Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-10-13ElasticCyril François
@online{franois:20231013:disclosing:d78b876, author = {Cyril François}, title = {{Disclosing the BLOODALCHEMY backdoor}}, date = {2023-10-13}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor}, language = {English}, urldate = {2023-11-14} } Disclosing the BLOODALCHEMY backdoor
win.trojan.bloodalchemy REF5961
2023-10-03ElasticDaniel Stepanic, Salim Bitam, Cyril François, Seth Goodwin, Andrew Pease
@online{stepanic:20231003:introducing:2d9f236, author = {Daniel Stepanic and Salim Bitam and Cyril François and Seth Goodwin and Andrew Pease}, title = {{Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE)}}, date = {2023-10-03}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set}, language = {English}, urldate = {2023-10-07} } Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE)
EagerBee SManager REF2924 REF5961
2023-06-09ElasticCyril François, Daniel Stepanic, Seth Goodwin
@online{franois:20230609:elastic:42d37cb, author = {Cyril François and Daniel Stepanic and Seth Goodwin}, title = {{Elastic charms SPECTRALVIPER}}, date = {2023-06-09}, organization = {Elastic}, url = {https://www.elastic.co/fr/security-labs/elastic-charms-spectralviper}, language = {English}, urldate = {2023-07-26} } Elastic charms SPECTRALVIPER
SPECTRALVIPER
2023-06-09ElasticCyril François, Daniel Stepanic, Seth Goodwin
@online{franois:20230609:elastic:910c520, author = {Cyril François and Daniel Stepanic and Seth Goodwin}, title = {{Elastic charms SPECTRALVIPER}}, date = {2023-06-09}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/elastic-charms-spectralviper}, language = {English}, urldate = {2023-07-26} } Elastic charms SPECTRALVIPER
2023-05-04ElasticCyril François
@online{franois:20230504:unpacking:7f892ff, author = {Cyril François}, title = {{Unpacking ICEDID}}, date = {2023-05-04}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/unpacking-icedid}, language = {English}, urldate = {2023-05-05} } Unpacking ICEDID
IcedID PhotoLoader
2023-03-17ElasticCyril François, Daniel Stepanic
@online{franois:20230317:thawing:b8065d4, author = {Cyril François and Daniel Stepanic}, title = {{Thawing the permafrost of ICEDID Summary}}, date = {2023-03-17}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary}, language = {English}, urldate = {2023-03-20} } Thawing the permafrost of ICEDID Summary
IcedID PhotoLoader
2023-02-02ElasticSalim Bitam, Remco Sprooten, Cyril François, Andrew Pease, Devon Kerr, Seth Goodwin
@online{bitam:20230202:update:57ea3a2, author = {Salim Bitam and Remco Sprooten and Cyril François and Andrew Pease and Devon Kerr and Seth Goodwin}, title = {{Update to the REF2924 intrusion set and related campaigns}}, date = {2023-02-02}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns}, language = {English}, urldate = {2023-03-21} } Update to the REF2924 intrusion set and related campaigns
DoorMe ShadowPad SiestaGraph
2022-08-24ElasticCyril François
@online{franois:20220824:qbot:152ef8d, author = {Cyril François}, title = {{QBOT Malware Analysis}}, date = {2022-08-24}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-malware-analysis}, language = {English}, urldate = {2022-08-30} } QBOT Malware Analysis
QakBot
2022-07-27ElasticCyril François, Andrew Pease, Seth Goodwin
@online{franois:20220727:exploring:67dc644, author = {Cyril François and Andrew Pease and Seth Goodwin}, title = {{Exploring the QBOT Attack Pattern}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern}, language = {English}, urldate = {2022-08-05} } Exploring the QBOT Attack Pattern
QakBot
2022-07-27ElasticCyril François, Derek Ditch
@online{franois:20220727:qbot:82146d1, author = {Cyril François and Derek Ditch}, title = {{QBOT Configuration Extractor}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-configuration-extractor}, language = {English}, urldate = {2022-08-05} } QBOT Configuration Extractor
QakBot
2022-05-05ElasticCyril François, Daniel Stepanic, Salim Bitam
@online{franois:20220505:blister:9404a29, author = {Cyril François and Daniel Stepanic and Salim Bitam}, title = {{BLISTER Loader}}, date = {2022-05-05}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/05/02.blister/article/}, language = {English}, urldate = {2022-05-09} } BLISTER Loader
Blister
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-03-01ElasticDaniel Stepanic, Mark Mager, Cyril François, Andrew Pease, Samir Bousseaden, Github (@ayfaouzi), Github (@1337-42), Github (@jtnk)
@online{stepanic:20220301:elastic:85313fa, author = {Daniel Stepanic and Mark Mager and Cyril François and Andrew Pease and Samir Bousseaden and Github (@ayfaouzi) and Github (@1337-42) and Github (@jtnk)}, title = {{Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER}}, date = {2022-03-01}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/01.hermeticwiper-targets-ukraine/article/}, language = {English}, urldate = {2022-03-07} } Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER
HermeticWiper