Author
Elastic Security Labs
Articles
Beyond the wail: deconstructing the BANSHEE infostealer
The BANSHEE malware is a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets.
NETWIRE Configuration Extractor
Python script to extract the configuration from NETWIRE samples.
BLISTER Configuration Extractor
Python script to extract the configuration and payload from BLISTER samples.
BPFDoor Configuration Extractor
Configuration extractor to dump out hardcoded passwords with BPFDoor.
BPFDoor Scanner
Python script to identify hosts infected with the BPFDoor malware.
Cobalt Strike Beacon Extractor
Python script that collects Cobalt Strike memory data generated by security events from an Elasticsearch cluster, extracts the configuration from the CS beacon, and writes the data back to Elasticsearch.
EMOTET Configuration Extractor
Python script to extract the configuration from EMOTET samples.
ICEDID Configuration Extractor
Python script to extract the configuration from ICEDID samples.
PARALLAX Payload Extractor
Python script to extract the payload from PARALLAX samples.
QBOT Configuration Extractor
Python script to extract the configuration from QBOT samples.
Sneak Peek: Elastic’s 2022 Global Threat Report
Elastic Security Labs has compiled the 2022 Global Threat Report to share trends and tactics adversaries and attack groups use, as observed by our threat research team and broader user community over the past year.