Labs Archive

Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware

Jim Walter / September 23, 2024

Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants.

LABScon

LABScon23 Replay | They Spilled Oil in My Health-Boosting Smoothie

LABScon / September 5, 2024

Zuzana Hromcová explores how Iran-aligned APT OilRig targets healthcare and local governments with a stream of updated and newly developed tools.

Security Research

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

Aleksandar Milenkoski & Jose Luis Sánchez Martínez (VirusTotal) / August 29, 2024

We teamed up with VirusTotal to take a deep dive into the platform's extensive query capabilities through both the web and API interfaces.

LABScon

LABScon23 Replay | Black Magic – Influence Operations in the Open and At-Scale in Hungary

LABScon / August 21, 2024

As electorates across the US and Europe go to the polls in 2024, this must-see talk on large-scale state influence operations could hardly be more timely or relevant.

Crimeware

Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

Alex Delamotte / August 19, 2024

Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.

Adversary

FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks

Antonio Cocomazzi / July 17, 2024

This research explores how FIN7 has adopted automated attack methods and developed defense evasion techniques previously unseen in the wild.

NullBulge Ransomware Threat Actor Masquerades As Hacktivist Group Rebelling Against AI2

Crimeware

NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI

Jim Walter / July 16, 2024

Actors are masquerading as hacktivists targeting AI-centric communities with commodity malware and customized LockBit payloads.

Adversary

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

Alex Delamotte / July 1, 2024

SentinelLABS has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.

Advanced Persistent Threat

ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

Aleksandar Milenkoski & Julian-Ferdinand Vögele (Recorded Future) / June 26, 2024

Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.

LABScon

LABScon23 Replay | macOS Components Used in North Korean Crypto-Heists

LABScon / May 8, 2024

Greg Lesnewich takes us on a tour of North Korean APTs targeting macOS and explores techniques for tracking an increasingly active threat cluster.