Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20230329:smoothoperator:42df1eb, author = {Juan Andrés Guerrero-Saade}, title = {{SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack}}, date = {2023-03-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/}, language = {English}, urldate = {2023-03-30} } SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
3CX Backdoor
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221
2023-03-16SentinelOneTom Hegel
@online{hegel:20230316:winter:5e43881, author = {Tom Hegel}, title = {{Winter Vivern | Uncovering a Wave of Global Espionage}}, date = {2023-03-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/}, language = {English}, urldate = {2023-03-20} } Winter Vivern | Uncovering a Wave of Global Espionage
APERETIF
2023-03-13SentinelOneJim Walter
@online{walter:20230313:catb:ea73312, author = {Jim Walter}, title = {{CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking}}, date = {2023-03-13}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/}, language = {English}, urldate = {2023-03-15} } CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking
CatB
2023-02-15SentinelOneJim Walter
@online{walter:20230215:recent:12930ef, author = {Jim Walter}, title = {{Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family}}, date = {2023-02-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/recent-tzw-campaigns-revealed-as-part-of-globeimposter-malware-family/}, language = {English}, urldate = {2023-02-17} } Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
GlobeImposter
2023-02-07SentinelOneAntonis Terefos
@online{terefos:20230207:cl0p:dfa5c77, author = {Antonis Terefos}, title = {{Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available}}, date = {2023-02-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/}, language = {English}, urldate = {2023-02-09} } Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
Clop
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2022-11-07SentinelOneAleksandar Milenkoski
@online{milenkoski:20221107:socgholish:63649b2, author = {Aleksandar Milenkoski}, title = {{SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders}}, date = {2022-11-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/}, language = {English}, urldate = {2022-12-01} } SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders
FAKEUPDATES
2022-11-03SentinelOneSentinelLabs
@online{sentinellabs:20221103:black:0be02f3, author = {SentinelLabs}, title = {{Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/sentinellabs22/sentinellabs-blackbasta}, language = {English}, urldate = {2022-11-03} } Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor
Black Basta QakBot SocksBot
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-09-26SentinelOneDinesh Devadoss, Phil Stokes
@online{devadoss:20220926:lazarus:36bd682, author = {Dinesh Devadoss and Phil Stokes}, title = {{Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto}}, date = {2022-09-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto}, language = {English}, urldate = {2022-09-30} } Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
2022-09-22SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Amitai Ben, Shushan Ehrlich
@techreport{milenkoski:20220922:mystery:bd4bb11, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Amitai Ben and Shushan Ehrlich}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09-22}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/09/S1_-SentinelLabs_Metador.pdf}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09-15SentinelOneJim Walter
@online{walter:20220915:from:0d72348, author = {Jim Walter}, title = {{From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder}}, date = {2022-09-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-slam-anatomy-of-a-publicly-available-ransomware-builder/}, language = {English}, urldate = {2022-09-26} } From the Front Lines | Slam! Anatomy of a Publicly-Available Ransomware Builder
Slam
2022-08-25SentinelOneJim Walter
@online{walter:20220825:bluesky:1d0f4f0, author = {Jim Walter}, title = {{BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar}}, date = {2022-08-25}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/bluesky-ransomware-ad-lateral-movement-evasion-and-fast-encryption-puts-threat-on-the-radar/}, language = {English}, urldate = {2022-08-30} } BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
BlueSky Cobalt Strike JuicyPotato
2022-08-15SentinelOneVikram Navali
@online{navali:20220815:detecting:5abdd3d, author = {Vikram Navali}, title = {{Detecting a Rogue Domain Controller – DCShadow Attack}}, date = {2022-08-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/detecting-a-rogue-domain-controller-dcshadow-attack/}, language = {English}, urldate = {2022-08-18} } Detecting a Rogue Domain Controller – DCShadow Attack
MimiKatz TrickBot
2022-07-28SentinelOneJúlio Dantas, James Haughom, Julien Reisdorffer
@online{dantas:20220728:living:3cc6f4f, author = {Júlio Dantas and James Haughom and Julien Reisdorffer}, title = {{Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-07-28}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/}, language = {English}, urldate = {2022-08-01} } Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-06-06SentinelOneNiranjan Jayanand
@online{jayanand:20220606:from:0fa017a, author = {Niranjan Jayanand}, title = {{From the Front Lines | Another Rebrand? Mindware and SFile Ransomware Technical Breakdown}}, date = {2022-06-06}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-another-rebrand-mindware-and-sfile-ransomware-technical-breakdown/}, language = {English}, urldate = {2022-06-09} } From the Front Lines | Another Rebrand? Mindware and SFile Ransomware Technical Breakdown
Mindware Sfile
2022-05-19SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20220519:cratedepression:7453bfd, author = {Juan Andrés Guerrero-Saade}, title = {{CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware}}, date = {2022-05-19}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/}, language = {English}, urldate = {2022-05-24} } CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
2022-05-09SentinelOneDinesh Devadoss, Phil Stokes
@online{devadoss:20220509:from:658ed35, author = {Dinesh Devadoss and Phil Stokes}, title = {{From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win}}, date = {2022-05-09}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-unsigned-macos-orat-malware-gambles-for-the-win}, language = {English}, urldate = {2022-05-11} } From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
2022-04-18SentinelOneJames Haughom
@online{haughom:20220418:from:b73f12b, author = {James Haughom}, title = {{From the Front Lines | Peering into A PYSA Ransomware Attack}}, date = {2022-04-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/from-the-front-lines-peering-into-a-pysa-ransomware-attack/}, language = {English}, urldate = {2022-04-20} } From the Front Lines | Peering into A PYSA Ransomware Attack
Chisel Chisel Cobalt Strike Mespinoza