Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-06SophosAndrew Brandt
@online{brandt:20230206:qakbot:e85e83f, author = {Andrew Brandt}, title = {{Qakbot mechanizes distribution of malicious OneNote notebooks}}, date = {2023-02-06}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/}, language = {English}, urldate = {2023-02-13} } Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot
2022-12-13SophosAndreas Klopsch, Andrew Brandt
@online{klopsch:20221213:signed:9d26a63, author = {Andreas Klopsch and Andrew Brandt}, title = {{Signed driver malware moves up the software trust chain}}, date = {2022-12-13}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/}, language = {English}, urldate = {2023-09-13} } Signed driver malware moves up the software trust chain
KillAV
2022-11-30SophosAndrew Brandt
@online{brandt:20221130:lockbit:7d7598f, author = {Andrew Brandt}, title = {{LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling}}, date = {2022-11-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/}, language = {English}, urldate = {2022-12-02} } LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-07-14SophosAndrew Brandt, Sergio Bestulic, Harinder Bhathal, Andy French, Bill Kearney, Lee Kirkpatrick, Elida Leite, Peter Mackenzie, Robert Weiland
@online{brandt:20220714:blackcat:745470a, author = {Andrew Brandt and Sergio Bestulic and Harinder Bhathal and Andy French and Bill Kearney and Lee Kirkpatrick and Elida Leite and Peter Mackenzie and Robert Weiland}, title = {{BlackCat ransomware attacks not merely a byproduct of bad luck}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/}, language = {English}, urldate = {2022-07-25} } BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-06-16SophosLabs UncutAndrew Brandt
@online{brandt:20220616:confluence:0bbf8de, author = {Andrew Brandt}, title = {{Confluence exploits used to drop ransomware on vulnerable servers}}, date = {2022-06-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/06/16/confluence-exploits-used-to-drop-ransomware-on-vulnerable-servers/}, language = {English}, urldate = {2022-06-17} } Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-02-23SophosAndrew Brandt, Anand Ajjan, Colin Cowie, Abhijit Gupta, Steven Lott, Rahil Shah, Vikas Singh, Felix Weyne, Syed Zaidi, Xiaochuan Zhang
@online{brandt:20220223:dridex:51a6f80, author = {Andrew Brandt and Anand Ajjan and Colin Cowie and Abhijit Gupta and Steven Lott and Rahil Shah and Vikas Singh and Felix Weyne and Syed Zaidi and Xiaochuan Zhang}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/?cmp=30728}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Entropy
2022-02-23SophosLabs UncutAndrew Brandt
@online{brandt:20220223:dridex:c1d4784, author = {Andrew Brandt}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy
2022-01-25SophosAndrew Brandt, Jason Jenkins
@online{brandt:20220125:windows:d134759, author = {Andrew Brandt and Jason Jenkins}, title = {{Windows services lay the groundwork for a Midas ransomware attack}}, date = {2022-01-25}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/25/windows-services-lay-the-groundwork-for-a-midas-ransomware-attack/?cmp=30728}, language = {English}, urldate = {2022-01-28} } Windows services lay the groundwork for a Midas ransomware attack
2022-01-25SophosAndrew Brandt
@online{brandt:20220125:windows:7d316fb, author = {Andrew Brandt}, title = {{Windows services lay the groundwork for a Midas ransomware attack}}, date = {2022-01-25}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/25/windows-services-lay-the-groundwork-for-a-midas-ransomware-attack/}, language = {English}, urldate = {2022-03-30} } Windows services lay the groundwork for a Midas ransomware attack
Midas
2021-12-22SophosAndrew Brandt, Fraser Howard, Anand Ajjan, Peter Mackenzie, Ferenc László Nagy, Sergio Bestulic, Timothy Easton
@online{brandt:20211222:avos:b09298c, author = {Andrew Brandt and Fraser Howard and Anand Ajjan and Peter Mackenzie and Ferenc László Nagy and Sergio Bestulic and Timothy Easton}, title = {{Avos Locker remotely accesses boxes, even running in Safe Mode}}, date = {2021-12-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/22/avos-locker-remotely-accesses-boxes-even-running-in-safe-mode/}, language = {English}, urldate = {2021-12-31} } Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker
2021-12-21SophosAndrew Brandt, Stephen Ormandy
@online{brandt:20211221:attackers:a529ed2, author = {Andrew Brandt and Stephen Ormandy}, title = {{Attackers test “CAB-less 40444” exploit in a dry run}}, date = {2021-12-21}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/}, language = {English}, urldate = {2021-12-31} } Attackers test “CAB-less 40444” exploit in a dry run
2021-11-11SophosLabs UncutAndrew Brandt
@online{brandt:20211111:bazarloader:9328545, author = {Andrew Brandt}, title = {{BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism}}, date = {2021-11-11}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/11/11/bazarloader-call-me-back-attack-abuses-windows-10-apps-mechanism/}, language = {English}, urldate = {2021-11-12} } BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
BazarBackdoor
2021-10-05SophosAndrew Brandt, Rajesh Nataraj, Andrew O’Donnell, Mauricio Valdivieso
@online{brandt:20211005:python:61cd49c, author = {Andrew Brandt and Rajesh Nataraj and Andrew O’Donnell and Mauricio Valdivieso}, title = {{Python ransomware script targets ESXi server for encryption}}, date = {2021-10-05}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/05/python-ransomware-script-targets-esxi-server-for-encryption/}, language = {English}, urldate = {2021-10-11} } Python ransomware script targets ESXi server for encryption
2021-09-21SophosAndrew Brandt, Vikas Singh, Shefali Gupta, Krisztián Diriczi, Chaitanya Ghorpade
@online{brandt:20210921:cring:9bd4998, author = {Andrew Brandt and Vikas Singh and Shefali Gupta and Krisztián Diriczi and Chaitanya Ghorpade}, title = {{Cring ransomware group exploits ancient ColdFusion server}}, date = {2021-09-21}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/21/cring-ransomware-group-exploits-ancient-coldfusion-server/?cmp=30728}, language = {English}, urldate = {2021-09-24} } Cring ransomware group exploits ancient ColdFusion server
Cobalt Strike Cring
2021-09-01SophosSean Gallagher, Yusuf Polat, Anand Ajjan, Andrew Brandt
@online{gallagher:20210901:fake:07752c0, author = {Sean Gallagher and Yusuf Polat and Anand Ajjan and Andrew Brandt}, title = {{Fake pirated software sites serve up malware droppers as a service}}, date = {2021-09-01}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/}, language = {English}, urldate = {2021-09-09} } Fake pirated software sites serve up malware droppers as a service
Raccoon
2021-08-12SophosGabor Szappanos, Andrew Brandt
@online{szappanos:20210812:gootloaders:84e3100, author = {Gabor Szappanos and Andrew Brandt}, title = {{Gootloader’s “mothership” controls malicious content}}, date = {2021-08-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/}, language = {English}, urldate = {2021-08-25} } Gootloader’s “mothership” controls malicious content
GootLoader
2021-07-22SophosSean Gallagher, Andrew Brandt
@online{gallagher:20210722:malware:ca3a4e3, author = {Sean Gallagher and Andrew Brandt}, title = {{Malware increasingly targets Discord for abuse}}, date = {2021-07-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse}, language = {English}, urldate = {2021-07-27} } Malware increasingly targets Discord for abuse
2021-06-17SophosAndrew Brandt
@online{brandt:20210617:vigilante:d05c7d7, author = {Andrew Brandt}, title = {{Vigilante malware rats out software pirates while blocking ThePirateBay}}, date = {2021-06-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/06/17/vigilante-antipiracy-malware/}, language = {English}, urldate = {2021-06-21} } Vigilante malware rats out software pirates while blocking ThePirateBay
2021-06-11SophosLabs UncutAndrew Brandt, Anand Ajjan, Hajnalka Kope, Mark Loman, Peter Mackenzie
@online{brandt:20210611:relentless:56d5133, author = {Andrew Brandt and Anand Ajjan and Hajnalka Kope and Mark Loman and Peter Mackenzie}, title = {{Relentless REvil, revealed: RaaS as variable as the criminals who use it}}, date = {2021-06-11}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/06/11/relentless-revil-revealed/}, language = {English}, urldate = {2021-06-16} } Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil