Crimeware - Page 2 of 6 - SentinelOne
Category

Crimeware

BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims

With victims in the US, Australia and India, BlackCat is a new RaaS making a big impact. Learn more about this unique ransomware's behavior and IoCs.

Read More

New Rook Ransomware Feeds Off the Code of Babuk

Scavenging code leaked from Babuk, Rook's first victim was a bank and the theft of 1123 GB of data. Learn more about this new ransomware operator.

Read More

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Read More

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Read More

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.

Read More

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.

Read More

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.

Read More

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Read More

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.

Read More

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.

Read More