SURGe's initial technical guidance provides blue teams with a starting place to investigate a high-profile attack.
Using Splunk and JA3/s hashes to detect malicious activity on critical servers