Category

Campaigns

24 February 2024

PIKABOT, I choose you!

Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.

placeholder image
Initial research exposing JOKERSPY

Initial research exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

Elastic charms SPECTRALVIPER

Elastic charms SPECTRALVIPER

Elastic Security Labs has discovered the P8LOADER, POWERSEAL, and SPECTRALVIPER malware families targeting a national Vietnamese agribusiness. REF2754 shares malware and motivational elements of the REF4322 and APT32 activity groups.

PHOREAL Malware Targets the Southeast Asian Financial Sector

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

Exploring the REF2731 Intrusion Set

Exploring the REF2731 Intrusion Set

The Elastic Security Labs team has been tracking REF2731, an 5-stage intrusion set involving the PARALLAX loader and the NETWIRE RAT.

Operation Bleeding Bear

Operation Bleeding Bear

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

CUBA Ransomware Campaign Analysis

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

A close look at the advanced techniques used in a Malaysian-focused APT campaign

A close look at the advanced techniques used in a Malaysian-focused APT campaign

Our Elastic Security research team has focused on advanced techniques used in a Malaysian-focused APT campaign. Learn who’s behind it, how the attack works, observed MITRE attack® techniques, and indicators of compromise.

FORMBOOK Adopts CAB-less Approach

FORMBOOK Adopts CAB-less Approach

Campaign research and analysis of an observed FORMBOOK intrusion attempt.

Ransomware, interrupted: Sodinokibi and the supply chain

Ransomware, interrupted: Sodinokibi and the supply chain

Learn how Elastic Endpoint Security's behavior-based protections prevented a targeted ransomware attack on multiple endpoints.