During the first quarter of 2023, the Lab52 team has conducted an in-depth analysis of the threats that have been active during the period, focusing on information from both public and private sources, as well as studying the geopolitical context in order to anticipate potential campaigns. Below is the report for the quarter, which includes […]
New tricks of APT29 – update on the CERT.PL report
A new sample has been uploaded to VirusTotal, and its characteristics strongly resemble QUARTERRIG, a malware recently analyzed by CERT.PL and linked to APT29. In said analysis, the campaign was named “Note“. Based on the aforementioned report, the purpose of this post is to show the new features of this new campaign that we named […]
GuLoader as the Gatekeeper of AgentTesla: A Comprehensive Analysis
The malware team at Lab52 has a saying that our colleages know well: “We want your malware”. On this occasion, the Theat Intelligence team gifted us a file that appeared to be a dropper. The file was already flagged by 15 antivirus engines on VirusTotal as malicious. Among the open files, the results of specific […]
Let’s talk about the malware used by Mustang Panda
In the last post, Lab52 covered the new Mustang Panda’s campaing against Australia. Now is time to talk about the malware used by the APT group Mustang Panda in said campaing. Indeed, the malware used to commit the attack is not enterely new; there are previous reports from TrendMicro and Talos where similar tactics and […]
New Mustang Panda’s campaing against Australia
AUKUS (Australia-United Kingdom-United States) is a strategic military alliance between these territories that became a reality in 2021, whose main objective is to build nuclear-powered submarines to counter the threat from China in the Indo-Pacific region. This agreement also includes the sharing of cyber capabilities and other submarine technologies. Some sources point out that this […]
Bypassing Qakbot Anti-Analysis
QakBot is a banking trojan that has been evolving since its first version was discovered in 2008. According to the 2022 report published by CISA, it was one of the most active variants in 2021, and during 2022 and so far in 2023 it has remained quite active. Taking a brief look at the latests […]