Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-24Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20231024:israelhamas:313d369, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest}}, date = {2023-10-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/}, language = {English}, urldate = {2023-11-27} } The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
2023-09-21Sentinel LABSTom Hegel
@online{hegel:20230921:cyber:9a6bb38, author = {Tom Hegel}, title = {{Cyber Soft Power | China’s Continental Takeover}}, date = {2023-09-21}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/}, language = {English}, urldate = {2023-09-22} } Cyber Soft Power | China’s Continental Takeover
Earth Estries
2023-08-17SentinelOneAleksandar Milenkoski, Tom Hegel
@online{milenkoski:20230817:chinese:75e4289, author = {Aleksandar Milenkoski and Tom Hegel}, title = {{Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector}}, date = {2023-08-17}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/}, language = {English}, urldate = {2023-08-22} } Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Cobalt Strike HUI Loader
2023-08-07SentinelOneTom Hegel, Aleksandar Milenkoski
@online{hegel:20230807:comrades:d449b68, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company}}, date = {2023-08-07}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/}, language = {English}, urldate = {2023-08-07} } Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
OpenCarrot
2023-08-01SentinelOneTom Hegel
@online{hegel:20230801:illicit:d18e46c, author = {Tom Hegel}, title = {{Illicit Brand Impersonation | A Threat Hunting Approach}}, date = {2023-08-01}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/illicit-brand-impersonation-a-threat-hunting-approach/}, language = {English}, urldate = {2023-08-03} } Illicit Brand Impersonation | A Threat Hunting Approach
2023-07-20SentinelOneTom Hegel
@online{hegel:20230720:jumpcloud:691c0c8, author = {Tom Hegel}, title = {{JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity}}, date = {2023-07-20}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/jumpcloud-intrusion-attacker-infrastructure-links-compromise-to-north-korean-apt-activity/}, language = {English}, urldate = {2023-07-24} } JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
2023-05-04SentinelOneTom Hegel
@online{hegel:20230504:kimsuky:6f04a16, author = {Tom Hegel}, title = {{Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign}}, date = {2023-05-04}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/}, language = {English}, urldate = {2023-05-05} } Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
BabyShark
2023-03-16SentinelOneTom Hegel
@online{hegel:20230316:winter:5e43881, author = {Tom Hegel}, title = {{Winter Vivern | Uncovering a Wave of Global Espionage}}, date = {2023-03-16}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/}, language = {English}, urldate = {2023-03-20} } Winter Vivern | Uncovering a Wave of Global Espionage
APERETIF Winter Vivern
2023-01-12Sentinel LABSTom Hegel, Aleksandar Milenkoski
@online{hegel:20230112:noname05716:b3cb836, author = {Tom Hegel and Aleksandar Milenkoski}, title = {{NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO}}, date = {2023-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/}, language = {English}, urldate = {2023-02-17} } NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Bobik Dosia NoName057(16)
2022-09-22Sentinel LABSTom Hegel
@online{hegel:20220922:void:edb8cef, author = {Tom Hegel}, title = {{Void Balaur | The Sprawling Infrastructure of a Careless Mercenary}}, date = {2022-09-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/}, language = {English}, urldate = {2022-09-27} } Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
Void Balaur
2022-07-18FortinetTom Hegel
@online{hegel:20220718:from:21160ee, author = {Tom Hegel}, title = {{From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts}}, date = {2022-07-18}, organization = {Fortinet}, url = {https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts}, language = {English}, urldate = {2022-07-25} } From the Front Lines | 8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
2022-07-07Sentinel LABSTom Hegel
@online{hegel:20220707:targets:174ab91, author = {Tom Hegel}, title = {{Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs}}, date = {2022-07-07}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/targets-of-interest-russian-organizations-increasingly-under-attack-by-chinese-apts/}, language = {English}, urldate = {2022-07-12} } Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs
8.t Dropper Korlia
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:d541fb8, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/}, language = {English}, urldate = {2022-03-25} } Chinese Threat Actor Scarab Targeting Ukraine
HeaderTip Scieron
2022-03-24Sentinel LABSTom Hegel
@online{hegel:20220324:chinese:39b373a, author = {Tom Hegel}, title = {{Chinese Threat Actor Scarab Targeting Ukraine}}, date = {2022-03-24}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine}, language = {English}, urldate = {2022-03-29} } Chinese Threat Actor Scarab Targeting Ukraine
Scieron Scarab
2022-02-09Sentinel LABSTom Hegel
@online{hegel:20220209:modifiedelephant:b004138, author = {Tom Hegel}, title = {{ModifiedElephant APT and a Decade of Fabricating Evidence}}, date = {2022-02-09}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/}, language = {English}, urldate = {2022-02-14} } ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant
2022-02-09SentinelOneTom Hegel, Juan Andrés Guerrero-Saade
@techreport{hegel:20220209:modified:3c039c6, author = {Tom Hegel and Juan Andrés Guerrero-Saade}, title = {{Modified Elephant APT and a Decade of Fabricating Evidence}}, date = {2022-02-09}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf}, language = {English}, urldate = {2022-02-14} } Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC
2021-09-23laceworkJared Stroud, Tom Hegel
@online{stroud:20210923:hcrootkit:5100508, author = {Jared Stroud and Tom Hegel}, title = {{HCRootkit / Sutersu Linux Rootkit Analysis}}, date = {2021-09-23}, organization = {lacework}, url = {https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/}, language = {English}, urldate = {2021-09-29} } HCRootkit / Sutersu Linux Rootkit Analysis
2021-06-21laceworkTom Hegel
@online{hegel:20210621:threat:105ce11, author = {Tom Hegel}, title = {{Threat Hunting SSH Keys – Bash Script Feature Pivoting}}, date = {2021-06-21}, organization = {lacework}, url = {https://www.lacework.com/blog/threat-hunting-ssh-keys-bash-script-feature-pivoting/}, language = {English}, urldate = {2021-06-24} } Threat Hunting SSH Keys – Bash Script Feature Pivoting
2021-05-20laceworkJared Stroud, Chris Hall, Tom Hegel
@online{stroud:20210520:8220:c309f60, author = {Jared Stroud and Chris Hall and Tom Hegel}, title = {{8220 Gangs Recent use of Custom Miner and Botnet}}, date = {2021-05-20}, organization = {lacework}, url = {https://www.lacework.com/8220-gangs-recent-use-of-custom-miner-and-botnet/}, language = {English}, urldate = {2021-05-26} } 8220 Gangs Recent use of Custom Miner and Botnet
2021-04-13laceworkTom Hegel
@online{hegel:20210413:carbine:c4dd5ef, author = {Tom Hegel}, title = {{Carbine Loader Cryptojacking Campaign}}, date = {2021-04-13}, organization = {lacework}, url = {https://www.lacework.com/carbine-loader-cryptojacking-campaign/}, language = {English}, urldate = {2021-04-20} } Carbine Loader Cryptojacking Campaign