ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Advanced Persistent Threat

Hermetic Wiper Ukraine Is Under Attack 4
Advanced Persistent Threat

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
Juan Andrés Guerrero-Saade /

A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.

Read More
Hacktivism And State Sponsored Knock Offs Attributing Deceptive Hack And Leak Operations 3
Advanced Persistent Threat

Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations
Juan Andrés Guerrero-Saade /

Are there still real hacktivists out there or are they all a cover for state-sponsored operations?

Read More
Wading Through Muddy Waters Recent Activity Of An Iranian State Sponsored Threat Actor 6
Advanced Persistent Threat

Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
Amitai Ben Shushan Ehrlich /

MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.

Read More
EGoManiac An Unscrupulous Turkish Nexus Threat Actor 3
Advanced Persistent Threat

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor
Juan Andrés Guerrero-Saade /

EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.

Read More
SHADOWPAD The Masterpiece Of Privately Sold Malware In Chinese Espionage 7
Advanced Persistent Threat

ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
Yi-Jhen Hsieh /

Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.

Read More
NobleBaron New Poisoned Installers Could Be Used In Supply Chain Attacks 2
Advanced Persistent Threat

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
Juan Andrés Guerrero-Saade /

Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.

Read More
SolarWinds Understanding Detecting The SUPERNOVA Webshell Trojan 3
Advanced Persistent Threat

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
Marco Figueroa /

Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.

Read More
SolarWinds SunBurst Backdoor Inside The Stealthy APT Campaign 1
Advanced Persistent Threat

SolarWinds SUNBURST Backdoor: Inside the APT Campaign
James Haughom /

A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.

Read More
The Anatomy Of An APT Attack And CobaltStrike Beacon’s Encoded Configuration 3
Advanced Persistent Threat

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
Gal Kristal /

Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.

Read More
Breaking TA505s Crypter With An SMT Solver 1
Advanced Persistent Threat

Breaking TA505’s Crypter with an SMT Solver
Jason Reaves /

TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.

Read More
1 2 3 4