Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-21Lab52
@online{lab52:20220621:muddywaters:3e100a8, author = {Lab52}, title = {{MuddyWater’s “light” first-stager targetting Middle East}}, date = {2022-06-21}, url = {https://lab52.io/blog/muddywaters-light-first-stager-targetting-middle-east/}, language = {English}, urldate = {2022-06-22} } MuddyWater’s “light” first-stager targetting Middle East
Unidentified VBS 004 (RAT)
2022-04-01Lab52Lab52
@online{lab52:20220401:complete:277239c, author = {Lab52}, title = {{Complete dissection of an APK with a suspicious C2 Server}}, date = {2022-04-01}, organization = {Lab52}, url = {https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/}, language = {English}, urldate = {2022-06-27} } Complete dissection of an APK with a suspicious C2 Server
2022-03-24Lab52freyit
@online{freyit:20220324:another:4578bc2, author = {freyit}, title = {{Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks}}, date = {2022-03-24}, organization = {Lab52}, url = {https://lab52.io/blog/another-cyber-espionage-campaign-in-the-russia-ukrainian-ongoing-cyber-attacks/}, language = {English}, urldate = {2022-03-25} } Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
Quasar RAT
2022-03-09Lab52Lab52
@online{lab52:20220309:very:b667537, author = {Lab52}, title = {{Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation}}, date = {2022-03-09}, organization = {Lab52}, url = {https://lab52.io/blog/very-very-lazy-lazyscripters-scripts-double-compromise-in-a-single-obfuscation/}, language = {English}, urldate = {2022-03-10} } Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
NjRAT
2022-02-28Lab52Jagaimo Kawaii
@online{kawaii:20220228:looking:9f8bf67, author = {Jagaimo Kawaii}, title = {{Looking for Penquins in the Wild}}, date = {2022-02-28}, organization = {Lab52}, url = {https://lab52.io/blog/looking-for-penquins-in-the-wild/}, language = {English}, urldate = {2022-03-02} } Looking for Penquins in the Wild
Penquin Turla
2022-01-24Lab52freyit
@online{freyit:20220124:new:b377b46, author = {freyit}, title = {{New TransparenTribe Operation: Targeting India with weaponized COVID-19 lure documents}}, date = {2022-01-24}, organization = {Lab52}, url = {https://lab52.io/blog/new-transparentribe-operation-targeting-india-with-weaponized-covid-19-lure-documents/}, language = {English}, urldate = {2022-01-28} } New TransparenTribe Operation: Targeting India with weaponized COVID-19 lure documents
2022-01-12Lab52Jagaimo Kawaii
@online{kawaii:20220112:tokyox:809eda0, author = {Jagaimo Kawaii}, title = {{TokyoX: DLL side-loading an unknown artifact (Part 2)}}, date = {2022-01-12}, organization = {Lab52}, url = {https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact-part-2/}, language = {English}, urldate = {2022-01-18} } TokyoX: DLL side-loading an unknown artifact (Part 2)
TokyoX
2022-01-10Lab52ml10
@online{ml10:20220110:tokyox:ac76bdb, author = {ml10}, title = {{TokyoX: DLL side-loading an unknown artifact}}, date = {2022-01-10}, organization = {Lab52}, url = {https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact/}, language = {English}, urldate = {2022-01-18} } TokyoX: DLL side-loading an unknown artifact
TokyoX
2021-12-14Lab52Th3spis
@online{th3spis:20211214:cuba:db59204, author = {Th3spis}, title = {{Cuba Ransomware Analysis}}, date = {2021-12-14}, organization = {Lab52}, url = {https://lab52.io/blog/cuba-ransomware-analysis/}, language = {English}, urldate = {2022-01-18} } Cuba Ransomware Analysis
Cuba
2021-09-28Lab52Th3spis
@online{th3spis:20210928:winter:f871981, author = {Th3spis}, title = {{Winter Vivern – all Summer}}, date = {2021-09-28}, organization = {Lab52}, url = {https://lab52.io/blog/winter-vivern-all-summer/}, language = {English}, urldate = {2021-10-11} } Winter Vivern – all Summer
2021-07-05Lab52Th3spis
@online{th3spis:20210705:quick:b0fddf2, author = {Th3spis}, title = {{Quick review of Babuk ransomware builder}}, date = {2021-07-05}, organization = {Lab52}, url = {https://lab52.io/blog/quick-review-of-babuk-ransomware-builder/}, language = {English}, urldate = {2021-07-12} } Quick review of Babuk ransomware builder
Babuk
2021-05-17Lab52Th3spis
@online{th3spis:20210517:literature:b9862c2, author = {Th3spis}, title = {{Literature lover targeting Colombia with LimeRAT}}, date = {2021-05-17}, organization = {Lab52}, url = {https://lab52.io/blog/literature-lover-targeting-colombia-with-limerat/}, language = {English}, urldate = {2021-05-17} } Literature lover targeting Colombia with LimeRAT
LimeRAT
2021-04-29Lab52Lab52
@online{lab52:20210429:chimera:0540b27, author = {Lab52}, title = {{Chimera APT updates on its OwlProxy malware}}, date = {2021-04-29}, organization = {Lab52}, url = {https://lab52.io/blog/chimera-apt-updates-on-its-owlproxy-malware/}, language = {English}, urldate = {2021-05-04} } Chimera APT updates on its OwlProxy malware
Owlproxy
2020-08-26Lab52Jagaimo Kawaii
@online{kawaii:20200826:twisted:b91cfb5, author = {Jagaimo Kawaii}, title = {{A twisted malware infection chain}}, date = {2020-08-26}, organization = {Lab52}, url = {https://lab52.io/blog/a-twisted-malware-infection-chain/}, language = {English}, urldate = {2020-08-31} } A twisted malware infection chain
Agent Tesla Loki Password Stealer (PWS)
2020-06-09Lab52Lab52
@online{lab52:20200609:recent:c5c6aa7, author = {Lab52}, title = {{Recent FK_Undead rootkit samples found in the wild}}, date = {2020-06-09}, organization = {Lab52}, url = {https://lab52.io/blog/recent-fk-undead-rootkit-samples-found-in-the-wild/}, language = {English}, urldate = {2020-06-10} } Recent FK_Undead rootkit samples found in the wild
2020-06-02Lab52Jagaimo Kawaii
@online{kawaii:20200602:mustang:2cf125a, author = {Jagaimo Kawaii}, title = {{Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers}}, date = {2020-06-02}, organization = {Lab52}, url = {https://lab52.io/blog/mustang-panda-recent-activity-dll-sideloading-trojans-with-temporal-c2-servers/}, language = {English}, urldate = {2020-06-03} } Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers
PlugX
2020-05-14Lab52Dex
@online{dex:20200514:energy:43e92b4, author = {Dex}, title = {{The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey}}, date = {2020-05-14}, organization = {Lab52}, url = {https://lab52.io/blog/the-energy-reserves-in-the-eastern-mediterranean-sea-and-a-malicious-campaign-of-apt10-against-turkey/}, language = {English}, urldate = {2020-06-10} } The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
Cobalt Strike HTran MimiKatz PlugX Quasar RAT
2020-01-15Lab52ml10
@online{ml10:20200115:aptc36:2ece45d, author = {ml10}, title = {{APT-C-36 recent activity analysis}}, date = {2020-01-15}, organization = {Lab52}, url = {https://lab52.io/blog/apt-c-36-recent-activity-analysis/}, language = {English}, urldate = {2020-01-20} } APT-C-36 recent activity analysis
LimeRAT
2020-01-13Lab52Jagaimo Kawaii
@online{kawaii:20200113:apt27:4c2f818, author = {Jagaimo Kawaii}, title = {{APT27 ZxShell RootKit module updates}}, date = {2020-01-13}, organization = {Lab52}, url = {https://lab52.io/blog/apt27-rootkit-updates/}, language = {English}, urldate = {2020-01-13} } APT27 ZxShell RootKit module updates
ZXShell
2020-01-09Lab52Jagaimo Kawaii
@online{kawaii:20200109:ta428:2230af2, author = {Jagaimo Kawaii}, title = {{TA428 Group abusing recent conflict between Iran and USA}}, date = {2020-01-09}, organization = {Lab52}, url = {https://lab52.io/blog/icefog-apt-group-abusing-recent-conflict-between-iran-and-eeuu/}, language = {English}, urldate = {2021-02-06} } TA428 Group abusing recent conflict between Iran and USA
Poison Ivy