Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-13SentinelOneAntonio Pirozzi, Antonio Cocomazzi
@online{pirozzi:20210913:hide:345ced5, author = {Antonio Pirozzi and Antonio Cocomazzi}, title = {{Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms}}, date = {2021-09-13}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/}, language = {English}, urldate = {2021-09-14} } Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
Zloader
2021-09-01SentinelOneSentinelOne
@online{sentinelone:20210901:watchtower:65a4e3f, author = {SentinelOne}, title = {{WatchTower | August 2021 TLP: WHITE | Intelligence-Driven Threat Hunting}}, date = {2021-09-01}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/watchtower1-white/watchtower_aug2021_white_132a}, language = {English}, urldate = {2021-09-02} } WatchTower | August 2021 TLP: WHITE | Intelligence-Driven Threat Hunting
2021-07-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210729:meteorexpress:0e9bb5a, author = {Juan Andrés Guerrero-Saade}, title = {{MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll}}, date = {2021-07-29}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meteorexpress-mysterious-wiper-paralyzes-iranian-trains-with-epic-troll/}, language = {English}, urldate = {2021-07-29} } MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
Meteor
2021-07-26SentinelOnePhil Stokes
@online{stokes:20210726:detecting:5795d48, author = {Phil Stokes}, title = {{Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger}}, date = {2021-07-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/}, language = {English}, urldate = {2021-07-26} } Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
Xloader
2021-07-08SentinelOneIdan Weizman, Antonio Pirozzi
@online{weizman:20210708:conti:db03f2a, author = {Idan Weizman and Antonio Pirozzi}, title = {{Conti Unpacked: Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis}}, date = {2021-07-08}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked}, language = {English}, urldate = {2021-07-12} } Conti Unpacked: Understanding Ransomware Development as a Response to Detection - A Detailed Technical Analysis
Conti
2021-06-24SentinelOneMarco Figueroa
@online{figueroa:20210624:evasive:7f0d507, author = {Marco Figueroa}, title = {{Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros}}, date = {2021-06-24}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/evasive-maneuvers-massive-icedid-campaign-aims-for-stealth-with-benign-macros/}, language = {English}, urldate = {2021-06-29} } Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros
IcedID
2021-06-21SentinelOneSentinelOne
@online{sentinelone:20210621:darkradiation:03c7054, author = {SentinelOne}, title = {{DarkRadiation | Abusing Bash For Linux and Docker Container Ransomware}}, date = {2021-06-21}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/darkradiation-abusing-bash-for-linux-and-docker-container-ransomware/}, language = {English}, urldate = {2021-06-23} } DarkRadiation | Abusing Bash For Linux and Docker Container Ransomware
DarkRadiation
2021-06-16SentinelOneAntonio Pirozzi
@online{pirozzi:20210616:gootloader:b2ba777, author = {Antonio Pirozzi}, title = {{Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets}}, date = {2021-06-16}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/}, language = {English}, urldate = {2021-06-21} } Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets
GootLoader
2021-06-08SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210608:thundercats:8eac3cd, author = {Juan Andrés Guerrero-Saade}, title = {{ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op}}, date = {2021-06-08}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op/}, language = {English}, urldate = {2021-06-09} } ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
Mail-O SManager Tmanger
2021-06-01SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20210601:noblebaron:20dd227, author = {Juan Andrés Guerrero-Saade}, title = {{NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks}}, date = {2021-06-01}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/}, language = {English}, urldate = {2021-06-09} } NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
Cobalt Strike
2021-05-25SentinelOneAmitai Ben Shushan Ehrlich
@techreport{ehrlich:20210525:from:ebe10c3, author = {Amitai Ben Shushan Ehrlich}, title = {{From Wiper to Ransomware: The Evolution of Agrius}}, date = {2021-05-25}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2021/05/SentinelLabs_From-Wiper-to-Ransomware-The-Evolution-of-Agrius.pdf}, language = {English}, urldate = {2021-06-09} } From Wiper to Ransomware: The Evolution of Agrius
Apostle
2021-05-20SentinelOneMarco Figueroa
@online{figueroa:20210520:caught:04692f1, author = {Marco Figueroa}, title = {{Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers}}, date = {2021-05-20}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/caught-in-the-cloud-how-a-monero-cryptominer-exploits-docker-containers/}, language = {English}, urldate = {2021-05-26} } Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers
2021-05-10SentinelOneSentinelOne
@online{sentinelone:20210510:meet:e3c28b4, author = {SentinelOne}, title = {{Meet DarkSide and Their Ransomware – SentinelOne Customers Protected}}, date = {2021-05-10}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/meet-darkside-and-their-ransomware-sentinelone-customers-protected/}, language = {English}, urldate = {2021-05-13} } Meet DarkSide and Their Ransomware – SentinelOne Customers Protected
DarkSide
2021-04-01SentinelOneJim Walter
@online{walter:20210401:avaddon:6735c18, author = {Jim Walter}, title = {{Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage}}, date = {2021-04-01}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/avaddon-raas-breaks-public-decryptor-continues-on-rampage/}, language = {English}, urldate = {2021-04-09} } Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage
Avaddon
2021-03-18SentinelOnePhil Stokes
@online{stokes:20210318:new:08a6649, author = {Phil Stokes}, title = {{New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor}}, date = {2021-03-18}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/}, language = {English}, urldate = {2021-03-19} } New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
2021-02-03SentinelOneJim Walter
@online{walter:20210203:zeoticus:b4fee76, author = {Jim Walter}, title = {{Zeoticus 2.0 | Ransomware With No C2 Required}}, date = {2021-02-03}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/zeoticus-2-0-ransomware-with-no-c2-required/}, language = {English}, urldate = {2021-02-04} } Zeoticus 2.0 | Ransomware With No C2 Required
Zeoticus
2021-01-04SentinelOneMarco Figueroa
@online{figueroa:20210104:building:37407a6, author = {Marco Figueroa}, title = {{Building a Custom Malware Analysis Lab Environment}}, date = {2021-01-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/building-a-custom-malware-analysis-lab-environment/}, language = {English}, urldate = {2021-01-13} } Building a Custom Malware Analysis Lab Environment
TrickBot
2020-12-02SentinelOnePhil Stokes
@online{stokes:20201202:apt32:acd6b3a, author = {Phil Stokes}, title = {{APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique}}, date = {2020-12-02}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/}, language = {English}, urldate = {2020-12-08} } APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
OceanLotus
2020-11-25SentinelOneJim Walter
@online{walter:20201125:egregor:5727f7a, author = {Jim Walter}, title = {{Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone}}, date = {2020-11-25}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/}, language = {English}, urldate = {2020-12-08} } Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
Cobalt Strike Egregor
2020-11-18SentinelOneJim Walter
@online{walter:20201118:ranzy:b1f443f, author = {Jim Walter}, title = {{Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative}}, date = {2020-11-18}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/}, language = {English}, urldate = {2020-11-19} } Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative
ThunderX