Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-09Sentinel LABSJoey Chen
@online{chen:20220609:aoqin:134698f, author = {Joey Chen}, title = {{Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years}}, date = {2022-06-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/}, language = {English}, urldate = {2022-06-09} } Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
2022-05-02Sentinel LABSJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20220502:moshen:1969df2, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad}}, date = {2022-05-02}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/}, language = {English}, urldate = {2022-05-04} } Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad
2022-04-27Sentinel LABSJames Haughom, Júlio Dantas, Jim Walter
@online{haughom:20220427:lockbit:da3d5d1, author = {James Haughom and Júlio Dantas and Jim Walter}, title = {{LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility}}, date = {2022-04-27}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/}, language = {English}, urldate = {2022-04-29} } LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Cobalt Strike LockBit
2022-04-21Sentinel LABSAntonis Terefos
@online{terefos:20220421:nokoyawa:72ae5e2, author = {Antonis Terefos}, title = {{Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise}}, date = {2022-04-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/}, language = {English}, urldate = {2022-04-24} } Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise
Hive Karma Nemty Nokoyawa Ransomware
2022-03-31Sentinel LABSJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220331:acidrain:723eb80, author = {Juan Andrés Guerrero-Saade}, title = {{AcidRain | A Modem Wiper Rains Down on Europe}}, date = {2022-03-31}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/}, language = {English}, urldate = {2022-03-31} } AcidRain | A Modem Wiper Rains Down on Europe
AcidRain VPNFilter
2022-03-28Sentinel LABSKasif Dekel, Ronen Shustin
@online{dekel:20220328:pwning:c0427db, author = {Kasif Dekel and Ronen Shustin}, title = {{Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All}}, date = {2022-03-28}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all/}, language = {English}, urldate = {2022-03-30} } Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:39b373a, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine}, language = {English}, urldate = {2022-03-29} } Chinese Threat Actor Scarab Targeting Ukraine
Scieron Scarab
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:d541fb8, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/}, language = {English}, urldate = {2022-03-25} } Chinese Threat Actor Scarab Targeting Ukraine
HeaderTip Scieron
2022-02-23Sentinel LABSJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220223:hermeticwiper:b218dda, author = {Juan Andrés Guerrero-Saade}, title = {{HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-23}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/}, language = {English}, urldate = {2022-03-01} } HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-23Sentinel LABSAntonio Pirozzi, Antonis Terefos, Idan Weizman
@online{pirozzi:20220223:sanctions:aae1c98, author = {Antonio Pirozzi and Antonis Terefos and Idan Weizman}, title = {{Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp}}, date = {2022-02-23}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/sanctions-be-damned-from-dridex-to-macaw-the-evolution-of-evil-corp/}, language = {English}, urldate = {2022-02-26} } Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp
Dridex WastedLocker
2022-02-09Sentinel LABSTom Hegel
@online{hegel:20220209:modifiedelephant:b004138, author = {Tom Hegel}, title = {{ModifiedElephant APT and a Decade of Fabricating Evidence}}, date = {2022-02-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/}, language = {English}, urldate = {2022-02-14} } ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant
2022-02Sentinel LABSAntonio Pirozzi, Antonis Terefos, Idan Weizman
@techreport{pirozzi:202202:sanctions:2213742, author = {Antonio Pirozzi and Antonis Terefos and Idan Weizman}, title = {{Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp}}, date = {2022-02}, institution = {Sentinel LABS}, url = {https://www.sentinelone.com/wp-content/uploads/2022/02/S1_-SentinelLabs_SanctionsBeDamned_final_02.pdf}, language = {English}, urldate = {2022-05-17} } Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp
Dridex FriedEx Hades Phoenix Locker WastedLocker
2022-01-12Sentinel LABSAmitai Ben Shushan Ehrlich
@online{ehrlich:20220112:wading:52a8e3a, author = {Amitai Ben Shushan Ehrlich}, title = {{Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor}}, date = {2022-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/wading-through-muddy-waters-recent-activity-of-an-iranian-state-sponsored-threat-actor/}, language = {English}, urldate = {2022-01-18} } Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
PowGoop
2021-10-28Sentinel LABSJim Walter, Niranjan Jayanand
@online{walter:20211028:spook:1ab988d, author = {Jim Walter and Niranjan Jayanand}, title = {{Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t}}, date = {2021-10-28}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/spook-ransomware-prometheus-derivative-names-those-that-pay-shames-those-that-dont/}, language = {English}, urldate = {2021-11-03} } Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t
Prometheus
2021-08-23Sentinel LABSJim Walter, Juan Andrés Guerrero-Saade
@online{walter:20210823:hive:5a17aae, author = {Jim Walter and Juan Andrés Guerrero-Saade}, title = {{Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare}}, date = {2021-08-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hive-attacks-analysis-of-the-human-operated-ransomware-targeting-healthcare/}, language = {English}, urldate = {2021-08-25} } Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Hive
2021-08-19Sentinel LABSYi-Jhen Hsieh, Joey Chen
@online{hsieh:20210819:shadowpad:04bbb1e, author = {Yi-Jhen Hsieh and Joey Chen}, title = {{ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage}}, date = {2021-08-19}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/shadowpad-a-masterpiece-of-privately-sold-malware-in-chinese-espionage/}, language = {English}, urldate = {2021-08-23} } ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
ShadowPad
2021-08-04Sentinel LABSGal Kristal
@online{kristal:20210804:hotcobalt:136e715, author = {Gal Kristal}, title = {{Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations}}, date = {2021-08-04}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/}, language = {English}, urldate = {2021-08-06} } Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
Cobalt Strike
2021-04-19Sentinel LABSMarco Figueroa
@online{figueroa:20210419:deep:f5cf649, author = {Marco Figueroa}, title = {{A Deep Dive into Zebrocy’s Dropper Docs}}, date = {2021-04-19}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/a-deep-dive-into-zebrocys-dropper-docs/}, language = {English}, urldate = {2021-04-20} } A Deep Dive into Zebrocy’s Dropper Docs
Downdelph
2021-03-08Sentinel LABSJim Walter
@online{walter:20210308:hellokitty:e063f92, author = {Jim Walter}, title = {{HelloKitty Ransomware Lacks Stealth, But Still Strikes Home}}, date = {2021-03-08}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hellokitty-ransomware-lacks-stealth-but-still-strikes-home/}, language = {English}, urldate = {2021-03-11} } HelloKitty Ransomware Lacks Stealth, But Still Strikes Home
HelloKitty
2021-01-11Sentinel LABSPhil Stokes
@online{stokes:20210111:fade:70be08e, author = {Phil Stokes}, title = {{FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts}}, date = {2021-01-11}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/}, language = {English}, urldate = {2021-01-18} } FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts
OSAMiner