Security Labs

Finding Truth in the Shadows

Let's discuss three benefits that Hardware Stack Protections brings beyond the intended exploit mitigation capability, and explain some limitations.

Gabriel Landau

26 January 2023

Featured

SiestaGraph: New implant uncovered in ASEAN member foreign ministry

Samir Bousseaden

Andrew Pease

16 December 2022

Google Workspace Attack Surface

Terrance DeJesus

01 December 2022

Get-InjectedThreadEx – Detecting Thread Creation Trampolines

John Uhlmann

28 November 2022

Doing time with the YIPPHB dropper

Seth Goodwin

Derek Ditch

22 November 2022

Behind the scenes: The making of a Global Threat Report

Mark Dufresne

18 November 2022

2022 Elastic Global Threat Report: Helping security leaders navigate today’s threat landscape

Ken Exner

16 November 2022

2022 Elastic Global Threat Report Announcement

Devon Kerr

15 November 2022

Elastic’s 2022 Global Threat Report: A roadmap for navigating today’s growing threatscape

Mandy Andress

15 November 2022

Forecast and Recommendations: 2022 Elastic Global Threat Report

Santosh Krishnan

15 November 2022

Security Research

See all

EMOTET Dynamic Configuration Extraction

Elastic Security Labs discusses the EMOTET trojan and is releasing a tool to dynamically extract configuration files using code emulators.

Remco Sprooten

28 October 2022

Deep dive into the TTD ecosystem

This is the first in a series focused on the Time Travel Debugging (TTD) technology developed by Microsoft that was explored in detail during a recent independent research period.

Christophe Alladoum

26 September 2022

Getting the Most Out of Transformers in Elastic

In this blog, we will briefly talk about how we fine-tuned a transformer model meant for a masked language modeling (MLM) task, to make it suitable for a classification task.

Apoorva Joshi

Thomas Veasey

23 August 2022

Malware Analysis

See all

Exploring the REF2731 Intrusion Set

The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.

Salim Bitam

Daniel Stepanic

BUGHATCH Malware Analysis

Elastic Security has performed a deep technical analysis of the BUGHATCH malware. This includes capabilities as well as defensive countermeasures.

Salim Bitam

QBOT Malware Analysis

Elastic Security Labs releases a QBOT malware analysis report covering the execution chain. From this research, the team has produced a YARA rule, configuration-extractor, and indicators of compromises (IOCs).

Cyril François

CUBA Ransomware Malware Analysis

Elastic Security has performed a deep technical analysis of the CUBA ransomware family. This includes malware capabilities as well as defensive countermeasures.

Salim Bitam

Campaign

See all

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

Daniel Stepanic

Derek Ditch

01 June 2022

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

Daniel Stepanic

Derek Ditch

07 March 2022

Operation Bleeding Bear

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

Daniel Stepanic

James Spiteri

19 January 2022

Groups & Tactics

See all in Groups & Tactics

Exploring the QBOT Attack Pattern

In this research publication, we'll explore our analysis of the QBOT attack pattern — a full-featured and prolific malware family.

Cyril François

Seth Goodwin

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

Jake King

Playing defense against Gamaredon Group

Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.

Daniel Stepanic

Andrew Pease

Elastic Security Labs

Elastic Security Labs pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

Learn more

Enterprise Search

Observability

Security

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.6 released

Upgrade the Elastic Stack

Documentation

ElasticON Global 2023

We're hiring

Power of Elastic

Improving digital customer experiences

Evolving the DevOps lifecycle

Security without limits

Public Sector

Financial Services

Telecommunications

Healthcare

Technology

Retail and Ecommerce

Media and Entertainment

Manufacturing and Automotive

Secret ingredient for better website experience

Enterprise Search

Observability

Security

Getting started

Support

Contact us

Jaguar Land Rover

Emirates NBD

Zurich Insurance

Documentation

Blogs

Training

Events

Community

Consulting

Driving quantified success with Elastic Enterprise Search

Get started with Elasticsearch

Observability Engineer training

About

Careers

Press

Partners

Investor Relations

Elastic Excellence Awards

Why now is the time to move critical databases to the cloud

Enterprise Search

Observability

Security

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.6 released

Upgrade the Elastic Stack

Documentation

ElasticON Global 2023

We're hiring

Power of Elastic

Improving digital customer experiences

Evolving the DevOps lifecycle

Security without limits

Public Sector

Financial Services

Telecommunications

Healthcare

Technology

Retail and Ecommerce

Media and Entertainment

Manufacturing and Automotive

Enterprise Search

Observability

Security

Getting started

Support

Contact us

Jaguar Land Rover

Emirates NBD

Zurich Insurance

Documentation