Malpedia Library

Click here to download all references as Bib-File.•

2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365
Lorenz

2021-07-21 ⋅ ⋅ TEAMT5 ⋅ Jason3e7, Peter, Tom
"Le" is not tired of this, IE is really naughty
Magniber

2021-07-21 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment
Conti

2021-07-19 ⋅ Minister for Foreign Affairs of Australia ⋅ Karen Andrews, Peter Dutton
Australia joins international partners in attribution of malicious cyber activity to China
APT31 APT40 HAFNIUM

2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
A thread on RagnarLocker ransomware group's TTP seen in an Incident Response
Cobalt Strike RagnarLocker

2021-06-11 ⋅ SophosLabs Uncut ⋅ Anand Ajjan, Andrew Brandt, Hajnalka Kope, Mark Loman, Peter Mackenzie
Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil

2021-05-18 ⋅ Sophos ⋅ Greg Iddon, John Shier, Mat Gangwer, Peter Mackenzie
The Active Adversary Playbook 2021
Cobalt Strike MimiKatz

2021-05-11 ⋅ Sophos ⋅ Ferenc László Nagy, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Suriya Natarajan, Szabolcs Lévai, Yusuf Arslan Polat
A defender’s view inside a DarkSide ransomware attack
DarkSide

2021-05-06 ⋅ Sophos Labs ⋅ Bill Kearney, Kyle Link, Matthew Sharf, Peter Mackenzie, Tilly Travers
MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk

2021-05-05 ⋅ SophosLabs Uncut ⋅ Andrew Brandt, Gabor Szappanos, Peter Mackenzie, Vikas Singh
Intervention halts a ProxyLogon-enabled attack
Cobalt Strike

2021-04-22 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Twwet On TTPs seen in IR used by DOPPEL SPIDER
Cobalt Strike DoppelPaymer

2021-02-16 ⋅ SophosLabs Uncut ⋅ Peter Mackenzie, Tilly Travers
What to expect when you’ve been hit with Conti ransomware
Conti

2021-01-26 ⋅ SophosLabs Uncut ⋅ Bill Kearney, David Anderson, Michael Heller, Peter Mackenzie, Sergio Bestulic
Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim

2021-01-17 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter Mackenzie
Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders
Cobalt Strike Conti

2020-12-21 ⋅ IronNet ⋅ Peter Rydzynski
SolarWinds/SUNBURST: DGA or DNS Tunneling?
SUNBURST

2020-12-08 ⋅ Sophos ⋅ Anand Aijan, Bill Kearney, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Shahram
Egregor ransomware: Maze’s heir apparent
Egregor Maze

2020-11-16 ⋅ ESET Research ⋅ Anton Cherepanov, Peter Kálnai
Lazarus supply‑chain attack in South Korea
BookCodes RAT Lazarus Group

2020-10-28 ⋅ SophosLabs Uncut ⋅ Anand Ajjan, Bill Kearny, Brett Cove, Elida Leite, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Syed Shahram
Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader

2020-09-17 ⋅ SophosLabs Uncut ⋅ Andrew Brandt, Peter Mackenzie
Maze attackers adopt Ragnar Locker virtual machine technique
Maze

2020-07-11 ⋅ Trustwave ⋅ Peter Evans, Rodel Mendrez
Injecting Magecart into Magento Global Config
magecart