Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2024-10-31Sophos X-OpsAndrew Brandt, Ross McKerchar
Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
Asnarök Tstark
2023-02-06SophosAndrew Brandt
Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot
2022-12-13SophosAndreas Klopsch, Andrew Brandt
Signed driver malware moves up the software trust chain
KillAV
2022-11-30SophosAndrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-07-14SophosAndrew Brandt, Andy French, Bill Kearney, Elida Leite, Harinder Bhathal, Lee Kirkpatrick, Peter Mackenzie, Robert Weiland, Sergio Bestulic
BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-06-16SophosLabs UncutAndrew Brandt
Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-02-23SophosLabs UncutAndrew Brandt
Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy
2022-02-23SophosAbhijit Gupta, Anand Ajjan, Andrew Brandt, Colin Cowie, Felix Weyne, Rahil Shah, Steven Lott, Syed Zaidi, Vikas Singh, Xiaochuan Zhang
Dridex bots deliver Entropy ransomware in recent attacks
Entropy
2022-01-25SophosAndrew Brandt
Windows services lay the groundwork for a Midas ransomware attack
Midas
2022-01-25SophosAndrew Brandt, Jason Jenkins
Windows services lay the groundwork for a Midas ransomware attack
2021-12-22SophosAnand Ajjan, Andrew Brandt, Ferenc László Nagy, Fraser Howard, Peter Mackenzie, Sergio Bestulic, Timothy Easton
Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-21SophosAndrew Brandt, Stephen Ormandy
Attackers test “CAB-less 40444” exploit in a dry run
2021-11-11SophosLabs UncutAndrew Brandt
BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
BazarBackdoor
2021-10-05SophosAndrew Brandt, Andrew O’Donnell, Mauricio Valdivieso, Rajesh Nataraj
Python ransomware script targets ESXi server for encryption
2021-09-21SophosAndrew Brandt, Chaitanya Ghorpade, Krisztián Diriczi, Shefali Gupta, Vikas Singh
Cring ransomware group exploits ancient ColdFusion server
Cobalt Strike Cring
2021-09-01SophosAnand Ajjan, Andrew Brandt, Sean Gallagher, Yusuf Polat
Fake pirated software sites serve up malware droppers as a service
Raccoon
2021-08-12SophosAndrew Brandt, Gabor Szappanos
Gootloader’s “mothership” controls malicious content
GootLoader
2021-07-22SophosAndrew Brandt, Sean Gallagher
Malware increasingly targets Discord for abuse
2021-06-17SophosAndrew Brandt
Vigilante malware rats out software pirates while blocking ThePirateBay