Crimeware

Spook Ransomware Prometheus Derivative Names Those That Pay Shames Those That Dont 6

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Read More
Karma Ransomware An Emerging Threat With A Hint Of JSWorm Pedigree 6

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Read More
Hide And Seek New Zloader Infection Chain Comes With Improved Stealth And Evasion Mechanisms 6

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.

Read More
Hive Attacks Analysis Of The Human Operated Ransomware Targeting Healthcare 10

Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare

Hive is a double-extortion ransomware group that’s hit over 30 organizations. Read our deep-dive into the ransomware toolkit.

Read More
Conti Unpacked Understanding Ransomware Development As A Response To Detection 2

Conti Unpacked | Understanding Ransomware Development As a Response to Detection

Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.

Read More
Evasive Maneuvers Massive IcedID Campaign Aims For Stealth With Benign Macros 5

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Read More
Gootloader ‘Initial Access As A Service Platform Expands Its Search For High Value Targets By Antonio Pirozzi. 4

Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.

Read More
Caught In The Cloud How A Minero Cryptominer Exploits Docker Containers 4

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.

Read More
Avaddon RaaS   Breaks Public Decryptor Continues On Rampage 7

Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage

Unbreakable encryption, a data leak site and threats of DDoS attacks, Avaddon has all the tricks of a modern RaaS. And now version 2 is on the way.

Read More
HelloKitty Ransomware Lacks Stealth But Still Strikes Home 3

HelloKitty Ransomware Lacks Stealth, But Still Strikes Home

HelloKitty lacks the stealth of Ryuk, REvil and Conti, but has still struck some notable targets, including CEMIGO. Ransomware overview and IoCs here.

Read More