Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-04SentinelOneMarco Figueroa
@online{figueroa:20210104:building:37407a6, author = {Marco Figueroa}, title = {{Building a Custom Malware Analysis Lab Environment}}, date = {2021-01-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/building-a-custom-malware-analysis-lab-environment/}, language = {English}, urldate = {2021-01-13} } Building a Custom Malware Analysis Lab Environment
TrickBot
2020-12-02SentinelOnePhil Stokes
@online{stokes:20201202:apt32:acd6b3a, author = {Phil Stokes}, title = {{APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique}}, date = {2020-12-02}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/}, language = {English}, urldate = {2020-12-08} } APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
OceanLotus
2020-11-25SentinelOneJim Walter
@online{walter:20201125:egregor:5727f7a, author = {Jim Walter}, title = {{Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone}}, date = {2020-11-25}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/}, language = {English}, urldate = {2020-12-08} } Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone
Cobalt Strike Egregor
2020-11-18SentinelOneJim Walter
@online{walter:20201118:ranzy:b1f443f, author = {Jim Walter}, title = {{Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative}}, date = {2020-11-18}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/}, language = {English}, urldate = {2020-11-19} } Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative
ThunderX Ransomware
2020-11-05SentinelOnePhil Stokes
@online{stokes:20201105:resourceful:2b135e6, author = {Phil Stokes}, title = {{Resourceful macOS Malware Hides in Named Fork}}, date = {2020-11-05}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/resourceful-macos-malware-hides-in-named-fork/}, language = {English}, urldate = {2020-11-09} } Resourceful macOS Malware Hides in Named Fork
Bundlore
2020-10-19SentinelOneGal Kristal
@online{kristal:20201019:purple:46e7ffb, author = {Gal Kristal}, title = {{Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow}}, date = {2020-10-19}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/purple-fox-ek-new-cves-steganography-and-virtualization-added-to-attack-flow/}, language = {English}, urldate = {2020-10-23} } Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
2020-10-06SentinelOneJim Walter
@online{walter:20201006:fonix:9a3fb41, author = {Jim Walter}, title = {{The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities}}, date = {2020-10-06}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/the-fonix-raas-new-low-key-threat-with-unnecessary-complexities/}, language = {English}, urldate = {2020-10-12} } The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities
FONIX
2020-09-03SentinelOneJim Walter
@online{walter:20200903:multiplatform:43807b2, author = {Jim Walter}, title = {{Multi-Platform SMAUG RaaS Aims To See Off Competitors}}, date = {2020-09-03}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/multi-platform-smaug-raas-aims-to-see-off-competitors/}, language = {English}, urldate = {2020-09-06} } Multi-Platform SMAUG RaaS Aims To See Off Competitors
SMAUG Ransomware
2020-08-31SentinelOneJim Walter
@online{walter:20200831:blindingcan:cdb0ffc, author = {Jim Walter}, title = {{The BLINDINGCAN RAT and Malicious North Korean Activity}}, date = {2020-08-31}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/}, language = {English}, urldate = {2020-09-01} } The BLINDINGCAN RAT and Malicious North Korean Activity
BLINDINGCAN
2020-08-13SentinelOneSentinelLabs
@online{sentinellabs:20200813:case:4560aed, author = {SentinelLabs}, title = {{Case Study: Catching a Human-Operated Maze Ransomware Attack In Action}}, date = {2020-08-13}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/case-study-catching-a-human-operated-maze-ransomware-attack-in-action/}, language = {English}, urldate = {2020-08-14} } Case Study: Catching a Human-Operated Maze Ransomware Attack In Action
Maze
2020-08-10SentinelOneJim Walter
@online{walter:20200810:agent:d09f042, author = {Jim Walter}, title = {{Agent Tesla | Old RAT Uses New Tricks to Stay on Top}}, date = {2020-08-10}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/}, language = {English}, urldate = {2020-08-13} } Agent Tesla | Old RAT Uses New Tricks to Stay on Top
Agent Tesla
2020-07-27SentinelOnePhil Stokes
@online{stokes:20200727:four:9d80c60, author = {Phil Stokes}, title = {{Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform}}, date = {2020-07-27}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/}, language = {English}, urldate = {2020-07-30} } Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
AppleJeus Casso Dacls WatchCat
2020-07-22SentinelOneJason Reaves, Joshua Platt
@online{reaves:20200722:enter:71d9038, author = {Jason Reaves and Joshua Platt}, title = {{Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)}}, date = {2020-07-22}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/enter-the-maze-demystifying-an-affiliate-involved-in-maze-snow/}, language = {English}, urldate = {2020-07-23} } Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
ISFB Maze TrickBot Zloader
2020-06-17SentinelOneMichael Myngerbayev
@online{myngerbayev:20200617:click:fe87ba2, author = {Michael Myngerbayev}, title = {{A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software}}, date = {2020-06-17}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/}, language = {English}, urldate = {2020-06-19} } A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
2020-06-08SentinelOnePhil Stokes
@online{stokes:20200608:guide:6052f6c, author = {Phil Stokes}, title = {{A Guide to macOS Threat Hunting and Incident Response}}, date = {2020-06-08}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ}, language = {English}, urldate = {2020-06-11} } A Guide to macOS Threat Hunting and Incident Response
2020-05-20SentinelOneJim Walter
@online{walter:20200520:why:818c76f, author = {Jim Walter}, title = {{Why On-Device Detection Matters: New Ramsay Trojan Targets Air-Gapped Networks}}, date = {2020-05-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/why-on-device-detection-matters-new-ramsay-trojan-targets-air-gapped-networks/}, language = {English}, urldate = {2020-06-10} } Why On-Device Detection Matters: New Ramsay Trojan Targets Air-Gapped Networks
Ramsay
2020-05-14SentinelOneJason Reaves
@online{reaves:20200514:deep:1ee83b6, author = {Jason Reaves}, title = {{Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant}}, date = {2020-05-14}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-reversing-the-dropper-variant/}, language = {English}, urldate = {2020-05-18} } Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
TrickBot
2020-05-11SentinelOneGal Kristal
@online{kristal:20200511:anatomy:4ece947, author = {Gal Kristal}, title = {{The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration}}, date = {2020-05-11}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/the-anatomy-of-an-apt-attack-and-cobaltstrike-beacons-encoded-configuration/}, language = {English}, urldate = {2020-05-13} } The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
Cobalt Strike
2020-05-04SentinelOneJim Walter
@online{walter:20200504:meet:7943fa2, author = {Jim Walter}, title = {{Meet NEMTY Successor, Nefilim/Nephilim Ransomware}}, date = {2020-05-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meet-nemty-successor-nefilim-nephilim-ransomware/}, language = {English}, urldate = {2020-06-22} } Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Nefilim Ransomware Nemty
2020-04-08SentinelOneJason Reaves
@online{reaves:20200408:deep:87b83bb, author = {Jason Reaves}, title = {{Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations}}, date = {2020-04-08}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-hidden-anchor-bot-nexus-operations/}, language = {English}, urldate = {2020-04-13} } Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Anchor TrickBot