Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-02Sentinel LABSJoey Chen, Amitai Ben Shushan Ehrlich
@online{chen:20220502:moshen:1969df2, author = {Joey Chen and Amitai Ben Shushan Ehrlich}, title = {{Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad}}, date = {2022-05-02}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/}, language = {English}, urldate = {2022-05-04} } Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad
2022-03-15SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20220315:threat:7f64477, author = {Amitai Ben Shushan Ehrlich}, title = {{Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software}}, date = {2022-03-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/}, language = {English}, urldate = {2022-03-17} } Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Cobalt Strike GraphSteel GrimPlant SaintBear
2022-01-12Sentinel LABSAmitai Ben Shushan Ehrlich
@online{ehrlich:20220112:wading:52a8e3a, author = {Amitai Ben Shushan Ehrlich}, title = {{Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor}}, date = {2022-01-12}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/wading-through-muddy-waters-recent-activity-of-an-iranian-state-sponsored-threat-actor/}, language = {English}, urldate = {2022-01-18} } Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
PowGoop
2021-09-30SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20210930:new:c3f26e0, author = {Amitai Ben Shushan Ehrlich}, title = {{New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education}}, date = {2021-09-30}, organization = {SentinelOne}, url = {https://www.sentinelone.com/labs/new-version-of-apostle-ransomware-reemerges-in-targeted-attack-on-higher-education/}, language = {English}, urldate = {2021-10-11} } New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Apostle
2021-07-27SYGNIASygnia Incident Response Team, Noam Lifshitz, Amitai Ben Shushan Ehrlich, Asaf Eitani, Amnon Kushnir, Gil Biton, Martin Korman, Itay Shohat, Arie Zilberstein
@techreport{team:20210727:tg1021:12e54a1, author = {Sygnia Incident Response Team and Noam Lifshitz and Amitai Ben Shushan Ehrlich and Asaf Eitani and Amnon Kushnir and Gil Biton and Martin Korman and Itay Shohat and Arie Zilberstein}, title = {{TG1021: "Praying Mantis" Dissecting an Advanced Memory-Resident Attack}}, date = {2021-07-27}, institution = {SYGNIA}, url = {https://f.hubspotusercontent30.net/hubfs/8776530/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf}, language = {English}, urldate = {2021-07-27} } TG1021: "Praying Mantis" Dissecting an Advanced Memory-Resident Attack
2021-05-25SentinelOneAmitai Ben Shushan Ehrlich
@techreport{ehrlich:20210525:from:ebe10c3, author = {Amitai Ben Shushan Ehrlich}, title = {{From Wiper to Ransomware: The Evolution of Agrius}}, date = {2021-05-25}, institution = {SentinelOne}, url = {https://www.sentinelone.com/wp-content/uploads/2021/05/SentinelLabs_From-Wiper-to-Ransomware-The-Evolution-of-Agrius.pdf}, language = {English}, urldate = {2021-06-09} } From Wiper to Ransomware: The Evolution of Agrius
Apostle