SentinelLabs - Page 2 of 5 - Intelligence Redefined

Valak Malware and the Connection to Gozi Loader ConfCrew

Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.

Crimeware

NetWalker Ransomware: No Respite, No English Required

NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Advanced Persistent Threat

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration

Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.

Crimeware

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.

Crimeware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.

Crimeware

Maze Ransomware Update: Extorting and Exposing Victims

Maze ransomware doesn’t just demand payment for a decryptor but exfiltrates victim data and threatens to leak it publicly if the target doesn’t pay up.

Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.

Advanced Persistent Threat

Breaking TA505’s Crypter with an SMT Solver

TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.

#Maze Ransomware was discovered in May 2019 and has become increasingly popular since Fall 2019. Watch how we de… https://t.co/04QYBNM9Yh2 hours ago
️ Find Applications with Full Disk Access Permissions (#macOS) sudo sqlite3 /Library/Application\ Support/com.app… https://t.co/Jk9zCq0XM93 hours ago
Apple have been encouraging developers to abandon Kernel Extensions (#kexts). We think that's a great idea for sec… https://t.co/tlST8X35SZ3 hours ago
Your employees are using social media, but the more attackers see, the more intelligence they have to achieve a c… https://t.co/plOydFwQbf4 hours ago

0 / 63

Valak Malware and the Connection to Gozi Loader ConfCrew

NetWalker Ransomware: No Respite, No English Required

Sarwent Malware Continues to Evolve With Updated Command Functions

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration

Meet NEMTY Successor, Nefilim/Nephilim Ransomware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns

Maze Ransomware Update: Extorting and Exposing Victims

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations

Breaking TA505’s Crypter with an SMT Solver

Agent Tesla | Old RAT Uses New Tricks to Stay on Top

Hacking Smart Devices for Fun and Profit

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

WastedLocker Ransomware: Abusing ADS and NTFS File Attributes