Another Year of RATs and Trojan Stealer: Detection Commonalities and Summary
The Splunk Threat Research Team shares analysis, analytic stories and security detections for seven well-known RAT and Trojan Stealer malware families.
Security Insights: Jenkins CVE-2024-23897 RCE
In response to CVE-2024-23897, the Splunk Threat Research Team has developed new security detections and hunting queries to support defenders.
Security Insights: Tracking Confluence CVE-2023-22527
In response to CVE-2023-22527, the Splunk Threat Research Team has developed new security detections to support defenders.
Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE
The Splunk Threat Research Team has swiftly developed Splunk analytics and hunting queries, helping defenders quickly adapt and respond to emerging threats CVE-2023-46804 and CVE-2024-21887.
Enter The Gates: An Analysis of the DarkGate AutoIt Loader
The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
Ghost in the Web Shell: Introducing ShellSweep
Splunk introduces ShellSweep, a suite of utilities designed to detect and combat malicious web shells in servers.
Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors
Discover insights from the Splunk Threat Research Team on Microsoft 365 threat detection, focusing on data source analysis and effective methods for hunting initial access threats.
Deploy, Test, Monitor: Mastering Microsoft Defender ASR with Atomic Techniques in Splunk
Explore Microsoft Defender ASR's role in cybersecurity with Splunk and learn deployment, testing, and monitoring strategies for robust defense.
Unmasking the Enigma: A Historical Dive into the World of PlugX Malware
The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.
Take a SIP: A Refreshing Look at Subject Interface Packages
Splunker Michael Haag dives into Subject Interface Packages (SIPs) and their role in Windows security, exploring how SIPs can be exploited by malicious actors to bypass security measures and sign malicious code.
More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities
The Splunk Threat Research Team (STRT) provides a deep-dive analysis of NjRAT (or Bladabindi), a Remote Access Trojan (RAT) discovered in 2012 that's still active today.
Detect WS_FTP Server Exploitation with Splunk Attack Range
The Splunk Threat Research Team shares how they used Splunk Attack Range to develop detection content related to CVE-2023-40044.
Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT
The Splunk Threat Research Team provides a deep-dive analysis of Ave Maria RAT, also known as 'Warzone RAT.'
Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Sharing is Not Caring: Hunting for Network Share Discovery
This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.
Amadey Threat Analysis and Detections
The Splunk Threat Research Team shares a deep-dive analysis of the Amadey Trojan Stealer, an active and prominent malware that first emerged on the cybersecurity landscape in 2018 and has maintained a persistent botnet infrastructure ever since.
Don’t Get a PaperCut: Analyzing CVE-2023-27350
The Splunk Threat Research team shares insights on the CVE-2023-27350 vulnerability, proof of concept scripts, setting up Splunk logging, and detecting adversaries for secure printing.
Do Not Cross The 'RedLine' Stealer: Detections and Analysis
The Splunk Threat Research Team provides a deep dive analysis of the RedLine Stealer threat and shares valuable insights to help enable blue teamers to defend against and detect this malware variant.
