Crimeware

With victims in the US, Australia and India, BlackCat is a new RaaS making a big impact. Learn more about this unique ransomware's behavior and IoCs.

Crimeware

New Rook Ransomware Feeds Off the Code of Babuk

Jim Walter / December 23, 2021

Scavenging code leaked from Babuk, Rook's first victim was a bank and the theft of 1123 GB of data. Learn more about this new ransomware operator.

Crimeware

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

Jim Walter / October 28, 2021

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Crimeware

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Antonis Terefos / October 18, 2021

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Crimeware

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Antonio Pirozzi / September 13, 2021

A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.

Crimeware

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Jim Walter / August 23, 2021

Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.

Crimeware

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Idan Weizman / July 8, 2021

Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.

Crimeware

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

Marco Figueroa / June 24, 2021

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Crimeware

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Antonio Pirozzi / June 16, 2021

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.

Crimeware

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

Marco Figueroa / May 20, 2021

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.

Category

Crimeware

BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims

New Rook Ransomware Feeds Off the Code of Babuk

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers