Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-31ElasticSeth Goodwin, Derek Ditch, Daniel Stepanic, Andrew Pease
@online{goodwin:20221031:icedids:df089be, author = {Seth Goodwin and Derek Ditch and Daniel Stepanic and Andrew Pease}, title = {{ICEDIDs network infrastructure is alive and well}}, date = {2022-10-31}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/icedids-network-infrastructure-is-alive-and-well}, language = {English}, urldate = {2022-11-02} } ICEDIDs network infrastructure is alive and well
IcedID
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
@online{rsprooten:20221028:emotet:ffabd03, author = {@rsprooten and Elastic Security Intelligence & Analytics Team}, title = {{EMOTET dynamic config extraction}}, date = {2022-10-28}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction}, language = {English}, urldate = {2022-10-30} } EMOTET dynamic config extraction
Emotet
2022-09-09ElasticSalim Bitam
@online{bitam:20220909:bughatch:438e7ac, author = {Salim Bitam}, title = {{BUGHATCH Malware Analysis}}, date = {2022-09-09}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/bughatch-malware-analysis}, language = {English}, urldate = {2022-09-13} } BUGHATCH Malware Analysis
BUGHATCH
2022-08-24ElasticCyril François
@online{franois:20220824:qbot:152ef8d, author = {Cyril François}, title = {{QBOT Malware Analysis}}, date = {2022-08-24}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-malware-analysis}, language = {English}, urldate = {2022-08-30} } QBOT Malware Analysis
QakBot
2022-07-27ElasticCyril François, Derek Ditch
@online{franois:20220727:qbot:82146d1, author = {Cyril François and Derek Ditch}, title = {{QBOT Configuration Extractor}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-configuration-extractor}, language = {English}, urldate = {2022-08-05} } QBOT Configuration Extractor
QakBot
2022-07-27ElasticCyril François, Andrew Pease, Seth Goodwin
@online{franois:20220727:exploring:67dc644, author = {Cyril François and Andrew Pease and Seth Goodwin}, title = {{Exploring the QBOT Attack Pattern}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern}, language = {English}, urldate = {2022-08-05} } Exploring the QBOT Attack Pattern
QakBot
2022-06-01ElasticSalim Bitam
@online{bitam:20220601:cuba:040c34a, author = {Salim Bitam}, title = {{CUBA Ransomware Malware Analysis}}, date = {2022-06-01}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/cuba-ransomware-malware-analysis}, language = {English}, urldate = {2022-06-09} } CUBA Ransomware Malware Analysis
Cuba
2022-06-01ElasticDaniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease
@online{stepanic:20220601:cuba:333f7c1, author = {Daniel Stepanic and Derek Ditch and Seth Goodwin and Salim Bitam and Andrew Pease}, title = {{CUBA Ransomware Campaign Analysis}}, date = {2022-06-01}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis}, language = {English}, urldate = {2022-06-09} } CUBA Ransomware Campaign Analysis
Cobalt Strike Cuba Meterpreter MimiKatz SystemBC
2022-05-17ElasticColson Wilhoit, Alex Bell, Rhys Rustad-Elliott, Jake King
@online{wilhoit:20220517:peek:fea1eeb, author = {Colson Wilhoit and Alex Bell and Rhys Rustad-Elliott and Jake King}, title = {{A peek behind the BPFDoor}}, date = {2022-05-17}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/05/04.bpfdoor/article/#}, language = {English}, urldate = {2022-05-25} } A peek behind the BPFDoor
BPFDoor
2022-05-05ElasticCyril François, Daniel Stepanic, Salim Bitam
@online{franois:20220505:blister:9404a29, author = {Cyril François and Daniel Stepanic and Salim Bitam}, title = {{BLISTER Loader}}, date = {2022-05-05}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/05/02.blister/article/}, language = {English}, urldate = {2022-05-09} } BLISTER Loader
Blister
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-03-01ElasticDaniel Stepanic, Mark Mager, Cyril François, Andrew Pease, Samir Bousseaden, Github (@ayfaouzi), Github (@1337-42), Github (@jtnk)
@online{stepanic:20220301:elastic:85313fa, author = {Daniel Stepanic and Mark Mager and Cyril François and Andrew Pease and Samir Bousseaden and Github (@ayfaouzi) and Github (@1337-42) and Github (@jtnk)}, title = {{Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER}}, date = {2022-03-01}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/01.hermeticwiper-targets-ukraine/article/}, language = {English}, urldate = {2022-03-07} } Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER
HermeticWiper
2022-02-07ElasticSamir Bousseaden
@online{bousseaden:20220207:exploring:c0df09d, author = {Samir Bousseaden}, title = {{Exploring Windows UAC Bypasses: Techniques and Detection Strategies}}, date = {2022-02-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/}, language = {English}, urldate = {2022-03-07} } Exploring Windows UAC Bypasses: Techniques and Detection Strategies
2022-02-02ElasticGabriel Landau
@online{landau:20220202:sandboxing:31d023c, author = {Gabriel Landau}, title = {{Sandboxing Antimalware Products for Fun and Profit}}, date = {2022-02-02}, organization = {Elastic}, url = {https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/}, language = {English}, urldate = {2022-03-07} } Sandboxing Antimalware Products for Fun and Profit
2022-01-19ElasticDaniel Stepanic, Samir Bousseaden, James Spiteri, Joe Desimone, Mark Mager, Andrew Pease
@online{stepanic:20220119:operation:c81f473, author = {Daniel Stepanic and Samir Bousseaden and James Spiteri and Joe Desimone and Mark Mager and Andrew Pease}, title = {{Operation Bleeding Bear}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/}, language = {English}, urldate = {2022-01-24} } Operation Bleeding Bear
WhisperGate
2022-01-19ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220119:extracting:39bd5e5, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Extracting Cobalt Strike Beacon Configurations}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/03.extracting-cobalt-strike-beacon/article/}, language = {English}, urldate = {2022-01-25} } Extracting Cobalt Strike Beacon Configurations
Cobalt Strike
2022-01-19ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220119:collecting:696e5d0, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Collecting Cobalt Strike Beacons with the Elastic Stack}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/02.collecting-cobalt-strike-beacons/article/}, language = {English}, urldate = {2022-01-25} } Collecting Cobalt Strike Beacons with the Elastic Stack
Cobalt Strike
2022-01-18ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220118:formbook:3f03c56, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{FORMBOOK Adopts CAB-less Approach}}, date = {2022-01-18}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/01.formbook-adopts-cabless-approach/article/}, language = {English}, urldate = {2022-01-25} } FORMBOOK Adopts CAB-less Approach
Formbook
2021-12-23ElasticJoe Desimone, Samir Bousseaden
@online{desimone:20211223:elastic:0e1caf7, author = {Joe Desimone and Samir Bousseaden}, title = {{Elastic Security uncovers BLISTER malware campaign}}, date = {2021-12-23}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign}, language = {English}, urldate = {2021-12-23} } Elastic Security uncovers BLISTER malware campaign
Blister
2021-10-12ElasticElastic Security Intelligence & Analytics Team
@online{team:20211012:going:5ac7c9d, author = {Elastic Security Intelligence & Analytics Team}, title = {{Going Coast to Coast - Climbing the Pyramid with the Deimos Implant}}, date = {2021-10-12}, organization = {Elastic}, url = {https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant}, language = {English}, urldate = {2021-10-26} } Going Coast to Coast - Climbing the Pyramid with the Deimos Implant
Deimos