Category
Campaigns
24 February 2024
PIKABOT, I choose you!
Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.
![Initial research exposing JOKERSPY](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finital-research-of-jokerspy%2Fphoto-edited-04%402x.jpg&w=828&q=75)
Initial research exposing JOKERSPY
Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.
![Elastic charms SPECTRALVIPER](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-charms-spectralviper%2Fphoto-edited-10%402x.jpg&w=828&q=75)
Elastic charms SPECTRALVIPER
Elastic Security Labs has discovered the P8LOADER, POWERSEAL, and SPECTRALVIPER malware families targeting a national Vietnamese agribusiness. REF2754 shares malware and motivational elements of the REF4322 and APT32 activity groups.
![PHOREAL Malware Targets the Southeast Asian Financial Sector](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fphoreal-malware-targets-the-southeast-asian-financial-sector%2Fblog-thumb-roman-columns.jpg&w=828&q=75)
PHOREAL Malware Targets the Southeast Asian Financial Sector
Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.
![Exploring the REF2731 Intrusion Set](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fexploring-the-ref2731-intrusion-set%2Fref-intrusion.jpg&w=828&q=75)
Exploring the REF2731 Intrusion Set
The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.
![Operation Bleeding Bear](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Foperation-bleeding-bear%2Fbleeding-bear.jpg&w=828&q=75)
Operation Bleeding Bear
Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear
![CUBA Ransomware Campaign Analysis](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fcuba-ransomware-campaign-analysis%2Fblog-thumb-hard-drives.jpg&w=828&q=75)
CUBA Ransomware Campaign Analysis
Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.
![A close look at the advanced techniques used in a Malaysian-focused APT campaign](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fadvanced-techniques-used-in-malaysian-focused-apt-campaign%2Fblog-thumb-castle-tower.jpg&w=828&q=75)
A close look at the advanced techniques used in a Malaysian-focused APT campaign
Our Elastic Security research team has focused on advanced techniques used in a Malaysian-focused APT campaign. Learn who’s behind it, how the attack works, observed MITRE attack® techniques, and indicators of compromise.
![FORMBOOK Adopts CAB-less Approach](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fformbook-adopts-cab-less-approach%2Fblog-security-laptop-720x420.png&w=828&q=75)
FORMBOOK Adopts CAB-less Approach
Campaign research and analysis of an observed FORMBOOK intrusion attempt.
![Ransomware, interrupted: Sodinokibi and the supply chain](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fransomware-interrupted-sodinokibi-and-the-supply-chain%2Fransomware-prevention-blog-thumbnail.jpg&w=828&q=75)
Ransomware, interrupted: Sodinokibi and the supply chain
Learn how Elastic Endpoint Security's behavior-based protections prevented a targeted ransomware attack on multiple endpoints.