Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-09-24SophosLabs UncutAndrew Brandt, Andrew O'Donnell, Fraser Howard
@online{brandt:20200924:emaildelivered:742cfe6, author = {Andrew Brandt and Andrew O'Donnell and Fraser Howard}, title = {{Email-delivered MoDi RAT attack pastes PowerShell commands}}, date = {2020-09-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/09/24/email-delivered-modi-rat-attack-pastes-powershell-commands}, language = {English}, urldate = {2020-09-25} } Email-delivered MoDi RAT attack pastes PowerShell commands
DBatLoader
2020-09-17SophosLabs UncutAndrew Brandt, Peter Mackenzie
@online{brandt:20200917:maze:714f603, author = {Andrew Brandt and Peter Mackenzie}, title = {{Maze attackers adopt Ragnar Locker virtual machine technique}}, date = {2020-09-17}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/}, language = {English}, urldate = {2020-09-21} } Maze attackers adopt Ragnar Locker virtual machine technique
Maze
2020-08-12SophosLabs UncutSean Gallagher
@online{gallagher:20200812:color:9deb334, author = {Sean Gallagher}, title = {{Color by numbers: inside a Dharma ransomware-as-a-service attack}}, date = {2020-08-12}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-ransomware-as-a-service-attack/}, language = {English}, urldate = {2022-03-18} } Color by numbers: inside a Dharma ransomware-as-a-service attack
Dharma
2020-08-04SophosLabs UncutMark Loman, Anand Ajjan
@online{loman:20200804:wastedlockers:753972a, author = {Mark Loman and Anand Ajjan}, title = {{WastedLocker’s techniques point to a familiar heritage}}, date = {2020-08-04}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/08/04/wastedlocker-techniques-point-to-a-familiar-heritage/}, language = {English}, urldate = {2022-03-22} } WastedLocker’s techniques point to a familiar heritage
WastedLocker
2020-07-14SophosLabs UncutMarkel Picado, Sean Gallagher
@online{picado:20200714:raticate:85d260a, author = {Markel Picado and Sean Gallagher}, title = {{RATicate upgrades “RATs as a Service” attacks with commercial “crypter”}}, date = {2020-07-14}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/07/14/raticate-rats-as-service-with-commercial-crypter/?cmp=30728}, language = {English}, urldate = {2020-07-15} } RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
LokiBot BetaBot CloudEyE NetWire RC
2020-05-21SophosSophosLabs Uncut
@online{uncut:20200521:asnark:e0bcbbc, author = {SophosLabs Uncut}, title = {{Asnarök attackers twice modified attack midstream}}, date = {2020-05-21}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/05/21/asnarok2/}, language = {German}, urldate = {2021-05-04} } Asnarök attackers twice modified attack midstream
NOTROBIN Ragnarok
2020-05-21SophosSophosLabs Uncut
@online{uncut:20200521:ragnar:446eb50, author = {SophosLabs Uncut}, title = {{Ragnar Locker ransomware deploys virtual machine to dodge security}}, date = {2020-05-21}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/}, language = {English}, urldate = {2020-05-23} } Ragnar Locker ransomware deploys virtual machine to dodge security
RagnarLocker
2020-05-12SophosLabs UncutSophos
@online{sophos:20200512:maze:5552394, author = {Sophos}, title = {{Maze ransomware: extorting victims for 1 year and counting}}, date = {2020-05-12}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/05/12/maze-ransomware-1-year-counting/}, language = {English}, urldate = {2022-03-18} } Maze ransomware: extorting victims for 1 year and counting
Maze
2019-12-09SophosLabs UncutAndrew Brandt
@online{brandt:20191209:snatch:a8f2825, author = {Andrew Brandt}, title = {{Snatch ransomware reboots PCs into Safe Mode to bypass protection}}, date = {2019-12-09}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/}, language = {English}, urldate = {2022-03-18} } Snatch ransomware reboots PCs into Safe Mode to bypass protection
Snatch
2019-09-18SophosLabs UncutPeter Mackenzie
@online{mackenzie:20190918:wannacry:7aeb8e1, author = {Peter Mackenzie}, title = {{The WannaCry hangover}}, date = {2019-09-18}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/09/18/the-wannacry-hangover/}, language = {English}, urldate = {2022-03-18} } The WannaCry hangover
WannaCryptor
2019-05-24SophosLabs UncutAndrew Brandt
@online{brandt:20190524:directed:1164fdf, author = {Andrew Brandt}, title = {{Directed attacks against MySQL servers deliver ransomware}}, date = {2019-05-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/05/24/gandcrab-spreading-via-directed-attacks-against-mysql-servers/}, language = {English}, urldate = {2022-03-18} } Directed attacks against MySQL servers deliver ransomware
Gandcrab
2019-05-10SophosLabs UncutAndrew Brandt
@online{brandt:20190510:megacortex:6b7c935, author = {Andrew Brandt}, title = {{MegaCortex, deconstructed: mysteries mount as analysis continues}}, date = {2019-05-10}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/05/10/megacortex-deconstructed-mysteries-mount-as-analysis-continues/}, language = {English}, urldate = {2022-03-18} } MegaCortex, deconstructed: mysteries mount as analysis continues
MegaCortex
2019-03-05SophosLabs UncutLuca Nagy, Suriya Natarajan, Vikas Singh
@online{nagy:20190305:gandcrab:1ed654f, author = {Luca Nagy and Suriya Natarajan and Vikas Singh}, title = {{GandCrab 101: All about the most widely distributed ransomware of the moment}}, date = {2019-03-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/03/05/gandcrab-101-all-about-the-most-widely-distributed-ransomware-of-the-moment/}, language = {English}, urldate = {2022-03-18} } GandCrab 101: All about the most widely distributed ransomware of the moment
Gandcrab
2019-01-30SophosLabs UncutAndrew Brandt
@online{brandt:20190130:matrix:1dc1113, author = {Andrew Brandt}, title = {{Matrix: Targeted, small scale, canary in the coalmine ransomware}}, date = {2019-01-30}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2019/01/30/matrix-targeted-small-scale-canary-in-the-coal-mine-ransomware/}, language = {English}, urldate = {2022-03-18} } Matrix: Targeted, small scale, canary in the coalmine ransomware
Matrix Ransom
2018-11-29SophosLabs UncutAndrew Brandt
@online{brandt:20181129:how:a840588, author = {Andrew Brandt}, title = {{How a SamSam-like attack happens, and what you can do about it}}, date = {2018-11-29}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2018/11/29/how-a-samsam-like-attack-happens-and-what-you-can-do-about-it/}, language = {English}, urldate = {2022-03-18} } How a SamSam-like attack happens, and what you can do about it
SamSam
2018-07-31SophosLabs UncutAndrew Brandt
@online{brandt:20180731:samsam:68f06ce, author = {Andrew Brandt}, title = {{SamSam guide to coverage}}, date = {2018-07-31}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2018/07/31/samsam-guide-to-coverage/}, language = {English}, urldate = {2022-03-18} } SamSam guide to coverage
SamSam
2018-07-31SophosLabs UncutAndrew Brandt
@online{brandt:20180731:sophos:908af44, author = {Andrew Brandt}, title = {{Sophos releases SamSam ransomware report}}, date = {2018-07-31}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2018/07/31/sophoslabs-releases-samsam-ransomware-report/}, language = {English}, urldate = {2022-03-18} } Sophos releases SamSam ransomware report
SamSam