Labs Archive

China’s Influence Ops | Twisting Tales of Volt Typhoon at Home and Abroad

Dakota Cary / October 16, 2024

China's CVERC attempts to attribute Volt Typhoon activities to the U.S., but the fact-free claims reveal much about the PRC's real agenda.

PDF

Crimeware

Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware

Jim Walter / September 23, 2024

Kryptina's adoption by Mallox affiliates complicates malware tracking as ransomware operators blend different codebases into new variants.

PDF

LABScon

LABScon23 Replay | They Spilled Oil in My Health-Boosting Smoothie

LABScon / September 5, 2024

Zuzana Hromcová explores how Iran-aligned APT OilRig targets healthcare and local governments with a stream of updated and newly developed tools.

PDF

Security Research

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

Aleksandar Milenkoski & Jose Luis Sánchez Martínez (VirusTotal) / August 29, 2024

We teamed up with VirusTotal to take a deep dive into the platform's extensive query capabilities through both the web and API interfaces.

PDF

LABScon

LABScon23 Replay | Black Magic – Influence Operations in the Open and At-Scale in Hungary

LABScon / August 21, 2024

As electorates across the US and Europe go to the polls in 2024, this must-see talk on large-scale state influence operations could hardly be more timely or relevant.

PDF

Crimeware

Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

Alex Delamotte / August 19, 2024

Cloud attack tool has been repurposed by multiple threat actors to push SMS spam and smishing campaigns through major SaaS providers.

PDF

Adversary

FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks

Antonio Cocomazzi / July 17, 2024

This research explores how FIN7 has adopted automated attack methods and developed defense evasion techniques previously unseen in the wild.

PDF

NullBulge Ransomware Threat Actor Masquerades As Hacktivist Group Rebelling Against AI2

Crimeware

NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI

Jim Walter / July 16, 2024

Actors are masquerading as hacktivists targeting AI-centric communities with commodity malware and customized LockBit payloads.

PDF

Adversary

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

Alex Delamotte / July 1, 2024

SentinelLabs has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.

PDF

Advanced Persistent Threat

ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

Aleksandar Milenkoski & Julian-Ferdinand Vögele (Recorded Future) / June 26, 2024

Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.

PDF

Cloud Malware | A Threat Hunter’s Guide to Analysis, Techniques and Delivery

China’s Influence Ops | Twisting Tales of Volt Typhoon at Home and Abroad

Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware

LABScon23 Replay | They Spilled Oil in My Health-Boosting Smoothie

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

LABScon23 Replay | Black Magic – Influence Operations in the Open and At-Scale in Hungary

Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks

NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware