Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-31ElasticAndrew Pease, Colson Wilhoit, Ricardo Ungureanu, Seth Goodwin
Elastic catches DPRK passing out KANDYKORN
HLOADER KANDYKORN SUGARLOADER
2023-10-03ElasticAndrew Pease, Cyril François, Daniel Stepanic, Salim Bitam, Seth Goodwin
Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE)
EagerBee SManager REF2924 REF5961
2023-06-29ElasticAndrew Pease, Colson Wilhoit, Ricardo Ungureanu, Salim Bitam, Seth Goodwin
The DPRK strikes using a new variant of RUSTBUCKET
RustBucket
2023-06-21ElasticAndrew Pease, Colson Wilhoit, Ricardo Ungureanu, Salim Bitam, Seth Goodwin
Initial research exposing JOKERSPY
JokerSpy
2023-02-02ElasticAndrew Pease, Cyril François, Devon Kerr, Remco Sprooten, Salim Bitam, Seth Goodwin
Update to the REF2924 intrusion set and related campaigns
DoorMe ShadowPad SiestaGraph
2022-12-16ElasticAndrew Pease, Daniel Stepanic, Devon Kerr, Salim Bitam, Samir Bousseaden, Seth Goodwin
SiestaGraph: New implant uncovered in ASEAN member foreign ministry
DoorMe SiestaGraph
2022-10-31ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
ICEDIDs network infrastructure is alive and well
IcedID
2022-07-27ElasticAndrew Pease, Cyril François, Seth Goodwin
Exploring the QBOT Attack Pattern
QakBot
2022-06-01ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Salim Bitam, Seth Goodwin
CUBA Ransomware Campaign Analysis
Cobalt Strike Cuba Meterpreter MimiKatz SystemBC
2022-03-07ElasticAndrew Pease, Cyril François, Daniel Stepanic, Derek Ditch, Github (@1337-42), Joe Desimone, Samir Bousseaden
PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-03-01ElasticAndrew Pease, Cyril François, Daniel Stepanic, Github (@1337-42), Github (@ayfaouzi), Github (@jtnk), Mark Mager, Samir Bousseaden
Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER
HermeticWiper
2022-01-19ElasticAndrew Pease, Daniel Stepanic, James Spiteri, Joe Desimone, Mark Mager
Operation Bleeding Bear
WhisperGate
2022-01-19ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
Extracting Cobalt Strike Beacon Configurations
Cobalt Strike
2022-01-19ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
Collecting Cobalt Strike Beacons with the Elastic Stack
Cobalt Strike
2022-01-19ElasticAndrew Pease, Daniel Stepanic, James Spiteri, Joe Desimone, Mark Mager, Samir Bousseaden
Operation Bleeding Bear
WhisperGate
2022-01-18ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
FORMBOOK Adopts CAB-less Approach
Formbook
2020-02-13ElasticAndrew Pease, Daniel Stepanic, Seth Goodwin
Playing defense against Gamaredon Group
Pteranodon