Author

Articles by Andrew Pease

Elastic Security Labs Technology Lead, Elastic

Andrew Pease is the Elastic Security Labs Technology Lead. His team focuses on analyzing strategic, operational, and tactical threats. He was also the CEO and CIO of Perched, a professional services provider focusing on security consulting and training. Perched joined forces with Elastic in August 2019.

Andrew specializes in the People’s Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK) economic espionage, intelligence, and counter-intelligence programs.

Andrew is the creator and maintainer of the Elastic Container Project.

Additionally, Andrew was a member of the Missouri Cyber Team (MOCYBER) within the Missouri National Guard. His team has developed techniques and methodologies for performing cyber hunting operations within Federal, State, and private industries. MOCYBER architected, engineered, and operationalized its own hunting platform known as ROCK (rocknsm.io) as well as its standalone operations technology stack, CAPES (capesstack.io). He retired from the Army National Guard after 20+ years as a Chief Warrant Officer Four, in 2021.

Videos

The DPRK strikes using a new variant of RUSTBUCKET

Watch out! We’ve recently discovered a variant of RUSTBUCKET. Read this article to understand the new capabilities we’ve observed, as well as how to identify it in your own network.

By
Salim Bitam
Ricardo Ungureanu
...
Videos

Initial research exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

By
Colson Wilhoit
Salim Bitam
...
Videos

Elastic Security Labs is providing an update to the REF2924 research published in December of 2022. This update includes malware analysis of the implants, additional findings, and associations with other intrusions.

By
Salim Bitam
Remco Sprooten
...
Videos

SiestaGraph: New implant uncovered in ASEAN member foreign ministry

Elastic Security Labs is tracking likely multiple on-net threat actors leveraging Exchange exploits, web shells, and the newly discovered SiestaGraph implant to achieve and maintain access, escalate privilege, and exfiltrate targeted data.

By
Samir Bousseaden
Andrew Pease
...
Videos

Doing time with the YIPPHB dropper

Elastic Security Labs outlines the steps collect and analyze the various stages of the REF4526 intrusion set. This intrusion set uses a creative approach of Unicode icons in Powershell scripts to install a loader, a dropper, and RAT implants.

By
Seth Goodwin
Derek Ditch
...
Videos

ICEDIDs network infrastructure is alive and well

Elastic Security Labs details the use of open source data collection and the Elastic Stack to analyze the ICEDID botnet C2 infrastructure.

By
Daniel Stepanic
Seth Goodwin
...
Videos

Exploring the REF2731 Intrusion Set

The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.

By
Salim Bitam
Daniel Stepanic
...
Videos

LUNA Ransomware Attack Pattern Analysis

In this research publication, we'll explore the LUNA attack pattern — a cross-platform ransomware variant.

By
Salim Bitam
Seth Goodwin
...
Videos

The Elastic Container Project for Security Research

The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

By
Andrew Pease
Colson Wilhoit
...

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial