Malpedia Library

Click here to download all references as Bib-File.•

2025-01-25 ⋅ Sophos ⋅ Anthony Bradshaw, Colin Cowie, Daniel Souter, Hunter Neal, Mark Parsons, Sean Baird, Sean Gallagher
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
ReedBed STAC5143 UNC4393

2024-11-06 ⋅ Sophos ⋅ Asha Castle, Hikaru Koike, Sean Gallagher, Trang Tang
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
GootLoader

2024-10-31 ⋅ Sophos X-Ops ⋅ Ross McKerchar
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Asnarök

2024-10-31 ⋅ Sophos X-Ops ⋅ Andrew Brandt, Ross McKerchar
Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns
Asnarök Tstark

2023-12-20 ⋅ Sophos X-Ops ⋅ Mark Loman, Matt Wixey
CryptoGuard: An asymmetric approach to the ransomware battle
Akira LockBit Storm-1567

2023-09-22 ⋅ Sophos X-Ops ⋅ Sophos X-Ops
Mastodon Thread on observed activity involving TinyTurla
TinyTurla

2023-07-26 ⋅ Sophos
Into the tank with Nitrogen
Nitrogen Loader

2023-06-12 ⋅ Sophos ⋅ Karl Ackerman
Deep dive into the Pikabot cyber threat
Pikabot

2023-05-09 ⋅ Sophos ⋅ Paul Jaramillo
Akira Ransomware is “bringin’ 1988 back”
Akira

2023-04-21 ⋅ Sophos ⋅ Colin Cowie, Paul Jaramillo
IcedID: Defrosting a Recent Campaign Illustrating evolving tactics and shared infrastructure
IcedID PhotoLoader

2023-04-19 ⋅ Sophos ⋅ Andreas Klopsch
‘AuKill’ EDR killer malware abuses Process Explorer driver
AuKill

2023-03-09 ⋅ Sophos ⋅ Gabor Szappanos
A border-hopping PlugX USB worm takes its act on the road
PlugX

2023-02-06 ⋅ Sophos ⋅ Andrew Brandt
Qakbot mechanizes distribution of malicious OneNote notebooks
QakBot

2022-12-13 ⋅ Sophos ⋅ Andreas Klopsch, Andrew Brandt
Signed driver malware moves up the software trust chain
KillAV

2022-11-30 ⋅ Sophos ⋅ Andrew Brandt
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
LockBit

2022-11-03 ⋅ Sophos ⋅ Gabor Szappanos
Family Tree: DLL-Sideloading Cases May Be Related
DARKDEW MISTCLOAK

2022-10-04 ⋅ Sophos ⋅ Andreas Klopsch
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte

2022-08-18 ⋅ Sophos ⋅ Sean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT

2022-07-20 ⋅ Sophos ⋅ Colin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany

2022-07-14 ⋅ Sophos ⋅ Alexander Giles
Rapid Response: The Ngrok Incident Guide