Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-19Sentinel LABSMarco Figueroa
@online{figueroa:20210419:deep:f5cf649, author = {Marco Figueroa}, title = {{A Deep Dive into Zebrocy’s Dropper Docs}}, date = {2021-04-19}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/a-deep-dive-into-zebrocys-dropper-docs/}, language = {English}, urldate = {2021-04-20} } A Deep Dive into Zebrocy’s Dropper Docs
Downdelph
2021-03-08Sentinel LABSJim Walter
@online{walter:20210308:hellokitty:e063f92, author = {Jim Walter}, title = {{HelloKitty Ransomware Lacks Stealth, But Still Strikes Home}}, date = {2021-03-08}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hellokitty-ransomware-lacks-stealth-but-still-strikes-home/}, language = {English}, urldate = {2021-03-11} } HelloKitty Ransomware Lacks Stealth, But Still Strikes Home
HelloKitty
2021-01-11Sentinel LABSPhil Stokes
@online{stokes:20210111:fade:70be08e, author = {Phil Stokes}, title = {{FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts}}, date = {2021-01-11}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/}, language = {English}, urldate = {2021-01-18} } FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts
OSAMiner
2020-12-23Sentinel LABSMarco Figueroa, James Haughom, Jim Walter
@online{figueroa:20201223:solarwinds:ff463f0, author = {Marco Figueroa and James Haughom and Jim Walter}, title = {{SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan}}, date = {2020-12-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/solarwinds-understanding-detecting-the-supernova-webshell-trojan/}, language = {English}, urldate = {2020-12-26} } SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
SUPERNOVA
2020-12-18Sentinel LABSJames Haughom
@online{haughom:20201218:solarwinds:8e1f0c5, author = {James Haughom}, title = {{SolarWinds SUNBURST Backdoor: Inside the APT Campaign}}, date = {2020-12-18}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/}, language = {English}, urldate = {2020-12-19} } SolarWinds SUNBURST Backdoor: Inside the APT Campaign
SUNBURST
2020-10-22Sentinel LABSMarco Figueroa
@online{figueroa:20201022:inside:228798e, author = {Marco Figueroa}, title = {{An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques}}, date = {2020-10-22}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/}, language = {English}, urldate = {2020-10-26} } An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
Ryuk
2020-07-23Sentinel LABSJim Walter
@online{walter:20200723:wastedlocker:aa88222, author = {Jim Walter}, title = {{WastedLocker Ransomware: Abusing ADS and NTFS File Attributes}}, date = {2020-07-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/wastedlocker-ransomware-abusing-ads-and-ntfs-file-attributes/}, language = {English}, urldate = {2020-07-24} } WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
WastedLocker
2020-07-07Sentinel LABSJason Reaves
@online{reaves:20200707:breaking:2a99a35, author = {Jason Reaves}, title = {{Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine}}, date = {2020-07-07}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/breaking-evilquest-reversing-a-custom-macos-ransomware-file-encryption-routine/}, language = {English}, urldate = {2020-07-08} } Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
EvilQuest
2020-06-22Sentinel LABSJoshua Platt, Jason Reaves
@online{platt:20200622:inside:b381dd5, author = {Joshua Platt and Jason Reaves}, title = {{Inside a TrickBot Cobalt Strike Attack Server}}, date = {2020-06-22}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/inside-a-trickbot-cobaltstrike-attack-server/}, language = {English}, urldate = {2020-06-23} } Inside a TrickBot Cobalt Strike Attack Server
Cobalt Strike TrickBot
2020-06-09Sentinel LABSJason Reaves
@online{reaves:20200609:valak:ff6bc74, author = {Jason Reaves}, title = {{Valak Malware and the Connection to Gozi Loader ConfCrew}}, date = {2020-06-09}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/valak-malware-and-the-connection-to-gozi-loader-confcrew/}, language = {English}, urldate = {2020-06-10} } Valak Malware and the Connection to Gozi Loader ConfCrew
Valak
2019-12-10Sentinel LABSVitali Kremez, Joshua Platt, Jason Reaves
@online{kremez:20191210:morphisec:c0fc51c, author = {Vitali Kremez and Joshua Platt and Jason Reaves}, title = {{MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS}}, date = {2019-12-10}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/the-deadly-planeswalker-how-the-trickbot-group-united-high-tech-crimeware-apt/}, language = {English}, urldate = {2020-01-08} } MORPHISEC DISCOVERS CCLEANER BACKDOOR SAVING MILLIONS OF AVAST USERS
Anchor
2019-10-24Sentinel LABSVitali Kremez
@online{kremez:20191024:how:e6d838d, author = {Vitali Kremez}, title = {{How TrickBot Malware Hooking Engine Targets Windows 10 Browsers}}, date = {2019-10-24}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/how-trickbot-hooking-engine-targets-windows-10-browsers/}, language = {English}, urldate = {2020-07-03} } How TrickBot Malware Hooking Engine Targets Windows 10 Browsers
TrickBot
2019-08-15Sentinel LABSDaniel Bunce
@online{bunce:20190815:gootkit:480c7e8, author = {Daniel Bunce}, title = {{Gootkit Banking Trojan | Deep Dive into Anti-Analysis Features}}, date = {2019-08-15}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/gootkit-banking-trojan-deep-dive-anti-analysis-features/}, language = {English}, urldate = {2020-06-18} } Gootkit Banking Trojan | Deep Dive into Anti-Analysis Features
GootKit
2019-05-09Sentinel LABSVitali Kremez
@online{kremez:20190509:robinhood:187f468, author = {Vitali Kremez}, title = {{RobinHood Ransomware “CoolMaker” Functions Not So Cool}}, date = {2019-05-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/blog/robinhood-ransomware-coolmaker-function-not-cool/}, language = {English}, urldate = {2020-01-06} } RobinHood Ransomware “CoolMaker” Functions Not So Cool
RobinHood