Security Labs

Elastic 的 2022 年全球威胁报告：应对当今日益扩大的威胁环境的路线图

像《2022 年 Elastic 全球威胁报告》这样的威胁情报资源，对于帮助团队评估他们在识别和防范网络安全威胁方面的组织可见性、能力和专业知识而言至关重要。

作者

2022年11月15日

Security Research

See all

Exploring the Future of Security with ChatGPT

Recently, OpenAI announced APIs for engineers to integrate ChatGPT and Whisper models into their apps and products. For some time, engineers could use the REST API calls for older models and otherwise use the ChatGPT interface through their website.

作者

Mika Ayenson

Hunting for Suspicious Windows Libraries for Execution and Defense Evasion

Learn more about discovering threats by hunting through DLL load events, one way to reveal the presence of known and unknown malware in noisy process event data.

作者

Samir Bousseaden

2023年2月7日

NETWIRE Dynamic Configuration Extraction

Elastic Security Labs discusses the NETWIRE trojan and is releasing a tool to dynamically extract configuration files.

作者

Seth Goodwin

Salim Bitam

2023年2月1日

Malware Analysis

See all

Not sleeping anymore: SOMNIRECORD's wake-up call

Elastic Security Labs researchers identified a new malware family written in C++ that we refer to as SOMNIRECORD. This malware functions as a backdoor and communicates with command and control (C2) while masquerading as DNS.

作者

Salim Bitam

NAPLISTENER: more bad dreams from developers of SIESTAGRAPH

Elastic Security Labs observes that the threat behind SIESTAGRAPH has shifted priorities from data theft to persistent access, deploying new malware like NAPLISTENER to evade detection.

作者

Remco Sprooten

Thawing the permafrost of ICEDID Summary

Elastic Security Labs analyzed a recent ICEDID variant consisting of a loader and bot payload. By providing this research to the community end-to-end, we hope to raise awareness of the ICEDID execution chain, capabilities, and design.

作者

Cyril François

Daniel Stepanic

Twice around the dance floor - Elastic discovers the PIPEDANCE backdoor

Elastic Security Labs is tracking an active intrusion into a Vietnamese organization using a recently discovered triggerable, multi-hop backdoor we are calling PIPEDANCE. This full-featured malware enables stealthy operations through the use of named

作者

Daniel Stepanic

Campaign

See all

Exploring the REF2731 Intrusion Set

The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.

作者

Salim Bitam

Daniel Stepanic

2022年9月30日

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

作者

Daniel Stepanic

Derek Ditch

2022年6月1日

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

作者

Daniel Stepanic

Derek Ditch

2022年3月7日

Groups & Tactics

See all in Groups & Tactics

Exploring the QBOT Attack Pattern

In this research publication, we'll explore our analysis of the QBOT attack pattern — a full-featured and prolific malware family.

作者

Cyril François

Seth Goodwin

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

作者

Jake King

Playing defense against Gamaredon Group

Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.

作者

Daniel Stepanic

Andrew Pease

Elastic Security Labs

Elastic Security Labs pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

Learn more

企业搜索

可观测性

安全性

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.6 版重磅发布

升级 Elastic Stack

文档

ElasticON 2023 年全球用户大会

招聘中

Elastic 的力量

改善数字客户体验

不断发展的 DevOps 生命周期

安全不设限

公共领域

金融服务

电信

医疗保健

技术

零售和电子商务

媒体与娱乐

制造和汽车

专为高风险行业打造的网络安全解决方案

企业搜索

可观测性

安全性

开始使用

支持

联系我们

捷豹路虎

民生银行

联想集团

文档

博客

培训

活动

社区

咨询

通过 Elastic 企业搜索实现量化的成功

Elasticsearch 入门

可观测性工程师培训

关于我们

招贤纳士

新闻稿

合作伙伴

投资者关系

Elastic 卓越奖

为何说现在将关键数据库迁移到云正当时

企业搜索

可观测性

安全性

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.6 版重磅发布

升级 Elastic Stack

文档

ElasticON 2023 年全球用户大会

招聘中

Elastic 的力量

改善数字客户体验

不断发展的 DevOps 生命周期

安全不设限

公共领域

金融服务

电信

医疗保健

技术

零售和电子商务

媒体与娱乐

制造和汽车

企业搜索

可观测性

安全性

开始使用

支持

联系我们

捷豹路虎

民生银行

联想集团

文档