Research Article Overview

A peek behind the BPFDoor

In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment.

Jake King

Colson Wilhoit

17 May 2022

Featured

BLISTER Loader

Cyril François

Daniel Stepanic

05 May 2022

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Devon Kerr

19 April 2022

Detecting and responding to Dirty Pipe with Elastic

Colson Wilhoit

Samir Bousseaden

14 March 2022

Security Research

See all

Vulnerability summary: Follina, CVE-2022-30190

Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.

Devon Kerr

01 June 2022

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other attacks.

Jake King

27 April 2022

Detect Credential Access with Elastic Security

Elastic Endpoint Security provides events that enable defenders with visibility on techniques and procedures which are commonly leveraged to access sensitive files and registry objects.

Samir Bousseaden

25 April 2022

Malware Analysis

See all

CUBA Ransomware Malware Analysis

Elastic Security has performed a deep technical analysis of the CUBA ransomware family. This includes malware capabilities as well as defensive countermeasures.

Salim Bitam

01 June 2022

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Analysis of the HERMETICWIPER malware targeting Ukranian organizations.

Daniel Stepanic

Mark Mager

01 March 2022

Elastic Security uncovers BLISTER malware campaign

Elastic Security has identified active intrusions leveraging the newly identified BLISTER malware loader utilizing valid code-signing certificates to evade detection. We are providing detection guidance for security teams to protect themselves.

Joe Desimone

Samir Bousseaden

22 December 2021

Going Coast to Coast - Climbing the Pyramid with the Deimos Implant

The Deimos implant was first reported in 2020 and has been in active development; employing advanced analysis countermeasures to frustrate analysis. This post details the campaign TTPs through the malware indicators.

Andrew Pease

Daniel Stepanic

12 October 2021

Campaign

See all

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

Daniel Stepanic

Derek Ditch

...

01 June 2022

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

Daniel Stepanic

Derek Ditch

...

07 March 2022

Operation Bleeding Bear

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

Daniel Stepanic

James Spiteri

...

19 January 2022

Groups & Tactics

See all in Groups & Tactics

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

Jake King

22 March 2022

Playing defense against Gamaredon Group

Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.

Daniel Stepanic

Andrew Pease

13 February 2020

Elastic Security Labs

Elastic Security Labs pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

Learn more

A peek behind the BPFDoor

Featured

BLISTER Loader

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Detecting and responding to Dirty Pipe with Elastic

Security Research

Vulnerability summary: Follina, CVE-2022-30190

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Detect Credential Access with Elastic Security

Malware Analysis

CUBA Ransomware Malware Analysis

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Elastic Security uncovers BLISTER malware campaign

Going Coast to Coast - Climbing the Pyramid with the Deimos Implant

Campaign

CUBA Ransomware Campaign Analysis

PHOREAL Malware Targets the Southeast Asian Financial Sector

Operation Bleeding Bear

Groups & Tactics

Okta and LAPSUS$: What you need to know

Playing defense against Gamaredon Group

Tools

BLISTER Configuration Extractor

BPFDoor Configuration Extractor

BPFDoor Scanner

Cobalt Strike Beacon Extractor

Elastic Security Labs

Products & Solutions

Company

We're hiring

Resources

Solutions

Elastic (ELK) Stack

New

Featured topics

News

A peek behind the BPFDoor

Featured

BLISTER Loader

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Detecting and responding to Dirty Pipe with Elastic

Security Research

Vulnerability summary: Follina, CVE-2022-30190

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Detect Credential Access with Elastic Security

Malware Analysis

CUBA Ransomware Malware Analysis

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Elastic Security uncovers BLISTER malware campaign

Going Coast to Coast - Climbing the Pyramid with the Deimos Implant

Campaign

CUBA Ransomware Campaign Analysis

PHOREAL Malware Targets the Southeast Asian Financial Sector

Operation Bleeding Bear

Groups & Tactics

Okta and LAPSUS$: What you need to know

Playing defense against Gamaredon Group

Tools

BLISTER Configuration Extractor

BPFDoor Configuration Extractor

BPFDoor Scanner

Cobalt Strike Beacon Extractor

Elastic Security Labs

Company

We're hiring

Resources