Skip to main content
false
Splunk Blogs
Splunk Blogs
Splunk Blogs
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 5 Min Read

STRT-TA03 CPE - Destructive Software
The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone
Security 13 Min Read

You Bet Your Lsass: Hunting LSASS Access
Dive in as the Splunk Threat Research Team shares how Mimikatz, and a few other tools found in Atomic Red Team, access credentials via LSASS memory.
Security 4 Min Read

Threat Update: CaddyWiper
Get a breakdown of the features of the new malicious payload used against Ukraine, CaddyWiper.
Security 6 Min Read

Living Off The Land: Threat Research February 2022 Release
In this February 2022 release, the Splunk Threat Research Team (STRT) focused on comparing currently created living off the land security content with Sigma and the LOLBas project.
Security 5 Min Read

Threat Update DoubleZero Destructor
The Splunk Threat Research Team shares a closer look at a new malicious payload named DoubleZero Destructor (CERT-UA #4243).
Security 9 Min Read

Detecting HermeticWiper
Detecting HermeticWiper destructive software and ransomware decoy with Splunk.
Security 6 Min Read

Linux Persistence and Privilege Escalation: Threat Research January 2022 Release
In this January 2022 release, The Splunk Threat Research (STRT) team focused on the recently released Sysmon for Linux technology addition to Splunk.
Security 10 Min Read

Deep Dive on Persistence, Privilege Escalation Technique and Detection in Linux Platform
Deep dive with the Splunk Threat Research Team on Linux Privilege Escalation and Linux Persistence Techniques.
Security 11 Min Read

Threat Advisory: STRT-TA02 - Destructive Software
The focus of this threat advisory is on a recently reported destructive payload by Microsoft MSTIC under the name of WhisperGate. We break down the different components and functions of how this payload works and provide a series of detections to mitigate and defend against this threat.
Security 9 Min Read

Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Start detection against behaviors and TTPs from a Remcos loader that utilizes DynamicWrapperX (dynwrapx.dll) to execute shellcode and inject Remcos RAT into the target process.
Security 13 Min Read

Simulating, Detecting, and Responding to Log4Shell with Splunk
Splunk Threat Research Team simulated the Log4j vulnerabilities in the Splunk Attack Range. Using the data collected, we developed 13 new detections and 9 playbooks to help Splunk SOAR customers investigate and respond to this threat.
Security 12 Min Read

Active Directory Lateral Movement Detection: Threat Research Release, November 2021

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments.
Security 5 Min Read

Securing DevSecOps - Threat Research Release October 2021

Learn how you can secure your development security operations with pre-built and tested Splunk detections and automated playbooks.
Security 7 Min Read

Detecting Remcos Tool Used by FIN7 with Splunk
The following is a walkthrough of Remcos executed via Attack Range Local. We will go over some of the multiple and intrusive operations this remote access tool can execute at compromised hosts.
Security 8 Min Read

FIN7 Tools Resurface in the Field – Splinter or Copycat?
The Splunk Threat Research team addresses the two tools used by the well-organized and highly-skilled criminal group FIN7 — JSS Loader and Remcos.
Security 12 Min Read

Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID is a trojan that has been used in recent malicious campaigns and with new defense bypass methods.
Security 15 Min Read

Active Directory Discovery Detection: Threat Research Release, September 2021

In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.
Security 6 Min Read

Investigating GSuite Phishing Attacks with Splunk
Splunk Threat Research Team (STRT) recently observed a phishing campaign using GSuite Drive file-sharing as a phishing vector. Learn more and deploy detections to prevent them in your environment.
CONTACT SPLUNK
CONTACT SPLUNK
USER REVIEWS
USER REVIEWS
SPLUNK MOBILE
Download Splunk Mobile on the apple app store
Download Splunk Mobile on the Google Play store
Legal
Patents
Privacy
Sitemap
Website Terms of Use

© 2005 - 2024 Splunk LLC All rights reserved.