Get a Demo
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get a Demo
Back to Resources

SentinelOne Vs. SquirrelWaffle – Mitigation and Rollback

Video
SentinelOne Vs. SquirrelWaffle – Mitigation and Rollback

Watch how SentinelOne mitigates and rolls back “SquirrelWaffle” malware. “SquirrelWaffle” is the name for a newly discovered malware family (primary:backdoor/loader). SquirrelWaffle has been used in conjunction with Cobalt Strike for management and overall campaign control. Since early September 2021, the malware has been known to be delivered via malicious MS Office documents.

The ultimate goal of the malicious/phishing documents is to lead to the loading of a Cobalt Strike beacon. The documents, in turn, reach out to a remote server (via cscript) to pull down additional malicious files like PowerShell and VBA scripts, as well as malicious DLLs. The accompanying VBA script can then be used to launch the associated executable (DLLs).

#squirrelwaffle #cybersecurity #infosec #endpointprotection #malware #ransomware #cobaltstrike

Watch Now
Ransomware
Related Resources
Video
RSAC 2025: Join SentinelOne
Video
Is DeepSeek a Cybersecurity Threat? SentinelOne’s Alex Stamos Answers.
Video
SentinelOne and Aston Martin F1 Team
Video
LABScon24 Replay | Resilience and Protection in the Windows Ecosystem | Weston & Zetter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo