Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-09SophosMark Loman
@online{loman:20210809:blackmatter:d7606f3, author = {Mark Loman}, title = {{BlackMatter ransomware emerges from the shadow of DarkSide}}, date = {2021-08-09}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/09/blackmatter-ransomware-emerges-from-the-shadow-of-darkside/}, language = {English}, urldate = {2021-08-25} } BlackMatter ransomware emerges from the shadow of DarkSide
BlackMatter BlackMatter
2021-08-06Sophos Naked SecurityPaul Ducklin
@online{ducklin:20210806:conti:9bcfb85, author = {Paul Ducklin}, title = {{Conti ransomware affiliate goes rogue, leaks “gang data”}}, date = {2021-08-06}, organization = {Sophos Naked Security}, url = {https://nakedsecurity.sophos.com/2021/08/06/conti-ransomware-affiliate-goes-rogue-leaks-company-data/}, language = {English}, urldate = {2022-03-18} } Conti ransomware affiliate goes rogue, leaks “gang data”
Conti
2021-08-03SophosYusuf Arslan Polat, Sean Gallagher
@online{polat:20210803:trash:6611883, author = {Yusuf Arslan Polat and Sean Gallagher}, title = {{Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more}}, date = {2021-08-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/}, language = {English}, urldate = {2021-08-06} } Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
Raccoon
2021-07-22SophosSean Gallagher, Andrew Brandt
@online{gallagher:20210722:malware:ca3a4e3, author = {Sean Gallagher and Andrew Brandt}, title = {{Malware increasingly targets Discord for abuse}}, date = {2021-07-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse}, language = {English}, urldate = {2021-07-27} } Malware increasingly targets Discord for abuse
2021-07-09Twitter (@SophosLabs)SophosLabs
@online{sophoslabs:20210709:speed:6f279b2, author = {SophosLabs}, title = {{Tweet on speed at which Kaseya REvil attack was conducted}}, date = {2021-07-09}, organization = {Twitter (@SophosLabs)}, url = {https://twitter.com/SophosLabs/status/1413616952313004040?s=20}, language = {English}, urldate = {2021-07-24} } Tweet on speed at which Kaseya REvil attack was conducted
REvil
2021-07-05Twitter (@SophosLabs)SophosLabs
@online{sophoslabs:20210705:with:d8dc444, author = {SophosLabs}, title = {{Tweet with a REvil ransomware execution demo}}, date = {2021-07-05}, organization = {Twitter (@SophosLabs)}, url = {https://twitter.com/SophosLabs/status/1412056467201462276}, language = {English}, urldate = {2021-07-26} } Tweet with a REvil ransomware execution demo
REvil
2021-07-04SophosMark Loman, Sean Gallagher, Anand Ajjan
@online{loman:20210704:independence:56ff257, author = {Mark Loman and Sean Gallagher and Anand Ajjan}, title = {{Independence Day: REvil uses supply chain exploit to attack hundreds of businesses}}, date = {2021-07-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses}, language = {English}, urldate = {2021-07-26} } Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
REvil
2021-06-30SophosTilly Travers
@online{travers:20210630:mtr:d2dae6b, author = {Tilly Travers}, title = {{MTR in Real Time: Hand-to-hand combat with REvil ransomware chasing a $2.5 million pay day}}, date = {2021-06-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/06/30/mtr-in-real-time-hand-to-hand-combat-with-revil-ransomware-chasing-a-2-5-million-pay-day/}, language = {English}, urldate = {2021-07-02} } MTR in Real Time: Hand-to-hand combat with REvil ransomware chasing a $2.5 million pay day
REvil
2021-06-30Sophos SecOpsTilly Travers
@online{travers:20210630:what:23df406, author = {Tilly Travers}, title = {{What to expect when you’ve been hit with REvil ransomware}}, date = {2021-06-30}, organization = {Sophos SecOps}, url = {https://news.sophos.com/en-us/2021/06/30/what-to-expect-when-youve-been-hit-with-revil-ransomware/}, language = {English}, urldate = {2022-03-18} } What to expect when you’ve been hit with REvil ransomware
REvil
2021-06-17SophosAndrew Brandt
@online{brandt:20210617:vigilante:d05c7d7, author = {Andrew Brandt}, title = {{Vigilante malware rats out software pirates while blocking ThePirateBay}}, date = {2021-06-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/06/17/vigilante-antipiracy-malware/}, language = {English}, urldate = {2021-06-21} } Vigilante malware rats out software pirates while blocking ThePirateBay
2021-06-11SophosLabs UncutAndrew Brandt, Anand Ajjan, Hajnalka Kope, Mark Loman, Peter Mackenzie
@online{brandt:20210611:relentless:56d5133, author = {Andrew Brandt and Anand Ajjan and Hajnalka Kope and Mark Loman and Peter Mackenzie}, title = {{Relentless REvil, revealed: RaaS as variable as the criminals who use it}}, date = {2021-06-11}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/06/11/relentless-revil-revealed/}, language = {English}, urldate = {2021-06-16} } Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil
2021-06-02SophosSean Gallagher
@online{gallagher:20210602:amsi:084d0ba, author = {Sean Gallagher}, title = {{AMSI bypasses remain tricks of the malware trade}}, date = {2021-06-02}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/06/02/amsi-bypasses-remain-tricks-of-the-malware-trade/}, language = {English}, urldate = {2021-06-09} } AMSI bypasses remain tricks of the malware trade
Agent Tesla Cobalt Strike Meterpreter
2021-05-28SophosLabs UncutAndrew Brandt
@online{brandt:20210528:new:4d0e375, author = {Andrew Brandt}, title = {{A new ransomware enters the fray: Epsilon Red}}, date = {2021-05-28}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/28/epsilonred/}, language = {English}, urldate = {2021-06-07} } A new ransomware enters the fray: Epsilon Red
Epsilon Red
2021-05-18SophosJohn Shier, Mat Gangwer, Greg Iddon, Peter Mackenzie
@online{shier:20210518:active:f313ac5, author = {John Shier and Mat Gangwer and Greg Iddon and Peter Mackenzie}, title = {{The Active Adversary Playbook 2021}}, date = {2021-05-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/05/18/the-active-adversary-playbook-2021/?cmp=37153}, language = {English}, urldate = {2021-05-25} } The Active Adversary Playbook 2021
Cobalt Strike MimiKatz
2021-05-11SophosSean Gallagher, Mark Loman, Peter Mackenzie, Yusuf Arslan Polat, Gabor Szappanos, Suriya Natarajan, Szabolcs Lévai, Ferenc László Nagy
@online{gallagher:20210511:defenders:a4c7f9c, author = {Sean Gallagher and Mark Loman and Peter Mackenzie and Yusuf Arslan Polat and Gabor Szappanos and Suriya Natarajan and Szabolcs Lévai and Ferenc László Nagy}, title = {{A defender’s view inside a DarkSide ransomware attack}}, date = {2021-05-11}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/05/11/a-defenders-view-inside-a-darkside-ransomware-attack/}, language = {English}, urldate = {2021-05-13} } A defender’s view inside a DarkSide ransomware attack
DarkSide
2021-05-07SophosLabs UncutRajesh Nataraj
@online{nataraj:20210507:new:79ec788, author = {Rajesh Nataraj}, title = {{New Lemon Duck variants exploiting Microsoft Exchange Server}}, date = {2021-05-07}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/07/new-lemon-duck-variants-exploiting-microsoft-exchange-server/?cmp=30728}, language = {English}, urldate = {2022-02-16} } New Lemon Duck variants exploiting Microsoft Exchange Server
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-06Sophos LabsTilly Travers, Bill Kearney, Kyle Link, Peter Mackenzie, Matthew Sharf
@online{travers:20210506:mtr:1f2feb4, author = {Tilly Travers and Bill Kearney and Kyle Link and Peter Mackenzie and Matthew Sharf}, title = {{MTR in Real Time: Pirates pave way for Ryuk ransomware}}, date = {2021-05-06}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/05/06/mtr-in-real-time-pirates-pave-way-for-ryuk-ransomware/}, language = {English}, urldate = {2021-05-13} } MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk
2021-05-05SophosLabs UncutAndrew Brandt, Peter Mackenzie, Vikas Singh, Gabor Szappanos
@online{brandt:20210505:intervention:f548dee, author = {Andrew Brandt and Peter Mackenzie and Vikas Singh and Gabor Szappanos}, title = {{Intervention halts a ProxyLogon-enabled attack}}, date = {2021-05-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/05/intervention-halts-a-proxylogon-enabled-attack}, language = {English}, urldate = {2021-05-07} } Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-04-21SophosLabs UncutSean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt
@online{gallagher:20210421:nearly:53964a7, author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt}, title = {{Nearly half of malware now use TLS to conceal communications}}, date = {2021-04-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/}, language = {English}, urldate = {2021-04-28} } Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2021-04-15SophosLabs UncutAndrew Brandt
@online{brandt:20210415:bazarloader:93400a1, author = {Andrew Brandt}, title = {{BazarLoader deploys a pair of novel spam vectors}}, date = {2021-04-15}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/15/bazarloader-deploys-a-pair-of-novel-spam-vectors}, language = {English}, urldate = {2021-04-16} } BazarLoader deploys a pair of novel spam vectors
BazarBackdoor