Videos

Exploring the QBOT Attack Pattern

In this research publication, we'll explore our analysis of the QBOT attack pattern — a full-featured and prolific malware family.

By
Cyril François
Seth Goodwin

Featured

QBOT Configuration Extractor
By
Elastic Security Labs
avatar
CUBA Ransomware Campaign Analysis
By
Daniel Stepanic
Derek Ditch
avatar
CUBA Ransomware Malware Analysis
By
Salim Bitam
avatar
Vulnerability summary: Follina, CVE-2022-30190
By
Devon Kerr
avatar
BLISTER Configuration Extractor
By
Elastic Security Labs
avatar
BPFDoor Configuration Extractor
By
Elastic Security Labs
avatar
BPFDoor Scanner
By
Elastic Security Labs
avatar
A peek behind the BPFDoor
By
Jake King
Colson Wilhoit
avatar
BLISTER Loader
By
Cyril François
Daniel Stepanic
avatar
research-article-hero-banner-background-50.png

Security Research

See all

Videos

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other attacks.

By
Jake King
Videos

Detect Credential Access with Elastic Security

Elastic Endpoint Security provides events that enable defenders with visibility on techniques and procedures which are commonly leveraged to access sensitive files and registry objects.

By
Samir Bousseaden
Videos

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.

By
Devon Kerr

Malware Analysis

See all

avatar

BLISTER Loader

The BLISTER loader continues to be actively used to load a variety of malware.

By
Cyril François
Daniel Stepanic
Video

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Analysis of the HERMETICWIPER malware targeting Ukranian organizations.

By
Daniel Stepanic
Mark Mager
avatar

Going Coast to Coast - Climbing the Pyramid with the Deimos Implant

The Deimos implant was first reported in 2020 and has been in active development; employing advanced analysis countermeasures to frustrate analysis. This post details the campaign TTPs through the malware indicators.

By
Andrew Pease
Daniel Stepanic

Campaign

See all

Videos

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

By
Daniel Stepanic
Derek Ditch
...
Videos

Operation Bleeding Bear

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

By
Daniel Stepanic
James Spiteri
...
Videos

FORMBOOK Adopts CAB-less Approach

Campaign research and analysis of an observed FORMBOOK intrusion attempt.

By
Derek Ditch
Daniel Stepanic
...

Groups & Tactics

See all in Groups & Tactics

avatar

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic

By
Jake King
avatar

Playing defense against Gamaredon Group

Learn about the recent campaign of a Russia-based threat group known as Gamaredon Group. This post will review these details and provide detection strategies.

By
Daniel Stepanic
Andrew Pease
HalfCircle_TopRight_ContainerBoxLineGraph_ContainerBoxpattern-grey-boxes

Tools

BPFDoor Configuration Extractor
By
Elastic Security Labs
BPFDoor Scanner
By
Elastic Security Labs
Cobalt Strike Beacon Extractor
By
Elastic Security Labs

See all in Tools

Elastic Security Labs

Elastic Security Labs pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

Learn more