Skip to main content
shared header v2
Lucid Search Bar Implementation
Push Down Banner V1 Analytics Patch, remove after implementing V2 (S9 or S10)
Global nav V2 patch, remove after adding the mobile languages fix in the codebase (S7 or S8)
Splunk Threat Research Team
Splunk Threat Research Team


The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content

Security 9 Min Read

Another Year of RATs and Trojan Stealer: Detection Commonalities and Summary

The Splunk Threat Research Team shares analysis, analytic stories and security detections for seven well-known RAT and Trojan Stealer malware families.
Security 10 Min Read

Enter The Gates: An Analysis of the DarkGate AutoIt Loader

The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
Security 8 Min Read

Unmasking the Enigma: A Historical Dive into the World of PlugX Malware

The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.
Security 12 Min Read

Previous Security Content Roundups from the Splunk Threat Research Team (STRT)

Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Security 6 Min Read

Splunk Security Content for Threat Detection & Response: Q3 Roundup

Learn about the latest security content from Splunk.
Security 10 Min Read

More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities

The Splunk Threat Research Team (STRT) provides a deep-dive analysis of NjRAT (or Bladabindi), a Remote Access Trojan (RAT) discovered in 2012 that's still active today.