Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-16SophosLabs UncutAndrew Brandt
@online{brandt:20220616:confluence:0bbf8de, author = {Andrew Brandt}, title = {{Confluence exploits used to drop ransomware on vulnerable servers}}, date = {2022-06-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/06/16/confluence-exploits-used-to-drop-ransomware-on-vulnerable-servers/}, language = {English}, urldate = {2022-06-17} } Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-02-23SophosLabs UncutAndrew Brandt
@online{brandt:20220223:dridex:c1d4784, author = {Andrew Brandt}, title = {{Dridex bots deliver Entropy ransomware in recent attacks}}, date = {2022-02-23}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/}, language = {English}, urldate = {2022-03-01} } Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy
2021-11-18SophosLabs UncutSean Gallagher
@online{gallagher:20211118:new:7fc4407, author = {Sean Gallagher}, title = {{New ransomware actor uses password protected archives to bypass encryption protection}}, date = {2021-11-18}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/}, language = {English}, urldate = {2022-03-22} } New ransomware actor uses password protected archives to bypass encryption protection
2021-11-11SophosLabs UncutAndrew Brandt
@online{brandt:20211111:bazarloader:9328545, author = {Andrew Brandt}, title = {{BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism}}, date = {2021-11-11}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/11/11/bazarloader-call-me-back-attack-abuses-windows-10-apps-mechanism/}, language = {English}, urldate = {2021-11-12} } BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
BazarBackdoor
2021-07-09Twitter (@SophosLabs)SophosLabs
@online{sophoslabs:20210709:speed:6f279b2, author = {SophosLabs}, title = {{Tweet on speed at which Kaseya REvil attack was conducted}}, date = {2021-07-09}, organization = {Twitter (@SophosLabs)}, url = {https://twitter.com/SophosLabs/status/1413616952313004040?s=20}, language = {English}, urldate = {2021-07-24} } Tweet on speed at which Kaseya REvil attack was conducted
REvil
2021-07-05Twitter (@SophosLabs)SophosLabs
@online{sophoslabs:20210705:with:d8dc444, author = {SophosLabs}, title = {{Tweet with a REvil ransomware execution demo}}, date = {2021-07-05}, organization = {Twitter (@SophosLabs)}, url = {https://twitter.com/SophosLabs/status/1412056467201462276}, language = {English}, urldate = {2021-07-26} } Tweet with a REvil ransomware execution demo
REvil
2021-06-11SophosLabs UncutAndrew Brandt, Anand Ajjan, Hajnalka Kope, Mark Loman, Peter Mackenzie
@online{brandt:20210611:relentless:56d5133, author = {Andrew Brandt and Anand Ajjan and Hajnalka Kope and Mark Loman and Peter Mackenzie}, title = {{Relentless REvil, revealed: RaaS as variable as the criminals who use it}}, date = {2021-06-11}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/06/11/relentless-revil-revealed/}, language = {English}, urldate = {2021-06-16} } Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil
2021-05-28SophosLabs UncutAndrew Brandt
@online{brandt:20210528:new:4d0e375, author = {Andrew Brandt}, title = {{A new ransomware enters the fray: Epsilon Red}}, date = {2021-05-28}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/28/epsilonred/}, language = {English}, urldate = {2021-06-07} } A new ransomware enters the fray: Epsilon Red
Epsilon Red
2021-05-07SophosLabs UncutRajesh Nataraj
@online{nataraj:20210507:new:79ec788, author = {Rajesh Nataraj}, title = {{New Lemon Duck variants exploiting Microsoft Exchange Server}}, date = {2021-05-07}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/07/new-lemon-duck-variants-exploiting-microsoft-exchange-server/?cmp=30728}, language = {English}, urldate = {2022-02-16} } New Lemon Duck variants exploiting Microsoft Exchange Server
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-05SophosLabs UncutAndrew Brandt, Peter Mackenzie, Vikas Singh, Gabor Szappanos
@online{brandt:20210505:intervention:f548dee, author = {Andrew Brandt and Peter Mackenzie and Vikas Singh and Gabor Szappanos}, title = {{Intervention halts a ProxyLogon-enabled attack}}, date = {2021-05-05}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/05/05/intervention-halts-a-proxylogon-enabled-attack}, language = {English}, urldate = {2021-05-07} } Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-04-21SophosLabs UncutSean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt
@online{gallagher:20210421:nearly:53964a7, author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt}, title = {{Nearly half of malware now use TLS to conceal communications}}, date = {2021-04-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/}, language = {English}, urldate = {2021-04-28} } Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2021-04-15SophosLabs UncutAndrew Brandt
@online{brandt:20210415:bazarloader:93400a1, author = {Andrew Brandt}, title = {{BazarLoader deploys a pair of novel spam vectors}}, date = {2021-04-15}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/15/bazarloader-deploys-a-pair-of-novel-spam-vectors}, language = {English}, urldate = {2021-04-16} } BazarLoader deploys a pair of novel spam vectors
BazarBackdoor
2021-04-13SophosLabs UncutAndrew Brandt
@online{brandt:20210413:compromised:c21fba1, author = {Andrew Brandt}, title = {{Compromised Exchange server hosting cryptojacker targeting other Exchange servers}}, date = {2021-04-13}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/04/13/compromised-exchange-server-hosting-cryptojacker-targeting-other-exchange-servers/}, language = {English}, urldate = {2021-04-14} } Compromised Exchange server hosting cryptojacker targeting other Exchange servers
2021-03-24SophosLabs UncutMark Loman
@online{loman:20210324:black:c1494bc, author = {Mark Loman}, title = {{Black Kingdom ransomware begins appearing on Exchange servers}}, date = {2021-03-24}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/03/23/black-kingdom/?cmp=30728}, language = {English}, urldate = {2021-03-25} } Black Kingdom ransomware begins appearing on Exchange servers
2021-02-16SophosLabs UncutAndrew Brandt, Anand Ajjan
@online{brandt:20210216:conti:24c2333, author = {Andrew Brandt and Anand Ajjan}, title = {{Conti ransomware: Evasive by nature}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/conti-ransomware-evasive-by-nature/}, language = {English}, urldate = {2021-02-20} } Conti ransomware: Evasive by nature
Conti
2021-02-16SophosLabs UncutMichael Heller
@online{heller:20210216:conti:9090709, author = {Michael Heller}, title = {{A Conti ransomware attack day-by-day}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/conti-ransomware-attack-day-by-day/}, language = {English}, urldate = {2021-02-20} } A Conti ransomware attack day-by-day
Conti
2021-02-16SophosLabs UncutPeter Mackenzie, Tilly Travers
@online{mackenzie:20210216:what:9c9f413, author = {Peter Mackenzie and Tilly Travers}, title = {{What to expect when you’ve been hit with Conti ransomware}}, date = {2021-02-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/02/16/what-to-expect-when-youve-been-hit-with-conti-ransomware/}, language = {English}, urldate = {2021-02-20} } What to expect when you’ve been hit with Conti ransomware
Conti
2021-01-26SophosLabs UncutMichael Heller, David Anderson, Peter Mackenzie, Sergio Bestulic, Bill Kearney
@online{heller:20210126:nefilim:6b20ee0, author = {Michael Heller and David Anderson and Peter Mackenzie and Sergio Bestulic and Bill Kearney}, title = {{Nefilim Ransomware Attack Uses “Ghost” Credentials}}, date = {2021-01-26}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/}, language = {English}, urldate = {2021-02-18} } Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim
2020-12-21SophosLabs UncutSophosLabs Threat Research
@online{research:20201221:how:42cc330, author = {SophosLabs Threat Research}, title = {{How SunBurst malware does defense evasion}}, date = {2020-12-21}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/12/21/how-sunburst-malware-does-defense-evasion/}, language = {English}, urldate = {2020-12-23} } How SunBurst malware does defense evasion
SUNBURST UNC2452
2020-12-16SophosLabs UncutSean Gallagher, Sivagnanam Gn
@online{gallagher:20201216:ransomware:0b0fdf2, author = {Sean Gallagher and Sivagnanam Gn}, title = {{Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor}}, date = {2020-12-16}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/12/16/systembc/}, language = {English}, urldate = {2020-12-17} } Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
SystemBC