Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-11SophosFerenc László Nagy, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Suriya Natarajan, Szabolcs Lévai, Yusuf Arslan Polat
A defender’s view inside a DarkSide ransomware attack
DarkSide
2021-05-06Sophos LabsBill Kearney, Kyle Link, Matthew Sharf, Peter Mackenzie, Tilly Travers
MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk
2021-05-05SophosLabs UncutAndrew Brandt, Gabor Szappanos, Peter Mackenzie, Vikas Singh
Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-04-22Twitter (@AltShiftPrtScn)Peter Mackenzie
Twwet On TTPs seen in IR used by DOPPEL SPIDER
Cobalt Strike DoppelPaymer
2021-04-20ElasticWill Burgess
How attackers abuse Access Token Manipulation (ATT&CK T1134)
2021-04-20IntezerJoakim Kennedy
HabitsRAT Used to Target Linux and Windows Servers
HabitsRAT
2021-04-20IntezerJoakim Kennedy
HabitsRAT Used to Target Linux and Windows Servers
HabitsRAT
2021-04-15U.S. Department of StateAntony J. Blinken
Holding Russia To Account
2021-04-09Trend MicroDaniel Lunghi, Kenney Lu
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
HyperBro HyperSSL APT27
2021-04-08Palo Alto Networks Unit 42Ashutosh Chitwadgi, Ken Hsu, Vaibhav Singhal
Attackers Conducting Cryptojacking Operation Against U.S. Education Organizations
2021-04-01Medium mikko-kenttalaMikko Kenttälä
Zero click vulnerability in Apple’s macOS Mail
2021-03-10IntezerAvigayil Mechtinger, Joakim Kennedy
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
RedXOR XOR DDoS
2021-03-02IntezerJoakim Kennedy
When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt?
QNAPCrypt SunCrypt
2021-02-25JPCERT/CCKen Sajo
Emotet Disruption and Outreach to Affected Users
Emotet
2021-02-16SophosLabs UncutPeter Mackenzie, Tilly Travers
What to expect when you’ve been hit with Conti ransomware
Conti
2021-02-05Silent PushKen
Behavior Clustering just got easier using new characteristics.
2021-01-26SophosLabs UncutBill Kearney, David Anderson, Michael Heller, Peter Mackenzie, Sergio Bestulic
Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim
2021-01-17Twitter (@AltShiftPrtScn)Peter Mackenzie
Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders
Cobalt Strike Conti
2021-01-04Cisco TalosAzim Khodjibaev, Dmytro Korzhevin, Kendall McKay
Interview with a LockBit ransomware operator
LockBit
2020-12-22PrevasioSergei Shevchenko
Sunburst Backdoor, Part III: DGA & Security Software (Broken Link)
SUNBURST