Click here to download all references as Bib-File.
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365 Lorenz |
2021-07-21 ⋅ TEAMT5 ⋅ "Le" is not tired of this, IE is really naughty Magniber |
2021-07-21 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment Conti |
2021-07-19 ⋅ Minister for Foreign Affairs of Australia ⋅ Australia joins international partners in attribution of malicious cyber activity to China APT31 APT40 HAFNIUM |
2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ A thread on RagnarLocker ransomware group's TTP seen in an Incident Response Cobalt Strike RagnarLocker |
2021-06-11 ⋅ SophosLabs Uncut ⋅ Relentless REvil, revealed: RaaS as variable as the criminals who use it REvil |
2021-05-18 ⋅ Sophos ⋅ The Active Adversary Playbook 2021 Cobalt Strike MimiKatz |
2021-05-11 ⋅ Sophos ⋅ A defender’s view inside a DarkSide ransomware attack DarkSide |
2021-05-06 ⋅ Sophos Labs ⋅ MTR in Real Time: Pirates pave way for Ryuk ransomware Ryuk |
2021-05-05 ⋅ SophosLabs Uncut ⋅ Intervention halts a ProxyLogon-enabled attack Cobalt Strike |
2021-04-22 ⋅ Twitter (@AltShiftPrtScn) ⋅ Twwet On TTPs seen in IR used by DOPPEL SPIDER Cobalt Strike DoppelPaymer |
2021-02-16 ⋅ SophosLabs Uncut ⋅ What to expect when you’ve been hit with Conti ransomware Conti |
2021-01-26 ⋅ SophosLabs Uncut ⋅ Nefilim Ransomware Attack Uses “Ghost” Credentials Nefilim |
2021-01-17 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |
2020-12-21 ⋅ IronNet ⋅ SolarWinds/SUNBURST: DGA or DNS Tunneling? SUNBURST |
2020-12-08 ⋅ Sophos ⋅ Egregor ransomware: Maze’s heir apparent Egregor Maze |
2020-11-16 ⋅ ESET Research ⋅ Lazarus supply‑chain attack in South Korea Lazarus Group |
2020-10-28 ⋅ SophosLabs Uncut ⋅ Hacks for sale: inside the Buer Loader malware-as-a-service Buer Ryuk Zloader |
2020-09-17 ⋅ SophosLabs Uncut ⋅ Maze attackers adopt Ragnar Locker virtual machine technique Maze |
2020-07-11 ⋅ Trustwave ⋅ Injecting Magecart into Magento Global Config magecart |