Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-22SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Amitai Ben, Shushan Ehrlich
@techreport{milenkoski:20220922:mystery:bd4bb11, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Amitai Ben and Shushan Ehrlich}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09-22}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/09/S1_-SentinelLabs_Metador.pdf}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09Sentinel LABSAmitai Ben Shushan Ehrlich, Aleksandar Milenkoski, Juan Andrés Guerrero-Saade
@online{ehrlich:202209:mystery:fc2eb1e, author = {Amitai Ben Shushan Ehrlich and Aleksandar Milenkoski and Juan Andrés Guerrero-Saade}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09}, organization = {Sentinel LABS}, url = {https://assets.sentinelone.com/sentinellabs22/metador}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-05-19SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220519:cratedepression:7453bfd, author = {Juan Andrés Guerrero-Saade}, title = {{CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware}}, date = {2022-05-19}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/}, language = {English}, urldate = {2022-05-24} } CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
2022-03-31Sentinel LABSJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220331:acidrain:723eb80, author = {Juan Andrés Guerrero-Saade}, title = {{AcidRain | A Modem Wiper Rains Down on Europe}}, date = {2022-03-31}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/}, language = {English}, urldate = {2022-03-31} } AcidRain | A Modem Wiper Rains Down on Europe
AcidRain VPNFilter
2022-02-23Sentinel LABSJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220223:hermeticwiper:b218dda, author = {Juan Andrés Guerrero-Saade}, title = {{HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-23}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/}, language = {English}, urldate = {2022-03-01} } HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-09SentinelOneTom Hegel, Juan Andrés Guerrero-Saade
@techreport{hegel:20220209:modified:3c039c6, author = {Tom Hegel and Juan Andrés Guerrero-Saade}, title = {{Modified Elephant APT and a Decade of Fabricating Evidence}}, date = {2022-02-09}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf}, language = {English}, urldate = {2022-02-14} } Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC
2021-09-08SentinelOneJuan Andrés Guerrero-Saade, Igor Tsemakhovich
@techreport{guerrerosaade:20210908:egomaniac:9397249, author = {Juan Andrés Guerrero-Saade and Igor Tsemakhovich}, title = {{Egomaniac: An Unscrupulous Turkish-Nexus Threat Actor}}, date = {2021-09-08}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2021/09/SentinelOne_-SentinelLabs_EGoManiac_WP_V4.pdf}, language = {English}, urldate = {2021-10-24} } Egomaniac: An Unscrupulous Turkish-Nexus Threat Actor
Ahtapot Rad Turkojan
2021-08-23Sentinel LABSJim Walter, Juan Andrés Guerrero-Saade
@online{walter:20210823:hive:5a17aae, author = {Jim Walter and Juan Andrés Guerrero-Saade}, title = {{Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare}}, date = {2021-08-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hive-attacks-analysis-of-the-human-operated-ransomware-targeting-healthcare/}, language = {English}, urldate = {2021-08-25} } Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Hive
2021-07-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210729:meteorexpress:0e9bb5a, author = {Juan Andrés Guerrero-Saade}, title = {{MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll}}, date = {2021-07-29}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/}, language = {English}, urldate = {2021-07-29} } MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
Meteor
2021-06-08SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210608:thundercats:8eac3cd, author = {Juan Andrés Guerrero-Saade}, title = {{ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op}}, date = {2021-06-08}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op/}, language = {English}, urldate = {2021-06-09} } ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
Mail-O SManager Tmanger
2021-06-08Sentinel LABSJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210608:thundercats:86527af, author = {Juan Andrés Guerrero-Saade}, title = {{ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op}}, date = {2021-06-08}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op}, language = {English}, urldate = {2022-07-29} } ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
Mail-O Tmanger TA428
2021-06-01SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210601:noblebaron:20dd227, author = {Juan Andrés Guerrero-Saade}, title = {{NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks}}, date = {2021-06-01}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/}, language = {English}, urldate = {2021-06-09} } NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
Cobalt Strike
2021-02-05EpicTurlaJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210205:voltron:953cec2, author = {Juan Andrés Guerrero-Saade}, title = {{Voltron STA The curious case of 0xFancyFilter}}, date = {2021-02-05}, organization = {EpicTurla}, url = {https://www.epicturla.com/previous-works/hitb2020-voltron-sta}, language = {English}, urldate = {2021-02-06} } Voltron STA The curious case of 0xFancyFilter
fancyfilter MISTYVEAL Regin
2020-12-13HITBSecConfJuan Andrés Guerrero-Saade
@online{guerrerosaade:20201213:work:734dea4, author = {Juan Andrés Guerrero-Saade}, title = {{The Work of Cyber in the Age of Mechanical Reproduction}}, date = {2020-12-13}, organization = {HITBSecConf}, url = {https://www.youtube.com/watch?v=VnzP00DZlx4}, language = {English}, urldate = {2021-02-06} } The Work of Cyber in the Age of Mechanical Reproduction
Hopscotch
2020-05-28EpicTurlaJuan Andrés Guerrero-Saade
@online{guerrerosaade:20200528:sysinturla:8cad820, author = {Juan Andrés Guerrero-Saade}, title = {{SysInTURLA}}, date = {2020-05-28}, organization = {EpicTurla}, url = {https://www.epicturla.com/blog/sysinturla}, language = {English}, urldate = {2020-05-29} } SysInTURLA
Kazuar
2020-05-26EpicTurlaJuan Andrés Guerrero-Saade
@online{guerrerosaade:20200526:acidbox:06edc14, author = {Juan Andrés Guerrero-Saade}, title = {{ACIDBOX Clustering}}, date = {2020-05-26}, organization = {EpicTurla}, url = {https://www.epicturla.com/blog/acidbox-clustering}, language = {English}, urldate = {2020-06-29} } ACIDBOX Clustering
AcidBox
2020-04-22EpicTurlaJuan Andrés Guerrero-Saade
@online{guerrerosaade:20200422:nazar:0c5eef8, author = {Juan Andrés Guerrero-Saade}, title = {{Nazar: A Lost Amulet}}, date = {2020-04-22}, organization = {EpicTurla}, url = {https://www.epicturla.com/blog/the-lost-nazar}, language = {English}, urldate = {2020-05-05} } Nazar: A Lost Amulet
EYService Nazar
2019-05-15ChronicleSilas Cutler, Juan Andrés Guerrero-Saade
@online{cutler:20190515:winnti:269a852, author = {Silas Cutler and Juan Andrés Guerrero-Saade}, title = {{Winnti: More than just Windows and Gates}}, date = {2019-05-15}, organization = {Chronicle}, url = {https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a}, language = {English}, urldate = {2019-10-14} } Winnti: More than just Windows and Gates
Winnti APT41
2019-04-09Chronicle SecurityJuan Andrés Guerrero-Saade, Silas Cutler
@techreport{guerrerosaade:20190409:oldest:062ea25, author = {Juan Andrés Guerrero-Saade and Silas Cutler}, title = {{The Oldest Stuxnet Component Dials Up}}, date = {2019-04-09}, institution = {Chronicle Security}, url = {https://storage.googleapis.com/chronicle-research/STUXSHOP%20Stuxnet%20Dials%20In%20.pdf}, language = {English}, urldate = {2019-12-04} } The Oldest Stuxnet Component Dials Up
FlowerShop Stuxnet
2019-04-09Chronicle SecurityJuan Andrés Guerrero-Saade, Silas Cutler
@techreport{guerrerosaade:20190409:flame:4ce4c10, author = {Juan Andrés Guerrero-Saade and Silas Cutler}, title = {{Flame 2.0: Risen from the Ashes}}, date = {2019-04-09}, institution = {Chronicle Security}, url = {https://github.com/juanandresgs/papers/raw/master/Flame%202.0%20Risen%20from%20the%20Ashes.pdf}, language = {English}, urldate = {2022-11-18} } Flame 2.0: Risen from the Ashes
Flame