Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-09-18SentinelOneAlex Delamotte
@online{delamotte:20230918:capratube:77604c8, author = {Alex Delamotte}, title = {{CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones}}, date = {2023-09-18}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/}, language = {English}, urldate = {2023-09-20} } CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
CapraRAT
2023-08-21SentinelOnePhil Stokes, Dinesh Devadoss
@online{stokes:20230821:xloaders:5c2fc62, author = {Phil Stokes and Dinesh Devadoss}, title = {{XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App}}, date = {2023-08-21}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/}, language = {English}, urldate = {2023-08-22} } XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Xloader
2023-08-17SentinelOneAleksandar Milenkoski, Tom Hegel
@online{milenkoski:20230817:chinese:75e4289, author = {Aleksandar Milenkoski and Tom Hegel}, title = {{Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector}}, date = {2023-08-17}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/}, language = {English}, urldate = {2023-08-22} } Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cobalt Strike HUI Loader
2023-08-07SentinelOneTom Hegel, Aleksandar Milenkoski
@online{hegel:20230807:comrades:d449b68, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company}}, date = {2023-08-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/}, language = {English}, urldate = {2023-08-07} } Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-08-01SentinelOneTom Hegel
@online{hegel:20230801:illicit:d18e46c, author = {Tom Hegel}, title = {{Illicit Brand Impersonation | A Threat Hunting Approach}}, date = {2023-08-01}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/illicit-brand-impersonation-a-threat-hunting-approach/}, language = {English}, urldate = {2023-08-03} } Illicit Brand Impersonation | A Threat Hunting Approach
2023-07-20SentinelOneTom Hegel
@online{hegel:20230720:jumpcloud:691c0c8, author = {Tom Hegel}, title = {{JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity}}, date = {2023-07-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/}, language = {English}, urldate = {2023-07-24} } JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
2023-07-05SentinelOnePhil Stokes
@online{stokes:20230705:bluenoroff:15e17f0, author = {Phil Stokes}, title = {{BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection}}, date = {2023-07-05}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-analysis-and-detection/}, language = {English}, urldate = {2023-07-08} } BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection
RustBucket
2023-06-29SentinelOneAlex Delamotte, Jim Walter
@online{delamotte:20230629:rhysida:bd98b88, author = {Alex Delamotte and Jim Walter}, title = {{Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army}}, date = {2023-06-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army/}, language = {English}, urldate = {2023-07-05} } Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army
Rhysida
2023-05-04SentinelOneTom Hegel
@online{hegel:20230504:kimsuky:6f04a16, author = {Tom Hegel}, title = {{Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign}}, date = {2023-05-04}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/}, language = {English}, urldate = {2023-05-05} } Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
BabyShark
2023-03-29SentinelOneJuan Andrés Guerrero-Saade
@online{guerrerosaade:20230329:smoothoperator:42df1eb, author = {Juan Andrés Guerrero-Saade}, title = {{SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack}}, date = {2023-03-29}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/}, language = {English}, urldate = {2023-03-30} } SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
3CX Backdoor
2023-03-23SentinelOneAleksandar Milenkoski, Juan Andrés Guerrero-Saade, Joey Chen, QGroup
@online{milenkoski:20230323:operation:2263a72, author = {Aleksandar Milenkoski and Juan Andrés Guerrero-Saade and Joey Chen and QGroup}, title = {{Operation Tainted Love | Chinese APTs Target Telcos in New Attacks}}, date = {2023-03-23}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/}, language = {English}, urldate = {2023-03-27} } Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
mim221
2023-03-16SentinelOneTom Hegel
@online{hegel:20230316:winter:5e43881, author = {Tom Hegel}, title = {{Winter Vivern | Uncovering a Wave of Global Espionage}}, date = {2023-03-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/}, language = {English}, urldate = {2023-03-20} } Winter Vivern | Uncovering a Wave of Global Espionage
APERETIF
2023-03-13SentinelOneJim Walter
@online{walter:20230313:catb:ea73312, author = {Jim Walter}, title = {{CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking}}, date = {2023-03-13}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/}, language = {English}, urldate = {2023-03-15} } CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking
CatB
2023-02-16SentinelOneAleksandar Milenkoski, Collin Farr, Joey Chen, QGroup
@online{milenkoski:20230216:wip26:637cfde, author = {Aleksandar Milenkoski and Collin Farr and Joey Chen and QGroup}, title = {{WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks}}, date = {2023-02-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/}, language = {English}, urldate = {2023-05-24} } WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
2023-02-15SentinelOneJim Walter
@online{walter:20230215:recent:12930ef, author = {Jim Walter}, title = {{Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family}}, date = {2023-02-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/recent-tzw-campaigns-revealed-as-part-of-globeimposter-malware-family/}, language = {English}, urldate = {2023-02-17} } Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
GlobeImposter
2023-02-07SentinelOneAntonis Terefos
@online{terefos:20230207:cl0p:dfa5c77, author = {Antonis Terefos}, title = {{Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available}}, date = {2023-02-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/}, language = {English}, urldate = {2023-02-09} } Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
Clop
2023-01-24SentinelOneAleksandar Milenkoski
@online{milenkoski:20230124:dragonspark:828f0d3, author = {Aleksandar Milenkoski}, title = {{DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation}}, date = {2023-01-24}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/}, language = {English}, urldate = {2023-01-25} } DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
SparkRAT
2022-11-30SentinelOneSentinelOne
@online{sentinelone:20221130:ransomexx:e7d7457, author = {SentinelOne}, title = {{RansomEXX Ransomware: In-Depth Analysis, Detection, and Mitigation}}, date = {2022-11-30}, organization = {SentinelOne}, url = {https://www.sentinelone.com/anthology/ransomexx/}, language = {English}, urldate = {2023-06-09} } RansomEXX Ransomware: In-Depth Analysis, Detection, and Mitigation
RansomEXX RansomEXX
2022-11-07SentinelOneAleksandar Milenkoski
@online{milenkoski:20221107:socgholish:63649b2, author = {Aleksandar Milenkoski}, title = {{SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders}}, date = {2022-11-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/}, language = {English}, urldate = {2022-12-01} } SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders
FAKEUPDATES
2022-11-03SentinelOneSentinelLabs
@online{sentinellabs:20221103:black:0be02f3, author = {SentinelLabs}, title = {{Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor}}, date = {2022-11-03}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/sentinellabs22/sentinellabs-blackbasta}, language = {English}, urldate = {2022-11-03} } Black Basta Ransomware | Attacks deploy Custom EDR Evasion Tools tied to FIN7 Threat Actor
Black Basta QakBot SocksBot