Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

NotDoor Insights: A Closer Look at Outlook Macros and More
Security
10 Minute Read

NotDoor Insights: A Closer Look at Outlook Macros and More

The Splunk Threat Research Team breaks down the NotDoor Outlook-macro backdoor linked to APT28 and shows how to detect these stealthy techniques to strengthen security coverage.
Hide Me Again: The Updated Multi-Payload .NET Steganography Loader That Includes Lokibot
Security
10 Minute Read

Hide Me Again: The Updated Multi-Payload .NET Steganography Loader That Includes Lokibot

An analysis on the updated .NET steganography loader delivering Lokibot malware, including evasion techniques, MITRE ATT&CK TTPs, and Splunk detections to enhance threat identification.
Splunk Security Content for Threat Detection & Response: October Recap
Security
3 Minute Read

Splunk Security Content for Threat Detection & Response: October Recap

Stay ahead with Splunk's ESCU monthly security content updates. Find new analytics & stories for threat detection, covering malware, vulnerabilities, and threat actors.
Introducing the Splunk Technology Add-on for Ollama: Illuminating Shadow AI Deployments
Artificial Intelligence
8 Minute Read

Introducing the Splunk Technology Add-on for Ollama: Illuminating Shadow AI Deployments

The Splunk Technology Add-on for Ollama shines a light on shadow AI, giving security teams full visibility and control over local LLM deployments.
The Lost Payload: MSIX Resurrection
Security
13 Minute Read

The Lost Payload: MSIX Resurrection

Threat actors weaponize MSIX for malware delivery – learn about MSIX attacks, distribution, and how Splunk's MSIXBuilder helps security teams test detection safely.
Splunk Security Content for Threat Detection & Response: September Recap
Security
2 Minute Read

Splunk Security Content for Threat Detection & Response: September Recap

Splunk's September ESCU update: New security content & analytics for robust threat detection. Covers Cisco ASA, ArcaneDoor, diverse malware, and Office365 Copilot activity.