Click here to download all references as Bib-File.•
| 2023-12-06
⋅
Elastic
⋅
Getting gooey with GULOADER: deobfuscating the downloader CloudEyE |
| 2023-10-31
⋅
Elastic
⋅
Elastic catches DPRK passing out KANDYKORN HLOADER KANDYKORN SUGARLOADER |
| 2023-10-27
⋅
Elastic
⋅
GHOSTPULSE haunts victims using defense evasion bag o' tricks HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar |
| 2023-10-13
⋅
Elastic
⋅
Disclosing the BLOODALCHEMY backdoor BloodAlchemy REF5961 |
| 2023-10-03
⋅
Elastic
⋅
Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE) EagerBee SManager REF2924 REF5961 |
| 2023-08-24
⋅
Elastic
⋅
Revisting BLISTER: New development of the BLISTER loader Blister |
| 2023-08-24
⋅
Elastic
⋅
Revisting BLISTER: New development of the BLISTER loader Blister |
| 2023-06-29
⋅
Elastic
⋅
The DPRK strikes using a new variant of RUSTBUCKET RustBucket |
| 2023-06-21
⋅
Elastic
⋅
Initial research exposing JOKERSPY JokerSpy |
| 2023-06-09
⋅
Elastic
⋅
Elastic charms SPECTRALVIPER |
| 2023-06-09
⋅
Elastic
⋅
Elastic charms SPECTRALVIPER SPECTRALVIPER |
| 2023-05-04
⋅
Elastic
⋅
Unpacking ICEDID IcedID PhotoLoader |
| 2023-04-25
⋅
Elastic
⋅
Elastic Security Labs discovers the LOBSHOT malware LOBSHOT |
| 2023-04-07
⋅
Elastic
⋅
Attack chain leads to XWORM and AGENTTESLA Agent Tesla XWorm |
| 2023-03-30
⋅
Elastic
⋅
Elastic users protected from SUDDENICON’s supply chain attack 3CX Backdoor |
| 2023-03-27
⋅
Elastic
⋅
REF2924: how to maintain persistence as an (advanced?) threat Godzilla Webshell Behinder NAPLISTENER SiestaGraph REF2924 |
| 2023-03-20
⋅
Elastic
⋅
NAPLISTENER: more bad dreams from developers of SIESTAGRAPH NAPLISTENER SiestaGraph |
| 2023-03-17
⋅
Elastic
⋅
Thawing the permafrost of ICEDID Summary IcedID PhotoLoader |
| 2023-02-02
⋅
Elastic
⋅
Update to the REF2924 intrusion set and related campaigns DoorMe ShadowPad SiestaGraph |
| 2022-12-16
⋅
Elastic
⋅
SiestaGraph: New implant uncovered in ASEAN member foreign ministry DoorMe SiestaGraph |