SentinelLabs - Page 2 of 8 - Intelligence Redefined

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game

Adware infections may appear unremarkable at first, but in this example incident analysis we demonstrate their growing sophistication and risk.

Security Research

Building a Custom Malware Analysis Lab Environment

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Advanced Persistent Threat

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.

Advanced Persistent Threat

SolarWinds SUNBURST Backdoor: Inside the APT Campaign

A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.

Security Research

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Ghidra users can now enjoy the same (and more!) benefits available in IDA Pro from VirusTotal’s VTGrep plugin with this open source plugin from SentinelLabs.

Adversary

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.

Crimeware

Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone

Egregor ransomware is one of the more aggressive and complex RaaS families to date, with password-protected payloads designed to evade analysis.

Crimeware

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

The Ranzy ransomware operators have learned from their mistakes and adapted quickly after ThunderX decryptors became publicly available.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

‘End of Life’ means what it says, but #EOL software can be found in many businesses. What risks face enterprises… https://t.co/ALHr5wrkdp49 minutes ago
Congratulations to Niccolo Alicandri of @CipherTechs, winner of our Silver Slugger Award for partner excellence!… https://t.co/Z1dh7Mxqocabout 1 hour ago
❗ "Zero day" are two of the most frightening words for any IT leader. Understand how these attacks bypass tradition… https://t.co/m76WOWkcP7about 1 hour ago
Your legacy Intel software may appear to run just fine on Apple silicon thanks to Rosetta 2, but what are the per… https://t.co/yCP5Fx1u8Y2 hours ago

0 / 125

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game

Building a Custom Malware Analysis Lab Environment

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

SolarWinds SUNBURST Backdoor: Inside the APT Campaign

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

Adventures From UEFI Land: the Hunt For the S3 Boot Script

Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage

Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor