A Comprehensive Laboratory for Malware Analysis

Understanding the anatomy of a virus is crucial for effective defense against it. At VirLab, we employ advanced technologies that delve into the very structure of malware, breaking it down to its most fundamental components. This deep-level analysis allows us to understand and combat malicious threats more effectively.

Research and articles

Malware threats and trends 2020-2021 in Kazakhstan and the world
In 2021, VirLab T&T Security conducted a lot of research on malicious campaigns and objects. We decided to sum up at the end of the year on the analyzed threats.
Analysis of the Lockbit 2.0 ransomware
In June 2021, a new version of the ransomware appeared under the name Lockbit 2.0. Like the REvil ransomware, which was researched by T&T Security VirLab and described in the previous article, Lockbit 2.0 is distributed according to the Ransomware-as-a-service (RaaS) model.
Analysis and detection of the supply chain attack on Kaseya REvil in the system
In recent years, the Ransomware-as-a-service (RaaS) model has become widespread. This model is a malware ransomware subscription. Attackers gain access to the web admin panel and the ability to assemble malware for different operating systems...
Watering hole threat analysis in the public sector of Kazakhstan
The study of the threat landscape in Kazakhstan as part of the Threat Intelligence stage led T&T Security experts to an interesting family of malware, the so-called Razy. Often, attackers spread Razy using a watering hole attack. Of the cases we have analyzed, two deserve special attention, which were disseminated by the attack method at a watering hole through the e-government portal (
Analysis of the Spear Phishing threat to the banking segment of Kazakhstan
On March 24-25, 2021, three letters with a malicious attachment were sent from K.T ******** [@] email to various addresses. This document contains a malicious Excel sheet with a VBA macro.
Analyzing Packaged Agent Tesla Sample
On December 9, 2020, we were provided with a malware sample that is a zero-day threat. Analysis in the tLab system showed that the sample is spyware and is responsible for collecting confidential user (victim) data.
AveMaria / WARZONE RAT analysis
On October 13, 2020 KZ-CERT reported about the attack of Kazakhstanis with AveMaria malware. AveMaria is a Trojan used by cybercriminals to remotely access a user's computer and obtain sensitive data. AveMaria may contain malicious payload, depending on modification.
Analysis of the Rising Sun backdoor by APT Lazarus in the tLab system
In December 2018, McAfee released a report on a large malware campaign targeting the financial, energy and other sectors of the economy, called Operation Sharpshooter. The North Korean APT group Lazarus is responsible for the numerous attacks.
Analysis of the WannaCry ransomware in the tLab system
On May 12, 2017, there was a massive attack by the WannaCry ransomware virus targeting almost all versions of MS Windows. As a result of the attack, more than 75,000 computers worldwide were infected. Including according to official data, computers in the Republic of Kazakhstan, represented by large companies, were attacked.
New trend of cyber attacks - "Spy in the browser" (a malicious extension of Google Chrome)
This article was prepared by the T & amp; T Security, T & amp; T RE Team {Arny, Cyberhunter, Griner} In 2014, Google removed malicious extensions for the Chrome browser from its online store for the first time. Since then, the trend of creating malicious apps or extensions for Chrome has...