Splunk Threat Research Team
Splunk Security Content for Threat Detection & Response: November Recap
Discover Splunk's November security content updates, featuring enhanced Castle RAT threat detection, UAC bypass analytics, and deeper insights for validating detections on research.splunk.com.
Behind the Walls: Techniques and Tactics in Castle RAT Client Malware
Uncover CastleRAT malware's techniques (TTPs) and learn how to build Splunk detections using MITRE ATT&CK. Protect your network from this advanced RAT.
PromptLock PoC Ransomware: Lessons and Key Takeaways
Understand Shadow AI risks, TTPs, and Splunk's security detections to counter the evolving threat of the PoC ransomware PromptLock.
Splunk Security Content for Threat Detection & Response: November 2025 Update
Learn about the latest security content from Splunk.
Crossed Swords 2025: Lessons From the Frontlines of Cyber Defense with Splunk Enterprise Security
Splunk participated in the NATO Cooperative Cyber Defense Center of Excellence cyberwarfare exercise 'Crossed Swords' by providing tooling and personnel.
Hide Me Again: The Updated Multi-Payload .NET Steganography Loader That Includes Lokibot
An analysis on the updated .NET steganography loader delivering Lokibot malware, including evasion techniques, MITRE ATT&CK TTPs, and Splunk detections to enhance threat identification.
NotDoor Insights: A Closer Look at Outlook Macros and More
The Splunk Threat Research Team breaks down the NotDoor Outlook-macro backdoor linked to APT28 and shows how to detect these stealthy techniques to strengthen security coverage.
Splunk Security Content for Threat Detection & Response: October Recap
Stay ahead with Splunk's ESCU monthly security content updates. Find new analytics & stories for threat detection, covering malware, vulnerabilities, and threat actors.
Introducing the Splunk Technology Add-on for Ollama: Illuminating Shadow AI Deployments
The Splunk Technology Add-on for Ollama shines a light on shadow AI, giving security teams full visibility and control over local LLM deployments.
The Lost Payload: MSIX Resurrection
Threat actors weaponize MSIX for malware delivery – learn about MSIX attacks, distribution, and how Splunk's MSIXBuilder helps security teams test detection safely.
Splunk Security Content for Threat Detection & Response: September Recap
Splunk's September ESCU update: New security content & analytics for robust threat detection. Covers Cisco ASA, ArcaneDoor, diverse malware, and Office365 Copilot activity.
From Prompt to Payload: LAMEHUG’s LLM-Driven Cyber Intrusion
The Splunk Threat Research Team analyzes the LAMEHUG malware, examining its tactics and techniques to provide insights that can help SOC analysts and blue teamers identify and respond.
Getting Started With Copilot Log Analysis for Security in Microsoft 365 With Splunk
Learn M365 Copilot log analysis, detect AI-specific threats like prompt injection, and leverage Splunk for robust security monitoring & compliance.
Operationalize ESCU Detections Featuring Onboarding Assistant
Master operationalizing Splunk ESCU detections in Splunk Enterprise Security using the Onboarding Assistant.
Splunk Security Content for Threat Detection & Response: August Recap
Learn about the latest security content from Splunk.
Static Tundra Analysis & CVE-2018-0171 Detection Guide
Protect your network from Static Tundra's exploitation of CVE-2018-0171 Cisco Smart Install vulnerability. Get comprehensive analysis & Splunk detection guidance.
Picture Paints a Thousand Codes: Dissecting Image-Based Steganography in a .NET (Quasar) RAT Loader
Uncover how to identify malicious executable loaders that use steganography to deliver payloads such as Quasar RAT.
Detecting Suspicious ESXi Activity Before Ransomware Happens
Learn to detect suspicious activity using Splunk, including log ingestion, common indicators, and comprehensive detection strategies for VMware ESXi environments.
