• Skip to primary navigation
  • Skip to main content
  • Skip to footer
lab52

lab52

The threat intelligence division of S2 Grupo

  • Home
  • Faq
  • Blog
  • About
  • Contact

Er1c_C

Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

February 19, 2024

Turla is an APT group allegedly linked to the intelligence service FSB (Federal Security Service) from the Russian Federation. This threat actor is specifically in the Center 16 unit, which carries out the collection of radio-electronic intelligence on communications facilities. Moreover, the Center 16 is in charge of intercepting, decrypting and processing the electronic message […]

Er1c_C

New invitation from APT29 to use CCleaner

July 12, 2023

Last month of May we were talking about the new APT29 campaign that we called “Information”. Recently, just a week ago, an unknown actor used similar techniques to APT29. This time APT29 is once again the focus after new techniques were identified in their operations. This post details the new techniques observed, in particular: SVG […]

Er1c_C

New tricks of APT29 – update on the CERT.PL report

May 25, 2023

A new sample has been uploaded to VirusTotal, and its characteristics strongly resemble QUARTERRIG, a malware recently analyzed by CERT.PL and linked to APT29. In said analysis, the campaign was named “Note“. Based on the aforementioned report, the purpose of this post is to show the new features of this new campaign that we named […]

Er1c_C

Cyber Threat Intelligence Report – Trends Q4 2022

February 06, 2023

During the last quarter of 2022, the Lab52 team has conducted an in-depth analysis of the threats that have been active during the period, focusing on information from both public and private sources, as well as studying the geopolitical context in order to anticipate potential campaigns. Below is the report for the quarter, which includes […]

Er1c_C

Analyzing the encryption method of emerging ransomware families

November 29, 2022

Cyble has recently published an analysis of AXLocker ransomware, a new ransomware that has been seen for the first time in november this month. As the article explains, the ransomware encrypts and exfiltrates data using discord. In this report we will focus on the encryption routine of this new artifact, which we can see in […]

Er1c_C

Complete dissection of an APK with a suspicious C2 Server

April 01, 2022

During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla. One threat that makes contact with the 82.146.35[.]240 address in particular […]

Er1c_C

Footer

Copyright &copy Lab52 2019 by S2 Grupo | Legal notice | Cookie policy | Privacy policy