Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-02-13ElasticCyril François, Daniel Stepanic, Jia Yu Chan, Salim Bitam
You've Got Malware: FINALDRAFT Hides in Your Drafts
FINALDRAFT FINALDRAFT PATHLOADER
2024-12-12ElasticDaniel Stepanic, Elastic Security Labs, Jia Yu Chan, Salim Bitam, Seth Goodwin
Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite
Gosar Quasar RAT SADBRIDGE
2024-10-03GitHub (dstepanic)Daniel Stepanic
Getting Cozy with Milk and WARMCOOKIES
WarmCookie
2024-08-01ElasticDaniel Stepanic, Seth Goodwin
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor
BITSloth
2024-06-12ElasticDaniel Stepanic
Dipping into Danger: The WARMCOOKIE backdoor
WarmCookie
2024-05-16ElasticDaniel Stepanic, Samir Bousseaden
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
IcedID Latrodectus
2024-02-23ElasticDaniel Stepanic, Salim Bitam
PIKABOT, I choose you!
Pikabot
2023-12-06ElasticDaniel Stepanic
Getting gooey with GULOADER: deobfuscating the downloader
CloudEyE
2023-10-03ElasticAndrew Pease, Cyril François, Daniel Stepanic, Salim Bitam, Seth Goodwin
Introducing the REF5961 intrusion set (RUDEBIRD, DOWNTOWN, and EAGERBEE)
EagerBee SManager REF2924 REF5961
2023-08-24ElasticDaniel Stepanic, Salim Bitam
Revisting BLISTER: New development of the BLISTER loader
Blister
2023-08-24ElasticDaniel Stepanic, Salim Bitam
Revisting BLISTER: New development of the BLISTER loader
Blister
2023-06-09ElasticCyril François, Daniel Stepanic, Seth Goodwin
Elastic charms SPECTRALVIPER
2023-06-09ElasticCyril François, Daniel Stepanic, Seth Goodwin
Elastic charms SPECTRALVIPER
SPECTRALVIPER
2023-04-25ElasticDaniel Stepanic
Elastic Security Labs discovers the LOBSHOT malware
LOBSHOT
2023-03-30ElasticDaniel Stepanic, Devon Kerr, Joe Desimone, Remco Sprooten, Samir Bousseaden
Elastic users protected from SUDDENICON’s supply chain attack
3CX Backdoor
2023-03-17ElasticCyril François, Daniel Stepanic
Thawing the permafrost of ICEDID Summary
IcedID PhotoLoader
2022-12-16ElasticAndrew Pease, Daniel Stepanic, Devon Kerr, Salim Bitam, Samir Bousseaden, Seth Goodwin
SiestaGraph: New implant uncovered in ASEAN member foreign ministry
DoorMe SiestaGraph
2022-10-31ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
ICEDIDs network infrastructure is alive and well
IcedID
2022-06-01ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Salim Bitam, Seth Goodwin
CUBA Ransomware Campaign Analysis
Cobalt Strike Cuba Meterpreter MimiKatz SystemBC
2022-05-05ElasticCyril François, Daniel Stepanic, Salim Bitam
BLISTER Loader
Blister
2022-03-07ElasticAndrew Pease, Cyril François, Daniel Stepanic, Derek Ditch, Github (@1337-42), Joe Desimone, Samir Bousseaden
PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-03-01ElasticAndrew Pease, Cyril François, Daniel Stepanic, Github (@1337-42), Github (@ayfaouzi), Github (@jtnk), Mark Mager, Samir Bousseaden
Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER
HermeticWiper
2022-01-19ElasticAndrew Pease, Daniel Stepanic, James Spiteri, Joe Desimone, Mark Mager
Operation Bleeding Bear
WhisperGate
2022-01-19ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
Extracting Cobalt Strike Beacon Configurations
Cobalt Strike
2022-01-19ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
Collecting Cobalt Strike Beacons with the Elastic Stack
Cobalt Strike
2022-01-19ElasticAndrew Pease, Daniel Stepanic, James Spiteri, Joe Desimone, Mark Mager, Samir Bousseaden
Operation Bleeding Bear
WhisperGate
2022-01-18ElasticAndrew Pease, Daniel Stepanic, Derek Ditch, Seth Goodwin
FORMBOOK Adopts CAB-less Approach
Formbook
2021-03-11ElasticDaniel Stepanic
Update - Detection and Response for HAFNIUM Activity
2020-06-25ElasticDaniel Stepanic, Samir Bousseaden
A close look at the advanced techniques used in a Malaysian-focused APT campaign
DADSTACHE APT40
2020-02-13ElasticAndrew Pease, Daniel Stepanic, Seth Goodwin
Playing defense against Gamaredon Group
Pteranodon