Malpedia Library

2021-03-01 ⋅ Sophos Labs ⋅ Andrew Brandt, Gabor Szappanos
“Gootloader” expands its payload delivery options
GootKit

2021-02-16 ⋅ SophosLabs Uncut ⋅ Peter Mackenzie, Tilly Travers
What to expect when you’ve been hit with Conti ransomware
Conti

2021-02-16 ⋅ SophosLabs Uncut ⋅ Anand Ajjan, Andrew Brandt
Conti ransomware: Evasive by nature
Conti

2021-02-16 ⋅ SophosLabs Uncut ⋅ Michael Heller
A Conti ransomware attack day-by-day
Conti

2021-02-03 ⋅ Sophos Managed Threat Response (MTR) ⋅ Greg Iddon
MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server
RagnarLocker

2021-01-26 ⋅ SophosLabs Uncut ⋅ Bill Kearney, David Anderson, Michael Heller, Peter Mackenzie, Sergio Bestulic
Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim

2021-01-21 ⋅ Sophos Labs ⋅ Andrew Brandt, Gabor Szappanos
MrbMiner: Cryptojacking to bypass international sanctions

2021-01-12 ⋅ Sophos ⋅ Andrew Brandt, Pankaj Kohli
New Android spyware targets users in Pakistan
PackChat

2020-12-21 ⋅ SophosLabs Uncut ⋅ SophosLabs Threat Research
How SunBurst malware does defense evasion
SUNBURST UNC2452

2020-12-16 ⋅ SophosLabs Uncut ⋅ Sean Gallagher, Sivagnanam Gn
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
SystemBC

2020-12-15 ⋅ Github (sophos-cybersecurity) ⋅ Sophos Cyber Security Team
solarwinds-threathunt
Cobalt Strike SUNBURST

2020-12-14 ⋅ Sophos ⋅ Ross McKerchar
Incident response playbook for responding to SolarWinds Orion compromise
SUNBURST

2020-12-14 ⋅ Sophos ⋅ Richard Harang
Sophos-ReversingLabs (SOREL) 20 Million sample malware dataset

2020-12-08 ⋅ Sophos ⋅ Anand Aijan, Bill Kearney, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Shahram
Egregor ransomware: Maze’s heir apparent
Egregor Maze

2020-11-18 ⋅ Sophos ⋅ Sophos
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world
Agent Tesla Dridex TrickBot Zloader

2020-11-04 ⋅ Sophos ⋅ Gabor Szappanos
A new APT uses DLL side-loads to “KilllSomeOne”
KilllSomeOne PlugX

2020-10-29 ⋅ Twitter (@SophosLabs) ⋅ SophosLabs
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader
Buer Ryuk

2020-10-28 ⋅ SophosLabs Uncut ⋅ Anand Ajjan, Bill Kearny, Brett Cove, Elida Leite, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Syed Shahram
Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader

2020-10-27 ⋅ Sophos Managed Threat Response (MTR) ⋅ Greg Iddon
MTR Casebook: An active adversary caught in the act
Cobalt Strike

2020-10-21 ⋅ SophosLabs Uncut ⋅ Sean Gallagher
LockBit uses automated attack tools to identify tasty targets
LockBit