Lab52 Blog
ID: c8475a7c-76d0-5d36-b8ef-23f7c4b1834d
STIX ID: identity--c8475a7c-76d0-5d36-b8ef-23f7c4b1834d
Feed Type: rss
Earliest post: 2025-06-19
Latest post: 2026-05-14
Cybersecurity research and technical threat intelligence insights from the threat intelligence division of S2 Grupo — covering malware analysis, exploit techniques, incident investigations, and practical defensive research.
All
01/01/2020
06/04/2026
| Title | Date Published ↓ | Describes Incident | Author | Visible | |||
|---|---|---|---|---|---|---|---|
 | EasterBunny: advanced espionage artifacts attributed to APT29 | 2026-05-06 | True | Er1c_C | True | ||
| DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear | 2026-03-13 | True | 3722304989 | True | ||
| PlugX Meeting Invitation via MSBuild and GDATA | 2026-02-26 | True | 10ba | True | ||
| Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure | 2026-02-13 | True | Dio | True | ||
| Black Industry: IRGC-Linked offensive OT framework | 2026-01-28 | True | Dio | True | ||
| From Dream Job to Malware: DreamLoaders in Lazarus’ Recent Campaign | 2025-10-24 | True | 10ba | True | ||
| Analyzing NotDoor: Inside APT28’s Expanding Arsenal | 2025-09-03 | True | 3722304989 | True | ||
| DeedRAT Backdoor Enhanced by Chinese APTs with Advanced Capabilities | 2025-07-18 | True | 3722304989 | True | ||
| Snake Keylogger in Geopolitical Affairs: Abuse of Trusted Java Utilities in Cybercrime Operations | 2025-06-27 | True | 3722304989 | True |