Advanced Persistent Threat

Wading Through Muddy Waters Recent Activity Of An Iranian State Sponsored Threat Actor 6

Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor

MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.

Read More
EGoManiac An Unscrupulous Turkish Nexus Threat Actor 3

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.

Read More
SHADOWPAD The Masterpiece Of Privately Sold Malware In Chinese Espionage 7

ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.

Read More
NobleBaron New Poisoned Installers Could Be Used In Supply Chain Attacks 2

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks

Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.

Read More
SolarWinds   Understanding Detecting The SUPERNOVA Webshell Trojan 3

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.

Read More
SolarWinds SunBurst Backdoor  Inside The Stealthy APT Campaign 1

SolarWinds SUNBURST Backdoor: Inside the APT Campaign

A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.

Read More
The Anatomy Of An APT Attack And CobaltStrike Beacon’s Encoded Configuration 3

The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration

Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.

Read More
Breaking TA505s Crypter With An SMT Solver 1

Breaking TA505’s Crypter with an SMT Solver

TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.

Read More
DPRK HiddenCobra Update  North Korean Malicious Cyber Activity 1

DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity

New threat intelligence on the ever-expanding toolset of North Korean APT Hidden Cobra (Lazarus) including IoCs for RATs, beacons, persistence and more.

Read More
From Office Macro Malware To Lightweight JS Loader 10 1

Deep Insight into “FIN7” Malware Chain: From Office Macro Malware to Lightweight JS Loader

Vitali Kremez dissecting the ‘Fin7’ malware chain that leverages malicious MS Office Macros and a JS loader.

Read More