Security Labs

Elastic 的 2022 年全球威胁报告：应对当今日益扩大的威胁环境的路线图

像《2022 年 Elastic 全球威胁报告》这样的威胁情报资源，对于帮助团队评估他们在识别和防范网络安全威胁方面的组织可见性、能力和专业知识而言至关重要。

作者

Mandy Andress

2022年11月15日

Security Research

See all

NETWIRE Dynamic Configuration Extraction

Elastic Security Labs discusses the NETWIRE trojan and is releasing a tool to dynamically extract configuration files.

作者

Seth Goodwin

Salim Bitam

2023年2月1日

Finding Truth in the Shadows

Let's discuss three benefits that Hardware Stack Protections brings beyond the intended exploit mitigation capability, and explain some limitations.

作者

Gabriel Landau

2023年1月26日

Get-InjectedThreadEx – Detecting Thread Creation Trampolines

In this blog, we will demonstrate how to detect each of four classes of process trampolining and release an updated PowerShell detection script – Get-InjectedThreadEx

作者

John Uhlmann

2022年11月28日

Malware Analysis

See all

Exploring the REF2731 Intrusion Set

The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.

作者

Salim Bitam

Daniel Stepanic

BUGHATCH Malware Analysis

Elastic Security has performed a deep technical analysis of the BUGHATCH malware. This includes capabilities as well as defensive countermeasures.

作者

Salim Bitam

QBOT Malware Analysis

Elastic Security Labs releases a QBOT malware analysis report covering the execution chain. From this research, the team has produced a YARA rule, configuration-extractor, and indicators of compromises (IOCs).

作者

Cyril François

CUBA Ransomware Malware Analysis

Elastic Security has performed a deep technical analysis of the CUBA ransomware family. This includes malware capabilities as well as defensive countermeasures.

作者

Salim Bitam

Campaign

See all

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

作者

Daniel Stepanic

Derek Ditch

2022年6月1日

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

作者

Daniel Stepanic

Derek Ditch

2022年3月7日

Operation Bleeding Bear

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

作者

Daniel Stepanic

James Spiteri

2022年1月19日

Groups & Tactics

See all in Groups & Tactics

Exploring the QBOT Attack Pattern

In this research publication, we'll explore our analysis of the QBOT attack pattern — a full-featured and prolific malware family.

作者

Cyril François

Seth Goodwin

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

作者

Jake King

Playing defense against Gamaredon Group

Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.

作者

Daniel Stepanic

Andrew Pease

Elastic Security Labs

Elastic Security Labs pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

Learn more

企业搜索

可观测性

安全性

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.6 版重磅发布

升级 Elastic Stack

文档

ElasticON 2021 年全球用户大会

招聘中

Elastic 的力量

改善数字客户体验

不断发展的 DevOps 生命周期

安全不设限

公共领域

金融服务

电信

医疗保健

技术

零售和电子商务

媒体与娱乐

制造和汽车

利用可观测性

企业搜索

可观测性

安全性

开始使用

支持

联系我们

捷豹路虎

民生银行

联想集团

文档

博客

培训

活动

社区

咨询

通过 Elastic 企业搜索实现量化的成功

Elasticsearch 入门

可观测性工程师培训

关于我们

招贤纳士

新闻稿

合作伙伴

投资者关系

Elastic 卓越奖

为何说现在将关键数据库迁移到云正当时

企业搜索

可观测性

安全性

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.6 版重磅发布

升级 Elastic Stack

文档

ElasticON 2021 年全球用户大会

招聘中

Elastic 的力量

改善数字客户体验

不断发展的 DevOps 生命周期

安全不设限

公共领域

金融服务

电信

医疗保健

技术

零售和电子商务

媒体与娱乐

制造和汽车

企业搜索

可观测性

安全性

开始使用

支持

联系我们

捷豹路虎

民生银行

联想集团

文档