CINXE.COM
Elastic Security Labs
<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><title>Elastic Security Labs</title><meta name="description" content="Elastic Security Labs empowers security teams across the globe with novel security intelligence research and free to use tools."/><meta property="og:title" content="Elastic Security Labs"/><meta property="og:description" content="Elastic Security Labs empowers security teams across the globe with novel security intelligence research and free to use tools."/><meta property="og:image" content="https://www.elastic.co/security-labs/assets/security-labs-thumbnail.png?6bc7d5d8c8e6df13cb7dd90e70e735b1"/><meta property="og:image:alt" content="Elastic Security Labs empowers security teams across the globe with novel security intelligence research and free to use tools."/><meta property="og:site_name"/><meta property="og:url" content="https://www.elastic.co/security-labs/"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="Elastic Security Labs"/><meta name="twitter:description" content="Elastic Security Labs empowers security teams across the globe with novel security intelligence research and free to use tools."/><meta name="twitter:image" content="https://www.elastic.co/security-labs/assets/security-labs-thumbnail.png?6bc7d5d8c8e6df13cb7dd90e70e735b1"/><meta name="twitter:image:alt" content="Elastic Security Labs empowers security teams across the globe with novel security intelligence research and free to use tools."/><link rel="canonical" href="https://www.elastic.co/security-labs/"/><link rel="preload" href="/security-labs/logo.svg" as="image" fetchpriority="high"/><link rel="preload" as="image" imageSrcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=640&q=75 640w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=750&q=75 750w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=828&q=75 828w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=1080&q=75 1080w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=1200&q=75 1200w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=1920&q=75 1920w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=2048&q=75 2048w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=3840&q=75 3840w" imageSizes="100vw" fetchpriority="high"/><meta name="next-head-count" content="19"/><script src="https://play.vidyard.com/embed/v4.js" type="text/javascript" async=""></script><link rel="icon" href="/security-labs/favicon.svg"/><link rel="mask-icon" href="/security-labs/favicon.svg" color="#1C1E23"/><link rel="apple-touch-icon" href="/security-labs/favicon.svg"/><meta name="theme-color" content="#1C1E23"/><link rel="preload" href="/security-labs/_next/static/media/6d93bde91c0c2823-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/security-labs/_next/static/media/a34f9d1faa5f3315-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/security-labs/_next/static/media/369c6e283c5acc6e-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/security-labs/_next/static/media/92f44bb82993d879-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/security-labs/_next/static/media/ee71530a747ff30b-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/security-labs/_next/static/media/9fac010bc1f02be0-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><link rel="preload" href="/security-labs/_next/static/media/cbf5fbad4d73afac-s.p.woff2" as="font" type="font/woff2" crossorigin="anonymous" data-next-font="size-adjust"/><script id="google-tag-manager" data-nscript="beforeInteractive"> (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KNJMG2M'); </script><link rel="preload" href="/security-labs/_next/static/css/265ed7605fd03477.css" as="style"/><link rel="stylesheet" href="/security-labs/_next/static/css/265ed7605fd03477.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/security-labs/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js"></script><script src="/security-labs/_next/static/chunks/webpack-7987c6fda769d510.js" defer=""></script><script src="/security-labs/_next/static/chunks/framework-7a7e500878b44665.js" defer=""></script><script src="/security-labs/_next/static/chunks/main-ebd33a9f1cae5951.js" defer=""></script><script src="/security-labs/_next/static/chunks/pages/_app-cb8664d1d3df2511.js" defer=""></script><script src="/security-labs/_next/static/chunks/fec483df-43ee602fabdfe3a4.js" defer=""></script><script src="/security-labs/_next/static/chunks/877-34f408271ef44c22.js" defer=""></script><script src="/security-labs/_next/static/chunks/511-d08fe0fdd6f8a984.js" defer=""></script><script src="/security-labs/_next/static/chunks/402-8f632e261e10d103.js" defer=""></script><script src="/security-labs/_next/static/chunks/616-0b017b9cfa597392.js" defer=""></script><script src="/security-labs/_next/static/chunks/pages/index-8f2c4d6b113fab6a.js" defer=""></script><script src="/security-labs/_next/static/kahZ-cxorFKvHlgt0NoHQ/_buildManifest.js" defer=""></script><script src="/security-labs/_next/static/kahZ-cxorFKvHlgt0NoHQ/_ssgManifest.js" defer=""></script></head><body><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KNJMG2M" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><div id="__next"><main class="__variable_0351a5 __variable_1f211e __variable_a5b5f5 flex flex-col min-h-screen"><div class="scroll-percentage-container invisible"><div class="scroll-percentage-bar" style="width:0%"></div></div><nav class="fixed w-full z-40" data-headlessui-state=""><div class="bg-gradient-to-b from-zinc-900 from-20% h-[200%] to-transparent absolute inset-0 z-0 pointer-events-none"></div><div class="container relative z-10"><div class="flex h-16 items-center justify-between"><div class="flex items-center justify-start w-full"><div><a class="hover:opacity-50 transition" href="/security-labs"><img alt="elastic security labs logo" fetchpriority="high" width="200" height="30" decoding="async" data-nimg="1" style="color:transparent" src="/security-labs/logo.svg"/></a></div><div class="hidden lg:ml-6 lg:block"><div class="flex space-x-4"><a class="flex lg:inline-flex font-light my-1 py-1 px-2 font-display font-semibold lg:text-sm xl:text-base items-center transition hover:hover-link hover:text-white focus:accessible-link-focus" href="/security-labs/about"><span>About</span></a><div class="relative" data-headlessui-state=""><div><button class="flex lg:inline-flex font-light my-1 py-1 px-2 font-display font-semibold lg:text-sm xl:text-base items-center transition hover:hover-link hover:text-white focus:accessible-link-focus" id="headlessui-menu-button-:R2kpm:" type="button" aria-haspopup="menu" aria-expanded="false" data-headlessui-state="">Topics<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true" class="ml-1 -mr-1 h-4 w-4 text-zinc-400 relative top-[1px]"><path fill-rule="evenodd" d="M5.23 7.21a.75.75 0 011.06.02L10 11.168l3.71-3.938a.75.75 0 111.08 1.04l-4.25 4.5a.75.75 0 01-1.08 0l-4.25-4.5a.75.75 0 01.02-1.06z" clip-rule="evenodd"></path></svg></button></div></div><a class="flex lg:inline-flex font-light my-1 py-1 px-2 font-display font-semibold lg:text-sm xl:text-base items-center transition hover:hover-link hover:text-white focus:accessible-link-focus" href="/security-labs/category/vulnerability-updates"><span>Vulnerability updates</span></a><a class="flex lg:inline-flex font-light my-1 py-1 px-2 font-display font-semibold lg:text-sm xl:text-base items-center transition hover:hover-link hover:text-white focus:accessible-link-focus" href="/security-labs/category/reports"><span>Reports</span></a><a class="flex lg:inline-flex font-light my-1 py-1 px-2 font-display font-semibold lg:text-sm xl:text-base items-center transition hover:hover-link hover:text-white focus:accessible-link-focus" href="/security-labs/category/tools"><span>Tools</span></a></div></div><div class="hidden lg:ml-auto lg:block"><div class="flex items-center space-x-4"><a class="rounded flex items-center p-4 text-white focus:outline-none focus:ring-0 focus:ring-offset-1 focus:ring-offset-zinc-600 group" href="https://search.elastic.co/?location%5B0%5D=Security%20Labs&referrer=https://www.elastic.co/security-labs/"><div class="flex items-center relative font-display"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" class="h-6 w-6"><path stroke-linecap="round" stroke-linejoin="round" d="M21 21l-5.197-5.197m0 0A7.5 7.5 0 105.196 5.196a7.5 7.5 0 0010.607 10.607z"></path></svg></div></a><a class="flex lg:inline-flex font-light my-1 py-1 px-2 font-display font-semibold lg:text-sm xl:text-base items-center transition hover:hover-link hover:text-white focus:accessible-link-focus" href="https://www.elastic.co/security-labs/rss/feed.xml"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true" class="h-4 w-4 mr-1"><path d="M3.75 3a.75.75 0 00-.75.75v.5c0 .414.336.75.75.75H4c6.075 0 11 4.925 11 11v.25c0 .414.336.75.75.75h.5a.75.75 0 00.75-.75V16C17 8.82 11.18 3 4 3h-.25z"></path><path d="M3 8.75A.75.75 0 013.75 8H4a8 8 0 018 8v.25a.75.75 0 01-.75.75h-.5a.75.75 0 01-.75-.75V16a6 6 0 00-6-6h-.25A.75.75 0 013 9.25v-.5zM7 15a2 2 0 11-4 0 2 2 0 014 0z"></path></svg><span class="hidden xl:block">Subscribe</span></a><a class="font-display inline-flex items-center justify-center rounded font-semibold disabled:!select-none disabled:!bg-gray-400 bg-blue-600 text-white hover:bg-blue-500 enabled:hover:text-white/80 transition-colors px-4 py-2 text-sm flex-1 lg:flex-auto" href="https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs">Start free trial</a><a class="font-display inline-flex items-center justify-center rounded font-semibold text-white disabled:!select-none disabled:!bg-gray-400 button px-4 py-2 text-sm flex-1 lg:flex-auto" href="https://www.elastic.co/contact">Contact sales</a></div></div></div><div class="-mr-2 flex lg:hidden"><a class="rounded flex items-center p-4 text-white focus:outline-none focus:ring-0 focus:ring-offset-1 focus:ring-offset-zinc-600 group" href="https://search.elastic.co/?location%5B0%5D=Security%20Labs&referrer=https://www.elastic.co/security-labs/"><div class="flex items-center relative font-display"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" class="h-6 w-6"><path stroke-linecap="round" stroke-linejoin="round" d="M21 21l-5.197-5.197m0 0A7.5 7.5 0 105.196 5.196a7.5 7.5 0 0010.607 10.607z"></path></svg></div></a><button class="inline-flex items-center justify-center rounded-md p-2 text-gray-400 hover:bg-gray-700 hover:text-white focus:outline-none focus:ring-2 focus:ring-inset focus:ring-white" id="headlessui-disclosure-button-:R59m:" type="button" aria-expanded="false" data-headlessui-state=""><span class="sr-only">Open navigation menu</span><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" class="block h-6 w-6"><path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6.75h16.5M3.75 12h16.5m-16.5 5.25h16.5"></path></svg></button></div></div></div></nav><main class="mb-20 flex-1 flex flex-col"><div class="h-64 md:h-96"><div class="after:absolute after:block after:bg-blue-400 after:blur-3xl after:content-[' '] after:h-96 after:opacity-5 after:right-0 after:rounded-full after:top-20 after:w-1/2 after:z-0 before:absolute before:block before:blur-3xl before:bg-orange-400 before:content-[' '] before:h-96 before:left-0 before:opacity-5 before:rounded-full before:w-1/2 before:z-0 w-full h-full relative"><div class="relative z-10 w-full h-[125%] -top-[25%] bg-no-repeat bg-cover bg-bottom flex items-center justify-center" style="background-image:url(/security-labs/grid.svg)"><h1 class="font-bold leading-tighter text-3xl md:text-5xl text-center max-w-3xl pt-8">Primary threat research from Elastic Security Labs</h1></div></div></div><div class="container grid xl:grid-cols-3 mb-8 lg:mb-20 gap-8 items-center relative z-10"><div class="xl:col-span-2"><div class="bg-zinc-900 border border-zinc-800 drop-shadow-lg p-5 sm:p-8 md:p-10 rounded-3xl"><div class="flex flex-col-reverse justify-between"><div class="flex flex-col justify-between max-w-xl mt-10 pr-10"><div><h4 class="font-bold leading-tight text-lg md:text-2xl mb-3">1 October 2024</h4><h2 class="font-bold text-2xl md:text-4xl mb-5"><a class="hover:text-blue-400 transition" href="/security-labs/elastic-publishes-2024-gtr">Elastic publishes 2024 Global Threat Report</a></h2></div><p class="text-sm md:text-base text-zinc-400">Elastic Security Labs has released the 2024 Elastic Global Threat Report, surfacing the most pressing threats, trends, and recommendations to help keep organizations safe for the upcoming year.</p></div><div class="w-full max-w-full"><a href="/security-labs/elastic-publishes-2024-gtr"><div class="relative w-full rounded-lg overflow-hidden aspect-video"><img alt="placeholder image" fetchpriority="high" decoding="async" data-nimg="fill" class="object-cover absolute h-full w-full" style="position:absolute;height:100%;width:100%;left:0;top:0;right:0;bottom:0;color:transparent" sizes="100vw" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=640&q=75 640w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=750&q=75 750w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=828&q=75 828w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=1080&q=75 1080w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=1200&q=75 1200w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=1920&q=75 1920w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=2048&q=75 2048w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=3840&q=75 3840w" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-publishes-2024-gtr%2F2024-gtr.png&w=3840&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div></a></div></div></div></div><div class="col-span-1 flex flex-col gap-4"><div class="flex flex-col space-4"><div class="pb-2 mb-4 border-b border-b-zinc-700"><h2 class="text-xl font-semibold">Featured</h2></div><div class="flex flex-col space-y-4"><a href="/security-labs/streamlining-security-integrating-amazon-bedrock"><div class="bg-zinc-900 border border-zinc-800 drop-shadow-lg p-5 md:p-2 sm:p-4 md:px-6 md:py-4 rounded-xl hover:bg-zing-950 transition group"><div class="flex flex-col-reverse md:grid md:grid-cols-3 gap-4 items-center"><div class="flex flex-col space-y-1 md:col-span-2"><span class="font-semibold mb-1 group-hover:text-blue-400 transition">Streamlining Security: Integrating Amazon Bedrock with Elastic</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">by <!-- -->Shashank K S</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">14 November 2024</span></div><div class="relative w-full rounded-lg overflow-hidden aspect-video"><img alt="Streamlining Security: Integrating Amazon Bedrock with Elastic" loading="lazy" decoding="async" data-nimg="fill" class="object-cover absolute h-full w-full" style="position:absolute;height:100%;width:100%;left:0;top:0;right:0;bottom:0;color:transparent" sizes="100vw" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=640&q=75 640w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=750&q=75 750w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=828&q=75 828w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=1080&q=75 1080w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=1200&q=75 1200w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=1920&q=75 1920w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=2048&q=75 2048w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=3840&q=75 3840w" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=3840&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div></div></div></a><a href="/security-labs/katz-and-mouse-game"><div class="bg-zinc-900 border border-zinc-800 drop-shadow-lg p-5 md:p-2 sm:p-4 md:px-6 md:py-4 rounded-xl hover:bg-zing-950 transition group"><div class="flex flex-col-reverse md:grid md:grid-cols-3 gap-4 items-center"><div class="flex flex-col space-y-1 md:col-span-2"><span class="font-semibold mb-1 group-hover:text-blue-400 transition">Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">by <!-- -->Jia Yu Chan, Salim Bitam, Daniel Stepanic, Samir Bousseaden, Cyril François, Seth Goodwin</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">28 October 2024</span></div><div class="relative w-full rounded-lg overflow-hidden aspect-video"><img alt="Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses" loading="lazy" decoding="async" data-nimg="fill" class="object-cover absolute h-full w-full" style="position:absolute;height:100%;width:100%;left:0;top:0;right:0;bottom:0;color:transparent" sizes="100vw" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=640&q=75 640w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=750&q=75 750w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=828&q=75 828w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=1080&q=75 1080w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=1200&q=75 1200w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=1920&q=75 1920w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=2048&q=75 2048w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=3840&q=75 3840w" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=3840&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div></div></div></a><a href="/security-labs/tricks-and-treats"><div class="bg-zinc-900 border border-zinc-800 drop-shadow-lg p-5 md:p-2 sm:p-4 md:px-6 md:py-4 rounded-xl hover:bg-zing-950 transition group"><div class="flex flex-col-reverse md:grid md:grid-cols-3 gap-4 items-center"><div class="flex flex-col space-y-1 md:col-span-2"><span class="font-semibold mb-1 group-hover:text-blue-400 transition">Tricks and Treats: GHOSTPULSE’s new pixel-level deception</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">by <!-- -->Salim Bitam</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">19 October 2024</span></div><div class="relative w-full rounded-lg overflow-hidden aspect-video"><img alt="Tricks and Treats: GHOSTPULSE’s new pixel-level deception" loading="lazy" decoding="async" data-nimg="fill" class="object-cover absolute h-full w-full" style="position:absolute;height:100%;width:100%;left:0;top:0;right:0;bottom:0;color:transparent" sizes="100vw" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=640&q=75 640w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=750&q=75 750w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=828&q=75 828w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=1080&q=75 1080w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=1200&q=75 1200w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=1920&q=75 1920w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=2048&q=75 2048w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=3840&q=75 3840w" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=3840&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div></div></div></a><a href="/security-labs/elevate-your-threat-hunting"><div class="bg-zinc-900 border border-zinc-800 drop-shadow-lg p-5 md:p-2 sm:p-4 md:px-6 md:py-4 rounded-xl hover:bg-zing-950 transition group"><div class="flex flex-col-reverse md:grid md:grid-cols-3 gap-4 items-center"><div class="flex flex-col space-y-1 md:col-span-2"><span class="font-semibold mb-1 group-hover:text-blue-400 transition">Elevate Your Threat Hunting with Elastic</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">by <!-- -->Terrance DeJesus, Mika Ayenson, PhD, Samir Bousseaden, Justin Ibarra</span><span class="text-zinc-400 group-hover:text-zinc-300 text-sm">18 October 2024</span></div><div class="relative w-full rounded-lg overflow-hidden aspect-video"><img alt="Elevate Your Threat Hunting with Elastic" loading="lazy" decoding="async" data-nimg="fill" class="object-cover absolute h-full w-full" style="position:absolute;height:100%;width:100%;left:0;top:0;right:0;bottom:0;color:transparent" sizes="100vw" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=640&q=75 640w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=750&q=75 750w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=828&q=75 828w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=1080&q=75 1080w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=1200&q=75 1200w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=1920&q=75 1920w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=2048&q=75 2048w, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=3840&q=75 3840w" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felevate-your-threat-hunting%2Felevate-your-threat-hunting.jpg&w=3840&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div></div></div></a></div></div><a class="flex justify-center items-center font-medium gap-2 py-4 px-6 rounded bg-blue-600 hover:bg-blue-500 hover:text-white" href="https://twitter.com/elasticseclabs"><svg class="w-4 h-4" viewBox="0 0 24 24"><path fill="currentColor" d="M23.954 4.569c-.885.389-1.83.653-2.825.772a4.98 4.98 0 002.187-2.746 9.955 9.955 0 01-3.157 1.204 4.98 4.98 0 00-8.49 4.54A14.128 14.128 0 011.69 3.05a4.98 4.98 0 001.54 6.638A4.94 4.94 0 011.2 8.62v.06a4.98 4.98 0 004 4.87 4.94 4.94 0 01-2.24.086 4.98 4.98 0 004.64 3.45A9.97 9.97 0 010 20.35a14.075 14.075 0 007.59 2.22c9.16 0 14.17-7.583 14.17-14.17 0-.217-.005-.434-.015-.65a10.128 10.128 0 002.485-2.58l-.001-.001z"></path></svg><span>Follow Elastic Security Labs on Twitter</span></a><a target="_blank" class="flex justify-center items-center font-medium gap-2 py-4 px-6 rounded bg-zinc-900 border border-white/20 hover:bg-zinc-700 hover:border-zinc-700 hover:text-white" href="https://www.elastic.co/elastic-security-labs/newsletter?utm_source=security-labs"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" class="w-5 h-5"><path stroke-linecap="round" stroke-linejoin="round" d="M21.75 6.75v10.5a2.25 2.25 0 01-2.25 2.25h-15a2.25 2.25 0 01-2.25-2.25V6.75m19.5 0A2.25 2.25 0 0019.5 4.5h-15a2.25 2.25 0 00-2.25 2.25m19.5 0v.243a2.25 2.25 0 01-1.07 1.916l-7.5 4.615a2.25 2.25 0 01-2.36 0L3.32 8.91a2.25 2.25 0 01-1.07-1.916V6.75"></path></svg><span>Subscribe to the newsletter</span></a></div></div><div class="container"><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">Security Research</h2><a class="button" href="/security-labs/topics/security-research">View all</a></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/streamlining-security-integrating-amazon-bedrock"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Streamlining Security: Integrating Amazon Bedrock with Elastic" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstreamlining-security-integrating-amazon-bedrock%2FSecurity%20Labs%20Images%2036.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">14 November 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Streamlining Security: Integrating Amazon Bedrock with Elastic</h3><p class="text-sm text-zinc-400">This article will guide you through the process of setting up the Amazon Bedrock integration and enabling Elastic's prebuilt detection rules to streamline your security operations.</p></div></a><a href="/security-labs/cups-overflow"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Cups Overflow: When your printer spills more than Ink" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fcups-overflow%2Fcups-overflow.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fcups-overflow%2Fcups-overflow.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fcups-overflow%2Fcups-overflow.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">28 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Cups Overflow: When your printer spills more than Ink</h3><p class="text-sm text-zinc-400">Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.</p></div></a><a href="/security-labs/storm-on-the-horizon"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Storm on the Horizon: Inside the AJCloud IoT Ecosystem" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstorm-on-the-horizon%2Fstorm-on-the-horizon.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstorm-on-the-horizon%2Fstorm-on-the-horizon.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstorm-on-the-horizon%2Fstorm-on-the-horizon.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">20 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Storm on the Horizon: Inside the AJCloud IoT Ecosystem</h3><p class="text-sm text-zinc-400">Wi-Fi cameras are popular due to their affordability and convenience but often have security vulnerabilities that can be exploited.</p></div></a><a href="/security-labs/dprk-code-of-conduct"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Code of Conduct: DPRK’s Python-fueled intrusions into secured networks" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">18 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Code of Conduct: DPRK’s Python-fueled intrusions into secured networks</h3><p class="text-sm text-zinc-400">Investigating the DPRK’s strategic use of Python and carefully crafted social engineering, this publication sheds light on how they breach highly secure networks with evolving and effective cyber attacks.</p></div></a></div><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">Malware Analysis</h2><a class="button" href="/security-labs/topics/malware-analysis">View all</a></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/katz-and-mouse-game"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkatz-and-mouse-game%2FSecurity%20Labs%20Images%202.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">28 October 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses</h3><p class="text-sm text-zinc-400">Elastic Security Labs breaks down bypass implementations from the infostealer ecosystem’s reaction to Chrome 127's Application-Bound Encryption scheme.</p></div></a><a href="/security-labs/tricks-and-treats"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Tricks and Treats: GHOSTPULSE’s new pixel-level deception" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Ftricks-and-treats%2Ftricks-and-treats.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">19 October 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Tricks and Treats: GHOSTPULSE’s new pixel-level deception</h3><p class="text-sm text-zinc-400">The updated GHOSTPULSE malware has evolved to embed malicious data directly within pixel structures, making it harder to detect and requiring new analysis and detection techniques.</p></div></a><a href="/security-labs/betting-on-bots"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fbetting-on-bots%2Fbetting-on-bots.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fbetting-on-bots%2Fbetting-on-bots.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fbetting-on-bots%2Fbetting-on-bots.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">27 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse</h3><p class="text-sm text-zinc-400">The REF6138 campaign involved cryptomining, DDoS attacks, and potential money laundering via gambling APIs, highlighting the attackers' use of evolving malware and stealthy communication channels.</p></div></a><a href="/security-labs/dprk-code-of-conduct"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Code of Conduct: DPRK’s Python-fueled intrusions into secured networks" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">18 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Code of Conduct: DPRK’s Python-fueled intrusions into secured networks</h3><p class="text-sm text-zinc-400">Investigating the DPRK’s strategic use of Python and carefully crafted social engineering, this publication sheds light on how they breach highly secure networks with evolving and effective cyber attacks.</p></div></a></div><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">Campaigns</h2><a class="button" href="/security-labs/topics/campaigns">View all</a></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/pikabot-i-choose-you"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="PIKABOT, I choose you!" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fpikabot-i-choose-you%2Fphoto-edited-02.png&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fpikabot-i-choose-you%2Fphoto-edited-02.png&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fpikabot-i-choose-you%2Fphoto-edited-02.png&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">24 February 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">PIKABOT, I choose you!</h3><p class="text-sm text-zinc-400">Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.</p></div></a><a href="/security-labs/inital-research-of-jokerspy"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Initial research exposing JOKERSPY" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finital-research-of-jokerspy%2Fphoto-edited-04%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finital-research-of-jokerspy%2Fphoto-edited-04%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finital-research-of-jokerspy%2Fphoto-edited-04%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">21 June 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Initial research exposing JOKERSPY</h3><p class="text-sm text-zinc-400">Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.</p></div></a><a href="/security-labs/elastic-charms-spectralviper"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Elastic charms SPECTRALVIPER" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-charms-spectralviper%2Fphoto-edited-10%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-charms-spectralviper%2Fphoto-edited-10%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-charms-spectralviper%2Fphoto-edited-10%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">9 June 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Elastic charms SPECTRALVIPER</h3><p class="text-sm text-zinc-400">Elastic Security Labs has discovered the P8LOADER, POWERSEAL, and SPECTRALVIPER malware families targeting a national Vietnamese agribusiness. REF2754 shares malware and motivational elements of the REF4322 and APT32 activity groups.</p></div></a><a href="/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="PHOREAL Malware Targets the Southeast Asian Financial Sector" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fphoreal-malware-targets-the-southeast-asian-financial-sector%2Fblog-thumb-roman-columns.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fphoreal-malware-targets-the-southeast-asian-financial-sector%2Fblog-thumb-roman-columns.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fphoreal-malware-targets-the-southeast-asian-financial-sector%2Fblog-thumb-roman-columns.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">2 March 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">PHOREAL Malware Targets the Southeast Asian Financial Sector</h3><p class="text-sm text-zinc-400">Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.</p></div></a></div><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">Groups & Tactics</h2><a class="button" href="/security-labs/topics/groups-and-tactics">View all</a></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/betting-on-bots"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fbetting-on-bots%2Fbetting-on-bots.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fbetting-on-bots%2Fbetting-on-bots.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fbetting-on-bots%2Fbetting-on-bots.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">27 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse</h3><p class="text-sm text-zinc-400">The REF6138 campaign involved cryptomining, DDoS attacks, and potential money laundering via gambling APIs, highlighting the attackers' use of evolving malware and stealthy communication channels.</p></div></a><a href="/security-labs/dprk-code-of-conduct"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Code of Conduct: DPRK’s Python-fueled intrusions into secured networks" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdprk-code-of-conduct%2Fdprk-code-of-conduct.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">18 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Code of Conduct: DPRK’s Python-fueled intrusions into secured networks</h3><p class="text-sm text-zinc-400">Investigating the DPRK’s strategic use of Python and carefully crafted social engineering, this publication sheds light on how they breach highly secure networks with evolving and effective cyber attacks.</p></div></a><a href="/security-labs/grimresource"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="GrimResource - Microsoft Management Console for initial access and evasion" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fgrimresource%2Fgrimresource.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fgrimresource%2Fgrimresource.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fgrimresource%2Fgrimresource.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">22 June 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">GrimResource - Microsoft Management Console for initial access and evasion</h3><p class="text-sm text-zinc-400">Elastic researchers uncovered a new technique, GrimResource, which allows full code execution via specially crafted MSC files. It underscores a trend of well-resourced attackers favoring innovative initial access methods to evade defenses.</p></div></a><a href="/security-labs/invisible-miners-unveiling-ghostengine"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Invisible miners: unveiling GHOSTENGINE’s crypto mining operations" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finvisible-miners-unveiling-ghostengine%2Fghostengine.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finvisible-miners-unveiling-ghostengine%2Fghostengine.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finvisible-miners-unveiling-ghostengine%2Fghostengine.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">22 May 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Invisible miners: unveiling GHOSTENGINE’s crypto mining operations</h3><p class="text-sm text-zinc-400">Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.</p></div></a></div><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">Perspectives</h2></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/storm-on-the-horizon"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Storm on the Horizon: Inside the AJCloud IoT Ecosystem" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstorm-on-the-horizon%2Fstorm-on-the-horizon.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstorm-on-the-horizon%2Fstorm-on-the-horizon.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstorm-on-the-horizon%2Fstorm-on-the-horizon.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">20 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Storm on the Horizon: Inside the AJCloud IoT Ecosystem</h3><p class="text-sm text-zinc-400">Wi-Fi cameras are popular due to their affordability and convenience but often have security vulnerabilities that can be exploited.</p></div></a><a href="/security-labs/kernel-etw-best-etw"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Kernel ETW is the best ETW" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkernel-etw-best-etw%2Fkernel-etw-best-etw.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkernel-etw-best-etw%2Fkernel-etw-best-etw.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fkernel-etw-best-etw%2Fkernel-etw-best-etw.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">13 September 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Kernel ETW is the best ETW</h3><p class="text-sm text-zinc-400">This research focuses on the importance of native audit logs in secure-by-design software, emphasizing the need for kernel-level ETW logging over user-mode hooks to enhance anti-tamper protections.</p></div></a><a href="/security-labs/forget-vulnerable-drivers-admin-is-all-you-need"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Forget vulnerable drivers - Admin is all you need" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fforget-vulnerable-drivers-admin-is-all-you-need%2Fphoto-edited-09%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fforget-vulnerable-drivers-admin-is-all-you-need%2Fphoto-edited-09%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fforget-vulnerable-drivers-admin-is-all-you-need%2Fphoto-edited-09%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">25 August 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Forget vulnerable drivers - Admin is all you need</h3><p class="text-sm text-zinc-400">Bring Your Own Vulnerable Driver (BYOVD) is an increasingly popular attacker technique whereby a threat actor brings a known-vulnerable signed driver alongside their malware, loads it into the kernel, then exploits it to perform some action within the kernel that they would not otherwise be able to do. Employed by advanced threat actors for over a decade, BYOVD is becoming increasingly common in ransomware and commodity malware.</p></div></a></div><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">GenerativeAI</h2><a class="button" href="/security-labs/topics/generative-ai">View all</a></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/elastic-advances-llm-security"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Elastic Advances LLM Security with Standardized Fields and Integrations" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-advances-llm-security%2FSecurity%20Labs%20Images%204.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-advances-llm-security%2FSecurity%20Labs%20Images%204.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-advances-llm-security%2FSecurity%20Labs%20Images%204.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">6 May 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Elastic Advances LLM Security with Standardized Fields and Integrations</h3><p class="text-sm text-zinc-400">Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.</p></div></a><a href="/security-labs/embedding-security-in-llm-workflows"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Embedding Security in LLM Workflows: Elastic's Proactive Approach" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fembedding-security-in-llm-workflows%2FSecurity%20Labs%20Images%205.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fembedding-security-in-llm-workflows%2FSecurity%20Labs%20Images%205.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fembedding-security-in-llm-workflows%2FSecurity%20Labs%20Images%205.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">25 April 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Embedding Security in LLM Workflows: Elastic's Proactive Approach</h3><p class="text-sm text-zinc-400">Dive into Elastic's exploration of embedding security directly within Large Language Models (LLMs). Discover our strategies for detecting and mitigating several of the top OWASP vulnerabilities in LLM applications, ensuring safer and more secure AI-driven applications.</p></div></a><a href="/security-labs/accelerating-elastic-detection-tradecraft-with-llms"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Accelerating Elastic detection tradecraft with LLMs" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Faccelerating-elastic-detection-tradecraft-with-llms%2Fphoto-edited-09%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Faccelerating-elastic-detection-tradecraft-with-llms%2Fphoto-edited-09%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Faccelerating-elastic-detection-tradecraft-with-llms%2Fphoto-edited-09%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">29 September 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Accelerating Elastic detection tradecraft with LLMs</h3><p class="text-sm text-zinc-400">Learn more about how Elastic Security Labs has been focused on accelerating our detection engineering workflows by tapping into more generative AI capabilities.</p></div></a><a href="/security-labs/using-llms-and-esre-to-find-similar-user-sessions"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Using LLMs and ESRE to find similar user sessions" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fusing-llms-and-esre-to-find-similar-user-sessions%2Fphoto-edited-03%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fusing-llms-and-esre-to-find-similar-user-sessions%2Fphoto-edited-03%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fusing-llms-and-esre-to-find-similar-user-sessions%2Fphoto-edited-03%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">19 September 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Using LLMs and ESRE to find similar user sessions</h3><p class="text-sm text-zinc-400">In our previous article, we explored using the GPT-4 Large Language Model (LLM) to condense Linux user sessions. In the context of the same experiment, we dedicated some time to examine sessions that shared similarities. These similar sessions can subsequently aid the analysts in identifying related suspicious activities.</p></div></a></div><div class="flex flex-col sm:flex-row items-center justify-between my-10"><h2 class="font-bold text-2xl md:text-4xl mb-5 sm:mb-0">Tools</h2><a class="button" href="/security-labs/topics/tools">View all</a></div><div class="grid sm:grid-cols-2 lg:grid-cols-4 gap-8"><a href="/security-labs/stixy-situations-ecsaping-your-threat-data"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="STIXy Situations: ECSaping your threat data" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstixy-situations-ecsaping-your-threat-data%2Fphoto-edited-07%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstixy-situations-ecsaping-your-threat-data%2Fphoto-edited-07%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fstixy-situations-ecsaping-your-threat-data%2Fphoto-edited-07%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">9 February 2024</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">STIXy Situations: ECSaping your threat data</h3><p class="text-sm text-zinc-400">Structured threat data is commonly formatted using STIX. To help get this data into Elasticsearch, we’re releasing a Python script that converts STIX to an ECS format to be ingested into your stack.</p></div></a><a href="/security-labs/into-the-weeds-how-we-run-detonate"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Into The Weeds: How We Run Detonate" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finto-the-weeds-how-we-run-detonate%2Fphoto-edited-02%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finto-the-weeds-how-we-run-detonate%2Fphoto-edited-02%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finto-the-weeds-how-we-run-detonate%2Fphoto-edited-02%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">13 June 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Into The Weeds: How We Run Detonate</h3><p class="text-sm text-zinc-400">Explore the technical implementation of the Detonate system, including sandbox creation, the supporting technology, telemetry collection, and how to blow stuff up.</p></div></a><a href="/security-labs/click-click-boom-automating-protections-testing-with-detonate"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Click, Click… Boom! Automating Protections Testing with Detonate" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fclick-click-boom-automating-protections-testing-with-detonate%2Fblog-thumb-tools-various.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fclick-click-boom-automating-protections-testing-with-detonate%2Fblog-thumb-tools-various.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fclick-click-boom-automating-protections-testing-with-detonate%2Fblog-thumb-tools-various.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">4 May 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Click, Click… Boom! Automating Protections Testing with Detonate</h3><p class="text-sm text-zinc-400">To automate this process and test our protections at scale, we built Detonate, a system that is used by security research engineers to measure the efficacy of our Elastic Security solution in an automated fashion.</p></div></a><a href="/security-labs/unpacking-icedid"><div class="flex flex-col space-4"><div class="relative w-full rounded-lg overflow-hidden"><img alt="Unpacking ICEDID" loading="lazy" width="400" height="300" decoding="async" data-nimg="1" class="object-cover" style="color:transparent" srcSet="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Funpacking-icedid%2Fphoto-edited-07%402x.jpg&w=640&q=75 1x, /security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Funpacking-icedid%2Fphoto-edited-07%402x.jpg&w=828&q=75 2x" src="/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Funpacking-icedid%2Fphoto-edited-07%402x.jpg&w=828&q=75"/><div class="absolute border border-white/50 inset-0 mix-blend-overlay rounded-lg z-10"></div></div><time class="mb-2 mt-5 eyebrow">4 May 2023</time><h3 class="font-bold leading-tight text-xl md:text-3xl mb-2">Unpacking ICEDID</h3><p class="text-sm text-zinc-400">ICEDID is known to pack its payloads using custom file formats and a custom encryption scheme. We are releasing a set of tools to automate the unpacking process and help analysts and the community respond to ICEDID.</p></div></a></div></div></main><footer class="mt-auto text-xs md:text-sm"><div class="container py-6 flex flex-col md:flex-row gap-2 md:gap-0 justify-between items-center"><div class="text-zinc-300"><nav><ul class="flex space-x-4"><li><a class="hover:text-white font-medium" href="/security-labs/sitemap.xml">Sitemap</a></li><li><a class="hover:text-white font-medium flex items-center space-x-1" href="https://elastic.co?utm_source=elastic-search-labs&utm_medium=referral&utm_campaign=search-labs&utm_content=footer"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" class="inline-block w-3 h-3"><path stroke-linecap="round" stroke-linejoin="round" d="M13.5 6H5.25A2.25 2.25 0 003 8.25v10.5A2.25 2.25 0 005.25 21h10.5A2.25 2.25 0 0018 18.75V10.5m-10.5 6L21 3m0 0h-5.25M21 3v5.25"></path></svg><span>Elastic.co</span></a></li><li><a class="hover:text-white font-medium flex items-center space-x-1" href="https://twitter.com/elasticseclabs"><svg class="w-4 h-4 inline-block w-3 h-3" viewBox="0 0 24 24"><path fill="currentColor" d="M23.954 4.569c-.885.389-1.83.653-2.825.772a4.98 4.98 0 002.187-2.746 9.955 9.955 0 01-3.157 1.204 4.98 4.98 0 00-8.49 4.54A14.128 14.128 0 011.69 3.05a4.98 4.98 0 001.54 6.638A4.94 4.94 0 011.2 8.62v.06a4.98 4.98 0 004 4.87 4.94 4.94 0 01-2.24.086 4.98 4.98 0 004.64 3.45A9.97 9.97 0 010 20.35a14.075 14.075 0 007.59 2.22c9.16 0 14.17-7.583 14.17-14.17 0-.217-.005-.434-.015-.65a10.128 10.128 0 002.485-2.58l-.001-.001z"></path></svg><span>@elasticseclabs</span></a></li></ul></nav></div><div class="flex flex-col space-y-1 text-zinc-300"><p>© <!-- -->2024<!-- -->. Elasticsearch B.V. All Rights Reserved.</p></div></div></footer></main></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/","query":{},"buildId":"kahZ-cxorFKvHlgt0NoHQ","assetPrefix":"/security-labs","nextExport":true,"autoExport":true,"isFallback":false,"scriptLoader":[]}</script></body></html>