Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-04SophosAndreas Klopsch
@online{klopsch:20221004:remove:a8a9121, author = {Andreas Klopsch}, title = {{Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse}}, date = {2022-10-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/}, language = {English}, urldate = {2022-10-24} } Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
BlackByte
2022-08-18SophosSean Gallagher
@online{gallagher:20220818:cookie:74bd0f5, author = {Sean Gallagher}, title = {{Cookie stealing: the new perimeter bypass}}, date = {2022-08-18}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/08/18/cookie-stealing-the-new-perimeter-bypass}, language = {English}, urldate = {2022-08-22} } Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT
2022-07-14SophosAndrew Brandt, Sergio Bestulic, Harinder Bhathal, Andy French, Bill Kearney, Lee Kirkpatrick, Elida Leite, Peter Mackenzie, Robert Weiland
@online{brandt:20220714:blackcat:745470a, author = {Andrew Brandt and Sergio Bestulic and Harinder Bhathal and Andy French and Bill Kearney and Lee Kirkpatrick and Elida Leite and Peter Mackenzie and Robert Weiland}, title = {{BlackCat ransomware attacks not merely a byproduct of bad luck}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/}, language = {English}, urldate = {2022-07-25} } BlackCat ransomware attacks not merely a byproduct of bad luck
BlackCat BlackCat
2022-07-14SophosAlexander Giles
@online{giles:20220714:rapid:f667bce, author = {Alexander Giles}, title = {{Rapid Response: The Ngrok Incident Guide}}, date = {2022-07-14}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/07/14/rapid-response-the-ngrok-incident-guide/}, language = {English}, urldate = {2022-07-25} } Rapid Response: The Ngrok Incident Guide
2022-06-16SophosLabs UncutAndrew Brandt
@online{brandt:20220616:confluence:0bbf8de, author = {Andrew Brandt}, title = {{Confluence exploits used to drop ransomware on vulnerable servers}}, date = {2022-06-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/06/16/confluence-exploits-used-to-drop-ransomware-on-vulnerable-servers/}, language = {English}, urldate = {2022-06-17} } Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-06-15VolexitySteven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20220615:driftingcloud:58322a8, author = {Steven Adair and Thomas Lancaster and Volexity Threat Research}, title = {{DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach}}, date = {2022-06-15}, organization = {Volexity}, url = {https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/}, language = {English}, urldate = {2022-06-17} } DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver
2022-05-04SophosAndreas Klopsch
@online{klopsch:20220504:attacking:750e07f, author = {Andreas Klopsch}, title = {{Attacking Emotet’s Control Flow Flattening}}, date = {2022-05-04}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening/}, language = {English}, urldate = {2022-05-05} } Attacking Emotet’s Control Flow Flattening
Emotet
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-03-17SophosTilly Travers
@online{travers:20220317:ransomware:df38f2f, author = {Tilly Travers}, title = {{The Ransomware Threat Intelligence Center}}, date = {2022-03-17}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/}, language = {English}, urldate = {2022-03-18} } The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-02-28SophosSean Gallagher
@online{gallagher:20220228:conti:bcf09a0, author = {Sean Gallagher}, title = {{Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits}}, date = {2022-02-28}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/?cmp=30728}, language = {English}, urldate = {2022-03-02} } Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2022-02-23SophosAndrew Brandt, Anand Ajjan, Colin Cowie, Abhijit Gupta, Steven Lott, Rahil Shah, Vikas Singh, Felix Weyne, Syed Zaidi, Xiaochuan Zhang
@online{brandt:20220223:dridex:51a6f80, author = {Andrew Brandt and Anand Ajjan and Colin Cowie and Abhijit Gupta and Steven Lott and Rahil Shah and Vikas Singh and Felix Weyne and Syed Zaidi and Xiaochuan Zhang}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/?cmp=30728}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Entropy
2022-02-23SophosLabs UncutAndrew Brandt
@online{brandt:20220223:dridex:c1d4784, author = {Andrew Brandt}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy
2022-02-22SophosChester Wisniewski
@online{wisniewski:20220222:cyberthreats:c100e29, author = {Chester Wisniewski}, title = {{Cyberthreats during Russian-Ukrainian tensions: what can we learn from history to be prepared?}}, date = {2022-02-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/22/cyberthreats-during-russian-ukrainian-tensions-what-can-we-learn-from-history-to-be-prepared/}, language = {English}, urldate = {2022-03-18} } Cyberthreats during Russian-Ukrainian tensions: what can we learn from history to be prepared?
Conti
2022-02-15SophosMatthew Everts, Stephen McNally
@online{everts:20220215:vulnerable:9c3b451, author = {Matthew Everts and Stephen McNally}, title = {{Vulnerable Exchange server hit by Squirrelwaffle and financial fraud}}, date = {2022-02-15}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/}, language = {English}, urldate = {2022-02-17} } Vulnerable Exchange server hit by Squirrelwaffle and financial fraud
Squirrelwaffle
2022-02-01SophosGabor Szappanos, Sean Gallagher
@online{szappanos:20220201:solarmarker:597b088, author = {Gabor Szappanos and Sean Gallagher}, title = {{SolarMarker campaign used novel registry changes to establish persistence}}, date = {2022-02-01}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/}, language = {English}, urldate = {2022-02-02} } SolarMarker campaign used novel registry changes to establish persistence
solarmarker
2022-01-25SophosAndrew Brandt, Jason Jenkins
@online{brandt:20220125:windows:d134759, author = {Andrew Brandt and Jason Jenkins}, title = {{Windows services lay the groundwork for a Midas ransomware attack}}, date = {2022-01-25}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/25/windows-services-lay-the-groundwork-for-a-midas-ransomware-attack/?cmp=30728}, language = {English}, urldate = {2022-01-28} } Windows services lay the groundwork for a Midas ransomware attack
2022-01-25SophosAndrew Brandt
@online{brandt:20220125:windows:7d316fb, author = {Andrew Brandt}, title = {{Windows services lay the groundwork for a Midas ransomware attack}}, date = {2022-01-25}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/25/windows-services-lay-the-groundwork-for-a-midas-ransomware-attack/}, language = {English}, urldate = {2022-03-30} } Windows services lay the groundwork for a Midas ransomware attack
Midas
2022-01-24SophosChester Wisniewski
@online{wisniewski:20220124:log4shell:36c4ea7, author = {Chester Wisniewski}, title = {{Log4Shell: No Mass Abuse, But No Respite, What Happened?}}, date = {2022-01-24}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/24/log4shell-no-mass-abuse-but-no-respite-what-happened/?cmp=30726}, language = {English}, urldate = {2022-01-28} } Log4Shell: No Mass Abuse, But No Respite, What Happened?
2022-01-19SophosColin Cowie, Mat Gangwer, Stan Andic, Sophos MTR Team
@online{cowie:20220119:zloader:e87c22c, author = {Colin Cowie and Mat Gangwer and Stan Andic and Sophos MTR Team}, title = {{Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike}}, date = {2022-01-19}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/01/19/zloader-installs-remote-access-backdoors-and-delivers-cobalt-strike/}, language = {English}, urldate = {2022-01-25} } Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
Cobalt Strike Zloader
2021-12-22SophosAndrew Brandt, Fraser Howard, Anand Ajjan, Peter Mackenzie, Ferenc László Nagy, Sergio Bestulic, Timothy Easton
@online{brandt:20211222:avos:b09298c, author = {Andrew Brandt and Fraser Howard and Anand Ajjan and Peter Mackenzie and Ferenc László Nagy and Sergio Bestulic and Timothy Easton}, title = {{Avos Locker remotely accesses boxes, even running in Safe Mode}}, date = {2021-12-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/12/22/avos-locker-remotely-accesses-boxes-even-running-in-safe-mode/}, language = {English}, urldate = {2021-12-31} } Avos Locker remotely accesses boxes, even running in Safe Mode
AvosLocker