ABOUT

VISIT SENTINELONE.COM

Crimeware

Hypervisor Ransomware Multiple Threat Actor Groups Hop On Leaked Babuk Code To Build ESXi Lockers

Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers

Alex Delamotte / May 11, 2023

Availability of leaked Babuk source code is fuelling a proliferation of file lockers targeting VMware ESXi.

IceFire Ransomware Returns Now Targeting Linux Enterprise Networks 8

IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks

Alex Delamotte / March 9, 2023

New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises.

Cl0p Ransomware Targets Linux Systems With Flawed Encryption Decryptor Available 9

Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available

Antonis Terefos / February 7, 2023

An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.

MalVirt .NET Virtualization Thrives In New Malvertising Attacks 3

MalVirt | .NET Virtualization Thrives in Malvertising Attacks

Aleksandar Milenkoski / February 2, 2023

.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.

Custom Branded Ransomware The Vice Society Group And The Threat Of Outsourced Development 3

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development

Antonio Cocomazzi / December 22, 2022

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

SocGholish Diversifies And Expands Its Malware Staging Infrastructure To Counter Defenders 2

SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders

Aleksandar Milenkoski / November 7, 2022

SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match.

Black Basta Feature

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor

Antonio Cocomazzi / November 3, 2022

Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.

Intermittent Encryption For Speed And Evasion On The Rise A Trending Feature On The Ransomware Scene By Aleksandar Milenkoski Jim Walter 5

Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection

Aleksandar Milenkoski / September 8, 2022

Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.

PyPI Phishing Campaign JuiceLedger Threat Actor Pivots From Fake Apps To Supply Chain Attacks 1

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

Amitai Ben Shushan Ehrlich / September 1, 2022

A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.

Who Needs Macros Threat Actors Pivot To Abusing Explorer And Other LOLBins Via Windows Shortcuts 6

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts

Aleksandar Milenkoski / August 4, 2022

Crimeware vendors say 'macros are dead', but they have a new weapon to help threat actors successfully deploy malware.

1 2 3 4 … 7

Next

Search

Search ...

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Recent Posts

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
May 7, 2026
LABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User Experience
May 6, 2026
fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
April 23, 2026

Labs Categories

Crimeware
Security Research
LABScon
Advanced Persistent Threat
Adversary
Security & Intelligence
AI Research

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
May 7, 2026
LABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User Experience
May 6, 2026
fast16 | Mystery Shadow Brokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
April 23, 2026

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Twitter
LinkedIn

©2026 SentinelOne, All Rights Reserved.