Security Labs

Elastic publishes 2023 Global Threat Report Spring Edition

This week, we’re publishing a new version of this report that’s online and interactive, which includes additional data covering the remainder of 2022, written using Elastic technologies.

Von

Devon Kerr

24. April 2023

Featured

The DPRK strikes using a new variant of RUSTBUCKET

Von

Salim Bitam

Ricardo Ungureanu

29. Juni 2023

Initial research exposing JOKERSPY

Von

Colson Wilhoit

Salim Bitam

21. Juni 2023

Elastic charms SPECTRALVIPER

Von

Cyril François

Daniel Stepanic

9. Juni 2023

Elastic Security Labs steps through the r77 rootkit

Von

Salim Bitam

18. Mai 2023

Security Research

See all

Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks

We aim to out-innovate adversaries and maintain protections against the cutting edge of attacker tradecraft. With Elastic Security 8.8, we added new kernel call stack based detections which provide us with improved efficacy against in-memory threats.

Von

Joe Desimone

Samir Bousseaden

30. Mai 2023

Into The Weeds: How We Run Detonate

Explore the technical implementation of the Detonate system, including sandbox creation, the supporting technology, telemetry collection, and how to blow stuff up.

Von

Jessica David

Sergey Polzunov

9. Mai 2023

Elastic Global Threat Report Multipart Series Overview

Each month, the Elastic Security Labs team dissects a different trend or correlation from the Elastic Global Threat Report. This post provides an overview of those individual publications.

Von

Devon Kerr

17. April 2023

Malware Analysis

See all

Elastic Security Labs discovers the LOBSHOT malware

Elastic Security Labs is naming a new malware family, LOBSHOT. LOBSHOT propagates and infiltrates targeted networks through Google Ads and hVNC sessions to deploy backdoors masquerading as legitimate application installers.

Von

Daniel Stepanic

Attack chain leads to XWORM and AGENTTESLA

Our team has recently observed a new malware campaign that employs a well-developed process with multiple stages. The campaign is designed to trick unsuspecting users into clicking on the documents, which appear to be legitimate.

Von

Salim Bitam

Elastic users protected from SUDDENICON’s supply chain attack

Elastic Security Labs is releasing a triage analysis to assist 3CX customers in the initial detection of SUDDENICON, a potential supply-chain compromise affecting 3CX VOIP softphone users.

Von

Daniel Stepanic

Remco Sprooten

Not sleeping anymore: SOMNIRECORD's wake-up call

Elastic Security Labs researchers identified a new malware family written in C++ that we refer to as SOMNIRECORD. This malware functions as a backdoor and communicates with command and control (C2) while masquerading as DNS.

Von

Salim Bitam

Campaign

See all

Exploring the REF2731 Intrusion Set

The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.

Von

Salim Bitam

Daniel Stepanic

30. September 2022

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

Von

Daniel Stepanic

Derek Ditch

1. Juni 2022

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

Von

Daniel Stepanic

Derek Ditch

7. März 2022

Groups & Tactics

See all in Groups & Tactics

Exploring the QBOT Attack Pattern

In this research publication, we'll explore our analysis of the QBOT attack pattern — a full-featured and prolific malware family.

Von

Cyril François

Seth Goodwin

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

Von

Jake King

Playing defense against Gamaredon Group

Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.

Von

Daniel Stepanic

Andrew Pease

Elastic Security Labs

Elastic Security Labs pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

Learn more

Elasticsearch Platform

ELK Stack

Elastic Cloud

Observability

Security

Search

Nach Branche

Nach Lösung

Kunden-Spotlight

Entwickler:innen

Vernetzen

Lernen

Hilfe

Erfahren, was es bei Elastic Neues gibt

Elasticsearch Platform

ELK Stack

Elastic Cloud

Observability

Security

Search

Nach Branche

Nach Lösung

Kunden-Spotlight

Entwickler:innen

Vernetzen

Lernen

Hilfe

Erfahren, was es bei Elastic Neues gibt

Elastic publishes 2023 Global Threat Report Spring Edition

Featured

The DPRK strikes using a new variant of RUSTBUCKET

Initial research exposing JOKERSPY

Elastic charms SPECTRALVIPER

Elastic Security Labs steps through the r77 rootkit

Security Research

Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks

Into The Weeds: How We Run Detonate

Elastic Global Threat Report Multipart Series Overview

Malware Analysis

Elastic Security Labs discovers the LOBSHOT malware

Attack chain leads to XWORM and AGENTTESLA

Elastic users protected from SUDDENICON’s supply chain attack

Not sleeping anymore: SOMNIRECORD's wake-up call

Campaign

Exploring the REF2731 Intrusion Set

CUBA Ransomware Campaign Analysis

PHOREAL Malware Targets the Southeast Asian Financial Sector

Groups & Tactics

Exploring the QBOT Attack Pattern

Okta and LAPSUS$: What you need to know

Playing defense against Gamaredon Group

Tools

Unpacking ICEDID

Click, Click… Boom! Automating Protections Testing with Detonate

NETWIRE Configuration Extractor

ICEDID Configuration Extractor

EMOTET Configuration Extractor

Elastic Security Labs

Folgen Sie uns:

Über uns

Bei Elastic arbeiten

Presse

Partner

Vertrauen und Sicherheit

Investor Relations

EXCELLENCE AWARDS