Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-06Sophos LabsTilly Travers
@online{travers:20210506:mtr:1f2feb4, author = {Tilly Travers}, title = {{MTR in Real Time: Pirates pave way for Ryuk ransomware}}, date = {2021-05-06}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/05/06/mtr-in-real-time-pirates-pave-way-for-ryuk-ransomware/}, language = {English}, urldate = {2021-05-08} } MTR in Real Time: Pirates pave way for Ryuk ransomware
Ryuk
2021-05-05SophosLabs UncutAndrew Brandt, Peter Mackenzie, Vikas Singh, Gabor Szappanos
@online{brandt:20210505:intervention:f548dee, author = {Andrew Brandt and Peter Mackenzie and Vikas Singh and Gabor Szappanos}, title = {{Intervention halts a ProxyLogon-enabled attack}}, date = {2021-05-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/05/intervention-halts-a-proxylogon-enabled-attack}, language = {English}, urldate = {2021-05-07} } Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-04-21SophosLabs UncutSean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt
@online{gallagher:20210421:nearly:53964a7, author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt}, title = {{Nearly half of malware now use TLS to conceal communications}}, date = {2021-04-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/}, language = {English}, urldate = {2021-04-28} } Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2021-04-15SophosLabs UncutAndrew Brandt
@online{brandt:20210415:bazarloader:93400a1, author = {Andrew Brandt}, title = {{BazarLoader deploys a pair of novel spam vectors}}, date = {2021-04-15}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/15/bazarloader-deploys-a-pair-of-novel-spam-vectors}, language = {English}, urldate = {2021-04-16} } BazarLoader deploys a pair of novel spam vectors
BazarBackdoor
2021-04-13SophosLabs UncutAndrew Brandt
@online{brandt:20210413:compromised:c21fba1, author = {Andrew Brandt}, title = {{Compromised Exchange server hosting cryptojacker targeting other Exchange servers}}, date = {2021-04-13}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/13/compromised-exchange-server-hosting-cryptojacker-targeting-other-exchange-servers/}, language = {English}, urldate = {2021-04-14} } Compromised Exchange server hosting cryptojacker targeting other Exchange servers
2021-03-31SophosMichael Heller
@online{heller:20210331:sophos:43ef878, author = {Michael Heller}, title = {{Sophos MTR in Real Time: What is Astro Locker Team?}}, date = {2021-03-31}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/03/31/sophos-mtr-in-real-time-what-is-astro-locker-team/}, language = {English}, urldate = {2021-04-06} } Sophos MTR in Real Time: What is Astro Locker Team?
Mount Locker
2021-03-24SophosLabs UncutMark Loman
@online{loman:20210324:black:c1494bc, author = {Mark Loman}, title = {{Black Kingdom ransomware begins appearing on Exchange servers}}, date = {2021-03-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/03/23/black-kingdom/?cmp=30728}, language = {English}, urldate = {2021-03-25} } Black Kingdom ransomware begins appearing on Exchange servers
2021-03-23SophosMark Loman
@online{loman:20210323:black:527bf66, author = {Mark Loman}, title = {{Black Kingdom ransomware begins appearing on Exchange servers}}, date = {2021-03-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/03/23/black-kingdom/}, language = {English}, urldate = {2021-03-25} } Black Kingdom ransomware begins appearing on Exchange servers
BlackKingdom Ransomware
2021-03-15Sophos LabsMark Loman
@online{loman:20210315:dearcry:a7ac407, author = {Mark Loman}, title = {{DearCry ransomware attacks exploit Exchange server vulnerabilities}}, date = {2021-03-15}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/03/15/dearcry-ransomware-attacks-exploit-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-04-16} } DearCry ransomware attacks exploit Exchange server vulnerabilities
dearcry WannaCryptor
2021-03-05SophosSOPHOS MTR
@online{mtr:20210305:hafnium:b186219, author = {SOPHOS MTR}, title = {{HAFNIUM: Advice about the new nation-state attack}}, date = {2021-03-05}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/}, language = {English}, urldate = {2021-03-12} } HAFNIUM: Advice about the new nation-state attack
2021-03-01Sophos LabsGabor Szappanos, Andrew Brandt
@online{szappanos:20210301:gootloader:815834d, author = {Gabor Szappanos and Andrew Brandt}, title = {{“Gootloader” expands its payload delivery options}}, date = {2021-03-01}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/?cmp=30728}, language = {English}, urldate = {2021-03-02} } “Gootloader” expands its payload delivery options
GootKit
2021-02-16SophosLabs UncutAndrew Brandt, Anand Ajjan
@online{brandt:20210216:conti:24c2333, author = {Andrew Brandt and Anand Ajjan}, title = {{Conti ransomware: Evasive by nature}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/conti-ransomware-evasive-by-nature/}, language = {English}, urldate = {2021-02-20} } Conti ransomware: Evasive by nature
Conti Ransomware
2021-02-16SophosLabs UncutMichael Heller
@online{heller:20210216:conti:9090709, author = {Michael Heller}, title = {{A Conti ransomware attack day-by-day}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/conti-ransomware-attack-day-by-day/}, language = {English}, urldate = {2021-02-20} } A Conti ransomware attack day-by-day
Conti Ransomware
2021-02-16SophosLabs UncutPeter Mackenzie, Tilly Travers
@online{mackenzie:20210216:what:9c9f413, author = {Peter Mackenzie and Tilly Travers}, title = {{What to expect when you’ve been hit with Conti ransomware}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/what-to-expect-when-youve-been-hit-with-conti-ransomware/}, language = {English}, urldate = {2021-02-20} } What to expect when you’ve been hit with Conti ransomware
Conti Ransomware
2021-02-03Sophos Managed Threat Response (MTR)Greg Iddon
@online{iddon:20210203:mtr:8eb9950, author = {Greg Iddon}, title = {{MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server}}, date = {2021-02-03}, organization = {Sophos Managed Threat Response (MTR)}, url = {https://news.sophos.com/en-us/2021/02/03/mtr-casebook-uncovering-a-backdoor-implant-in-a-solarwinds-orion-server/}, language = {English}, urldate = {2021-02-04} } MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server
RagnarLocker
2021-01-26SophosLabs UncutMichael Heller, David Anderson, Peter Mackenzie, Sergio Bestulic, Bill Kearney
@online{heller:20210126:nefilim:6b20ee0, author = {Michael Heller and David Anderson and Peter Mackenzie and Sergio Bestulic and Bill Kearney}, title = {{Nefilim Ransomware Attack Uses “Ghost” Credentials}}, date = {2021-01-26}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/}, language = {English}, urldate = {2021-02-18} } Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim Ransomware
2021-01-21Sophos LabsGabor Szappanos, Andrew Brandt
@online{szappanos:20210121:mrbminer:1c5f2ab, author = {Gabor Szappanos and Andrew Brandt}, title = {{MrbMiner: Cryptojacking to bypass international sanctions}}, date = {2021-01-21}, organization = {Sophos Labs}, url = {https://news.sophos.com/en-us/2021/01/21/mrbminer-cryptojacking-to-bypass-international-sanctions/}, language = {English}, urldate = {2021-01-25} } MrbMiner: Cryptojacking to bypass international sanctions
2021-01-12SophosPankaj Kohli, Andrew Brandt
@online{kohli:20210112:new:ecf1e3b, author = {Pankaj Kohli and Andrew Brandt}, title = {{New Android spyware targets users in Pakistan}}, date = {2021-01-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/01/12/new-android-spyware-targets-users-in-pakistan/}, language = {English}, urldate = {2021-01-18} } New Android spyware targets users in Pakistan
PackChat
2020-12-21SophosLabs UncutSophosLabs Threat Research
@online{research:20201221:how:42cc330, author = {SophosLabs Threat Research}, title = {{How SunBurst malware does defense evasion}}, date = {2020-12-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/12/21/how-sunburst-malware-does-defense-evasion/}, language = {English}, urldate = {2020-12-23} } How SunBurst malware does defense evasion
SUNBURST UNC2452
2020-12-16SophosLabs UncutSean Gallagher, Sivagnanam Gn
@online{gallagher:20201216:ransomware:0b0fdf2, author = {Sean Gallagher and Sivagnanam Gn}, title = {{Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor}}, date = {2020-12-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/12/16/systembc/}, language = {English}, urldate = {2020-12-17} } Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
SystemBC