Articles by Elastic Security Intelligence & Analytics Team

In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment, with insights on how evasion occurs within impacted systems.

The Elastic Security Research Team released a detailed report outlining technical details regarding the BLISTER launcher, a sophisticated malware campaign.

In this post, we detail a series of tactics for hunting with new data types and fields within Elastic and how to leverage Elastic Security to its fullest potential.

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector. Learn more.

Elastic Security verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.

Elastic Security перевірила зловмисне програмне забезпечення для стирання даних, яке спрямоване на українські системи. Оскільки ця кампанія є новим явищем і ми щогодини дізнаємося щось нове, її називають HERMETICWIPER.

The Elastic Security Research team has identified new detection strategies to overcome the bypass methodologies used by adversaries to silently deploy malware onto an endpoint and elevate privileges without the end-user knowing.

Explore the MSHTML exploitation chain from phishing through the loading of a popular information stealer, FORMBOOK. Additionally, we’ll uncover campaign testing infrastructure through a tradecraft oversight.

We explore using Elastic to extract Cobalt Strike beacon payloads from memory and use open source tools to analyze and group threat activity clusters.