Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-24ElasticSalim Bitam, Daniel Stepanic
@online{bitam:20230824:revisting:87dde30, author = {Salim Bitam and Daniel Stepanic}, title = {{Revisting BLISTER: New development of the BLISTER loader}}, date = {2023-08-24}, organization = {Elastic}, url = {https://security-labs.elastic.co/security-labs/revisiting-blister-new-developments-of-the-blister-loader}, language = {English}, urldate = {2023-08-28} } Revisting BLISTER: New development of the BLISTER loader
Blister
2023-08-24ElasticSalim Bitam, Daniel Stepanic
@online{bitam:20230824:revisting:2a2c2e3, author = {Salim Bitam and Daniel Stepanic}, title = {{Revisting BLISTER: New development of the BLISTER loader}}, date = {2023-08-24}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/revisiting-blister-new-developments-of-the-blister-loader}, language = {English}, urldate = {2023-09-06} } Revisting BLISTER: New development of the BLISTER loader
Blister
2023-06-29ElasticColson Wilhoit, Salim Bitam, Seth Goodwin, Andrew Pease, Ricardo Ungureanu
@online{wilhoit:20230629:dprk:e7dd437, author = {Colson Wilhoit and Salim Bitam and Seth Goodwin and Andrew Pease and Ricardo Ungureanu}, title = {{The DPRK strikes using a new variant of RUSTBUCKET}}, date = {2023-06-29}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket}, language = {English}, urldate = {2023-07-02} } The DPRK strikes using a new variant of RUSTBUCKET
RustBucket
2023-06-21ElasticColson Wilhoit, Salim Bitam, Seth Goodwin, Andrew Pease, Ricardo Ungureanu
@online{wilhoit:20230621:initial:4eacdf5, author = {Colson Wilhoit and Salim Bitam and Seth Goodwin and Andrew Pease and Ricardo Ungureanu}, title = {{Initial research exposing JOKERSPY}}, date = {2023-06-21}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/inital-research-of-jokerspy}, language = {English}, urldate = {2023-07-11} } Initial research exposing JOKERSPY
JokerSpy
2023-06-09ElasticCyril François, Daniel Stepanic, Seth Goodwin
@online{franois:20230609:elastic:42d37cb, author = {Cyril François and Daniel Stepanic and Seth Goodwin}, title = {{Elastic charms SPECTRALVIPER}}, date = {2023-06-09}, organization = {Elastic}, url = {https://www.elastic.co/fr/security-labs/elastic-charms-spectralviper}, language = {English}, urldate = {2023-07-26} } Elastic charms SPECTRALVIPER
SPECTRALVIPER
2023-06-09ElasticCyril François, Daniel Stepanic, Seth Goodwin
@online{franois:20230609:elastic:910c520, author = {Cyril François and Daniel Stepanic and Seth Goodwin}, title = {{Elastic charms SPECTRALVIPER}}, date = {2023-06-09}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/elastic-charms-spectralviper}, language = {English}, urldate = {2023-07-26} } Elastic charms SPECTRALVIPER
2023-05-04ElasticCyril François
@online{franois:20230504:unpacking:7f892ff, author = {Cyril François}, title = {{Unpacking ICEDID}}, date = {2023-05-04}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/unpacking-icedid}, language = {English}, urldate = {2023-05-05} } Unpacking ICEDID
IcedID PhotoLoader
2023-04-25ElasticDaniel Stepanic
@online{stepanic:20230425:elastic:ba5ce00, author = {Daniel Stepanic}, title = {{Elastic Security Labs discovers the LOBSHOT malware}}, date = {2023-04-25}, organization = {Elastic}, url = {https://www.elastic.co/de/security-labs/elastic-security-labs-discovers-lobshot-malware}, language = {English}, urldate = {2023-04-26} } Elastic Security Labs discovers the LOBSHOT malware
LOBSHOT
2023-04-07ElasticSalim Bitam
@online{bitam:20230407:attack:aed6a32, author = {Salim Bitam}, title = {{Attack chain leads to XWORM and AGENTTESLA}}, date = {2023-04-07}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla}, language = {English}, urldate = {2023-05-08} } Attack chain leads to XWORM and AGENTTESLA
Agent Tesla XWorm
2023-03-30ElasticDaniel Stepanic, Remco Sprooten, Joe Desimone, Samir Bousseaden, Devon Kerr
@online{stepanic:20230330:elastic:8671074, author = {Daniel Stepanic and Remco Sprooten and Joe Desimone and Samir Bousseaden and Devon Kerr}, title = {{Elastic users protected from SUDDENICON’s supply chain attack}}, date = {2023-03-30}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack}, language = {English}, urldate = {2023-04-02} } Elastic users protected from SUDDENICON’s supply chain attack
3CX Backdoor
2023-03-20ElasticRemco Sprooten
@online{sprooten:20230320:naplistener:5207e95, author = {Remco Sprooten}, title = {{NAPLISTENER: more bad dreams from developers of SIESTAGRAPH}}, date = {2023-03-20}, organization = {Elastic}, url = {https://www.elastic.co/de/security-labs/naplistener-more-bad-dreams-from-the-developers-of-siestagraph}, language = {English}, urldate = {2023-03-21} } NAPLISTENER: more bad dreams from developers of SIESTAGRAPH
NAPLISTENER SiestaGraph
2023-03-17ElasticCyril François, Daniel Stepanic
@online{franois:20230317:thawing:b8065d4, author = {Cyril François and Daniel Stepanic}, title = {{Thawing the permafrost of ICEDID Summary}}, date = {2023-03-17}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary}, language = {English}, urldate = {2023-03-20} } Thawing the permafrost of ICEDID Summary
IcedID PhotoLoader
2023-02-02ElasticSalim Bitam, Remco Sprooten, Cyril François, Andrew Pease, Devon Kerr, Seth Goodwin
@online{bitam:20230202:update:57ea3a2, author = {Salim Bitam and Remco Sprooten and Cyril François and Andrew Pease and Devon Kerr and Seth Goodwin}, title = {{Update to the REF2924 intrusion set and related campaigns}}, date = {2023-02-02}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns}, language = {English}, urldate = {2023-03-21} } Update to the REF2924 intrusion set and related campaigns
DoorMe ShadowPad SiestaGraph
2022-12-16ElasticSamir Bousseaden, Andrew Pease, Daniel Stepanic, Salim Bitam, Seth Goodwin, Devon Kerr
@online{bousseaden:20221216:siestagraph:bb73ce7, author = {Samir Bousseaden and Andrew Pease and Daniel Stepanic and Salim Bitam and Seth Goodwin and Devon Kerr}, title = {{SiestaGraph: New implant uncovered in ASEAN member foreign ministry}}, date = {2022-12-16}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry}, language = {English}, urldate = {2022-12-19} } SiestaGraph: New implant uncovered in ASEAN member foreign ministry
DoorMe SiestaGraph
2022-10-31ElasticSeth Goodwin, Derek Ditch, Daniel Stepanic, Andrew Pease
@online{goodwin:20221031:icedids:df089be, author = {Seth Goodwin and Derek Ditch and Daniel Stepanic and Andrew Pease}, title = {{ICEDIDs network infrastructure is alive and well}}, date = {2022-10-31}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/icedids-network-infrastructure-is-alive-and-well}, language = {English}, urldate = {2022-11-02} } ICEDIDs network infrastructure is alive and well
IcedID
2022-10-28Elastic@rsprooten, Elastic Security Intelligence & Analytics Team
@online{rsprooten:20221028:emotet:ffabd03, author = {@rsprooten and Elastic Security Intelligence & Analytics Team}, title = {{EMOTET dynamic config extraction}}, date = {2022-10-28}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction}, language = {English}, urldate = {2022-10-30} } EMOTET dynamic config extraction
Emotet
2022-09-09ElasticSalim Bitam
@online{bitam:20220909:bughatch:438e7ac, author = {Salim Bitam}, title = {{BUGHATCH Malware Analysis}}, date = {2022-09-09}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/bughatch-malware-analysis}, language = {English}, urldate = {2022-09-13} } BUGHATCH Malware Analysis
BUGHATCH
2022-08-24ElasticCyril François
@online{franois:20220824:qbot:152ef8d, author = {Cyril François}, title = {{QBOT Malware Analysis}}, date = {2022-08-24}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-malware-analysis}, language = {English}, urldate = {2022-08-30} } QBOT Malware Analysis
QakBot
2022-07-27ElasticCyril François, Derek Ditch
@online{franois:20220727:qbot:82146d1, author = {Cyril François and Derek Ditch}, title = {{QBOT Configuration Extractor}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/qbot-configuration-extractor}, language = {English}, urldate = {2022-08-05} } QBOT Configuration Extractor
QakBot
2022-07-27ElasticCyril François, Andrew Pease, Seth Goodwin
@online{franois:20220727:exploring:67dc644, author = {Cyril François and Andrew Pease and Seth Goodwin}, title = {{Exploring the QBOT Attack Pattern}}, date = {2022-07-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern}, language = {English}, urldate = {2022-08-05} } Exploring the QBOT Attack Pattern
QakBot