Malpedia Library

2021-07-04 ⋅ Sophos ⋅ Anand Ajjan, Mark Loman, Sean Gallagher
Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
REvil

2021-06-30 ⋅ Sophos SecOps ⋅ Tilly Travers
What to expect when you’ve been hit with REvil ransomware
REvil

2021-06-30 ⋅ Sophos ⋅ Tilly Travers
MTR in Real Time: Hand-to-hand combat with REvil ransomware chasing a $2.5 million pay day
REvil

2021-06-17 ⋅ Sophos ⋅ Andrew Brandt
Vigilante malware rats out software pirates while blocking ThePirateBay

2021-06-11 ⋅ SophosLabs Uncut ⋅ Anand Ajjan, Andrew Brandt, Hajnalka Kope, Mark Loman, Peter Mackenzie
Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil

2021-06-02 ⋅ Sophos ⋅ Sean Gallagher
AMSI bypasses remain tricks of the malware trade
Agent Tesla Cobalt Strike Meterpreter

2021-05-28 ⋅ SophosLabs Uncut ⋅ Andrew Brandt
A new ransomware enters the fray: Epsilon Red
Epsilon Red

2021-05-18 ⋅ Sophos ⋅ Greg Iddon, John Shier, Mat Gangwer, Peter Mackenzie
The Active Adversary Playbook 2021
Cobalt Strike MimiKatz

2021-05-11 ⋅ Sophos ⋅ Ferenc László Nagy, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Suriya Natarajan, Szabolcs Lévai, Yusuf Arslan Polat
A defender’s view inside a DarkSide ransomware attack
DarkSide

2021-05-07 ⋅ SophosLabs Uncut ⋅ Rajesh Nataraj
New Lemon Duck variants exploiting Microsoft Exchange Server
CHINACHOPPER Cobalt Strike Lemon Duck

2021-05-06 ⋅ Sophos Labs ⋅ Bill Kearney, Kyle Link, Matthew Sharf, Peter Mackenzie, Tilly Travers
MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk

2021-05-05 ⋅ SophosLabs Uncut ⋅ Andrew Brandt, Gabor Szappanos, Peter Mackenzie, Vikas Singh
Intervention halts a ProxyLogon-enabled attack
Cobalt Strike

2021-04-21 ⋅ SophosLabs Uncut ⋅ Anand Aijan, Andrew Brandt, Markel Picado, Michael Wood, Sean Gallagher, Sivagnanam Gn, Suriya Natarajan
Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC

2021-04-15 ⋅ SophosLabs Uncut ⋅ Andrew Brandt
BazarLoader deploys a pair of novel spam vectors
BazarBackdoor

2021-04-13 ⋅ SophosLabs Uncut ⋅ Andrew Brandt
Compromised Exchange server hosting cryptojacker targeting other Exchange servers

2021-03-31 ⋅ Sophos ⋅ Michael Heller
Sophos MTR in Real Time: What is Astro Locker Team?
Mount Locker

2021-03-24 ⋅ SophosLabs Uncut ⋅ Mark Loman
Black Kingdom ransomware begins appearing on Exchange servers

2021-03-23 ⋅ Sophos ⋅ Mark Loman
Black Kingdom ransomware begins appearing on Exchange servers
BlackKingdom Ransomware

2021-03-15 ⋅ Sophos Labs ⋅ Mark Loman
DearCry ransomware attacks exploit Exchange server vulnerabilities
dearcry WannaCryptor

2021-03-05 ⋅ Sophos ⋅ SOPHOS MTR
HAFNIUM: Advice about the new nation-state attack