Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-12Lab52Lab52
@online{lab52:20230712:new:aad5f7c, author = {Lab52}, title = {{New invitation from APT29 to use CCleaner}}, date = {2023-07-12}, organization = {Lab52}, url = {https://lab52.io/blog/2344-2/}, language = {English}, urldate = {2023-07-13} } New invitation from APT29 to use CCleaner
Unidentified 107 (APT29)
2023-07-07Lab52Lab52
@online{lab52:20230707:beyond:8a89022, author = {Lab52}, title = {{Beyond appearances: unknown actor using APT29’s TTP against Chinese users}}, date = {2023-07-07}, organization = {Lab52}, url = {https://lab52.io/blog/beyond-appearances-unknown-actor-using-apt29s-ttp-against-chinese-users/}, language = {English}, urldate = {2023-07-13} } Beyond appearances: unknown actor using APT29’s TTP against Chinese users
Cobalt Strike
2023-05-25Lab52Lab52
@online{lab52:20230525:new:beca5c2, author = {Lab52}, title = {{New tricks of APT29 – update on the CERT.PL report}}, date = {2023-05-25}, organization = {Lab52}, url = {https://lab52.io/blog/2162-2/}, language = {English}, urldate = {2023-07-13} } New tricks of APT29 – update on the CERT.PL report
2023-05-03Lab52Lab52
@online{lab52:20230503:new:1056613, author = {Lab52}, title = {{New Mustang Panda’s campaing against Australia}}, date = {2023-05-03}, organization = {Lab52}, url = {https://lab52.io/blog/new-mustang-pandas-campaing-against-australia/}, language = {English}, urldate = {2023-05-08} } New Mustang Panda’s campaing against Australia
PlugX
2023-03-24Lab52peko
@online{peko:20230324:bypassing:a6439f7, author = {peko}, title = {{Bypassing Qakbot Anti-Analysis}}, date = {2023-03-24}, organization = {Lab52}, url = {https://lab52.io/blog/bypassing-qakbot-anti-analysis-tactics/}, language = {English}, urldate = {2023-03-27} } Bypassing Qakbot Anti-Analysis
QakBot
2022-06-21Lab52
@online{lab52:20220621:muddywaters:3e100a8, author = {Lab52}, title = {{MuddyWater’s “light” first-stager targetting Middle East}}, date = {2022-06-21}, url = {https://lab52.io/blog/muddywaters-light-first-stager-targetting-middle-east/}, language = {English}, urldate = {2022-06-22} } MuddyWater’s “light” first-stager targetting Middle East
Unidentified VBS 004 (RAT)
2022-04-01Lab52Lab52
@online{lab52:20220401:complete:277239c, author = {Lab52}, title = {{Complete dissection of an APK with a suspicious C2 Server}}, date = {2022-04-01}, organization = {Lab52}, url = {https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/}, language = {English}, urldate = {2022-06-27} } Complete dissection of an APK with a suspicious C2 Server
2022-03-24Lab52freyit
@online{freyit:20220324:another:4578bc2, author = {freyit}, title = {{Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks}}, date = {2022-03-24}, organization = {Lab52}, url = {https://lab52.io/blog/another-cyber-espionage-campaign-in-the-russia-ukrainian-ongoing-cyber-attacks/}, language = {English}, urldate = {2022-03-25} } Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
Quasar RAT
2022-03-09Lab52Lab52
@online{lab52:20220309:very:b667537, author = {Lab52}, title = {{Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation}}, date = {2022-03-09}, organization = {Lab52}, url = {https://lab52.io/blog/very-very-lazy-lazyscripters-scripts-double-compromise-in-a-single-obfuscation/}, language = {English}, urldate = {2022-03-10} } Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
NjRAT
2022-02-28Lab52Jagaimo Kawaii
@online{kawaii:20220228:looking:9f8bf67, author = {Jagaimo Kawaii}, title = {{Looking for Penquins in the Wild}}, date = {2022-02-28}, organization = {Lab52}, url = {https://lab52.io/blog/looking-for-penquins-in-the-wild/}, language = {English}, urldate = {2022-03-02} } Looking for Penquins in the Wild
Penquin Turla
2022-01-24Lab52freyit
@online{freyit:20220124:new:b377b46, author = {freyit}, title = {{New TransparenTribe Operation: Targeting India with weaponized COVID-19 lure documents}}, date = {2022-01-24}, organization = {Lab52}, url = {https://lab52.io/blog/new-transparentribe-operation-targeting-india-with-weaponized-covid-19-lure-documents/}, language = {English}, urldate = {2022-01-28} } New TransparenTribe Operation: Targeting India with weaponized COVID-19 lure documents
2022-01-12Lab52Jagaimo Kawaii
@online{kawaii:20220112:tokyox:809eda0, author = {Jagaimo Kawaii}, title = {{TokyoX: DLL side-loading an unknown artifact (Part 2)}}, date = {2022-01-12}, organization = {Lab52}, url = {https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact-part-2/}, language = {English}, urldate = {2022-01-18} } TokyoX: DLL side-loading an unknown artifact (Part 2)
TokyoX
2022-01-10Lab52ml10
@online{ml10:20220110:tokyox:ac76bdb, author = {ml10}, title = {{TokyoX: DLL side-loading an unknown artifact}}, date = {2022-01-10}, organization = {Lab52}, url = {https://lab52.io/blog/tokyox-dll-side-loading-an-unknown-artifact/}, language = {English}, urldate = {2022-01-18} } TokyoX: DLL side-loading an unknown artifact
TokyoX
2021-12-14Lab52Th3spis
@online{th3spis:20211214:cuba:db59204, author = {Th3spis}, title = {{Cuba Ransomware Analysis}}, date = {2021-12-14}, organization = {Lab52}, url = {https://lab52.io/blog/cuba-ransomware-analysis/}, language = {English}, urldate = {2022-01-18} } Cuba Ransomware Analysis
Cuba
2021-09-28Lab52Th3spis
@online{th3spis:20210928:winter:f871981, author = {Th3spis}, title = {{Winter Vivern – all Summer}}, date = {2021-09-28}, organization = {Lab52}, url = {https://lab52.io/blog/winter-vivern-all-summer/}, language = {English}, urldate = {2021-10-11} } Winter Vivern – all Summer
2021-07-05Lab52Th3spis
@online{th3spis:20210705:quick:b0fddf2, author = {Th3spis}, title = {{Quick review of Babuk ransomware builder}}, date = {2021-07-05}, organization = {Lab52}, url = {https://lab52.io/blog/quick-review-of-babuk-ransomware-builder/}, language = {English}, urldate = {2021-07-12} } Quick review of Babuk ransomware builder
Babuk
2021-05-17Lab52Th3spis
@online{th3spis:20210517:literature:b9862c2, author = {Th3spis}, title = {{Literature lover targeting Colombia with LimeRAT}}, date = {2021-05-17}, organization = {Lab52}, url = {https://lab52.io/blog/literature-lover-targeting-colombia-with-limerat/}, language = {English}, urldate = {2021-05-17} } Literature lover targeting Colombia with LimeRAT
LimeRAT
2021-04-29Lab52Lab52
@online{lab52:20210429:chimera:0540b27, author = {Lab52}, title = {{Chimera APT updates on its OwlProxy malware}}, date = {2021-04-29}, organization = {Lab52}, url = {https://lab52.io/blog/chimera-apt-updates-on-its-owlproxy-malware/}, language = {English}, urldate = {2021-05-04} } Chimera APT updates on its OwlProxy malware
Owlproxy
2020-08-26Lab52Jagaimo Kawaii
@online{kawaii:20200826:twisted:b91cfb5, author = {Jagaimo Kawaii}, title = {{A twisted malware infection chain}}, date = {2020-08-26}, organization = {Lab52}, url = {https://lab52.io/blog/a-twisted-malware-infection-chain/}, language = {English}, urldate = {2020-08-31} } A twisted malware infection chain
Agent Tesla Loki Password Stealer (PWS)
2020-06-09Lab52Lab52
@online{lab52:20200609:recent:c5c6aa7, author = {Lab52}, title = {{Recent FK_Undead rootkit samples found in the wild}}, date = {2020-06-09}, organization = {Lab52}, url = {https://lab52.io/blog/recent-fk-undead-rootkit-samples-found-in-the-wild/}, language = {English}, urldate = {2020-06-10} } Recent FK_Undead rootkit samples found in the wild