Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-06-09Sentinel LABSAleksandar Milenkoski, Tom Hegel
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
GOREshell Nimbo-C2 ShadowPad
2025-04-28SentinelOneAleksandar Milenkoski, Jim Walter, Tom Hegel
Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
PurpleHaze
2025-02-25Sentinel LABSTom Hegel
Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition
2025-02-03SentinelOnePhil Stokes, Tom Hegel
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
FlexibleFerret FriendlyFerret FrostyFerret
2024-01-22SentinelOneAleksandar Milenkoski, Tom Hegel
ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals
Kimsuky
2023-10-24Sentinel LABSAleksandar Milenkoski, Tom Hegel
The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
ShroudedSnooper
2023-09-21Sentinel LABSTom Hegel
Cyber Soft Power | China’s Continental Takeover
Earth Estries
2023-08-17SentinelOneAleksandar Milenkoski, Tom Hegel
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cobalt Strike HUI Loader BRONZE STARLIGHT
2023-08-07SentinelOneAleksandar Milenkoski, Tom Hegel
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-08-01SentinelOneTom Hegel
Illicit Brand Impersonation | A Threat Hunting Approach
2023-07-20SentinelOneTom Hegel
JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
2023-05-04SentinelOneTom Hegel
Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
BabyShark
2023-03-16SentinelOneTom Hegel
Winter Vivern | Uncovering a Wave of Global Espionage
APERETIF Winter Vivern
2023-01-12Sentinel LABSAleksandar Milenkoski, Tom Hegel
NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Bobik Dosia NoName057(16)
2022-09-22Sentinel LABSTom Hegel
Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
Void Balaur
2022-07-18SentinelOneTom Hegel
From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
Water Sigbin
2022-07-18FortinetTom Hegel
From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
2022-07-07Sentinel LABSTom Hegel
Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs
8.t Dropper Korlia Tonto Team
2022-03-24Sentinel LABSTom Hegel
Chinese Threat Actor Scarab Targeting Ukraine
Scieron Scarab
2022-03-24Sentinel LABSTom Hegel
Chinese Threat Actor Scarab Targeting Ukraine
HeaderTip Scieron
2022-02-09SentinelOneJuan Andrés Guerrero-Saade, Tom Hegel
Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC
2022-02-09Sentinel LABSTom Hegel
ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant
2021-09-23laceworkJared Stroud, Tom Hegel
HCRootkit / Sutersu Linux Rootkit Analysis
Suterusu
2021-06-21laceworkTom Hegel
Threat Hunting SSH Keys – Bash Script Feature Pivoting
2021-05-20laceworkChris Hall, Jared Stroud, Tom Hegel
8220 Gangs Recent use of Custom Miner and Botnet
2021-04-13laceworkTom Hegel
Carbine Loader Cryptojacking Campaign
2021-01-13AlienVaultTom Hegel
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder
2018-05-03ProtectWiseTom Hegel
Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
APT41
2017-10-16401TRGTom Hegel
An Update on Winnti (LEAD/APT17)
2017-07-11401 TRGNate Marx, Tom Hegel
Winnti (LEAD/APT17) Evolution - Going Open Source