Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-12-20Sophos X-OpsMark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit Storm-1567
2023-09-22Sophos X-OpsSophos X-Ops
Mastodon Thread on observed activity involving TinyTurla
TinyTurla
2023-06-12SophosKarl Ackerman
Deep dive into the Pikabot cyber threat
Pikabot
2023-05-09SophosPaul Jaramillo
Akira Ransomware is “bringin’ 1988 back”
Akira
2023-04-21SophosColin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader
2023-04-19SophosAndreas Klopsch
‘AuKill’ EDR killer malware abuses Process Explorer driver
AuKill
2023-03-09SophosGabor Szappanos
A border-hopping PlugX USB worm takes its act on the road
PlugX
2023-02-06SophosAndrew Brandt
Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot
2022-12-13SophosAndreas Klopsch, Andrew Brandt
Signed driver malware moves up the software trust chain
KillAV
2022-11-30SophosAndrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-03SophosGabor Szappanos
Family Tree: DLL-Sideloading Cases May Be Related
DARKDEW MISTCLOAK
2022-10-04SophosAndreas Klopsch
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte
2022-08-18SophosSean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT
2022-07-20SophosColin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany
2022-07-14SophosAlexander Giles
Rapid Response: The Ngrok Incident Guide
2022-07-14SophosAndrew Brandt, Andy French, Bill Kearney, Elida Leite, Harinder Bhathal, Lee Kirkpatrick, Peter Mackenzie, Robert Weiland, Sergio Bestulic
BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-06-16SophosLabs UncutAndrew Brandt
Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver DriftingCloud
2022-05-04SophosAndreas Klopsch
Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-12SophosAndrew Brandt, Angela Gunn, Ferenc László Nagy, Johnathan Fern, Linda Smith, Matthew Everts, Mauricio Valdivieso, Melissa Kelly, Peter Mackenzie, Sergio Bestulic
Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit