Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-09SophosPaul Jaramillo
@online{jaramillo:20230509:akira:55a936a, author = {Paul Jaramillo}, title = {{Akira Ransomware is “bringin’ 1988 back”}}, date = {2023-05-09}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/}, language = {English}, urldate = {2023-05-11} } Akira Ransomware is “bringin’ 1988 back”
Akira
2023-04-21SophosColin Cowie, Paul Jaramillo
@techreport{cowie:20230421:icedid:506b299, author = {Colin Cowie and Paul Jaramillo}, title = {{IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure}}, date = {2023-04-21}, institution = {Sophos}, url = {https://www.first.org/resources/papers/amsterdam23/IcedID-FIRST-AMS-2023.pdf}, language = {English}, urldate = {2023-08-10} } IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader
2023-04-19SophosAndreas Klopsch
@online{klopsch:20230419:aukill:cebf5d8, author = {Andreas Klopsch}, title = {{‘AuKill’ EDR killer malware abuses Process Explorer driver}}, date = {2023-04-19}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/}, language = {English}, urldate = {2023-04-22} } ‘AuKill’ EDR killer malware abuses Process Explorer driver
AuKill
2023-03-09SophosGabor Szappanos
@online{szappanos:20230309:borderhopping:5220748, author = {Gabor Szappanos}, title = {{A border-hopping PlugX USB worm takes its act on the road}}, date = {2023-03-09}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/03/09/border-hopping-plugx-usb-worm/}, language = {English}, urldate = {2023-03-22} } A border-hopping PlugX USB worm takes its act on the road
PlugX
2023-02-06SophosAndrew Brandt
@online{brandt:20230206:qakbot:e85e83f, author = {Andrew Brandt}, title = {{Qakbot mechanizes distribution of malicious OneNote notebooks}}, date = {2023-02-06}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/}, language = {English}, urldate = {2023-02-13} } Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot
2022-12-13SophosAndreas Klopsch, Andrew Brandt
@online{klopsch:20221213:signed:9d26a63, author = {Andreas Klopsch and Andrew Brandt}, title = {{Signed driver malware moves up the software trust chain}}, date = {2022-12-13}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/}, language = {English}, urldate = {2023-09-13} } Signed driver malware moves up the software trust chain
KillAV
2022-11-30SophosAndrew Brandt
@online{brandt:20221130:lockbit:7d7598f, author = {Andrew Brandt}, title = {{LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling}}, date = {2022-11-30}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling/}, language = {English}, urldate = {2022-12-02} } LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit
2022-11-03SophosGabor Szappanos
@online{szappanos:20221103:family:666a56f, author = {Gabor Szappanos}, title = {{Family Tree: DLL-Sideloading Cases May Be Related}}, date = {2022-11-03}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/11/03/family-tree-dll-sideloading-cases-may-be-related/}, language = {English}, urldate = {2022-12-02} } Family Tree: DLL-Sideloading Cases May Be Related
DARKDEW MISTCLOAK
2022-10-04SophosAndreas Klopsch
@online{klopsch:20221004:remove:a8a9121, author = {Andreas Klopsch}, title = {{Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse}}, date = {2022-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/}, language = {English}, urldate = {2022-10-24} } Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte
2022-08-18SophosSean Gallagher
@online{gallagher:20220818:cookie:74bd0f5, author = {Sean Gallagher}, title = {{Cookie stealing: the new perimeter bypass}}, date = {2022-08-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/08/18/cookie-stealing-the-new-perimeter-bypass}, language = {English}, urldate = {2022-08-22} } Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT
2022-07-20SophosColin Cowie, Gabor Szappanos
@online{cowie:20220720:ooda:6c453ab, author = {Colin Cowie and Gabor Szappanos}, title = {{OODA: X-Ops Takes On Burgeoning SQL Server Attacks}}, date = {2022-07-20}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/20/ooda-x-ops-takes-on-burgeoning-sql-server-attacks/}, language = {English}, urldate = {2023-05-30} } OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany
2022-07-14SophosAndrew Brandt, Sergio Bestulic, Harinder Bhathal, Andy French, Bill Kearney, Lee Kirkpatrick, Elida Leite, Peter Mackenzie, Robert Weiland
@online{brandt:20220714:blackcat:745470a, author = {Andrew Brandt and Sergio Bestulic and Harinder Bhathal and Andy French and Bill Kearney and Lee Kirkpatrick and Elida Leite and Peter Mackenzie and Robert Weiland}, title = {{BlackCat ransomware attacks not merely a byproduct of bad luck}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/}, language = {English}, urldate = {2022-07-25} } BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-14SophosAlexander Giles
@online{giles:20220714:rapid:f667bce, author = {Alexander Giles}, title = {{Rapid Response: The Ngrok Incident Guide}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/rapid-response-the-ngrok-incident-guide/}, language = {English}, urldate = {2022-07-25} } Rapid Response: The Ngrok Incident Guide
2022-06-16SophosLabs UncutAndrew Brandt
@online{brandt:20220616:confluence:0bbf8de, author = {Andrew Brandt}, title = {{Confluence exploits used to drop ransomware on vulnerable servers}}, date = {2022-06-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/06/16/confluence-exploits-used-to-drop-ransomware-on-vulnerable-servers/}, language = {English}, urldate = {2022-06-17} } Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20220615:driftingcloud:58322a8, author = {Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach}}, date = {2022-06-15}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/}, language = {English}, urldate = {2022-06-17} } DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver
2022-05-04SophosAndreas Klopsch
@online{klopsch:20220504:attacking:750e07f, author = {Andreas Klopsch}, title = {{Attacking Emotet’s Control Flow Flattening}}, date = {2022-05-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening/}, language = {English}, urldate = {2022-05-05} } Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-03-17SophosTilly Travers
@online{travers:20220317:ransomware:df38f2f, author = {Tilly Travers}, title = {{The Ransomware Threat Intelligence Center}}, date = {2022-03-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/}, language = {English}, urldate = {2022-03-18} } The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-02-28SophosSean Gallagher
@online{gallagher:20220228:conti:bcf09a0, author = {Sean Gallagher}, title = {{Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits}}, date = {2022-02-28}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/?cmp=30728}, language = {English}, urldate = {2022-03-02} } Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2022-02-23SophosLabs UncutAndrew Brandt
@online{brandt:20220223:dridex:c1d4784, author = {Andrew Brandt}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy