Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-14SophosRichard Harang
Sophos-ReversingLabs (SOREL) 20 Million sample malware dataset
2020-12-08SophosAnand Aijan, Bill Kearney, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Sergio Bestulic, Syed Shahram
Egregor ransomware: Maze’s heir apparent
Egregor Maze
2020-11-18SophosSophos
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world
Agent Tesla Dridex TrickBot Zloader
2020-11-04SophosGabor Szappanos
A new APT uses DLL side-loads to “KilllSomeOne”
KilllSomeOne PlugX
2020-10-29Twitter (@SophosLabs)SophosLabs
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader
Buer Ryuk
2020-10-28SophosLabs UncutAnand Ajjan, Bill Kearny, Brett Cove, Elida Leite, Gabor Szappanos, Peter Mackenzie, Sean Gallagher, Syed Shahram
Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader
2020-10-27Sophos Managed Threat Response (MTR)Greg Iddon
MTR Casebook: An active adversary caught in the act
Cobalt Strike
2020-10-21SophosLabs UncutSean Gallagher
LockBit uses automated attack tools to identify tasty targets
LockBit
2020-10-14SophosSean Gallagher
They’re back: inside a new Ryuk ransomware attack
Cobalt Strike Ryuk SystemBC
2020-09-24SophosLabsSophosLabs
Email-delivered MoDi RAT attack pastes PowerShell commands
MoDi RAT
2020-09-24SophosLabs UncutAndrew Brandt, Andrew O'Donnell, Fraser Howard
Email-delivered MoDi RAT attack pastes PowerShell commands
DBatLoader
2020-09-22Sophos SecOpsGreg Iddon
MTR Casebook: Blocking a $15 million Maze ransomware attack
Maze
2020-09-17SophosLabs UncutAndrew Brandt, Peter Mackenzie
Maze attackers adopt Ragnar Locker virtual machine technique
Maze
2020-08-12SophosLabs UncutSean Gallagher
Color by numbers: inside a Dharma ransomware-as-a-service attack
Dharma
2020-08-04SophosLabs UncutAnand Ajjan, Mark Loman
WastedLocker’s techniques point to a familiar heritage
WastedLocker
2020-07-29Sophos LabsAndrew Brandt
Emotet’s return is the canary in the coal mine
Emotet
2020-07-27Sophos LabsSean Gallagher
ProLock ransomware gives you the first 8 kilobytes of decryption for free
PwndLocker
2020-07-14SophosLabs UncutMarkel Picado, Sean Gallagher
RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
LokiBot BetaBot CloudEyE NetWire RC
2020-06-24Sophos Naked SecurityPaul Ducklin
Glupteba - the malware that gets secret messages from the Bitcoin blockchain
Glupteba
2020-06-24Sophos LabsAndrew Brandt
Glupteba malware hides in plain sight
Glupteba