Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-19SophosColin Cowie, Mat Gangwer, Stan Andic, Sophos MTR Team
@online{cowie:20220119:zloader:e87c22c, author = {Colin Cowie and Mat Gangwer and Stan Andic and Sophos MTR Team}, title = {{Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike}}, date = {2022-01-19}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/}, language = {English}, urldate = {2022-01-25} } Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
Cobalt Strike Zloader
2021-12-22SophosAndrew Brandt, Fraser Howard, Anand Ajjan, Peter Mackenzie, Ferenc László Nagy, Sergio Bestulic, Timothy Easton
@online{brandt:20211222:avos:b09298c, author = {Andrew Brandt and Fraser Howard and Anand Ajjan and Peter Mackenzie and Ferenc László Nagy and Sergio Bestulic and Timothy Easton}, title = {{Avos Locker remotely accesses boxes, even running in Safe Mode}}, date = {2021-12-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/22/avos-locker-remotely-accesses-boxes-even-running-in-safe-mode/}, language = {English}, urldate = {2021-12-31} } Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-21SophosAndrew Brandt, Stephen Ormandy
@online{brandt:20211221:attackers:a529ed2, author = {Andrew Brandt and Stephen Ormandy}, title = {{Attackers test “CAB-less 40444” exploit in a dry run}}, date = {2021-12-21}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/}, language = {English}, urldate = {2021-12-31} } Attackers test “CAB-less 40444” exploit in a dry run
2021-12-20SophosSean Gallagher
@online{gallagher:20211220:logjam:682b229, author = {Sean Gallagher}, title = {{Logjam: Log4j exploit attempts continue in globally distributed scans, attacks}}, date = {2021-12-20}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/20/logjam-log4j-exploit-attempts-continue-in-globally-distributed-scans-attacks/}, language = {English}, urldate = {2021-12-31} } Logjam: Log4j exploit attempts continue in globally distributed scans, attacks
2021-12-17SophosSean Gallagher, Hardik Shah
@online{gallagher:20211217:inside:0da2770, author = {Sean Gallagher and Hardik Shah}, title = {{Inside the code: How the Log4Shell exploit works}}, date = {2021-12-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/17/inside-the-code-how-the-log4shell-exploit-works/}, language = {English}, urldate = {2021-12-31} } Inside the code: How the Log4Shell exploit works
2021-12-12SophosSean Gallagher
@online{gallagher:20211212:log4shell:0609a1c, author = {Sean Gallagher}, title = {{Log4Shell Hell: anatomy of an exploit outbreak}}, date = {2021-12-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/}, language = {English}, urldate = {2021-12-31} } Log4Shell Hell: anatomy of an exploit outbreak
2021-11-23SophosPankaj Kohli
@online{kohli:20211123:android:614480a, author = {Pankaj Kohli}, title = {{Android APT spyware, targeting Middle East victims, enhances evasiveness}}, date = {2021-11-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/}, language = {English}, urldate = {2021-12-07} } Android APT spyware, targeting Middle East victims, enhances evasiveness
2021-11-18SophosLabs UncutSean Gallagher
@online{gallagher:20211118:new:7fc4407, author = {Sean Gallagher}, title = {{New ransomware actor uses password protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/}, language = {English}, urldate = {2022-03-22} } New ransomware actor uses password protected archives to bypass encryption protection
2021-11-18SophosSean Gallagher, Vikas Singh, Robert Weiland, Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, Sergio Bestuilic, Ferenc László Nagy, Rahul Dugar, Nirav Parekh, Gabor Szappanos
@online{gallagher:20211118:new:31668c5, author = {Sean Gallagher and Vikas Singh and Robert Weiland and Elida Leite and Kyle Link and Ratul Ghosh and Harinder Bhathal and Sergio Bestuilic and Ferenc László Nagy and Rahul Dugar and Nirav Parekh and Gabor Szappanos}, title = {{New ransomware actor uses password-protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/?cmp=30728}, language = {English}, urldate = {2021-11-19} } New ransomware actor uses password-protected archives to bypass encryption protection
2021-11-11SophosLabs UncutAndrew Brandt
@online{brandt:20211111:bazarloader:9328545, author = {Andrew Brandt}, title = {{BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism}}, date = {2021-11-11}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/11/11/bazarloader-call-me-back-attack-abuses-windows-10-apps-mechanism/}, language = {English}, urldate = {2021-11-12} } BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
BazarBackdoor
2021-10-24SophosSean Gallagher
@online{gallagher:20211024:node:3619389, author = {Sean Gallagher}, title = {{Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor}}, date = {2021-10-24}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/24/node-poisoning-hijacked-package-delivers-coin-miner-and-credential-stealing-backdoor}, language = {English}, urldate = {2021-11-02} } Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor
DanaBot Monero Miner
2021-10-05SophosAndrew Brandt, Rajesh Nataraj, Andrew O’Donnell, Mauricio Valdivieso
@online{brandt:20211005:python:61cd49c, author = {Andrew Brandt and Rajesh Nataraj and Andrew O’Donnell and Mauricio Valdivieso}, title = {{Python ransomware script targets ESXi server for encryption}}, date = {2021-10-05}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/05/python-ransomware-script-targets-esxi-server-for-encryption/}, language = {English}, urldate = {2021-10-11} } Python ransomware script targets ESXi server for encryption
2021-10-04SophosSean Gallagher, Vikas Singh, Krisztián Diriczi, Kajal Katiyar, Chaitanya Ghorpade, Rahil Shah
@online{gallagher:20211004:atom:782b979, author = {Sean Gallagher and Vikas Singh and Krisztián Diriczi and Kajal Katiyar and Chaitanya Ghorpade and Rahil Shah}, title = {{Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack}}, date = {2021-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/}, language = {English}, urldate = {2021-10-11} } Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
ATOMSILO Cobalt Strike
2021-09-23SophosSean Gallagher
@online{gallagher:20210923:phishing:0753a1d, author = {Sean Gallagher}, title = {{Phishing and malware actors abuse Google Forms for credentials, data exfiltration}}, date = {2021-09-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/23/phishing-and-malware-actors-abuse-google-forms-for-credentials-data-exfiltration/}, language = {English}, urldate = {2021-09-28} } Phishing and malware actors abuse Google Forms for credentials, data exfiltration
2021-09-21SophosAndrew Brandt, Vikas Singh, Shefali Gupta, Krisztián Diriczi, Chaitanya Ghorpade
@online{brandt:20210921:cring:9bd4998, author = {Andrew Brandt and Vikas Singh and Shefali Gupta and Krisztián Diriczi and Chaitanya Ghorpade}, title = {{Cring ransomware group exploits ancient ColdFusion server}}, date = {2021-09-21}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/21/cring-ransomware-group-exploits-ancient-coldfusion-server/?cmp=30728}, language = {English}, urldate = {2021-09-24} } Cring ransomware group exploits ancient ColdFusion server
Cobalt Strike Cring
2021-09-03SophosSean Gallagher, Peter Mackenzie, Anand Ajjan, Andrew Ludgate, Gabor Szappanos, Sergio Bestulic, Syed Zaidi
@online{gallagher:20210903:conti:db20680, author = {Sean Gallagher and Peter Mackenzie and Anand Ajjan and Andrew Ludgate and Gabor Szappanos and Sergio Bestulic and Syed Zaidi}, title = {{Conti affiliates use ProxyShell Exchange exploit in ransomware attacks}}, date = {2021-09-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/}, language = {English}, urldate = {2021-09-06} } Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-09-01SophosSean Gallagher, Yusuf Polat, Anand Ajjan, Andrew Brandt
@online{gallagher:20210901:fake:07752c0, author = {Sean Gallagher and Yusuf Polat and Anand Ajjan and Andrew Brandt}, title = {{Fake pirated software sites serve up malware droppers as a service}}, date = {2021-09-01}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/}, language = {English}, urldate = {2021-09-09} } Fake pirated software sites serve up malware droppers as a service
Raccoon
2021-08-27SophosMark Loman
@online{loman:20210827:lockfile:cc8483f, author = {Mark Loman}, title = {{LockFile ransomware’s box of tricks: intermittent encryption and evasion}}, date = {2021-08-27}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/27/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion/}, language = {English}, urldate = {2021-08-30} } LockFile ransomware’s box of tricks: intermittent encryption and evasion
LockFile
2021-08-23Sophos SecOpsGreg Iddon
@online{iddon:20210823:proxyshell:5568890, author = {Greg Iddon}, title = {{ProxyShell vulnerabilities in Microsoft Exchange: What to do}}, date = {2021-08-23}, organization = {Sophos SecOps}, url = {https://news.sophos.com/en-us/2021/08/23/proxyshell-vulnerabilities-in-microsoft-exchange-what-to-do/}, language = {English}, urldate = {2022-03-18} } ProxyShell vulnerabilities in Microsoft Exchange: What to do
LockFile
2021-08-12SophosGabor Szappanos, Andrew Brandt
@online{szappanos:20210812:gootloaders:84e3100, author = {Gabor Szappanos and Andrew Brandt}, title = {{Gootloader’s “mothership” controls malicious content}}, date = {2021-08-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/}, language = {English}, urldate = {2021-08-25} } Gootloader’s “mothership” controls malicious content
GootLoader