VirLab

Virus laboratory for the study of malicious objects

To effectively defend against the virus, you need to understand its anatomy. VirLab technologies allow you to penetrate the structure of malware and disassemble it into "molecules".
LEARN MORE

Research and articles

Analysis and detection of the supply chain attack on Kaseya REvil in the system
In recent years, the Ransomware-as-a-service (RaaS) model has become widespread. This model is a malware ransomware subscription. Attackers gain access to the web admin panel and the ability to assemble malware for different operating systems...
Watering hole threat analysis in the public sector of Kazakhstan
The study of the threat landscape in Kazakhstan as part of the Threat Intelligence stage led T&T Security experts to an interesting family of malware, the so-called Razy. Often, attackers spread Razy using a watering hole attack. Of the cases we have analyzed, two deserve special attention, which were disseminated by the attack method at a watering hole through the e-government portal (egov.kz).
Analysis of the Spear Phishing threat to the banking segment of Kazakhstan
On March 24-25, 2021, three letters with a malicious attachment were sent from K.T ******** [@] jysanbank.kz email to various addresses. This document contains a malicious Excel sheet with a VBA macro.
Analyzing Packaged Agent Tesla Sample
On December 9, 2020, we were provided with a malware sample that is a zero-day threat. Analysis in the tLab system showed that the sample is spyware and is responsible for collecting confidential user (victim) data.
AveMaria / WARZONE RAT analysis
On October 13, 2020 KZ-CERT reported about the attack of Kazakhstanis with AveMaria malware. AveMaria is a Trojan used by cybercriminals to remotely access a user's computer and obtain sensitive data. AveMaria may contain malicious payload, depending on modification.
Analysis of the Rising Sun backdoor by APT Lazarus in the tLab system
In December 2018, McAfee released a report on a large malware campaign targeting the financial, energy and other sectors of the economy, called Operation Sharpshooter. The North Korean APT group Lazarus is responsible for the numerous attacks.
Analysis of the WannaCry ransomware in the tLab system
On May 12, 2017, there was a massive attack by the WannaCry ransomware virus targeting almost all versions of MS Windows. As a result of the attack, more than 75,000 computers worldwide were infected. Including according to official data, computers in the Republic of Kazakhstan, represented by large companies, were attacked.
New trend of cyber attacks - "Spy in the browser" (a malicious extension of Google Chrome)
This article was prepared by the T & amp; T Security, T & amp; T RE Team {Arny, Cyberhunter, Griner} In 2014, Google removed malicious extensions for the Chrome browser from its online store for the first time. Since then, the trend of creating malicious apps or extensions for Chrome has...