Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-14SophosAlexander Giles
Rapid Response: The Ngrok Incident Guide
2022-07-14SophosAndrew Brandt, Andy French, Bill Kearney, Elida Leite, Harinder Bhathal, Lee Kirkpatrick, Peter Mackenzie, Robert Weiland, Sergio Bestulic
BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-06-16SophosLabs UncutAndrew Brandt
Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver DriftingCloud
2022-05-04SophosAndreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-03-17SophosTilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-02-28SophosSean Gallagher
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2022-02-23SophosLabs UncutAndrew Brandt
Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy
2022-02-23SophosAbhijit Gupta, Anand Ajjan, Andrew Brandt, Colin Cowie, Felix Weyne, Rahil Shah, Steven Lott, Syed Zaidi, Vikas Singh, Xiaochuan Zhang
Dridex bots deliver Entropy ransomware in recent attacks
Entropy
2022-02-22SophosChester Wisniewski
Cyberthreats during Russian-Ukrainian tensions: what can we learn from history to be prepared?
Conti
2022-02-15SophosMatthew Everts, Stephen McNally
Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
Squirrelwaffle
2022-02-01SophosGabor Szappanos, Sean Gallagher
SolarMarker campaign used novel registry changes to establish persistence
solarmarker
2022-01-25SophosAndrew Brandt
Windows services lay the groundwork for a Midas ransomware attack
Midas
2022-01-25SophosAndrew Brandt, Jason Jenkins
Windows services lay the groundwork for a Midas ransomware attack
2022-01-24SophosChester Wisniewski
Log4Shell: No Mass Abuse, But No Respite, What Happened?
2022-01-19SophosColin Cowie, Mat Gangwer, Sophos MTR Team, Stan Andic
Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
Cobalt Strike Zloader
2021-12-22SophosAnand Ajjan, Andrew Brandt, Ferenc László Nagy, Fraser Howard, Peter Mackenzie, Sergio Bestulic, Timothy Easton
Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-21SophosAndrew Brandt, Stephen Ormandy
Attackers test “CAB-less 40444” exploit in a dry run
2021-12-20SophosSean Gallagher
Logjam: Log4j exploit attempts continue in globally distributed scans, attacks