Labs

Kryptina Desert Ftr

Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware

Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants.

Read More
Zuzana Labscon23

LABScon23 Replay | They Spilled Oil in My Health-Boosting Smoothie

Zuzana Hromcová explores how Iran-aligned APT OilRig targets healthcare and local governments with a stream of updated and newly developed tools.

Read More
Exploring  VT Bus Ftr

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

Aleksandar Milenkoski & Jose Luis Sánchez Martínez (VirusTotal) /

We teamed up with VirusTotal to take a deep dive into the platform's extensive query capabilities through both the web and API interfaces.

Read More
Martin Wendiggensen LC23 Ftr

LABScon23 Replay | Black Magic – Influence Operations in the Open and At-Scale in Hungary

As electorates across the US and Europe go to the polls in 2024, this must-see talk on large-scale state influence operations could hardly be more timely or relevant.

Read More
Xeon Dive Bg

Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.

Read More
FIN7 AvNeuralizer Ftr

FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks

This research explores how FIN7 has adopted automated attack methods and developed defense evasion techniques previously unseen in the wild.

Read More
NullBulge Ransomware Threat Actor Masquerades As Hacktivist Group Rebelling Against AI2

NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI

Actors are masquerading as hacktivists targeting AI-centric communities with commodity malware and customized LockBit payloads.

Read More
Capra Remix V2 Ftr

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

SentinelLabs has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.

Read More
ChamelGang Ftr 5

ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

Aleksandar Milenkoski & Julian-Ferdinand Vögele (Recorded Future) /

Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.

Read More
Labscon23 Greg Lesnewich Bg

LABScon23 Replay | macOS Components Used in North Korean Crypto-Heists

Greg Lesnewich takes us on a tour of North Korean APTs targeting macOS and explores techniques for tracking an increasingly active threat cluster.

Read More