Introduction Lab52 has detected a different maldoc samples of a potential malicious campaign. The initial access is through a Chinese phishing. The maldoc seems to be a campaign against Chinese speaking users as the content of the maldoc is written in Chinese. The social engineering technique applied into the maldoc’s content is to pretend to […]
The Chinese trap
Russia carried out on February 24, 2022 an invasion that few anticipated and that neither they nor Western states have found it satisfactory for their interests. There is only one actor who is benefiting from Putin’s risky move, and this is China. Also, the invasion of Ukraine has started a succession of events, fundamentally at […]
Quarterly Threat Report Q1 2023
During the first quarter of 2023, the Lab52 team has conducted an in-depth analysis of the threats that have been active during the period, focusing on information from both public and private sources, as well as studying the geopolitical context in order to anticipate potential campaigns. Below is the report for the quarter, which includes […]
New tricks of APT29 – update on the CERT.PL report
A new sample has been uploaded to VirusTotal, and its characteristics strongly resemble QUARTERRIG, a malware recently analyzed by CERT.PL and linked to APT29. In said analysis, the campaign was named “Note“. Based on the aforementioned report, the purpose of this post is to show the new features of this new campaign that we named […]
GuLoader as the Gatekeeper of AgentTesla: A Comprehensive Analysis
The malware team at Lab52 has a saying that our colleages know well: “We want your malware”. On this occasion, the Theat Intelligence team gifted us a file that appeared to be a dropper. The file was already flagged by 15 antivirus engines on VirusTotal as malicious. Among the open files, the results of specific […]
Let’s talk about the malware used by Mustang Panda
In the last post, Lab52 covered the new Mustang Panda’s campaing against Australia. Now is time to talk about the malware used by the APT group Mustang Panda in said campaing. Indeed, the malware used to commit the attack is not enterely new; there are previous reports from TrendMicro and Talos where similar tactics and […]