Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-10-21ElasticAndrew Pease, Braxton Williams, Daniel Stepanic, Jia Yu Chan, Salim Bitam, Seth Goodwin
TOLLBOOTH: What's yours, IIS mine
TOLLBOOTH
2025-09-30ElasticElastic
WARMCOOKIE One Year Later: New Features and Fresh Insights
WarmCookie
2025-07-29ElasticElastic, Jia Yu Chan
MaaS Appeal: An Infostealer Rises From The Ashes
Nova Stealer
2025-06-18ElasticSalim Bitam
A Wretch Client: From ClickFix deception to information stealer deployment
HijackLoader Lumma Stealer SectopRAT
2025-05-29ElasticJia Yu Chan
Chasing Eddies: New Rust-based InfoStealer used in CAPTCHA campaigns
EDDIESTEALER
2025-05-22ElasticDaniel Stepanic
De-obfuscating ALCATRAZ
DOUBLELOADER Rhadamanthys
2025-02-27ElasticRuben Groenewoud
Linux Detection Engineering - The Grand Finale on Linux Persistence
PANIX
2025-02-13ElasticAndrew Pease, Seth Goodwin
From South America to Southeast Asia: The Fragile Web of REF7707
FINALDRAFT FINALDRAFT GUIDLOADER PATHLOADER REF7707
2025-02-13ElasticCyril François, Daniel Stepanic, Jia Yu Chan, Salim Bitam
You've Got Malware: FINALDRAFT Hides in Your Drafts
FINALDRAFT FINALDRAFT PATHLOADER
2024-12-12ElasticDaniel Stepanic, Elastic Security Labs, Jia Yu Chan, Salim Bitam, Seth Goodwin
Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite
Gosar Quasar RAT SADBRIDGE
2024-10-19ElasticSalim Bitam
Tricks and Treats: GHOSTPULSE’s new pixel- level deception
HijackLoader
2024-10-13ElasticRemco Sprooten, Ruben Groenewoud
Declawing PUMAKIT
PUMAKIT
2024-09-27ElasticRemco Sprooten, Ruben Groenewoud
Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse
Kaiji RudeDevil
2024-08-15ElasticElastic Security Labs
Beyond the wail: deconstructing the BANSHEE infostealer
BANSHEE
2024-08-01ElasticDaniel Stepanic, Seth Goodwin
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor
BITSloth
2024-06-21ElasticJoe Desimone, Samir Bousseaden
GrimResource - Microsoft Management Console for initial access and evasion
Cobalt Strike
2024-06-12ElasticDaniel Stepanic
Dipping into Danger: The WARMCOOKIE backdoor
WarmCookie
2024-05-21ElasticAndrew Pease, Salim Bitam, Samir Bousseaden, Terrance DeJesus
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations
win.ghostengine
2024-05-16ElasticDaniel Stepanic, Samir Bousseaden
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
IcedID Latrodectus
2024-05-10ElasticCyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four
Remcos