Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18SophosSean Gallagher, Vikas Singh, Robert Weiland, Elida Leite, Kyle Link, Ratul Ghosh, Harinder Bhathal, Sergio Bestuilic, Ferenc László Nagy, Rahul Dugar, Nirav Parekh, Gabor Szappanos
@online{gallagher:20211118:new:31668c5, author = {Sean Gallagher and Vikas Singh and Robert Weiland and Elida Leite and Kyle Link and Ratul Ghosh and Harinder Bhathal and Sergio Bestuilic and Ferenc László Nagy and Rahul Dugar and Nirav Parekh and Gabor Szappanos}, title = {{New ransomware actor uses password-protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/?cmp=30728}, language = {English}, urldate = {2021-11-19} } New ransomware actor uses password-protected archives to bypass encryption protection
2021-10-24SophosSean Gallagher
@online{gallagher:20211024:node:3619389, author = {Sean Gallagher}, title = {{Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor}}, date = {2021-10-24}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/24/node-poisoning-hijacked-package-delivers-coin-miner-and-credential-stealing-backdoor}, language = {English}, urldate = {2021-11-02} } Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor
DanaBot Monero Miner
2021-10-04SophosSean Gallagher, Vikas Singh, Krisztián Diriczi, Kajal Katiyar, Chaitanya Ghorpade, Rahil Shah
@online{gallagher:20211004:atom:782b979, author = {Sean Gallagher and Vikas Singh and Krisztián Diriczi and Kajal Katiyar and Chaitanya Ghorpade and Rahil Shah}, title = {{Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack}}, date = {2021-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/}, language = {English}, urldate = {2021-10-11} } Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
ATOMSILO Cobalt Strike
2021-09-23SophosSean Gallagher
@online{gallagher:20210923:phishing:0753a1d, author = {Sean Gallagher}, title = {{Phishing and malware actors abuse Google Forms for credentials, data exfiltration}}, date = {2021-09-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/23/phishing-and-malware-actors-abuse-google-forms-for-credentials-data-exfiltration/}, language = {English}, urldate = {2021-09-28} } Phishing and malware actors abuse Google Forms for credentials, data exfiltration
2021-09-03SophosSean Gallagher, Peter Mackenzie, Anand Ajjan, Andrew Ludgate, Gabor Szappanos, Sergio Bestulic, Syed Zaidi
@online{gallagher:20210903:conti:db20680, author = {Sean Gallagher and Peter Mackenzie and Anand Ajjan and Andrew Ludgate and Gabor Szappanos and Sergio Bestulic and Syed Zaidi}, title = {{Conti affiliates use ProxyShell Exchange exploit in ransomware attacks}}, date = {2021-09-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/}, language = {English}, urldate = {2021-09-06} } Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
Cobalt Strike Conti
2021-09-01SophosSean Gallagher, Yusuf Polat, Anand Ajjan, Andrew Brandt
@online{gallagher:20210901:fake:07752c0, author = {Sean Gallagher and Yusuf Polat and Anand Ajjan and Andrew Brandt}, title = {{Fake pirated software sites serve up malware droppers as a service}}, date = {2021-09-01}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/}, language = {English}, urldate = {2021-09-09} } Fake pirated software sites serve up malware droppers as a service
Raccoon
2021-08-03SophosYusuf Arslan Polat, Sean Gallagher
@online{polat:20210803:trash:6611883, author = {Yusuf Arslan Polat and Sean Gallagher}, title = {{Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more}}, date = {2021-08-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/08/03/trash-panda-as-a-service-raccoon-stealer-steals-cookies-cryptocoins-and-more/}, language = {English}, urldate = {2021-08-06} } Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
Raccoon
2021-07-22SophosSean Gallagher, Andrew Brandt
@online{gallagher:20210722:malware:ca3a4e3, author = {Sean Gallagher and Andrew Brandt}, title = {{Malware increasingly targets Discord for abuse}}, date = {2021-07-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse}, language = {English}, urldate = {2021-07-27} } Malware increasingly targets Discord for abuse
2021-07-04SophosMark Loman, Sean Gallagher, Anand Ajjan
@online{loman:20210704:independence:56ff257, author = {Mark Loman and Sean Gallagher and Anand Ajjan}, title = {{Independence Day: REvil uses supply chain exploit to attack hundreds of businesses}}, date = {2021-07-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses}, language = {English}, urldate = {2021-07-26} } Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
REvil
2021-06-02SophosSean Gallagher
@online{gallagher:20210602:amsi:084d0ba, author = {Sean Gallagher}, title = {{AMSI bypasses remain tricks of the malware trade}}, date = {2021-06-02}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/06/02/amsi-bypasses-remain-tricks-of-the-malware-trade/}, language = {English}, urldate = {2021-06-09} } AMSI bypasses remain tricks of the malware trade
Agent Tesla Cobalt Strike Meterpreter
2021-05-11SophosSean Gallagher, Mark Loman, Peter Mackenzie, Yusuf Arslan Polat, Gabor Szappanos, Suriya Natarajan, Szabolcs Lévai, Ferenc László Nagy
@online{gallagher:20210511:defenders:a4c7f9c, author = {Sean Gallagher and Mark Loman and Peter Mackenzie and Yusuf Arslan Polat and Gabor Szappanos and Suriya Natarajan and Szabolcs Lévai and Ferenc László Nagy}, title = {{A defender’s view inside a DarkSide ransomware attack}}, date = {2021-05-11}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/05/11/a-defenders-view-inside-a-darkside-ransomware-attack/}, language = {English}, urldate = {2021-05-13} } A defender’s view inside a DarkSide ransomware attack
DarkSide
2021-04-21SophosLabs UncutSean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt
@online{gallagher:20210421:nearly:53964a7, author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt}, title = {{Nearly half of malware now use TLS to conceal communications}}, date = {2021-04-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/}, language = {English}, urldate = {2021-04-28} } Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2020-12-16SophosLabs UncutSean Gallagher, Sivagnanam Gn
@online{gallagher:20201216:ransomware:0b0fdf2, author = {Sean Gallagher and Sivagnanam Gn}, title = {{Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor}}, date = {2020-12-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/12/16/systembc/}, language = {English}, urldate = {2020-12-17} } Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
SystemBC
2020-12-08SophosSean Gallagher, Anand Aijan, Gabor Szappanos, Syed Shahram, Bill Kearney, Mark Loman, Peter Mackenzie, Sergio Bestulic
@online{gallagher:20201208:egregor:fe48cfd, author = {Sean Gallagher and Anand Aijan and Gabor Szappanos and Syed Shahram and Bill Kearney and Mark Loman and Peter Mackenzie and Sergio Bestulic}, title = {{Egregor ransomware: Maze’s heir apparent}}, date = {2020-12-08}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/12/08/egregor-ransomware-mazes-heir-apparent/}, language = {English}, urldate = {2020-12-08} } Egregor ransomware: Maze’s heir apparent
Egregor Maze
2020-10-28SophosLabs UncutSean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearny, Anand Ajjan, Brett Cove, Gabor Szappanos
@online{gallagher:20201028:hacks:8e1d051, author = {Sean Gallagher and Peter Mackenzie and Elida Leite and Syed Shahram and Bill Kearny and Anand Ajjan and Brett Cove and Gabor Szappanos}, title = {{Hacks for sale: inside the Buer Loader malware-as-a-service}}, date = {2020-10-28}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/10/28/hacks-for-sale-inside-the-buer-loader-malware-as-a-service/}, language = {English}, urldate = {2020-11-02} } Hacks for sale: inside the Buer Loader malware-as-a-service
Buer Ryuk Zloader
2020-10-21SophosLabs UncutSean Gallagher
@online{gallagher:20201021:lockbit:13c4faa, author = {Sean Gallagher}, title = {{LockBit uses automated attack tools to identify tasty targets}}, date = {2020-10-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets}, language = {English}, urldate = {2020-10-23} } LockBit uses automated attack tools to identify tasty targets
LockBit
2020-10-14SophosSean Gallagher
@online{gallagher:20201014:theyre:99f5d1e, author = {Sean Gallagher}, title = {{They’re back: inside a new Ryuk ransomware attack}}, date = {2020-10-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/}, language = {English}, urldate = {2020-10-16} } They’re back: inside a new Ryuk ransomware attack
Cobalt Strike Ryuk SystemBC
2020-07-27Sophos LabsSean Gallagher
@online{gallagher:20200727:prolock:4992cfc, author = {Sean Gallagher}, title = {{ProLock ransomware gives you the first 8 kilobytes of decryption for free}}, date = {2020-07-27}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2020/07/27/prolock-ransomware-gives-you-the-first-8-kilobytes-of-decryption-for-free/}, language = {English}, urldate = {2020-07-30} } ProLock ransomware gives you the first 8 kilobytes of decryption for free
PwndLocker
2020-07-14SophosLabs UncutMarkel Picado, Sean Gallagher
@online{picado:20200714:raticate:85d260a, author = {Markel Picado and Sean Gallagher}, title = {{RATicate upgrades “RATs as a Service” attacks with commercial “crypter”}}, date = {2020-07-14}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/07/14/raticate-rats-as-service-with-commercial-crypter/?cmp=30728}, language = {English}, urldate = {2020-07-15} } RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
LokiBot BetaBot CloudEyE NetWire RC
2020-02-02Sophos LabsSean Gallagher, Markel Picado
@online{gallagher:20200202:agent:81dd245, author = {Sean Gallagher and Markel Picado}, title = {{Agent Tesla amps up information stealing attacks}}, date = {2020-02-02}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/02/02/agent-tesla-amps-up-information-stealing-attacks/}, language = {English}, urldate = {2021-02-04} } Agent Tesla amps up information stealing attacks
Agent Tesla