Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-12-20Sophos X-OpsMark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit Storm-1567
2023-09-22Sophos X-OpsSophos X-Ops
Mastodon Thread on observed activity involving TinyTurla
2023-06-12SophosKarl Ackerman
Deep dive into the Pikabot cyber threat
2023-05-09SophosPaul Jaramillo
Akira Ransomware is “bringin’ 1988 back”
2023-04-21SophosColin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader
2023-04-19SophosAndreas Klopsch
‘AuKill’ EDR killer malware abuses Process Explorer driver
2023-03-09SophosGabor Szappanos
A border-hopping PlugX USB worm takes its act on the road
2023-02-06SophosAndrew Brandt
Qakbot mechanizes distribution of malicious OneNote notebooks
2022-12-13SophosAndreas Klopsch, Andrew Brandt
Signed driver malware moves up the software trust chain
2022-11-30SophosAndrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
2022-11-03SophosGabor Szappanos
Family Tree: DLL-Sideloading Cases May Be Related
2022-10-04SophosAndreas Klopsch
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
2022-08-18SophosSean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT
2022-07-20SophosColin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany
2022-07-14SophosAlexander Giles
Rapid Response: The Ngrok Incident Guide
2022-07-14SophosAndrew Brandt, Andy French, Bill Kearney, Elida Leite, Harinder Bhathal, Lee Kirkpatrick, Peter Mackenzie, Robert Weiland, Sergio Bestulic
BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-06-16SophosLabs UncutAndrew Brandt
Confluence exploits used to drop ransomware on vulnerable servers
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver DriftingCloud
2022-05-04SophosAndreas Klopsch
Attacking Emotet’s Control Flow Flattening
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware