Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-23Aleksandar Milenkoski
@online{milenkoski:20230523:kimsuky:dd0cbc4, author = {Aleksandar Milenkoski}, title = {{Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit}}, date = {2023-05-23}, url = {https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/}, language = {English}, urldate = {2023-05-30} } Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
RandomQuery
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221
2023-02-16SentinelOneAleksandar Milenkoski, Collin Farr, Joey Chen, QGroup
@online{milenkoski:20230216:wip26:637cfde, author = {Aleksandar Milenkoski and Collin Farr and Joey Chen and QGroup}, title = {{WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks}}, date = {2023-02-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/}, language = {English}, urldate = {2023-05-24} } WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2023-01-12Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20230112:noname05716:b3cb836, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO}}, date = {2023-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/}, language = {English}, urldate = {2023-02-17} } NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Bobik Dosia NoName057(16)
2022-11-07SentinelOneAleksandar Milenkoski
@online{milenkoski:20221107:socgholish:63649b2, author = {Aleksandar Milenkoski}, title = {{SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders}}, date = {2022-11-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/}, language = {English}, urldate = {2022-12-01} } SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders
FAKEUPDATES
2022-09-22SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Amitai Ben, Shushan Ehrlich
@techreport{milenkoski:20220922:mystery:bd4bb11, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Amitai Ben and Shushan Ehrlich}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09-22}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/09/S1_-SentinelLabs_Metador.pdf}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09-08Sentinel LABSAleksandar Milenkoski, Jim Walter
@online{milenkoski:20220908:crimeware:9c7be9a, author = {Aleksandar Milenkoski and Jim Walter}, title = {{Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection}}, date = {2022-09-08}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/}, language = {English}, urldate = {2022-09-10} } Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
AgendaCrypt Black Basta BlackCat PLAY
2022-09-08CybereasonKotaro Ogino, Yuki Shibuya, Aleksandar Milenkoski
@online{ogino:20220908:threat:2ec8deb, author = {Kotaro Ogino and Yuki Shibuya and Aleksandar Milenkoski}, title = {{Threat Analysis Report: PlugX RAT Loader Evolution}}, date = {2022-09-08}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution}, language = {English}, urldate = {2022-09-13} } Threat Analysis Report: PlugX RAT Loader Evolution
PlugX
2022-09Sentinel LABSAmitai Ben Shushan Ehrlich, Aleksandar Milenkoski, Juan Andrés Guerrero-Saade
@online{ehrlich:202209:mystery:fc2eb1e, author = {Amitai Ben Shushan Ehrlich and Aleksandar Milenkoski and Juan Andrés Guerrero-Saade}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09}, organization = {Sentinel LABS}, url = {https://assets.sentinelone.com/sentinellabs22/metador}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-07-21Sentinel LABSJim Walter, Aleksandar Milenkoski
@online{walter:20220721:lockbit:e7279b7, author = {Jim Walter and Aleksandar Milenkoski}, title = {{LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques}}, date = {2022-07-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/}, language = {English}, urldate = {2022-07-25} } LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
LockBit
2022-04-25CybereasonAleksandar Milenkoski, Loïc Castel, Yonatan Gidnian
@online{milenkoski:20220425:threat:14aee4f, author = {Aleksandar Milenkoski and Loïc Castel and Yonatan Gidnian}, title = {{THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems}}, date = {2022-04-25}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems}, language = {English}, urldate = {2022-04-29} } THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems
FAKEUPDATES Zloader
2021-12-16CybereasonAleksandar Milenkoski, Kotaro Ogino
@online{milenkoski:20211216:inside:40c2e51, author = {Aleksandar Milenkoski and Kotaro Ogino}, title = {{Inside the LockBit Arsenal - The StealBit Exfiltration Tool}}, date = {2021-12-16}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool}, language = {English}, urldate = {2022-02-04} } Inside the LockBit Arsenal - The StealBit Exfiltration Tool
LockBit StealBit
2021-11-09CybereasonAleksandar Milenkoski, Eli Salem
@online{milenkoski:20211109:threat:9f898c9, author = {Aleksandar Milenkoski and Eli Salem}, title = {{THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware}}, date = {2021-11-09}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware}, language = {English}, urldate = {2022-02-09} } THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware
Cobalt Strike Conti
2021-10-28CybereasonAleksandar Milenkoski, Brian Janower
@online{milenkoski:20211028:threat:8d45698, author = {Aleksandar Milenkoski and Brian Janower}, title = {{THREAT ANALYSIS REPORT: Snake Infostealer Malware}}, date = {2021-10-28}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware}, language = {English}, urldate = {2021-11-03} } THREAT ANALYSIS REPORT: Snake Infostealer Malware
404 Keylogger
2021-10-27CybereasonGal Romano, Rotem Rostami, Aleksandar Milenkoski
@online{romano:20211027:threat:f8b736b, author = {Gal Romano and Rotem Rostami and Aleksandar Milenkoski}, title = {{THREAT ALERT: Malicious Code Implant in the UAParser.js Library}}, date = {2021-10-27}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-malicious-code-implant-in-the-uaparser.js-library}, language = {English}, urldate = {2021-11-03} } THREAT ALERT: Malicious Code Implant in the UAParser.js Library
2021-09-27CybereasonAleksandar Milenkoski
@online{milenkoski:20210927:threat:843919b, author = {Aleksandar Milenkoski}, title = {{Threat Analysis Report: Inside the Destructive PYSA Ransomware}}, date = {2021-09-27}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-inside-the-destructive-pysa-ransomware}, language = {English}, urldate = {2021-09-28} } Threat Analysis Report: Inside the Destructive PYSA Ransomware
Mespinoza
2021-09-22CybereasonAleksandar Milenkoski, Eli Salem
@online{milenkoski:20210922:threat:cba08ae, author = {Aleksandar Milenkoski and Eli Salem}, title = {{Threat Analysis Report: PrintNightmare and Magniber Ransomware}}, date = {2021-09-22}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-analysis-report-printnightmare-and-magniber-ransomware}, language = {English}, urldate = {2021-09-28} } Threat Analysis Report: PrintNightmare and Magniber Ransomware
Magniber