Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-03SophosSean Gallagher, Peter Mackenzie, Anand Ajjan, Andrew Ludgate, Gabor Szappanos, Sergio Bestulic, Syed Zaidi
@online{gallagher:20210903:conti:db20680, author = {Sean Gallagher and Peter Mackenzie and Anand Ajjan and Andrew Ludgate and Gabor Szappanos and Sergio Bestulic and Syed Zaidi}, title = {{Conti affiliates use ProxyShell Exchange exploit in ransomware attacks}}, date = {2021-09-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/}, language = {English}, urldate = {2021-09-06} } Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-08-12SophosGabor Szappanos, Andrew Brandt
@online{szappanos:20210812:gootloaders:84e3100, author = {Gabor Szappanos and Andrew Brandt}, title = {{Gootloader’s “mothership” controls malicious content}}, date = {2021-08-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/}, language = {English}, urldate = {2021-08-25} } Gootloader’s “mothership” controls malicious content
GootLoader
2021-05-11SophosSean Gallagher, Mark Loman, Peter Mackenzie, Yusuf Arslan Polat, Gabor Szappanos, Suriya Natarajan, Szabolcs Lévai, Ferenc László Nagy
@online{gallagher:20210511:defenders:a4c7f9c, author = {Sean Gallagher and Mark Loman and Peter Mackenzie and Yusuf Arslan Polat and Gabor Szappanos and Suriya Natarajan and Szabolcs Lévai and Ferenc László Nagy}, title = {{A defender’s view inside a DarkSide ransomware attack}}, date = {2021-05-11}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/05/11/a-defenders-view-inside-a-darkside-ransomware-attack/}, language = {English}, urldate = {2021-05-13} } A defender’s view inside a DarkSide ransomware attack
DarkSide
2021-05-05SophosLabs UncutAndrew Brandt, Peter Mackenzie, Vikas Singh, Gabor Szappanos
@online{brandt:20210505:intervention:f548dee, author = {Andrew Brandt and Peter Mackenzie and Vikas Singh and Gabor Szappanos}, title = {{Intervention halts a ProxyLogon-enabled attack}}, date = {2021-05-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/05/intervention-halts-a-proxylogon-enabled-attack}, language = {English}, urldate = {2021-05-07} } Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-03-01Sophos LabsGabor Szappanos, Andrew Brandt
@online{szappanos:20210301:gootloader:815834d, author = {Gabor Szappanos and Andrew Brandt}, title = {{“Gootloader” expands its payload delivery options}}, date = {2021-03-01}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/?cmp=30728}, language = {English}, urldate = {2021-03-02} } “Gootloader” expands its payload delivery options
GootKit
2021-01-21Sophos LabsGabor Szappanos, Andrew Brandt
@online{szappanos:20210121:mrbminer:1c5f2ab, author = {Gabor Szappanos and Andrew Brandt}, title = {{MrbMiner: Cryptojacking to bypass international sanctions}}, date = {2021-01-21}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/01/21/mrbminer-cryptojacking-to-bypass-international-sanctions/}, language = {English}, urldate = {2021-01-25} } MrbMiner: Cryptojacking to bypass international sanctions
2020-12-08SophosSean Gallagher, Anand Aijan, Gabor Szappanos, Syed Shahram, Bill Kearney, Mark Loman, Peter Mackenzie, Sergio Bestulic
@online{gallagher:20201208:egregor:fe48cfd, author = {Sean Gallagher and Anand Aijan and Gabor Szappanos and Syed Shahram and Bill Kearney and Mark Loman and Peter Mackenzie and Sergio Bestulic}, title = {{Egregor ransomware: Maze’s heir apparent}}, date = {2020-12-08}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/12/08/egregor-ransomware-mazes-heir-apparent/}, language = {English}, urldate = {2020-12-08} } Egregor ransomware: Maze’s heir apparent
Egregor Maze
2020-11-04SophosGabor Szappanos
@online{szappanos:20201104:new:66b8447, author = {Gabor Szappanos}, title = {{A new APT uses DLL side-loads to “KilllSomeOne”}}, date = {2020-11-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/11/04/a-new-apt-uses-dll-side-loads-to-killlsomeone/}, language = {English}, urldate = {2020-11-06} } A new APT uses DLL side-loads to “KilllSomeOne”
KilllSomeOne PlugX
2020-10-28SophosLabs UncutSean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearny, Anand Ajjan, Brett Cove, Gabor Szappanos
@online{gallagher:20201028:hacks:8e1d051, author = {Sean Gallagher and Peter Mackenzie and Elida Leite and Syed Shahram and Bill Kearny and Anand Ajjan and Brett Cove and Gabor Szappanos}, title = {{Hacks for sale: inside the Buer Loader malware-as-a-service}}, date = {2020-10-28}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/10/28/hacks-for-sale-inside-the-buer-loader-malware-as-a-service/}, language = {English}, urldate = {2020-11-02} } Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader
2020-06-09Sophos LabsGabor Szappanos, Vikas Singh
@online{szappanos:20200609:kingminer:0efadc6, author = {Gabor Szappanos and Vikas Singh}, title = {{Kingminer escalates attack complexity for cryptomining}}, date = {2020-06-09}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2020/06/09/kingminer-report/}, language = {English}, urldate = {2020-06-10} } Kingminer escalates attack complexity for cryptomining
2020-06-01Sophos LabsGabor Szappanos, Vikas Singh
@techreport{szappanos:20200601:increasingly:2606314, author = {Gabor Szappanos and Vikas Singh}, title = {{THE INCREASINGLY COMPLEX KINGMINER BOTNET}}, date = {2020-06-01}, institution = {Sophos Labs}, url = {https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-labs-kingminer-botnet-report.pdf}, language = {English}, urldate = {2021-04-09} } THE INCREASINGLY COMPLEX KINGMINER BOTNET
Kingminer
2020-05-27SophosLabsGabor Szappanos, Andrew Brandt
@online{szappanos:20200527:netwalker:941731e, author = {Gabor Szappanos and Andrew Brandt}, title = {{Netwalker ransomware tools give insight into threat actor}}, date = {2020-05-27}, organization = {SophosLabs}, url = {https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/}, language = {English}, urldate = {2020-05-29} } Netwalker ransomware tools give insight into threat actor
Mailto
2019-12-18SophosGabor Szappanos
@techreport{szappanos:20191218:mykings:7370b35, author = {Gabor Szappanos}, title = {{MyKings: The slow but steady growth of a relentless botnet}}, date = {2019-12-18}, institution = {Sophos}, url = {https://sophos.files.wordpress.com/2019/12/mykings_report_final.pdf}, language = {English}, urldate = {2020-01-13} } MyKings: The slow but steady growth of a relentless botnet
MyKings Spreader
2016-07Virus BulletinGabor Szappanos
@online{szappanos:201607:new:6574feb, author = {Gabor Szappanos}, title = {{New Keylogger on the Block}}, date = {2016-07}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2016/07/new-keylogger-block/}, language = {English}, urldate = {2020-01-06} } New Keylogger on the Block
KeyBase
2014-06-27SophosLabsGabor Szappanos
@techreport{szappanos:20140627:plugx:e63d8bf, author = {Gabor Szappanos}, title = {{PlugX - The Next Generation}}, date = {2014-06-27}, institution = {SophosLabs}, url = {https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/plugx-thenextgeneration.pdf}, language = {English}, urldate = {2020-01-10} } PlugX - The Next Generation
PlugX