Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-10-06SentinelOneJim Walter
@online{walter:20201006:fonix:9a3fb41, author = {Jim Walter}, title = {{The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities}}, date = {2020-10-06}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/the-fonix-raas-new-low-key-threat-with-unnecessary-complexities/}, language = {English}, urldate = {2020-10-12} } The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities
FONIX
2020-09-03SentinelOneJim Walter
@online{walter:20200903:multiplatform:43807b2, author = {Jim Walter}, title = {{Multi-Platform SMAUG RaaS Aims To See Off Competitors}}, date = {2020-09-03}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/multi-platform-smaug-raas-aims-to-see-off-competitors/}, language = {English}, urldate = {2020-09-06} } Multi-Platform SMAUG RaaS Aims To See Off Competitors
SMAUG Ransomware
2020-08-31SentinelOneJim Walter
@online{walter:20200831:blindingcan:cdb0ffc, author = {Jim Walter}, title = {{The BLINDINGCAN RAT and Malicious North Korean Activity}}, date = {2020-08-31}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/}, language = {English}, urldate = {2020-09-01} } The BLINDINGCAN RAT and Malicious North Korean Activity
BLINDINGCAN
2020-08-13SentinelOneSentinelLabs
@online{sentinellabs:20200813:case:4560aed, author = {SentinelLabs}, title = {{Case Study: Catching a Human-Operated Maze Ransomware Attack In Action}}, date = {2020-08-13}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/case-study-catching-a-human-operated-maze-ransomware-attack-in-action/}, language = {English}, urldate = {2020-08-14} } Case Study: Catching a Human-Operated Maze Ransomware Attack In Action
Maze
2020-08-10SentinelOneJim Walter
@online{walter:20200810:agent:d09f042, author = {Jim Walter}, title = {{Agent Tesla | Old RAT Uses New Tricks to Stay on Top}}, date = {2020-08-10}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/}, language = {English}, urldate = {2020-08-13} } Agent Tesla | Old RAT Uses New Tricks to Stay on Top
Agent Tesla
2020-07-27SentinelOnePhil Stokes
@online{stokes:20200727:four:9d80c60, author = {Phil Stokes}, title = {{Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform}}, date = {2020-07-27}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/}, language = {English}, urldate = {2020-07-30} } Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
AppleJeus Casso Dacls WatchCat
2020-07-22SentinelOneJason Reaves, Joshua Platt
@online{reaves:20200722:enter:71d9038, author = {Jason Reaves and Joshua Platt}, title = {{Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)}}, date = {2020-07-22}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/enter-the-maze-demystifying-an-affiliate-involved-in-maze-snow/}, language = {English}, urldate = {2020-07-23} } Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
ISFB Maze TrickBot Zloader
2020-06-17SentinelOneMichael Myngerbayev
@online{myngerbayev:20200617:click:fe87ba2, author = {Michael Myngerbayev}, title = {{A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software}}, date = {2020-06-17}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/}, language = {English}, urldate = {2020-06-19} } A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
2020-06-08SentinelOnePhil Stokes
@online{stokes:20200608:guide:6052f6c, author = {Phil Stokes}, title = {{A Guide to macOS Threat Hunting and Incident Response}}, date = {2020-06-08}, organization = {SentinelOne}, url = {https://assets.sentinelone.com/c/sentinal-one-mac-os-?x=FvGtLJ}, language = {English}, urldate = {2020-06-11} } A Guide to macOS Threat Hunting and Incident Response
2020-05-20SentinelOneJim Walter
@online{walter:20200520:why:818c76f, author = {Jim Walter}, title = {{Why On-Device Detection Matters: New Ramsay Trojan Targets Air-Gapped Networks}}, date = {2020-05-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/why-on-device-detection-matters-new-ramsay-trojan-targets-air-gapped-networks/}, language = {English}, urldate = {2020-06-10} } Why On-Device Detection Matters: New Ramsay Trojan Targets Air-Gapped Networks
Ramsay
2020-05-14SentinelOneJason Reaves
@online{reaves:20200514:deep:1ee83b6, author = {Jason Reaves}, title = {{Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant}}, date = {2020-05-14}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-reversing-the-dropper-variant/}, language = {English}, urldate = {2020-05-18} } Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
TrickBot
2020-05-11SentinelOneGal Kristal
@online{kristal:20200511:anatomy:4ece947, author = {Gal Kristal}, title = {{The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration}}, date = {2020-05-11}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/the-anatomy-of-an-apt-attack-and-cobaltstrike-beacons-encoded-configuration/}, language = {English}, urldate = {2020-05-13} } The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
Cobalt Strike
2020-05-04SentinelOneJim Walter
@online{walter:20200504:meet:7943fa2, author = {Jim Walter}, title = {{Meet NEMTY Successor, Nefilim/Nephilim Ransomware}}, date = {2020-05-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/meet-nemty-successor-nefilim-nephilim-ransomware/}, language = {English}, urldate = {2020-06-22} } Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Nefilim Ransomware Nemty
2020-04-08SentinelOneJason Reaves
@online{reaves:20200408:deep:87b83bb, author = {Jason Reaves}, title = {{Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations}}, date = {2020-04-08}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/deep-dive-into-trickbot-executor-module-mexec-hidden-anchor-bot-nexus-operations/}, language = {English}, urldate = {2020-04-13} } Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Anchor TrickBot
2020-03-04SentinelOneJason Reaves
@online{reaves:20200304:breaking:8262e7e, author = {Jason Reaves}, title = {{Breaking TA505’s Crypter with an SMT Solver}}, date = {2020-03-04}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/breaking-ta505s-crypter-with-an-smt-solver/}, language = {English}, urldate = {2020-03-04} } Breaking TA505’s Crypter with an SMT Solver
Clop CryptoMix MINEBIDGE
2020-02-26SentinelOneJason Reaves
@online{reaves:20200226:revealing:2c3fc63, author = {Jason Reaves}, title = {{Revealing the Trick | A Deep Dive into TrickLoader Obfuscation}}, date = {2020-02-26}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/revealing-the-trick-a-deep-dive-into-trickloader-obfuscation/}, language = {English}, urldate = {2020-02-27} } Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
TrickBot
2020-02-25SentinelOneJim Walter
@online{walter:20200225:dprk:735f095, author = {Jim Walter}, title = {{DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity}}, date = {2020-02-25}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/dprk-hidden-cobra-update-north-korean-malicious-cyber-activity/}, language = {English}, urldate = {2020-02-27} } DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
ARTFULPIE BISTROMATH BUFFETLINE CHEESETRAY HOPLIGHT HOTCROISSANT SLICKSHOES
2020-02-05SentinelOneVitali Kremez
@online{kremez:20200205:prorussian:4fab984, author = {Vitali Kremez}, title = {{Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting}}, date = {2020-02-05}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/pro-russian-cyberspy-gamaredon-intensifies-ukrainian-security-targeting/}, language = {English}, urldate = {2020-02-09} } Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting
Pteranodon
2020-01-23SentinelOneJim Walter
@online{walter:20200123:new:8d4a9c2, author = {Jim Walter}, title = {{New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware}}, date = {2020-01-23}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/}, language = {English}, urldate = {2020-01-27} } New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware
Snake Ransomware
2020-01-09SentinelOneVitali Kremez, Joshua Platt, Jason Reaves
@online{kremez:20200109:toptier:4f8de90, author = {Vitali Kremez and Joshua Platt and Jason Reaves}, title = {{Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets}}, date = {2020-01-09}, organization = {SentinelOne}, url = {https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/}, language = {English}, urldate = {2020-01-13} } Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
TrickBot WIZARD SPIDER