Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-12SentinelOneJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20221012:wip19:672e865, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware}}, date = {2022-10-12}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/}, language = {English}, urldate = {2022-10-24} } WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Maggie ScreenCap
2022-09Sentinel LABSAmitai Ben Shushan Ehrlich, Aleksandar Milenkoski, Juan Andrés Guerrero-Saade
@online{ehrlich:202209:mystery:fc2eb1e, author = {Amitai Ben Shushan Ehrlich and Aleksandar Milenkoski and Juan Andrés Guerrero-Saade}, title = {{The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities}}, date = {2022-09}, organization = {Sentinel LABS}, url = {https://assets.sentinelone.com/sentinellabs22/metador}, language = {English}, urldate = {2022-09-30} } The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022-09-01Sentinel LABSAmitai Ben Shushan Ehrlich
@online{ehrlich:20220901:pypi:6865bf4, author = {Amitai Ben Shushan Ehrlich}, title = {{PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks}}, date = {2022-09-01}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/}, language = {English}, urldate = {2022-09-06} } PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
2022-05-02Sentinel LABSJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20220502:moshen:1969df2, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad}}, date = {2022-05-02}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/}, language = {English}, urldate = {2022-05-04} } Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad
2022-03-15SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20220315:threat:7f64477, author = {Amitai Ben Shushan Ehrlich}, title = {{Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software}}, date = {2022-03-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/}, language = {English}, urldate = {2022-03-17} } Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Cobalt Strike GraphSteel GrimPlant SaintBear
2022-01-12Sentinel LABSAmitai Ben Shushan Ehrlich
@online{ehrlich:20220112:wading:52a8e3a, author = {Amitai Ben Shushan Ehrlich}, title = {{Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor}}, date = {2022-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/wading-through-muddy-waters-recent-activity-of-an-iranian-state-sponsored-threat-actor/}, language = {English}, urldate = {2022-01-18} } Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
PowGoop
2021-09-30SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20210930:new:c3f26e0, author = {Amitai Ben Shushan Ehrlich}, title = {{New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education}}, date = {2021-09-30}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/new-version-of-apostle-ransomware-reemerges-in-targeted-attack-on-higher-education/}, language = {English}, urldate = {2021-10-11} } New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Apostle
2021-07-27SYGNIASygnia Incident Response Team, Noam Lifshitz, Amitai Ben Shushan Ehrlich, Asaf Eitani, Amnon Kushnir, Gil Biton, Martin Korman, Itay Shohat, Arie Zilberstein
@techreport{team:20210727:tg1021:12e54a1, author = {Sygnia Incident Response Team and Noam Lifshitz and Amitai Ben Shushan Ehrlich and Asaf Eitani and Amnon Kushnir and Gil Biton and Martin Korman and Itay Shohat and Arie Zilberstein}, title = {{TG1021: "Praying Mantis" Dissecting an Advanced Memory-Resident Attack}}, date = {2021-07-27}, institution = {SYGNIA}, url = {https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf}, language = {English}, urldate = {2021-07-27} } TG1021: "Praying Mantis" Dissecting an Advanced Memory-Resident Attack
2021-05-25SentinelOneAmitai Ben Shushan Ehrlich
@techreport{ehrlich:20210525:from:ebe10c3, author = {Amitai Ben Shushan Ehrlich}, title = {{From Wiper to Ransomware: The Evolution of Agrius}}, date = {2021-05-25}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2021/05/SentinelLabs_From-Wiper-to-Ransomware-The-Evolution-of-Agrius.pdf}, language = {English}, urldate = {2022-12-08} } From Wiper to Ransomware: The Evolution of Agrius
Apostle DEADWOOD
2021-03-03SYGNIAAmitai Ben Shushan, Noam Lifshitz, Amnon Kushnir, Martin Korman, Boaz Wasserman
@online{shushan:20210303:lazarus:60339a7, author = {Amitai Ben Shushan and Noam Lifshitz and Amnon Kushnir and Martin Korman and Boaz Wasserman}, title = {{Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware}}, date = {2021-03-03}, organization = {SYGNIA}, url = {https://www.sygnia.co/mata-framework}, language = {English}, urldate = {2021-03-04} } Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware
Dacls Dacls Dacls TFlower