Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2021-12-22SophosAnand Ajjan, Andrew Brandt, Ferenc László Nagy, Fraser Howard, Peter Mackenzie, Sergio Bestulic, Timothy Easton
Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-20IronNetBrent Eskridge, Michael Leardi, Peter Rydzynski
Detecting anomalous network traffic resulting from a successful Log4j attack
2021-12-16TEAMT5Aragorn Tseng, Charles Li, Peter Syu, Tom Lai
Winnti is Coming - Evolution after Prosecution
Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder
2021-12-02Palo Alto Networks Unit 42Peter Renals, Robert Falcone
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
Godzilla Webshell
2021-11-29CertitudePeter Wagner
Unpatched Exchange Servers distribute Phishing Links (SquirrelWaffle)
Squirrelwaffle
2021-11-16IronNetIronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware
Cobalt Strike Conti IcedID REvil
2021-11-07Palo Alto Networks Unit 42Jeff White, Peter Renals, Robert Falcone
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
Godzilla Webshell NGLite
2021-10-12IronNetBrett Fitzpatrick, IronNet Threat Research, Joey Fitzpatrick, Morgan Demboski, Peter Rydzynski
Continued Exploitation of CVE-2021-26084
2021-10-07Aragorn Tseng, Charles Li, Peter Syu, Tom Lai
Evolution after prosecution : Psychedelic APT41
Dizzyvoid
2021-10-07Palo Alto Networks Unit 42Peter Renals
SilverTerrier – Nigerian Business Email Compromise
2021-09-29Trend MicroAliakbar Zahravi, Kamlapati Choubey, Peter Girnus, William Gamazo Sanchez
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Formbook
2021-09-03SophosAnand Ajjan, Andrew Ludgate, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Zaidi
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access
Conti
2021-08-05Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365
Lorenz
2021-07-21TEAMT5Jason3e7, Peter, Tom
"Le" is not tired of this, IE is really naughty
Magniber
2021-07-21Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment
Conti
2021-07-19Minister for Foreign Affairs of AustraliaKaren Andrews, Peter Dutton
Australia joins international partners in attribution of malicious cyber activity to China
APT31 APT40 HAFNIUM
2021-06-12Twitter (@AltShiftPrtScn)Peter Mackenzie
A thread on RagnarLocker ransomware group's TTP seen in an Incident Response
Cobalt Strike RagnarLocker
2021-06-11SophosLabs UncutAnand Ajjan, Andrew Brandt, Hajnalka Kope, Mark Loman, Peter Mackenzie
Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil