From Water to Wine: An Analysis of WINELOADER
In this blog post we'll look closely at the WINELOADER backdoor and how Splunk can be used to detect and respond to this threat.
Splunk Security Content for Threat Detection & Response: Q4 Roundup
Learn about the latest security content from Splunk.
Previous Security Content Roundups from the Splunk Threat Research Team (STRT)
Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199
The Splunk Threat Research Team examines exploit operations, analytics, hunting queries, and tips on capturing TeamCity logs.
Another Year of RATs and Trojan Stealer: Detection Commonalities and Summary
The Splunk Threat Research Team shares analysis, analytic stories and security detections for seven well-known RAT and Trojan Stealer malware families.
Enter The Gates: An Analysis of the DarkGate AutoIt Loader
The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
Unmasking the Enigma: A Historical Dive into the World of PlugX Malware
The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.
More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities
The Splunk Threat Research Team (STRT) provides a deep-dive analysis of NjRAT (or Bladabindi), a Remote Access Trojan (RAT) discovered in 2012 that's still active today.
Detect WS_FTP Server Exploitation with Splunk Attack Range
The Splunk Threat Research Team shares how they used Splunk Attack Range to develop detection content related to CVE-2023-40044.
Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT
The Splunk Threat Research Team provides a deep-dive analysis of Ave Maria RAT, also known as 'Warzone RAT.'
Amadey Threat Analysis and Detections
The Splunk Threat Research Team shares a deep-dive analysis of the Amadey Trojan Stealer, an active and prominent malware that first emerged on the cybersecurity landscape in 2018 and has maintained a persistent botnet infrastructure ever since.
Don’t Get a PaperCut: Analyzing CVE-2023-27350
The Splunk Threat Research team shares insights on the CVE-2023-27350 vulnerability, proof of concept scripts, setting up Splunk logging, and detecting adversaries for secure printing.
Do Not Cross The 'RedLine' Stealer: Detections and Analysis
The Splunk Threat Research Team provides a deep dive analysis of the RedLine Stealer threat and shares valuable insights to help enable blue teamers to defend against and detect this malware variant.
Security Content from the Splunk Threat Research Team
The blog explains how STRT develops Splunk Security Content, aiding detection engineering and threat research teams to efficiently detect and respond to potential threats, using ESCU App amidst growing security incidents and system complexity.
Threat Update: AwfulShred Script Wiper
The Splunk Threat Research Team shares their findings on the Linux-targeted destructive payload AwfulShred.
These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers
The Splunk Threat Research Team explores how to detect and prevent malicious drivers and discusses Splunk Security Content available to defend against these types of attacks.
Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
In this Splunk blog post, we aim to equip defenders with the necessary tools and strategies to actively hunt down and counteract this campaign. Additionally, we will offer some resilient analytic ideas that can serve as a foundation for future threat detection and response efforts.
AsyncRAT Crusade: Detections and Defense
The Splunk Threat Research Team explores detections and defense against the Microsoft OneNote AsyncRAT malware campaign.
