Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-28SophosLabs UncutAndrew Brandt
@online{brandt:20210528:new:4d0e375, author = {Andrew Brandt}, title = {{A new ransomware enters the fray: Epsilon Red}}, date = {2021-05-28}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/28/epsilonred/}, language = {English}, urldate = {2021-06-07} } A new ransomware enters the fray: Epsilon Red
Epsilon Red
2021-05-05SophosLabs UncutAndrew Brandt, Peter Mackenzie, Vikas Singh, Gabor Szappanos
@online{brandt:20210505:intervention:f548dee, author = {Andrew Brandt and Peter Mackenzie and Vikas Singh and Gabor Szappanos}, title = {{Intervention halts a ProxyLogon-enabled attack}}, date = {2021-05-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/05/intervention-halts-a-proxylogon-enabled-attack}, language = {English}, urldate = {2021-05-07} } Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-04-21SophosLabs UncutSean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt
@online{gallagher:20210421:nearly:53964a7, author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt}, title = {{Nearly half of malware now use TLS to conceal communications}}, date = {2021-04-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/}, language = {English}, urldate = {2021-04-28} } Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2021-04-15SophosLabs UncutAndrew Brandt
@online{brandt:20210415:bazarloader:93400a1, author = {Andrew Brandt}, title = {{BazarLoader deploys a pair of novel spam vectors}}, date = {2021-04-15}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/15/bazarloader-deploys-a-pair-of-novel-spam-vectors}, language = {English}, urldate = {2021-04-16} } BazarLoader deploys a pair of novel spam vectors
BazarBackdoor
2021-04-13SophosLabs UncutAndrew Brandt
@online{brandt:20210413:compromised:c21fba1, author = {Andrew Brandt}, title = {{Compromised Exchange server hosting cryptojacker targeting other Exchange servers}}, date = {2021-04-13}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/13/compromised-exchange-server-hosting-cryptojacker-targeting-other-exchange-servers/}, language = {English}, urldate = {2021-04-14} } Compromised Exchange server hosting cryptojacker targeting other Exchange servers
2021-03-01Sophos LabsGabor Szappanos, Andrew Brandt
@online{szappanos:20210301:gootloader:815834d, author = {Gabor Szappanos and Andrew Brandt}, title = {{“Gootloader” expands its payload delivery options}}, date = {2021-03-01}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/?cmp=30728}, language = {English}, urldate = {2021-03-02} } “Gootloader” expands its payload delivery options
GootKit
2021-02-16SophosLabs UncutAndrew Brandt, Anand Ajjan
@online{brandt:20210216:conti:24c2333, author = {Andrew Brandt and Anand Ajjan}, title = {{Conti ransomware: Evasive by nature}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/conti-ransomware-evasive-by-nature/}, language = {English}, urldate = {2021-02-20} } Conti ransomware: Evasive by nature
Conti
2021-01-21Sophos LabsGabor Szappanos, Andrew Brandt
@online{szappanos:20210121:mrbminer:1c5f2ab, author = {Gabor Szappanos and Andrew Brandt}, title = {{MrbMiner: Cryptojacking to bypass international sanctions}}, date = {2021-01-21}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/01/21/mrbminer-cryptojacking-to-bypass-international-sanctions/}, language = {English}, urldate = {2021-01-25} } MrbMiner: Cryptojacking to bypass international sanctions
2021-01-12SophosPankaj Kohli, Andrew Brandt
@online{kohli:20210112:new:ecf1e3b, author = {Pankaj Kohli and Andrew Brandt}, title = {{New Android spyware targets users in Pakistan}}, date = {2021-01-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/01/12/new-android-spyware-targets-users-in-pakistan/}, language = {English}, urldate = {2021-01-18} } New Android spyware targets users in Pakistan
PackChat
2020-09-24SophosLabs UncutAndrew Brandt, Andrew O'Donnell, Fraser Howard
@online{brandt:20200924:emaildelivered:742cfe6, author = {Andrew Brandt and Andrew O'Donnell and Fraser Howard}, title = {{Email-delivered MoDi RAT attack pastes PowerShell commands}}, date = {2020-09-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/09/24/email-delivered-modi-rat-attack-pastes-powershell-commands}, language = {English}, urldate = {2020-09-25} } Email-delivered MoDi RAT attack pastes PowerShell commands
DBatLoader
2020-09-17SophosLabs UncutAndrew Brandt, Peter Mackenzie
@online{brandt:20200917:maze:714f603, author = {Andrew Brandt and Peter Mackenzie}, title = {{Maze attackers adopt Ragnar Locker virtual machine technique}}, date = {2020-09-17}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/}, language = {English}, urldate = {2020-09-21} } Maze attackers adopt Ragnar Locker virtual machine technique
Maze
2020-07-29Sophos LabsAndrew Brandt
@online{brandt:20200729:emotets:cb1de9b, author = {Andrew Brandt}, title = {{Emotet’s return is the canary in the coal mine}}, date = {2020-07-29}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2020/07/28/emotets-return-is-the-canary-in-the-coal-mine/?cmp=30728}, language = {English}, urldate = {2020-07-30} } Emotet’s return is the canary in the coal mine
Emotet
2020-06-24Sophos LabsAndrew Brandt
@online{brandt:20200624:glupteba:fc4095d, author = {Andrew Brandt}, title = {{Glupteba malware hides in plain sight}}, date = {2020-06-24}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2020/06/24/glupteba-report/?cmp=30728}, language = {English}, urldate = {2020-06-24} } Glupteba malware hides in plain sight
Glupteba
2020-05-27SophosLabsGabor Szappanos, Andrew Brandt
@online{szappanos:20200527:netwalker:941731e, author = {Gabor Szappanos and Andrew Brandt}, title = {{Netwalker ransomware tools give insight into threat actor}}, date = {2020-05-27}, organization = {SophosLabs}, url = {https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/}, language = {English}, urldate = {2020-05-29} } Netwalker ransomware tools give insight into threat actor
Mailto
2020-02-06SophosAndrew Brandt, Mark Loman
@online{brandt:20200206:living:811742c, author = {Andrew Brandt and Mark Loman}, title = {{Living off another land: Ransomware borrows vulnerable driver to remove security software}}, date = {2020-02-06}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/}, language = {English}, urldate = {2020-02-13} } Living off another land: Ransomware borrows vulnerable driver to remove security software
RobinHood
2019-12-09SophosLabs UncutAndrew Brandt
@online{brandt:20191209:snatch:a8f2825, author = {Andrew Brandt}, title = {{Snatch ransomware reboots PCs into Safe Mode to bypass protection}}, date = {2019-12-09}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/}, language = {English}, urldate = {2022-03-18} } Snatch ransomware reboots PCs into Safe Mode to bypass protection
Snatch
2019-05-24SophosLabs UncutAndrew Brandt
@online{brandt:20190524:directed:1164fdf, author = {Andrew Brandt}, title = {{Directed attacks against MySQL servers deliver ransomware}}, date = {2019-05-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/05/24/gandcrab-spreading-via-directed-attacks-against-mysql-servers/}, language = {English}, urldate = {2022-03-18} } Directed attacks against MySQL servers deliver ransomware
Gandcrab
2019-05-10SophosLabs UncutAndrew Brandt
@online{brandt:20190510:megacortex:6b7c935, author = {Andrew Brandt}, title = {{MegaCortex, deconstructed: mysteries mount as analysis continues}}, date = {2019-05-10}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/05/10/megacortex-deconstructed-mysteries-mount-as-analysis-continues/}, language = {English}, urldate = {2022-03-18} } MegaCortex, deconstructed: mysteries mount as analysis continues
MegaCortex
2019-05-03SophosAndrew Brandt
@online{brandt:20190503:megacortex:fc2d16b, author = {Andrew Brandt}, title = {{“MegaCortex” ransomware wants to be The One}}, date = {2019-05-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2019/05/03/megacortex-ransomware-wants-to-be-the-one/}, language = {English}, urldate = {2019-11-27} } “MegaCortex” ransomware wants to be The One
MegaCortex
2019-01-30SophosLabs UncutAndrew Brandt
@online{brandt:20190130:matrix:1dc1113, author = {Andrew Brandt}, title = {{Matrix: Targeted, small scale, canary in the coalmine ransomware}}, date = {2019-01-30}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/01/30/matrix-targeted-small-scale-canary-in-the-coal-mine-ransomware/}, language = {English}, urldate = {2022-03-18} } Matrix: Targeted, small scale, canary in the coalmine ransomware
Matrix Ransom