Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT
Security
8 Minute Read

Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT

The Splunk Threat Research Team provides a deep-dive analysis of Ave Maria RAT, also known as 'Warzone RAT.'
Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
Security
9 Minute Read

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Sharing is Not Caring: Hunting for Network Share Discovery
Security
9 Minute Read

Sharing is Not Caring: Hunting for Network Share Discovery

This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.
Amadey Threat Analysis and Detections
Security
8 Minute Read

Amadey Threat Analysis and Detections

The Splunk Threat Research Team shares a deep-dive analysis of the Amadey Trojan Stealer, an active and prominent malware that first emerged on the cybersecurity landscape in 2018 and has maintained a persistent botnet infrastructure ever since.
Don’t Get a PaperCut: Analyzing CVE-2023-27350
Security
9 Minute Read

Don’t Get a PaperCut: Analyzing CVE-2023-27350

The Splunk Threat Research team shares insights on the CVE-2023-27350 vulnerability, proof of concept scripts, setting up Splunk logging, and detecting adversaries for secure printing.
Do Not Cross The 'RedLine' Stealer: Detections and Analysis
Security
11 Minute Read

Do Not Cross The 'RedLine' Stealer: Detections and Analysis

The Splunk Threat Research Team provides a deep dive analysis of the RedLine Stealer threat and shares valuable insights to help enable blue teamers to defend against and detect this malware variant.