ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Labs

WastedLocker Ransomware Abusing ADS And NTFS File Attributes 4
Crimeware

WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
Jim Walter /

WastedLocker is a relatively new ransomware that has been attacking high-value targets across numerous industries, including several Fortune 500 companies.

Read More
Enter The Maze Demystifying An Affiliate Involved In Maze Snow 9
Crimeware

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
Jason Reaves /

SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.

Read More
Breaking EvilQuest Reversing A Custom MacOS Ransomware File Encryption Routine 8
Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
Jason Reaves /

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Read More
Living Off Windows Land A New Native File Downldr 13
Security Research

Living Off Windows Land – A New Native File “downldr”
Gal Kristal /

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

Read More
Thanos Ransomware A Rapidly Evolving RaaS Targets Legacy AV Backup Solutions 12
Crimeware

Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set
Jim Walter /

Thanos Ransomware has developed rapidly over the last 6 months, offering a customized RaaS tool with an expanding feature set to build unique payloads.

Read More
Inside A “TrickBot” “CobaltStrike” Attack Server 9
Crimeware

Inside a TrickBot Cobalt Strike Attack Server
Joshua Platt /

Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.

Read More
A Click From The Backyard Analysis Of CVE 2020 9332 A USB Redirection Software Privilege Escalation 3
Security Research

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
Michael Myngerbayev /

CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.

Read More
Valak Malware And The Connection To Gozi Loader ConfCrew 1
Crimeware

Valak Malware and the Connection to Gozi Loader ConfCrew
Jason Reaves /

Valak uses a multi-stage, script-based malware that hijacks email replies and embeds malicious URLs or attachments to infect devices with fileless scripts.

Read More
NetWalker Ransomware Update No Respite No English Required 2
Crimeware

NetWalker Ransomware: No Respite, No English Required
Jim Walter /

NetWalker is following a now-familiar pattern: increased ransom demands, threats to leak victim data and relentless attacks during the COVID-19 pandemic.

Read More
Sarwent Malware Continues To Evolve With Updated Command Functions 6
Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions
Jason Reaves /

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Read More
1 16 17 18 19 20 22