Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-08-26SophosSophos Counter Threat Unit Research Team
Velociraptor incident response tool abused for remote access
2025-05-09Sophos X-OpsAndrew Petrus, Ben Goldberg, Haigh Minassian, Imane Ismail, Sushmita Shetty
Lumma Stealer, coming and going
Lumma Stealer
2025-01-25SophosAnthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393
2024-11-06SophosAsha Castle, Hikaru Koike, Sean Gallagher, Trang Tang
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
GootLoader
2024-10-31Sophos X-OpsRoss McKerchar
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Asnarök
2024-10-31Sophos X-OpsAndrew Brandt, Ross McKerchar
Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
Asnarök Tstark
2023-12-20Sophos X-OpsMark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit Storm-1567
2023-09-22Sophos X-OpsSophos X-Ops
Mastodon Thread on observed activity involving TinyTurla
TinyTurla
2023-07-26Sophos
Into the tank with Nitrogen
Nitrogen Loader
2023-06-12SophosKarl Ackerman
Deep dive into the Pikabot cyber threat
Pikabot
2023-05-09SophosPaul Jaramillo
Akira Ransomware is “bringin’ 1988 back”
Akira
2023-04-21SophosColin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader
2023-04-19SophosAndreas Klopsch
‘AuKill’ EDR killer malware abuses Process Explorer driver
AuKill
2023-03-09SophosGabor Szappanos
A border-hopping PlugX USB worm takes its act on the road
PlugX
2023-02-06SophosAndrew Brandt
Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot
2022-12-13SophosAndreas Klopsch, Andrew Brandt
Signed driver malware moves up the software trust chain
KillAV
2022-11-30SophosAndrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-03SophosGabor Szappanos
Family Tree: DLL-Sideloading Cases May Be Related
DARKDEW MISTCLOAK
2022-10-04SophosAndreas Klopsch
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte
2022-08-18SophosSean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT