ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Labs

Sarwent Malware Continues To Evolve With Updated Command Functions 6
Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions
Jason Reaves /

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Read More
Deep Dive Into TrickBot Executor Module “mexec” Reversing The Dropper Variant 7
Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
Jason Reaves /

Continuing our earlier analysis of the TrickBot Executor Module “mexec”, we take a look at the dropper variant and reveal how it carries its payload onboard.

Read More
The Anatomy Of An APT Attack And CobaltStrike Beacon’s Encoded Configuration 3
Advanced Persistent Threat

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration
Gal Kristal /

Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.

Read More
Technical Overview Of NEMTY Successor Nefilim Nephilim Ransomware 4
Crimeware

Meet NEMTY Successor, Nefilim/Nephilim Ransomware
Jim Walter /

Ransomware families NEMTY, Nefilim and Nephilim continue to evolve and merge, taking on aspects of other successful variants that aim to encrypt and extort.

Read More
ICEID Botnet The Iceman Goes Phishing 9
Crimeware

IcedID Botnet | The Iceman Goes Phishing for US Tax Returns
Joshua Platt /

In light of the extended US tax deadline due to coronavirus, tax fraud remains a viable avenue for the criminal group behind the ICEDID banking malware.

Read More
Maze Ransomware Update Extorting And Exposing Victims 2
Crimeware

Maze Ransomware Update: Extorting and Exposing Victims
Jim Walter /

Maze ransomware doesn’t just demand payment for a decryptor but exfiltrates victim data and threatens to leak it publicly if the target doesn’t pay up.

Read More
Deep Dive Into TrickBot Executor Module Mexec Hidden Anchor Bot Nexus Operations 4
Crimeware

Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
Jason Reaves /

New “mexec” module delivers tertiary malware and allows TrickBot to pivot within a network, deploy a variety of payloads and evade common detection methods.

Read More
Breaking TA505s Crypter With An SMT Solver 1
Advanced Persistent Threat

Breaking TA505’s Crypter with an SMT Solver
Jason Reaves /

TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.

Read More
Revealing The Trick A Deep Dive Into TrickLoader Obfuscation 2
Crimeware

Revealing the Trick | A Deep Dive into TrickLoader Obfuscation
Jason Reaves /

TrickBot’s loader has received much less attention than other components of the malware. Jason Reaves shows how to reverse engineer the TrickLoader function.

Read More
DPRK HiddenCobra Update North Korean Malicious Cyber Activity 1
Advanced Persistent Threat

DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
Jim Walter /

New threat intelligence on the ever-expanding toolset of North Korean APT Hidden Cobra (Lazarus) including IoCs for RATs, beacons, persistence and more.

Read More
1 18 19 20 21 22 23