {2022-09-10} } Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
AgendaCrypt Black Basta BlackCat PLAY
2022-09-08CybereasonKotaro Ogino, Yuki Shibuya, Aleksandar Milenkoski
@online{ogino:20220908:threat:2ec8deb, author = {Kotaro Ogino and Yuki Shibuya and Aleksandar Milenkoski}, title = {{Threat Analysis Report: PlugX RAT Loader Evolution}}, date = {2022-09-08}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution}, language = {English}, urldate = {2022-09-13} } Threat Analysis Report: PlugX RAT Loader Evolution
PlugX
2022-09Sentinel LABSAmitai Ben Shushan Ehrlich, Aleksandar Milenkoski, Juan Andrés Guerrero-Saade
@online{ehrlich:202209:mystery:fc2eb1e, author = {Amitai Ben Shushan Ehrlich and Aleksandar Milenkoski and Juan Andrés Guerrero-Saade}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09}, organization = {Sentinel LABS}, url = {https://assets.sentinelone.com/sentinellabs22/metador}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-07-21Sentinel LABSJim Walter, Aleksandar Milenkoski
@online{walter:20220721:lockbit:e7279b7, author = {Jim Walter and Aleksandar Milenkoski}, title = {{LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques}}, date = {2022-07-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/}, language = {English}, urldate = {2022-07-25} } LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
LockBit
2022-04-25CybereasonAleksandar Milenkoski, Loïc Castel, Yonatan Gidnian
@online{milenkoski:20220425:threat:14aee4f, author = {Aleksandar Milenkoski and Loïc Castel and Yonatan Gidnian}, title = {{THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems}}, date = {2022-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems}, language = {English}, urldate = {2022-04-29} } THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
FAKEUPDATES Zloader
2021-12-16CybereasonAleksandar Milenkoski, Kotaro Ogino
@online{milenkoski:20211216:inside:40c2e51, author = {Aleksandar Milenkoski and Kotaro Ogino}, title = {{Inside the LockBit Arsenal - The StealBit Exfiltration Tool}}, date = {2021-12-16}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool}, language = {English}, urldate = {2022-02-04} } Inside the LockBit Arsenal - The StealBit Exfiltration Tool
LockBit StealBit