Click here to download all references as Bib-File.
2021-10-12 ⋅ IronNet ⋅ Continued Exploitation of CVE-2021-26084 |
2021-10-07 ⋅ Palo Alto Networks Unit 42 ⋅ SilverTerrier – Nigerian Business Email Compromise |
2021-09-29 ⋅ Trend Micro ⋅ FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Formbook |
2021-09-03 ⋅ Sophos ⋅ Conti affiliates use ProxyShell Exchange exploit in ransomware attacks Cobalt Strike Conti |
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access Conti |
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365 Lorenz |
2021-07-21 ⋅ TEAMT5 ⋅ "Le" is not tired of this, IE is really naughty Magniber |
2021-07-21 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment Conti |
2021-07-19 ⋅ Minister for Foreign Affairs of Australia ⋅ Australia joins international partners in attribution of malicious cyber activity to China APT31 APT40 HAFNIUM |
2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ A thread on RagnarLocker ransomware group's TTP seen in an Incident Response Cobalt Strike RagnarLocker |
2021-06-11 ⋅ SophosLabs Uncut ⋅ Relentless REvil, revealed: RaaS as variable as the criminals who use it REvil |
2021-05-18 ⋅ Sophos ⋅ The Active Adversary Playbook 2021 Cobalt Strike MimiKatz |
2021-05-11 ⋅ Sophos ⋅ A defender’s view inside a DarkSide ransomware attack DarkSide |
2021-05-06 ⋅ Sophos Labs ⋅ MTR in Real Time: Pirates pave way for Ryuk ransomware Ryuk |
2021-05-05 ⋅ SophosLabs Uncut ⋅ Intervention halts a ProxyLogon-enabled attack Cobalt Strike |
2021-04-22 ⋅ Twitter (@AltShiftPrtScn) ⋅ Twwet On TTPs seen in IR used by DOPPEL SPIDER Cobalt Strike DoppelPaymer |
2021-02-16 ⋅ SophosLabs Uncut ⋅ What to expect when you’ve been hit with Conti ransomware Conti |
2021-01-26 ⋅ SophosLabs Uncut ⋅ Nefilim Ransomware Attack Uses “Ghost” Credentials Nefilim |
2021-01-17 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |
2020-12-21 ⋅ IronNet ⋅ SolarWinds/SUNBURST: DGA or DNS Tunneling? SUNBURST |